Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Internal network losing external DNS access

Internal network losing external DNS access 7 years 9 months ago #29498

  • tklarr
  • tklarr's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Periodically ( twice within the past 3 weeks ) the ability for my internal DNS server to resolve external addresses is failing. The DNS on a DMZ machine works just fine. I do a reload of the PIX 515E using IOS 6.3 (1) and then the external name resolution works just fine. I can see the hits on the access-list for that server increment up, but it is as if it can't get out of the PIX anymore.

Any ideas?

Thanks,
tklarr
The administrator has disabled public write access.

Re: Internal network losing external DNS access 7 years 9 months ago #29500

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
At first, it sounds like an overloaded PIX due to high traffic. But this is just a guess. It would help if you could post your config, you can mask out any private info.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: Internal network losing external DNS access 7 years 9 months ago #29502

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
At first, it sounds like an overloaded PIX due to high traffic. But this is just a guess. It would help if you could post your config, you can mask out any private info.

Would be feasible......

For the server in the DMZ, are there Static translations in place....that could back up S0lo's suggestion.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

config 7 years 9 months ago #29503

  • tklarr
  • tklarr's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
At first I thought maybe it was because I had hit the udp conn limit. But after looking around on the pix config, I am not so sure about that.

Here is most of the config:


PIX Version 6.3(1)
interface ethernet0 100full
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz1 security50
|
hostname SFW
domain-name smythco.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
|
pager lines 24
logging on
logging timestamp
logging history alerts
logging host inside ……………………
icmp permit host ………………………
icmp permit any outside
icmp permit host …………………
icmp permit any inside
mtu outside 1500
mtu inside 1500
mtu dmz1 1500
ip address outside 204.220.24.105 255.255.255.248
ip address inside ………………..
ip address dmz1 ……………………
ip audit name IDSATTACK attack action alarm drop
ip audit name IDSINFO info action alarm
ip audit interface outside IDSINFO
ip audit interface outside IDSATTACK
ip audit info action alarm
ip audit attack action alarm
|
pdm history enable
arp timeout 14400
global (outside) 1 204.220.24.106
nat (inside) 0 access-list vpn
nat (inside) 1 196.77.12.0 255.255.255.0 0 0
nat (inside) 1 10.30.0.0 255.255.0.0 0 0
nat (inside) 1 10.40.0.0 255.255.0.0 0 0
nat (inside) 1 10.50.0.0 255.255.0.0 0 0
nat (inside) 1 10.60.0.0 255.255.0.0 0 0
nat (inside) 1 10.70.0.0 255.255.0.0 0 0
nat (inside) 1 10.80.0.0 255.255.0.0 0 0
nat (inside) 1 10.90.0.0 255.255.0.0 0 0
nat (dmz1) 0 access-list DMZnoNAT
nat (dmz1) 1 192.168.168.0 255.255.255.0 0 0
static (inside,dmz1)
static (dmz1,inside) 192.168.168.0 192.168.168.0 netmask 255.255.255.0 0 0
static (inside,outside) cache-outside 196.77.12.252 netmask 255.255.255.255 200 400
static (inside,outside) oak-outside 196.77.12.200 netmask 255.255.255.255 200 400
static (inside,outside) KarenPCAny-outside 196.77.12.50 netmask 255.255.255.255 200 400
static (inside,outside) intellops-outside 196.77.12.161 netmask 255.255.255.255 200 400
static (inside,outside) smythsp-outside 196.77.12.134 netmask 255.255.255.255 200 400
static (inside,outside) eagle-outside 196.77.12.192 netmask 255.255.255.255 200 400
static (dmz1,outside) commerce-outside 192.168.168.20 netmask 255.255.255.255 200 400
static (dmz1,outside) webipg-outside 192.168.168.25 netmask 255.255.255.255 200 400
static (dmz1,outside) webrepack-outside 192.168.168.30 netmask 255.255.255.255 200 400
static (dmz1,outside) salesync-outside 192.168.168.24 netmask 255.255.255.255 200 400
static (inside,outside) www4-outside 10.50.0.25 netmask 255.255.255.255 200 400
static (inside,dmz1) 10.40.0.0 10.40.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.30.0.0 10.30.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.50.0.0 10.50.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.60.0.0 10.60.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.70.0.0 10.70.0.0 netmask 255.255.0.0 0 0
static (dmz1,outside) mail2-outside 192.168.168.26 netmask 255.255.255.255 200 400
static (dmz1,outside) mail-outside 192.168.168.23 netmask 255.255.255.255 200 400
static (inside,dmz1) 10.80.0.0 10.80.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 172.10.0.0 172.0.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.90.0.0 10.90.0.0 netmask 255.255.0.0 0 0
static (outside,dmz1) 192.1.1.0 192.1.1.0 netmask 255.255.255.0 0 0
static (outside,dmz1) 10.20.0.0 10.20.0.0 netmask 255.255.0.0 0 0
static (outside,dmz1) 10.10.10.0 10.10.10.0 netmask 255.255.255.0 0 0
static (inside,outside) unity-outside 10.40.1.50 netmask 255.255.255.255 200 400
static (dmz1,outside) epace-outside 192.168.168.27 netmask 255.255.255.255 200 400
access-group outside_acl in interface outside
access-group inside_acl in interface inside
access-group dmz1_acl in interface dmz1
route outside 0.0.0.0 0.0.0.0 204.220.24.110 1
route inside 10.0.0.0 255.0.0.0 196.77.12.253 0
route inside 10.10.10.0 255.255.255.0 196.77.12.253 1
route outside 10.20.0.0 255.255.0.0 204.220.24.110 1
route inside 10.30.0.0 255.255.0.0 196.77.12.253 1
route inside 10.40.0.0 255.255.0.0 196.77.12.253 1
route inside 10.50.0.0 255.255.0.0 196.77.12.253 1
route inside 10.60.0.0 255.255.0.0 196.77.12.253 1
route inside 10.70.0.0 255.255.0.0 196.77.12.253 1
route inside 10.80.0.0 255.255.0.0 196.77.12.253 1
route inside 10.90.0.0 255.255.0.0 196.77.12.253 1
route inside 172.10.0.0 255.255.0.0 196.77.12.253 1
route outside 192.1.1.0 255.255.255.0 204.220.24.110 1
timeout xlate 12:00:00
timeout conn 12:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 2:00:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
|
no snmp-server location
no snmp-server contact
snmp-server
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
service resetinbound
crypto ipsec transform-set
crypto ipsec transform-set
crypto ipsec transform-set
crypto dynamic-map
crypto map smyth-map 10
crypto map smyth-map 10
crypto map smyth-map 10
crypto map smyth-map 10
crypto map smyth-map 20
crypto map smyth-map 50
crypto map smyth-map 50
crypto map smyth-map 50
crypto map smyth-map 50
crypto map smyth-map 50
crypto map smyth-map
crypto map smyth-map
crypto map smyth-map
isakmp enable outside
isakmp enable inside
isakmp key ********
isakmp key ********
isakmp key ********
isakmp identity address
isakmp nat-traversal 20
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 2
isakmp policy 8 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
|
telnet timeout 5
|
ssh timeout 60
management-access inside
console timeout 0
terminal width 80
The administrator has disabled public write access.

