Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS queries fail

Status
Not open for further replies.
nelifecare

nelifecare

MIS
Aug 21, 2006
118
US
Intermittently DNS queries are failing. Does anyone have any ideas? Config is attached.

: Saved
: Written by enable_15 at 02:19:05.143 EST Mon Jan 15 2007

ASA Version 7.0(2)
names
name 192.168.2.22 intranet
name 192.168.2.21 gateway
name 192.168.2.20 mail
name 192.168.1.41 PHOBOS
name 192.168.1.39 ENYO
name 192.168.1.38 PHAETON
name 192.168.1.40 DIEMOS
name 192.168.1.36 IRIS
name 192.168.1.33 ODYSSEUS
name 192.168.1.27 POSEIDON
name 192.168.2.0 DMZ
name 192.168.0.0 NELC
name 64.247.25.138 ssl.certifiedmail.com
name 192.168.70.0 CorrieMichaud
name 192.168.80.0 JudyGillett
name 192.168.1.26 CYPRESS
name 192.168.1.16 POLLUX
name 192.168.1.181 tftp
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address 24.xx.xx.xx 255.255.255.240
!
interface Ethernet0/1
speed 100
duplex full
nameif Inside
security-level 99
ip address 192.168.1.11 255.255.255.0
!
interface Ethernet0/2
speed 100
duplex full
nameif DMZ
security-level 50
ip address 192.168.2.1 255.255.255.0
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
enable password *************** encrypted
passwd *************** encrypted
hostname ZEUS
domain-name domain.com
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object-group service Citrix tcp
description Open ports 442 and 1494
port-object eq 442
port-object eq citrix-ica
object-group network CitrixServers
description All Citrix Servers
network-object CITRIX01 255.255.255.255
network-object CITRIX02 255.255.255.255
network-object CITRIX03 255.255.255.255
network-object PHAETON 255.255.255.255
network-object ENYO 255.255.255.255
network-object DIEMOS 255.255.255.255
network-object PHOBOS 255.255.255.255
object-group network CitrixServers_real
description All Citrix Servers
network-object CITRIX01 255.255.255.255
network-object CITRIX02 255.255.255.255
network-object CITRIX03 255.255.255.255
network-object PHAETON 255.255.255.255
network-object ENYO 255.255.255.255
network-object DIEMOS 255.255.255.255
network-object PHOBOS 255.255.255.255
access-list Outside_access_in extended permit tcp any host 24.xx.xx.117 eq 3389
access-list Outside_access_in remark HTTPS (443) access to gateway (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host 24.xx.xx.120 eq https
access-list Outside_access_in extended permit tcp any host 24.xx.xx.120 eq www
access-list Outside_access_in remark HTTPS (443) access to intranet (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host 24.xx.xx.115 eq https
access-list Outside_access_in remark HTTP (80) access to intranet (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host 24.xx.xx.115 eq www
access-list Outside_access_in remark Port opened to gateway (GAIA) for Citrix Secure Gateway communication
access-list Outside_access_in extended permit tcp any host 24.xx.xx.120 eq 444
access-list Outside_access_in remark SMTP (25) access to mail (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host 24.xx.xx.114 eq smtp
access-list Outside_access_in remark HTTPS (443) access to webmail (POSEIDON) for Exchange 2000 OWA
access-list Outside_access_in extended permit tcp any host 24.xx.xx.118 eq https
access-list Outside_access_in remark Port opened to gateway (GAIA) for FTP access
access-list Outside_access_in extended permit tcp any host 24.xx.xx.120 eq 989
access-list Outside_access_in remark Ports opened to gateway (GAIA) for FTP access
access-list Outside_access_in extended permit tcp any host 24.xx.xx.120 range 1120 1128
access-list Outside_access_in extended permit udp host 216.xx.xx.157 host 24.xx.xx.122 eq tftp
access-list Outside_access_in remark Allow PING
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Port opened for Incoming CertifiedMail.com SMTP(TLS) traffic
access-list Outside_access_in extended permit tcp host ssl.certifiedmail.com host 24.xx.xx.120 eq 26
access-list DMZ_access_in extended permit tcp host gateway host POSEIDON eq smtp
access-list DMZ_access_in remark Forward SMTP traffic from GAIA (mail ) to POSEIDON
access-list DMZ_access_in extended permit tcp DMZ 255.255.255.0 eq smtp host POSEIDON eq smtp
access-list DMZ_access_in remark Ports opened for Citrix Secure Gateway Access
access-list DMZ_access_in extended permit tcp host gateway object-group CitrixServers object-group Citrix
