Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Not sure if my ASA 5510 config is causing connection problems

Status
Not open for further replies.
jmor3

jmor3

IS-IT--Management
Jun 30, 2009
5
US
I started managing a new network earlier this month that includes a Cisco ASA5510. The device has a fairly simple configuration with four interfaces: Inside, Outside, DMZ, and Others. The first three interfaces seem familiar for a firewall, and the fourth interface (the Others interface) seems to be used for special vendor routers that connect to private circuits (so traffic moves from the vendor router over the private circuit to other servers instead of moving through the Outside interface). Here are the security levels each the interfaces:

Outside = 0
Inside = 100
DMZ = 50
Others = 50

My problem is this: I have a server connected to the DMZ network that needs to send and receive requests to a server connected to the far end of one of the special vendor routers on the Others network, but communication doesn't seem to work properly. The DMZ and Others networks are both using NAT. I started out by checking to see if the two interfaces were listed in the ASA 5510 routing tables. The "show route" command says ...

C 172.21.0.32 255.255.255.224 is directly connected, Others
C 172.21.0.64 255.255.255.224 is directly connected, DMZ

... and there is a static route between the TargetRouter port (172.21.0.35/19) and the destination server (192.168.0.50/24) on the far end of the private circuit. The "show route" command says ...

S 192.168.0.50 255.255.255.255 [1/0] via TargetRouter, Others

... so I'm thinking that routing is established in the ASA 5510 tables. I also checked for the "same-security-traffic permit inter-interface" command (which is needed when two interfaces have the same security level), and that line is in the running configuration, so traffic should flow between the two interfaces as long as access lists are established for each interface.

I checked to see if Access Groups were in place for each interface using the "show run | include access-group" command, which said ...

access-group aclOthers in interface Others
access-group aclDMZ in interface DMZ

... then I checked the ACL lists configured for the DMZ access-group ...

access-list aclDMZ extended permit tcp host DMZserver any eq www
access-list aclDMZ extended permit tcp host DMZserver any eq https

... and the Others access-group ...

access-list aclOthers extended permit tcp host DMZserver host TargetRouter object-group DM_INLINE_TCP_1
- object-group service DM_INLINE_TCP_1 tcp
- port-object eq www
- port-object eq https

I used the Cisco ASDM Packet Tracer to send some simulated packets between the DMZserver and the TargetRouter IP addresses and verified that that the Access List, Flow Lookup, and Route Lookup are all Allowed. However, the packet ends up being dropped at the end of the exchange with an "(rpf-violated) Reverse-path verify failed" message in either direction. I checked the ASA 5510 configuration, and yes the IP Verify is enabled ...

ip verify reverse-path interface Others
ip verify reverse-path interface DMZ

... so I temporarily disabled the IP Verify interface configurations (using the "no ip verify ..." command for both interfaces), then re-sent the packets using the Packet Tracer. The packets still dropped with the "Reverse-path verify failed" info message.

At this point, I am open to any suggestions you may offer to figure out if I missed a configuration step, or if my diagnostics are faulty, or if there is anything I can do to verify my routing and connection setup - or if the problem lies outside the ASA 5510 entirely.

Thanks in advance!

Raoul
 
Sort by date Sort by votes
1) Have you enabled logging on the 5510 to see what is going on??
2) Can you post the scrubbed config here??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Yes, we have some logging enabled ...

logging enable
logging timestamp
logging standby
logging buffer-size 16000
logging buffered debugging
logging trap debugging
logging asdm notifications
logging facility 18
logging device-id ipaddress Inside
logging host Inside 192.168.254.75

... and I can post a scrubbed config - should I post it all (it's a fairly large set of access lists) or are there certain parts I can skip?

Thanks!
 
Upvote 0 Downvote
have you done a show logging asdm | in <host_ip> to see if there are any entries showing denied packets?? I would post the whole thing just so we can see everything.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I used the show logging asdm | in <host_ip> command to look for denied packets, but there is nothing logged. Here is a scrubbed version of the running-config (IP addresses should be in the right ranges, but they are all changed to protect the innocent). In this configuration, I am trying to make sure 192.168.253.38 (the router port on the OtherInterface) and 192.168.253.73 (the web server on the DMZInterface) can send http and/or https packets back and forth to each other between the two ASA 5510 interfaces. Each device is connected to a Layer 2 switch that has no filtering or VLAN configuration (or so I've been told :).