Re: Internal network losing external DNS access 7 years 9 months ago #29509

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Correct me if I'm wrong here, But I don't see any of the access lists definitions. outside_acl, inside_acl, dmz1_acl, DMZnoNAT, they are all undefined although they are used:

nat (dmz1) 0 access-list DMZnoNAT
access-group outside_acl in interface outside
access-group inside_acl in interface inside
access-group dmz1_acl in interface dmz1

Is this a copy/paste typo?, or have you removed them for privacy reasons?

I recommend posting everything in the config except for your public IPs (like outside IPs) and passwords.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

more of the config 7 years 9 months ago #29515

  • tklarr
  • tklarr's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
PIX Version 6.3(1)
interface ethernet0 100full
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz1 security50
|
hostname SFW
domain-name smythco.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name XXXXXXXXXXXX NTPServer
name XXXXXXXXXXXX oak-outside
name XXXXXXXXXXXX commerce-outside
name XXXXXXXXXXXX smythsp-outside
name XXXXXXXXXXXX mail-outside
name XXXXXXXXXXXX salesync-outside
name XXXXXXXXXXXX webipg-outside
name XXXXXXXXXXXX intellops-outside
name XXXXXXXXXXXX KarenPCAny-outside
name XXXXXXXXXXXX cache-outside
name XXXXXXXXXXXX eagle-outside
name XXXXXXXXXXXX webrepack-outside
name XXXXXXXXXXXX www4-outside
name XXXXXXXXXXXX mail2-outside
name XXXXXXXXXXXX unity-outside
name XXXXXXXXXXXX epace-outside
access-list outside_acl permit tcp any host oak-outside eq 465
access-list outside_acl permit tcp any host oak-outside eq smtp
access-list outside_acl permit tcp any host oak-outside eq ldaps
access-list outside_acl permit tcp any host oak-outside eq 993
access-list outside_acl permit tcp any host oak-outside eq 9100
access-list outside_acl permit tcp any host webrepack-outside eq www
access-list outside_acl permit tcp any host webrepack-outside eq https
access-list outside_acl permit tcp any host oak-outside eq www
access-list outside_acl permit tcp any host oak-outside eq https
access-list outside_acl permit tcp any host commerce-outside eq www
access-list outside_acl permit tcp any host commerce-outside eq https
access-list outside_acl permit tcp XXXXXXXXXXXXXX 255.255.255.192 host epace-outside eq ssh
access-list outside_acl permit tcp XXXXXXXXXXXXXX 255.255.255.192 host epace-outside eq www
access-list outside_acl permit udp XXXXXXXXXXXXXX 255.255.255.192 host epace-outside eq 22
access-list outside_acl permit tcp XXXXXXXXXXXXXX 255.255.255.192 host epace-outside eq https
access-list outside_acl permit tcp any host epace-outside eq ssh
access-list outside_acl permit tcp any host epace-outside eq www
access-list outside_acl permit udp any host epace-outside eq 22
access-list outside_acl permit tcp any host epace-outside eq https
access-list outside_acl permit tcp any host mail-outside eq smtp
access-list outside_acl permit tcp any host mail-outside eq ident
access-list outside_acl permit icmp any host mail-outside unreachable
access-list outside_acl permit icmp any host mail-outside time-exceeded
access-list outside_acl permit udp XXXXXXXXXXXXX 255.255.255.0 host mail-outside eq ntp
access-list outside_acl permit tcp any host mail2-outside eq smtp
access-list outside_acl permit tcp any host mail2-outside eq ftp
access-list outside_acl permit tcp any host mail2-outside eq ident
access-list outside_acl permit icmp any host mail2-outside unreachable
access-list outside_acl permit icmp any host mail2-outside time-exceeded
access-list outside_acl permit tcp any host salesync-outside eq ftp
access-list outside_acl permit tcp any host webipg-outside eq www
access-list outside_acl permit tcp any host www4-outside eq www
access-list outside_acl permit icmp any XXXXXXXXXXXXX 255.255.255.248 source-quench
access-list outside_acl permit icmp any XXXXXXXXXXXXXX 255.255.255.248 unreachable
access-list outside_acl permit icmp any XXXXXXXXXXXXXX 255.255.255.248 time-exceeded
access-list outside_acl deny ip any any log
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.141 eq 11009
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.125 eq 8009
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.141 eq 8009
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.142 eq 8009
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.138 eq 8009
access-list dmz1_acl remark to allow scp backup of files
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.158 eq 8009
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.159 eq 8009
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.150 eq 8009
access-list dmz1_acl permit udp host 192.168.168.20 host 196.77.12.238 eq domain
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.238 eq domain
access-list dmz1_acl permit udp host 192.168.168.20 host 196.77.12.203 eq domain
access-list dmz1_acl permit udp host 192.168.168.20 host 10.40.1.32 eq domain
access-list dmz1_acl permit udp host 192.168.168.25 host 10.40.1.32 eq domain
access-list dmz1_acl permit udp host 192.168.168.25 host 196.77.12.203 eq domain
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.140 eq sqlnet
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.135 eq sqlnet
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.176 eq sqlnet
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.175 eq sqlnet
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.200 eq smtp
access-list dmz1_acl remark to retrieve product images
access-list dmz1_acl remark to allow scp backup of files
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.192 eq ssh
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.125 eq ssh
