WRT54G2 losing DNS preventing internet access
I've had this router for a few months and it's worked fine up until a few days ago. I started having problems accessing the internet such as the browser saying webpages couldn't be found.
The router is connected to a Motorola Surfboard modem. I discovered that going into router setup and doing a manual DHCP release/renew restores connectivity, at least for a while. Before I did that I looked at the status page and it seemed to show the proper IP addr listing for gateway, dns servers etc.
The renew process may take more than one click of the renew button. This happened when I first booted up and had no connectiivity, and also during a browsing session when I went to a page and had connection and then hit the back button and had none.
BGC
Connect the Computer to the Modem and check if everything is working fine or you getting some problem..?
If everything is working fine from the Modem side then,Open the setup page of the linksys router and reduce the MTU to 1350 and click on save settings...Power cycle the router and check the result.
If the problem does not resolve then,try upgrading/reflashing the router's firmware,reset the router and reconfigure it from the scratch.You can download the firmware from www.linksys.com/downloads.On the setup page,click on the Administration tab to upgrade the firmware.
Similar Messages
-
Any app that requires internet access times out and fails
Includes both Yahoo mail and my corproate account, along with Safari web browser. Acts as if a switch has been turned off to prevent internet access. I have backed up and restored the device. Still have phone service. All accesses DO work via Wi-FI, just not through AT&T carrier.
Includes both Yahoo mail and my corproate account, along with Safari web browser. Acts as if a switch has been turned off to prevent internet access. I have backed up and restored the device. Still have phone service. All accesses DO work via Wi-FI, just not through AT&T carrier.
-
E71 PC Internet Access DNS Problem
Hi all,
Got a bit of a problem which I hope someone knows the answer to.
I'm currently triailing tethering on an E71 for our corporate network. I've got the phone connected up and installed Nokia PC Internet Access on my machine; all good.
The problem I'm having is that we use a private APN at the mobile carrier to connect back to our network, and this does not advertise automatic DNS settings to clients. I can get connected to the APN no problem at all but without DNS servers on the connection, it's fairly useless.
Now, I can see that the PCIA application uses Dial-Up Networking behind the scenes to actually connect up, and I have tried to specify manual DNS servers on that connection, but every time I reconnect using PCIA, it resets everything back to automatic, which doesn't work.
Anyone got any ideas on forcing manual DNS servers on a connection when using PC Internet Access?
Thanks all!Nobody? This is the way how Nokia does NOT care us. Nokia is now dead
-
I have read that if you have this malware, you will lose internet access July 9. The virus, the article said, affects imacs.
http://www.pcworld.com/article/258796/dnschanger_malware_set_to_knock_thousands_ off_internet_on_monday.html
-
Using 2nd Built-In Ethernet port for internet access?
Hello,
I have a Quad-G5 running 10.4.8. In its current configuration, all its network communications, including web access, go over the active ethernet port (Built-in 1).
Does anyone know how I could use the second built-in port for internet access only? I'd like to route local traffic over the first port, but go "out" over the second.
The machine is on a corporate network, and proxy access is slowwww. I have the ability to use a direct connect to the internet, but still need to be connected locally. Any thoughts? Many thanks . . . JDEasy. Go to System Preferences > Network > Network Port Configurations and drag the port connected to the internet to the top, so that it has priority over the port connected to your LAN. This prevents DNS time-out when loading a website, but still allows LAN traffic over the other port because that traffic is most likely going to use ARP rather than DNS. For good measure, you can add your company's domain (such as "my_company.lan") to System Preferences > Network > Internal_Ethernet > TCP/IP > Search Domains.
-
Mac G5 Airport "NO internet Access" but is connected to WRT54G network
I have read thru prior threads and nothing has worked. I have connected to the internet once. I have upgraded the firmware to the wrt54. I have tried both PPPoe and DCHP to connect as well as using the built in ethernet. Why will it connect to the network but have no internet access?
The network status on my G5 says "Airport connected and You have internet access through Airport. But when I try through Safari, the screen comes up "no internet connection". Currently my wrt54 is 192.168.2.1 and I have set the security to allow access to the router. Can someone layout what my mac and router settings should be, If they are working for them? After trying somemany different things, I worry that I am not trying the right sequence of settings anymore. Help!
Many thanks!I have upgraded my router firmware to the latest, at least what is available here at linksys. The airport does retrieve the address from the router, but no go. Should it be set to PPPoe or not? If it isn't. it doesn't look for the host. When its off, the network status says connected to the linksys network, internet access through Airport, but still no Safari. I don't understand, if it is connected to the network, what is preventing it from connecting to the internet, which is available on the router? My DHCP server is enabled, I have changed the address to 192.168.2.1, 50 clients, but there are no DNS static address'. Should I input some DNS Address? My router is connected to a DSL modem and hardwired to a PC through the net connection. This is how I access the router. Whoops gotta get to work...........
Thanks for your help -
Internet Access to Portal located in DMZ
I've seen questions on the forum regarding gaing Internet access to the Oracle Portal located in the DMZ. This answer does not resolve the issue of having multple DADs to access your portal like abc.com and xyz.com. For that see note:162044.1 on metalink. http://metalink.oracle.com.
If you registered a domain name e.g. abc.com and have the portal up and running in the DMZ. Your local network should be accessing the portal just fine. Your computer name for example is portal. The URL translates into http://portal.abc.com. You opened the ports in the DMZ to allow access and wonder why you get partial portal pages, no login, etc. It's becase users can't resolve the DNS entry for portal.abc.com. Call your ISP and get an "A Record" entry. After a few hours and propogation of the A Record, users on the Internet can successfuly access your site. This A Record should be free.
Good luck
KellanHi,
You've to open the ITS for internet for accessing things from Portal too. As I've told you in previous post, the request goes directly to ITS server (http://itsserver.com/scripts..) and not as (http://myportal.com/scripts..). The idea of having it via Portal will be to mask the URL of ITS , which will not be visible (except for time you click on iview which will display in status bar). In any case, you can directly acces ITS as what you've told, however you give the proxy.
Regards,
Siva
P.S: Award points if you find this useful. -
New to Networking - Verizon Wireless Broadband Internet Access
Hello,
Just setting up my home network with a router and printer server. However, when I went to set it up, it is looking for a cable to connect from the laptop to the router. I use a Verizon Broadband wireless card that I insert into the pcmia slot on the laptopr, therefore, no wires involved.
Will this work with the router or do I need the cable connection for it to work.
Also, in the setup it asks not only for the IP address (which I think I found) but also a subnet, gateway, dns, etc. Any suggestions on where I can find this info.
Or is this all just explained somewhere in an easy guide when using a wireless internet access card.
Thanks in advance for any help.Thanks for the info. Since I live in a rural location, the only options I have are either slow dial up with MSN or the broadband access card in my laptop with Verizon so I guess I will be limited to the internet only on my laptop if I want faster access.
One thing, though, when I open the program for the verizon card (VZaccessmanager), it shows a symbol for linksys as an available network even though I didn't provide the ISP, etc. answers.
The router that I am using is the WRT54GS and and a WPS54G print server.
