RV110W + IPv6 Webserver Inbound access
Model : RV110W Firmware : 1.2.0.9
Hi!
I'm studying the RV110W IPv6 Firewall in the context of a long IPv6 study / Blog post ( 30+ posts yet ).
The RV110W IPv6 Firewall got me totally puzzled.
I've remade all the tests, and this appears :
To allow external access to an IPv6 Web Server located on the Lan side of the RV110W, it seems that :
creating an inbound allow rule is useless and unneeded.
creating a Single Port Forwarding rule is compulsory and sufficient.
1. Can anybody confirm this ?
2. Does this IPv6 Single Port Forwarding rule actually automatically creates an ' invisible ' IPv6 Firewall allow in rule ?
3. How comes an IPv6 Firewall allow in rule is not enough ?
4. could anybody explain me this misterious sentence, from the RV110W admin guide :
" Port forwarding is not appropriate for servers on the LAN, since there is a dependency on the LAN device making an outgoing connection before incomming ports are opened. Some applications require ... ... "
What is appropriate for servers on the LAN then ? Isn't LAN the place for servers ? isn't port forwarding the historical way to make Lan servers accessible to the outside world ? This sentence seems to describe Statefull Firewall functionning, so is the sentence mistyped, and actually should be ' Port Forwarding IS appropriate for servers on the LAN, since ... " ?
Thanks for any help
PS. I also found an IPv6 Firewall ICMPv6 quirk, that I put on another thread
Hi computerone1, thank you for using our forum, my name is Luis I am part of the Small business Support community.
Well as you know Port forwarding and the Access List are different, the Port forwarding forward the port and the Access list create a rule to provide access or deny it. I this case I will recommend you to use both protocols in order provide control of the access to your server.
I hope you find this answer useful
Greetings,
Luis Arias.
Cisco Network Support Engineer.
Similar Messages
-
RV110W Blocks all inbound traffic
I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly. Anybody seen this before?
Hi David,
Please call the Small Business Support Center and speak with an engineer. The phone numbers for the support center is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport -
My RV110W works fine for ipv6 from 1 to 4 days, then stops working. A reboot fixes it, then it happens again, etc. The ipv4 is never affected. I try using ipv6.google.com and that lets me know if it's working.
This has happened since day one. I've upgraded firmware twice and now am at 1.2.0.10. I wiped the config, as recommended, but that's not the problem. I don't have some tricky custom setup.
There is no specific message to indicate what's happening. If I leave logging enabled, it fills up with page after page of:
RV110W kern.err ICMPv6 RA: ndisc_router_discovery() failed to add default route
Despite this message, I can browse to ipv6 sites with all my connected computers when it's working. Those would have Windows 7, XP, or OpenBSD, FWIW.
You might want to blame Time Warner cable, or my SB6141 modem, but I tried a Netgear N300 router for a couple weeks without a single hiccup. That points the finger at the RV110W. Since ipv4 works, I think the hardware is OK.
I don't see this bug listed when I search. Honestly, I have little hope that Cisco, or whoever, will ever fix it. If I'm missing something simple, let me know. Thanks.I forgot to mention explicitly that it's set up ipv4+ipv6 on LAN and WAN sides. DW
-
External Webserver to access CallManager
Hi,
i've heard that the Tomcat server installaed on on CUCM should not be touched to develop Webservices. So, i would take an external WebServer and buildt on that. Question:
What are the different access methods i hae?
There are the XML Objects available on IP Phones, then there is the AXL browser and there is the SDK. What shall be used for what?
May be some links to documents would be great,
Kind regards, PatrickThis (http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/devguide/6_0_1/cucm_devguide.html) lists all XML interfaces you have on Callmanager and what they do (all are XML/SOAP based webservices so you connect to the callmanager using http(s))
Then you have the CTI interfaces TAPI and JTAPI and connect to the CCM using the dedicated TCP port(s) for the protocol (see the guides http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/jtapi_dev/6_0_1/jtapi-dev.html and http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/tapi_dev/6_0_1/tapidev.html)
Finally you have applications that run on the phone (more here http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/all_models/xsi/6_0/english/programming/guide/XSIbook.html)
which can make use of the abovementioned technologies if necessary, or which can be completely separate and offer some kind of interaction with the user on the phone (whereas the other APIs are basially independent.. although you could put some information on the screen using a CTI API. Those have nothing to do with the callmanager except that you define an url to a webpage (which then returns XML that the phones understand, rather than html) on the callmanager so the phone knows what to list if you press the services button, and where to make a request when you select a service.
If you need to know more, I suggest you read through the documents I linked to.
And if you have an older Callmanager version and want to use an XML API or (J)TAPI here's the page with guides for all versions:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_programming_reference_guides_list.html -
Using server 2003 as webserver to access shared photos and videos
I have server 2003 installed on HP ML310 runs great. I have about 90gb of pics, vids on a hard drive. i want to be able to access across the WAN from home lan network. I have an ADSL connection 18mbps downstream, i also use a SMoothwall express
for security protection. I know this maybe a bit much to give info on but i need some insight. thanks how do i setup the server to be able to do this?I dont want to use it as an FTP server, I want to use it as a Webserver so when a user access the server via name or ip address and port they can just view the contents of the pics and videos and open them on the fly. I do not need upload like FTP
does just viewing not editing. I have the IIS component installed and i can acess the shared folder i setup in the IIS properties for my site which i gave a special name via LAN but not from the wan side. here is some more details:
I need some more insight on how to access the server from outside of LAN. I basically installed IIS components including FTP on my server 2003 box. I gave it a name and the server has a static IP address assigned to it. in the smoothie i assigned ports 80,
75 to the server which is 192.168.0.5 under network - incoming setting i put the required info destination ip, port etc. I know what my public IP so i tried it via mobile device with Dolphin browser by putting in
HTTP://publicipaddress:port 75 nothing comes up but when i do it internal across the LAN it works fine i can see the basic directory of the folder that is being shared under inetpub. what am i missing. is it my ATT uverse gateway that is blocking it
? I put the ATT gateway in DMZ mode ( firewall bascially turned off) im not sure if you can even do this with the ATT gateway doesnt seem to work or did i do it wrong in the smoothie ? -
Cannot start sun webserver if Access Manager component is present in magnus
We have a Oblix 7.02 installation on Solaris 9 with sun one web server 6.1. I am unable to start the web server if there is Access Manager components in magnus.conf. If I delete the Access Manager part from magnus.conf then the server starts fine but then I am unable to access Access Server Console or Access Manager. I ran the EditObjConf on a fresh obj.conf and magnus.conf but still the issue remains.
Here is the error when I try to start the web server:
Status:
[https-identityadmin.xx.com]: start failed. (2: SSL_ERROR_NO_CERTIFICATE: unable to find the certificate or key necessary for authentication)
[https-identityadmin.xx.com]: Sun ONE Web Server 6.1SP1 B12/19/2003 22:19
[https-identityadmin.xx.com]: failure: server initialization failed
Error
An error occurred during startup.
The server https-identityadmin.xx.com was not started.
Thanks.When I reinstall Access Manager I get the following error:
Press 3 to Finish or 4 to Redisplay [3] 3
SIGABRT 6 abort (generated by abort(3) routine)
si_signo [6]: ABRT
si_errno [0]:
si_code [-1]: SI_LWP [pid: 20513, uid: 2931]
stackpointer=FFBFDAF0
"process reaper" (TID:0x7087d0, sys_thread_t:0x708708, state:R, thread_t: t@49, threadID:0xff191600, stack_bottom:0xfaed0000, stack_size:0x20000) prio=5
[1] java.lang.UNIXProcess.waitForProcessExit(Native Method)
[2] java.lang.UNIXProcess.access$10(UNIXProcess.java:30)
[3] java.lang.UNIXProcess$3.run(UNIXProcess.java:74)
Exiting Thread (sys_thread_t:0xfefd1db0) : no stack
Exiting Thread (sys_thread_t:0x40a948) : no stack
"Finalizer" (TID:0x152580, sys_thread_t:0x1524b8, state:CW, thread_t: t@4, threadID:0xff190600, stack_bottom:0xfebc0000, stack_size:0x20000) prio=8
[1] java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:145)
[2] java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:167)
[3] java.lang.ref.Finalizer$FinalizerWorker$FinalizerThread.run(Finalizer.java:117)
"Reference Handler" (TID:0x150db0, sys_thread_t:0x150ce8, state:CW, thread_t: t@3, threadID:0xff190400, stack_bottom:0xfebf0000, stack_size:0x20000) prio=10
[1] java.lang.Object.wait(Object.java:417)
[2] java.lang.ref.Reference$ReferenceHandler.run(Reference.java:129)
"Signal dispatcher" (TID:0x132990, sys_thread_t:0x1328c8, state:MW, thread_t: t@2, threadID:0xff190200, stack_bottom:0xff040000, stack_size:0x20000) prio=10
"main" (TID:0x39058, sys_thread_t:0x38f90, state:R, thread_t: t@1, threadID:0xff190000, stack_bottom:0xffc00000, stack_size:0x800000) prio=5 current thread
[1] java.lang.Runtime.exitInternal(Native Method)
[2] java.lang.Runtime.exit(Runtime.java:76)
[3] java.lang.System.exit(System.java:652)
[4] com.installshield.wizard.Wizard.main(Wizard.java:135)
[5] java.lang.reflect.Method.invoke(Native Method)
[6] run.main(run.java:15)
Abort - core dumped -
Direct Access on Windows Server 2012 R2 and IPV6
I have a question about IPV6 and Direct Access in Server 2012 R2. Without using UAG is it still mandatory to have IPV6 enabled in the intranet?
Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.Hi,
DirectAccess uses IPv6 with IPsec to create a secure connection between DirectAccess client computers and the internal corporate network.
However, DirectAccess does not necessarily require connectivity to the IPv6 Internet or native IPv6 support on internal networks. Instead, it automatically configures and uses IPv6 transition technologies to tunnel IPv6 traffic across the IPv4 Internet (6to4,
Teredo, IP-HTTPS) and across your IPv4-only intranet (NAT64 or ISATAP).
