Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ network Proxy Arp issue

Status
Not open for further replies.
jbrotschul

jbrotschul

Technical User
Jan 5, 2005
43
US
Hello,

I am running a PIX515E with version 7.2(2).

We have discovered an issue with the DMZ network.

The problem is when dmzserver1 tries to communicate with dmzserver2, dmzserver1 is receiving arp replys from both dmzserver2 and the DMZ interface on the PIX.

So depending on which reply is received at any given time dictates the mac address entered in the arp table of dmzserver1.

This is causing sporatic connectivity failures between the servers connected to the dmz switch off the dmz interface of the PIX.

We have proxy arp enabled on the DMZ interface for communication with our PAT address...

Has anyone seen this before, or have any feedback?

Thanks,
Jeff
 
Sort by date Sort by votes
Sounds like there is a static entry in the PIX causing this..

Can you post the config?
 
Upvote 0 Downvote
config below... i substituted our ranges with this list...

Internet IP range 199.99.199.0/24
DMZ IP range 192.168.6.0/24
Internal IP range 192.168.XXX.0/24


PIXFIREWALL# wr t
: Saved
:
PIX Version 7.2(2)
!
names
dns-guard
!
interface Ethernet0
speed 100
duplex full
nameif outside
security-level 0
ip address 199.99.199.129 255.255.255.0 standby 199.99.199.131
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.100.7 255.255.255.0 standby 192.168.100.8
!
interface Ethernet2
speed 100
duplex full
nameif DMZ_1
security-level 50
ip address 192.168.6.1 255.255.255.0 standby 192.168.6.2
!
interface Ethernet3
speed 100
duplex full
shutdown
nameif DMZ_2
security-level 50
ip address 192.169.6.254 255.255.255.0 standby 192.169.6.253
!
interface Ethernet4
speed 100
duplex full
shutdown
nameif intf4
security-level 8
no ip address
!
interface Ethernet5
description STATE Failover Interface
speed 100
duplex full
!
clock timezone EST 4
dns server-group DefaultDNS
domain-name domain.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list OUTSIDE_ACL extended deny ip host 222.122.60.218 any
access-list OUTSIDE_ACL extended deny ip 141.209.158.0 255.255.255.0 any
access-list OUTSIDE_ACL extended deny ip host 208.98.31.13 host 199.99.199.20
access-list OUTSIDE_ACL extended deny ip host 199.99.199.20 host 208.29.31.13
access-list OUTSIDE_ACL extended permit icmp any any
access-list OUTSIDE_ACL extended permit ip host 199.99.199.70 any
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.101 eq ident
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.102 eq smtp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.103 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.105 eq smtp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.105 eq telnet
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.106 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.110 eq 8080
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.110 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.112
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.112 eq 3306
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.113 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.113 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.116 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.116 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.116 eq 8080
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.118 eq smtp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.119 eq smtp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.120 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.120 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.121 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.121 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.123 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.123 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.124 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.124 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.125 eq ftp-data
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.125 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.126 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.126 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.127 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.127 eq 1916
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.134 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.135 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.137 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.138 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.139 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.143 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.144 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.145 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.146 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.147 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.148 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.149 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.151 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.152 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.154 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.156 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.157 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.158 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.163 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.164 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.165 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.166 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.167 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.168 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.169 eq citrix-ica
access-list OUTSIDE_ACL extended permit ip any host 199.99.199.170
access-list OUTSIDE_ACL extended permit ip any host 199.99.199.171
