ASA drops traffic

[jrecho]

I have a asa5510 and I have my servers web, mail, DNS and terminal server on my Lan interface with security level set to 100 I have a NAT from outside Ip to the inside IP. all works fine other than the facts that ass soon as we do an email campaign the ASA starts treating the traffic as an attack. and when I connect via terminal server I get disconnected ever 3 to 5 minutes. When I do a ping from a machine to a server hosted on behind the asa 5510 drops 5 to 10 pings every 5 to 7 minutes. I am stuck and am seeking some help on the matter
I thought it was a ram issue and upgraded to 1024 but that was not the problem. I had customers complain about the sip server and was forced to put it behind a Linux firewall which fixed my problem.

Your help s appreciated

 

[brianinms]

Sounds like your internet connection is running out of bandwidth and that you may not have the ASA properly configured. Do you have MPF configured?

 

[jrecho]

I have a fiber optique Connection and when sending mail am using less than 1% I am only sending 3000 emails this has nothng to do with bandwidth. I am getting shun errros and port 53 denies to the inside Smtp server. Any one there have a clue about how to fix this. Or how to loosen the aaas 5510 to trust the inside server ?

 

[brianinms]

Without seeing a copy of a scrubbed configuration it is hard to make recommendations

 

[jrecho]

: Saved
:
ASA Version 8.2(1)
!
hostname xxxxxxx
domain-name xxxxxx.com
enable password s/xxxxxx/h encrypted
passwd xxxxxxxx encrypted
names
name 81.97.15.32 AS1-32 description AS1-32
name 81.97.15.33 AS1-33 description AS1-33
name 81.97.15.52 AS1-52 description AS1-52
name 193.252.174.189 Carole description Carole
name 63.217.245.113 Casa-3 description Casa-3
name 63.217.245.112 Casa-72 description Casa AIM 7.2
name 63.217.245.114 Casa-AIM description Casa-AIM
name 81.192.101.152 Hassam-AIM description Hassam-AIM
name 84.16.28.122 Hassam-telefon description Hassam-telefon
name 63.217.245.129 Home description Home
name 81.212.173.87 Housein description Housein
name 84.16.28.58 telefon-Wimax description telefon-Wimax
name 61.249.251.135 nt-AIM-135 description nt-AIM-135
name 61.249.251.136 nt-AIM-136 description telefon-Wimaxnt-AIM-136
name 64.181.157.0 USA-157 description US1 Datacenter 157
name 64.181.158.0 USA-158 description US2 Datacenter 158
name 64.2.142.86 vitel-outbound description vitel-outbound
name 213.161.201.200 DirectCentrex-200 description DirectCentrex-200
name 213.161.201.220 DirectCentrex-220 description DirectCentrex-220
name 64.61.93.109 Vitelity description Vitelity
name 64.2.142.18 Vitelity18 description Vitelity18
name 64.61.93.0 VoicePulse description VoicePulse
name 64.2.142.20 VoicePulse2 description VoicePulse2
name 61.205.195.18 nt-Wimax description nt telefon
name 217.64.50.56 JP-Necstar description 217.64.50.56
name 85.31.221.4 canada-Orbex description canada-Orbex
name 61.248.244.4 sumsung description sumsung
name 193.28.183.78 Netstar description Creteil
name 193.148.0.35 mehi description VoipNow Mehi Machine
name 61.140.254.166 kenitra-AIM-166 description kenitra-AIM-166
name 61.140.254.167 kenitra-AIM-167 description kenitra-AIM-167
name 85.31.221.3 canada-whatsup description canada What' s up MOnitoring
name 81.138.98.55 AS3 description AS3.voipUS.ws
name 77.72.169.128 Siptraffic description SipTraffic
name 194.6.224.0 AIM-194
name 63.2.80.0 AIM-194.2
name 194.204.192.0 AIM-194.204
name 63.217.0.0 AIM-63.217
name 212.217.0.0 AIM-212.217
name 61.140.0.0 AIM-61.140
name 81.192.0.0 AIM-81
name 63.206.0.0 US-63.206
name 61.214.128.0 US-61.214
name 61.248.0.0 US-61.248
name 62.251.128.0 US-62
name 63.200.128.0 telefon-194.200
name 61.205.192.0 telefon-61.205
name 63.12.192.0 ana-194.12
name 84.16.28.0 telefon-Wimax
name 204.11.192.0 Callcentric description Callcentric.ws
name 66.193.176.0 Callcentric2 description Callcentric 2
name 192.168.1.61 cam1 description cam1
name 192.168.1.62 cam2 description cam
name 192.168.1.63 cam3 description cam3
name 88.189.27.126 Patrice description Patrrice Domicile
name 72.85.227.35 Grandstream description Carlos
name 64.2.142.0 Vitelity-c description Vitelity Network
name 134.94.242.0 A131
name 63.12.233.0 Tetouan
name 85.114.132.0 a3
name 61.158.162.0 a6
name 114.45.55.0 a25
name 64.224.197.0 a64
name 63.12.239.0 a5
name 61.81.119.0 a8
name 85.183.246.0 german
name 63.12.213.0 wa
name 71.18.242.0 cloumbus
name 72.85.227.0 aggg
name 125.238.155.0 af
name 63.12.236.0 ana
name 61.74.75.0 hack64
name 17.250.248.0 a17
name 116.9.95.0 at10000
name 220.136.86.0 a220
name 99.253.163.0 a55
name 81.138.98.51 Win
name 81.138.98.103 Zaaloula
name 4.2.2.2 dns
name 61.205.233.66 IAX2
name 66.248.71.104 PAETEC
name 65.55.55.206 microsoft
name 69.65.19.0 dream
name 81.192.79.0 voip1
name 204.239.220.0 voip2
name 213.161.63.235 FR description sante canada
name 213.161.63.230 FR2 description sante canada DB
name 61.205.193.26 Hassan description Maroshop
name 149.6.162.110 atack
name 213.161.63.240 sante.ws2
name 184.73.248.0 sip5060
!
interface Ethernet0/0
description ana Fibre Optique
nameif Outside
security-level 0