For detailed information, please view the link below,
Plan the DirectAccess Infrastructure
http://technet.microsoft.com/en-us/library/jj574101.aspx
Hope this helps.
Steven Lee
TechNet Community Support -
Slow access to local WebServer using Internet Sharing
Hi,
I have a MacPro with a WLAN. Sometimes I use internet sharing to access the internet with my iPhone. When using the "Browse the Web" feature of Goodreader to access some files on my MacPro it took very long until I get a directory listing on the iPad (only a dew files and folder). The other Way aroung (using the Goodreader intergrate WebServer an access this from my desktop is quite fast.
The desktop has an IP Number 192.168.1.2 the iPad someting with 10.xx.xx.xx. Putting the into the same ip number schema (using a wieeless router) works fine in both directions.
Any idea why the server is so slow?
LeifHi,
I don't know if any of you came up with an answer to this problem, because I have the exact same problem.
I use version 5.0.01.0600 of the VPN Client. Windows Explorer hangs for a couple of seconds and then works fine for a couple of seconds and then hangs for a couple of seconds, etc. When logged on in Windows XP with a user with administrator rights this problem doesn't occur. Only when logged on with a Restricted user (Users Group) does this problem occur.
Hoping you can help,
Jeroen -
Windows 2012 R2 - Access problems to NFS shares via IPv6
Hello,
we setup some NFS shares on HNAS storage box. The connection to this storage is only possible over IPv6 network.
My server with Windows 2012 R2 has the feature 'Client for NFS' installed and a 'showmount -e servername/or IPv6 address' works. I can see all shares when i try to open the storagebox in Windows Explorer with the command "\\servername" or "\\IPv6
address", too.
My problem is, when I try to mount the share via "Map network drive" or "mount \\servername\sharename *" I get Error 53 - Network path not found.
The share is configured that every server in the IPv6 subnet could access it and it works on Unix machines, but not on Windows.
It does not matter if i set some option parameters for the "mount" command like sec=sys or anon, everytime error 53.
I don't know, if the share needs special options for Windows. I hope somebody can help.
Kind regardsHi,
here is the output of your 2 commands:
PS C:\Users\admin> get-SmbConnection
PS C:\Users\admin> get-SmbServerConfiguration
AnnounceServer : False
AsynchronousCredits : 64
AutoShareServer : True
AutoShareWorkstation : True
CachedOpenLimit : 0
AnnounceComment :
EnableDownlevelTimewarp : False
EnableLeasing : True
EnableMultiChannel : True
EnableStrictNameChecking : True
AutoDisconnectTimeout : 0
DurableHandleV2TimeoutInSeconds : 30
EnableAuthenticateUserSharing : False
EnableForcedLogoff : True
EnableOplocks : True
EnableSecuritySignature : True
ServerHidden : True
IrpStackSize : 15
KeepAliveTime : 2
MaxChannelPerSession : 32
MaxMpxCount : 50
MaxSessionPerConnection : 16384
MaxThreadsPerQueue : 20
MaxWorkItems : 1
NullSessionPipes : HydraLsPipe
NullSessionShares :
OplockBreakWait : 35
PendingClientTimeoutInSeconds : 120
RequireSecuritySignature : False
EnableSMB1Protocol : True
EnableSMB2Protocol : False
Smb2CreditsMax : 2048
Smb2CreditsMin : 128
SmbServerNameHardeningLevel : 0
TreatHostAsStableStorage : False
ValidateAliasNotCircular : True
ValidateShareScope : True
ValidateShareScopeNotAliased : True
ValidateTargetName : True
EncryptData : False
RejectUnencryptedAccess : True
I try to access the file share with Windows Explorer. When I enter \\fe08--babe-face-cafe-dead.ipv6-literal.net (just example), I can see all shares on the storage box. When I double-click the share, I want to access, where an access is definitely allowed,
it takes a while and then the error "\\fe08--babe-face-cafe-dead.ipv6-literal.net\share is not accessable. You might not have permission to use this network resource. ..." appears. Of this action a recorded the trace.
Another way I tried is to open command line an type "mount \\fe08--babe-face-cafe-dead.ipv6-literal.net\share *". After this an error 53 occurs immediately without any wait time. -
Access Manager 7.1, Webserver 7.0 and Policy Agent 2.2 Logging behaviour
Hi,
I have a cluster setup with access manager (2 instances currently). I have a single webserver running access manager policy agent which points to the access manager cluster. Everything works fine, until the Agent session times out, whereupon it can no longer log to the access manager cluster.
i.e. it attempts to write a log entry like this:
2009-04-23 15:40:10.491 Debug 7720:2e7af0 LogService: BaseService::doRequest(): Using server: https://
am.blah.com:443/amserver/loggingservice.
<logRecWrite reqid="57"><log logName="amAuthLog.webserver.blah.com.80" sid="AQIC5wM2LY4SfczdB
6jEQSaqXL52vqgWNfqxVOf2teEx+b0=@AAJTSQACMTEAAlNLAAk0OTA4MTcyMzQAAlMxAAIwMg==#"></log><logRecord><level>8
00</level><recMsg>VXNlciBtb21lcjEgd2FzIGFsbG93ZWQgYWNjZXNzIHRvIGh0dHA6Ly9lcTAwMXRtLmVxLnNlcnZlci1jb21wbG
V4LmNvbTo4MC91d2MvaW5kZXguanNwLg==</recMsg><logInfoMap><logInfo><infoKey>LoginIDSid</infoKey><infoValue>
AQIC5wM2LY4Sfcy3bA/gJl2v7ArZCHla8Bj9bRVx4P6nSN0=@AAJTSQACMTEAAlNLAAstMTAxNzc2NjM2NQACUzEAAjAx#</infoValu
e></logInfo></logInfoMap></logRecord></logRecWrite>]]></Request>
</RequestSet>
and receives an error as follows:
2009-04-23 15:40:10.631MaxDebug 7720:2e7af0 LogService: <?xml version="1.0" encoding="UTF-8" standalone=
"yes"?>
<ResponseSet vers="1.0" svcid="iplanet.webtop.service.logging" reqid="74">
<Response><![CDATA[UNAUTHORIZED]]></Response>
</ResponseSet>
Investigation in the access manager logs shows that the agent session is no longer valid. As a result, I have two questions:
1. How can I make it stop trying to log remotely ? I have this set in the AMAgent.properties: com.sun.am.log.level = all:4
2. How do I exclude agents from the default session expiry times ?
Regards,
Michael Ward.1. Set com.sun.am.policy.agents.config.audit.accesstype = LOG_NONE
2. Not sure if I understand this. Typically agent itself has to authenticate with the server and that agent session doesn't get expire anytime soon.
-Subba -
Model : RV110W Firmware : 1.2.0.9
Hi, I'm studying the RV110W IPv6 Firewall in the context of a long IPv6 study / Blog post ( 30+ posts yet ).
I've found a strange quirk in the RV110W IPv6 Firewall that I can't understand.
I've remade all the tests, and this appears :
Creating an ICMP service using Service Management ( Protocol : ICMP )
and using this service in an Access Rule, using any of these settings :
Default Outbound Policy : Allow or Deny
Action : allways allow or allways block
Service : ICMP
Connection type : Inbound or Outbound
gets the Inbound TCP IPv6 Firewall fully open, TCP packets freely flowing in and out.
As an exemple, my LAN server got all its services ( Web Server, Mail Server, ... ) useable from the outside.
Is this a bug ?
Can anybody confirm this ?
( Screenshot of two bug triggering config attached. As stated, it seems to happen whatever the rule settings )Dear Customer,
Thank you for reaching the Small Business Support Community.
Even though the firmware version 1.2.0.9 addresses some IPv6 issues, I think this is something new. I see on the ICMPb and c gif files that both access rules actions are "always allow" but you also say to try both actions, allow and deny, with no difference. In my opinion it is a bug and I suggest you, in order to confirm and provide a solution, to contact the Small Business Support Center directly to have one of our TAC engineers figure this out;
https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Please do not hesitate to reach me back if there is any further assistance I may assist you with in the meantime.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
Open firewall Ports despite DENY- ALL access rule
Hi,
See below my firewall rules.
Despite the deny all, runnning nmap from outside still reveals open ports.