access-list dmz1_acl permit tcp host 192.168.168.20 host 10.40.1.50 eq 2401
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.252 eq 3128
access-list dmz1_acl permit tcp host 192.168.168.20 host 196.77.12.252 eq 8080
access-list dmz1_acl permit tcp host 192.168.168.20 host 10.40.1.50 eq 3128
access-list dmz1_acl permit tcp host 192.168.168.20 host 10.40.1.50 eq 8080
access-list dmz1_acl permit udp host 192.168.168.23 host NTPServer eq ntp
access-list dmz1_acl permit udp host 192.168.168.23 host 130.126.24.53 eq ntp
access-list dmz1_acl permit udp host 192.168.168.23 host 140.221.9.20 eq ntp
access-list dmz1_acl permit udp host 192.168.168.23 host 10.40.1.32 eq domain
access-list dmz1_acl remark Added to allow ftp to Samba for moving config files to new servers
access-list dmz1_acl permit udp host 192.168.168.23 host 196.77.12.238 eq domain
access-list dmz1_acl permit udp host 192.168.168.23 host 196.77.12.203 eq domain
access-list dmz1_acl permit tcp host 192.168.168.23 host 196.77.12.200 eq smtp
access-list dmz1_acl deny tcp host 192.168.168.23 196.77.12.0 255.255.255.0 eq smtp
access-list dmz1_acl permit tcp host 192.168.168.23 any eq smtp
access-list dmz1_acl permit ip host 192.168.168.23 any
access-list dmz1_acl permit udp host 192.168.168.24 host 196.77.12.203 eq domain
access-list dmz1_acl permit udp host 192.168.168.24 host 10.40.1.32 eq domain
access-list dmz1_acl permit udp host 192.168.168.26 host 196.77.12.238 eq domain
access-list dmz1_acl permit udp host 192.168.168.26 host 196.77.12.203 eq domain
access-list dmz1_acl permit udp host 192.168.168.26 host 10.40.1.32 eq domain
access-list dmz1_acl permit tcp host 192.168.168.26 host 196.77.12.200 eq smtp
access-list dmz1_acl permit tcp host 192.168.168.26 any eq smtp
access-list dmz1_acl permit ip host 192.168.168.26 any
access-list dmz1_acl permit udp host 192.168.168.27 any eq domain
access-list dmz1_acl permit tcp host 192.168.168.27 any eq smtp
access-list dmz1_acl permit tcp host 192.168.168.27 any eq 123
access-list dmz1_acl permit tcp host 192.168.168.27 any eq www
access-list dmz1_acl permit tcp host 192.168.168.27 any eq ssh
access-list dmz1_acl permit tcp host 192.168.168.27 any eq https
access-list dmz1_acl permit udp host 192.168.168.27 any eq ntp
access-list dmz1_acl permit udp host 192.168.168.27 host 196.77.12.125 eq netbios-ns
access-list dmz1_acl permit udp host 192.168.168.27 host 196.77.12.125 eq netbios-dgm
access-list dmz1_acl permit tcp host 192.168.168.27 host 196.77.12.125 eq netbios-ssn
access-list dmz1_acl permit tcp host 192.168.168.27 host 196.77.12.125 eq 445
access-list dmz1_acl permit tcp host 192.168.168.30 host 196.77.12.145 eq 1433
access-list dmz1_acl permit icmp any any
access-list dmz1_acl permit icmp 10.20.0.0 255.255.0.0 any
access-list dmz1_acl permit icmp 192.1.1.0 255.255.255.0 any
access-list dmz1_acl permit icmp any 196.77.12.0 255.255.255.0 echo-reply
access-list dmz1_acl permit icmp any 196.77.12.0 255.255.255.0 unreachable
access-list dmz1_acl permit icmp any 10.40.0.0 255.255.0.0 echo-reply
access-list dmz1_acl permit icmp any 10.40.0.0 255.255.0.0 unreachable
access-list dmz1_acl deny ip any any log
access-list inside_acl remark FOR ACCESS TO FTP.SOFTWARE.IBM.COM
access-list inside_acl permit tcp host 196.77.12.3 host 207.25.253.40 eq ftp
access-list inside_acl permit tcp host 196.77.12.120 host 207.25.253.40 eq ftp
access-list inside_acl remark DNS SERVER ACCESS
access-list inside_acl permit udp host 196.77.12.213 any eq domain
access-list inside_acl permit udp host 196.77.12.213 any
access-list inside_acl permit tcp host 196.77.12.213 any
access-list inside_acl permit udp host 196.77.12.203 any eq domain
access-list inside_acl permit udp host 196.77.12.203 any
access-list inside_acl permit tcp host 196.77.12.203 any
access-list inside_acl permit tcp host 196.77.12.252 any eq www
access-list inside_acl permit udp host 10.40.1.50 any eq domain
access-list inside_acl permit ip host 10.40.1.50 any
access-list inside_acl permit ip host 10.40.1.51 any
access-list inside_acl permit udp host 10.40.1.32 any eq domain
access-list inside_acl permit ip 196.77.12.0 255.255.255.0 192.1.1.0 255.255.255.0
access-list inside_acl permit ip 196.77.12.0 255.255.255.0 10.20.0.0 255.255.0.0
access-list inside_acl permit ip 10.40.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_acl permit ip 10.50.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_acl permit ip 10.50.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list inside_acl permit ip 10.40.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list inside_acl permit ip 10.60.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list inside_acl permit ip 10.60.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_acl permit ip 10.80.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list inside_acl permit ip 10.90.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list inside_acl permit tcp host 196.77.12.252 any eq https
access-list inside_acl permit tcp 196.77.12.0 255.255.255.0 host 192.168.168.20 eq https
access-list inside_acl permit tcp 10.40.0.0 255.255.0.0 host 192.168.168.20 eq https
access-list inside_acl permit tcp host 196.77.12.252 any eq ftp
access-list inside_acl permit tcp host 196.77.12.76 192.168.168.0 255.255.255.0 eq ftp
access-list inside_acl permit tcp host 196.77.12.67 192.168.168.0 255.255.255.0 eq ftp
access-list inside_acl permit ip host 10.50.1.238 any
access-list inside_acl remark permit mail-stp to mail-bed via internet
access-list inside_acl permit tcp host 196.77.12.200 host 192.168.168.23 eq smtp
access-list inside_acl permit tcp host 196.77.12.200 host 192.168.168.26 eq smtp