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.172 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.173 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.174 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.175 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.176 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.176 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.177 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.177 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.177 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.178 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.179 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.182 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.183 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.184 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.188 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.189 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.198 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.199 eq www
access-list OUTSIDE_ACL extended permit udp any host 199.99.199.20 eq domain
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.20 eq domain
access-list OUTSIDE_ACL extended permit ip host 199.99.199.19 host 199.99.199.20
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.21 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.21 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.21 eq ftp-data
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.21 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.22 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.22 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.29 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.29 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.32 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.38 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.38 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.42 eq www
access-list OUTSIDE_ACL extended permit tcp host 140.212.201.38 host 199.99.199.43 eq 18001
access-list OUTSIDE_ACL extended permit tcp host 140.212.201.38 host 199.99.199.44 eq 19001
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.44 eq 19001
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.47 eq 40111
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.47 eq 61004
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.47 eq 61014 log
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.47 eq 61009
access-list OUTSIDE_ACL extended permit tcp host 195.213.60.97 host 199.99.199.47 eq 61014
access-list OUTSIDE_ACL extended permit tcp host 195.213.60.98 host 199.99.199.47 eq 61014
access-list OUTSIDE_ACL extended permit tcp host 195.213.60.129 host 199.99.199.47 eq ftp
access-list OUTSIDE_ACL extended permit tcp host 198.151.185.90 host 199.99.199.47 eq ftp
access-list OUTSIDE_ACL extended permit tcp host 198.151.185.90 host 199.99.199.47 eq ftp-data
access-list OUTSIDE_ACL extended permit ip host 199.99.199.250 host 199.99.199.47
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.48 eq www
access-list OUTSIDE_ACL extended permit ip any host 199.99.199.49
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.49 eq 40111
access-list OUTSIDE_ACL extended permit tcp host 198.151.185.90 host 199.99.199.49 eq ftp
access-list OUTSIDE_ACL extended permit tcp host 198.151.185.90 host 199.99.199.49 eq ftp-data
access-list OUTSIDE_ACL extended permit tcp 199.99.199.0 255.255.255.0 host 199.99.199.51 eq smtp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.51 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.51 eq https
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.62 eq 40004
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.62 eq 40111
access-list OUTSIDE_ACL extended permit ip any host 199.99.199.62
access-list OUTSIDE_ACL extended permit tcp host 66.92.239.233 host 199.99.199.68 eq ftp-data
access-list OUTSIDE_ACL extended permit tcp host 66.92.239.233 host 199.99.199.68 eq ftp
access-list OUTSIDE_ACL extended permit ip host 199.99.199.66 host 199.99.199.69
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.69 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.69 eq ssh
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.72 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.73 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.73 eq ssh
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.73 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.77 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.78 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.79 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.81 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.90 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.91 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.91 eq 8080
access-list OUTSIDE_ACL extended permit ip host 199.99.199.89 host 199.99.199.91
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.94 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.96 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.96 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.98 eq www
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.98 eq telnet
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.98 eq 14141
access-list OUTSIDE_ACL extended permit tcp any host 199.99.199.99 eq citrix-ica
access-list OUTSIDE_ACL extended permit tcp host 199.99.199.20 eq domain any
access-list OUTSIDE_ACL extended permit udp host 199.99.199.20 eq domain any
access-list OUTSIDE_ACL extended permit udp host 199.99.199.130 host 192.169.100.152 eq syslog
access-list OUTSIDE_ACL extended permit udp host 199.99.199.130 host 192.169.100.152 eq 6060
access-list OUTSIDE_ACL extended permit udp host 199.99.199.130 host 192.169.100.152 eq tftp
