Output of Show Access list ------------------------------------------------------------------------------------------------------ IVOXFIRE# sh access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list acl_inside; 34 elements access-list acl_inside line 1 extended permit ip any any (hitcnt=3446811) access-list acl_inside line 2 extended permit tcp any any (hitcnt=0) access-list acl_inside line 3 extended permit udp any any (hitcnt=0) access-list acl_inside line 4 extended permit icmp any any echo (hitcnt=0) access-list acl_inside line 5 extended permit icmp any any echo-reply (hitcnt=0) access-list acl_inside line 6 extended deny tcp any any eq 135 (hitcnt=0) access-list acl_inside line 7 extended deny udp any any eq 135 (hitcnt=0) access-list acl_inside line 8 extended deny tcp any any eq 69 (hitcnt=0) access-list acl_inside line 9 extended deny udp any any eq tftp (hitcnt=0) access-list acl_inside line 10 extended deny tcp any any eq 137 (hitcnt=0) access-list acl_inside line 11 extended deny udp any any eq netbios-ns (hitcnt=0) access-list acl_inside line 12 extended deny tcp any any eq 138 (hitcnt=0) access-list acl_inside line 13 extended deny udp any any eq netbios-dgm (hitcnt=0) access-list acl_inside line 14 extended deny tcp any any eq netbios-ssn (hitcnt=0) access-list acl_inside line 15 extended deny udp any any eq 139 (hitcnt=0) access-list acl_inside line 16 extended deny tcp any any eq 445 (hitcnt=0) access-list acl_inside line 17 extended deny udp any any eq 445 (hitcnt=0) access-list acl_inside line 18 extended deny tcp any any eq 593 (hitcnt=0) access-list acl_inside line 19 extended deny tcp any any eq 8998 (hitcnt=0) access-list acl_inside line 20 extended deny udp any any eq 8998 (hitcnt=0) access-list acl_inside line 21 extended deny tcp any any eq 4444 (hitcnt=0) access-list acl_inside line 22 extended deny udp any any eq 4444 (hitcnt=0) access-list acl_inside line 23 extended deny tcp any any eq 4662 (hitcnt=0) access-list acl_inside line 24 extended deny udp any any eq 4662 (hitcnt=0) access-list acl_inside line 25 extended deny tcp any any eq 4661 (hitcnt=0) access-list acl_inside line 26 extended deny udp any any eq 4665 (hitcnt=0) access-list acl_inside line 27 extended deny tcp any any eq 1516 (hitcnt=0) access-list acl_inside line 28 extended deny udp any any eq 1516 (hitcnt=0) access-list acl_inside line 29 extended deny tcp any any eq 1517 (hitcnt=0) access-list acl_inside line 30 extended deny udp any any eq 1517 (hitcnt=0) access-list acl_inside line 31 extended deny tcp any any eq 1518 (hitcnt=0) access-list acl_inside line 32 extended deny udp any any eq 1518 (hitcnt=0) access-list acl_inside line 33 extended deny tcp any any eq 1519 (hitcnt=0) access-list acl_inside line 34 extended deny udp any any eq 1519 (hitcnt=0) access-list acl_out; 18 elements access-list acl_out line 1 extended permit icmp any any echo-reply (hitcnt=116) access-list acl_out line 2 extended permit icmp any any time-exceeded (hitcnt=15190) access-list acl_out line 3 extended permit icmp any any unreachable (hitcnt=4136) access-list acl_out line 4 extended permit tcp any host 216.24.168.202 eq www (hitcnt=107516) access-list acl_out line 5 extended permit tcp any host 216.24.168.202 eq ftp (hitcnt=5606) access-list acl_out line 6 extended permit tcp any host 216.24.168.202 eq https (hitcnt=73928) access-list acl_out line 7 extended permit tcp any host 216.24.168.202 eq 3389 (hitcnt=491) access-list acl_out line 8 extended permit tcp any host 216.24.168.202 eq 1444 (hitcnt=4314) access-list acl_out line 9 extended permit tcp any host 216.24.168.202 eq 1445 (hitcnt=920) access-list acl_out line 10 extended permit tcp any host 216.24.168.202 eq 1446 (hitcnt=4111) access-list acl_out line 11 extended permit tcp any host 216.24.168.226 (hitcnt=0) access-list acl_out line 12 extended permit tcp any any (hitcnt=6780747) access-list acl_out line 13 extended permit udp any any (hitcnt=56220) access-list acl_out line 14 extended permit ip any 10.212.8.0 255.255.255.224 (hitcnt=0) access-list acl_out line 15 extended deny ip any host 216.24.168.202 log informational interval 300 (hitcnt=15299) access-list acl_out line 16 extended permit tcp any host 216.24.168.202 eq 1447 (hitcnt=0) access-list acl_out line 17 extended permit tcp any host 216.24.168.202 eq 1448 (hitcnt=0) access-list acl_out line 18 extended permit tcp any host 216.24.168.202 eq 1449 (hitcnt=0) access-list 100; 3 elements access-list 100 line 1 extended permit ip 192.168.3.0 255.255.255.0 172.17.168.0 255.255.255.0 (hitcnt=0) access-list 100 line 2 extended permit ip 192.168.3.0 255.255.255.0 10.10.10.0 255.255.255.0 (hitcnt=0) access-list 100 line 3 extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) access-list 110; 1 elements access-list 110 line 1 extended permit ip 192.168.3.0 255.255.255.0 172.17.168.0 255.255.255.0 (hitcnt=53) access-list 120; 1 elements access-list 120 line 1 extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=245) Output of Sh crypto IPSEC SA ---------------------------------------------------------------------------------------------------------------- IVOXFIRE# sh crypto ipsec sa interface: outside Crypto map tag: IPSecMap, seq num: 40, local addr: xx.xx.xx.xx access-list 120 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 local ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) current_peer: xx.xx.xx.xx #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 8, #pkts decrypt: 8, #pkts verify: 8 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0 #send errors: 0, #recv errors: 0 local crypto endpt.: xx.xx.xx.xx, remote crypto endpt.: xx.xx.xx.xx path mtu 1500, ipsec overhead 74, media mtu 1500 current outbound spi: FC5C0A8B inbound esp sas: spi: 0x90035D80 (2416139648) transform: esp-aes esp-md5-hmac none in use settings ={L2L, Tunnel, } slot: 0, conn_id: 82, crypto-map: IPSecMap sa timing: remaining key lifetime (kB/sec): (4274999/27963) IV size: 16 bytes replay detection support: Y outbound esp sas: spi: 0xFC5C0A8B (4233890443) transform: esp-aes esp-md5-hmac none in use settings ={L2L, Tunnel, } slot: 0, conn_id: 82, crypto-map: IPSecMap sa timing: remaining key lifetime (kB/sec): (4275000/27960) IV size: 16 bytes replay detection support: Y