name 202.1.53.41 fw1.outside.irc.com
interface GigabitEthernet0/0
nameif inside
security-level 0
ip address fw1.inside.irc.com 255.255.252.0 standby 172.16.86.219
interface GigabitEthernet0/1
nameif SSN-DMZ
security-level 0
ip address 10.20.2.1 255.255.255.0 standby 10.20.2.2
interface GigabitEthernet0/2
nameif Outside
security-level 0
ip address fw1.outside.irc.com 255.255.255.248 standby NAT-202.1.53.45
interface GigabitEthernet0/3
description Internet Access for Wireless clients on the guest network
nameif GuestInternet
security-level 0
ip address 192.168.154.2 255.255.254.0
interface Management0/0
nameif management
security-level 10
ip address 10.10.200.14 255.255.255.0 standby 10.10.200.15
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 any host WWW.IRC.COM-PRIV
access-list inside_access_in remark Deny POP3, SSH, TELNET to Deny-Host-Group 172.16.86.246/249
access-list inside_access_in extended deny object-group DENY-HOST-GROUP object-group DENY-HOST-GROUP-1 any
access-list inside_access_in remark Allow SMTP external access to Mail Servers group
access-list inside_access_in extended permit tcp object-group MAIL-GW-GROUP any eq smtp
access-list inside_access_in remark Deny Any other Users from sending mails via smtp
access-list inside_access_in extended deny tcp any any eq smtp
access-list inside_access_in extended deny ip object-group Botnet_Blacklist any
access-list inside_access_in extended deny ip any SPAM_MACHINE 255.255.255.0
access-list inside_access_in extended deny ip any host SPAMIP
access-list inside_access_in extended permit ip object-group Socialsites_Allowed object-group Facebook
access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_8 any object-group Facebook
access-list inside_access_in remark Rule to block Internal users from accessing youtube
access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_9 any object-group YoutubeIPs
access-list inside_access_in remark Suspected Virus Ports
access-list inside_access_in extended deny tcp any any object-group DM_INLINE_TCP_17
access-list inside_access_in remark Ports Commonly used by Botnet and Malwares
access-list inside_access_in extended deny tcp any any object-group IRC
access-list inside_access_in remark Allow Access to External DNS to ALL
access-list inside_access_in extended permit object-group DNS-GROUP object-group DNS-SERVERS object-group External_DNS_Servers
access-list inside_access_in remark Allow Any to Any on Custom TCP/UDP services
access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_12
access-list inside_access_in remark Allow Any to Any VPN Protocols group
access-list inside_access_in extended permit object-group VPN-GROUP any any
access-list inside_access_in extended permit ip any host pomttdbsvr
access-list inside_access_in remark Allow Access to DMZ from Inside
access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_10
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_5 any 10.20.2.0 255.255.255.0
access-list inside_access_in extended permit tcp any any eq pop3
access-list inside_access_in extended permit object-group Web-Access-Group any any
access-list inside_access_in remark DNS RATING SERVICE FOR BLUECOAT SG510 PROXY
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_4 eq www inactive
access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group DM_INLINE_TCP_3
access-list inside_access_in remark Yahoo Messenger Test
access-list inside_access_in extended permit tcp any any object-group YahooMessenger
access-list inside_access_in extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
access-list inside_access_in extended permit tcp any any object-group smile
access-list inside_access_in extended permit udp any host smile.telinet.com.pg object-group smile-udp
access-list inside_access_in remark testing access for mobile phones behind wireless router
access-list inside_access_in extended permit ip host Wireless-Router any inactive
access-list inside_access_in extended permit tcp any any object-group FTP-Service-Group inactive
access-list inside_access_in extended permit ip host mailgate.irc.com any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_2 any object-group NTP
access-list inside_access_in extended permit tcp any any object-group web-email-services
access-list inside_access_in remark Murray PC
access-list inside_access_in extended permit ip host 10.100.20.36 any
access-list inside_access_in extended permit tcp any any object-group Itec-Citrix
access-list inside_access_in extended permit ip host EP200 any
access-list inside_access_in extended permit tcp any any object-group TCP-SMTP
access-list inside_access_in extended permit tcp any host 202.165.193.134 eq 3391
access-list inside_access_in extended permit ip object-group IT-Servers any
access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_14 any inactive
access-list inside_access_in extended permit ip host 10.100.20.23 any
access-list inside_access_in extended permit tcp host NOC-NMS-CDMA host 202.165.193.134 object-group DM_INLINE_TCP_4
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_12 object-group Bluecoat-DNS-Rating eq www
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_13 any
access-list inside_access_in extended permit udp host solarwinds-server any eq snmp
access-list inside_access_in extended permit tcp host kaikai any object-group test-u inactive
access-list inside_access_in extended permit tcp any host fw1.outside.irc.com object-group TCP-88
access-list inside_access_in extended permit udp host solarwinds-server any object-group DM_INLINE_UDP_1
access-list inside_access_in extended permit ip host IN-WEB-APP-SERVER any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host KMS-Server any object-group KMS
access-list inside_access_in extended permit tcp any any object-group TeamVIewer-TCP
access-list inside_access_in extended permit icmp any any traceroute
access-list inside_access_in extended permit ip host KMS-Server any
access-list inside_access_in extended deny ip any host 87.255.51.229
access-list inside_access_in extended deny ip any host 82.165.47.44
access-list inside_access_in extended permit ip host InterConnect-BillingBox any
access-list inside_access_in extended permit icmp any host fw1.outside.irc.com
access-list inside_access_in extended permit icmp any any
access-list inside_access_in remark For ACCESS MPLS team
access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group RDP-MPLS-Huawei
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host mailgate.irc.com any eq domain
access-list inside_access_in extended permit tcp any host 66.147.244.58 object-group SMTP-26
access-list inside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any object-group Airfiji-SW
access-list inside_access_in extended permit tcp host chief.bula.irc.com any
access-list inside_access_in extended permit ip host Avabill86.181 any
access-list inside_access_in extended permit ip any object-group AVG
access-list inside_access_in extended permit ip host solarwinds-server any
access-list inside_access_in extended permit tcp host 172.16.87.219 any object-group TCP-4948
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_10 any host Avabill_Consultant_IP_Sri-Lanka
access-list inside_access_in extended permit tcp any host 69.164.201.123 eq smtp inactive
access-list inside_access_in extended permit tcp any any object-group GMAIL inactive
access-list inside_access_in extended permit tcp any any object-group NOC1
access-list inside_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
access-list inside_access_in extended permit tcp any host smile.telinet.com.fj object-group tcp-20080-30080
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group SIP-5060-5062
access-list inside_access_in extended permit ip host LYNC-2013-SERVER any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 object-group Lync_Servers any
access-list inside_access_in extended permit object-group VPN-GROUP host 10.100.20.94 any inactive
access-list inside_access_in remark Pocket Solutions -TEMP
access-list inside_access_in extended permit ip host 10.100.20.121 any
access-list inside_access_in extended permit tcp host John_sibunakau any object-group JohnTESTPort inactive
access-list inside_access_in extended permit ip host CiscoRadiusTestPC any
access-list inside_access_in extended permit ip any host HungaryServer inactive
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq ssh
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group itec-support-tcp-udp
access-list Outside_access_in remark Allow All to NAT Address on SSL/SSH/SFTP(2222)
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_9
access-list Outside_access_in remark Allow All to Outside On Fujitsu and 777-7778 ports
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_8
access-list Outside_access_in remark Allow all to Outside on Custom ports
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_7
access-list Outside_access_in remark Allow Inbound HTTP to WWW.IRC.COM
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq www
access-list Outside_access_in extended permit icmp any host fw1.outside.irc.com
access-list Outside_access_in extended permit object-group TCPUDP any host fw1.outside.irc.com object-group BrouardsGroup
access-list Outside_access_in remark Allow ALL to RealVNC ports
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group RealVNC-TCP5900
access-list Outside_access_in remark Allow ALL access to 202.1.53.43 on RealVNC ports
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group RealVNC-TCP5900
access-list Outside_access_in remark Allow DNS queries from Internet to DNS server
access-list Outside_access_in extended permit object-group TCPUDP object-group ITEC-Group-Inbound host fw1.outside.irc.com object-group itec-sftp
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_14
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host SkyTel host fw1.outside.irc.com
access-list Outside_access_in remark Telinet/Inomial temp access to test machine M.Orshansky
access-list Outside_access_in extended permit tcp host 203.92.29.151 host fw1.outside.irc.com eq 3390
access-list Outside_access_in extended permit tcp any host NAT-202.58.130.43 object-group RDP
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group ITEC-Group-Inbound host fw1.outside.telikompng.com.pg object-group INTEC-Service
access-list Outside_access_in extended permit tcp host 220.233.157.98 host fw1.outside.irc.com eq ssh inactive
access-list Outside_access_in extended permit ip any host fw1.outside.telikompng.com.pg
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group CRM
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8010-CRM
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8005-CRM
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group NTP
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group DNS
access-list Outside_access_in remark Ultra VNC connection to 172.16.84.34@nadi Exchange
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC-HTTP
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group POP3-SSL
access-list Outside_access_in extended permit object-group EMAIL-SMARTPHONES any host fw1.outside.irc.com
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group exchange-RPC
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group exchange-RPC
access-list Outside_access_in extended permit icmp any host NAT-202.1.53.43
access-list Outside_access_in remark Access to Solarwinds Management box
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group Solarwinds
access-list SSN-DMZ_access_in remark Permit DNS Quiries out of DMZ
access-list SSN-DMZ_access_in extended permit object-group TCPUDP any any eq domain
access-list SSN-DMZ_access_in remark Allow SQL ports out of DMZ to Host 172.16.86.70
access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.70 object-group SQL-Group
access-list SSN-DMZ_access_in remark Allow Custom protocols out of DMZ to host 172.16.86.27
access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.27 object-group DM_INLINE_TCP_2
access-list SSN-DMZ_access_in extended permit tcp host suva-vdc-int2.suva.irc.com host WWW.IRC.COM=PRIV eq 3389
access-list SSN-DMZ_access_in extended permit object-group Web-Access-Group host WWW.IRC.COM-PRIV any
access-list SSN-DMZ_access_in extended permit tcp any host WWW.IRC.COM.-PRIV object-group DMZ-WebAccess
access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_access any
access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_webcon any
access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_AV any