CISCO-ASA# sh run
: Saved
:
ASA Version 8.0(2)
!
hostname CISCO-ASA
domain-name domain.com
enable password ppaasssswwoorrdd encrypted
names
name 75.21.22.11 outsideinterface
name 192.168.253.1 insideinterface
name 192.168.253.33 otherinterface
name 192.168.253.65 DMZinterface
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address outsideinterface 255.255.255.0
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address insideinterface 255.255.255.224
!
interface Ethernet0/2
nameif other
security-level 90
ip address otherinterface 255.255.255.224
!
interface Ethernet0/3
nameif DMZ
security-level 90
ip address DMZinterface 255.255.255.224
!
interface Management0/0
shutdown
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd ppaasssswwoorrdd encrypted
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone MDT -7
clock summer-time MDT recurring
dns server-group DefaultDNS
domain-name domain.com
same-security-traffic permit inter-interface
object-group network Group001
network-object 10.254.231.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.254.40
network-object host 192.168.45.3
network-object host 192.168.98.1
object-group service DM_INLINE_SERVICE_1
service-object tcp eq domain
service-object udp eq domain
service-object icmp
object-group network DM_INLINE_NETWORK_3
network-object host 218.76.20.220
network-object host 218.76.20.222
network-object host 214.71.80.5
network-object host 217.91.240.1
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.254.81
network-object host 192.168.254.82
network-object host 192.168.254.84
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.253.71
network-object host 192.168.253.72
network-object 0.0.0.0 0.0.0.0
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.253.71
network-object host 192.168.253.72
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.254.40
network-object host 192.168.98.1
network-object host 192.168.45.3
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.254.40
network-object host 192.168.98.1
network-object host 192.168.45.3
object-group service ftc tcp
port-object eq 10937
object-group service Group002 tcp
port-object eq 20200
object-group service DM_INLINE_TCP_1 tcp
group-object ftc
port-object eq www
group-object Group002
port-object eq ftp
port-object eq https
port-object eq 8080
port-object eq 2443
object-group network DM_INLINE_NETWORK_9
network-object host 172.20.98.6
network-object host 172.20.98.7
object-group network DM_INLINE_NETWORK_10
network-object 10.254.231.0 255.255.255.0
network-object host 192.168.254.53
object-group network DM_INLINE_NETWORK_2
network-object 10.254.231.0 255.255.255.0
network-object host 192.168.254.53
object-group service DM_INLINE_TCP_2 tcp
group-object ftc
port-object eq ftp
port-object eq www
port-object eq https
port-object eq ssh
object-group service Group003 tcp
description Check 21 ports
port-object eq 50668
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.254.40
network-object host 192.168.45.3
network-object host 192.168.98.1
object-group service DCC tcp
port-object eq 6277
object-group service DM_INLINE_TCP_3 tcp
port-object eq 3000
port-object eq 3001
port-object eq 3002
port-object eq 3003
port-object eq 3004
port-object eq 3005
port-object eq 3006
port-object eq 3007
port-object eq 3008
port-object eq 3009
port-object eq 3010
port-object eq 990
port-object eq https
object-group network DM_INLINE_NETWORK_12
network-object host 66.162.202.102
network-object host 66.162.222.101
object-group network DM_INLINE_NETWORK_14
network-object host 66.54.190.98
network-object host 70.247.123.140
network-object host 70.247.123.102
object-group network DM_INLINE_NETWORK_13
network-object 192.168.3.0 255.255.255.0
network-object 172.17.4.0 255.255.255.0
network-object 172.17.2.0 255.255.255.0
network-object 172.17.1.0 255.255.255.0
object-group network DM_INLINE_NETWORK_15
network-object host 192.168.254.88
network-object host 192.168.254.91
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_16
network-object host 69.20.14.82
network-object host 98.129.143.85
network-object host 98.129.143.86
object-group network DM_INLINE_NETWORK_17
network-object host 192.168.253.68
network-object host 192.168.253.73
object-group service DM_INLINE_TCP_4 tcp
port-object range 3000 3010
port-object eq 990
object-group network DM_INLINE_NETWORK_18
network-object host 192.168.253.68
network-object host 192.168.253.73
object-group network DM_INLINE_NETWORK_19
network-object host 192.168.253.68
network-object host 192.168.253.73
object-group service DM_INLINE_TCP_5 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_6 tcp
port-object eq 8080
port-object eq www
object-group network DM_INLINE_NETWORK_20
network-object host 192.168.254.64
network-object host 192.168.254.78
object-group service DM_INLINE_TCP_7 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_8 tcp
port-object eq www
port-object eq https
access-list aclOutbound extended permit ip 172.17.5.0 255.255.255.0 any
access-list aclOutbound extended permit ip any host 206.192.226.67
access-list aclOutbound extended permit ip object-group DM_INLINE_NETWORK_15 any