And, yes, the ISP question was being asked during the final stages of router installation, along with the gateway question, etc. Now that this isn't going to work with the access card, do I need to answer these questions?
Any help will be appreciated. Thanks. -
WRTP54G router: I have internet access wirelessly but a wired desktop doesn't.
We have an excellent wireless network working in the house, but my desktop (which isn't wireless) can't get internet access. It says that a network cable is unplugged - it's not. When a cable is plugged into one of the 4 ethernet ports in the back of the router, the ethernet lights on the front don't light up or flash or anything. I think that part isn't working. Is there anything I can do? Should I update the firmware? Or just get a new router? I have tried using different cables, but nothing changes. The only way for the desktop to get online is to take the router out of the configuration, but then the wireless network and the Vonage phone are out.
I went to ipconfig at the command prompt and under Ethernet adapter Local Area Connection: my Media State is Media disconnected. So, I'm guessing the ethernet ports on the router are not working at all.
Thanks for your help.
Message Edited by scraig8877 on 07-30-2009 12:41 PM
Solved!
Go to Solution.Do continuos ping ping 192.168.1.1 -t and check how many replies or RTO you will have. If you have replies even just a bit connect your PC to the modem to get internet connection and download the latest firmware and upgrade utility for your Router.
FIRMWARE
1. Go to www.linksys.com/downloads
2. Enter the Model Number of your Router
3. Choose Get Downloads
4. Select the Device Version
5. Check Downloads and Drivers then download the Firmware
UPGRADE UTILITY
1. Go to www.linksys.com/downloads
2. Enter the Model Numner BEFSR41
3. Choose Get Downloads
4. Select Device Version - Version 4.0
5. Check Downloads and Drivers then download the Utility
After downloading those files.
Connect your PC back to the Router then run the TFTP(Utlity) set Server = 192.168.1.1; Password = admin; then choose the firmware file that you have downloaded. Then Upgrade the firmware of your router.
Note : Make sure the you have set the TCP/IP and DNS Server of you computer back to OBTAIN IP ADDRESS.
Note : To run the TFTP Utility set the TCP/IP and DNS Server of your computer back to USE THE FOLLOWING IP ADDREESS.
Just follow the previous posts to do this. Good Luck.
Regards,
Lord Maxthor -
Internet Access from Inside to Outside ASA 5510 ver 9.1
Hi everyone, I need help setting up an ASA 5510 to allow all traffic going from the inside to outside so I can get internet access through it. I have worked on this for days and I have finally got traffic moving between my router and my ASA, but that is it. Everything is blocked because of NAT rules I assume.
I get errors like this when I try Packet Tracer:
(nat-xlate-failed) NAT failed
(acl-drop) Flow is denied by configured rule
Version Information:
Cisco Adaptive Security Appliance Software Version 9.1(4)
Device Manager Version 7.1(5)
Compiled on Thu 05-Dec-13 19:37 by builders
System image file is "disk0:/asa914-k8.bin"
Here is my ASA config, all I want for this exercise is to pass traffic from the inside network to the outside to allow internet access so I can access the internet and then look for specific acl's or nat for specific services:
Thank You!
Config:
ASA5510# sh running-config
: Saved
ASA Version 9.1(4)
hostname ASA5510
domain-name
inside.int
enable password <redacted> encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd <redacted> encrypted
names
dns-guard
interface Ethernet0/0
description LAN Interface
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Ethernet0/1
description WAN Interface
nameif Outside
security-level 0
ip address 199.199.199.123 255.255.255.240
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 199.199.199.4
domain-name
inside.int
object network inside-net
subnet 10.0.0.0 255.255.255.0
description Inside Network Object
access-list USERS standard permit 10.10.1.0 255.255.255.0
access-list OUTSIDE-IN extended permit ip any any
access-list INSIDE-IN extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Inside,Outside) source dynamic any interface
object network inside-net
nat (Inside,Outside) dynamic interface
access-group INSIDE-IN in interface Inside
access-group OUTSIDE-IN in interface Outside
router rip
network 10.0.0.0
network 199.199.199.0
version 2
no auto-summary
route Outside 0.0.0.0 0.0.0.0 199.199.199.113 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username <redacted> password <redacted> encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:
<redacted>
: end
SH NAT:
ASA5510# sh nat
Manual NAT Policies (Section 1)
1 (Inside) to (Outside) source dynamic any interface
translate_hits = 0, untranslate_hits = 0
Auto NAT Policies (Section 2)
1 (Inside) to (Outside) source dynamic inside-net interface
translate_hits = 0, untranslate_hits = 0
SH RUN NAT:
ASA5510# sh run nat
nat (Inside,Outside) source dynamic any interface
object network inside-net
nat (Inside,Outside) dynamic interface
SH RUN OBJECT:
ASA5510(config)# sh run object
object network inside-net
subnet 10.0.0.0 255.255.255.0
description Inside Network Object
Hi all,Hello everyone, I need some help before my head explodes. IddddddddHello Mitchell,
First of all how are you testing this:
interface Ethernet0/0
description LAN Interface
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
Take in consideration that the netmask is /30
The Twice NAT is good, ACLs are good.
do the following and provide us the result
packet-tracer input inside tcp 10.10.1.2 1025 4.2.2.2 80
packet-tracer input inside tcp 192.168.1.100 1025 4.2.2.2 80
And provide us the result!
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
Note: Check my website, there is a video about this that might help you.
http://laguiadelnetworking.com -
No internet access for vlan devices
Hey folks,
I'm new to cisco and have only recently started study for my ccna. In preperation for this i've gotten my hands on a cisco emi 3550-48 port switch so i can play and test some scenario's.
Now, I've setup a couple of vlans (200,201 and 202) and i've assigned them to fa0/3, 0/5 a0/7 respectively. i suppose it's irrelevant which ports are assign, they are just the ports i've assigned while typing this.
I know the cisco forums are full of people saying the intervlan routing isnt working and it just turns out to be the static route on the router in the end but i have set all that up and i can not get internet access on my vlan networks. The wierd thing is the switch itself can ping the internet no problem.
Here is my setup :
I've assigned ip addresses as follows :
vlan 200 - 10.10.200.254/24
vlan 201 - 10.10.201.254/24
vlan 202 - 10.10.202.254/24
I then enabled intervlan routing by issueing "IP ROUTING"
At this point I configured the VDSL modem/router (zyxel F1000) on IP Address 192.168.1.2/30 and I configured interface fa0/1 with the following commands :
interface fa0/1
no switchport
ip address 192.168.1.1 255.255.255.252
no shutdown
I then set the default route using :
ip route 0.0.0.0 0.0.0.0 192.168.1.2
Finally I configured three static route's on my Zyxel F1000 modem/router to send traffic back to my three vlans using the gateway 192.168.1.1
As i said above, If I plug into fa 0/3 (vlan 200) and lets say I give myself an ip address of 10.10.200.20, 255.255.255.0 and gateway 10.10.200.254. I can ping the othe vlns and devices on the other vlans no problem but bot for love nor money can i get onto the internet. For clarifications sake my dns is set to 8.8.8.8
Stranger still is the fact that the switch can ping hostnames and ips on the internet no problem. Has anyone got any ideas what could possibly be wrong?? I'm completely stumped.