ip address 63.238.12.178 255.255.255.224
!
interface Ethernet0/1
description Network 192.168.1.0
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
!
interface Ethernet0/2
description telefon Voice Network
nameif DMZ
security-level 50
ip address 10.150.37.116 255.255.255.248
!
interface Ethernet0/3
description Network 192.168.2..0
nameif Inside107
security-level 80
ip address 192.168.2..3 255.255.255.0
!
interface Management0/0
description Management Only Interface 192.168.2.1
nameif management
security-level 100
ip address 192.168.2.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone WET 0
dns domain-lookup Outside
dns domain-lookup inside
dns domain-lookup DMZ
dns domain-lookup Inside107
dns domain-lookup management
dns server-group DefaultDNS
name-server 63.12.209.5
name-server 63.12.209.6
domain-name sante.ws
dns server-group OpenDNS
name-server 208.67.220.220
domain-name opendns.org
dns server-group Ours
name-server 64.181.157.2
name-server 64.181.158.4
domain-name ns1.salesrep.ws
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network Internet
network-object 192.168.1.0 255.255.255.0
object-group network cam3-01
network-object host cam3
object-group network obj-63.238.12.197
network-object host 63.238.12.197
object-group network obj-192.168.1.188
network-object host 192.168.1.188
object-group network obj-63.238.12.188
network-object host 63.238.12.188
object-group network obj-192.168.1.190
network-object host 192.168.1.190
object-group network obj-63.238.12.190
network-object host 63.238.12.190
object-group network obj-192.168.1.243
network-object host 192.168.1.243
object-group network obj-63.238.12.180
network-object host 63.238.12.180
object-group network obj-192.168.1.231
network-object host 192.168.1.231
object-group network obj-63.238.12.181
network-object host 63.238.12.181
object-group network obj-192.168.1.179
network-object host 192.168.1.179
object-group network obj-63.238.12.179
network-object host 63.238.12.179
object-group network obj-192.168.1.187
network-object host 192.168.1.187
object-group network obj-63.238.12.186
network-object host 63.238.12.186
object-group network obj-192.168.1.237
network-object host 192.168.1.237
object-group network obj-63.238.12.184
network-object host 63.238.12.184
object-group network obj-192.168.1.247
network-object host 192.168.1.247
object-group network obj-63.238.12.185
network-object host 63.238.12.185
object-group network obj-192.168.1.250
network-object host 192.168.1.250
object-group network obj-63.238.12.250
network-object host 63.238.12.250
object-group network obj-192.168.1.183
network-object host 192.168.1.183
object-group network obj-63.238.12.183
network-object host 63.238.12.183
object-group network obj-192.168.1.94
network-object host 192.168.1.94
object-group network obj-63.238.12.244
network-object host 63.238.12.244
object-group network obj-192.168.1.181
network-object host 192.168.1.181
object-group network obj-63.238.12.251
network-object host 63.238.12.251
object-group network obj-192.168.1.172
network-object host 192.168.1.172
object-group network obj-63.238.12.231
network-object host 63.238.12.231
object-group network obj-192.168.1.242
network-object host 192.168.1.242
object-group network obj-63.238.12.242
network-object host 63.238.12.242
object-group network obj-192.168.1.171
network-object host 192.168.1.171
object-group network obj-63.238.12.232
network-object host 63.238.12.232
object-group network obj-10.10.20.0
object-group network obj-192.168.1.1.0
object-group network obj-192.168.1.2.0
object-group network obj-192.168.1.186
network-object host 192.168.1.186
object-group network obj-10.150.0.0
object-group network obj_any
object-group network obj_any-01
object-group network obj-0.0.0.0
network-object host 0.0.0.0
object-group network obj_any-02
object-group network obj_any-03
object-group network obj_any-04
object-group network obj_any-05
object-group network obj_any-06
object-group network obj_any-07
object-group network obj_any-08
object-group network nt-Wimax
description Created during name migration
network-object host nt-Wimax
object-group network nt-AIM-135
description Created during name migration
network-object host nt-AIM-135
object-group network nt-AIM-136
description Created during name migration
network-object host nt-AIM-136
object-group network voipnow
network-object host 192.168.1.189
object-group network Drac6
network-object host 192.168.1.173
object-group network Dracout
network-object host 63.238.12.244
object-group network Drac6-VoipNow-Inside
description Drac6-VoipNow Inside
network-object host 192.168.1.173
object-group network Drac6Voip-out
description VoipNow Drac6 Card
network-object host 63.238.12.238
object-group network Drac6-Windows-out
description Drac6 VoipNow server-out
network-object host 63.238.12.239
object-group network Drac6Win-in
description Drac6 Windows server Inside
network-object host 192.168.1.174
object-group network zaaloula-inside
network-object host 192.168.1.224
object-group network Isotec-outside
network-object host 63.238.12.243
object-group network Drac6-Win2-out
network-object host 63.238.12.237