access-list DMZ_access_in extended permit tcp host gateway host IRIS eq https
access-list DMZ_access_in extended permit tcp host gateway host 192.168.1.161 eq smtp
access-list DMZ_access_in extended permit udp host 192.168.2.1 host 192.168.1.15 eq snmp
access-list DMZ_access_in extended permit tcp host gateway host CYPRESS eq ldap
access-list DMZ_access_in extended deny ip DMZ 255.255.255.0 NELC 255.255.0.0
access-list DMZ_access_in extended permit ip DMZ 255.255.255.0 any
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 172.16.1.0 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 172.16.1.0 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 CorrieMichaud 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 JudyGillett 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip 192.168.1.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip 192.168.20.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip 192.168.30.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Outside_cryptomap_40 extended permit ip 192.168.1.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Outside_cryptomap_40 extended permit ip 192.168.20.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit ip 192.168.30.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 172.16.1.0 255.255.255.224
access-list Outside_cryptomap_dyn_20 extended permit ip 192.168.1.0 255.255.255.0 CorrieMichaud 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip 192.168.1.0 255.255.255.0 JudyGillett 255.255.255.0
access-list 199 extended permit ip host 209.176.164.52 any
access-list 199 extended permit ip any host 209.176.164.52
pager lines 24
logging buffer-size 100000
logging trap informational
mtu Outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool RegionalVPN 172.16.1.1-172.16.1.25 mask 255.255.255.0
monitor-interface Outside
monitor-interface Inside
monitor-interface DMZ
monitor-interface management
asdm image disk0:/asdm502.bin
asdm location 172.16.1.0 255.255.255.224 Outside
asdm location 192.168.20.0 255.255.255.0 Outside
asdm location 192.168.30.0 255.255.255.0 Outside
asdm location 192.168.60.0 255.255.255.0 Outside
asdm group CitrixServers_real Inside
asdm group CitrixServers DMZ reference CitrixServers_real
no asdm history enable
arp timeout 14400
global (Outside) 1 24.xx.xx.126
global (Outside) 100 24.xx.xx.124
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 100 192.168.1.164 255.255.255.255
nat (Inside) 1 NELC 255.255.0.0
nat (DMZ) 1 DMZ 255.255.255.0
nat (management) 10 0.0.0.0 0.0.0.0
static (DMZ,Outside) 24.xx.xx.114 mail netmask 255.255.255.255
static (DMZ,Outside) 24.xx.xx.120 gateway netmask 255.255.255.255
static (DMZ,Outside) 24.xx.xx.115 intranet netmask 255.255.255.255
static (Inside,Outside) 24.xx.xx.118 POSEIDON netmask 255.255.255.255
static (Inside,DMZ) POSEIDON POSEIDON netmask 255.255.255.255
static (Inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (Inside,DMZ) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
static (Inside,DMZ) 192.168.30.0 192.168.30.0 netmask 255.255.255.0
static (Inside,Outside) 24.xx.xx.117 PHAETON netmask 255.255.255.255
static (Inside,Outside) 24.xx.xx.122 tftp netmask 255.255.255.255
access-group Outside_access_in in interface Outside
access-group DMZ_access_in in interface DMZ
!
router ospf 100
network 192.168.1.0 255.255.255.0 area 0
area 0
log-adj-changes
!
route Outside 0.0.0.0 0.0.0.0 24.xx.xx.113 1
timeout xlate 1:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:10:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
url-list Admin "Help Center Tickets" url-list Admin "Company Directory" url-list Admin "Workstation List" url-list Admin "Private" cifs://private
aaa-server cypress protocol radius
aaa-server cypress host CYPRESS
timeout 5
key cbllps6558
aaa-server metis protocol radius
aaa-server metis host tftp
timeout 5
key cbllps6558
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs enable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
webvpn
functions url-entry
port-forward-name value Application Access
group-policy webvpn internal
group-policy webvpn attributes
vpn-tunnel-protocol webvpn
webvpn
functions url-entry file-access file-entry file-browsing
group-policy nelifevpn internal
group-policy nelifevpn attributes
vpn-tunnel-protocol IPSec
webvpn
group-policy Laptops internal
group-policy Laptops attributes
vpn-tunnel-protocol IPSec
webvpn