Regards,
Thomas QuigleyHey guys,
Thanks for the speedy replies. I have been trying this for about 2 weeks now and last night after posting this message to the cisco forums I got my hands on an old Sonicwall router. I decided to test the connection using this as I suspected that Zyxel router is buggy.
I setup a PPPoE connection on the sonicwall and set that up as my default route matching exactly the ip settings listed above and it worked immediately.
I knew the setup I had ran above was right it was just tormenting me that it wouldn't work. Turns out its the piece of crap Zyxek VDSL modem.
Thanks for taking the time to read my post and offer advice.
Cheers,
TQ -
No internet access on certain IP Address
Hiya , I have to revisit this problem.
Strange IP issue !!!
I have a windows 2003 server with a static IP.
My network has a DHCP server and that Particular IP is in the exclusion range.
When I open a browser on the server I get the error "internet explorer cannot display the webpage"
However if I change the static IP address to a defferent static Ip address everything works fine.
Here's the funny bit.
If I set a different PC/server to this troublesome static IP I also get the issue.
So the problem is with the Static IP address itself?
On the DHCP server there is no indication that this is a BAD IP ADDRESS etc..
Checkeded the firewall and this is not blocking either.
Any ideas why this particular IP fails to get me internet access ?
When uing this BAD IP I can access our internal intranet.. Which makes me think it's some form of DNS issue?
Any PC that I change to this Bad IP cannot access the web.
I have also checked to see if Antivirus has somehow blocked this but it hasn't.
I can't really see anywhere on the network that can control this behaviour ?
Ray..Hiya and thx for reply..
All static settings are correct.I set them using GUI
When set static, If I change to any other static IP every thing works. Until I use 10.1.3.150
Details below.
IP with no internet access (IP Issue)
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-14-5E-BD-C2-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.3.150
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.1.2.254
DNS Servers . . . . . . . . . . . : 10.1.3.145
10.1.3.146
IP with internet access working (Normal IP)
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-14-5E-BD-C2-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.3.167
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.1.2.254
DNS Servers . . . . . . . . . . . : 10.1.3.145
10.1.3.146
DNS Server
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-14-5E-BD-CB-20
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.3.145
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.1.2.254
DNS Servers . . . . . . . . . . . : 10.1.3.145
Primary WINS Server . . . . . . . : 10.1.3.145 -
No Internet Access thru VPN w/ Windows 8.1
I had VPN working with Internet access & then all of a sudden it stopped working. I suspect one of the Windows AUTO update changed something that made it stop working, but can not be sure.
Per other blogs: I tried to temporary disable firewall and antivirus program on Windows 8.
Furthermore, tried to right click your VPN connection---properties---Networking---IPv4 or IPv6---Properties---Advanced---IP settings---Use default gateway on remote network.
Nothing worked. When VPN has no Internet connection - I can still successfully ping 8.8.8.8 in CMD window.
Next thing I suppose is to post RAS traces?? But I'm not sure which log file I should post.
Please help.Thanks for your reply.
I have Windows auto update & the last time it worked was months ago (but not sure which version).
Yes, if I ping 8.8.8.8, I get response, but I cannot connect to internet when I try to browse. In response to your questions:
1. I tried ping www.google.com, and I got "Ping request cannot find host www.google.com" message.
2. Yes, by no internet access I meant I cannot browse the internet.
3. No, I don't use any IE proxy server.
CMD line response to "ipconfig -all"& "route print" are listed below:
C:\windows\system32>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MediaCenter-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter FreeVPNme:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : FreeVPNme
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.11.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 209.244.0.3
208.67.222.222
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VPN - VPN Client:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VPN Client Adapter - VPN
Physical Address. . . . . . . . . : 00-AC-7E-07-A5-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-DB-B6-5D-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtua
Physical Address. . . . . . . . . : B8-EE-65-D3-4B-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 1x1 11b/g/n Wireless LAN PCI
Mini Card Adapter
Physical Address. . . . . . . . . : B8-EE-65-D3-4B-4E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c832:af51:4c8a:4c9f%5(P
IPv4 Address. . . . . . . . . . . : 10.223.116.122(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.223.116.71
DHCPv6 IAID . . . . . . . . . . . : 146337381
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-0B-5D-5B-50-AF
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Contr
Physical Address. . . . . . . . . : 50-AF-73-23-82-1E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Inter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{3AAF9E59-6992-41E1-AB34-710700639118}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{53183BE1-A0E4-4B92-A4B9-0B03F54C8EAE}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\windows\system32>route print
====================================================================
Interface List
52...........................FreeVPNme
18...00 ac 7e 07 a5 b9 ......VPN Client Adapter - VPN
8...00 ff db b6 5d b9 ......TAP-Windows Adapter V9
6...b8 ee 65 d3 4b 4e ......Microsoft Wi-Fi Direct Virtual Adapter
5...b8 ee 65 d3 4b 4e ......1x1 11b/g/n Wireless LAN PCI Express H
d Adapter
3...50 af 73 23 82 1e ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
====================================================================
IPv4 Route Table
====================================================================
Active Routes:
Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 10.223.116.71 10.223.116.122
0.0.0.0 0.0.0.0 On-link 10.11.0.2
10.11.0.2 255.255.255.255 On-link 10.11.0.2
10.223.116.0 255.255.255.0 On-link 10.223.116.122
10.223.116.122 255.255.255.255 On-link 10.223.116.122
10.223.116.255 255.255.255.255 On-link 10.223.116.122
93.115.83.250 255.255.255.255 10.223.116.71 10.223.116.122
127.0.0.0 255.0.0.0 On-link 127.0.0.1
127.0.0.1 255.255.255.255 On-link 127.0.0.1
127.255.255.255 255.255.255.255 On-link 127.0.0.1
224.0.0.0 240.0.0.0 On-link 127.0.0.1
224.0.0.0 240.0.0.0 On-link 10.223.116.122
224.0.0.0 240.0.0.0 On-link 10.11.0.2
255.255.255.255 255.255.255.255 On-link 127.0.0.1
255.255.255.255 255.255.255.255 On-link 10.223.116.122
255.255.255.255 255.255.255.255 On-link 10.11.0.2
====================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.223.116.71 Default
====================================================================
IPv6 Route Table
====================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
5 281 fe80::/64 On-link
5 281 fe80::c832:af51:4c8a:4c9f/128
On-link
1 306 ff00::/8 On-link
5 281 ff00::/8 On-link
====================================================================
Persistent Routes:
None
Thanks again for your quick reply. Let me know if you need other info.
Jackson -
Hi everybody,
I am unable to access internet with one of the vlan. i have two vlans
VLAN 2 192.168.1.0
VLAN 8 172.168.1.0
When i am on vlan 2 i can access to internet. when i work with vlan 8, i cannot access to internet. As a matter of fact VLAN 8 (172.168.1.0) is new. I need to know what else i need to configure to get access. the following is the configuration of my cisco ASA firewall. Any help will be apprieciated.
