jrdebug, I must be looking at the wrong thing because my Java version is 1.6.0_14 running on XP Pro SP3.
North & Stub, here's the SHO result:
sho run
: Saved
:
ASA Version 7.0(2)
names
name xxx.xxx.xx.xxx ForeignDomain
name 192.168.2.34 Stancil
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address xxx.xxx.xxx.90 255.255.255.248
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address xx.xx.x.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address xxx.xxx.x.1 255.255.255.0
management-only
!
enable password IzBrlUb2wYp4LeIQ encrypted
passwd uaKl7plbYNSiZd0F encrypted
hostname ciscoasa
domain-name MyDomain.com
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
access-list Outside_access_in extended permit ip host DOMAIN any
access-list Outside_access_in remark Changed from IP to UDP on 11/1/05 by Jobee
access-list Outside_access_in extended permit udp host DOMAIN host xxx.xxx.xxx.91
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny tcp any any eq 6346
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny udp any any eq 6346
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny tcp any any eq 6347
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny udp any any eq 6347
access-list Outside_access_in remark MDC traffic to our MDS server
access-list Outside_access_in extended permit udp any interface Outside eq PortXXX
access-list Outside_access_in remark Redirect for LOCATION
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX
access-list Outside_access_in remark Redirect for LOCATION
access-list Outside_access_in extended permit udp any interface Outside eq PortXXX
access-list Outside_access_in remark Redirect for LOCATION
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX
access-list Outside_access_in remark Internet redirect to LOCATION
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX
access-list Outside_access_in remark Internet redirect to LOCATION
access-list Outside_access_in extended permit udp any interface Outside eq PortXXX
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX
access-list Outside_access_in extended permit tcp any interface Outside eq pop3
access-list Outside_access_in extended permit tcp any interface Outside eq smtp
access-list Outside_access_in extended permit tcp any interface Outside eq www
access-list Outside_access_in extended permit tcp any interface Outside eq https
access-list Inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 host 192.168.2.253
access-list Inside_nat0_outbound extended permit ip any 192.168.2.192 255.255.255.192
access-list Inside_nat0_outbound extended permit ip any 192.168.22.0 255.255.255.128
access-list Outside_cryptomap_dyn_100 extended permit ip any 192.168.22.0 255.255.255.128
access-list link_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_120 extended permit ip any 192.168.22.0 255.255.255.128
access-list Outside_access_out remark Blocking Break.com from inside.
access-list Outside_access_out remark Blocking Break.com from inside.
pager lines 24
logging enable
logging buffered warnings
logging asdm warnings
logging from-address asa5510@DOMAIN.COM
logging recipient-address CELL#@vtext.com level critical
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool DOMAIN-ipsec 192.168.22.1-192.168.22.100 mask 255.255.255.255
ip local pool DOMAINlocal 192.168.2.89-192.168.2.99 mask 255.255.255.255
monitor-interface Outside
monitor-interface Inside
monitor-interface management
asdm image disk0:/asdm502.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 0.0.0.0 0.0.0.0
static (Inside,Outside) udp interface XXXX 192.168.2.37 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) udp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) udp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface smtp 192.168.2.3 smtp netmask 255.255.255.255
static (Inside,Outside) tcp interface pop3 192.168.2.3 pop3 netmask 255.255.255.255
static (Inside,Outside) tcp interface imap4 192.168.2.3 imap4 netmask 255.255.255.255
static (Inside,Outside) udp interface 25 192.168.2.3 25 netmask 255.255.255.255
static (Inside,Outside) tcp interface
255.255.255.255
static (Inside,Outside) tcp interface https 192.168.2.39 https netmask 255.255.255.255
static (Inside,Outside) XXX.XXX.XXX.XXX 192.168.2.31 netmask 255.255.255.255
static (Inside,Outside) XXX.XXX.XXX.XXX 192.168.2.32 netmask 255.255.255.255