access-list aclOutbound extended permit ip host 192.168.254.90 any
access-list aclOutbound extended permit icmp any any
access-list aclOutbound extended permit tcp any object-group DM_INLINE_NETWORK_14 object-group Group003
access-list aclOutbound extended permit ip any host 68.178.3.106
access-list aclOutbound extended permit tcp host 192.168.254.53 any
access-list aclOutbound extended permit ip 192.168.200.0 255.255.255.224 any
access-list aclOutbound extended permit tcp host 192.168.253.3 any
access-list aclOutbound extended permit tcp host 192.168.3.13 gt 1024 any
access-list aclOutbound extended permit tcp host 192.168.3.12 gt 1024 any
access-list aclOutbound extended permit tcp any gt 1024 host 64.74.187.133 eq ssh
access-list aclOutbound extended permit udp host 192.168.253.3 host 192.168.28.11 eq domain
access-list aclOutbound extended permit tcp object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_5 eq smtp
access-list aclOutbound extended permit udp host 192.168.253.3 host 219.11.22.212 eq domain
access-list aclOutbound extended permit udp host 192.168.253.3 host 73.92.6.1 eq domain
access-list aclOutbound extended permit udp object-group DM_INLINE_NETWORK_7 gt 1024 any eq domain
access-list aclOutbound extended permit tcp object-group DM_INLINE_NETWORK_8 gt 1024 any eq domain
access-list aclOutbound extended permit tcp any host 208.29.11.6 eq www
access-list aclOutbound extended permit tcp any 65.247.178.0 255.255.255.0
access-list aclOutbound extended permit tcp any host 73.38.24.151 eq www
access-list aclOutbound extended permit tcp any 64.119.6.0 255.255.255.0 eq https
access-list aclOutbound extended permit tcp any 64.119.6.0 255.255.255.0 eq www
access-list aclOutbound extended permit tcp host 192.168.254.69 any eq https
access-list aclOutbound extended permit tcp host 192.168.254.69 any eq www
access-list aclOutbound extended permit tcp host 192.168.254.58 gt 1024 host 156.55.133.88 eq https
access-list aclOutbound extended permit tcp host 192.168.254.57 gt 1024 host 156.55.133.88 eq https
access-list aclOutbound extended permit tcp host 192.168.254.74 gt 1024 host 156.55.133.88 eq https
access-list aclOutbound extended permit tcp host 192.168.254.73 gt 1024 host 156.55.133.88 eq https
access-list aclOutbound extended permit tcp host 192.168.254.56 gt 1024 host 156.55.133.88 eq https
access-list aclOutbound extended permit tcp host 192.168.254.56 gt 1024 host 216.88.21.94 eq https
access-list aclOutbound extended permit tcp host 192.168.254.73 gt 1024 host 216.88.21.94 eq https
access-list aclOutbound extended permit tcp host 192.168.254.74 gt 1024 host 216.88.21.94 eq https
access-list aclOutbound extended permit tcp host 192.168.254.57 gt 1024 host 216.88.21.94 eq https
access-list aclOutbound extended permit tcp host 192.168.254.58 gt 1024 host 216.88.21.94 eq https
access-list aclOutbound extended permit tcp any gt 1024 209.83.0.0 255.255.0.0 eq https
access-list aclOutbound extended permit tcp any gt 1024 209.83.0.0 255.255.0.0 eq www
access-list aclOutbound extended permit tcp host 192.168.254.58 gt 1024 host 69.15.79.45 eq https
access-list aclOutbound extended permit tcp host 192.168.254.57 gt 1024 host 69.15.79.45 eq https
access-list aclOutbound extended permit tcp host 192.168.254.74 gt 1024 host 69.15.79.45 eq https
access-list aclOutbound extended permit tcp host 192.168.254.73 gt 1024 host 69.15.79.45 eq https
access-list aclOutbound extended permit tcp host 192.168.254.56 gt 1024 host 69.15.79.45 eq https
access-list aclOutbound extended permit tcp host 192.168.254.22 any eq https
access-list aclOutbound extended permit tcp host 192.168.253.3 host 216.133.153.209 eq https
access-list aclOutbound extended permit tcp host 192.168.253.3 host 63.239.89.209 eq https
access-list aclOutbound extended permit tcp host 192.168.254.70 gt 1024 any eq ftp
access-list aclOutbound extended permit tcp host 192.168.254.70 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.254.93 any object-group DM_INLINE_TCP_2
access-list aclOutbound extended permit udp host 192.168.254.70 any eq ntp
access-list aclOutbound extended permit tcp host 192.168.254.70 gt 1024 any object-group DM_INLINE_TCP_1
access-list aclOutbound extended permit tcp host 192.168.254.53 any eq https
access-list aclOutbound extended permit tcp host 192.168.254.53 any eq www
access-list aclOutbound extended permit tcp host 192.168.254.53 76.82.25.0 255.255.255.0 eq www
access-list aclOutbound extended permit tcp host 192.168.254.53 host 76.82.25.124 eq www
access-list aclOutbound extended permit tcp host 192.168.254.53 host 128.32.18.152 eq www
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 host 72.11.115.82 eq www
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 host 63.228.225.68 eq www
access-list aclOutbound extended permit tcp host 192.168.254.20 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.254.20 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.98.101 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.98.102 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.98.102 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.98.101 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.98.100 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.98.100 gt 1024 any eq www