access-list inside_acl permit tcp host 10.40.1.32 host 192.168.168.23 eq smtp
access-list inside_acl permit tcp host 10.40.1.32 host 192.168.168.26 eq smtp
access-list inside_acl permit tcp 196.77.12.0 255.255.255.0 host 192.168.168.23 eq smtp
access-list inside_acl permit tcp 196.77.12.0 255.255.255.0 host 192.168.168.26 eq smtp
access-list inside_acl remark Next Two Lines are NAT to Onvoy network
access-list inside_acl permit tcp any host 137.192.1.2
access-list inside_acl permit tcp any host 137.192.1.1
access-list inside_acl permit ip host 196.77.12.201 any
access-list inside_acl permit ip host 196.77.12.201 host 165.251.36.130
access-list inside_acl remark Easylink Access
access-list inside_acl permit tcp host 196.77.12.201 host 165.251.36.131 eq ftp
access-list inside_acl remark Permit connections for saleslogix synch from stp and mpls
access-list inside_acl permit tcp 196.77.12.0 255.255.255.0 host 192.168.168.24 eq ftp
access-list inside_acl permit tcp 10.40.0.0 255.255.0.0 host 192.168.168.24 eq ftp
access-list inside_acl permit tcp 10.40.0.0 255.255.0.0 host 192.168.168.25 eq ftp
access-list inside_acl permit tcp 10.40.0.0 255.255.0.0 host 192.168.168.20 eq ftp
access-list inside_acl permit tcp 196.77.12.0 255.255.255.0 host 192.168.168.20 eq ftp
access-list inside_acl permit tcp host 196.77.12.3 host 10.10.10.6 eq 9100
access-list inside_acl permit tcp host 196.77.12.3 host 10.10.10.50 eq 9100
access-list inside_acl permit tcp host 196.77.12.175 host 10.10.10.50 eq 9100
access-list inside_acl permit tcp host 196.77.12.3 host 10.10.10.51 eq 9100
access-list inside_acl permit tcp host 196.77.12.3 host 10.10.10.52 eq 9100
access-list inside_acl permit tcp host 196.77.12.175 host 10.10.10.52 eq 9100
access-list inside_acl permit tcp host 196.77.12.3 host 10.10.10.53 eq 9100
access-list inside_acl permit tcp host 196.77.12.3 host 10.10.10.55 eq 9100
access-list inside_acl permit tcp host 196.77.12.175 host 10.10.10.55 eq 9100
access-list inside_acl remark permit jabber/yahoo gateway
access-list inside_acl permit udp host 196.77.12.200 any eq 5060
access-list inside_acl remark following are for ntp from mail.smythco.com
access-list inside_acl permit udp 196.77.12.0 255.255.255.0 host 192.168.168.23 eq ntp
access-list inside_acl permit udp 10.40.0.0 255.255.0.0 host 192.168.168.23 eq ntp
access-list inside_acl permit udp 10.50.0.0 255.255.0.0 host 192.168.168.23 eq ntp
access-list inside_acl permit udp 10.60.0.0 255.255.0.0 host 192.168.168.23 eq ntp
access-list inside_acl permit udp 10.80.0.0 255.255.0.0 host 192.168.168.23 eq ntp
access-list inside_acl permit udp 10.90.0.0 255.255.0.0 host 192.168.168.23 eq ntp
access-list inside_acl remark permit inside hosts ssh to dmz hosts
access-list inside_acl permit tcp 196.77.12.0 255.255.255.0 192.168.168.0 255.255.255.0 eq ssh
access-list inside_acl permit tcp 10.40.0.0 255.255.0.0 192.168.168.0 255.255.255.0 eq ssh
access-list inside_acl remark internal access to smyth ftp on mail2
access-list inside_acl permit tcp 196.77.12.0 255.255.255.0 host 192.168.168.26 eq ftp
access-list inside_acl permit tcp 192.1.1.0 255.255.255.0 host 192.168.168.26 eq ftp
access-list inside_acl permit tcp 10.40.0.0 255.255.0.0 host 192.168.168.26 eq ftp
access-list inside_acl permit tcp 10.50.0.0 255.255.0.0 host 192.168.168.26 eq ftp
access-list inside_acl permit tcp 10.60.0.0 255.255.0.0 host 192.168.168.26 eq ftp
access-list inside_acl permit tcp 10.80.0.0 255.255.0.0 host 192.168.168.26 eq ftp
access-list inside_acl permit tcp 10.90.0.0 255.255.0.0 host 192.168.168.26 eq ftp
access-list inside_acl remark Access for DNB software
access-list inside_acl permit tcp host 196.77.12.171 host 159.137.146.250 eq 23202
access-list inside_acl remark Art Conference NAT
access-list inside_acl permit tcp host 196.77.12.244 any
access-list inside_acl permit udp host 196.77.12.244 any
access-list inside_acl remark CommVault
access-list inside_acl permit tcp host 196.77.12.154 any
access-list inside_acl remark Steve Y and Marge P access to ipgpac server
access-list inside_acl permit tcp host 196.77.12.67 host 192.168.168.30
access-list inside_acl remark tquale NAT
access-list inside_acl permit tcp host 10.40.0.64 any
access-list inside_acl remark Steve Yokanovich NAT
access-list inside_acl permit tcp host 196.77.12.148 any
access-list inside_acl remark Cathy Berends NAT
access-list inside_acl permit tcp host 196.77.12.90 any
access-list inside_acl permit tcp host 196.77.12.76 any
access-list inside_acl permit tcp host 196.77.12.189 any
access-list inside_acl remark Theresa Klarr NAT
access-list inside_acl permit tcp host 196.77.12.205 any
access-list inside_acl remark Mary Diebel NAT
access-list inside_acl permit tcp host 196.77.12.50 any
access-list inside_acl remark Medalla Server NAT
access-list inside_acl permit tcp host 196.77.12.177 any
access-list inside_acl permit tcp host 196.77.12.122 any
access-list inside_acl remark Steve Roeder NAT
access-list inside_acl permit tcp host 196.77.12.123 any
access-list inside_acl remark John Benson
access-list inside_acl permit tcp host 196.77.12.46 any eq nntp
access-list inside_acl remark Mike Weber NAT
access-list inside_acl permit tcp host 10.60.0.19 any
access-list inside_acl remark Jason Baldwin NAT
access-list inside_acl permit tcp host 196.77.12.111 any
access-list inside_acl remark Steve Roeder Mac NAT
access-list inside_acl permit tcp host 196.77.12.136 any
access-list inside_acl permit tcp host 196.77.12.124 any
access-list inside_acl remark Cimplicity Server NAT
access-list inside_acl permit tcp host 10.70.0.1 any
access-list inside_acl remark backup-server nic1 NAT
access-list inside_acl permit tcp host 196.77.12.125 any
access-list inside_acl remark backup-server-virtual nic2 NAT