access-list OUTSIDE_ACL extended permit tcp host 199.99.199.130 host 192.169.100.152 eq rsh
access-list OUTSIDE_ACL extended permit tcp host 199.99.199.130 host 192.169.100.152 eq 6060
access-list OUTSIDE_ACL extended permit tcp host 199.99.199.130 host 192.169.100.152 eq 69
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.65 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.65 eq https
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.65 eq ftp-data
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.65 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.184
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.184 eq 3306
access-list OUTSIDE_ACL extended permit ip host 199.99.199.19 host 192.168.6.20
access-list OUTSIDE_ACL extended permit tcp 199.99.199.0 255.255.255.0 host 192.168.6.72 eq smtp
access-list OUTSIDE_ACL extended permit tcp any host 72.21.6.72 eq www
access-list OUTSIDE_ACL extended permit tcp any host 72.21.6.72 eq https
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.71 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.71 eq 8080
access-list OUTSIDE_ACL extended permit ip host 199.99.199.89 host 192.168.6.71
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.51 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.51 eq https
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.156 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.156 eq 1916
access-list OUTSIDE_ACL extended permit ip host 199.99.199.66 host 192.168.6.188
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.188 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.188 eq ssh
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.69 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.91 eq https
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.91 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.91 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.185 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.185 eq https
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.50 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.102 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.90 eq ftp
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.90 eq www
access-list OUTSIDE_ACL extended permit tcp any host 192.168.6.103 eq www
access-list ABC_VPN_CLIENT_ACL extended permit ip any 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_ACL extended permit ip 192.168.4.128 255.255.255.192 any
access-list DMZ_1_ACL extended deny ip host 208.98.31.13 host 192.168.6.20
access-list DMZ_1_ACL extended deny ip host 192.168.6.20 host 208.29.31.13
access-list DMZ_1_ACL extended permit icmp any any
access-list DMZ_1_ACL extended permit ip host 192.168.6.51 host 192.169.50.210 log
access-list DMZ_1_ACL extended permit ip host 199.99.199.176 192.169.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit udp 192.168.6.0 255.255.255.0 host 192.169.100.152 eq syslog
access-list DMZ_1_ACL extended permit udp 192.168.6.0 255.255.255.0 host 192.169.100.152 eq 6060
access-list DMZ_1_ACL extended permit udp 192.168.6.0 255.255.255.0 host 192.169.100.152 eq tftp
access-list DMZ_1_ACL extended permit tcp 192.168.6.0 255.255.255.0 host 192.169.100.152 eq rsh
access-list DMZ_1_ACL extended permit tcp 192.168.6.0 255.255.255.0 host 192.169.100.152 eq 6060
access-list DMZ_1_ACL extended permit tcp 192.168.6.0 255.255.255.0 host 192.169.100.152 eq 69
access-list DMZ_1_ACL extended permit ip host 192.168.6.106 host 192.169.100.161
access-list DMZ_1_ACL extended permit ip host 192.168.6.105 host 192.169.100.161
access-list DMZ_1_ACL extended permit ip host 192.168.6.107 host 192.169.100.161
access-list DMZ_1_ACL extended permit tcp host 192.168.6.106 host 192.169.100.168 eq 7001
access-list DMZ_1_ACL extended permit tcp host 192.168.6.107 host 192.169.100.168 eq 7001
access-list DMZ_1_ACL extended permit tcp host 192.168.6.17 host 192.169.100.168 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.107 host 192.169.100.171 eq 7001
access-list DMZ_1_ACL extended permit tcp host 192.168.6.17 host 192.169.100.171 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.16 host 192.169.100.171 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.15 host 192.169.100.171 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.177 host 192.169.100.172 eq sqlnet
access-list DMZ_1_ACL extended permit tcp any host 192.169.100.174 eq 7777
access-list DMZ_1_ACL extended permit ip any host 192.169.100.180
access-list DMZ_1_ACL extended permit tcp host 199.99.199.21 host 192.169.100.184 eq 1433
access-list DMZ_1_ACL extended permit tcp any host 192.169.100.184 eq 1433
access-list DMZ_1_ACL extended permit tcp any host 192.169.100.23 eq ldap
access-list DMZ_1_ACL extended permit ip any host 192.169.100.34
access-list DMZ_1_ACL extended permit ip host 192.168.6.186 host 192.169.134.135
access-list DMZ_1_ACL extended permit ip host 192.168.6.187 host 192.169.134.135
access-list DMZ_1_ACL extended permit tcp host 192.168.6.186 host 192.169.134.18 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.182 host 192.169.134.18 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 host 192.169.134.18 eq smtp
access-list DMZ_1_ACL extended permit tcp host 199.99.199.124 host 192.169.137.10 eq 3306
access-list DMZ_1_ACL extended permit tcp host 199.99.199.112 host 192.169.137.10 eq 3306
access-list DMZ_1_ACL extended permit ip any host 192.169.137.10
access-list DMZ_1_ACL extended permit tcp any host 192.169.137.151 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.177 host 192.169.137.153 eq sqlnet
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.169.137.155 eq 135
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.169.137.155 eq 137
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.169.137.155 eq 138
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.169.137.155 eq netbios-ssn