access-list aclOutbound extended permit tcp any gt 1024 host 73.42.4.92 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 73.42.4.92 eq https
access-list aclOutbound extended permit tcp any gt 1024 host 73.42.4.30 eq www
access-list aclOutbound extended permit tcp any host 171.71.18.210 eq https
access-list aclOutbound extended permit tcp any host 171.71.18.210 eq www
access-list aclOutbound extended permit tcp any host 161.107.1.28 eq www
access-list aclOutbound extended permit tcp any host 24.21.2.210 eq www
access-list aclOutbound extended permit tcp any host 161.107.1.28 eq https
access-list aclOutbound extended permit tcp any host 24.21.2.210 eq https
access-list aclOutbound extended permit tcp any gt 1024 host 192.168.253.70 eq https
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 216.251.40.167 eq https
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 216.251.40.167 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 74.71.24.7 eq www
access-list aclOutbound extended permit tcp host 192.168.46.5 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.46.5 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.45.5 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.45.5 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.40.5 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.40.5 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.6.5 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.6.5 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.5.5 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.5.5 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.4.5 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.4.5 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.1.5 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.1.5 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.1.6 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.1.6 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.3.3 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.3.3 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.3.2 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.3.2 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.3.3 any eq https
access-list aclOutbound extended permit tcp host 192.168.3.11 gt 1024 any eq https
access-list aclOutbound extended permit tcp host 192.168.3.11 gt 1024 any eq www
access-list aclOutbound extended permit tcp any gt 1024 host 66.77.163.69 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 216.127.90.71 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 63.150.177.233 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 63.240.63.69 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 66.77.163.60 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 209.87.177.249 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 209.87.177.246 eq www
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 208.253.248.230 eq www
access-list aclOutbound extended permit tcp host 192.168.3.4 gt 1024 any eq www
access-list aclOutbound extended permit tcp host 192.168.3.7 gt 1024 any eq www
access-list aclOutbound extended permit tcp any host 66.45.50.182 eq https
access-list aclOutbound extended permit tcp any host 66.45.50.182 eq www
access-list aclOutbound extended permit tcp any host 64.126.107.126 eq 81
access-list aclOutbound extended permit tcp any gt 1024 host 82.1.79.232 eq www
access-list aclOutbound extended permit tcp any gt 1024 host 82.1.79.232 eq https
access-list aclOutbound extended permit tcp host 192.168.254.64 gt 1024 host 216.46.96.180 eq https
access-list aclOutbound extended permit tcp host 192.168.254.80 host 24.21.2.210 eq www
access-list aclOutbound extended permit tcp host 192.168.254.66 gt 1024 any eq https
access-list aclOutbound extended permit tcp any host 207.104.75.171 eq www
access-list aclOutbound extended permit tcp object-group DM_INLINE_NETWORK_13 gt 1024 156.55.0.0 255.255.0.0 eq https
access-list aclOutbound extended permit tcp host 192.168.254.63 host 24.21.2.210 eq www
access-list aclOutbound extended permit tcp host 192.168.254.64 any eq www
access-list aclOutbound extended permit tcp host 192.168.254.64 any eq https
access-list aclOutbound extended permit tcp host 192.168.98.100 any eq ftp
access-list aclOutbound extended permit tcp host 192.168.98.101 any eq ftp
access-list aclOutbound extended permit tcp 192.168.98.0 255.255.255.0 gt 1024 host 73.42.4.40 range 49152 65534
access-list aclOutbound extended permit tcp 192.168.98.0 255.255.255.0 gt 1024 host 73.42.4.40 eq 2021
access-list aclOutbound extended permit tcp host 192.168.254.53 gt 1024 host 66.116.125.203 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 204.10.188.75 eq ftp
access-list aclOutbound extended permit ip host 192.168.254.64 any
access-list aclOutbound extended permit tcp host 192.168.254.64 any eq ftp
access-list aclOutbound extended permit tcp any host 82.1.79.229
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 63.91.129.159 eq ftp
access-list aclOutbound extended permit tcp any host 69.4.70.37