access-list inside_acl permit tcp host 196.77.12.126 any
access-list inside_acl remark Steve Roeder NAT
access-list inside_acl permit tcp host 196.77.12.138 any
access-list inside_acl remark Kim Matthews Austin NAT
access-list inside_acl permit tcp host 10.50.0.1 any
access-list inside_acl remark Kim Madigan NAT
access-list inside_acl permit tcp host 10.40.0.1 any
access-list inside_acl remark Spare Mac Austin NAT
access-list inside_acl permit tcp host 10.50.0.53 any
access-list inside_acl remark Allow Austin printer to retrieve updates.
access-list inside_acl permit tcp host 10.50.1.12 any
access-list inside_acl remark Shelly Kinney Austin NAT
access-list inside_acl permit tcp host 10.50.0.26 any
access-list inside_acl remark Open IPs for Gary Seirra Austin NAT
access-list inside_acl permit tcp host 10.50.0.49 any
access-list inside_acl permit tcp host 10.50.0.50 any
access-list inside_acl permit tcp host 10.50.0.51 any
access-list inside_acl permit tcp host 10.50.0.52 any
access-list inside_acl remark Cindy Engleman Austin NAT
access-list inside_acl permit tcp host 10.80.0.15 any
access-list inside_acl remark dev-tomcat1 Server NAT
access-list inside_acl permit tcp host 196.77.12.91 any
access-list inside_acl remark new Carib Server NAT
access-list inside_acl permit tcp host 196.77.12.137 any
access-list inside_acl remark Auster Blazer Creo Server NAT
access-list inside_acl permit tcp host 10.60.0.15 any
access-list inside_acl remark Auster Blazer Server NAT
access-list inside_acl permit tcp host 10.60.1.11 any
access-list inside_acl remark Pluto DB Server NAT
access-list inside_acl permit tcp host 196.77.12.174 any
access-list inside_acl permit tcp host 196.77.12.176 any
access-list inside_acl remark St. Paul Stingray Server NAT
access-list inside_acl permit tcp host 196.77.12.135 any
access-list inside_acl remark Jim Lundquist NAT
access-list inside_acl permit tcp host 196.77.12.228 any
access-list inside_acl remark Steve Ivens NAT
access-list inside_acl permit tcp host 196.77.12.100 any
access-list inside_acl remark Troy Doyle Austin NAT
access-list inside_acl permit tcp host 10.50.0.17 any
access-list inside_acl remark OMET Press Main PLC NAT
access-list inside_acl permit tcp host 10.40.1.68 any
access-list inside_acl remark Open port 502 for Omet Press
access-list inside_acl permit tcp host 10.40.1.64 any eq 502
access-list inside_acl permit tcp host 10.40.1.65 any eq 502
access-list inside_acl permit tcp host 10.40.1.66 any eq 502
access-list inside_acl permit tcp host 10.40.1.67 any eq 502
access-list inside_acl permit tcp host 10.40.1.69 any eq 502
access-list inside_acl permit tcp host 10.40.1.70 any eq 502
access-list inside_acl permit tcp host 10.40.1.71 any eq 502
access-list inside_acl permit tcp host 10.40.1.122 any
access-list inside_acl permit tcp host 10.40.1.121 any
access-list inside_acl permit tcp host 10.40.1.120 any
access-list inside_acl permit tcp host 10.40.1.119 any
access-list inside_acl permit tcp host 10.40.1.118 any
access-list inside_acl permit tcp host 10.40.1.117 any
access-list inside_acl permit tcp host 10.40.1.116 any
access-list inside_acl permit tcp host 10.40.1.115 any
access-list inside_acl permit tcp host 10.40.1.114 any
access-list inside_acl permit tcp host 10.40.1.113 any
access-list inside_acl permit tcp host 10.40.1.112 any
access-list inside_acl permit tcp host 10.40.1.111 any
access-list inside_acl permit tcp host 10.40.1.110 any
access-list inside_acl permit tcp host 10.40.1.109 any
access-list inside_acl permit tcp host 10.40.1.108 any
access-list inside_acl permit tcp host 10.40.1.107 any
access-list inside_acl permit tcp host 10.40.1.106 any
access-list inside_acl permit tcp host 10.40.1.105 any
access-list inside_acl permit tcp host 10.40.1.104 any
access-list inside_acl permit tcp host 10.40.1.103 any
access-list inside_acl permit tcp host 10.40.1.102 any
access-list inside_acl permit tcp host 10.40.1.101 any
access-list inside_acl permit tcp host 10.40.1.100 any
access-list inside_acl remark Mpls DHCP Wireless NAT
access-list inside_acl permit tcp host 10.40.0.120 any
access-list inside_acl permit tcp host 10.40.0.121 any
access-list inside_acl permit tcp host 10.40.0.122 any
access-list inside_acl permit tcp host 10.40.0.123 any
access-list inside_acl permit tcp host 10.40.0.124 any
access-list inside_acl permit tcp host 10.40.0.125 any
access-list inside_acl permit tcp host 10.40.0.126 any
access-list inside_acl permit tcp host 10.40.0.127 any
access-list inside_acl permit tcp host 10.40.0.128 any
access-list inside_acl permit tcp host 10.40.0.129 any
access-list inside_acl permit tcp host 10.40.0.130 any
access-list inside_acl permit tcp host 10.40.0.131 any
access-list inside_acl permit tcp host 10.40.0.132 any
access-list inside_acl permit tcp host 10.40.0.133 any
access-list inside_acl permit tcp host 10.40.0.134 any
access-list inside_acl permit tcp host 10.40.0.135 any
access-list inside_acl permit tcp host 10.40.0.136 any
access-list inside_acl permit tcp host 10.40.0.137 any
access-list inside_acl permit tcp host 10.40.0.138 any
access-list inside_acl permit tcp host 10.40.0.139 any
access-list inside_acl permit tcp host 10.40.0.140 any
access-list inside_acl permit tcp host 10.40.0.141 any
access-list inside_acl permit tcp host 10.40.0.142 any
access-list inside_acl permit tcp host 10.40.0.143 any
access-list inside_acl permit tcp host 10.40.0.144 any
access-list inside_acl permit tcp host 10.40.0.145 any
access-list inside_acl permit tcp host 10.40.0.146 any
access-list inside_acl permit tcp host 10.40.0.147 any
access-list inside_acl permit tcp host 10.40.0.148 any
access-list inside_acl permit tcp host 10.40.0.149 any
