Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT on a stick

Status
Not open for further replies.

PCTechG

Technical User
Aug 25, 2008
6
US
I'm trying to figure out how to configure NAT on a stick on a Cisco 2811. The problem here is that I have 3 interfaces and I'm trying to create a DMZ. This DMZ needs to be accessible from the outside by static IP translation, from the inside by either outside IP addresses or DMZ addresses (if using the outside IP address, it needs to respond with the outside IP address and not the inside IP address)and needs to be accessible from out satellite offices.

I have thought about changing the DNS but that would mess up our satellite offices, as we only have one DNS server in our main office. I also thought about adding an entry into the hosts file but we have a lot of traveling users and laptop users so we'd be changing the hosts files twice a day.

Can anyone help me figure this out?

PCTechG
 
Hello
Is Internet up and working on both subnets?I don't know about the DNS part,but you could simply configure static nat to the servers in the DMZ.

ip nat inside source static tcp 192.168.1.13 80 interface fastEthernet0/0 80


Regards
 
Internet is working on both our internal and "DMZ" interfaces. I also have static NAT in place. The problem is when I try to access the DMZ from internal. I'll hit the outside IP address but it will get translated to the DMZ address and will reply directly to the inside with the DMZ IP, which the browser doesn't recognize since it's looking for the outside IP.
 
Hello
Thing are clearer now.What services are you offering on the DMZ?If it's HTTP are you using DNS to access the web pages.Try using and tell us what happens.In any case please post a scrub conf.
Regards
 
Minue,
We are using DNS to get to the DMZ. We have three different servers there. When we try getting to the DNS from outside our local LAN, everything works fine. The problem is accessing it from the local LAN. Internal DNS points to the external IP address but the 2811 automatically translates this to internal and the return keeps the DMZ IP addresses. We considered changing the DNS but then realized that all of our satellite/home offices would not be able to access these servers. Following is my sanitized config:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ashland_2811
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.124-22.T.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 4096
logging console critical
enable secret 5 $1$bsNR$6pf7ssT9fr9s01dPH2BmM.
!
aaa new-model
!
!
aaa group server radius sdm-vpn-server-group-1
server 192.168.0.21 auth-port 1645 acct-port 1646
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 passwd-expiry group sdm-vpn-server-group-1
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PDT recurring
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
no ip bootp server
ip domain name skyresearch.com
ip name-server 192.168.0.21
ip name-server 192.168.0.29
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2240039163
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2240039163
revocation-check none
rsakeypair TP-self-signed-2240039163
!
!
crypto pki certificate chain TP-self-signed-2240039163
certificate self-signed 01