Thanks
hostname abcASA1
domain-name abc.com
enable password .4rNnGSuheRe encrypted
passwd 2KFQnbNIdI.2K encrypted
names
name 192.168.1.3 Email_DNS
name 192.168.1.4 SQLServer
name 192.168.2.2 VPN_3005
name 192.168.2.0 DMZ_Subnet
name 192.168.3.0 VPN_Subnet
name 192.168.1.0 Inside_Subnet
name 192.168.3.5 VPNNET_DNS
name 128.8.10.90 D_Root
name 192.5.5.241 F_Root
name 198.41.0.10 J_Root
name 192.33.4.12 C_Root
name 193.0.14.129 K_Root
name 198.32.64.12 L_Root
name 192.36.148.17 I_Root
name 192.112.36.4 G_Root
name 128.63.2.53 H_Root
name 128.9.0.107 B_Root
name 198.41.0.4 A_Root
name 202.12.27.33 M_Root
name 192.203.230.10 E_Root
name 12.183.68.51 ATT_DNS_2
name 12.183.68.50 ATT_DNS_1
name 192.168.1.6 FileServer_NAS
name 192.168.2.6 abc_WEB
name 199.130.197.153 CA_Mgmt_USDA
name 199.130.197.19 CA_Roaming_USDA
name 199.130.214.49 CA_CRLChk_USDA
name 199.134.134.133 CA_Mgmt_USDA_
name 199.134.134.135 CA_Roaming_USDA2
name 192.168.2.9 PublicDNS2
name 192.168.2.8 PublicDNS
name 192.168.1.11 abc02EX2
name 162.140.109.7 GPO_PKI_DIR
name 162.140.9.10 GPO_PKI
name 192.168.1.12 Patchlink
name 192.168.1.10 abcSLIMPS1
name 192.168.1.7 FileServer_DNS
name 192.168.1.15 abc06ex2
name 192.168.101.0 NEW_VPN_SUBNET
name 192.168.77.0 NEW_VPN_POOL description NEW_VPN_POOL
name 192.168.1.16 VTC description LifeSize VTC
name 12.18.13.16 VTC_Outside
name 192.168.2.50 Email_Gateway
name 192.168.1.20 Exch10
name 192.168.1.8 SharePoint
name 192.168.1.19 abc09ic description Web Servr
name 192.168.1.180 ExternalDNS
name 192.168.2.223 abc11ids
name 192.168.50.0 inside_new_Network
dns-guard
interface Vlan1
nameif outside
security-level 0
ip address 12.18.13.20 255.255.255.0
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan3
nameif dmz
security-level 10
ip address 192.168.2.1 255.255.255.0
interface Vlan4
nameif vpnnet
security-level 75
ip address 192.168.3.1 255.255.255.0
interface Vlan5
nameif asainside
security-level 50
ip address 192.168.4.1 255.255.255.0
interface Vlan6
nameif testinside
security-level 50
ip address 192.168.5.1 255.255.255.0
ipv6 address 2001:ab1:5::/64 eui-64
interface Vlan7
description New Local Area Network for Server
nameif inside_new
security-level 50
ip address 192.168.50.1 255.255.255.0
interface Vlan8
description abcdone Server VLAN
nameif Internal_LAN
security-level 100
ip address 172.168.1.254 255.255.255.0
interface Vlan16
description out of band
nameif oobnet
security-level 100
ip address 172.16.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
speed 100
duplex full
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
switchport access vlan 7
interface Ethernet0/4
interface Ethernet0/5
switchport trunk allowed vlan 1-10
switchport mode trunk
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup vpnnet
dns server-group DefaultDNS
name-server 192.168.1.2
name-server Email_DNS
domain-name abc.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network Inside_Server_Group
description EmailServer, FileServer, SQLServer
network-object Email_DNS 255.255.255.255
network-object SQLServer 255.255.255.255
network-object 192.168.1.2 255.255.255.255
network-object FileServer_NAS 255.255.255.255
network-object host abc02EX2
network-object host abc06ex2
object-group network Inside_Server_Group_ref
network-object 192.168.3.73 255.255.255.255
network-object 192.168.3.74 255.255.255.255
network-object 192.168.3.72 255.255.255.255
network-object 192.168.3.76 255.255.255.255
object-group service DNS tcp-udp
description DNS Service both TCP/UDP
port-object eq domain
object-group network InternetDNS
network-object A_Root 255.255.255.255
network-object B_Root 255.255.255.255
network-object C_Root 255.255.255.255
network-object D_Root 255.255.255.255
network-object E_Root 255.255.255.255
network-object F_Root 255.255.255.255
network-object G_Root 255.255.255.255
network-object H_Root 255.255.255.255
network-object I_Root 255.255.255.255
network-object J_Root 255.255.255.255
network-object K_Root 255.255.255.255
network-object L_Root 255.255.255.255
network-object M_Root 255.255.255.255
network-object ATT_DNS_2 255.255.255.255
network-object ATT_DNS_1 255.255.255.255
object-group network USDA-PKI-Users
description GAO PKI User Group
network-object 192.168.1.51 255.255.255.255
network-object 192.168.1.52 255.255.255.255
network-object 192.168.1.53 255.255.255.255
network-object 192.168.1.54 255.255.255.255
network-object 192.168.1.55 255.255.255.255
network-object 192.168.1.56 255.255.255.255
network-object 192.168.1.57 255.255.255.255
network-object 192.168.1.58 255.255.255.255
network-object 192.168.1.59 255.255.255.255
network-object 192.168.1.60 255.255.255.255
network-object host 192.168.1.61
network-object host 192.168.1.62
network-object host 192.168.1.63
object-group network CITABCDAS
network-object 192.168.3.241 255.255.255.255
network-object 192.168.3.242 255.255.255.255
network-object 192.168.3.243 255.255.255.255
network-object 192.168.3.244 255.255.255.255
network-object 192.168.3.245 255.255.255.255
network-object VPNNET_DNS 255.255.255.255
object-group service Virginia.edu tcp
description blackboard java classroom
port-object range 8010 8012
object-group network PDASB1-VPN-Inside
network-object host abcPLIasd1
network-object host 192.168.3.10
object-group service http-https tcp
port-object range https https
port-object range www www
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service VTC tcp-udp
description LifeSize
port-object range 60000 64999
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3268
port-object eq ldap
object-group service EmailGateway udp
description TrustManager
port-object eq 19200
port-object eq 8007
object-group service DM_INLINE_TCP_2 tcp
port-object eq 990
port-object eq ftp
port-object range 2000 5000
object-group service Barracuda tcp
port-object eq 5124
port-object eq 5126
object-group service barracuda udp
port-object eq 5124
port-object eq 5126
object-group service IMAP tcp
port-object eq 993
port-object eq imap4
object-group service DM_INLINE_SERVICE_0
service-object tcp eq domain
service-object udp eq domain
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit object-group TCPUDP any object-group InternetDNS object-group DNS
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_0 any host 12.18.13.222
access-list outside_access_in remark Website
access-list outside_access_in extended permit tcp any host 12.18.13.19 eq 8090
access-list outside_access_in remark Allow ICMP replies to inside
access-list outside_access_in extended permit icmp any host 12.18.13.21 echo-reply
access-list outside_access_in remark VTC
access-list outside_access_in extended permit tcp any host VTC_Outside eq h323
access-list outside_access_in remark VTC
access-list outside_access_in extended permit object-group TCPUDP any host VTC_Outside eq sip
access-list outside_access_in extended permit icmp any host VTC_Outside
access-list outside_access_in remark Barracuda
access-list outside_access_in extended permit tcp any host 192.168.1.25 object-group Barracuda
access-list outside_access_in remark Barracuda
access-list outside_access_in extended permit udp any host 192.168.1.25 object-group barracuda
access-list outside_access_in remark VTC
access-list outside_access_in extended permit udp any host VTC_Outside range 60000 64999
access-list outside_access_in remark VTC
access-list outside_access_in extended permit tcp any host VTC_Outside range 60000 64999