http server enable
http 0.0.0.0 0.0.0.0 Inside
snmp-server host Outside 192.168.1.15 community xxxxxxxx
snmp-server host Inside 192.168.1.15 community xxxxxxxxx
snmp-server host DMZ 192.168.1.15 community xxxxxxxxxxx
no snmp-server location
no snmp-server contact
snmp-server community xxxxxxxxxx
no snmp-server enable traps all
sysopt noproxyarp Inside
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map Outside_map 20 match address Outside_cryptomap_20
crypto map Outside_map 20 set peer 216.xx.xx.157
crypto map Outside_map 20 set transform-set ESP-3DES-MD5
crypto map Outside_map 40 match address Outside_cryptomap_40
crypto map Outside_map 40 set peer 64.xx.xx.254
crypto map Outside_map 40 set transform-set ESP-3DES-MD5
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set peer 24.xx.xx.210
crypto map Outside_map 60 set transform-set ESP-3DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
isakmp identity auto
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 5
ssh 24.xx.xx.214 255.255.255.255 Outside
ssh 64.xx.xx.253 255.255.255.255 Outside
ssh 216.xx.xx.157 255.255.255.255 Outside
ssh 0.0.0.0 0.0.0.0 Inside
ssh NELC 255.255.0.0 Inside
ssh 192.168.1.0 255.255.255.0 Inside
ssh 192.168.1.176 255.255.255.255 Inside
ssh timeout 15
console timeout 30
dhcpd lease 3600
dhcpd ping_timeout 50
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key xxxxxxxxxxx
tunnel-group 216.xx.xx.157 type ipsec-l2l
tunnel-group 216.xx.xx.157 ipsec-attributes
pre-shared-key xxxxxxxxxxxxx
tunnel-group Laptops type ipsec-ra
tunnel-group Laptops general-attributes
address-pool RegionalVPN
authentication-server-group metis
default-group-policy Laptops
tunnel-group Laptops ipsec-attributes
pre-shared-key xxxxxxxxxx
tunnel-group 24.xx.xx.210 type ipsec-l2l
tunnel-group 24.xx.xx.210 ipsec-attributes
pre-shared-key xxxxxxxxxx
tunnel-group nelifevpn type ipsec-ra
tunnel-group nelifevpn general-attributes
address-pool RegionalVPN
authentication-server-group metis
default-group-policy nelifevpn
tunnel-group nelifevpn ipsec-attributes
pre-shared-key xxxxxxxxxx
tunnel-group 0.0.0.0 type ipsec-l2l
tunnel-group 0.0.0.0 ipsec-attributes
pre-shared-key xxxxxxxxxxx
tunnel-group 64.xx.xx.254 type ipsec-l2l
tunnel-group 64.xx.xx.254 ipsec-attributes
pre-shared-key xxxxxxxxxxx
tunnel-group-map default-group DefaultL2LGroup
!
class-map class_ftp
match port tcp range 1024 65535
class-map sip-port
match port tcp eq sip
class-map class_ftp1
match port tcp range 1 1023
class-map inspection_default
match default-inspection-traffic
!
!
policy-map sip_policy
class sip-port
inspect sip
class inspection_default
inspect dns maximum-length 1500
class class_ftp
inspect ftp
class class_ftp1
inspect ftp
!
terminal width 200
service-policy sip_policy global
ntp server ODYSSEUS source Inside
tftp-server Inside tftp ZEUS/
webvpn
enable Outside
logo file disk0:/header.jpg
title-color 0,102,204
nbns-server ODYSSEUS master timeout 2 retry 2
nbns-server CYPRESS timeout 2 retry 2
authentication-server-group metis
default-group-policy webvpn
smtp-server 192.168.1.27
management-access Inside
Cryptochecksum:4417771cc89fc7cfd5eac1f226ccf6a1
: end
 
Sort by date Sort by votes
Can you post the "show running-config all" output? Also can you set logging to buffer 6

logging buffered 6


When the query fails are there any messages generated? Packet size reference?

Free Firewall/Network/Systems Support-
 
Upvote 0 Downvote
Thanks for the quick response. Here's the "show run all" output:

: Saved
:
ASA Version 7.2(2)
!
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
terminal width 200
hostname ZEUS
domain-name nelifecare.org
enable password ************** encrypted
no fips enable
names
name 192.168.2.22 intranet.domain.com
name 192.168.2.21 gateway.domain.com
name 192.168.2.20 mail.domain.com
name 192.168.1.41 PHOBOS
name 192.168.1.39 ENYO
name 192.168.1.38 PHAETON
name 192.168.1.40 DIEMOS
name 192.168.1.36 IRIS
name 192.168.1.33 ODYSSEUS
name 192.168.1.27 POSEIDON
name 192.168.2.0 DMZ
name 192.168.0.0 NELC
name 64.247.25.138 ssl.certifiedmail.com
name 192.168.70.0 CorrieMichaud
name 192.168.80.0 JudyGillett
name 192.168.1.26 CYPRESS
name 192.168.1.16 POLLUX
name 192.168.1.181 tftp
name xx.xx.xx.117 corpdvs.domain.com
name 192.168.1.17 NOTUS
dns-guard
!
interface Ethernet0/0
speed auto
duplex auto
nameif Outside
security-level 0
ip address 24.xx.xx.xx 255.255.255.240
!
