Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5512x 9.3 version Outbound connection issues

Status
Not open for further replies.

jfp23

Technical User
Mar 2, 2004
287
US
I have just installed a 5512 with the 9.3 version of the OS. I have an issue where I cannot get traffic to route out of the inside interface except for traffic that goes through a WCCP redirect which we use for HTTP/HTTPS traffic. I have been unable to this point to resolve the issue. My access groups and lists are below. Also at the top of my config are what looks like default xlate per-session deny statements, i'm not sure if that is playing in to my issue or not.


Result of the command: "show running-config access-group"

access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
access-group DMZ_access_in in interface DMZ
access-group global_access global



Result of the command: "show running-config access-list"

access-list DMZ_access_in remark Allow DMZ to retriev DNS information from mordc01
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_5 172.31.1.0 255.255.255.0 host 10.101.27.24
access-list DMZ_access_in remark Allow DMZ to send DNS lookups to mordc02
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_4 172.31.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_3
access-list DMZ_access_in remark Allow CSG to communicate with internal Meta Servers
access-list DMZ_access_in extended permit tcp 172.31.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_TCP_1
access-list DMZ_access_in extended permit udp 172.31.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_2 object-group Citrix-udp
access-list DMZ_access_in extended permit icmp 172.31.1.0 255.255.255.0 10.101.27.0 255.255.255.0
access-list DMZ_access_in extended permit tcp object-group DM_INLINE_NETWORK_4 10.101.27.0 255.255.255.0 object-group DM_INLINE_TCP_3
access-list DMZ_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 10.101.27.0 255.255.255.0 object-group RPC
access-list DMZ_access_in extended permit tcp host 172.31.1.22 any object-group DM_INLINE_TCP_5
access-list DMZ_access_in extended permit object-group TCPUDP host 172.31.1.22 object-group DM_INLINE_NETWORK_7 object-group Join_Domain_Ports
access-list DMZ_access_in extended permit tcp host 172.31.1.22 object-group DM_INLINE_NETWORK_5 object-group Win911_Client_Port
access-list DMZ_access_in extended permit object-group TCPUDP object-group DM_INLINE_NETWORK_10 object-group DM_INLINE_NETWORK_11 object-group Drobo_Ports log debugging
access-list DMZ_access_in extended permit tcp host 172.31.1.22 object-group DM_INLINE_NETWORK_12 object-group Win911_Push_Port
access-list DMZ_access_in extended permit tcp 172.31.1.0 255.255.255.0 host 10.101.27.70 eq www
access-list Outside_access_in remark citrix.morphotek.com traffic
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object OUTSIDE_CITRIX_IP
access-list Outside_access_in remark mo-csg.morphotek.com traffic
access-list Outside_access_in extended permit tcp any object OUTSIDE_CITRIXTEST_IP object-group DM_INLINE_TCP_4
access-list Outside_access_in remark Allow email traffic In to morspam01
access-list Outside_access_in extended permit tcp any object OUTSIDE_MAIL_IP eq smtp
access-list Outside_access_in remark Allow http/https traffic to mail for OWA and OMA
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any object OUTSIDE_MAIL_IP
access-list Outside_access_in remark Allow Https for Accellion Traffic
access-list Outside_access_in extended permit tcp any object Outside_Accellion_IP eq https
access-list Outside_access_in remark sharepoint.morphotek.com traffic
access-list Outside_access_in extended permit tcp any object OUTSIDE_SHAREPOINT_IP eq https
access-list Outside_access_in extended permit tcp any object OUTSIDE_MORPORTAL01_IP object-group Win911_Client_Port
access-list Outside_access_in extended permit object-group TCPUDP any object-group DM_INLINE_NETWORK_8 object-group XMPP_Federation
access-list Outside_access_in extended permit tcp any object DIAGDEV_PRIME_OUTSIDE_IP eq ssh
access-list Outside_access_in remark Allow http/https traffic to Accellion
access-list Inside_nat0_outbound extended permit ip any 172.31.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 10.101.27.0 255.255.255.0 172.18.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 172.18.1.0 255.255.255.0
access-list DMZ_nat0_outbound extended permit ip host 172.31.1.20 10.101.27.0 255.255.255.0
access-list smtp extended permit tcp any host 64.212.42.53 object-group DM_INLINE_TCP_2
access-list OutsidetoDMZ extended permit tcp any host 172.31.1.20 eq www
access-list OutsidetoInside extended permit tcp any host 10.101.27.18 eq smtp
access-list WSA extended permit ip host 10.101.27.10 any
access-list WCCP_redirect extended permit tcp 10.101.27.0 255.255.255.0 any
access-list WCCP_redirect extended permit tcp 10.101.130.0 255.255.255.0 any
access-list WCCP_redirect extended permit tcp 10.101.128.0 255.255.255.0 any
access-list WCCP_redirect extended permit object-group TCPUDP 10.101.131.0 255.255.255.0 any eq www