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.169.137.155 eq 445
access-list DMZ_1_ACL extended permit tcp host 192.168.6.182 host 192.169.137.35 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.186 host 192.169.137.35 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 host 192.169.137.35 eq smtp
access-list DMZ_1_ACL extended permit ip any host 192.169.137.36
access-list DMZ_1_ACL extended permit tcp host 192.168.6.91 host 192.169.150.10 eq ftp
access-list DMZ_1_ACL extended permit tcp host 199.99.199.177 host 192.169.150.10 eq ftp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.91 host 192.169.150.15 eq ftp
access-list DMZ_1_ACL extended permit ip any host 192.169.150.101
access-list DMZ_1_ACL extended permit tcp host 199.99.199.177 host 192.169.150.15 eq ftp
access-list DMZ_1_ACL extended permit ip any host 192.169.150.105
access-list DMZ_1_ACL extended permit ip any host 192.169.150.14
access-list DMZ_1_ACL extended permit ip host 192.168.6.17 host 192.169.150.14
access-list DMZ_1_ACL extended permit ip host 192.168.6.16 host 192.169.150.14
access-list DMZ_1_ACL extended permit ip host 192.168.6.15 host 192.169.150.14
access-list DMZ_1_ACL extended permit ip host 192.168.6.15 host 192.169.150.15
access-list DMZ_1_ACL extended permit ip host 192.168.6.16 host 192.169.150.15
access-list DMZ_1_ACL extended permit ip host 192.168.6.17 host 192.169.150.15
access-list DMZ_1_ACL extended permit tcp any host 192.169.150.15 eq smtp
access-list DMZ_1_ACL extended permit ip host 192.168.6.90 192.169.17.0 255.255.255.0
access-list DMZ_1_ACL extended permit ip 192.168.6.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list DMZ_1_ACL extended permit ip 192.168.6.0 255.255.255.0 192.169.6.0 255.255.255.0
access-list DMZ_1_ACL extended permit tcp any host 192.169.6.173 eq www
access-list DMZ_1_ACL extended permit tcp any host 192.169.6.173 eq 7777
access-list DMZ_1_ACL extended permit ip host 192.168.6.184 host 192.169.6.88
access-list DMZ_1_ACL extended permit ip any host 192.169.6.88
access-list DMZ_1_ACL extended permit ip host 192.168.6.15 host 192.169.6.91
access-list DMZ_1_ACL extended permit ip host 192.168.6.16 host 192.169.6.91
access-list DMZ_1_ACL extended permit ip host 192.168.6.17 host 192.169.6.91
access-list DMZ_1_ACL extended permit ip any host 192.169.6.96
access-list DMZ_1_ACL extended permit ip host 192.168.6.184 host 192.169.63.127
access-list DMZ_1_ACL extended permit ip host 199.99.199.176 192.168.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit ip host 192.168.6.90 192.168.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit ip 199.99.199.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list DMZ_1_ACL extended permit tcp host 192.168.6.17 host 192.168.100.108 eq 8080
access-list DMZ_1_ACL extended permit tcp host 192.168.6.15 host 192.168.100.108 eq 8080
access-list DMZ_1_ACL extended permit tcp host 192.168.6.16 host 192.168.100.108 eq 8080
access-list DMZ_1_ACL extended permit ip host 192.168.6.105 host 192.168.100.140
access-list DMZ_1_ACL extended permit tcp host 199.99.199.21 host 192.168.100.143 eq 9151
access-list DMZ_1_ACL extended permit tcp host 199.99.199.21 host 192.168.100.143 eq 9152
access-list DMZ_1_ACL extended permit ip any host 192.168.100.143
access-list DMZ_1_ACL extended permit ip host 192.168.6.112 host 192.168.100.149
access-list DMZ_1_ACL extended permit ip host 192.168.6.107 host 192.168.100.149
access-list DMZ_1_ACL extended permit tcp host 192.168.6.145 host 192.168.100.149 eq 7001
access-list DMZ_1_ACL extended permit tcp host 192.168.6.146 host 192.168.100.149 eq 7001
access-list DMZ_1_ACL extended permit tcp host 192.168.6.145 host 192.168.100.149 eq 7008
access-list DMZ_1_ACL extended permit tcp host 192.168.6.146 host 192.168.100.149 eq 7008
access-list DMZ_1_ACL extended permit tcp host 192.168.6.105 host 192.168.100.155 eq 7001
access-list DMZ_1_ACL extended permit tcp host 192.168.6.107 host 192.168.100.155 eq 7001
access-list DMZ_1_ACL extended permit tcp any host 192.168.100.155 eq www
access-list DMZ_1_ACL extended permit tcp any host 192.168.100.155 eq https
access-list DMZ_1_ACL extended permit tcp any host 192.168.100.155 eq 8080
access-list DMZ_1_ACL extended permit tcp host 192.168.6.112 host 192.168.100.160 eq sqlnet
access-list DMZ_1_ACL extended permit tcp host 192.168.6.145 host 192.168.100.160 eq sqlnet
access-list DMZ_1_ACL extended permit tcp host 192.168.6.146 host 192.168.100.160 eq sqlnet
access-list DMZ_1_ACL extended permit ip host 192.168.6.155 host 192.168.100.161
access-list DMZ_1_ACL extended permit ip host 192.168.6.112 host 192.168.100.161
access-list DMZ_1_ACL extended permit ip host 192.168.6.112 host 192.168.100.164
access-list DMZ_1_ACL extended permit ip host 192.168.6.107 host 192.168.100.164
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 host 192.168.100.171 eq ldap
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 host 192.168.100.170 eq ldap
access-list DMZ_1_ACL extended permit ip host 192.168.6.187 host 192.168.100.170
access-list DMZ_1_ACL extended permit ip any host 192.168.100.175
access-list DMZ_1_ACL extended permit tcp host 192.168.6.154 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.156 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.157 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.158 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.159 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit ip host 192.168.6.184 host 192.168.100.185
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.168.100.185 eq sqlnet
access-list DMZ_1_ACL extended permit udp host 192.168.6.155 host 192.168.100.185 eq 1521
access-list DMZ_1_ACL extended permit tcp host 192.168.6.182 host 192.168.100.186 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.182 host 192.168.100.186 eq pop3
access-list DMZ_1_ACL extended permit tcp host 192.168.6.186 host 192.168.100.186 eq pop3