object-group network Drac6-Win2_in
description Dell Windwos 2 server
network-object host 192.168.1.175
object-group network Web1
description Dell R410 Windows 2008 server
network-object host 192.168.1.201
object-group network Web1-outside-int
description Dell R410 Windows 2008 Server Web1 Outside
network-object host 63.238.12.241
object-group network Web2-inside
description Dell R410 Windows 2008 server inside
network-object host 192.168.1.242
object-group network Web2-outside
description Dell R410 Windows 2008 server outside Web2
network-object host 63.238.12.243
object-group network Isotec
description Isotec Office Casa
network-object host 63.206.235.75
object-group network zaaloula.ws
description zaaloula.ws Inside
network-object host 192.168.1.224
object-group network zaaloula-out
description Isotec.ws Outside
network-object host 63.238.12.224
object-group network GoldwingUS.ws-In
description GoldwingUS.ws Inside
network-object host 192.168.1.226
object-group network GoldwingUS.ws
description GoldwingUS.ws Outside
network-object host 63.238.12.226
object-group network USSurete.ws
description USSurete.ws Ouside
network-object host 63.238.12.227
object-group network USSurete.ws-In
description USSurete.ws Inside
network-object host 192.168.1.227
object-group network USVentes.ws
description USVentes.ws Outside
network-object host 63.238.12.230
object-group network USventes.ws-In
description USVentes.ws Inside
network-object host 192.168.1.230
object-group network VoipUS.ws
description VoipUS.ws Outside
network-object host 63.238.12.225
object-group network VoipUS.ws-In
description VoipUS.ws Inside
network-object host 192.168.1.225
object-group network 4PSA
network-object host mehi
object-group service Webmin
service-object tcp eq 10000
object-group network port22try
network-object host 202.114.78.186
object-group network ITMS
network-object host 63.217.240.215
object-group network sante-out
network-object host 63.238.12.240
object-group network sante_in
network-object host 192.168.1.220
object-group network Store-VoipUS-out
network-object host 63.238.12.247
object-group network Store-VoipUS-in
network-object host 192.168.1.222
object-group network lesenfantsduUS-in
network-object host 192.168.1.228
object-group network lesenfantsduUS-out
network-object host 63.238.12.228
object-group network USData-out
network-object host 63.238.12.248
object-group network USdata-in
network-object host 192.168.1.221
object-group network lesenfants.ws-in
network-object host 192.168.1.229
object-group network lesenfants.ws-out
network-object host 63.238.12.229
object-group network HP191-in
network-object host 192.168.1.191
object-group network HP191-out
network-object host 63.238.12.233
object-group network HP192-in
network-object host 192.168.1.192
object-group network HP192-out
network-object host 63.238.12.234
object-group network HP193-in
network-object host 192.168.1.193
object-group network HP193-out
network-object host 63.238.12.235
object-group network HP194-in
network-object host 192.168.1.194
object-group network HP194-out
network-object host 63.238.12.236
object-group network HP195-in
network-object host 192.168.1.195
object-group network HP195-out
network-object host 63.238.12.195
object-group network Nouredine-Arfan
network-object host 75.97.234.105
object-group network HAssan-Echouafni
network-object host 61.205.223.66
object-group network P1
network-object host 64.131.90.27
object-group network P3
network-object host 195.214.232.10
object-group network P4
object-group network Swsoft1
object-group network Swsoft2
object-group network Swsoft3
network-object host 195.214.232.10
object-group network sante.ws
network-object host 63.238.12.187
object-group network vpop220
network-object host 204.236.220.22
object-group network voip75
network-object host 175.61.157.141
object-group network ssh114
network-object host 114.80.105.5
object-group network voip222
network-object host 222.221.12.104
object-group network USdata-in
network-object host 192.168.1.233
object-group network USdata-out
network-object host 63.238.12.233
object-group network Hightraffic_AIM
network-object host 61.140.101.217
object-group network Hightraffic_AIM
network-object host 61.140.38.146
object-group network hightraffic
network-object host 61.137.1.15
object-group network sante.ws-in
network-object host 192.168.1.234
object-group network sante.ws-out
network-object host 63.238.12.234
object-group network Zp100
network-object host 63.238.12.247
object-group network telefon
network-object host 61.205.223.110
object-group network amal-in
network-object host 192.168.1.235
object-group network amal-out
network-object host 63.238.12.249
object-group network NETWORK_OBJ_192.168.1.0_24
object-group network NETWORK_OBJ_10.10.20.0_24
object-group network iax4569
network-object host 61.205.223.66
object-group network iax
description 255.255.255.255
network-object host 61.205.223.66
object-group network sip2
description 255.255.255.255
network-object host 61.250.163.99
object-group network VoipNow-out
network-object host 63.238.12.189
object-group network at5959
network-object host 77.63.249.196
object-group network drea