access-list inside_nat0_outbound extended permit ip any 192.168.254.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 host 10.10.200.1
access-list inside_nat0_outbound extended permit ip any host WWW.IRC.COM-PRIV
access-list inside_nat0_outbound extended permit ip host ns.irc.com any
access-list inside_nat0_outbound extended permit ip any 10.200.200.0 255.255.255.0
access-list Outside_nat0_outbound extended permit ip 192.168.254.0 255.255.255.0 any
access-list Outside_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
access-list alcatel-my remark Allow Alcatel-my access to TIRC(1)
access-list alcatel-my standard permit 172.16.24.0 255.255.252.0
access-list alcatel-my remark Allow Alcatel-my access to TIRC(2)
access-list alcatel-my standard permit 172.16.84.0 255.255.252.0
access-list 131 extended permit ip host MICHAEL any
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 mcr_Management 255.255.255.0
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_5
access-list management_access_in extended permit object-group Web-Access-Group host 10.10.200.1 any
access-list management_access_in extended permit ip host 10.10.200.1 host 172.16.87.47
access-list management_access_in extended permit ip host 10.10.200.1 host IN-WSC
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_8
access-list management_access_in extended permit tcp host 10.10.200.1 object-group DM_INLINE_NETWORK_3 eq 3389
access-list management_access_in remark To BlueCaot Appliances
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_1
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_7
access-list management_access_in extended permit tcp 10.10.200.0 255.255.255.0 object-group Management_Hosts object-group RDP
access-list management_access_in extended permit icmp host 10.10.200.1 any traceroute
access-list management_access_in extended permit ip host 10.10.200.1 host NOC-NMS-CDMA
access-list management_access_in extended permit object-group DM_INLINE_SERVICE_3 host 10.10.200.1 any
access-list management_access_in extended permit tcp host 10.10.200.1 any eq ftp
access-list management_access_in extended permit tcp host bula host 10.10.200.1 object-group RDP inactive
access-list management_access_in extended permit tcp host 10.100.20.23 host 10.10.200.1 object-group RDP
access-list management_access_in extended permit ip host 10.10.200.1 any
access-list management_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
access-list management_access_in extended permit ip any any
access-list management_access_in extended permit ip host 10.10.200.1 host bula inactive
access-list management_access_in extended permit ip any host solarwinds-server
access-list management_access_in extended permit ip host solarwinds-server any
access-list management_access_in extended permit ip object-group PacketFence-Servers 10.10.200.0 255.255.255.0
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 object-group PacketFence-Servers
access-list management_access_in extended permit ip object-group 3750-Switches host solarwinds-server
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host 10.10.200.1
access-list management_access_in extended permit ip host 10.10.200.1 10.10.200.0 255.255.255.0
access-list Outside_access_in_1 extended permit ip any any
access-list management_access_in_1 extended permit ip mcr_Management 255.255.255.0 any
access-list inside-networks remark internal tpng corporate subnetwork
access-list inside-networks standard permit 172.16.84.0 255.255.252.0
access-list inside-networks remark dms10
access-list inside-networks standard permit host 10.10.0.0
access-list 84-subnet remark 84 subnet
access-list 84-subnet standard permit 172.16.84.0 255.255.252.0
access-list 84-subnet remark 4 subnet
access-list 84-subnet standard permit inside-network-extra-subnet 255.255.252.0
access-list split-tunnel remark 84 subnet
access-list split-tunnel standard permit 172.16.84.0 255.255.252.0
access-list split-tunnel remark 4 subnet
access-list split-tunnel standard permit inside-network-extra-subnet 255.255.252.0
access-list split-tunnel remark Access to internal POP3 server
access-list split-tunnel standard permit host neptune.waigani.telikompng.com.pg
access-list split-tunnel remark Access to internal SMTP server
access-list split-tunnel standard permit host minerva.suva.irc.com
access-list split-tunnel remark Allow access to the 24 subnet
access-list split-tunnel standard permit 172.16.24.0 255.255.252.0
access-list split-tunnel standard permit Cisco-VLans 255.255.0.0
access-list inside_authentication extended permit tcp any object-group DM_INLINE_TCP_11 any object-group DM_INLINE_TCP_13 time-range WorkingHours inactive
access-list itsupport standard permit NOC 255.255.252.0
access-list itsupport standard permit 172.16.96.0 255.255.252.0
access-list itsupport standard permit 10.20.2.0 255.255.255.0
access-list itsupport standard permit 10.10.200.0 255.255.255.0
access-list itsupport standard permit 172.16.84.0 255.255.252.0
access-list itsupport standard permit inside-network-extra-subnet 255.255.252.0
access-list itsupport standard permit 10.2.1.0 255.255.255.0
access-list itsupport standard permit 172.16.88.0 255.255.252.0
access-list itsupport standard permit Cisco-VLans 255.255.0.0
access-list itsupport remark Access to IT-LAN-UPGRADE Network
access-list itsupport standard permit IT-NETWORK-NEW 255.255.0.0
access-list itsupport remark KWU Exchange subnet
access-list itsupport standard permit 172.16.188.0 255.255.252.0
access-list itsupport standard permit ATM-Network 255.255.0.0
access-list global_mpc extended permit ip any any
access-list management_nat0_outbound extended permit ip any inside-network-extra-subnet 255.255.252.0 inactive
access-list management_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
access-list management_nat0_outbound extended permit ip any object-group DM_INLINE_NETWORK_9
access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group Management_Hosts
access-list management_nat0_outbound extended permit ip any 172.16.84.0 255.255.252.0
access-list management_nat0_outbound extended permit ip any MCR_POM 255.255.255.0
access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_10
access-list management_nat0_outbound extended permit ip any Cisco-VLans 255.255.0.0
access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_15
access-list Capture extended permit ip any host 192.118.82.140
access-list Capture extended permit ip host 192.118.82.140 any
access-list Capture extended permit ip host 192.118.82.160 any
access-list Capture extended permit ip any host 192.118.82.160
a
access-list inside-network-access-only remark Allow Maggie Talig access to the 84 subnet only
access-list inside-network-access-only standard permit 172.16.84.0 255.255.252.0
access-list inside-network-access-only remark Allow Maggie Talig access to the 4 subnet only
access-list inside-network-access-only standard permit inside-network-extra-subnet 255.255.252.0
access-list SSN-DMZ_nat0_outbound extended permit ip host WWW.IRC.COM-PRIV object-group Internal-Networks
access-list inside_nat0_outbound_1 extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
access-list NETFLOW extended permit tcp any any
access-list NETFLOW extended permit object-group DNS-GROUP any host fw1.outside.irc.com
access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_6 any host fw1.outside.irc.com
access-list NETFLOW extended permit udp any host fw1.outside.irc.com
access-list NETFLOW extended permit tcp any host fw1.outside.irc.com eq smtp
access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_5
access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group TCP-8080
access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_4 any host NAT-202.58.130.43
access-list NETFLOW remark Reverse Proxy Inbound Rules from Internet- Lync 2013 Project - Lync Simple URLs
access-list NETFLOW extended permit tcp any host 202.58.130.69 object-group DM_INLINE_TCP_6
access-list NETFLOW remark Lync Edge Access Inbound Rule - Restricting Inbound
access-list NETFLOW extended permit object-group pomlynedsvr01_access_Outside_to_DMZ any host 202.58.130.66
access-list NETFLOW remark Lync Edge Outside to Inside for AV Interface
access-list NETFLOW extended permit object-group pomlynedsvr01_webcon_outside_to_DMZ any host 202.58.130.67
access-list NETFLOW extended permit object-group pomlynedsvr01_AV_Outside_to_DMZ any host 202.58.130.68
access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_11 any host NAT-fijiircdata
access-list NETFLOW extended deny ip host SPAMIP any
access-list NETFLOW extended deny ip SPAM_MACHINE 255.255.255.0 any
access-list NETFLOW extended deny ip host 220.233.157.99 any log debugging
access-list Huawei-Access-Networks remark HUawei-Network-Elements
access-list Huawei-Access-Networks standard permit 192.168.200.0 255.255.255.0
access-list Huawei-Access-Networks remark Access to Ela Beach MPLS network
access-list Huawei-Access-Networks standard permit 10.100.70.0 255.255.255.0
access-list Huawei-Access-Networks remark Huawei Network elements
access-list Huawei-Access-Networks standard permit 192.168.210.0 255.255.255.0
access-list Huawei-Access-Networks remark Huawei network elements
access-list Huawei-Access-Networks standard permit 192.168.213.0 255.255.255.0
access-list management_nat0_outbound_1 extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
access-list Alcatel-NMS-ACL remark Access allowed to Alcatel NMS devices in NOC
access-list Alcatel-NMS-ACL standard permit 10.2.1.0 255.255.255.0
access-list Business-Systems-Access remark Mail Server 1
access-list Business-Systems-Access standard permit host neptune.waigani.telikompng.com.pg
access-list Business-Systems-Access remark Mail Server 2
access-list Business-Systems-Access standard permit host minerva.waigani.telikompng.com.pg
access-list Business-Systems-Access remark SAP PROD
access-list Business-Systems-Access standard permit host SAP-SAPPROD
access-list Business-Systems-Access remark Avabill Application Server
access-list Business-Systems-Access standard permit host Avabill86.177
access-list Business-Systems-Access remark Backup Avabill Application Server
access-list Business-Systems-Access standard permit host Avabill84.170
access-list Business-Systems-Access remark HRSelfcare
access-list Business-Systems-Access standard permit host HOST-172.16.86.248
access-list Business-Systems-Access remark Intranet Server
access-list Business-Systems-Access standard permit host 172.16.85.32
access-list IT-Systems-Support remark Access to inside network
access-list IT-Systems-Support standard permit 172.16.84.0 255.255.252.0
access-list IT-Systems-Support remark Access to IN netwwork
access-list IT-Systems-Support standard permit 172.16.88.0 255.255.252.0
access-list IT-Systems-Support standard permit Cisco-VLans 255.255.0.0
access-list Systems-XS remark Access to 84 subnet
access-list Systems-XS standard permit 172.16.84.0 255.255.252.0
access-list Systems-XS remark Access to .4 subnet
access-list Systems-XS standard permit inside-network-extra-subnet 255.255.252.0
access-list Systems-XS remark Access to 10.100.x.x/24
access-list Systems-XS standard permit Cisco-VLans 255.255.0.0
access-list Huawei-NOC standard permit 172.16.84.0 255.255.252.0
access-list Huawei-NOC standard permit Cisco-VLans 255.255.0.0
access-list Huawei-NOC standard permit HASUT 255.255.255.0
access-list Huawei-NOC standard permit IT-NETWORK-NEW 255.255.0.0
access-list efdata remark Allow efdata access to above device as per request by chris mkao
access-list efdata standard permit 172.16.92.0 255.255.252.0
access-list test standard permit 172.16.92.0 255.255.252.0
access-list Ghu_ES_LAN remark Allow efdata access to fij ES LAN
access-list Ghu_ES_LAN extended permit ip any 172.16.92.0 255.255.252.0
access-list GuestInternet_access_in extended permit ip any any
global (inside) 1 interface
global (SSN-DMZ) 1 interface
global (Outside) 1 interface
global (management) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 0 access-list inside_nat0_outbound_1 outside
nat (inside) 1 0.0.0.0 0.0.0.0
nat (SSN-DMZ) 0 access-list SSN-DMZ_nat0_outbound
nat (SSN-DMZ) 1 WWW.IRC.COM-PRIV 255.255.255.255
nat (Outside) 0 access-list Outside_nat0_outbound
nat (GuestInternet) 1 0.0.0.0 0.0.0.0
nat (management) 0 access-list management_nat0_outbound
nat (management) 0 access-list management_nat0_outbound_1 outside
nat (management) 1 10.10.200.1 255.255.255.255
static (inside,Outside) tcp interface 10103 mailgate.irc.com 10103 netmask 255.255.255.255