interface Ethernet0/1
speed 100
duplex full
nameif Inside
security-level 99
ip address 192.168.1.11 255.255.255.0
!
interface Ethernet0/2
speed 100
duplex full
nameif DMZ
security-level 50
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/3
speed auto
duplex auto
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
speed auto
duplex auto
shutdown
nameif management
security-level 100
no ip address
management-only
!
passwd Ec/e9dSTB6nJ5mn9 encrypted
regex _default_gator "Gator"
regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
regex _default_shoutcast-tunneling-protocol "1"
regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
regex _default_x-kazaa-network "[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
regex _default_gnu-http-tunnel_arg "crap"
regex _default_icy-metadata "[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
regex _default_GoToMyPC-tunnel "machinekey"
regex _default_windows-media-player-tunnel "NSPlayer"
regex _default_yahoo-messenger "YMSG"
regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
regex _default_firethru-tunnel_1 "firethru[.]com"
boot system disk0:/asa722-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 60
dns domain-lookup Outside
dns domain-lookup Inside
dns domain-lookup DMZ
dns server-group DefaultDNS
name-server ODYSSEUS
name-server CYPRESS
domain-name domain.com
object-group service Citrix tcp
description Open ports 442 and 1494
port-object eq 442
port-object eq citrix-ica
object-group network CitrixServers
description All Citrix Servers
network-object PHAETON 255.255.255.255
network-object ENYO 255.255.255.255
network-object DIEMOS 255.255.255.255
network-object PHOBOS 255.255.255.255
object-group network CitrixServers_real
description All Citrix Servers
network-object PHAETON 255.255.255.255
network-object ENYO 255.255.255.255
network-object DIEMOS 255.255.255.255
network-object PHOBOS 255.255.255.255
object-group network CorpDVS
description Corporate Data & Voice IP Subnet
network-object 155.xx.xx.xx 255.255.255.240
access-list Outside_access_in remark HTTPS (443) access to gateway.domain.com (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host xx.xx.xx.120 eq https
access-list Outside_access_in extended permit tcp any host xx.xx.xx.120 eq www
access-list Outside_access_in remark HTTPS (443) access to intranet.domain.com (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host xx.xx.xx.115 eq https
access-list Outside_access_in remark HTTP (80) access to intranet.domain.com (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host xx.xx.xx.115 eq www
access-list Outside_access_in remark Port opened to gateway.domain.com (GAIA) for Citrix Secure Gateway communication
access-list Outside_access_in extended permit tcp any host xx.xx.xx.120 eq 444
access-list Outside_access_in remark SMTP (25) access to mail.domain.com (GAIA) from the outside
access-list Outside_access_in extended permit tcp any host xx.xx.xx.114 eq smtp
access-list Outside_access_in remark HTTPS (443) access to webmail.domain.com (POSEIDON) for Exchange 2000 OWA
access-list Outside_access_in extended permit tcp any host xx.xx.xx.118 eq https
access-list Outside_access_in remark Port opened to gateway.domain.com (GAIA) for FTP access
access-list Outside_access_in extended permit tcp any host xx.xx.xx.120 eq 989
access-list Outside_access_in remark Ports opened to gateway.domain.com (GAIA) for FTP access
access-list Outside_access_in extended permit tcp any host xx.xx.xx.120 range 1120 1128
access-list Outside_access_in extended permit udp host xx.xx.xx.157 host xx.xx.xx.122 eq tftp
access-list Outside_access_in remark Allow PING
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Port opened for Incoming CertifiedMail.com SMTP(TLS) traffic
access-list Outside_access_in extended permit tcp host ssl.certifiedmail.com host xx.xx.xx.120 eq 26
access-list Outside_access_in extended permit tcp object-group CorpDVS host corpdvs.domain.com eq 3389
access-list DMZ_access_in extended permit tcp host gateway.domain.com host POSEIDON eq smtp
access-list DMZ_access_in remark Forward SMTP traffic from GAIA (mail.domain.com) to POSEIDON
access-list DMZ_access_in extended permit tcp DMZ 255.255.255.0 eq smtp host POSEIDON eq smtp
access-list DMZ_access_in remark Ports opened for Citrix Secure Gateway Access