network-object host 69.65.19.116
object-group network port21
network-object host 89.122.222.233
object-group network asdm
network-object host 63.217.240.215
object-group network Voip-63.238.12.189
network-object host 63.238.12.189
object-group network accesslist1
network-object host 61.140.37.108
object-group network 246
network-object host 63.238.12.246
object-group network Vitassur-in
network-object host 192.168.1.237
object-group network Vitassur-out
network-object host 63.238.12.245
object-group network volume
network-object host 195.22.202.82
object-group network voip5070
network-object host 63.238.12.189
object-group network scan23
network-object host 61.239.7.84
object-group network obj-192.168.1.196
network-object host 192.168.1.196
object-group network obj-63.238.12.254
network-object host 63.238.12.254
object-group network router
network-object host 63.238.12.177
object-group network ft95.221.6.28
network-object host 95.221.6.28
object-group network tr21
network-object host 69.64.50.101
object-group network saad
network-object host 63.238.12.250
object-group service Voip
description Voip Providers
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object udp range 10000 20000
service-object udp eq sip
service-object tcp-udp eq 50000
service-object udp range sip 5099
object-group service 194
service-object icmp
service-object tcp eq domain
service-object udp eq domain
object-group service VoipAdmin
description Asterisk Admin only ports
group-object Voip
service-object icmp
group-object 194
service-object tcp range 1048 1048
service-object tcp range 50000 50000
service-object tcp range 6600 6600
service-object tcp range 8000 8500
service-object tcp eq ftp
service-object tcp eq ftp-data
service-object tcp eq h323
service-object tcp eq www
service-object tcp eq nntp
service-object udp range 1048 1068
service-object udp eq snmp
service-object udp eq talk
service-object udp eq tftp
service-object udp eq time
service-object udp eq 4569
service-object tcp-udp source eq 22
service-object tcp eq ssh
service-object tcp-udp source eq 10000
service-object tcp eq https
service-object tcp-udp eq domain
service-object tcp-udp range 4445 4446
service-object tcp-udp eq 843
service-object tcp-udp range 5036 5038
service-object tcp eq 135
service-object tcp range 2000 2006
service-object tcp-udp eq 9999
service-object tcp eq 3389
service-object tcp-udp source eq 10000 eq 10000
group-object Webmin
object-group network Trusted
description Trusted Network sante Orbit Salesrep
network-object USA-157 255.255.255.0
network-object host Casa-3
network-object host Home
network-object host Hassam-AIM
network-object host canada-Orbex
network-object host Netstar
network-object host nt-Wimax
network-object host canada-whatsup
network-object host Patrice
network-object host 192.168.1.157
network-object host Win
network-object host Zaaloula
network-object host 63.238.12.250
network-object host 63.238.12.177
network-object host dns
network-object USA-158 255.255.255.0
network-object host 61.205.223.110
network-object host FR2
network-object host FR
network-object host Hassan
network-object host 61.205.223.66
network-object host sante.ws2
object-group network VoipIp
description Voip-Providers
network-object USA-157 255.255.255.0
network-object USA-158 255.255.255.0
network-object VoicePulse 255.255.255.0
network-object Callcentric 255.255.255.0
network-object Callcentric2 255.255.255.0
network-object Vitelity-c 255.255.255.0
network-object host Carole
network-object host Netstar
network-object host Casa-3
network-object host Home
network-object host nt-AIM-135
network-object host nt-AIM-136
network-object host vitel-outbound
network-object host Hassam-AIM
network-object host Hassam-telefon
network-object host telefon-Wimax
network-object host DirectCentrex-200
network-object host DirectCentrex-220
network-object host Vitelity18
network-object host VoicePulse2
network-object host Vitelity
network-object host JP-Necstar
network-object host sumsung
network-object host nt-Wimax
network-object host mehi
network-object host kenitra-AIM-166
network-object host kenitra-AIM-167
network-object host AS3
network-object host Siptraffic
object-group network DM_INLINE_NETWORK_1
network-object host 63.238.12.187
network-object host 63.238.12.188
network-object host 63.238.12.244
network-object host 63.238.12.242
network-object host 63.238.12.246
object-group network DM_INLINE_NETWORK_3
network-object host 63.238.12.188
network-object host 63.238.12.187
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object ip
protocol-object icmp
object-group service DM_INLINE_SERVICE_1
service-object icmp
service-object tcp eq domain
service-object udp eq domain
service-object tcp eq www
service-object tcp eq smtp
object-group service DM_INLINE_SERVICE_2
group-object VoipAdmin
service-object tcp eq 3389
service-object tcp eq 9999
service-object tcp eq www
service-object tcp eq https
service-object tcp eq ssh
object-group service Terminal-Server tcp-udp
port-object eq 3389
object-group service Dream
service-object tcp eq 12000
service-object tcp range 15000 15001
service-object tcp eq 16000