access-list aclOutbound extended permit tcp any host 69.4.70.37 eq ftp
access-list aclOutbound extended permit tcp 192.168.98.0 255.255.255.0 gt 1024 host 73.42.4.3 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 76.21.19.23 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 226.91.26.4 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 226.91.27.31 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 216.40.96.253 eq ftp
access-list aclOutbound extended permit tcp 192.168.1.0 255.255.255.0 gt 1024 host 216.40.96.253 eq ftp
access-list aclOutbound extended permit tcp 192.168.1.0 255.255.255.0 gt 1024 host 219.61.15.195 eq ftp
access-list aclOutbound extended permit tcp 192.168.98.0 255.255.255.0 gt 1024 host 76.42.14.242 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 79.81.21.26 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 76.91.3.62 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 65.164.154.197 eq ftp
access-list aclOutbound extended permit tcp 192.168.254.0 255.255.255.0 gt 1024 host 226.11.11.71 eq ftp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 226.11.11.71 eq ftp
access-list aclOutbound extended permit tcp any gt 1024 host 209.243.49.115 eq ftp
access-list aclOutbound extended permit tcp any gt 1024 host 66.150.100.50 eq ftp
access-list aclOutbound extended permit udp any host 66.187.233.4 eq ntp
access-list aclOutbound extended permit udp any host 209.132.176.4 eq ntp
access-list aclOutbound extended permit udp any host 66.187.224.4 eq ntp
access-list aclOutbound extended permit udp any host 209.81.9.7 eq ntp
access-list aclOutbound extended permit udp host 192.168.253.3 host 219.11.22.240 eq ntp
access-list aclOutbound extended permit udp host 192.168.254.88 gt 1024 host 75.21.22.254 eq snmp
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 226.91.24.253 eq telnet
access-list aclOutbound extended permit tcp host 172.0.1.1 gt 1024 host 166.55.25.41 eq 31334
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 226.91.27.155 eq 1024
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 226.91.27.155 eq telnet
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 156.55.0.0 255.255.0.0 eq 2443
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 69.4.70.37 eq 3389
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 192.168.253.69 eq 3389
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 192.168.253.68 eq 3389
access-list aclOutbound extended permit tcp host 192.168.253.3 gt 1024 host 219.11.22.180 range 3000 3004
access-list aclOutbound extended permit tcp host 192.168.253.3 gt 1024 host 73.92.6.180 range 3000 3004
access-list aclOutbound extended permit tcp host 192.168.253.3 gt 1024 host 219.11.22.132 range 3000 3004
access-list aclOutbound extended permit tcp host 192.168.253.3 gt 1024 host 73.92.6.132 range 3000 3004
access-list aclOutbound extended permit tcp 192.168.98.0 255.255.255.0 gt 1024 host 192.168.253.68 eq 445
access-list aclOutbound extended permit udp 192.168.98.0 255.255.255.0 gt 1024 object-group DM_INLINE_NETWORK_18 eq netbios-ns
access-list aclOutbound extended permit tcp 192.168.98.0 255.255.255.0 gt 1024 object-group DM_INLINE_NETWORK_19 eq netbios-ssn
access-list aclOutbound extended permit tcp any gt 1024 22.23.18.0 255.255.255.0 eq citrix-ica
access-list aclOutbound extended permit tcp any host 82.1.79.233 eq 15000
access-list aclOutbound extended permit udp host 192.168.254.25 eq domain host 192.168.253.71 gt 1024
access-list aclOutbound extended permit udp host 192.168.254.25 eq domain host 192.168.253.72 gt 1024
access-list aclOutbound extended permit udp host 192.168.254.30 eq domain host 192.168.253.72 gt 1024
access-list aclOutbound extended permit udp host 192.168.254.30 eq domain host 192.168.253.71 gt 1024
access-list aclOutbound extended permit tcp any gt 1024 host 66.45.50.182 eq 15000
access-list aclOutbound extended permit tcp any host 192.168.253.68 eq 3389
access-list aclOutbound extended permit udp 192.168.3.0 255.255.255.0 gt 1024 170.224.69.0 255.255.255.0
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 170.224.69.0 255.255.255.0
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 170.224.69.0 255.255.255.0 range 41000 41010
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 129.41.33.0 255.255.255.0 eq 8090
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 129.41.33.0 255.255.255.0 eq 5010
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 129.41.33.249 eq 5010
access-list aclOutbound extended permit tcp 192.168.3.0 255.255.255.0 gt 1024 host 129.41.33.249 eq 8090
access-list aclOutbound extended permit tcp any host 204.200.27.56 eq 15000
access-list aclOutbound extended permit tcp any host 192.168.253.73 eq 3389
access-list aclOutbound extended permit tcp host 192.168.254.37 host 192.168.253.68 eq 445
access-list aclOutbound extended permit tcp host 192.168.254.37 host 192.168.253.68 eq netbios-ssn
access-list aclOutbound extended permit tcp any 63.251.167.0 255.255.255.192
access-list aclOutbound extended permit tcp any host 73.42.5.37
access-list aclOutbound extended permit ip any 64.95.53.0 255.255.255.192