access-list DMZ_access_in extended permit tcp host gateway.domain.com object-group CitrixServers object-group Citrix
access-list DMZ_access_in extended permit tcp host gateway.domain.com host IRIS eq https
access-list DMZ_access_in extended permit udp host 192.168.2.1 host 192.168.1.15 eq snmp
access-list DMZ_access_in extended permit tcp host gateway.domain.com host CYPRESS eq ldap
access-list DMZ_access_in extended deny ip DMZ 255.255.255.0 NELC 255.255.0.0
access-list DMZ_access_in extended permit ip DMZ 255.255.255.0 any
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 172.16.1.0 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 172.16.1.0 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 CorrieMichaud 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 JudyGillett 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip 192.168.1.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip 192.168.20.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip 192.168.30.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list Outside_cryptomap_40 extended permit ip 192.168.1.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Outside_cryptomap_40 extended permit ip 192.168.20.0 255.255.255.0 192.168.30.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit ip 192.168.30.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 172.16.1.0 255.255.255.224
access-list Outside_cryptomap_dyn_20 extended permit ip 192.168.1.0 255.255.255.0 CorrieMichaud 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip 192.168.1.0 255.255.255.0 JudyGillett 255.255.255.0
access-list 199 extended permit ip host 209.176.164.52 any
access-list 199 extended permit ip any host 209.176.164.52
access-list Outside_access-in extended permit tcp any host NOTUS eq 3389
access-list cap1 extended permit ip any host 208.67.222.222
access-list cap1 extended permit ip host CYPRESS any
pager lines 24
logging buffer-size 100000
logging asdm-buffer-size 100
logging buffered informational
logging trap informational
logging asdm informational
logging from-address asa@domain.com
logging recipient-address jdugas@domain.com level errors
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024
logging rate-limit 1 10 message 620002
logging rate-limit 1 10 message 717015
logging rate-limit 1 10 message 717018
logging rate-limit 1 10 message 201013
logging rate-limit 1 10 message 201012
logging rate-limit 1 10 message 405002
logging rate-limit 1 10 message 421007
logging rate-limit 1 10 message 405001
logging rate-limit 1 10 message 421001
logging rate-limit 1 10 message 421002
logging rate-limit 1 10 message 710002
logging rate-limit 1 10 message 209003
logging rate-limit 1 10 message 209004
logging rate-limit 1 10 message 209005
logging rate-limit 1 10 message 431002
logging rate-limit 1 10 message 431001
logging rate-limit 1 10 message 110001
logging rate-limit 1 10 message 450001
mtu Outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool RegionalVPN 172.16.1.1-172.16.1.25 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
no nat-control
global (Outside) 1 xx.xx.xx.126
global (Outside) 100 xx.xx.xx.124
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 100 192.168.1.164 255.255.255.255
nat (Inside) 1 NELC 255.255.0.0
nat (DMZ) 1 DMZ 255.255.255.0
nat (management) 10 0.0.0.0 0.0.0.0
static (DMZ,Outside) xx.xx.xx.114 mail.domain.com netmask 255.255.255.255
static (DMZ,Outside) xx.xx.xx.120 gateway.domain.com netmask 255.255.255.255
static (DMZ,Outside) xx.xx.xx.115 intranet.domain.com netmask 255.255.255.255
static (Inside,Outside) xx.xx.xx.118 POSEIDON netmask 255.255.255.255
static (Inside,DMZ) POSEIDON POSEIDON netmask 255.255.255.255
static (Inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (Inside,DMZ) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
static (Inside,DMZ) 192.168.30.0 192.168.30.0 netmask 255.255.255.0
static (Inside,Outside) xx.xx.xx.122 tftp netmask 255.255.255.255
static (Inside,Outside) corpdvs.domain.com NOTUS netmask 255.255.255.255
access-group Outside_access_in in interface Outside
access-group DMZ_access_in in interface DMZ
route Outside 0.0.0.0 0.0.0.0 xx.xx.xx.113 1
!
router ospf 100
network 192.168.1.0 255.255.255.0 area 0
area 0
log-adj-changes
!