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy DOMAIN internal
group-policy DOMAIN attributes
dns-server value XXX.XXX.XXX.26 XXX.XXX.XXX.36
split-tunnel-policy tunnelspecified
split-tunnel-network-list value link_splitTunnelAcl
webvpn
group-policy Transit internal
group-policy Transit attributes
dns-server value xxx.xxx.xxx.2 xxx.xxx.xxx.2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value link_splitTunnelAcl
webvpn
username Name1 password xyz encrypted privilege 0
username Name2 password xyz encrypted privilege 0
username Name3 password xyz encrypted privilege 15
username Name4 password xyz encrypted
username Name5 password xyz encrypted privilege 0
username Name6 password xyz encrypted privilege 15
username Name7 password xyz encrypted privilege 0
username Name8 password xyz encrypted
username Name9 password xyz encrypted
http server enable
http xxx.xxx.xxx.74 255.255.255.255 Outside
http ForeignDomain 255.255.255.255 Outside
http xxx.xxx.xxx.203 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 100 match address Outside_cryptomap_dyn_100
crypto dynamic-map Outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 120 match address Outside_cryptomap_dyn_120
crypto dynamic-map Outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 5
ssh xxx.xxx.xxx.74 255.255.255.255 Outside
ssh timeout 5
console timeout 15
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd dns 192.168.2.82 192.168.2.83
dhcpd lease 3600
dhcpd ping_timeout 50
tunnel-group NameA type ipsec-ra
tunnel-group NameA general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameA ipsec-attributes
pre-shared-key *
tunnel-group NameB type ipsec-ra
tunnel-group NameB general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameB ipsec-attributes
pre-shared-key *
tunnel-group NameC type ipsec-ra
tunnel-group NameC general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameC ipsec-attributes
pre-shared-key *
tunnel-group NameD type ipsec-ra
tunnel-group NameD general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameD ipsec-attributes
pre-shared-key *
tunnel-group NameE type ipsec-ra
tunnel-group NameE general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameE ipsec-attributes
pre-shared-key *
tunnel-group NameF type ipsec-ra
tunnel-group NameF general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameF ipsec-attributes
pre-shared-key *
tunnel-group NameG type ipsec-ra
tunnel-group NameG general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameG ipsec-attributes
pre-shared-key *
tunnel-group NameH type ipsec-ra
tunnel-group NameH general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameH ipsec-attributes
pre-shared-key *
tunnel-group NameI type ipsec-ra
tunnel-group NameI general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameI ipsec-attributes
pre-shared-key *
tunnel-group NameJ type ipsec-ra
tunnel-group NameJ general-attributes
address-pool linklocal
address-pool link-ipsec
default-group-policy link
tunnel-group NameJ ipsec-attributes
pre-shared-key *
tunnel-group NameK type ipsec-ra
tunnel-group NameK general-attributes
address-pool linklocal
address-pool link-ipsec
default-group-policy link
tunnel-group NameK ipsec-attributes
pre-shared-key *
tunnel-group NameL type ipsec-ra
tunnel-group NameL general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameL ipsec-attributes
pre-shared-key *
tunnel-group NameM type ipsec-ra
tunnel-group NameM general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameM ipsec-attributes
pre-shared-key *
tunnel-group NameN type ipsec-ra
tunnel-group NameN general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameN ipsec-attributes
pre-shared-key *
tunnel-group NameO type ipsec-ra
tunnel-group NameO general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameO ipsec-attributes
pre-shared-key *
tunnel-group NameP type ipsec-ra
tunnel-group NameP general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameP ipsec-attributes
pre-shared-key *
ntp server 192.168.2.82 source Inside
tftp-server Inside 192.168.2.62 /ASA5510/Config20090403
smtp-server 192.168.2.39
Cryptochecksum:64826833a12fbf32decbf8218715a7b86
: end
ciscoasa# menu
exit
I didn't set this firewall up but it is my job to keep it working. Any and all suggestions would be greatly appreciated.
Thanks for the help,
Joe B