access-list aclOutbound extended permit tcp any host 216.111.160.231
access-list aclOutbound extended permit tcp host 192.168.47.3 any
access-list aclOutbound extended permit tcp 172.17.1.0 255.255.255.0 host 209.83.30.254
access-list aclOutbound extended permit tcp 172.17.1.0 255.255.255.0 host 209.83.10.75
access-list aclOutbound extended permit tcp host 192.168.254.65 range 1422 1423 host 226.91.25.76
access-list aclOutbound extended permit tcp host 192.168.254.65 range 1422 1423 host 226.91.25.77
access-list aclOutbound extended permit ip object-group DM_INLINE_NETWORK_9 any
access-list aclOutbound extended permit tcp host 192.168.254.65 host 226.91.25.76
access-list aclOutbound extended permit tcp host 192.168.254.65 host 226.91.25.77
access-list aclOutbound extended permit ip any host 64.90.232.100
access-list aclOutbound extended permit ip host 192.168.254.88 host 75.21.22.254
access-list aclOutbound extended permit tcp host 192.168.254.39 host 208.238.127.9 eq ssh
access-list aclOutbound extended permit tcp host 192.168.254.39 host 226.11.11.71 eq ftp
access-list aclOutbound extended permit tcp host 192.168.254.39 gt 1024 host 12.6.41.90 eq ssh
access-list aclOutbound extended permit tcp host 192.168.254.39 host 12.6.41.121 eq 10022
access-list aclOutbound extended permit tcp host 192.168.254.39 host 70.247.123.141 eq ssh
access-list aclOutbound extended permit tcp host 192.168.254.39 host 226.91.27.31 eq ftp
access-list aclOutbound extended permit tcp host 192.168.254.39 host 63.91.129.159 eq ftp
access-list aclOutbound extended permit tcp host 192.168.254.70 host 215.81.10.66 eq ssh
access-list aclOutbound extended permit tcp any host 192.168.253.73 object-group DM_INLINE_TCP_5
access-list aclOutbound extended deny ip any any
access-list aclInbound extended permit icmp any any
access-list aclInbound extended permit tcp any host 75.21.22.14 eq ssh
access-list aclInbound extended permit tcp any host 75.21.22.4 eq https
access-list aclInbound extended permit tcp host 69.20.12.19 host 75.21.22.15 eq https
access-list aclInbound extended permit tcp host 69.20.14.83 host 75.21.22.15 eq https
access-list aclInbound extended permit tcp object-group DM_INLINE_NETWORK_16 host 75.21.22.15 eq https
access-list aclInbound extended permit tcp object-group DM_INLINE_NETWORK_12 gt 1024 host 75.21.22.15 object-group DM_INLINE_TCP_3
access-list aclInbound extended permit tcp host 66.194.80.181 gt 1024 host 75.21.22.15 eq https
access-list aclInbound extended permit tcp host 66.194.80.183 gt 1024 host 75.21.22.15 eq https
access-list aclInbound extended permit tcp host 219.11.22.240 host 75.21.22.14 eq 3001
access-list aclInbound extended permit tcp host 219.11.22.240 host 192.168.253.3 eq 3001
access-list aclInbound extended permit tcp any host 75.21.22.6 eq smtp
access-list aclInbound extended permit tcp any host 75.21.22.2 eq smtp
access-list aclInbound extended permit udp any host 75.21.22.2 eq 6277 log
access-list aclInbound extended permit tcp host 208.253.69.119 host 75.21.22.8 eq 3389
access-list aclInbound extended permit tcp host 65.213.226.171 host 75.21.22.8 eq 3389
access-list aclInbound extended permit tcp host 69.194.80.162 host 75.21.22.21 object-group DM_INLINE_TCP_4
access-list aclInbound extended permit tcp any host 75.21.22.21 eq https
access-list aclInbound extended deny ip any any
access-list 80 extended permit ip host 192.168.254.62 host 192.168.253.68
access-list 80 extended permit ip host 192.168.254.84 host 192.168.253.72
access-list 80 extended permit ip 192.168.0.0 255.255.0.0 192.168.5.0 255.255.255.0
access-list 80 extended permit ip host 192.168.254.53 10.254.231.0 255.255.255.0
access-list 80 extended permit ip object-group DM_INLINE_NETWORK_11 host 192.168.253.72
access-list 80 extended permit ip host 192.168.46.3 host 192.168.253.72
access-list 80 extended permit ip host 192.168.46.3 host 192.168.253.71
access-list 80 extended permit ip host 192.168.254.40 host 192.168.253.71
access-list 80 extended permit ip object-group DM_INLINE_NETWORK_20 host 192.168.253.73
access-list aclother extended permit tcp host 166.55.25.13 host 172.0.1.1 eq 31950
access-list aclother extended permit tcp host 166.55.73.109 host 172.0.1.1 eq 31950
access-list aclother extended permit tcp host 226.91.26.23 host 172.0.1.1 eq 12210
access-list aclother extended permit tcp host 73.42.5.14 host 172.0.1.1 range 31002 31008
access-list aclother extended permit tcp host 166.55.25.41 host 172.0.1.1 eq 36667
access-list aclother extended permit tcp host 226.91.26.41 gt 1024 host 172.0.1.1 eq 12210
access-list aclother extended permit object-group TCPUDP 204.17.126.72 255.255.255.248 host 75.21.22.19 eq www
access-list aclother extended permit object-group TCPUDP 12.130.50.160 255.255.255.248 host 75.21.22.19 eq www
access-list aclother extended permit tcp 12.130.50.168 255.255.255.252 host 75.21.22.20 eq ftp
access-list aclother extended permit tcp host 192.168.253.73 host 192.168.253.38 object-group DM_INLINE_TCP_8
access-list aclother extended permit icmp any any
access-list aclDMZ extended permit object-group DM_INLINE_SERVICE_1 object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_1