timeout xlate 1:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:10:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server cypress protocol radius
aaa-server cypress host CYPRESS
timeout 5
key *******************
aaa-server metis protocol radius
aaa-server metis host tftp
timeout 5
key *******************
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs enable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
no vpn-nac-exempt
group-policy webvpn internal
group-policy webvpn attributes
vpn-tunnel-protocol webvpn
webvpn
functions url-entry file-access file-entry file-browsing
no html-content-filter
no homepage
no keep-alive-ignore
no http-comp
no filter
no url-list
no customization
no port-forward
no port-forward-name
no sso-server
no deny-message
no svc
no svc keep-installer
no svc keepalive
no svc rekey time
no svc rekey method
no svc dpd-interval client
no svc dpd-interval gateway
no svc compression
no vpn-nac-exempt
group-policy nelifevpn internal
group-policy nelifevpn attributes
vpn-tunnel-protocol IPSec
no vpn-nac-exempt
group-policy Laptops internal
group-policy Laptops attributes
vpn-tunnel-protocol IPSec
no vpn-nac-exempt
http server enable 443
http 0.0.0.0 0.0.0.0 Inside
snmp-server host Outside 192.168.1.15 community ******** version 1 udp-port 162
snmp-server host Inside 192.168.1.15 community ******** version 1 udp-port 162
snmp-server host DMZ 192.168.1.15 community ******** version 1 udp-port 162
no snmp-server location
no snmp-server contact
snmp-server community ********
snmp-server enable
snmp-server listen-port 161
fragment size 200 Outside
fragment chain 24 Outside
fragment timeout 5 Outside
fragment size 200 Inside
fragment chain 24 Inside
fragment timeout 5 Inside
fragment size 200 DMZ
fragment chain 24 DMZ
fragment timeout 5 DMZ
fragment size 200 management
fragment chain 24 management
fragment timeout 5 management
sysopt noproxyarp Inside
service password-recovery
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec fragmentation before-encryption Outside
crypto ipsec fragmentation before-encryption Inside
crypto ipsec fragmentation before-encryption DMZ
crypto ipsec fragmentation before-encryption management
crypto ipsec df-bit copy-df Outside
crypto ipsec df-bit copy-df Inside
crypto ipsec df-bit copy-df DMZ
crypto ipsec df-bit copy-df management
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map Outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map Outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map Outside_map 20 match address Outside_cryptomap_20
crypto map Outside_map 20 set connection-type bi-directional
crypto map Outside_map 20 set peer xx.xx.xx.157
crypto map Outside_map 20 set transform-set ESP-3DES-MD5
crypto map Outside_map 20 set security-association lifetime seconds 28800
crypto map Outside_map 20 set security-association lifetime kilobytes 4608000
crypto map Outside_map 20 set inheritance rule
crypto map Outside_map 20 set phase1-mode main
crypto map Outside_map 40 match address Outside_cryptomap_40
crypto map Outside_map 40 set connection-type bi-directional
crypto map Outside_map 40 set peer 64.222.140.254
crypto map Outside_map 40 set transform-set ESP-3DES-MD5
crypto map Outside_map 40 set security-association lifetime seconds 28800
crypto map Outside_map 40 set security-association lifetime kilobytes 4608000
crypto map Outside_map 40 set inheritance rule
crypto map Outside_map 40 set phase1-mode main
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set connection-type bi-directional
crypto map Outside_map 60 set peer 24.39.50.210
crypto map Outside_map 60 set transform-set ESP-3DES-MD5
crypto map Outside_map 60 set security-association lifetime seconds 28800
crypto map Outside_map 60 set security-association lifetime kilobytes 4608000
crypto map Outside_map 60 set inheritance rule
crypto map Outside_map 60 set phase1-mode main
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity auto
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
tunnel-group DefaultRAGroup type ipsec-ra
tunnel-group DefaultRAGroup general-attributes
no address-pool
authentication-server-group LOCAL
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no nac-authentication-server-group
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
authorization-dn-attributes CN OU
tunnel-group DefaultRAGroup ipsec-attributes
no pre-shared-key
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 300 retry 2
no radius-sdi-xauth
isakmp ikev1-user-authentication xauth
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group DefaultWEBVPNGroup type webvpn
tunnel-group DefaultWEBVPNGroup general-attributes
no address-pool
authentication-server-group metis
no accounting-server-group
default-group-policy webvpn
no dhcp-server
no password-management
no override-account-disable
no authorization-required
authorization-dn-attributes CN OU
tunnel-group DefaultWEBVPNGroup webvpn-attributes
hic-fail-group-policy DfltGrpPolicy
customization DfltCustomization
authentication aaa
nbns-server ODYSSEUS master timeout 2 retry 2
nbns-server CYPRESS timeout 2 retry 2
dns-group DefaultDNS
tunnel-group xx.xx.xx.157 type ipsec-l2l
tunnel-group xx.xx.xx.157 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group xx.xx.xx.157 ipsec-attributes
pre-shared-key *
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
tunnel-group Laptops type ipsec-ra
tunnel-group Laptops general-attributes
address-pool RegionalVPN
authentication-server-group metis
no accounting-server-group
default-group-policy Laptops
no dhcp-server
no nac-authentication-server-group