access-list inside_acl permit tcp host 10.40.0.150 any
access-list inside_acl remark Blaser DHCP Wireless NAT
access-list inside_acl permit tcp host 10.60.3.1 any
access-list inside_acl permit tcp host 10.60.3.2 any
access-list inside_acl permit tcp host 10.60.3.3 any
access-list inside_acl permit tcp host 10.60.3.4 any
access-list inside_acl permit tcp host 10.60.3.5 any
access-list inside_acl permit tcp host 10.60.3.6 any
access-list inside_acl permit tcp host 10.60.3.7 any
access-list inside_acl permit tcp host 10.60.3.8 any
access-list inside_acl permit tcp host 10.60.3.9 any
access-list inside_acl permit tcp host 10.60.3.10 any
access-list inside_acl deny tcp any any eq www
access-list inside_acl deny tcp any any eq https
access-list inside_acl deny tcp any any eq ftp
access-list inside_acl deny udp any any eq domain
access-list inside_acl permit icmp any any echo-reply
access-list inside_acl permit icmp any any echo
access-list inside_acl permit icmp any any
access-list inside_acl deny ip any any log
access-list inside_acl permit ip 10.20.0.0 255.255.0.0 192.168.168.0 255.255.255.0
access-list vpn permit ip 196.77.12.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list vpn permit ip 196.77.12.0 255.255.255.0 192.168.27.32 255.255.255.224
access-list vpn permit ip 10.60.0.0 255.255.0.0 10.10.10.0 255.255.255.0
access-list vpn permit ip 10.0.0.0 255.0.0.0 10.10.10.0 255.255.255.0
access-list vpn permit ip 10.40.0.0 255.255.0.0 10.10.10.0 255.255.255.0
access-list vpn permit ip 196.77.12.0 255.255.255.0 192.1.1.0 255.255.255.0
access-list vpn permit ip 196.77.12.0 255.255.255.0 10.20.0.0 255.255.0.0
access-list vpn permit ip 10.70.0.0 255.255.0.0 10.10.10.0 255.255.255.0
access-list vpn permit ip 10.10.10.0 255.255.255.0 192.168.168.0 255.255.255.0
access-list vpn permit ip 10.60.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list vpn permit ip 10.40.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list vpn permit ip 10.50.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list vpn permit ip 10.60.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list vpn permit ip 10.80.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list vpn permit ip 10.90.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list vpn permit ip 10.40.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list vpn permit ip 10.50.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list vpn remark The 172.10 network was inserted for OMET
access-list vpn permit ip 196.77.12.0 255.255.255.0 172.10.0.0 255.255.0.0
access-list vpn permit ip 10.40.0.0 255.255.0.0 172.10.0.0 255.255.0.0
access-list vpn permit ip 192.168.168.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list coorsvpn permit ip 196.77.12.0 255.255.255.0 192.168.27.32 255.255.255.224
access-list bedvpn permit ip 196.77.12.0 255.255.255.0 192.1.1.0 255.255.255.0
access-list bedvpn permit ip 196.77.12.0 255.255.255.0 10.20.0.0 255.255.0.0
access-list bedvpn permit ip 10.40.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list bedvpn permit ip 10.50.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list bedvpn permit ip 10.60.0.0 255.255.0.0 192.1.1.0 255.255.255.0
access-list bedvpn permit ip 10.60.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list bedvpn permit ip 192.1.1.0 255.255.255.0 192.168.168.0 255.255.255.0
access-list bedvpn permit ip 10.20.0.0 255.255.0.0 192.168.168.0 255.255.255.0
access-list bedvpn permit ip 10.50.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list bedvpn permit ip 10.40.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list bedvpn permit icmp any any
access-list coorsvpn_toronto permit ip 196.77.12.0 255.255.255.0 192.168.27.32 255.255.255.224
access-list coorsvpn_toronto permit ip 192.168.27.32 255.255.255.224 196.77.12.0 255.255.255.0
access-list coorsvpn_toronto permit ip host 10.255.3.1 host 196.77.12.123
access-list coorsvpn_toronto permit ip host 196.77.12.123 host 10.255.3.1
access-list coorsvpn_toronto deny ip any any
access-list DMZnoNAT permit ip 192.168.168.0 255.255.255.0 10.10.10.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging history alerts
logging host inside XXXXXXXXXXXX
icmp permit host XXXXXXXXXXXXXX echo-reply outside
icmp permit any outside
icmp permit host XXXXXXXXXXXXXX echo-reply outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
mtu dmz1 1500
ip address outside XXXXXXXXXXXX 255.255.255.248
ip address inside XXXXXXXXXXXXX 255.255.255.0
ip address dmz1 XXXXXXXXXXXXXX 255.255.255.0
ip audit name IDSATTACK attack action alarm drop
ip audit name IDSINFO info action alarm
ip audit interface outside IDSINFO
ip audit interface outside IDSATTACK
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnremote 10.10.10.1-10.10.10.40
pdm location 198.6.1.4 255.255.255.255 outside
pdm location 198.6.1.5 255.255.255.255 outside
pdm location 196.77.12.2 255.255.255.255 inside
pdm location 196.77.12.3 255.255.255.255 inside
pdm location 196.77.12.134 255.255.255.255 inside
pdm location 196.77.12.140 255.255.255.255 inside
pdm location 196.77.12.141 255.255.255.255 inside
pdm location 196.77.12.142 255.255.255.255 inside
pdm location 196.77.12.150 255.255.255.255 inside
pdm location 196.77.12.152 255.255.255.255 inside
pdm location 196.77.12.176 255.255.255.255 inside
pdm location 196.77.12.192 255.255.255.255 inside
pdm location 196.77.12.200 255.255.255.255 inside
pdm location 196.77.12.203 255.255.255.255 inside
pdm location 196.77.12.205 255.255.255.255 inside
pdm location 196.77.12.248 255.255.255.255 inside
pdm location 196.77.12.250 255.255.255.255 inside
pdm location 196.77.12.252 255.255.255.255 inside
pdm location 192.168.168.20 255.255.255.255 dmz1
pdm location 192.168.168.23 255.255.255.255 dmz1