access-list aclDMZ extended permit udp object-group DM_INLINE_NETWORK_17 object-group DM_INLINE_NETWORK_3 eq domain
access-list aclDMZ extended permit tcp host 192.168.253.72 any eq smtp
access-list aclDMZ extended permit tcp host 192.168.253.71 any eq smtp
access-list aclDMZ extended permit tcp host 192.168.253.72 76.11.1.0 255.255.255.0 eq 2703
access-list aclDMZ extended permit tcp host 192.168.253.71 76.11.1.0 255.255.255.0 eq 2703
access-list aclDMZ extended permit tcp host 192.168.253.72 any eq ftp inactive
access-list aclDMZ extended permit tcp host 192.168.253.71 any eq ftp
access-list aclDMZ extended permit tcp host 192.168.253.72 host 214.21.19.120 eq ftp
access-list aclDMZ extended permit tcp host 192.168.253.71 host 214.21.19.120 eq ftp
access-list aclDMZ extended permit tcp host 192.168.253.71 any eq access-list aclDMZ extended permit tcp host 192.168.253.72 any eq access-list aclDMZ extended permit tcp host 192.168.253.72 gt 1024 host 77.76.2.202 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 gt 1024 host 77.76.2.202 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 128.171.104.133 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 128.171.104.133 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 204.152.191.7 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 204.152.191.7 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 209.132.177.50 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 209.132.177.50 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 212.219.56.131 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 212.219.56.131 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 204.127.198.25 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 204.127.198.25 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 202.127.198.25 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 202.127.198.25 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 212.69.37.57 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 212.69.37.57 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 208.42.148.125 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 208.42.148.125 eq www
access-list aclDMZ extended permit tcp host 192.168.253.71 host 208.201.239.8 eq www
access-list aclDMZ extended permit tcp host 192.168.253.72 host 208.201.239.8 eq www
access-list aclDMZ extended permit tcp host 192.168.253.68 host 192.168.254.21 eq 20000
access-list aclDMZ extended permit tcp host 192.168.253.68 host 192.168.254.62 eq 8009
access-list aclDMZ extended permit tcp host 192.168.253.68 host 192.168.254.62 eq 8080
access-list aclDMZ extended permit tcp host 192.168.253.73 host 192.168.254.78 object-group DM_INLINE_TCP_6
access-list aclDMZ extended permit tcp host 192.168.253.73 host 192.168.254.64 eq www
access-list aclDMZ extended permit tcp host 192.168.253.38 host 192.168.253.73 object-group DM_INLINE_TCP_7
access-list aclDMZ extended permit tcp host 192.168.253.73 any eq https
access-list aclDMZ extended permit tcp host 192.168.253.73 any eq www
access-list aclDMZ extended permit tcp host 192.168.253.68 any eq https
access-list aclDMZ extended permit tcp host 192.168.253.68 any eq www
access-list aclDMZ extended permit ip host 192.168.253.71 any
access-list aclDMZ extended permit ip host 192.168.253.72 any
access-list aclDMZ remark Deny ALL
access-list aclDMZ extended deny ip any any
access-list Outside_1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_NETWORK_10
access-list 90 extended permit ip host 192.168.254.40 host 192.168.253.72
access-list 90 extended permit ip host 192.168.254.40 host 192.168.253.71
pager lines 24
logging enable
logging timestamp
logging standby
logging buffer-size 16000
logging buffered debugging
logging trap debugging
logging asdm notifications
logging facility 18
logging device-id ipaddress Inside
logging host Inside 192.168.254.75
mtu Outside 1500
mtu Inside 1500
mtu other 1500
mtu DMZ 1500
mtu management 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface Inside
ip verify reverse-path interface other
ip verify reverse-path interface DMZ
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any Inside
icmp permit any other
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (Outside) 1 75.21.22.1 netmask 255.255.255.0
global (other) 1 192.168.253.44 netmask 255.255.255.224
global (DMZ) 1 192.168.253.93 netmask 255.255.255.224
nat (Inside) 0 access-list 80
nat (Inside) 1 0.0.0.0 0.0.0.0
nat (other) 1 0.0.0.0 0.0.0.0
nat (DMZ) 1 0.0.0.0 0.0.0.0
static (DMZ,Outside) 75.21.22.4 192.168.253.70 netmask 255.255.255.255
static (Inside,Outside) 75.21.22.8 192.168.254.53 netmask 255.255.255.255
static (Inside,other) 172.0.1.1 172.0.1.1 netmask 255.255.255.255
static (Inside,Outside) 75.21.22.14 192.168.253.3 netmask 255.255.255.255
static (Inside,Outside) 75.21.22.15 192.168.254.64 netmask 255.255.255.255
static (DMZ,Outside) 75.21.22.7 192.168.253.72 netmask 255.255.255.255
static (Inside,Outside) 75.21.22.2 192.168.254.90 netmask 255.255.255.255
static (Inside,other) 75.21.22.19 192.168.254.31 netmask 255.255.255.255
static (Inside,other) 75.21.22.20 192.168.3.222 netmask 255.255.255.255