static (SSN-DMZ,Outside) tcp interface www WWW.IRC.COM-PRIV www netmask 255.255.255.255
static (inside,Outside) tcp interface smtp mailgate.irc.com smtp netmask 255.255.255.255
static (inside,Outside) tcp interface telnet HOST-172.16.84.144 telnet netmask 255.255.255.255
static (inside,Outside) tcp interface pcanywhere-data HOST-192.168.1.14 pcanywhere-data netmask 255.255.255.255
static (inside,Outside) udp interface pcanywhere-status HOST-192.168.1.14 pcanywhere-status netmask 255.255.255.255
static (inside,Outside) tcp interface ssh InterConnect-BillingBox ssh netmask 255.255.255.255
static (inside,Outside) udp interface ntp confusious.suva.irc.com ntp netmask 255.255.255.255
static (inside,Outside) tcp interface 10002 HOST-172.16.200.121 10002 netmask 255.255.255.255
static (inside,Outside) tcp interface 10003 HOST-172.16.200.122 10003 netmask 255.255.255.255
static (inside,Outside) tcp interface 10004 HOST-172.16.41.26 10004 netmask 255.255.255.255
static (inside,Outside) tcp interface 10005 HOST-172.16.41.27 10005 netmask 255.255.255.255
static (inside,Outside) tcp interface https Avabill86.181 https netmask 255.255.255.255
static (inside,Outside) tcp interface 7778 Avabill86.181 7778 netmask 255.255.255.255
static (inside,Outside) tcp interface 8080 Avabill86.181 8080 netmask 255.255.255.255
static (inside,Outside) tcp interface 7777 Avabill86.181 7777 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.45 https Avabill86.177 https netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 2222 daywalker.suva.irc.com 2222 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 ftp waigani-pdc-int2.suva.irc.com ftp netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 www neptune.suva.irc.com www netmask 255.255.255.255
static (inside,Outside) tcp interface 5900 Primary1352CM 5900 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 5900 Backup1352CM 5900 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 https neptune.suva.irc.com https netmask 255.255.255.255
static (inside,Outside) tcp interface 24 HOST-172.16.86.87 24 netmask 255.255.255.255
static (inside,Outside) udp interface domain ns.irc.com domain netmask 255.255.255.255
static (inside,Outside) tcp interface pop3 neptune.suva.irc.com pop3 netmask 255.255.255.255
static (inside,Outside) tcp interface 7780 Apache-WebServer 7780 netmask 255.255.255.255
static (inside,Outside) tcp interface 8000 CRM-SERVER2 8000 netmask 255.255.255.255
static (inside,Outside) tcp interface 8010 CRM-SERVER4 8010 netmask 255.255.255.255
static (inside,Outside) tcp interface 8005 CRM-SERVER3 8005 netmask 255.255.255.255
static (inside,Outside) tcp interface 123 confusious.suva.irc.com 123 netmask 255.255.255.255
static (inside,Outside) tcp interface imap4 neptune.suva.irc.com imap4 netmask 255.255.255.255
static (inside,Outside) tcp interface domain ns.irc.com domain netmask 255.255.255.255
static (inside,Outside) tcp interface ftp telitgate.irc.com ftp netmask 255.255.255.255
static (inside,Outside) tcp interface 5901 uvnc-server 5901 netmask 255.255.255.255
static (inside,Outside) tcp interface 5801 uvnc-server 5801 netmask 255.255.255.255
static (inside,Outside) tcp interface 5902 172.16.84.200 5902 netmask 255.255.255.255
static (inside,Outside) tcp interface 5802 172.16.84.200 5802 netmask 255.255.255.255
static (inside,Outside) tcp interface 995 neptune.suva.irc.com 995 netmask 255.255.255.255
static (inside,Outside) tcp interface 993 neptune.suva.irc.com 993 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 6001 neptune.suva.irc.com 6001 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 6002 neptune.suva.irc.com 6002 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 6004 neptune.suva.irc.com 6004 netmask 255.255.255.255
static (inside,Outside) tcp interface 6001 minerva.suva.irc.com 6001 netmask 255.255.255.255
static (inside,Outside) tcp interface 6002 minerva.suva.irc.com 6002 netmask 255.255.255.255
static (inside,Outside) tcp interface 6004 minerva.suva.irc.com 6004 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 8720 solarwinds-server 8720 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 9000 solarwinds-server 9000 netmask 255.255.255.255
static (inside,Outside) tcp interface 2055 solarwinds-server 2055 netmask 255.255.255.255
static (inside,Outside) tcp interface 88 A-10.100.20.250 88 netmask 255.255.255.255
static (inside,Outside) tcp interface 10000 ns.irc.com 10000 netmask 255.255.255.255
static (inside,Outside) udp Ext-R2-Outside-Interface 2055 solarwinds-server 2055 netmask 255.255.255.255
static (inside,Outside) udp Ext-R2-Outside-Interface snmp solarwinds-server snmp netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 135 neptune.suva.irc.com 135 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 3389 BT-DesktopPC 3389 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.65 www IN-WSC www netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.65 https IN-WSC https netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 ssh Avabill86.176 ssh netmask 255.255.255.255
static (Outside,inside) tcp 10.100.20.36 5432 smile.telinet.com.pg 5432 netmask 255.255.255.255
static (inside,Outside) tcp interface 222 chief.suva.irc.com ssh netmask 255.255.255.255
static (inside,Outside) tcp interface 5061 LYNC-2013-SERVER 5061 netmask 255.255.255.255
static (inside,Outside) tcp interface 5432 10.100.20.36 5432 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 182 dadbsvr www netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.69 pomlynrprx01 netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.66 pomlynedsvr01_access netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.67 pomlynedsvr01_webcon netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.68 pomlynedsvr01_AV netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group SSN-DMZ_access_in in interface SSN-DMZ
access-group Outside_access_in_1 in interface Outside control-plane
access-group NETFLOW in interface Outside
access-group GuestInternet_access_in in interface GuestInternet
access-group management_access_in_1 in interface management control-plane
access-group management_access_in in interface management
route Outside 0.0.0.0 0.0.0.0 Ext-R1-Inside-Interface 1
route inside 10.2.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.8.0.0 255.255.255.0 VPNGATE 1
route inside 10.9.254.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.2.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.3.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.4.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.5.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.10.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.15.100.0 255.255.255.0 fw1.outside.irc.com 1
route inside Cisco-VLans 255.255.0.0 Cisco7200 1
route inside VLan20-2F 255.255.255.0 Cisco7200 1
route inside 10.100.67.0 255.255.255.0 IPVPN-Router 1
route inside 10.100.74.0 255.255.255.0 172.16.86.0 1
route inside 10.100.75.0 255.255.255.0 172.16.86.0 1
route inside 10.100.76.0 255.255.255.0 172.16.86.0 1
route inside LAE 255.255.255.0 172.16.86.0 1
route inside 10.100.91.0 255.255.255.0 172.16.86.0 1
route inside 10.100.110.0 255.255.255.0 172.16.86.0 1
route inside 10.100.111.0 255.255.255.0 172.16.86.0 1
route inside 10.100.114.0 255.255.255.0 172.16.86.0 1
route inside 10.200.200.0 255.255.255.0 Cisco7200 1
route inside A-10.250.0.0 255.255.0.0 Cisco7200 1
route inside 10.254.2.0 255.255.255.252 IPVPN-Router 1
route inside 11.11.3.0 255.255.255.0 172.16.86.0 1
route inside 11.11.4.0 255.255.255.0 172.16.86.0 1
route inside 11.11.8.0 255.255.255.0 172.16.86.0 1
route inside 11.11.9.0 255.255.255.0 172.16.86.0 1
route inside 20.200.200.0 255.255.255.0 172.16.86.17 1
route inside inside-network-extra-subnet 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.8.0 255.255.252.0 Cisco7200 1
route inside 172.16.12.0 255.255.252.0 172.16.86.197 1
route inside 172.16.24.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside NOC 255.255.252.0 172.16.87.187 1
route inside 172.16.48.0 255.255.252.0 172.16.84.41 1
route inside 172.16.52.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.56.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.60.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.64.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.68.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.72.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.76.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.80.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.84.185 255.255.255.255 172.16.86.217 1
route inside CRM-SERVER1 255.255.255.255 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.88.0 255.255.252.0 Cisco7200 1
route inside 172.16.92.0 255.255.252.0 Cisco7200 1
route inside 172.16.96.0 255.255.252.0 172.16.87.172 1
route inside 172.16.104.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.108.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.112.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.120.0 255.255.252.0 TFIJIG-CORE-INT-ROUTER 1
route inside 172.16.124.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.128.0 255.255.252.0 172.16.86.185 1
route inside 172.16.132.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.136.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.140.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.144.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.148.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.152.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.156.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.160.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.164.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.168.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.172.0 255.255.252.0 172.16.87.172 1
route inside 172.16.180.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.184.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.188.0 255.255.252.0 172.16.86.85 1
route inside 172.16.188.0 255.255.252.0 Cisco7200 1
route inside 172.16.192.0 255.255.252.0 172.16.86.194 1
route inside 172.16.200.0 255.255.252.0 172.16.87.11 1
route inside 172.16.204.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.208.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.212.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.220.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.224.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.236.0 255.255.252.0 172.16.87.254 1
route inside 172.16.240.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.248.0 255.255.252.0 IPVPN-Router 1
route inside 172.17.84.0 255.255.255.224 IPVPN-Router 1
route inside 172.18.252.0 255.255.252.0 172.16.84.15 1
route inside 172.20.0.0 255.255.252.0 172.16.87.11 1
route management 172.20.1.32 255.255.255.240 10.10.200.18 1
route inside 192.167.5.0 255.255.255.0 172.16.86.42 1
route inside 192.168.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.1.0 255.255.255.0 HOST-172.16.84.144 1
route inside 192.168.1.96 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.1.128 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.2.0 255.255.255.0 172.16.87.192 1
route inside 192.168.5.0 255.255.255.0 HOST-172.16.84.144 1
route inside 192.168.11.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.150.0 255.255.255.0 IPVPN-Router 1
route inside 192.168.200.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.201.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.202.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.210.0 255.255.255.0 Cisco7200 1
route inside 192.168.213.0 255.255.255.0 Cisco7200 1
route inside 192.168.254.0 255.255.255.0 fw1.outside.irc.com 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
class-map inspection_default
match default-inspection-traffic
class-map flow_export_class
match access-list global_mpc
policy-map global_policy
class inspection_default
inspect dns
inspect esmtp
inspect h323 h225
inspect h323 ras
inspect icmp error
inspect ipsec-pass-thru
inspect mgcp
inspect rsh
inspect sip
inspect skinny
inspect snmp
inspect tftp
inspect ftp strict
inspect icmp
class flow_export_class
flow-export event-type all destination solarwinds-server
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
service-policy global_policy global
smtp-server 172.16.86.16
prompt hostname context
Cryptochecksum:24270eebd6c941fb7b302b034e32bba1
: endHi,
NMAP gives the report for the first firewall interface it hits. In your case you have allowed tcp any any where it allows all the ports. I have mentioned only one example.... There are many in your case....