pdm location 192.168.168.24 255.255.255.255 dmz1
pdm location 192.168.168.25 255.255.255.255 dmz1
pdm location 24.60.211.156 255.255.255.255 outside
pdm location 67.106.88.166 255.255.255.255 outside
pdm location 199.191.131.20 255.255.255.255 outside
pdm location 196.77.12.161 255.255.255.255 inside
pdm location 130.126.24.53 255.255.255.255 outside
pdm location NTPServer 255.255.255.255 outside
pdm location 140.221.9.20 255.255.255.255 outside
pdm location 209.134.135.228 255.255.255.255 outside
pdm location 209.134.135.230 255.255.255.255 outside
pdm location 196.77.12.148 255.255.255.255 inside
pdm location 196.77.12.244 255.255.255.255 inside
pdm location 199.191.131.20 255.255.255.255 inside
pdm location 199.191.131.20 255.255.255.255 dmz1
pdm location 10.10.10.6 255.255.255.255 outside
pdm location 209.67.18.12 255.255.255.255 outside
pdm location 196.77.12.21 255.255.255.255 inside
pdm location 192.168.168.30 255.255.255.255 dmz1
pdm location 204.220.24.105 255.255.255.255 outside
pdm location 10.50.0.0 255.255.0.0 inside
pdm location 10.60.0.0 255.255.0.0 inside
pdm location 10.50.0.25 255.255.255.255 inside
pdm location 10.30.0.0 255.255.0.0 inside
pdm location 10.70.0.0 255.255.0.0 inside
pdm location 192.168.168.26 255.255.255.255 dmz1
pdm location 10.80.0.0 255.255.0.0 inside
pdm location 10.20.0.0 255.255.0.0 inside
pdm location 196.77.12.135 255.255.255.255 inside
pdm location 10.10.192.0 255.255.255.0 outside
pdm location 10.40.1.50 255.255.255.255 inside
pdm location 10.40.1.32 255.255.255.255 inside
pdm location 10.10.10.0 255.255.255.0 inside
pdm location 10.40.0.1 255.255.255.255 inside
pdm location 10.40.1.64 255.255.255.255 inside
pdm location 10.40.1.65 255.255.255.255 inside
pdm location 10.40.1.66 255.255.255.255 inside
pdm location 10.40.1.67 255.255.255.255 inside
pdm location 10.40.1.69 255.255.255.255 inside
pdm location 10.40.1.70 255.255.255.255 inside
pdm location 10.40.1.71 255.255.255.255 inside
pdm location 10.40.0.0 255.255.0.0 inside
pdm location 10.50.0.1 255.255.255.255 inside
pdm location 10.50.0.2 255.255.255.255 inside
pdm location 10.50.0.15 255.255.255.255 inside
pdm location 10.50.0.17 255.255.255.255 inside
pdm location 10.50.0.26 255.255.255.255 inside
pdm location 10.0.0.0 255.0.0.0 inside
pdm location 196.77.12.46 255.255.255.255 inside
pdm location 196.77.12.67 255.255.255.255 inside
pdm location 196.77.12.76 255.255.255.255 inside
pdm location 196.77.12.90 255.255.255.255 inside
pdm location 196.77.12.111 255.255.255.255 inside
pdm location 196.77.12.123 255.255.255.255 inside
pdm location 196.77.12.124 255.255.255.255 inside
pdm location 196.77.12.138 255.255.255.255 inside
pdm location 196.77.12.145 255.255.255.255 inside
pdm location 196.77.12.171 255.255.255.255 inside
pdm location 196.77.12.175 255.255.255.255 inside
pdm location 196.77.12.177 255.255.255.255 inside
pdm location 196.77.12.201 255.255.255.255 inside
pdm location 10.10.10.51 255.255.255.255 outside
pdm location 10.10.10.0 255.255.255.0 outside
pdm location 192.168.27.32 255.255.255.224 outside
pdm location 192.168.168.0 255.255.255.0 outside
pdm location 201.194.184.2 255.255.255.255 outside
pdm location 172.10.0.0 255.255.0.0 inside
pdm location 172.10.0.0 255.255.0.0 outside
pdm location 10.90.0.0 255.255.0.0 inside
pdm location 10.40.1.68 255.255.255.255 inside
pdm location 10.60.0.19 255.255.255.255 inside
pdm location 10.60.1.11 255.255.255.255 inside
pdm location 10.70.0.1 255.255.255.255 inside
pdm location 10.80.0.15 255.255.255.255 inside
pdm location 172.0.0.0 255.255.0.0 inside
pdm location 192.1.1.0 255.255.255.0 inside
pdm location 196.77.12.136 255.255.255.255 inside
pdm location 196.77.12.137 255.255.255.255 inside
pdm location 10.20.0.0 255.255.0.0 dmz1
pdm location 192.1.1.0 255.255.255.0 dmz1
pdm location 10.20.0.0 255.255.0.0 outside
pdm location 63.251.179.0 255.255.255.0 outside
pdm location 192.1.1.0 255.255.255.0 outside
pdm location 196.77.12.125 255.255.255.255 inside
pdm location 196.77.12.160 255.255.255.255 inside
pdm location 192.168.168.27 255.255.255.255 dmz1
pdm location 196.77.12.213 255.255.255.255 inside
pdm location 10.40.1.100 255.255.255.255 inside
pdm location 10.40.1.101 255.255.255.255 inside
pdm location 10.40.1.102 255.255.255.255 inside
pdm location 10.40.1.103 255.255.255.255 inside
pdm location 10.40.1.104 255.255.255.255 inside
pdm location 10.40.1.105 255.255.255.255 inside
pdm location 10.40.1.106 255.255.255.255 inside
pdm location 10.40.1.107 255.255.255.255 inside
pdm location 10.40.1.108 255.255.255.255 inside
pdm location 10.40.1.109 255.255.255.255 inside
pdm location 10.40.1.110 255.255.255.255 inside
pdm location 10.40.1.111 255.255.255.255 inside
pdm location 10.40.1.112 255.255.255.255 inside
pdm location 10.40.1.113 255.255.255.255 inside
pdm location 10.40.1.114 255.255.255.255 inside
pdm location 10.40.1.115 255.255.255.255 inside
pdm location 10.40.1.116 255.255.255.255 inside
pdm location 10.40.1.117 255.255.255.255 inside
pdm location 10.40.1.118 255.255.255.255 inside
pdm location 10.40.1.119 255.255.255.255 inside
pdm location 10.40.1.120 255.255.255.255 inside
pdm location 10.40.1.121 255.255.255.255 inside
pdm location 10.40.1.122 255.255.255.255 inside
pdm location 206.248.204.121 255.255.255.255 outside
pdm location 10.50.1.1 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 XXX.XXX.XXX.XXX
nat (inside) 0 access-list vpn
nat (inside) 1 196.77.12.0 255.255.255.0 0 0
nat (inside) 1 10.30.0.0 255.255.0.0 0 0
nat (inside) 1 10.40.0.0 255.255.0.0 0 0
nat (inside) 1 10.50.0.0 255.255.0.0 0 0
nat (inside) 1 10.60.0.0 255.255.0.0 0 0
nat (inside) 1 10.70.0.0 255.255.0.0 0 0
nat (inside) 1 10.80.0.0 255.255.0.0 0 0