service-object tcp eq 17000
object-group service DM_INLINE_SERVICE_3
service-object icmp echo
service-object icmp echo-reply
group-object Dream
service-object tcp-udp eq 12000
service-object tcp-udp eq 16001
service-object tcp-udp eq 4000
service-object tcp-udp eq 4001
service-object tcp-udp eq 5000
object-group network US
description Les IP USaines
network-object AIM-194.204 255.255.192.0
network-object AIM-194 255.255.255.0
network-object ana-194.12 255.255.192.0
network-object AIM-194.2 255.255.240.0
network-object Medeitel-194.200 255.255.192.0
network-object US-63.206 255.255.0.0
network-object AIM-63.217 255.255.0.0
network-object AIM-212.217 255.255.128.0
network-object AIM-61.140 255.252.0.0
network-object telefon-61.205 255.255.224.0
network-object US-61.214 255.255.128.0
network-object US-61.248 255.252.0.0
network-object US-62 255.255.128.0
network-object AIM-81 255.255.0.0
network-object telefonWimax 255.255.255.0
object-group service attack
service-object tcp source eq 6000 range 1 65535
object-group service DM_INLINE_SERVICE_4
service-object tcp eq 135
service-object tcp eq 445
service-object udp eq 135
service-object udp eq 445
service-object tcp-udp eq 5555
service-object tcp eq netbios-ssn
service-object tcp eq 6000
service-object tcp eq 137
service-object tcp-udp eq 38973
object-group network DM_INLINE_NETWORK_2
network-object host nt-Wimax
network-object host nt-AIM-135
network-object host nt-AIM-136
object-group service DM_INLINE_SERVICE_5
service-object icmp
group-object Voip
service-object tcp eq 2000
service-object tcp-udp eq domain
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service cam tcp-udp
description cam1
port-object eq 2000
object-group service cam11 tcp-udp
description cam11
port-object eq 2001
object-group service cam2 tcp-udp
description cam2
port-object eq 2002
object-group service cam3 tcp-udp
description cam3
port-object eq 2003
object-group service cam33 tcp-udp
description cam33
port-object eq 2003
object-group network Web-In
description Websites Inside
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq www
port-object eq ssh
object-group network DM_INLINE_NETWORK_6
network-object host 63.238.12.178
network-object host 63.238.12.186
network-object host 63.238.12.179
object-group network DM_INLINE_NETWORK_7
network-object host 63.238.12.178
network-object host 63.238.12.188
object-group protocol DM_INLINE_PROTOCOL_5
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_6
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_7
protocol-object ip
protocol-object icmp
object-group service DM_INLINE_SERVICE_9
service-object icmp
service-object tcp eq www
service-object tcp eq telnet
service-object udp eq tftp
object-group network Attacks
network-object A131 255.255.255.0
network-object 81.97.15.0 255.255.255.0
network-object a3 255.255.255.0
network-object 87.119.49.0 255.255.255.0
network-object 93.92.47.0 255.255.255.0
network-object a6 255.255.255.0
network-object a25 255.255.255.0
network-object a64 255.255.255.0
network-object a5 255.255.255.0
network-object a8 255.255.255.0
network-object german 255.255.255.0
network-object cloumbus 255.255.255.0
network-object aggg 255.255.255.0
network-object af 255.255.255.0
network-object hack64 255.255.255.0
network-object a17 255.255.255.0
network-object at10000 255.255.255.0
network-object a220 255.255.255.0
network-object a55 255.255.255.0
network-object host AS1-32
network-object host AS1-33
network-object host AS3
network-object host AS1-52
network-object host IAX2
network-object dream 255.255.255.0
network-object voip1 255.255.255.0
network-object voip2 255.255.255.0
network-object host atack
network-object sip5060 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_5
network-object host 63.238.12.183
network-object host 63.238.12.200
object-group protocol DM_INLINE_PROTOCOL_8
protocol-object ip
protocol-object icmp
object-group service DVR
description Video survillance
service-object tcp eq 67
service-object tcp eq 68
service-object tcp eq 800
service-object tcp eq www
object-group network DM_INLINE_NETWORK_10
network-object host 63.238.12.184
network-object host 63.238.12.185
object-group network DM_INLINE_NETWORK_11
network-object host 63.238.12.181
network-object host 63.238.12.186
network-object host 63.238.12.231
network-object host 63.238.12.232
object-group service DM_INLINE_SERVICE_10
service-object tcp eq 6060
service-object udp eq 5099
service-object udp eq 6060
object-group network DM_INLINE_NETWORK_8
group-object Trusted
network-object host mehi
network-object host nt-Wimax
network-object 10.10.4.0 255.255.255.0
object-group service DM_INLINE_SERVICE_13
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object tcp eq www
service-object tcp eq https
service-object udp eq dnsix
service-object udp eq domain
service-object tcp eq domain
service-object tcp eq ident
service-object tcp eq imap4
service-object tcp eq pop3
service-object tcp eq smtp
service-object tcp eq ftp
object-group network DM_INLINE_NETWORK_5_1
network-object host 192.168.1.183
network-object host 63.238.12.200
object-group network Web-Out
description WebSites Ouside Ips