Also NMAP results will be effective once when you directly connect to outside interface or directly on to the outside LAN.
Regards
Karthik -
DirectAccess Client IPv6 Prefix problems
I've been deploying DirectAccess and have created a mixed IPv6 and IPv4 infrastructure on the internal side. The external side is IPv4.
In a single server installation I have got inbound access and manage out access working perfectly...
When I introduce another node for load balancing the new node doesn't get a different client IPv6 Prefix so the entire load-balanced cluster uses the same Client IPv6 prefix - this means I can't route manage out traffic, or even return traffic correctly.
This is using IP-HTTPS. The external network scope is 172.28.242.0/24 and there is a Citrix Netscaler to load balance the inbound traffic. The internal network scope, IPv4 172.28.246.0/24 and the IPv6 is fd11:1:1:246::/64, the next hop on the IPv6 network
is fd11:1:1:246::1 which is a Cisco ASA and that routes off to the network quite happily.
If each node in the cluster had a different client IPv6 prefix then manage out/return traffic would be very simple to organise.
Does any one know how to make each node have different client IPv6 prefixes?Hi Ryan,
According to your description, you are using the DirectAccess with external loadbalancer.
Here is a article about how to configure a load-balanced DirectAccess cluster.
Step 3: Configure a Load-Balanced Cluster
http://technet.microsoft.com/en-us/library/jj134209.aspx#BKMK_Prefix
Besides, here is a article about planning a Load-Balanced Cluster Deployment.
Plan a Load-Balanced Cluster Deployment
http://technet.microsoft.com/en-us/library/jj134166.aspx
Best Regards.
Steven Lee
TechNet Community Support -
JetPack 4G LTE connects but "no internet access" message
Would appreciate any help.
My JetPack 4G LTE mi-fi connects to the internet (3G or 4G) and shows that my devices are connected to it. However, I cannot get on the internet.
1) I have three different devices - two laptops and a smartphone. All three have the same problem.
2) I have a Sprint Mi-Fi that I use for a different business. All three devices can and do connect to that device and work properly on the internet during the same sessions in which they cannot connect on the Verizon JetPack. So it is not the devices I am trying to connect with.
3) The exact same thing has happened several times over the course of about 4 days and in two cities and two states - all three devices unable to connect via JetPack but connect fine through Sprint Mi-Fi. So it is not location or local network issue.
4) LED display on JetPack, in all instances, show a strong 3G or 4G (depending on where I am) signal and also that all three devices are connected.
5) Message on laptop wireless area shows connection but says "no internet access".
6) Under the wireless status or details, it says (on the list of info): "IPv4 no internet access" and "IPv6 no internet access".
7) I have done a battery pull with no effect.
8) I have done a factory reset (power up, remove cover, press reset button until long green light and short green light) with no effect.
9) After both battery pull and factory reset, I still show connected to 3G, all three devices connected, no internet access, and all three devices then work on the Sprint mi-fi.
10) Symptoms started about 4 days ago and have not changed since - it is not a come-and-go problem. It is not working at any time.
I am hoping to gosh to avoid a long ordeal with tech-support at Verizon. This is a company-issued device, so I could ask my company to take it up with Verizon, but I work remotely and access to the IT department is not that simple either. thought I would see if I am missing something simple. I hope I've given enough info for someone brighter than myself here can spot something I could do.
Thanks in advance for any help.Thank you for your response. I am having trouble logging back into this site to respond (I never created a User ID and don't know my cell phone number as it is a mi-fi and not a cell). I reregisterd for the forums only under a slight ID variation and will continue to do so for this dialog. Thanks very much.
The back of the Jetpack says SSID: "MiFI4620L Jetpack 89B4". I am currently using the device (since the problems began last week) in zip codes 49504 and 49503 - same symptom both places.
Thanks again. -
VPN Access to an IP that can be accessed via EIGRP
I have a question. I have a VPN that sits on the external interface using the IP of 10.5.79.X/20. I have a production network connected to a corporate network using MPLS and EIGRP to share the routes. The production network can access the corporate network, but the the VPN users can't. I need to be able to access anything on that network which is mainly a 172.18.0.0 summarized by EIGRP network. I had this working before, but can't get it working again about my Firewall dumped on me.
ASA Version 8.4(2)
hostname hp-asa-5510-DR
enable password 1qF1n5PuI7A.2DV. encrypted
passwd 1qF1n5PuI7A.2DV. encrypted
names
dns-guard
interface Ethernet0/0
speed 100
duplex full
nameif external
security-level 0
ip address *142.189.26 255.255.255.252
interface Ethernet0/1
nameif internal
security-level 100
ip address 10.5.64.6 255.255.240.0
interface Ethernet0/1.1
vlan 2
nameif Guest
security-level 90
ip address 192.168.3.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa842-k8.bin
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup external
dns domain-lookup internal
dns server-group DefaultDNS
name-server 208.67.222.222
dns server-group Guest
name-server 10.5.64.197
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-10.5.65.239
host 10.5.65.239
object network obj-10.5.65.253
host 10.5.65.253
object network obj-10.5.65.42
host 10.5.65.42
object network obj-10.5.65.219
host 10.5.65.219
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Cegedim
subnet 10.5.250.0 255.255.255.248
description dendrite site to site VPN
object network dfb
subnet 10.5.0.0 255.255.0.0
object network lausanne
subnet 192.168.250.0 255.255.255.0
description Lausanne
object network dfbgroup
subnet 10.5.0.0 255.255.0.0
object network DPT
subnet 10.5.16.0 255.255.240.0
object network hpbexch
host 10.5.64.198
object network hpbmsvpn
host 10.5.64.196
object network kacehost
host 10.5.65.189
object network hpbsentry
host 10.5.64.194
object network hpbMDM
host 10.5.64.195
object network hperoom
host 10.5.65.211
description healthpoint eroom server
object network spintranet
host 10.5.65.185
description sharepoint intranet
object network spsales
host 10.5.65.194
description sharepoint sales
object network spteams
host 10.5.65.183
description sharepoint teams
object network Guest
subnet 192.168.3.0 255.255.255.0
object network Crystal
host 10.5.65.203
object network ERPLN
host 10.5.65.234
object network ERPLNDB
host 10.5.65.237
object service dpt
service tcp source range 1 65000 destination range 1 65000
description dpt ports
object network Documentum
host 10.5.17.216
object network DPTDocumentum
host 10.5.17.216
description Documentum
object network EzDocs
host 10.5.17.235
description EzDocs
object network Aerosol
subnet 10.5.32.0 255.255.240.0
object network Brooks
subnet 10.5.128.0 255.255.240.0
object network DPTScience
subnet 10.5.48.0 255.255.240.0
object network LakeWood
subnet 10.5.80.0 255.255.240.0
object network Plant
subnet 10.5.0.0 255.255.240.0
object network warehouse
subnet 10.5.240.0 255.255.240.0
object network NotesApps
host 10.5.65.235
object network DPTNotes
host 10.5.17.246
object network DNSServer
host 10.5.64.197
object network GuestNetwork
subnet 192.168.3.0 255.255.255.0
object network KACE
host 10.5.65.189
object network mdm2
host 10.5.64.195
object network guesterooms
host 10.5.65.211
object network DNSServer2
host 10.5.64.199
object network asa_LAN
host 10.5.64.6
object network guestspsales
host 10.5.65.194
object network JohnsonControlServer
host 10.5.65.33
description JC Server
object network guestexchange
host 10.5.64.198
description Guest Exchange
object network guestmobile2
host 10.5.64.194
object network DPTDocB
host 10.5.17.215
object-group service EDI tcp
port-object eq 50080
port-object eq 6080
port-object eq www
object-group service Exchange tcp
port-object eq 587
port-object eq www
port-object eq https
port-object eq smtp
object-group service Lotus-Sametime tcp
port-object eq 1503
port-object eq 1516
port-object eq 1533
port-object eq 8081
port-object range 8082 8084
port-object range 9092 9094
port-object eq www
port-object eq https
port-object eq lotusnotes
port-object eq rtsp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service VPN-MS tcp-udp
port-object eq 1701
port-object eq 1723
port-object eq 4500
port-object eq 500
object-group network Verizon-Servers
network-object 216.82.240.0 255.255.240.0
network-object 85.158.136.0 255.255.248.0
network-object 193.109.254.0 255.255.254.0
network-object 194.106.220.0 255.255.254.0
network-object 195.245.230.0 255.255.254.0
network-object 62.231.131.0 255.255.255.0
network-object 64.124.170.128 255.255.255.240
network-object 212.125.74.44 255.255.255.255
network-object 195.216.16.211 255.255.255.255
object-group network FDA_SecureEmail
network-object host 150.148.2.65
network-object host 150.148.2.66
object-group network Web-Server-Stuff
network-object host 204.71.89.34
network-object host 204.71.89.35
network-object host 204.71.89.33
network-object host 66.240.207.149
network-object host 68.168.88.169
network-object host 50.112.164.102
object-group service DFB-eRoom tcp
port-object eq www
port-object eq https
object-group network EDI-Customers
network-object host 129.33.204.13
network-object host 143.112.144.25
network-object host 160.109.101.195
network-object host 198.89.160.113
network-object host 199.230.128.125
network-object host 199.230.128.85
network-object host 205.233.244.208
network-object host 198.89.170.134
network-object host 198.89.170.135
network-object host 199.230.128.54
object-group service MDM tcp
description MobileIron ports
port-object eq 9997
port-object eq 9998
port-object eq https
object-group network OpenDNS
description OpenDNS Servers