access-list DMZ_1_ACL extended permit tcp host 192.168.6.186 host 192.168.100.186 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.182 host 192.168.100.196 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.186 host 192.168.100.196 eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 host 192.168.100.196 eq smtp
access-list DMZ_1_ACL extended permit ip host 192.168.6.184 host 192.168.100.198
access-list DMZ_1_ACL extended permit ip host 192.168.6.184 host 192.168.100.199
access-list DMZ_1_ACL extended permit ip any host 192.168.100.84
access-list DMZ_1_ACL extended permit tcp host 199.99.199.134 host 192.168.200.7 eq www
access-list DMZ_1_ACL extended permit tcp host 199.99.199.135 host 192.168.200.7 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.102 host 192.168.200.7 eq www
access-list DMZ_1_ACL extended permit tcp host 199.99.199.151 host 192.168.200.7 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.102 host 192.168.200.14 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.103 host 192.168.200.14 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.102 host 192.168.200.82 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.102 host 192.168.200.83 eq www
access-list DMZ_1_ACL extended permit ip 199.99.199.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list DMZ_1_ACL extended permit ip 192.169.6.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list DMZ_1_ACL extended permit ip any host 192.168.6.155
access-list DMZ_1_ACL extended permit ip any host 192.168.6.90
access-list DMZ_1_ACL extended permit ip any host 192.168.6.91
access-list DMZ_1_ACL extended permit ip any host 194.139.70.44
access-list DMZ_1_ACL extended permit tcp host 199.99.199.21 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.65 host 192.169.100.184 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.65 host 192.168.100.143 eq 9151
access-list DMZ_1_ACL extended permit tcp host 192.168.6.65 host 192.168.100.143 eq 9152
access-list DMZ_1_ACL extended permit tcp host 192.168.6.159 host 192.168.6.65 eq 1433
access-list DMZ_1_ACL extended permit tcp host 192.168.6.159 host 199.99.199.21 eq 1433
access-list DMZ_1_ACL extended permit ip host 192.168.6.90 192.169.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit tcp host 192.168.6.185 host 192.169.137.10 eq 3306
access-list DMZ_1_ACL extended permit tcp host 192.168.6.184 host 192.169.137.10 eq 3306
access-list DMZ_1_ACL extended permit tcp host 192.168.6.103 host 192.168.200.7 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.104 host 192.168.200.7 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.17 host 192.168.100.196 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.15 host 192.168.100.196 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.16 host 192.168.100.196 eq www
access-list DMZ_1_ACL extended permit ip host 192.168.6.20 host 192.169.6.19
access-list DMZ_1_ACL extended permit ip host 192.168.6.20 192.169.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit ip host 192.168.6.20 192.168.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit ip host 192.168.6.20 199.99.199.0 255.255.255.0
access-list DMZ_1_ACL extended permit ip host 199.99.199.20 192.169.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit ip host 199.99.199.20 192.168.0.0 255.255.0.0
access-list DMZ_1_ACL extended permit ip host 192.168.6.20 any
access-list DMZ_1_ACL extended permit ip host 192.168.100.185 host 192.168.6.184
access-list DMZ_1_ACL extended permit ip host 192.168.100.185 any
access-list DMZ_1_ACL extended permit ip host 192.168.6.184 any
access-list DMZ_1_ACL extended permit ip any host 192.168.100.185
access-list DMZ_1_ACL extended permit ip any host 192.168.6.184
access-list DMZ_1_ACL extended permit ip host 199.99.199.112 host 192.168.100.185
access-list DMZ_1_ACL extended permit ip host 192.168.100.185 host 199.99.199.112
access-list DMZ_1_ACL extended permit tcp host 192.168.6.65 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit ip host 199.99.199.176 192.169.17.0 255.255.255.0
access-list DMZ_1_ACL extended permit ip any host 199.99.199.176
access-list DMZ_1_ACL extended permit ip any host 199.99.199.177
access-list DMZ_1_ACL extended permit tcp host 199.99.199.127 host 192.168.100.178 eq 1433
access-list DMZ_1_ACL extended permit ip host 199.99.199.20 host 192.169.6.19
access-list DMZ_1_ACL extended permit ip host 199.99.199.20 any
access-list DMZ_1_ACL extended permit ip host 199.99.199.112 host 192.169.6.88
access-list DMZ_1_ACL extended permit ip host 199.99.199.112 host 192.169.63.127
access-list DMZ_1_ACL extended permit ip host 199.99.199.112 host 192.168.100.198
access-list DMZ_1_ACL extended permit tcp host 192.168.6.102 host 192.168.100.150 eq www
access-list DMZ_1_ACL extended permit ip host 192.168.6.188 host 192.168.100.174
access-list DMZ_1_ACL extended permit ip host 192.168.6.52 host 192.169.134.18
access-list DMZ_1_ACL extended permit udp host 192.168.6.155 host 199.99.199.20 eq netbios-ns
access-list DMZ_1_ACL extended permit udp host 192.168.6.154 host 192.168.100.170 eq netbios-dgm
access-list DMZ_1_ACL extended permit udp host 192.168.6.155 host 192.168.100.170 eq netbios-dgm
access-list DMZ_1_ACL extended permit udp host 192.168.6.102 host 192.169.100.23 eq netbios-ns
access-list DMZ_1_ACL extended permit udp host 192.168.6.102 host 192.168.100.170 eq netbios-ns
access-list DMZ_1_ACL extended permit udp host 192.168.6.91 host 199.99.199.20 eq netbios-ns
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 host 192.169.137.13 eq smtp
access-list DMZ_1_ACL extended permit udp 192.168.6.0 255.255.255.0 host 199.99.199.20 eq netbios-ns
access-list DMZ_1_ACL extended permit udp host 192.168.6.186 host 192.168.100.180 eq domain
access-list DMZ_1_ACL extended permit ip host 199.99.199.112 host 192.168.100.199
access-list DMZ_1_ACL extended permit tcp host 192.168.6.91 host 199.99.199.20 eq 445