access-list outside_access_in remark for Public DNS2
access-list outside_access_in extended permit udp any host 12.18.13.223 eq domain
access-list outside_access_in remark for Public DNS2
access-list outside_access_in extended permit tcp any host 12.18.13.223 eq domain
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.224 eq www
access-list outside_access_in remark NTP from Router to DMZ
access-list outside_access_in extended permit udp host 12.18.13.1 host 12.18.13.15 eq ntp
access-list outside_access_in remark Syslog from Router
access-list outside_access_in extended permit udp host 12.18.13.1 gt 1023 host 12.18.13.13 eq syslog
access-list outside_access_in remark Inbound Email SMTP to DMZ Host 192.168.2.50
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.13 eq smtp
access-list outside_access_in remark VPNNET IPSec ESP
access-list outside_access_in extended permit esp any host 12.18.13.31
access-list outside_access_in remark VPNNET IPSec AH
access-list outside_access_in extended permit ah any host 12.18.13.31
access-list outside_access_in remark VPNNET IPSec Port 4500
access-list outside_access_in extended permit udp any eq 4500 host 12.18.13.31 eq 4500
access-list outside_access_in remark VPNNET IPSec ISAKMP
access-list outside_access_in extended permit udp any eq isakmp host 12.18.13.31 eq isakmp
access-list outside_access_in remark VPNNET IPSec over UDP port 10000
access-list outside_access_in extended permit udp any eq 10000 host 12.18.13.31 eq 10000
access-list outside_access_in remark Sharepoint1
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.42 eq https
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.31 eq https
access-list outside_access_in remark Access Rule to Webmail
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.32 eq https
access-list outside_access_in remark SLIMPSdev
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.33 object-group http-https
access-list outside_access_in remark Inbound Website
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.19 eq www
access-list outside_access_in remark Inbound SharePoint
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.42 eq www
access-list outside_access_in remark Inbound WEb Traffic to ISA server-SLIMPS
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.41 eq www
access-list outside_access_in remark Inbound Secure Web Traffic to ISA server-SLIMPS
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.41 eq https
access-list outside_access_in remark Inbound FTP abc_web
access-list outside_access_in extended permit tcp any host 12.18.13.14 object-group DM_INLINE_TCP_2
access-list outside_access_in remark DNS1
access-list outside_access_in remark for Public DNS2
access-list outside_access_in remark for Public DNS2
access-list outside_access_in remark NTP from Router to DMZ
access-list outside_access_in remark Syslog from Router
access-list outside_access_in remark Inbound Email SMTP to DMZ Host 192.168.2.5
access-list outside_access_in remark VPNNET IPSec ESP
access-list outside_access_in remark VPNNET IPSec AH
access-list outside_access_in remark VPNNET IPSec Port 4500
access-list outside_access_in remark VPNNET IPSec ISAKMP
access-list outside_access_in remark VPNNET IPSec over UDP port 10000
access-list outside_access_in remark Inbound WEb Traffic to Facilitate Web Server in DMZ
access-list outside_access_in remark Inbound Secure Web Traffic to Facilitate Web Server in DMZ
access-list outside_access_in remark Access Rule to FE Server
access-list outside_access_in remark SLIMPSdev
access-list outside_access_in remark Inbound WEb Traffic to ISA server-SLIMPS
access-list outside_access_in remark Inbound Secure Web Traffic to ISA server-SLIMPS
access-list outside_access_in remark Inbound port 93 to ISA server-SLIMPS
access-list outside_access_in remark Explicit Deny All
access-list vpnnet_access_in remark Patrica RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.53 eq 3389
access-list vpnnet_access_in remark Berry RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.51 eq 3389
access-list vpnnet_access_in remark John Tsai RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.156 eq 3389
access-list vpnnet_access_in remark Chopper RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.128 eq 3389
access-list vpnnet_access_in remark Ms Ballard RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.58 eq 3389
access-list vpnnet_access_in remark Wakita
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.153 eq 3389
access-list vpnnet_access_in remark Amy RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.124 eq 3389
access-list vpnnet_access_in remark KC RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.57 eq 3389
access-list vpnnet_access_in remark Eyang RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.161 eq 3389
access-list vpnnet_access_in remark SLIMPS doc
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.13 eq 3389
access-list vpnnet_access_in extended deny ip any any
access-list vpnnet_access_in remark for SLIMPS APP
access-list vpnnet_access_in remark for SLIMPS APP
access-list vpnnet_access_in remark for SLIMPS APP
access-list vpnnet_access_in remark FOR SLIMPS Application
access-list vpnnet_access_in remark SLIMPS Production Workflow
access-list vpnnet_access_in remark SLIMPS
access-list vpnnet_access_in remark FOR SLIMPS Application
access-list vpnnet_access_in remark SLIMPS VPN access to SLIMPSTEST2 Alpha website
access-list vpnnet_access_in remark SLIMPS VPN access to abc02SLIMPS1
access-list vpnnet_access_in remark SLIMPS VPN access to abc02SLIMPS2
access-list vpnnet_access_in remark for abc06SLIMPS1
access-list vpnnet_access_in remark for abc06SLIMPS1
access-list vpnnet_access_in remark VPNNET Windows Port 135 Netbios
access-list vpnnet_access_in remark VPNNET Windows Port 137 Netbios Name Service
access-list vpnnet_access_in remark VPNNET Windows Port 138 Netbios Datagram
access-list vpnnet_access_in remark VPNNET Windows Port 139 Netbios Session Service
access-list vpnnet_access_in remark VPNNET Windows Port 445 Server Message Block
access-list vpnnet_access_in remark VPNNET Windows Port 389 Lightweight Directory Access Protocol
access-list vpnnet_access_in remark VPNNET Windows Port 389 Lightweight Directory Access Protocol
access-list vpnnet_access_in remark VPNNET Windows Port 88 Kerberos
access-list vpnnet_access_in remark VPNNET Windows Port 88 Kerberos
access-list vpnnet_access_in remark VPNNET Windows Port 1433 Windows Sql Server
access-list vpnnet_access_in remark VPNNET Windows Port 9000 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 9000 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 9001 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 9001 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 4000 Status NTDS Port
access-list vpnnet_access_in remark VPNNET Windows TCP Domain Name Service
access-list vpnnet_access_in remark VPNNET Windows UDP Domain Name Service
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET Outbound Web
access-list vpnnet_access_in remark VPNNET Outbound Secure Web
access-list vpnnet_access_in remark VPNNET Outbound FTP
access-list vpnnet_access_in remark VPNNET ICMP Echo
access-list vpnnet_access_in remark VPNNET ICMP Echo-Reply
access-list vpnnet_access_in remark RDP for ISA
access-list vpnnet_access_in remark Allow access after Exemption from nat to inside network