static (DMZ,Outside) 75.21.22.21 192.168.253.73 netmask 255.255.255.255
access-group aclInbound in interface Outside
access-group aclOutbound in interface Inside
access-group aclother in interface other
access-group aclDMZ in interface DMZ
route Outside 0.0.0.0 0.0.0.0 75.21.22.254 1
route other 12.130.50.160 255.255.255.248 192.168.253.37 1
route other 12.130.50.168 255.255.255.252 192.168.253.37 1
route Outside 63.0.0.0 255.0.0.0 75.21.22.254 1
route other 73.42.5.14 255.255.255.255 192.168.253.38 1
route other 166.55.73.73 255.255.255.255 192.168.253.35 1
route other 166.55.73.109 255.255.255.255 192.168.253.39 1
route other 156.55.245.41 255.255.255.255 192.168.253.35 1
route other 166.55.25.13 255.255.255.255 192.168.253.39 1
route other 166.55.25.41 255.255.255.255 192.168.253.35 1
route Inside 192.168.0.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.1.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.3.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.4.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.5.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.6.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.7.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.40.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.45.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.46.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.47.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.50.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.51.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.98.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.103.203 255.255.255.255 192.168.253.30 1
route Inside 192.168.200.0 255.255.255.224 192.168.253.30 1
route Inside 192.168.250.0 255.255.255.0 192.168.253.30 1
route Inside 192.168.252.0 255.255.255.224 192.168.253.30 1
route Inside 192.168.254.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.1.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.2.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.3.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.4.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.5.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.6.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.7.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.8.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.9.0 255.255.255.0 192.168.253.30 1
route Inside 172.17.10.0 255.255.255.0 192.168.253.30 1
route Inside 172.20.98.0 255.255.255.0 192.168.253.30 1
route other 172.27.56.43 255.255.255.255 192.168.253.36 1
route Inside 172.0.1.0 255.255.255.0 192.168.253.30 1
route other 204.17.126.72 255.255.255.248 192.168.253.37 1
route other 226.91.24.0 255.255.252.0 192.168.253.36 1
route other 226.91.27.155 255.255.255.255 192.168.253.36 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.200.0 255.255.255.224 Inside
http 192.168.254.0 255.255.255.0 Inside
snmp-server host Inside 192.168.254.88 community public version 2c udp-port 161
snmp-server location SNMPcentral
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 22.22.22.251
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 1 set security-association lifetime seconds 604800
crypto map Outside_map 1 set security-association lifetime kilobytes 2147483647
crypto map Outside_map interface Outside
crypto isakmp identity address
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp enable management
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet timeout 5
ssh 192.168.200.0 255.255.255.0 Inside
ssh 192.168.254.0 255.255.255.0 Inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd update dns
!
vpn load-balancing
interface lbpublic DMZ
interface lbprivate DMZ
threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect esmtp
inspect http
inspect tftp
inspect dns
!
service-policy global_policy global
ntp server 192.168.98.2 source Inside prefer
ntp server 192.168.45.3 source Inside prefer
ntp server 192.168.254.40 source Inside prefer
group-policy SSLVPNGRP internal
group-policy SSLVPNGRP attributes
vpn-tunnel-protocol webvpn
webvpn
url-list value TestBookMarks
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
username login password ppaasssswwoorrdd encrypted privilege 15
tunnel-group 22.22.22.251 type ipsec-l2l
tunnel-group 22.22.22.251 ipsec-attributes
pre-shared-key *
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
authorization-server-group LOCAL
default-group-policy SSLVPNGRP
prompt hostname context
Cryptochecksum:ffffffffffffffffffffffffffffff
: end
CISCO-ASA# exit

Thanks for any help you can provide!
 
Upvote 0 Downvote
Don't use the same security level for both.
I know you can now, and I remember reading in the ASA config guide what you have to do to make it work, but why make life difficult for yourself?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
1K
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
670
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
628
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
583
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
442
gkreg
gkreg

Part and Inventory Search

Sponsor

Back
Top