access-list DMZ_1_ACL extended permit tcp host 192.168.6.154 host 192.168.100.78 eq www
access-list DMZ_1_ACL extended permit tcp host 192.168.6.155 host 192.168.100.78 eq www
access-list DMZ_1_ACL extended permit ip any host 199.99.199.130
access-list DMZ_1_ACL extended permit ip host 192.168.6.155 any
access-list DMZ_1_ACL extended permit tcp 192.168.6.0 255.255.255.0 host 192.168.100.78 eq www
access-list DMZ_1_ACL extended permit udp host 192.168.6.154 host 192.169.100.23 eq netbios-ns
access-list DMZ_1_ACL extended permit udp host 192.168.6.188 host 192.168.100.180 eq netbios-ns
access-list DMZ_1_ACL extended permit udp any host 199.99.199.20 eq domain
access-list DMZ_1_ACL extended permit udp any host 199.99.199.19 eq domain
access-list DMZ_1_ACL extended permit ip host 192.168.6.15 host 192.168.100.196
access-list DMZ_1_ACL extended permit ip host 192.168.6.16 host 192.168.100.196
access-list DMZ_1_ACL extended permit ip host 192.168.6.17 host 192.168.100.196
access-list DMZ_1_ACL extended permit ip host 192.168.6.17 any
access-list DMZ_1_ACL extended permit ip host 192.168.6.16 any
access-list DMZ_1_ACL extended permit ip host 192.168.6.15 any
access-list DMZ_1_ACL extended permit udp 192.168.6.0 255.255.255.0 host 192.169.50.70
access-list DMZ_1_ACL extended permit ip 192.168.6.0 255.255.255.0 host 192.169.50.70
access-list DMZ_1_ACL extended permit udp 192.168.6.0 255.255.255.0 host 192.168.100.170 eq netbios-ns
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 host 192.168.100.180 eq domain
access-list DMZ_1_ACL extended permit tcp host 192.168.6.186 host 192.168.100.180 eq domain
access-list DMZ_1_ACL extended permit udp 192.168.6.0 255.255.255.0 host 192.169.100.23 eq netbios-ns
access-list DMZ_1_ACL extended permit tcp host 192.168.6.187 any eq smtp
access-list DMZ_1_ACL extended permit tcp host 192.168.6.186 any eq smtp
access-list DMZ_1_ACL extended permit ip any host 192.169.50.210
access-list DMZ_1_ACL extended permit tcp any host 199.99.199.19
access-list DMZ_1_ACL extended deny ip any 192.168.0.0 255.255.0.0 log
access-list DMZ_1_ACL extended deny ip any 192.169.0.0 255.255.0.0 log
access-list DMZ_1_ACL extended deny ip any 199.99.199.0 255.255.255.0 log
access-list DMZ_1_ACL extended permit ip 192.168.6.0 255.255.255.0 any
access-list MSS_ACCESS extended permit ip any any
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.17 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.5 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.16 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.15 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.155 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.186 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.187 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.52 192.168.4.128 255.255.255.192
access-list ABC_VPN_CLIENT_199_BYPASS extended permit ip host 192.168.6.112 192.168.4.128 255.255.255.192
!
tcp-map MSS_MAP
exceed-mss allow
!
pager lines 24
logging enable
logging timestamp
logging buffer-size 500000
logging buffered informational
logging trap informational
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu DMZ_1 1500
mtu DMZ_2 1500
mtu intf4 1500
ip local pool ABC_VPN_CLIENT_POOL 192.168.4.129-192.168.4.190 mask 255.255.255.192
failover
failover mac address Ethernet0
failover mac address Ethernet1
failover mac address Ethernet2
failover mac address Ethernet3
failover mac address Ethernet4
failover link state Ethernet5
failover interface ip state 10.0.0.1 255.255.255.252 standby 10.0.0.2
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-522.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 199.99.199.252 netmask 255.255.255.255
global (DMZ_1) 1 192.168.6.20-192.168.6.30 netmask 255.255.255.0
global (DMZ_1) 1 192.168.6.31 netmask 255.255.255.0
nat (outside) 1 192.168.4.128 255.255.255.192
nat (inside) 0 access-list ABC_VPN_CLIENT_ACL
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ_1) 0 access-list ABC_VPN_CLIENT_199_BYPASS
alias (inside) 199.99.199.38 192.168.6.157 255.255.255.255
alias (inside) 199.99.199.48 192.168.6.159 255.255.255.255
alias (inside) 199.99.199.21 192.168.6.65 255.255.255.255
alias (inside) 199.99.199.124 192.168.6.185 255.255.255.255
alias (inside) 199.99.199.177 192.168.6.91 255.255.255.255
alias (inside) 199.99.199.172 192.168.6.69 255.255.255.255
alias (inside) 199.99.199.69 192.168.6.188 255.255.255.255
alias (inside) 199.99.199.127 192.168.6.156 255.255.255.255
alias (inside) 199.99.199.29 192.168.6.51 255.255.255.255
alias (inside) 199.99.199.91 192.168.6.71 255.255.255.255
alias (inside) 199.99.199.20 192.168.6.20 255.255.255.255
alias (inside) 199.99.199.112 192.168.6.184 255.255.255.255
alias (inside) 199.99.199.134 192.168.6.103 255.255.255.255
alias (inside) 199.99.199.151 192.168.6.102 255.255.255.255
alias (inside) 199.99.199.176 192.168.6.90 255.255.255.255
alias (inside) 199.99.199.22 192.168.6.50 255.255.255.255
alias (inside) 199.99.199.51 192.168.6.72 255.255.255.255
static (inside,DMZ_1) 192.169.100.161 192.169.100.161 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.168 192.169.100.168 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.171 192.169.100.171 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.172 192.169.100.172 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.174 192.169.100.174 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.180 192.169.100.180 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.184 192.169.100.184 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.23 192.169.100.23 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.34 192.169.100.34 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.134.135 192.169.134.135 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.134.18 192.169.134.18 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.137.10 192.169.137.10 netmask 255.255.255.255