network-object host 208.67.220.220
network-object host 208.67.222.222
network-object host 8.8.8.8
network-object host 68.113.206.10
object-group network healthpoint
network-object 10.5.64.0 255.255.240.0
object-group network vpnpool
network-object 10.5.79.0 255.255.255.0
object-group network dfb_group
network-object object dfbgroup
object-group network lausanne_group
network-object 192.168.250.0 255.255.255.0
object-group network DPTNetwork
network-object object DPT
network-object object Aerosol
network-object object Brooks
network-object object LakeWood
network-object object Plant
object-group network DM_INLINE_NETWORK_1
network-object object Cegedim
network-object object lausanne
group-object DPTNetwork
network-object object DPTNotes
object-group service DFB-Allow tcp
port-object eq 1025
port-object eq 1119
port-object eq 1120
port-object range 1222 1225
port-object eq 1433
port-object eq 1503
port-object eq 1516
port-object eq 1533
port-object range 16384 16403
port-object eq 1755
port-object eq 1919
port-object eq 1935
port-object range 2195 2196
port-object eq 3050
port-object eq 3080
port-object eq 3101
port-object eq 3244
port-object eq 3264
port-object eq 3306
port-object eq 3389
port-object eq 3724
port-object eq 4000
port-object eq 402
port-object range 4080 4081
port-object eq 4085
port-object eq 50080
port-object eq 5085
port-object range 5220 5223
port-object eq 5297
port-object eq 5298
port-object eq 5353
port-object eq 5550
port-object eq 5678
port-object eq 58570
port-object eq 5900
port-object eq 6080
port-object eq 6112
port-object eq 6114
port-object eq 6900
port-object eq 7800
port-object eq 8010
port-object eq 8080
port-object eq 8084
port-object eq 81
port-object eq 9081
port-object eq 9090
port-object eq 9997
port-object eq aol
port-object eq citrix-ica
port-object eq echo
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
port-object eq lotusnotes
port-object eq rtsp
port-object eq sip
port-object eq sqlnet
port-object eq ssh
port-object eq 442
object-group network webservers
network-object host 204.71.89.34
network-object host 204.71.89.35
object-group network DM_INLINE_NETWORK_2
network-object object KACE
network-object object guesterooms
network-object object guestspsales
network-object object JohnsonControlServer
network-object object mdm2
object-group network DM_INLINE_NETWORK_3
network-object host 10.5.65.230
network-object host 10.5.65.232
network-object object hpbexch
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group service kace tcp
port-object eq 52230
port-object eq www
port-object eq https
port-object eq 445
port-object eq netbios-ssn
object-group service DM_INLINE_TCP_0 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
object-group network VLAN_Switches
network-object host 192.168.10.10
network-object host 192.168.10.11
network-object host 192.168.10.12
network-object host 192.168.10.13
network-object host 192.168.10.14
network-object host 192.168.10.15
network-object host 192.168.10.16
network-object host 192.168.10.17
network-object host 192.168.10.1
object-group network Crystal_ERP
description Crystal Enterprise and Infor LN
network-object object Crystal
network-object object ERPLN
network-object object ERPLNDB
network-object object NotesApps
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object tcp destination eq www
service-object tcp destination eq https
object-group network GuestDNS
description DNS Servers for Guest
network-object object DNSServer
network-object object DNSServer2
object-group service DM_INLINE_TCP_3 tcp
port-object eq 3389
port-object eq 3390
object-group network DM_INLINE_NETWORK_4
group-object healthpoint
group-object vpnpool
access-list external_access_out extended permit object-group DM_INLINE_SERVICE_1 192.168.3.0 255.255.255.0 any
access-list external_access_out remark Production ACL
access-list external_access_out extended permit tcp any any object-group DFB-Allow
access-list external_access_out extended permit icmp any any
access-list external_access_out extended permit tcp any object-group Web-Server-Stuff
access-list external_access_out remark Site to Site connections
access-list external_access_out extended permit ip any object-group DM_INLINE_NETWORK_1
access-list external_access_out extended permit udp any object-group OpenDNS eq domain
access-list external_access_out extended permit ip object-group DM_INLINE_NETWORK_3 any
access-list split standard permit 10.5.64.0 255.255.240.0
access-list split standard permit 10.5.250.0 255.255.255.248
access-list split standard permit 10.5.128.0 255.255.240.0
access-list split standard permit 10.5.144.0 255.255.240.0
access-list split standard permit 10.5.16.0 255.255.240.0
access-list split standard permit 10.5.32.0 255.255.240.0
access-list split standard permit 10.5.96.0 255.255.240.0
access-list split standard permit 10.5.80.0 255.255.240.0
access-list split standard permit 10.5.48.0 255.255.240.0
access-list split standard permit 10.5.0.0 255.255.240.0
access-list split remark lausanne
access-list split standard permit 192.168.250.0 255.255.255.0
access-list split standard permit 172.18.0.0 255.255.0.0
access-list split remark HP
access-list external_access_in extended permit object-group DM_INLINE_SERVICE_2 any 192.168.3.0 255.255.255.0
access-list external_access_in remark Sharepoint
access-list external_access_in extended permit tcp any object spsales object-group DM_INLINE_TCP_2
access-list external_access_in remark Sharepoint
access-list external_access_in extended permit tcp any object spteams object-group DM_INLINE_TCP_1
access-list external_access_in remark Sharepoint
access-list external_access_in extended permit tcp any object spintranet object-group DM_INLINE_TCP_0
access-list external_access_in remark healthpoint erooms
access-list external_access_in extended permit tcp any object hperoom object-group DFB-eRoom
access-list external_access_in remark MDM2 VSP
access-list external_access_in extended permit tcp any object hpbMDM object-group MDM
access-list external_access_in remark New Sentry
access-list external_access_in extended permit tcp any object hpbsentry eq https
access-list external_access_in remark kace mgmt appliacne
access-list external_access_in extended permit tcp any object kacehost object-group kace
access-list external_access_in remark authentication server
access-list external_access_in extended permit object-group TCPUDP any object hpbmsvpn object-group VPN-MS
access-list external_access_in extended permit gre any object hpbmsvpn
access-list external_access_in remark HPB.NET new forest Exchange
access-list external_access_in extended permit tcp any object hpbexch object-group Exchange
access-list external_access_in remark EDI Inbound
access-list external_access_in extended permit tcp any host 10.5.65.42 object-group EDI
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list external_cryptomap extended permit ip object-group healthpoint object Cegedim
access-list external_cryptomap_1 extended permit ip object-group dfb_group object-group lausanne_group
access-list external_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_4 object-group DPTNetwork
access-list Guest_access_in extended deny tcp 192.168.3.0 255.255.255.0 object-group GuestDNS object-group DM_INLINE_TCP_3 inactive
access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 object-group GuestDNS inactive
access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 object-group DM_INLINE_NETWORK_2
access-list Guest_access_in extended deny ip 192.168.3.0 255.255.255.0 10.5.64.0 255.255.240.0
access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 any
access-list Guest_access_out extended permit ip any any inactive
access-list Guest_access_out extended permit ip any 192.168.3.0 255.255.255.0
no pager
logging enable
logging buffer-size 1045786
logging asdm informational
mtu external 1500
mtu internal 1500
mtu Guest 1500
mtu management 1500
ip local pool HPVPNClients 10.5.79.0-10.5.79.254 mask 255.255.255.0
ip verify reverse-path interface external
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any external
icmp permit any internal
asdm image disk0:/asdm-645.bin
no asdm history enable
arp external *142.189.93 0024.c4c0.4cc0
arp timeout 14400
nat (internal,external) source static dfb dfb destination static vpnpool vpnpool route-lookup
nat (internal,external) source static dfb dfb destination static lausanne lausanne
nat (internal,external) source static healthpoint healthpoint destination static Cegedim Cegedim
nat (external,internal) source static DPTNetwork DPTNetwork destination static Crystal_ERP Crystal_ERP no-proxy-arp
nat (internal,external) source static healthpoint healthpoint destination static DPTDocumentum DPTDocumentum unidirectional
nat (internal,external) source static healthpoint healthpoint destination static DPTDocB DPTDocB unidirectional
nat (internal,external) source static healthpoint healthpoint destination static EzDocs EzDocs unidirectional
nat (internal,external) source static healthpoint healthpoint destination static DPTNotes DPTNotes unidirectional
object network obj-10.5.65.239
nat (internal,external) static *142.189.82
object network obj-10.5.65.253
nat (internal,external) static *142.189.83
object network obj-10.5.65.42
nat (internal,external) static *142.189.84
object network obj-10.5.65.219
nat (internal,external) static *142.189.87
object network obj_any
nat (internal,external) dynamic interface dns
object network hpbexch
nat (internal,external) static *142.189.91
object network hpbmsvpn
nat (internal,external) static *142.189.82
object network kacehost
nat (internal,external) static *142.189.90
object network hpbsentry
nat (internal,external) static *142.189.92
object network hpbMDM
nat (internal,external) static *142.189.93
object network hperoom
nat (internal,external) static *142.189.88
object network spintranet
nat (internal,external) static *142.189.85
object network spsales
nat (internal,external) static *142.189.89
object network spteams
nat (internal,external) static *142.189.94
object network GuestNetwork
nat (Guest,external) dynamic interface
access-group external_access_in in interface external