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
authorization-dn-attributes CN OU
tunnel-group Laptops ipsec-attributes
pre-shared-key *
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 300 retry 2
no radius-sdi-xauth
isakmp ikev1-user-authentication xauth
tunnel-group Laptops ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group xx.xx.xx.210 type ipsec-l2l
tunnel-group xx.xx.xx.210 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group xx.xx.xx.210 ipsec-attributes
pre-shared-key *
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
tunnel-group nelifevpn type ipsec-ra
tunnel-group nelifevpn general-attributes
address-pool RegionalVPN
authentication-server-group metis
no accounting-server-group
default-group-policy nelifevpn
no dhcp-server
no nac-authentication-server-group
no strip-realm
no password-management
no override-account-disable
no strip-group
no authorization-required
authorization-dn-attributes CN OU
tunnel-group nelifevpn ipsec-attributes
pre-shared-key *
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 300 retry 2
no radius-sdi-xauth
isakmp ikev1-user-authentication xauth
tunnel-group nelifevpn ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group 0.0.0.0 type ipsec-l2l
tunnel-group 0.0.0.0 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 0.0.0.0 ipsec-attributes
pre-shared-key *
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
tunnel-group xx.xx.xx.254 type ipsec-l2l
tunnel-group xx.xx.xx.254 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group xx.xx.xx.254 ipsec-attributes
pre-shared-key *
peer-id-validate req
no chain
no trust-point
isakmp keepalive threshold 10 retry 2
tunnel-group-map default-group DefaultL2LGroup
vpn-addr-assign aaa
vpn-addr-assign dhcp
vpn-addr-assign local
no vpn-sessiondb max-session-limit
no vpn-sessiondb max-webvpn-session-limit
no remote-access threshold
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 5
ssh xx.xx.xx.214 255.255.255.255 Outside
ssh xx.xx.xx.253 255.255.255.255 Outside
ssh xx.xx.xx.157 255.255.255.255 Outside
ssh 0.0.0.0 0.0.0.0 Inside
ssh NELC 255.255.0.0 Inside
ssh 192.168.1.0 255.255.255.0 Inside
ssh 192.168.1.176 255.255.255.255 Inside
ssh timeout 15
console timeout 30
management-access Inside
l2tp tunnel hello 60
priority-queue Outside
queue-limit 0
tx-ring-limit -1
priority-queue Inside
queue-limit 0
tx-ring-limit -1
priority-queue DMZ
queue-limit 0
tx-ring-limit -1
priority-queue management
queue-limit 0
tx-ring-limit -1
!
class-map type inspect http match-all _default_gator
match request header user-agent regex _default_gator
class-map type inspect http match-all _default_msn-messenger
match response header content-type regex _default_msn-messenger
class-map type inspect http match-all _default_yahoo-messenger
match request body regex _default_yahoo-messenger
class-map type inspect http match-all _default_windows-media-player-tunnel
match request header user-agent regex _default_windows-media-player-tunnel
class-map type inspect http match-all _default_gnu-http-tunnel
match request args regex _default_gnu-http-tunnel_arg
match request uri regex _default_gnu-http-tunnel_uri
class-map type inspect http match-all _default_firethru-tunnel
match request header host regex _default_firethru-tunnel_1
match request uri regex _default_firethru-tunnel_2
class-map type inspect http match-all _default_aim-messenger
match request header host regex _default_aim-messenger
class-map class_ftp
match port tcp range 1024 65535
class-map type inspect http match-all _default_http-tunnel
match request uri regex _default_http-tunnel
class-map type inspect http match-all _default_kazaa
match response header regex _default_x-kazaa-network count gt 0
class-map sip-port
match port tcp eq sip
class-map class_ftp1
match port tcp range 1 1023
class-map type inspect http match-all _default_shoutcast-tunneling-protocol
match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
class-map class-default
match any
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2
class-map type inspect http match-all _default_httport-tunnel
match request header host regex _default_httport-tunnel
!
!
policy-map type inspect h323 _default_h323_map
description Default H.323 policymap
parameters
no rtp-conformance
policy-map type inspect sip _default_sip_map
description Default SIP policymap
parameters
im
no ip-address-privacy
traffic-non-sip
no rtp-conformance
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 1500
no message-length maximum server
no message-length maximum client
dns-guard
protocol-enforcement
nat-rewrite
no id-randomization
no id-mismatch
no tsig enforced
policy-map type inspect dns _default_dns_map
description Default DNS policy-map
parameters
no message-length maximum
no message-length maximum server
no message-length maximum client
dns-guard
protocol-enforcement
nat-rewrite
no id-randomization
no id-mismatch
no tsig enforced
policy-map type inspect ipsec-pass-thru _default_ipsec_passthru_map
description Default IPSEC-PASS-THRU policy-map
parameters
esp per-client-max 0 timeout 0:10:00
policy-map sip_policy
class sip-port
inspect sip
class inspection_default
inspect dns migrated_dns_map_1
class class_ftp
inspect ftp
class class_ftp1
inspect ftp
class class-default
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
match cmd line length gt 512
drop-connection
match cmd RCPT count gt 100
drop-connection
match body line length gt 1000
drop-connection
match header line length gt 1000
drop-connection
match sender-address length gt 320
drop-connection
match MIME filename length gt 255
drop-connection
match ehlo-reply-parameter others
mask
!