access-list vpnnet_access_in remark talin test
access-list dmz_access_in remark isa to SLIMPS1 vote portal
access-list dmz_access_in extended permit tcp host 192.168.2.20 host 192.168.2.10 eq 8200
access-list dmz_access_in extended permit udp host 192.168.2.101 host 12.18.13.1 eq ntp
access-list dmz_access_in remark ISA to SLIMPS Dev
access-list dmz_access_in extended permit tcp host 192.168.2.14 host 12.18.13.33 eq www inactive
access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
access-list dmz_access_in extended permit udp host Email_Gateway any eq 8007
access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
access-list dmz_access_in extended permit udp host Email_Gateway any eq 19200
access-list dmz_access_in remark NTP Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host FileServer_DNS eq ntp
access-list dmz_access_in remark FTP
access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ftp
access-list dmz_access_in remark ldap
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host 192.168.2.78
access-list dmz_access_in remark ldap
access-list dmz_access_in extended permit udp host SharePoint gt 1023 host 192.168.2.78
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit object-group TCPUDP host Email_Gateway host FileServer_DNS object-group DNS
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ldap
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 eq www inactive
access-list dmz_access_in remark HTTPS access to the Clearswift Update Server
access-list dmz_access_in extended permit tcp Inside_Subnet 255.255.255.0 gt 1023 host Email_Gateway eq https inactive
access-list dmz_access_in remark HTTP for SharePoint
access-list dmz_access_in extended permit tcp host SharePoint host FileServer_DNS eq ldap
access-list dmz_access_in remark LDAP Communication for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 object-group DM_INLINE_TCP_1
access-list dmz_access_in remark LDAP Communication
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.78 eq 3268
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in extended permit udp host PublicDNS object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ ISA DNS Forwarding to Outside
access-list dmz_access_in extended permit udp host 192.168.2.15 gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in extended permit udp host SharePoint gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in extended permit udp host abc_WEB gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 object-group InternetDNS object-group DNS inactive
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in extended permit tcp host PublicDNS gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Outbound https Web
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 object-group InternetDNS object-group DNS inactive
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in extended permit udp host PublicDNS gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark Public DNS server.
access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in extended permit tcp host PublicDNS gt 1023 any eq www
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 any eq www
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark DMZ Public DNS to Outside
access-list dmz_access_in remark DMZ DNS to Outside
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq www
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq www
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.75 eq www
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.75 eq www
access-list dmz_access_in remark DMZ DNS FTP for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq ftp
access-list dmz_access_in remark DMZ DNS Outbound Web for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq www
access-list dmz_access_in remark DMZ ISA DNS Outbound Web
access-list dmz_access_in extended permit tcp host 192.168.2.15 gt 1023 any eq www
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq www
access-list dmz_access_in remark For Email Gateway
access-list dmz_access_in extended permit icmp host Email_Gateway host 12.18.13.1
access-list dmz_access_in remark ISA
access-list dmz_access_in extended permit icmp host 192.168.2.15 host 12.18.13.1
access-list dmz_access_in extended permit icmp host SharePoint host 12.18.13.1
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq www
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 any eq www
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq ftp inactive
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq ftp
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq ftp inactive
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq ftp
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in extended permit tcp host SharePoint host 192.168.2.73 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host 192.168.2.77 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host Exch10 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host abc06ex2 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in extended permit tcp host SharePoint host abc06ex2 eq smtp inactive
access-list dmz_access_in remark DMZ DNS Inbound Web Shield Relay SMTP
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.75 eq smtp inactive
access-list dmz_access_in remark Mailsweeper access to FE Server
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.11 eq smtp inactive
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 host 192.168.2.73 eq smtp
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 host 192.168.2.75 eq smtp
access-list dmz_access_in remark DMZ EMail Gateway outbound delivery
access-list dmz_access_in extended permit tcp host Email_Gateway any eq smtp
access-list dmz_access_in remark DMZ Mail Sweeper outbound delivery
access-list dmz_access_in extended permit tcp host SharePoint any eq smtp inactive
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq https inactive
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq https
access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway object-group EmailGateway any eq 8007
access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq https inactive
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 any eq https inactive
access-list dmz_access_in remark DMZ DNS Outbound SMTP to Internet
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq smtp inactive
access-list dmz_access_in remark for ISA
access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq www
access-list dmz_access_in remark for ISA
access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq https
access-list dmz_access_in extended permit object-group TCPUDP host SharePoint Inside_Subnet 255.255.255.0 eq domain
access-list dmz_access_in extended permit icmp host SharePoint Inside_Subnet 255.255.255.0
access-list dmz_access_in extended permit ip host abc11ids any
access-list dmz_access_in extended permit ip Inside_Subnet 255.255.255.0 any
access-list dmz_access_in remark Explicit Rule
access-list dmz_access_in extended deny ip any any
access-list dmz_access_in remark isa to SLIMPS1 vote portal
access-list dmz_access_in remark ISA to SLIMPS Dev
access-list dmz_access_in remark ldap
access-list dmz_access_in remark LDAP Communication
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in remark DMZ DNS Outbound https Web
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in remark Public DNS server.