access-list WCCP_redirect extended permit tcp 10.101.132.0 255.255.255.0 any
access-list WCCP_redirect extended permit tcp 10.101.134.0 255.255.255.0 any
access-list WCCP_redirect extended permit tcp 192.168.1.0 255.255.255.0 any
access-list WCCP_redirect extended permit tcp host 192.168.0.226 any
access-list WCCP_redirect extended permit tcp host 10.101.128.20 any
access-list WCCP_redirect extended permit tcp host 192.168.6.7 any
access-list WCCP_redirect extended permit tcp host 192.168.6.3 any
access-list DMZ_nat_static extended permit ip host 172.31.1.23 host 64.212.42.61
access-list Split_Tunnel_List remark Corporate Network
access-list Split_Tunnel_List standard permit 10.0.0.0 255.0.0.0
access-list Split_Tunnel_List remark 215 BAS Network
access-list Split_Tunnel_List standard permit 192.168.253.0 255.255.255.0
access-list Split_Tunnel_List remark 215 PAS Network
access-list Split_Tunnel_List standard permit 192.168.254.0 255.255.255.0
access-list Split_Tunnel_List remark 215 Automation Network connection Between BAS and PAS
access-list Split_Tunnel_List standard permit 192.168.6.0 255.255.255.0
access-list Split_Tunnel_List remark Access to 210 Lab Network
access-list Split_Tunnel_List standard permit 192.168.3.0 255.255.255.0
access-list Split_Tunnel_List remark Access to 215 Lab Network
access-list Split_Tunnel_List standard permit 192.168.7.0 255.255.255.0
access-list Split_Tunnel_List remark Access to Lefthand SANs
access-list Split_Tunnel_List standard permit 192.168.2.0 255.255.255.0
access-list Split_Tunnel_List remark Access to DiagDev Drobo Prime
access-list Split_Tunnel_List standard permit host 172.31.1.23
access-list Split_Tunnel_List remark Access to DiagDev Drobo Backup
access-list Split_Tunnel_List standard permit host 172.31.1.24
access-list Split_Tunnel_List remark Access to Edge Via VPN
access-list Split_Tunnel_List standard permit 192.168.102.0 255.255.255.0
access-list Split_Tunnel_List remark Access to Edge Via VPN
access-list Split_Tunnel_List standard permit 192.168.101.0 255.255.255.0
access-list Split_Tunnel_List remark Access to CDR Via VPN
access-list Split_Tunnel_List standard permit 129.80.8.0 255.255.252.0
access-list Split_Tunnel_List remark Access to CDR Via VPN
access-list Split_Tunnel_List standard permit 129.80.40.0 255.255.252.0
access-list Split_Tunnel_List remark Access to CDR Via VPN
access-list Split_Tunnel_List standard permit 129.80.88.0 255.255.248.0
access-list global_mpc extended permit ip any any
access-list Inside_access_in extended permit ip any any
access-list JabberPhoneClient remark Access to Call Manager Publisher
access-list JabberPhoneClient standard permit host 10.101.128.10
access-list JabberPhoneClient remark Access to Call Manager Subscriber
access-list JabberPhoneClient standard permit host 10.101.128.11
access-list JabberPhoneClient remark Access to CUPS Servers
access-list JabberPhoneClient standard permit host 10.101.128.32
access-list JabberPhoneClient remark Access to CUPS Servers
access-list JabberPhoneClient standard permit host 10.101.128.33
access-list JabberPhoneClient remark Access to Unity Servers
access-list JabberPhoneClient standard permit host 10.101.128.22
access-list JabberPhoneClient remark Access to Unity Servers
access-list JabberPhoneClient standard permit host 10.101.128.23
access-list JabberPhoneClient remark Access to AD/DNS
access-list JabberPhoneClient standard permit host 10.101.27.24
access-list JabberPhoneClient remark Access to AD/DNS
access-list JabberPhoneClient standard permit host 10.101.27.25
access-list wccp_redirect extended permit tcp host 192.168.0.215 any
access-list wccp_redirect extended permit tcp host 192.168.9.14 any
access-list global_access remark citrix.morphotek.com traffic
access-list global_access extended permit object-group DM_INLINE_SERVICE_2 any object-group DM_INLINE_NETWORK_13
access-list global_access remark mo-csg.morphotek.com traffic
access-list global_access extended permit tcp any object-group DM_INLINE_NETWORK_14 object-group DM_INLINE_TCP_6
access-list global_access remark Allow email traffic In to morspam01
access-list global_access extended permit tcp any object-group DM_INLINE_NETWORK_15 eq smtp
access-list global_access remark Allow Https for Accellion Traffic
access-list global_access extended permit tcp any object-group DM_INLINE_NETWORK_16 eq https
access-list global_access remark sharepoint.morphotek.com traffic
access-list global_access extended permit tcp any object-group DM_INLINE_NETWORK_17 eq https
access-list global_access extended permit tcp any object-group DM_INLINE_NETWORK_18 object-group Win911_Client_Port
access-list global_access extended permit object-group TCPUDP any object-group DM_INLINE_NETWORK_19 object-group XMPP_Federation
access-list global_access extended permit tcp any object-group DM_INLINE_NETWORK_20 eq ssh
access-list global_access remark Allow HTTPS access for OWA/OMA
access-list global_access extended permit tcp any object-group DM_INLINE_NETWORK_21 eq https
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top