static (inside,outside) 199.99.199.126 192.169.137.15 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.137.151 192.169.137.151 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.137.153 192.169.137.153 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.137.155 192.169.137.155 netmask 255.255.255.255
static (inside,outside) 199.99.199.49 192.169.137.155 netmask 255.255.255.255
static (inside,outside) 199.99.199.73 192.169.137.156 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.137.35 192.169.137.35 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.137.36 192.169.137.36 netmask 255.255.255.255
static (inside,outside) 199.99.199.152 192.169.137.37 netmask 255.255.255.255
static (inside,outside) 199.99.199.154 192.169.137.40 netmask 255.255.255.255
static (inside,outside) 199.99.199.164 192.169.137.43 netmask 255.255.255.255
static (inside,outside) 199.99.199.79 192.169.137.49 netmask 255.255.255.255
static (inside,outside) 199.99.199.188 192.169.137.70 netmask 255.255.255.255
static (inside,outside) 199.99.199.189 192.169.137.71 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.150.10 192.169.150.10 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.150.101 192.169.150.101 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.150.105 192.169.150.105 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.150.14 192.169.150.14 netmask 255.255.255.255
static (inside,outside) 199.99.199.101 192.169.150.14 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.150.15 192.169.150.15 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.17.0 192.169.17.0 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.6.173 192.169.6.173 netmask 255.255.255.255
static (inside,outside) 192.169.6.173 192.169.6.173 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.6.88 192.169.6.88 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.6.91 192.169.6.91 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.6.96 192.169.6.96 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.63.127 192.169.63.127 netmask 255.255.255.255
static (inside,outside) 199.99.199.98 192.168.100.105 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.108 192.168.100.108 netmask 255.255.255.255
static (inside,outside) 199.99.199.113 192.168.100.138 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.140 192.168.100.140 netmask 255.255.255.255
static (inside,outside) 199.99.199.155 192.168.100.141 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.143 192.168.100.143 netmask 255.255.255.255
static (inside,outside) 199.99.199.198 192.168.100.143 netmask 255.255.255.255
static (inside,outside) 199.99.199.125 192.168.100.146 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.149 192.168.100.149 netmask 255.255.255.255
static (inside,outside) 199.99.199.90 192.168.100.150 netmask 255.255.255.255
static (inside,outside) 199.99.199.94 192.168.100.152 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.155 192.168.100.155 netmask 255.255.255.255
static (inside,outside) 199.99.199.110 192.168.100.155 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.160 192.168.100.160 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.161 192.168.100.161 netmask 255.255.255.255
static (inside,outside) 199.99.199.47 192.168.100.161 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.163 192.168.100.163 netmask 255.255.255.255
static (inside,outside) 199.99.199.96 192.168.100.163 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.164 192.168.100.164 netmask 255.255.255.255
static (inside,outside) 199.99.199.169 192.168.100.166 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.170 192.168.100.170 netmask 255.255.255.255
static (inside,outside) 199.99.199.72 192.168.100.172 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.174 192.168.100.174 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.175 192.168.100.175 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.178 192.168.100.178 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.185 192.168.100.185 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.186 192.168.100.186 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.196 192.168.100.196 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.198 192.168.100.198 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.199 192.168.100.199 netmask 255.255.255.255
static (inside,outside) 199.99.199.136 192.168.100.42 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.84 192.168.100.84 netmask 255.255.255.255
static (inside,outside) 199.99.199.80 192.168.100.84 netmask 255.255.255.255
static (inside,outside) 199.99.199.99 192.168.200.11 netmask 255.255.255.255
static (inside,outside) 199.99.199.137 192.168.200.12 netmask 255.255.255.255
static (inside,outside) 199.99.199.138 192.168.200.13 netmask 255.255.255.255
static (inside,outside) 199.99.199.144 192.168.200.15 netmask 255.255.255.255
static (inside,outside) 199.99.199.145 192.168.200.16 netmask 255.255.255.255
static (inside,outside) 199.99.199.146 192.168.200.17 netmask 255.255.255.255
static (inside,outside) 199.99.199.147 192.168.200.18 netmask 255.255.255.255
static (inside,outside) 199.99.199.148 192.168.200.19 netmask 255.255.255.255
static (inside,outside) 199.99.199.149 192.168.200.20 netmask 255.255.255.255
static (inside,outside) 199.99.199.165 192.168.200.24 netmask 255.255.255.255
static (inside,outside) 199.99.199.166 192.168.200.25 netmask 255.255.255.255
static (inside,outside) 199.99.199.168 192.168.200.26 netmask 255.255.255.255
static (inside,outside) 199.99.199.157 192.168.200.27 netmask 255.255.255.255
static (inside,outside) 199.99.199.158 192.168.200.28 netmask 255.255.255.255
static (inside,outside) 199.99.199.143 192.168.200.29 netmask 255.255.255.255
static (inside,outside) 199.99.199.163 192.168.200.30 netmask 255.255.255.255