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark DMZ Public DNS to Outside
access-list dmz_access_in remark DMZ DNS to Outside
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in remark DMZ DNS Inbound Web Shield Relay SMTP
access-list dmz_access_in remark Mailsweeper access to FE Server
access-list dmz_access_in remark DMZ Mail Sweeper outbound delivery
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in remark DMZ DNS Outbound SMTP to Internet
access-list dmz_access_in remark for ISA
access-list dmz_access_in remark for ISA
access-list dmz_access_in remark Explicit Deny All
access-list testinside_access_in remark Deny IP Traffic from Test to Production DMZ
access-list testinside_access_in remark Allow all other Traffic to Outside
access-list testinside_access_in remark Deny IP Traffic from Test to Production DMZ
access-list testinside_access_in remark Allow all other Traffic to Outside
access-list vpnnet_nat0_outbound extended permit ip VPN_Subnet 255.255.255.0 Inside_Subnet 255.255.255.0
access-list vpnnet_nat0_outbound extended permit ip VPN_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 host Email_Gateway
access-list inside_nat0_outbound remark SharePoint
access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 host SharePoint
access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
access-list dmz_nat0_outbound remark For Email Gateway
access-list dmz_nat0_outbound extended permit ip host Email_Gateway Inside_Subnet 255.255.255.0
access-list dmz_nat0_outbound remark Sharepoint
access-list dmz_nat0_outbound extended permit ip host SharePoint Inside_Subnet 255.255.255.0
access-list dmz_nat0_outbound extended permit ip DMZ_Subnet 255.255.255.0 NEW_VPN_SUBNET 255.255.255.0
access-list dmz_nat0_outbound extended permit ip DMZ_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
access-list capture_acl extended permit ip host 12.18.13.33 host 12.18.13.180
access-list capture_acl extended permit ip host 12.18.13.180 host 12.18.13.33
access-list cap_acl extended permit ip host 192.168.2.14 host 12.18.13.180
access-list cap_acl extended permit ip host 12.18.13.180 host 192.168.2.14
access-list 213 extended permit ip host SharePoint host 192.168.2.21
access-list asainside_access_in remark permit traffic from the new ASA
access-list asainside_access_in extended permit ip 192.168.100.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list asainside_access_in extended permit ip 192.168.4.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list asainside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list asainside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list acl_cap extended permit ip host 192.168.100.1 host 192.168.4.1
access-list acl_cap extended permit ip host 192.168.4.1 host 192.168.100.1
access-list abcdONE_splitTunnelAcl standard permit Inside_Subnet 255.255.255.0
access-list abcdONE_splitTunnelAcl standard permit DMZ_Subnet 255.255.255.0
access-list abcdONE_splitTunnelAcl standard permit 172.16.1.0 255.255.255.0
access-list oobnet_access_in extended permit ip any Inside_Subnet 255.255.255.0
access-list VMman_nat0_outbound extended permit ip 172.16.1.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list Internal_LAN_access_in extended permit object-group TCPUDP any object-group InternetDNS object-group DNS
access-list Internal_LAN_access_in extended permit ip any any
snmp-map mysnmpmap
pager lines 30
logging enable
logging timestamp
logging monitor informational
logging buffered informational
logging trap debugging
logging history warnings
logging asdm debugging
logging mail informational
logging from-address [email protected]
logging recipient-address [email protected] level errors
logging device-id ipaddress outside
logging host vpnnet VPNNET_DNS
logging host inside abc09ic
logging host inside 192.168.1.60
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu vpnnet 1500
mtu asainside 1500
mtu testinside 1500
mtu inside_new 1500
mtu Internal_LAN 1500
mtu oobnet 1500
ip local pool VPNPOOL 192.168.101.1-192.168.101.254 mask 255.255.255.0
ip local pool NEW_VPN_POOL 192.168.77.10-192.168.77.240 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip verify reverse-path interface dmz
ip verify reverse-path interface vpnnet
ip verify reverse-path interface asainside
ip audit name Outside attack action drop
ip audit interface outside Outside
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
asdm image disk0:/asdm-621.bin
asdm history enable
arp outside 12.18.13.20 0024.c4e9.4764
arp timeout 14400
global (outside) 1 12.18.13.21 netmask 255.255.255.255
global (outside) 2 12.18.13.22 netmask 255.255.255.255
global (outside) 3 12.18.13.23 netmask 255.255.255.255
global (outside) 4 12.18.13.24 netmask 255.255.255.255
global (outside) 5 12.18.13.25 netmask 255.255.255.255
global (inside) 1 interface
global (dmz) 1 192.168.2.21 netmask 255.255.255.255
global (dmz) 3 192.168.2.23 netmask 255.255.255.255
global (dmz) 4 192.168.2.24 netmask 255.255.255.255
global (dmz) 5 192.168.2.25 netmask 255.255.255.255
global (vpnnet) 1 192.168.3.21 netmask 255.255.255.255
nat (outside) 1 NEW_VPN_POOL 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 Inside_Subnet 255.255.255.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 2 DMZ_Subnet 255.255.255.0
nat (vpnnet) 0 access-list vpnnet_nat0_outbound
nat (vpnnet) 3 VPN_Subnet 255.255.255.0
nat (asainside) 0 access-list asainside_nat0_outbound
nat (asainside) 1 192.168.4.0 255.255.255.0
nat (oobnet) 0 access-list VMman_nat0_outbound
static (dmz,outside) 12.18.13.31 VPN_3005 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.72 FileServer_DNS netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.74 SQLServer netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.73 Email_DNS netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.76 FileServer_NAS netmask 255.255.255.255 dns
static (inside,vpnnet) 192.168.3.80 abcSLIMPS1 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.2.73 Email_DNS netmask 255.255.255.255
static (inside,dmz) 192.168.2.77 abc06ex2 netmask 255.255.255.255
static (dmz,outside) 12.18.13.13 Email_Gateway netmask 255.255.255.255
static (dmz,outside) 12.18.13.14 abc_WEB netmask 255.255.255.255
static (outside,inside) VTC VTC_Outside netmask 255.255.255.255
static (dmz,outside) 12.18.13.15 192.168.2.101 netmask 255.255.255.255
static (inside,outside) 12.18.13.19 abc09ic netmask 255.255.255.255
static (inside,outside) 12.18.13.42 SharePoint netmask 255.255.255.255
static (inside,dmz) 192.168.2.78 FileServer_DNS netmask 255.255.255.255
static (inside,outside) 12.18.13.32 Exch10 netmask 255.255.255.255
static (inside,dmz) 192.168.2.10 abcSLIMPS1 netmask 255.255.255.255
static (inside,dmz) 192.168.2.11 abc02EX2 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.11 abc02EX2 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.81 192.168.1.155 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.82 192.168.1.28 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.2.13 192.168.1.13 netmask 255.255.255.255
static (inside,outside) VTC_Outside VTC netmask 255.255.255.255
static (inside,outside) 12.18.13.33 192.168.1.13 netmask 255.255.255.255
static (inside,outside) 12.18.13.41 abcSLIMPS1 netmask 255.255.255.255
static (inside,outside) 12.18.13.222 ExternalDNS netmask 255.255.255.255
static (inside,Internal_LAN) Inside_Subnet Inside_Subnet netmask 255.255.255.0
static (Internal_LAN,inside) 172.168.1.0 172.168.1.0 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group dmz_access_in in interface dmz
access-group vpnnet_access_in in interface vpnnet
access-group asainside_access_in in interface asainside
access-group Internal_LAN_access_in in interface Internal_LAN
access-group oobnet_access_in in interface oobnet
route outside 0.0.0.0 0.0.0.0 12.18.13.1 1
route asainside 192.168.100.0 255.255.255.0 192.168.4.2 1
timeout xlate 1:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server abc.com protocol nt
aaa-server abc.com (inside) host 192.168.1.2