network-object host 63.238.12.177
network-object host 63.238.12.178
network-object host 63.238.12.179
network-object host 63.238.12.180
network-object host 63.238.12.181
network-object host 63.238.12.183
network-object host 63.238.12.184
network-object host 63.238.12.185
network-object host 63.238.12.186
network-object host 63.238.12.187
network-object host 63.238.12.188
network-object host 63.238.12.189
network-object host 63.238.12.190
network-object host 63.238.12.195
network-object host 63.238.12.197
network-object host 63.238.12.200
network-object host 63.238.12.224
network-object host 63.238.12.225
network-object host 63.238.12.226
network-object host 63.238.12.227
network-object host 63.238.12.228
network-object host 63.238.12.229
network-object host 63.238.12.230
network-object host 63.238.12.231
network-object host 63.238.12.232
network-object host 63.238.12.233
network-object host 63.238.12.234
network-object host 63.238.12.235
network-object host 63.238.12.236
network-object host 63.238.12.237
network-object host 63.238.12.238
network-object host 63.238.12.239
network-object host 63.238.12.240
network-object host 63.238.12.241
network-object host 63.238.12.242
network-object host 63.238.12.243
network-object host 63.238.12.244
network-object host 63.238.12.245
network-object host 63.238.12.246
network-object host 63.238.12.247
network-object host 63.238.12.248
network-object host 63.238.12.249
network-object host 63.238.12.250
network-object host 63.238.12.251
network-object host 63.238.12.254
object-group network DM_INLINE_NETWORK_1_1
network-object host 192.168.1.188
network-object host 192.168.1.94
network-object host 192.168.1.189
network-object host 63.238.12.188
network-object host 63.238.12.189
group-object Web-Out
network-object host 63.238.12.244
network-object host 63.238.12.231
network-object host 63.238.12.232
network-object host 63.238.12.186
network-object host 192.168.1.202
network-object host 63.238.12.252
object-group network DM_INLINE_NETWORK_10_1
network-object host 192.168.1.237
network-object host 192.168.1.247
network-object host 63.238.12.184
object-group network DM_INLINE_NETWORK_9
network-object host 63.238.12.241
network-object host 63.238.12.242
network-object host 63.238.12.186
network-object host 63.238.12.230
network-object host 63.238.12.232
network-object host 63.238.12.234
object-group network DM_INLINE_NETWORK_12
network-object host 63.238.12.188
network-object host 63.238.12.189
network-object host 192.168.1.188
network-object host 192.168.1.189
object-group network DM_INLINE_NETWORK_14
network-object host 63.238.12.230
network-object host 63.238.12.224
network-object host 63.238.12.225
network-object host 63.238.12.226
network-object host 63.238.12.227
network-object host 63.238.12.228
network-object host 63.238.12.229
network-object host 63.238.12.231
network-object host 63.238.12.237
network-object host 63.238.12.241
network-object host 63.238.12.242
network-object host 63.238.12.234
network-object host 63.238.12.233
network-object host 63.238.12.249
network-object host 63.238.12.254
network-object host 63.238.12.186
network-object host 63.238.12.187
network-object host 63.238.12.245
object-group network PARALLELS
object-group network DM_INLINE_NETWORK_15
group-object Trusted
group-object PARALLELS
network-object host mehi
network-object host Carole
network-object host nt-AIM-136
object-group network DM_INLINE_NETWORK_16
group-object VoipIp
group-object ITMS
network-object 10.10.4.0 255.255.255.0
object-group service DM_INLINE_SERVICE_15
group-object VoipAdmin
service-object tcp eq 8443
service-object tcp eq ftp
service-object tcp eq 3389
service-object udp eq domain
object-group service DM_INLINE_SERVICE_6
service-object icmp
service-object udp eq sip
group-object VoipAdmin
object-group service test
service-object tcp eq telnet
service-object udp eq isakmp
object-group network DM_INLINE_NETWORK_4
network-object host 61.205.223.66
group-object Attacks
network-object host 61.250.83.152
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_9
protocol-object ip
protocol-object icmp
object-group service DM_INLINE_SERVICE_7
service-object icmp
group-object VoipAdmin
object-group network DM_INLINE_NETWORK_13
network-object host 63.238.12.186
network-object host 63.238.12.253
object-group service DM_INLINE_SERVICE_8
service-object tcp-udp eq 8088
service-object tcp eq ftp
service-object tcp eq www
service-object tcp-udp eq 8889
object-group network DM_INLINE_NETWORK_17
network-object host 63.238.12.250
network-object host 192.168.2..151
network-object host 63.238.12.186
object-group service DM_INLINE_SERVICE_11
service-object gre
service-object tcp eq pptp
service-object tcp eq 40000
service-object udp eq 40000
service-object udp eq 42584
service-object tcp eq 42584
object-group service DM_INLINE_SERVICE_12
service-object gre
service-object tcp eq pptp
object-group service DM_INLINE_SERVICE_14
service-object tcp eq sip
service-object udp eq sip
object-group network DM_INLINE_NETWORK_18
network-object host 192.168.1.70
network-object host 192.168.1.71
network-object host 192.168.1.72
access-list alert-interval 600