static (inside,outside) 199.99.199.173 192.168.200.31 netmask 255.255.255.255
static (inside,outside) 199.99.199.174 192.168.200.32 netmask 255.255.255.255
static (inside,outside) 199.99.199.175 192.168.200.33 netmask 255.255.255.255
static (inside,outside) 199.99.199.178 192.168.200.34 netmask 255.255.255.255
static (inside,outside) 199.99.199.182 192.168.200.35 netmask 255.255.255.255
static (inside,outside) 199.99.199.183 192.168.200.36 netmask 255.255.255.255
static (inside,outside) 199.99.199.184 192.168.200.37 netmask 255.255.255.255
static (inside,outside) 199.99.199.32 192.168.200.38 netmask 255.255.255.255
static (inside,outside) 199.99.199.81 192.168.200.40 netmask 255.255.255.255
static (inside,outside) 199.99.199.150 192.168.200.43 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.200.7 192.168.200.7 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.135 192.168.6.104 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.170 192.168.6.15 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.68 192.168.6.155 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.6.155 192.168.6.155 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.127 192.168.6.156 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.38 192.168.6.157 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.48 192.168.6.159 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.171 192.168.6.16 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.120 192.168.6.177 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.105 192.168.6.182 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.112 192.168.6.184 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.124 192.168.6.185 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.119 192.168.6.186 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.118 192.168.6.187 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.69 192.168.6.188 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.20 192.168.6.20 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.22 192.168.6.50 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.29 192.168.6.51 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.116 192.168.6.59 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.21 192.168.6.65 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.172 192.168.6.69 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.91 192.168.6.71 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.176 192.168.6.90 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.6.90 192.168.6.90 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.177 192.168.6.91 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.6.91 192.168.6.91 netmask 255.255.255.255
static (inside,DMZ_1) 194.139.70.44 194.139.70.44 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.51 192.168.6.72 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.6.19 192.169.6.19 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.42 192.168.6.66 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.50.210 192.169.50.210 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.171 192.168.100.171 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.151 192.168.6.102 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.106 192.168.6.56 netmask 255.255.255.255
static (inside,outside) 199.99.199.78 192.169.100.151 netmask 255.255.255.255
static (inside,outside) 199.99.199.43 192.169.137.159 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.100.152 192.169.100.152 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.134 192.168.6.103 netmask 255.255.255.255
static (inside,outside) 199.99.199.167 192.169.137.72 netmask 255.255.255.255
static (inside,outside) 199.99.199.156 192.169.137.73 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.200.14 192.168.200.14 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.100.74 192.168.100.74 netmask 255.255.255.255
static (inside,outside) 199.99.199.44 192.169.137.60 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.121 192.168.6.189 netmask 255.255.255.255
static (inside,outside) 199.99.199.58 192.168.100.174 netmask 255.255.255.255
static (inside,outside) 199.99.199.139 192.168.200.83 netmask 255.255.255.255
static (inside,outside) 199.99.199.77 192.168.200.82 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.200.82 192.168.200.82 netmask 255.255.255.255
static (inside,DMZ_1) 192.168.200.83 192.168.200.83 netmask 255.255.255.255
static (inside,outside) 199.99.199.102 192.169.137.16 netmask 255.255.255.255
static (inside,outside) 199.99.199.103 192.169.137.35 netmask 255.255.255.255
static (inside,DMZ_1) 192.169.50.70 192.169.50.70 netmask 255.255.255.255
static (DMZ_1,outside) 199.99.199.199 192.168.6.73 netmask 255.255.255.255
access-group OUTSIDE_ACL in interface outside
access-group DMZ_1_ACL in interface DMZ_1
route outside 0.0.0.0 0.0.0.0 199.99.199.1 1
route inside 192.169.0.0 255.255.0.0 192.168.100.254 1
route inside 192.168.0.0 255.255.0.0 192.168.100.254 1
timeout xlate 3:00:00
timeout conn 12:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
!
!
class-map MSS_ALLOW_MAP
match access-list MSS_ACCESS
class-map CLASS_SQLNET_PORT_1522
match port tcp eq 1522
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map
inspect http
class CLASS_SQLNET_PORT_1522
inspect sqlnet
class MSS_ALLOW_MAP
set connection advanced-options MSS_MAP
PIXFIREWALL#
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Ailuin
  • Locked
  • Question
Best Residential proxy provider.
Replies
1
Views
287
AvivBes
AvivBes
jim_bmx
  • Locked
  • Question
sh proxy command
Replies
0
Views
211
jim_bmx
jim_bmx
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
152
hairlessupportmonkey
hairlessupportmonkey
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
230
nnaarrnn
nnaarrnn
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
134
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top