nt-auth-domain-controller abc12dc1
aaa-server abc.com (inside) host Email_DNS
nt-auth-domain-controller abc12dc2
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.0 255.255.255.0 outside
http Inside_Subnet 255.255.255.0 outside
http Inside_Subnet 255.255.255.0 inside
http VPN_Subnet 255.255.255.0 vpnnet
snmp-server group Authentication_Only v3 auth
snmp-server group Authentication&Encryption v3 priv
snmp-server user mkaramat Authentication&Encryption v3 encrypted auth md5 25:57:33:8a:86:b0:fc:71:36:5f:de:3d:83:35:eb:d4 priv aes 128 25:57:33:8a:86:b0:fc:71:36:5f:de:3d:83:35:eb:d4
snmp-server host inside 192.168.1.60 version 3 mkaramat udp-port 161
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
no service resetoutbound interface outside
no service resetoutbound interface inside
no service resetoutbound interface dmz
no service resetoutbound interface vpnnet
no service resetoutbound interface asainside
no service resetoutbound interface testinside
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map oobnet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map oobnet_map interface oobnet
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp enable inside_new
crypto isakmp enable oobnet
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 12.18.13.0 255.255.255.0 outside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh Inside_Subnet 255.255.255.0 inside
ssh VPN_Subnet 255.255.255.0 vpnnet
ssh timeout 30
ssh version 1
console timeout 0
dhcpd auto_config inside
dhcpd dns 192.168.1.2 Email_DNS interface oobnet
dhcpd domain abc.com interface oobnet
dhcpd option 3 ip 172.16.0.1 interface oobnet
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 192.43.244.18 source outside prefer
tftp-server vpnnet 192.168.3.10 /
webvpn
group-policy DfltGrpPolicy attributes
vpn-idle-timeout 60
group-policy abcdONEVPN internal
group-policy abcdONEVPN attributes
dns-server value 192.168.1.7 192.168.1.3
vpn-tunnel-protocol IPSec
default-domain value abc
group-policy abcdONE internal
group-policy abcdONE attributes
dns-server value 192.168.1.7 192.168.1.3
vpn-idle-timeout 30
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelall
split-tunnel-network-list value abcdONE_splitTunnelAcl
default-domain value abc.com
service-type remote-access
service-type remote-access
tunnel-group abcdONE type remote-access
tunnel-group abcdONE general-attributes
address-pool NEW_VPN_POOL
default-group-policy abcdONE
tunnel-group abcdONE ipsec-attributes
pre-shared-key *
isakmp keepalive disable
tunnel-group abcdONE ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect ipsec-pass-thru VPN
parameters
esp
ah
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect http
inspect icmp
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
service-policy global_policy global
prompt hostname context
Cryptochecksum:02e178404b46bb8758b23aea638d2f24
: end
asdm image disk0:/asdm-621.bin
asdm location NEW_VPN_POOL 255.255.255.0 inside
asdm location abc09ic 255.255.255.255 inside
asdm location VTC 255.255.255.255 inside
asdm location Email_Gateway 255.255.255.255 inside
asdm location Exch10 255.255.255.255 inside
asdm location ExternalDNS 255.255.255.255 inside
asdm location abc11ids 255.255.255.255 inside
asdm history enableHi,
Could you let me know if you have tried the configuration I originally suggested. I mean creating a "nat" statement for the "Internal_LAN" thats ID number matches one of the existing "global" or make a new "global" for it. And also if the "Internal_LAN" needs to access "inside" you could have added the "static" command suggested.
It seems there has been some other suggestions in between that have again suggested completely different things. I would have been interested to know what the situation is after the suggested changes before going and doing something completely different.
If you are changing a lot of NAT configurations for the new "Internal_LAN" interface I would suggest checking the output of
show xlate | inc 172.168.1
To see if you need to use some variant of the "clear xlate" command to clear old translations still active on the firewall. You should not use the "clear xlate" without additional parameters as otherwise it clears all translations on the firewall in the mentioned form of the command
You can use
clear xlate ?
To view the different optional parameters for the command
- Jouni -
No Internet Access on Private Network
Hi,
I have an and ESXi Host with few VM's and i require Internet Access on these servers. This is Mini lab i have created at home.
I have My Home Broadband Router (192.168.0.1) acting as a DHCP server handing out DHCP addresses as usual.
A Cisco 3750 with 3 Vlans created with inter vlan working with the "Ip Routing" command.
A Physical PC
A ESXi Host
3 Vlans:
Vlan 100 10.0.9.1/24 (Home Vlan) Created DHCP Pool on this Vlan on 3750
Vlan 200 10.0.10.1/24 (Voice Vlan) Created DHCP Pool on this Vlan on 3750
Vlan 300 192.168.0.2/24 (Internet Vlan) DHCP handing out IP's from home broadband router (Uplink setup from Home ADSL router)
3750 Switch:
Port 1 ESXi Trunk
Port 2 Home PC (Vlan 100)
Port 3 – 28 Vlan 300 and all giving DHCP addresses from home ADSL router
Home PC (Vlan 100 – IP Address 10.0.9.52)
From Command Prompt PC can ping the following:
10.0.9.1 (Gateway) Ping Ok!!!!!
10.0.9.2 (ESX Host) Ping Ok!!!!!
10.0.10.1 (Gateway for Voice Vlan 200) Ping Ok!!!!!
192.168.0.2 (Gateway for Internet Vlan 300) Ping Ok!!!!!
192.168.0.1 (Home Router & DNS) No Ping…..
Cisco 3750 Switch
This can ping the following:
10.0.9.1 (Gateway) Ping Ok!!!!!
10.0.9.2 (ESX Host) Ping Ok!!!!!
10.0.10.1 (Gateway for Voice Vlan 200) Ping Ok!!!!!
192.168.0.2 (Gateway for Internet Vlan 300) Ping Ok!!!!!
192.168.0.1 (Sky router & DNS) Ping OK!!!!!
My assumtion is if i have these settings on my home PC:
IP Address 10.0.9.55
S/M 255.255.255.0
Gateway 10.0.9.1
DNS Server: 192.168.0.1 (Home Router)
i should get internet access on my 10.0.9.1/24 network.
IP routing is enabled and inter Vlan is working correctly. The issue I have is I have no internet connectivity on Vlan 100 (10.0.9.1/24) from my desktop PC or any of my VM's on the 10.0.9.1/24 network and internet seems to be working fine on any device in vlan 300.
I have added my Running Config an attachment to give you a better understanding.
Please can someone find i solution as i desperately require internet access on my VM's but they need to stay on the 10.x.x.x subet due to CUCM licensing.
Kind Regards
ZubairHi,
It sounds to me like the home router (192.168.0.1) doesnt have a route back to your 10.0.9.0/24 and 10.0.10.0/24 networks.
Can you try a source ping from your 3750 switch as follows
ping 192.168.0.1 source 10.0.9.1
If this fails you will need to add static routes on the home router for the above networks with a next-hop of your 3750 192.168.0.2
Maybe you are looking for
-
Itunes stop working..When add file to library and synch it to ibook
using itunes to transfer files from my PC (using windows & 64 bit) to my IPad (Ipad 2).. and itunes stop working when i add files to library this is the error Description Faulting Application Path: C:\Program Files (x86)\iTunes\iTunes.exe Pr
-
Hi I've inserted an image (using Insert Image key) as a "background" using a table cell over which I've put some writing in a layer. When I load it up in DW usng F12 the image/writing looks great but when I host it to the web I dont get the image but
-
InDesign CS6 on to laptops (MacBooks)
I´ve been using InDesign CS6 on my old MacBook. Is it possible to use it on my new MacBook, and use it on both? Same user.
-
How do I download a previously purchased PSE to a new PC?
How do I download a previously purchased PSE to a new PC?
-
Trying to recreate this graphic in Fireworks CS3
Hello folks, I'm a newbie at Fireworks and so I'm having a bit of trouble figure out how to recreate a similar graphic to this, with the curved lines that are thicker on one end and curve into a point. Here's the graphic: http://moretech.us.com/wp-co