access-list out extended permit tcp object-group Internet any eq www
access-list out extended permit tcp object-group Internet any eq pop3
access-list out extended permit tcp object-group Internet any eq smtp
access-list out extended permit udp object-group Internet any eq domain
access-list out extended permit tcp object-group Internet any eq domain
access-list out extended permit icmp object-group Internet any echo
access-list out extended permit tcp object-group Internet any gt 1024
access-list out extended permit tcp object-group Internet any eq ftp
access-list out extended permit tcp object-group Internet any eq ftp-data
access-list out extended permit tcp object-group Internet any eq https
access-list in extended permit icmp any any echo-reply
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit ip any any
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_14 host 192.168.2..151 host 10.150.1.4
access-list Inside107_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list Inside107_access_out extended permit object-group DM_INLINE_PROTOCOL_9 any any
access-list inside_access_out extended permit object-group DM_INLINE_PROTOCOL_4 any any
access-list inside_access_out extended deny object-group DM_INLINE_PROTOCOL_7 host 192.168.1.151 any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list inside_access_in extended permit ip 10.10.4.0 255.255.255.0 any
access-list inside_access_in extended deny ip object-group Attacks 192.168.1.0 255.255.255.0 log disable inactive
access-list Wan_access_in extended permit icmp any any echo-reply
access-list Wan_access_in extended permit ip 192.168.2..0 255.255.255.0 any
access-list Wan_access_in extended permit object-group DVR object-group Trusted host 63.238.12.181
access-list Wan_access_in extended permit object-group VoipAdmin host 63.238.12.246 host 63.238.12.188
access-list Wan_access_in remark Voip Server
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_7 any host 63.238.12.187
access-list Wan_access_in extended permit object-group Voip object-group DM_INLINE_NETWORK_16 object-group DM_INLINE_NETWORK_12
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_2 object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_1_1
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_6 host 63.238.12.246 10.150.37.112 255.255.255.248 inactive
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_9 object-group Trusted object-group DM_INLINE_NETWORK_5_1 inactive
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_15 object-group DM_INLINE_NETWORK_15 object-group DM_INLINE_NETWORK_9
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_13 any object-group DM_INLINE_NETWORK_14
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_8 any object-group DM_INLINE_NETWORK_13
access-list Wan_access_in extended permit tcp object-group Trusted host 192.168.1.237 object-group DM_INLINE_TCP_2
access-list Wan_access_in extended permit object-group DM_INLINE_PROTOCOL_8 object-group Trusted host 192.168.1.231
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_3 any object-group DM_INLINE_NETWORK_10_1
access-list Wan_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.10.20.0 255.255.255.0 any inactive
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_10 any host 192.168.1.188 inactive
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_11 any object-group DM_INLINE_NETWORK_17 log
access-list Wan_access_in extended deny object-group DM_INLINE_SERVICE_4 any any log disable
access-list Wan_access_in extended deny ip object-group DM_INLINE_NETWORK_4 any log notifications
access-list Wan_access_in remark VPN Acess to DEV
access-list Wan_access_in extended permit object-group DM_INLINE_SERVICE_12 any host 63.238.12.179
access-list inside_nat_outbound extended permit ip any 10.150.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.2..0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_18
access-list inside_nat0_outbound extended permit ip any 192.168.1.64 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 10.10.4.0 255.255.255.248
access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list vpnmv_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm notifications
mtu Outside 1500
mtu inside 1500
mtu DMZ 1500
mtu Inside107 1500
mtu management 1500
ip local pool local 192.168.1.70-192.168.1.79 mask 255.255.255.0
ip local pool ivv 10.10.4.2-10.10.4.5 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any inside
icmp permit any Inside107
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 60
global (Outside) 1 interface
global (DMZ) 2 interface
nat (Outside) 1 10.10.4.0 255.255.255.0 dns
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 192.168.1.188 255.255.255.255 dns
nat (inside) 1 10.10.4.0 255.255.255.0 dns
nat (inside) 1 192.168.1.0 255.255.255.0 dns
nat (Inside107) 2 192.168.2..151 255.255.255.255 dns
nat (Inside107) 1 192.168.2..0 255.255.255.0 dns
static (inside,Outside) 63.238.12.230 192.168.1.230 netmask 255.255.255.255 dns
static (Inside107,inside) 192.168.2..0 192.168.2..0 netmask 255.255.255.0 dns