access-group external_access_out out interface external
access-group Guest_access_in in interface Guest
access-group Guest_access_out out interface Guest
route external 0.0.0.0 0.0.0.0 *142.189.25 1
route external 10.5.16.0 255.255.240.0 *142.189.25 1
route external 10.5.32.0 255.255.240.0 *142.189.25 1
route external 10.5.80.0 255.255.240.0 *142.189.25 1
route external 10.5.128.0 255.255.240.0 *142.189.25 1
route external 10.5.240.0 255.255.240.0 *142.189.25 1
route external 10.5.250.0 255.255.255.248 *142.189.25 1
route internal 172.18.0.0 255.255.255.255 10.5.64.1 1
route external 192.168.250.0 255.255.255.0 *142.189.25 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPN-RADAuth protocol radius
aaa-server VPN-RADAuth (internal) host 10.5.65.253
key *****
radius-common-pw *****
aaa-server VPN-RADAuth (internal) host 10.5.65.240
key *****
aaa-server VPN-RADAuthHPB protocol radius
aaa-server VPN-RADAuthHPB (internal) host 10.5.64.196
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.5.0.0 255.255.0.0 internal
http 0.0.0.0 0.0.0.0 external
http 0.0.0.0 0.0.0.0 internal
snmp-server host internal 10.5.65.210 community ***** version 2c
snmp-server location Healthpoint.Vickery
snmp-server contact Jonathan Henry
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map external_map 1 match address external_cryptomap
crypto map external_map 1 set peer 64.126.222.190
crypto map external_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map external_map 2 match address external_cryptomap_1
crypto map external_map 2 set pfs
crypto map external_map 2 set peer 109.164.216.164
crypto map external_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map external_map 3 match address external_cryptomap_2
crypto map external_map 3 set peer 12.197.232.98
crypto map external_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map external_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map external_map interface external
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpoint ASDM_TrustPoint0
keypair ASDM_TrustPoint0
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate 4b54478c1754b7
30820563 3082044b a0030201 0202074b 54478c17 54b7300d 06092a86 4886f70d
01010505 003081ca 310b3009 06035504 06130255 53311030 0e060355 04081307
4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018
06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504
0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63
6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479
20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931
11300f06 03550405 13083037 39363932 3837301e 170d3131 30313036 31393533
33395a17 0d313331 31323932 31343730 315a305b 311a3018 06035504 0a13112a
2e686561 6c746870 6f696e74 2e636f6d 3121301f 06035504 0b131844 6f6d6169
6e20436f 6e74726f 6c205661 6c696461 74656431 1a301806 03550403 13112a2e
6865616c 7468706f 696e742e 636f6d30 82012230 0d06092a 864886f7 0d010101
05000382 010f0030 82010a02 82010100 c6609ef2 c19c47e9 016ce654 d151146e
5d213545 ca896f4e cbb2624c 5ea6d7f0 7f18a82b e441020b 74d6ebd4 b7ef34c9
97b80ce0 6eb1c1cc 3b296909 8a0a2ad7 2473fb60 ff0c9320 ec9b3fe3 82a501c4
3c3855bd e0822ce1 e1d1fb03 4609639f 9359653b 091b6b48 5ce22806 234a55e5
6f80ebba cfb68a22 6cd1e64e 756f22b5 13a6178d 9ffcfbbb 5ca4b773 50089a8b
7e966a23 d4711a49 44c101fc a6b68e26 6a8d57f3 2fed1f6f ce6b0535 498c5c97
bf0577fa 9d9a1e37 4ff3b9f0 913dac74 3f4d26c9 09aac485 ccd5dfb9 7aa226e8
89075829 eff0cf99 b642e679 5a9dfe74 e5899e30 e07b6bbf a92fab33 cb8d7f65
1d974861 8b02d78b bc7908a9 e70b1b59 02030100 01a38201 ba308201 b6300f06
03551d13 0101ff04 05300301 0100301d 0603551d 25041630 1406082b 06010505
07030106 082b0601 05050703 02300e06 03551d0f 0101ff04 04030205 a0303306
03551d1f 042c302a 3028a026 a0248622 68747470 3a2f2f63 726c2e67 6f646164
64792e63 6f6d2f67 6473312d 32382e63 726c304d 0603551d 20044630 44304206
0b608648 0186fd6d 01071701 30333031 06082b06 01050507 02011625 68747470
733a2f2f 63657274 732e676f 64616464 792e636f 6d2f7265 706f7369 746f7279
2f308180 06082b06 01050507 01010474 30723024 06082b06 01050507 30018618
68747470 3a2f2f6f 6373702e 676f6461 6464792e 636f6d2f 304a0608 2b060105
05073002 863e6874 74703a2f 2f636572 74696669 63617465 732e676f 64616464
792e636f 6d2f7265 706f7369 746f7279 2f67645f 696e7465 726d6564 69617465
2e637274 301f0603 551d2304 18301680 14fdac61 32936c45 d6e2ee85 5f9abae7
769968cc e7302d06 03551d11 04263024 82112a2e 6865616c 7468706f 696e742e
636f6d82 0f686561 6c746870 6f696e74 2e636f6d 301d0603 551d0e04 16041475
346fa066 c4b0cb48 a6aaf4d5 d03124fd 1babaf30 0d06092a 864886f7 0d010105
05000382 01010080 81fec403 103ecd08 88f17283 68154d3e 92da6355 58c50ea9
b6d2a2d1 86428614 44b3f27b ae00352d 0339f481 22d2bc3c 1f7a8458 495a337f
f939fa9d 76c9635c ac1f5452 8ec504ae 6c90dfc2 70e3b620 c34aedb3 12f8facd
ce45e918 af358576 b6711324 f5d53b62 77c2bb0d 6ff7a26c 1863c7fe eae6ee42
c1855066 e994db91 af755c47 b257545f ee29c6ab 57104a27 890f7f9c f95898c8
ed30eda7 9e86ebd4 c6007d3b 640e2312 3875410b 79ddff84 11454b83 7126ebbb
ce9c916a d5839e2b 095310e0 51e7e0cd d71c4830 ec1177c8 0407c147 afa2a33a
d058fa1b de4b2771 8af206c6 27e17249 1afbd515 d3f2845d a3699196 a9a7044c
5738a868 e01e59
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev1 enable external
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 3
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 10.5.0.0 255.255.0.0 internal
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh 10.5.0.0 255.255.0.0 internal
ssh timeout 5
console timeout 0
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 10.5.65.242 source internal
ssl trust-point ASDM_TrustPoint0 external
webvpn
enable external
enable internal
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-2.5.0217-k9.pkg 1
anyconnect profiles HP_Basic disk0:/HP_Basic.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy HPVPN internal
group-policy HPVPN attributes
banner value You are now connected to Healthpoint, Ltd.
wins-server none
dns-server value 10.5.64.199 10.5.64.197
dhcp-network-scope none
vpn-idle-timeout none
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
ip-comp disable
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value hpb.net
split-dns none
split-tunnel-all-dns disable
user-authentication-idle-timeout none
address-pools value HPVPNClients
client-firewall none
client-access-rule none
webvpn
anyconnect keep-installer installed
anyconnect ssl compression none
anyconnect profiles value HP_Basic type user
anyconnect ask enable default anyconnect timeout 5
http-comp none
username bcline password Wpo.Polan03mKRJ9 encrypted privilege 15
username jhenry password wX50UveiwuBH7p7v encrypted privilege 15
username ittemp password zpQoWfp93rOS3NU7 encrypted privilege 5
tunnel-group HPVPN type remote-access
tunnel-group HPVPN general-attributes
address-pool HPVPNClients
authentication-server-group VPN-RADAuth
authentication-server-group (external) VPN-RADAuth
default-group-policy HPVPN
password-management password-expire-in-days 3
tunnel-group HPVPN webvpn-attributes
group-alias HPVPN enable
tunnel-group HPVPN ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 64.126.222.190 type ipsec-l2l
tunnel-group 64.126.222.190 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 109.164.216.164 type ipsec-l2l
tunnel-group 109.164.216.164 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 12.197.232.98 type ipsec-l2l
tunnel-group 12.197.232.98 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group HPB type remote-access
tunnel-group HPB general-attributes
address-pool HPVPNClients
authentication-server-group VPN-RADAuthHPB
authentication-server-group (external) VPN-RADAuthHPB
default-group-policy HPVPN
password-management password-expire-in-days 3
tunnel-group HPB webvpn-attributes
group-alias HPB disable
group-alias HPVPN_NEW enable
tunnel-group HPB ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group HPB ppp-attributes
authentication ms-chap-v2
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
no dns-guard
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect dns
service-policy global_policy global
prompt hostname context
service call-home
call-home reporting anonymous
call-home
contact-email-addr
profile CiscoTAC-1
destination address
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f3c293700f62ee55af87105015fe4cd0
: endYou have to options:
1. The router that is internal must have a static route to the ASA to reach the VPN networks and must have a distribute static so that other routers that form part of EIGRP know how to route to the VPN networks.
2. You can configure on the ASA "set reverse-route" on the crypto map then configure EIGRP on the ASA and add redistribute static so that routes learned via VPN (considered static routes) can be pushed through EIGRP.
Maybe you are looking for
-
Ipod not being detected on my dell latitude620
I just got a dell latitude 620 laptop My ipod is being detected as a "device" My ipod will charge, but itunes does not recognize it. I've uninstalled itunes and reinstalled it twice. And tried about 90% of what apple support suggests There is nothing
-
I'm trying to create a subVI from a VI in which most of the controls and indicators (that will become the terminals of the subVI) reside in loops. I then connect the resulting subVI into a wrapper VI. One boolean control within a while loop in the su
-
Hi, I have arequirement where the PO's and PR's are mapped from APO to R3. The requiremtn is the PO mapped should not trigger release strategy. But our release strategy is defined on Doc type/POrg/Value. So, we suggested for creation of new document
-
Problem in creating entity service record
Hello!!! I am creating new record in service AEs_Employee emp; emp = es_EmployeeServiceProxy.create(); emp.setPernr("12345123"); emp.getAspect().sendChanges(); Some mistakes occur during application launch: The initial exception that
-
How do I set the 3G to SEND e-mail through G-Mail?
Hi, We went to the Apple store and the folks there set my wife's 3G iPhone up for a G-MAIL IMAP account which seems to work if I send an e-mail to her new G-mail account... but if I try to SEND an outgoing message using MAIL on the 3G it does not wor