service-policy sip_policy global
ntp server ODYSSEUS source Inside
tftp-server Inside tftp ZEUS/
ssl server-version any
ssl client-version any
ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1 rc4-md5
webvpn
memory-size percent 25
port 443
enable Outside
character-encoding none
no http-proxy
no https-proxy
default-idle-timeout 1800
no csd enable
no svc enable
customization DfltCustomization
title text WebVPN Service
title style background-color:white;color:maroon;border-bottom:5px groove #669999;font-size:larger;vertical-align:middle;text-align:left;font-weight:bold
username-prompt text USERNAME:
username-prompt style color:black;font-weight:bold;text-align:right
password-prompt text PASSWORD:
password-prompt style color:black;font-weight:bold;text-align:right
group-prompt text GROUP:
group-prompt style color:black;font-weight:bold;text-align:right
login-button text Login
login-button style border:1px solid black;background-color:white;font-weight:bold;font-size:80%
clear-button text Clear
clear-button style border:1px solid black;background-color:white;font-weight:bold;font-size:80%
login-title text Login
login-title style background-color:#666666;color:white
login-message text Please enter your username and password.
login-message style background-color:#CCCCCC;color:black
logout-title text Logout
logout-title style background-color:#666666;color:white
logout-message text Goodbye.
logout-message style background-color:#999999;color:black
web-applications title text Web Applications
web-applications title style background-color:#99CCCC;color:black;font-weight:bold;text-transform:uppercase
web-applications message text Enter Web Address (URL)
web-applications message style background-color:#99CCCC;color:maroon;font-size:smaller
web-applications dropdown text Web Bookmarks
web-applications dropdown style border:1px solid black;font-weight:bold;color:black;font-size:80%
browse-networks title text Browse Networks
browse-networks title style background-color:#99CCCC;color:black;font-weight:bold;text-transform:uppercase
browse-networks message text Enter Network Path
browse-networks message style background-color:#99CCCC;color:maroon;font-size:smaller
browse-networks dropdown text File Folder Bookmarks
browse-networks dropdown style border:1px solid black;font-weight:bold;color:black;font-size:80%
application-access title text Application Access
application-access title style background-color:#99CCCC;color:black;font-weight:bold;text-transform:uppercase
application-access message text Start Application Client
application-access message style background-color:#99CCCC;color:maroon;font-size:smaller
application-access window text Close this window when you finish using Application Access.<br>Please wait for the table to be displayed before starting applications.
application-access window style background-color:#99CCCC;color:black;font-weight:bold
web-bookmarks link style color:#669999;border-bottom: 1px solid #669999;text-decoration:none
web-bookmarks title text Web Bookmarks
web-bookmarks title style color:#669999;background-color:#99CCCC;font-weight:bold
file-bookmarks link style color:#669999;border-bottom: 1px solid #669999;text-decoration:none
file-bookmarks title text File Folder Bookmarks
file-bookmarks title style color:#669999;background-color:#99CCCC;font-weight:bold
page style background-color:white;font-family:Arial,Helv,sans-serif
border style background-color:#669999;color:white
dialog title style background-color:#669999;color:white
dialog message style background-color:#99CCCC;color:black
dialog border style border:1px solid black;border-collapse:collapse
logo file disk0:/header.jpg
application-access hide-details disable
url-list Admin "Help Center Tickets" 1
url-list Admin "Company Directory" 2
url-list Admin "Workstation List" 3
url-list Admin "Private" cifs://domain.com/private 4
tunnel-group-list enable
rewrite order 65535 enable resource-mask *
cache
no disable
max-object-size 1000
min-object-size 0
cache-compressed
no cache-static-content
lmfactor 20
expiry-time 1
no auto-signon
imap4s
port 993
no server
outstanding 20
name-separator :
server-separator @
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
no authentication
no authorization-required
authorization-dn-attributes CN OU
pop3s
port 995
no server
outstanding 20
name-separator :
server-separator @
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
no authentication
no authorization-required
authorization-dn-attributes CN OU
smtps
port 988
no server
outstanding 20
name-separator :
server-separator @
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
authentication aaa
no authorization-required
authorization-dn-attributes CN OU
smtp-server 192.168.1.27
prompt hostname domain context
auto-update device-id hostname
auto-update poll-period 720 0 5
auto-update timeout 0
compression svc http-comp
Cryptochecksum:91a4710f1f7a3e68c93b775f7b1a90f0
: end



I turned on logging and will let you know what I see in the log.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
69
burtsbees
burtsbees
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
103
ChrisHirst
ChrisHirst
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
130
gkittelson
gkittelson
RodneyMcSnow
  • Locked
  • Question
TZ400 -how to prevent dns attacks
Replies
2
Views
90
RodneyMcSnow
RodneyMcSnow
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
89
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top