quit
!
!
username administrator privilege 15 secret 5 $1$FnPl$IDAi/dkd8rOvNg25Ok2bA/
archive
log config
hidekeys
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key ********* address X.X.X.X no-xauth
crypto isakmp key ********* address X.X.X.X no-xauth
crypto isakmp key ********* address X.X.X.X no-xauth
crypto isakmp key ********* address X.X.X.X no-xauth
crypto isakmp key ********* address X.X.X.X no-xauth
crypto isakmp key ********* address X.X.X.X no-xauth
crypto isakmp key ********* address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 60 periodic
!
crypto isakmp client configuration group test
key *********
dns 192.168.0.21 192.168.0.29
wins 192.168.0.29
domain skyresearch
pool SSL2
acl 104
crypto isakmp profile sdm-ike-profile-1
match identity group test
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set strong esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set VPN esp-des esp-md5-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA2
set isakmp-profile sdm-ike-profile-1
!
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set VPN
match address 104
!
crypto dynamic-map SDM_DYNMAP_2 1
set transform-set VPN
match address 104
!
crypto dynamic-map phones 10
set transform-set VPN
match address phones
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description hanger14
set peer X.X.X.X
set security-association lifetime seconds 28800
set transform-set strong
match address hanger14
crypto map SDM_CMAP_1 2 ipsec-isakmp
description denvercrew
set peer X.X.X.X
set transform-set strong
match address denverCrew
crypto map SDM_CMAP_1 3 ipsec-isakmp
description denvertrailer
set peer X.X.X.X
set transform-set strong
match address denverTrailer
crypto map SDM_CMAP_1 4 ipsec-isakmp
description vancouver
set peer X.X.X.X
set transform-set strong
match address vancouver
crypto map SDM_CMAP_1 5 ipsec-isakmp
description etna
set peer X.X.X.X
set transform-set strong
match address etna
crypto map SDM_CMAP_1 6 ipsec-isakmp
! Incomplete
description BC2
set peer X.X.X.X
set transform-set strong
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
!
!
!
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$ETH-LAN$$FW_INSIDE$
ip address 192.168.0.3 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address X.X.X.X 255.255.255.240
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
snmp trap ip verify drop-rate
no mop enabled
crypto map SDM_CMAP_1
!
interface FastEthernet0/0/0
description $ETH-LAN$
ip address 10.0.0.5 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
ip local pool SSL2 192.168.14.11 192.168.14.50 cache-size 1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.241.68.225
ip route 192.168.1.0 255.255.255.0 192.168.0.2
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-cache timeout active 1
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 192.168.0.138 9996
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload
ip nat inside source static 10.0.0.50 X.X.X.X
!
ip access-list extended denverCrew
remark traffic from ashland to denver crew house
remark SDM_ACL Category=4
permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.43.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended denverTrailer
remark traffic from ashland to flbgr trailer office
remark SDM_ACL Category=4
permit ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.43.0 0.0.0.255 192.168.9.0 0.0.0.255
ip access-list extended etna
permit ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.43.0 0.0.0.255 192.168.7.0 0.0.0.255
ip access-list extended hanger14
remark SDM_ACL Category=4
permit ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.43.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 192.168.15.0 0.0.0.255
ip access-list extended phones
remark traffic from home networks to ashland
remark SDM_ACL Category=4
permit ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.28.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.19.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.43.0 0.0.0.255
permit ip 192.168.43.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.7.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.9.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.19.0 0.0.0.255
ip access-list extended vancouver
remark traffic from hangar 14 to vancouver
remark SDM_ACL Category=4
permit ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.14.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.25.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.26.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.28.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 192.168.43.0 0.0.0.255 192.168.11.0 0.0.0.255
!
ip radius source-interface FastEthernet0/0
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 10.0.0.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip any host 192.168.0.3
access-list 100 deny ip 66.241.68.224 0.0.0.31 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 101 permit ip any 192.168.6.0 0.0.0.255
access-list 101 permit ip any 192.168.11.0 0.0.0.255
access-list 101 permit ip any 192.168.12.0 0.0.0.255
access-list 101 permit ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.7.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 permit ip 192.168.9.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.9.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip any 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 permit ip any 192.168.14.0 0.0.0.255
access-list 101 permit ip any host X.X.X.X
access-list 101 permit ahp host X.X.X.X1 host X.X.X.X
access-list 101 permit esp host X.X.X.X1 host X.X.X.X
access-list 101 permit udp host X.X.X.X1 host X.X.X.X eq isakmp
access-list 101 permit udp host X.X.X.X1 host X.X.X.X eq non500-isakmp
access-list 101 permit ahp host X.X.X.X1 host X.X.X.X
access-list 101 permit esp host X.X.X.X1 host X.X.X.X
access-list 101 permit udp host X.X.X.X1 host X.X.X.X eq isakmp
access-list 101 permit udp host X.X.X.X1 host X.X.X.X eq non500-isakmp
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit ahp any host X.X.X.X
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit esp any host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit udp any host X.X.X.X eq isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit udp any host X.X.X.X eq non500-isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit tcp any host X.X.X.X eq 443
access-list 101 permit udp any host X.X.X.X eq non500-isakmp
access-list 101 permit udp any host X.X.X.X eq isakmp
access-list 101 permit esp any host X.X.X.X
access-list 101 permit ahp any host X.X.X.X
access-list 101 permit tcp any host X.X.X.X eq 22
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X host X.X.X.X eq non500-isakmp
access-list 101 permit udp host X.X.X.X host X.X.X.X eq isakmp
access-list 101 permit esp host X.X.X.X host X.X.X.X
access-list 101 permit ahp host X.X.X.X host X.X.X.X
access-list 101 permit udp host X.X.X.X eq domain host X.X.X.X
access-list 101 permit udp host X.X.X.X eq domain host X.X.X.X
access-list 101 permit icmp any host X.X.X.X echo
access-list 101 permit icmp any host X.X.X.X echo-reply
access-list 101 permit icmp any host X.X.X.X time-exceeded
access-list 101 permit icmp any host X.X.X.X unreachable
access-list 101 remark 841 Access for FTP between .29 and .232
access-list 101 permit ip host X.X.X.X any
access-list 101 permit ip host X.X.X.X any
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark SDM_ACL Category=18
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.12.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.9.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.19.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.25.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.5.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.26.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 deny ip 192.168.28.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.43.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 102 deny ip 192.168.14.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 remark VPN Rule
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.14.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip 192.168.0.0 0.0.0.255 any
access-list 104 permit ip 192.168.6.0 0.0.0.255 any
access-list 104 permit ip 192.168.11.0 0.0.0.255 any
access-list 104 permit ip 192.168.12.0 0.0.0.255 any
access-list 104 permit ip 192.168.14.0 0.0.0.255 any
access-list 104 permit ip 192.168.7.0 0.0.0.255 any
access-list 104 permit ip 192.168.26.0 0.0.0.255 any
access-list 104 permit ip 192.168.28.0 0.0.0.255 any
access-list 104 permit ip 192.168.5.0 0.0.0.255 any
snmp-server community public RO
snmp-server ifindex persist
no cdp run

!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
radius-server host 192.168.0.21 auth-port 1645 acct-port 1646 key 7 00071A1507545A545C
!
control-plane
!
banner login ^CCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
login authentication local
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master
ntp server 64.125.78.85 source FastEthernet0/1
!
webvpn gateway gateway_1
ip address X.X.X.X port 443
http-redirect port 80
ssl trustpoint TP-self-signed-3337535738
inservice
!
webvpn sslvpn-vif nat inside
!
webvpn sslvpn-vif nat enable
!
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
!
webvpn install svc flash:/webvpn/svc_2.pkg sequence 2
end

Thanks for any help you can provide.
 
Tommorow I will be away for a few days when I get back in I will review your conf.
Regards

 
Why do you want it accessible with the outside ip address from the inside? Why not use the rfc1918 ip of the web server (ftp and/or whatever else is in the DMZ) when hitting it from the inside?

Burt
 
burtsbees,
I don't care which IP address is accessible from inside. The problem is that, when hitting the named address from inside, the response comes from the DMZ address instead of being translated back to the outside address. We would like to just do split-DNS but are not sure if that will work for our satellite offices. I hope this explains it a little better.

PcTechG
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top