static (Inside107,Outside) 63.238.12.250 192.168.2..151 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.252 192.168.1.241 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.244 192.168.1.94 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.251 192.168.1.181 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.242 192.168.1.202 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.254 192.168.1.196 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.232 192.168.1.172 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.231 192.168.1.171 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.185 192.168.1.247 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.180 192.168.1.243 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.181 192.168.1.231 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.179 192.168.1.179 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.186 192.168.1.187 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.229 192.168.1.239 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.249 192.168.1.235 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.225 192.168.1.225 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.187 192.168.1.186 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.233 192.168.1.233 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.226 192.168.1.226 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.237 192.168.1.175 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.239 192.168.1.174 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.224 192.168.1.224 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.238 192.168.1.173 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.247 192.168.1.222 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.228 192.168.1.228 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.234 192.168.1.234 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.241 192.168.1.201 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.245 192.168.1.236 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.184 192.168.1.237 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.227 192.168.1.227 netmask 255.255.255.255 dns
static (inside,Outside) 63.238.12.188 192.168.1.188 netmask 255.255.255.255 dns
static (inside,Inside107) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 dns
static (inside,Outside) 63.238.12.253 192.168.1.195 netmask 255.255.255.255 dns
access-group Wan_access_in in interface Outside
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group DMZ_access_in in interface DMZ
access-group Inside107_access_in in interface Inside107
access-group Inside107_access_out out interface Inside107
route Outside 0.0.0.0 0.0.0.0 63.238.12.177 1
route DMZ 10.150.0.0 255.255.0.0 10.150.37.113 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http Home 255.255.255.255 Outside
http USA-157 255.255.255.0 Outside
http USA-158 255.255.255.0 Outside
http 61.249.251.171 255.255.255.255 Outside
http 192.168.2..0 255.255.255.0 Inside107
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 61.205.223.66
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable Outside
crypto isakmp enable inside
crypto isakmp enable Inside107
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet Home 255.255.255.255 Outside
telnet timeout 5
ssh Home 255.255.255.255 Outside
ssh 61.249.251.171 255.255.255.255 Outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.5-192.168.1.16 inside
dhcpd dns 192.168.1.187 8.8.8.8 interface inside
dhcpd update dns interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 des-sha1 rc4-md5
webvpn
enable Outside
enable inside
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 8.8.8.8 4.4.4.4
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy vpnmv internal
group-policy vpnmv attributes
dns-server value 63.12.209.5 208.67.220.220
vpn-tunnel-protocol IPSec
group-policy USventes internal
group-policy USventes attributes
dns-server value 192.168.1.187 64.181.157.2
vpn-tunnel-protocol IPSec l2tp-ipsec svc
username xxxxxx password xxxxxxxxx encrypted privilege 0
username xxxxxx attributes
vpn-group-policy vpnmv
username xxxxxx password xxxxxx encrypted privilege 15
username xxxxx password xxxxxx encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool local
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
tunnel-group se type remote-access
tunnel-group se general-attributes
address-pool (inside) local
authentication-server-group (Outside) LOCAL
authorization-server-group LOCAL
tunnel-group 61.205.223.66 type ipsec-l2l
tunnel-group 61.205.223.66 ipsec-attributes
pre-shared-key *
tunnel-group vpnmv type remote-access
tunnel-group vpnmv general-attributes
address-pool ivv
default-group-policy vpnmv
tunnel-group vpnmv ipsec-attributes
pre-shared-key *
tunnel-group USventes type remote-access
tunnel-group USventes general-attributes
address-pool local
default-group-policy USventes
tunnel-group USventes ipsec-attributes
pre-shared-key *
tunnel-group USventes ppp-attributes
authentication pap
authentication ms-chap-v2
!
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect ipsec-pass-thru saad
parameters
esp
ah
!
prompt hostname context
Cryptochecksum:xxxxxxxxxxxxxx
: end
asdm image disk0:/asdm-621.bin
no asdm history enable