nat (inside) 1 10.90.0.0 255.255.0.0 0 0
nat (dmz1) 0 access-list DMZnoNAT
nat (dmz1) 1 192.168.168.0 255.255.255.0 0 0
static (inside,dmz1) 196.77.12.0 196.77.12.0 netmask 255.255.255.0 0 0
static (dmz1,inside) 192.168.168.0 192.168.168.0 netmask 255.255.255.0 0 0
static (inside,outside) cache-outside 196.77.12.252 netmask 255.255.255.255 200 400
static (inside,outside) oak-outside 196.77.12.200 netmask 255.255.255.255 200 400
static (inside,outside) KarenPCAny-outside 196.77.12.50 netmask 255.255.255.255 200 400
static (inside,outside) intellops-outside 196.77.12.161 netmask 255.255.255.255 200 400
static (inside,outside) smythsp-outside 196.77.12.134 netmask 255.255.255.255 200 400
static (inside,outside) eagle-outside 196.77.12.192 netmask 255.255.255.255 200 400
static (dmz1,outside) commerce-outside 192.168.168.20 netmask 255.255.255.255 200 400
static (dmz1,outside) webipg-outside 192.168.168.25 netmask 255.255.255.255 200 400
static (dmz1,outside) webrepack-outside 192.168.168.30 netmask 255.255.255.255 200 400
static (dmz1,outside) salesync-outside 192.168.168.24 netmask 255.255.255.255 200 400
static (inside,outside) www4-outside 10.50.0.25 netmask 255.255.255.255 200 400
static (inside,dmz1) 10.40.0.0 10.40.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.30.0.0 10.30.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.50.0.0 10.50.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.60.0.0 10.60.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.70.0.0 10.70.0.0 netmask 255.255.0.0 0 0
static (dmz1,outside) mail2-outside 192.168.168.26 netmask 255.255.255.255 200 400
static (dmz1,outside) mail-outside 192.168.168.23 netmask 255.255.255.255 200 400
static (inside,dmz1) 10.80.0.0 10.80.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 172.10.0.0 172.0.0.0 netmask 255.255.0.0 0 0
static (inside,dmz1) 10.90.0.0 10.90.0.0 netmask 255.255.0.0 0 0
static (outside,dmz1) 192.1.1.0 192.1.1.0 netmask 255.255.255.0 0 0
static (outside,dmz1) 10.20.0.0 10.20.0.0 netmask 255.255.0.0 0 0
static (outside,dmz1) 10.10.10.0 10.10.10.0 netmask 255.255.255.0 0 0
static (inside,outside) unity-outside 10.40.1.50 netmask 255.255.255.255 200 400
static (dmz1,outside) epace-outside 192.168.168.27 netmask 255.255.255.255 200 400
access-group outside_acl in interface outside
access-group inside_acl in interface inside
access-group dmz1_acl in interface dmz1
route outside 0.0.0.0 0.0.0.0 XXXXXXXXXXXXX 1
route inside 10.0.0.0 255.0.0.0 196.77.12.253 0
route inside 10.10.10.0 255.255.255.0 196.77.12.253 1
route outside 10.20.0.0 255.255.0.0 XXXXXXXXXXXXX 1
route inside 10.30.0.0 255.255.0.0 196.77.12.253 1
route inside 10.40.0.0 255.255.0.0 196.77.12.253 1
route inside 10.50.0.0 255.255.0.0 196.77.12.253 1
route inside 10.60.0.0 255.255.0.0 196.77.12.253 1
route inside 10.70.0.0 255.255.0.0 196.77.12.253 1
route inside 10.80.0.0 255.255.0.0 196.77.12.253 1
route inside 10.90.0.0 255.255.0.0 196.77.12.253 1
route inside 172.10.0.0 255.255.0.0 196.77.12.253 1
route outside 192.1.1.0 255.255.255.0 XXXXXXXXXXXXXX 1
timeout xlate 12:00:00
timeout conn 12:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 2:00:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 196.77.12.250 255.255.255.255 inside
http 196.77.12.152 255.255.255.255 inside
http 196.77.12.2 255.255.255.255 inside
http 196.77.12.148 255.255.255.255 inside
http 196.77.12.0 255.255.255.0 inside
http 196.77.12.160 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community XXXXXXXXXXXXXXX
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
service resetinbound
crypto ipsec transform-set smythset esp-3des esp-sha-hmac
crypto ipsec transform-set CoorsVPNset esp-3des esp-md5-hmac
crypto ipsec transform-set medium_policy esp-3des esp-sha-hmac
crypto dynamic-map smyth 4 set transform-set smythset
crypto map smyth-map 10 ipsec-isakmp
crypto map smyth-map 10 match address bedvpn
crypto map smyth-map 10 set peer XXXXXXXXXXXXXX
crypto map smyth-map 10 set transform-set smythset
crypto map smyth-map 20 ipsec-isakmp dynamic smyth
crypto map smyth-map 50 ipsec-isakmp
crypto map smyth-map 50 match address coorsvpn_toronto
crypto map smyth-map 50 set pfs
crypto map smyth-map 50 set peer XXXXXXXXXXXXXX
crypto map smyth-map 50 set transform-set medium_policy
crypto map smyth-map client configuration address initiate
crypto map smyth-map client configuration address respond
crypto map smyth-map interface outside
isakmp enable outside
isakmp enable inside
isakmp key ******** address XXXXXXXXXXXXX netmask 255.255.255.192
isakmp key ******** address XXXXXXXXXXXXX netmask 255.255.255.255 no-xauth
isakmp key ******** address XXXXXXXXXXXXX netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 2
isakmp policy 8 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpngroup tklarr address-pool vpnremote
vpngroup tklarr dns-server 196.77.12.203 10.40.1.32
vpngroup tklarr default-domain smythco.com
vpngroup tklarr split-tunnel vpn
vpngroup tklarr idle-time 1800
vpngroup tklarr password ********
vpngroup syokanov address-pool vpnremote
vpngroup syokanov dns-server 196.77.12.203 10.40.1.32
vpngroup syokanov default-domain smythco.com
vpngroup syokanov split-tunnel vpn
vpngroup syokanov idle-time 1800
vpngroup syokanov password ********
vpngroup telnet XXXXXXXXXX 255.255.255.0 inside
telnet XXXXXXXXXX 255.255.255.255 inside
telnet XXXXXXXXXX 255.255.255.255 dmz1
telnet timeout 5
ssh XXXXXXXXX 255.255.255.255 outside
ssh XXXXXXXXX 255.255.255.255 outside
ssh XXXXXXXXX 255.255.255.0 inside
ssh timeout 60
management-access inside
console timeout 0
terminal width 80
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.202 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup