topic Cisco ASA 5500 routing issue in Network Security https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710041#M535581 <HTML><HEAD></HEAD><BODY><P>I have done what you asked, the same issue persists. Below is the log again, again thank you your a great help.</P><P></P><P>Result of the command: "show running-config"</P><P></P><P>: Saved</P><P>:</P><P>ASA Version 8.2(2) </P><P>!</P><P></P><P>names</P><P>name 192.168.1.25 ACCMX-INT</P><P>name 192.168.1.44 ACCSUN-INT</P><P>name 192.168.1.28 ACCIRON-INT</P><P>name 69.130.7.116 ACCIRON-EXT</P><P>name 69.130.7.115 ACCMX-EXT</P><P>name 69.130.7.117 ACCSUN-EXT</P><P>name 69.130.7.118 FacileHR-EXT</P><P>name 69.130.7.120 NRIYP-EXT</P><P>name 69.130.7.126 ADDON-EXT</P><P>name 192.168.1.26 ADDON-INT</P><P>name 192.168.1.21 Kyle</P><P>name 192.168.1.30 NRIYP-INT</P><P>name 192.168.1.186 FacileHR-INT</P><P>!</P><P>interface Vlan1</P><P> description LAN [INSIDE INTERFACE]</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.1.1 255.255.255.0 </P><P>!</P><P>interface Vlan2</P><P> description T1 LINE [EXTERNAL INTERFACE]</P><P> nameif outside</P><P> security-level 0</P><P> ip address 69.130.7.114 255.255.255.240 </P><P>!</P><P>interface Ethernet0/0</P><P> switchport access vlan 2</P><P>!</P><P>interface Ethernet0/1</P><P>!</P><P>interface Ethernet0/2</P><P>!</P><P>interface Ethernet0/3</P><P>!</P><P>interface Ethernet0/4</P><P>!</P><P>interface Ethernet0/5</P><P>!</P><P>interface Ethernet0/6</P><P>!</P><P>interface Ethernet0/7</P><P>!</P><P>boot system disk0:/asa822-k8.bin</P><P>ftp mode passive</P><P>clock timezone EST -5</P><P>clock summer-time EDT recurring</P><P>dns server-group DefaultDNS</P><P> domain-name aim-cc.com</P><P>same-security-traffic permit intra-interface</P><P>object-group service aptela udp</P><P> description for Aptela Phones</P><P> port-object range 10000 20000</P><P> port-object range sip 5061</P><P>object-group service RDP tcp-udp</P><P> port-object range 3389 3389</P><P>object-group network BLACKLIST</P><P> network-object host 190.18.107.140</P><P> network-object host 121.244.106.2</P><P> network-object host 187.11.194.28</P><P> network-object host 188.2.237.199</P><P> network-object host 190.48.38.184</P><P> network-object host 201.47.229.72</P><P> network-object host 207.155.250.20</P><P> network-object host 209.85.160.56</P><P> network-object host 209.85.222.199</P><P> network-object host 63.246.10.50</P><P> network-object host 66.77.56.84</P><P> network-object host 83.168.1.28</P><P> network-object host 124.121.68.190</P><P> network-object host 174.35.12.35</P><P> network-object host 174.37.81.160</P><P> network-object host 188.192.97.110</P><P> network-object host 188.38.164.31</P><P> network-object host 208.75.123.162</P><P> network-object host 41.131.81.19</P><P> network-object host 65.168.1.28</P><P> network-object host 74.125.83.174</P><P> network-object host 74.125.83.184</P><P> network-object host 74.208.4.191</P><P> network-object host 82.230.100.32</P><P> network-object host 89.173.0.9</P><P> network-object host 89.228.129.126</P><P> network-object host 93.86.217.140</P><P> network-object host 123.21.107.67</P><P> network-object host 178.92.126.228</P><P> network-object host 189.10.192.107</P><P> network-object host 189.55.158.40</P><P> network-object host 189.70.186.225</P><P> network-object host 201.11.0.98</P><P> network-object host 207.250.58.8</P><P> network-object host 208.75.123.163</P><P> network-object host 208.75.123.226</P><P> network-object host 209.85.211.156</P><P> network-object host 209.85.221.146</P><P> network-object host 209.85.222.159</P><P> network-object host 211.170.114.154</P><P> network-object host 24.38.18.233</P><P> network-object host 64.49.82.68</P><P> network-object host 64.50.170.80</P><P> network-object host 65.217.159.98</P><P> network-object host 68.200.154.75</P><P> network-object host 74.208.4.195</P><P> network-object host 75.146.94.187</P><P> network-object host 80.14.122.109</P><P> network-object host 92.84.207.252</P><P> network-object host 93.153.0.155</P><P> network-object host 93.73.179.61</P><P> network-object host 96.252.6.79</P><P> network-object host 99.174.113.44</P><P> network-object host 117.6.64.137</P><P> network-object host 178.93.144.158</P><P> network-object host 190.245.171.12</P><P> network-object host 195.174.128.15</P><P> network-object host 199.238.178.138</P><P> network-object host 208.75.123.228</P><P> network-object host 209.85.217.193</P><P> network-object host 24.103.215.120</P><P> network-object host 74.208.4.194</P><P> network-object host 84.24.253.217</P><P> network-object host 98.117.251.114</P><P> network-object host 12.164.54.36</P><P> network-object host 160.75.192.3</P><P> network-object host 186.87.3.225</P><P> network-object host 190.174.208.57</P><P> network-object host 190.59.189.71</P><P> network-object host 201.4.160.18</P><P> network-object host 207.155.248.47</P><P> network-object host 208.111.169.150</P><P> network-object host 208.89.132.145</P><P> network-object host 209.85.160.46</P><P> network-object host 209.85.210.163</P><P> network-object host 62.248.88.175</P><P> network-object host 64.202.189.25</P><P> network-object host 66.165.70.198</P><P> network-object host 67.132.93.114</P><P> network-object host 69.174.244.158</P><P> network-object host 69.67.52.156</P><P> network-object host 69.74.142.209</P><P> network-object host 74.125.92.25</P><P> network-object host 74.203.196.51</P><P> network-object host 79.110.128.212</P><P> network-object host 87.70.217.30</P><P> network-object host 88.146.41.234</P><P> network-object host 88.76.127.77</P><P> network-object host 93.86.37.241</P><P> network-object host 94.70.115.94</P><P> network-object host 95.168.100.87</P><P> network-object host 123.201.69.230</P><P> network-object host 186.9.50.90</P><P> network-object host 189.73.235.78</P><P> network-object host 195.2.236.11</P><P> network-object host 202.63.105.220</P><P> network-object host 205.178.146.55</P><P> network-object host 205.178.146.57</P><P> network-object host 205.178.146.58</P><P> network-object host 205.178.146.61</P><P> network-object host 209.85.160.184</P><P> network-object host 209.85.221.171</P><P> network-object host 218.147.37.219</P><P> network-object host 64.120.250.82</P><P> network-object host 66.227.62.183</P><P> network-object host 67.228.227.25</P><P> network-object host 87.109.179.247</P><P> network-object host 87.163.5.34</P><P> network-object host 89.78.170.200</P><P> network-object host 89.78.3.139</P><P> network-object host 92.29.204.146</P><P> network-object host 94.189.180.81</P><P> network-object host 95.180.64.244</P><P> network-object host 122.169.182.129</P><P> network-object host 122.169.182.213</P><P> network-object host 111.224.250.131</P><P> network-object host 115.184.136.110</P><P> network-object host 123.176.39.134</P><P> network-object host 123.237.6.173</P><P> network-object host 209.250.243.135</P><P> network-object host 216.87.164.19</P><P> network-object host 217.23.15.143</P><P> network-object host 61.49.36.166</P><P> network-object host 67.138.108.151</P><P> network-object host 67.138.109.158</P><P> network-object host 111.118.156.170</P><P> network-object host 111.224.250.132</P><P> network-object host 111.224.250.133</P><P> network-object host 117.96.18.118</P><P> network-object host 121.151.149.220</P><P> network-object host 121.183.243.205</P><P> network-object host 123.19.170.237</P><P> network-object host 125.176.14.67</P><P> network-object host 183.107.94.151</P><P> network-object host 183.97.35.5</P><P> network-object host 186.104.230.5</P><P> network-object host 187.52.232.152</P><P> network-object host 189.211.159.220</P><P> network-object host 190.102.239.219</P><P> network-object host 190.235.13.233</P><P> network-object host 190.35.206.68</P><P> network-object host 190.7.109.65</P><P> network-object host 200.87.116.58</P><P> network-object host 204.188.223.222</P><P> network-object host 204.45.2.197</P><P> network-object host 208.83.232.3</P><P> network-object host 209.250.243.107</P><P> network-object host 209.250.243.15</P><P> network-object host 209.250.243.83</P><P> network-object host 212.200.197.62</P><P> network-object host 216.1.203.94</P><P> network-object host 220.227.80.226</P><P> network-object host 41.186.0.212</P><P> network-object host 41.249.114.143</P><P> network-object host 58.26.151.196</P><P> network-object host 62.19.51.5</P><P> network-object host 64.212.196.228</P><P> network-object host 67.138.109.68</P><P> network-object host 67.138.110.68</P><P> network-object host 68.142.134.126</P><P> network-object host 70.98.204.112</P><P> network-object host 70.98.205.140</P><P> network-object host 70.98.205.165</P><P> network-object host 74.63.107.46</P><P> network-object host 78.97.189.115</P><P> network-object host 79.106.2.46</P><P> network-object host 84.22.56.50</P><P> network-object host 89.123.211.42</P><P> network-object host 89.46.84.214</P><P> network-object host 90.169.74.53</P><P> network-object host 90.185.163.176</P><P> network-object host 95.35.16.79</P><P> network-object host 95.65.253.179</P><P>object-group service SMTP-587 tcp</P><P> description SMTP 587</P><P> port-object eq 587</P><P>object-group service smtp-587 tcp</P><P> description smtp 587</P><P> port-object eq 587</P><P>object-group protocol TCPUDP</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>object-group service SMTP-465 tcp</P><P> port-object eq 465</P><P>object-group service TCP-993 tcp</P><P> port-object eq 993</P><P>object-group service TCP-995 tcp</P><P> port-object eq 995</P><P>object-group service TCP-7071 tcp</P><P> port-object eq 7071</P><P>object-group service TCP-10000 tcp</P><P> port-object eq 10000</P><P>object-group service TCP-8080 tcp</P><P> port-object eq 8080</P><P>object-group service TCP-8443 tcp</P><P> port-object eq 8443</P><P>object-group service TCP-23781 tcp</P><P> port-object eq 23781</P><P>object-group protocol DM_INLINE_PROTOCOL_1</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>access-list outside_in_inside extended permit tcp any host FacileHR-EXT eq www </P><P>access-list outside_in_inside extended deny tcp object-group BLACKLIST any eq smtp inactive </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-EXT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host FacileHR-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-INT </P><P>access-list outside_in_inside extended permit ip any host FacileHR-INT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-INT eq www </P><P>access-list outside_in_inside extended permit tcp any eq www host FacileHR-INT eq www </P><P>access-list outside_in_inside extended permit tcp any host ACCSUN-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any eq ssh host FacileHR-EXT eq ssh </P><P>access-list outside_in_inside extended permit ip any host ACCMX-EXT </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host ADDON-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCIRON-EXT </P><P>access-list outside_in_inside extended permit ip any host NRIYP-EXT </P><P>access-list outside_in_inside extended permit tcp any host NRIYP-EXT eq www </P><P>access-list outside_in_inside extended permit udp any any object-group aptela </P><P>access-list outside_in_inside extended permit udp any host 64.50.254.253 inactive </P><P>access-list outside_in_inside extended deny ip host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny tcp host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny udp host 216.101.194.154 any </P><P>access-list outside_in_inside extended permit tcp any any eq 15250 </P><P>access-list outside_in_inside extended permit tcp any eq 3389 any eq 3389 </P><P>access-list outside_in_inside extended permit tcp any eq 23781 host 192.168.1.121 eq 23781 </P><P>access-list outside_in_inside extended permit tcp any eq smtp any eq smtp inactive </P><P>access-list outside_in_inside extended deny ip any host 192.168.1.188 </P><P>access-list outside_in_inside extended deny tcp any host 192.168.1.188 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq smtp </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq domain </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq https </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-587 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-465 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-993 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-995 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq imap4 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq pop3 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8443 </P><P>access-list outside_in_inside extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit ip any any </P><P>access-list inside_access_in extended permit tcp any any </P><P>access-list inside_access_in extended permit udp any any </P><P>access-list inside_access_in extended deny ip host 216.101.194.154 any </P><P>access-list inside_access_in extended deny tcp host 216.101.194.154 any </P><P>access-list inside_access_in extended deny udp host 216.101.194.154 any </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-7071 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list inside_access_in extended permit tcp any host Kyle object-group TCP-23781 </P><P>access-list inside_access_in extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit object-group TCPUDP host FacileHR-INT any </P><P>access-list inside_access_in extended permit ip any host FacileHR-INT </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host FacileHR-INT eq www </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 192.168.1.0 255.255.255.0 host FacileHR-EXT eq www </P><P>access-list inside_access_out extended permit tcp any any </P><P>access-list inside_access_out extended permit ip any any </P><P>access-list inside_access_out extended permit udp any any </P><P>access-list inside_access_out extended permit tcp any eq 3389 any eq 3389 </P><P>access-list inside_access_out extended permit tcp any eq domain any eq domain </P><P>access-list inside_access_out extended permit udp any eq domain any eq domain </P><P>access-list inside_access_out extended permit tcp any eq www any eq www </P><P>access-list inside_access_out extended permit udp any eq www any eq www </P><P>access-list inside_access_out extended permit tcp any eq https any eq https </P><P>access-list inside_access_out extended permit udp any eq 443 any eq 443 </P><P>access-list inside_access_out extended permit tcp any eq smtp any eq smtp </P><P>pager lines 24</P><P>logging enable</P><P>logging asdm informational</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>ip local pool new 192.168.1.45-192.168.1.50 mask 255.255.255.255</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>icmp permit any inside</P><P>icmp permit any outside</P><P>asdm image disk0:/asdm-625.bin</P><P>no asdm history enable</P><P>arp inside 192.168.1.43 0019.d137.8533 </P><P>arp outside 192.168.1.43 0019.d137.8533 </P><P>arp timeout 14400</P><P>global (inside) 1 interface</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>static (outside,inside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (inside,outside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (outside,inside) ACCSUN-INT ACCSUN-EXT netmask 255.255.255.255 </P><P>static (outside,inside) ACCIRON-INT ACCIRON-EXT netmask 255.255.255.255 </P><P>static (inside,outside) ACCMX-EXT ACCMX-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCSUN-EXT ACCSUN-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCIRON-EXT ACCIRON-INT netmask 255.255.255.255 </P><P>static (inside,outside) NRIYP-EXT NRIYP-INT netmask 255.255.255.255 </P><P>static (inside,outside) ADDON-EXT ADDON-INT netmask 255.255.255.255 </P><P>static (inside,outside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 </P><P>static (inside,inside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 norandomseq nailed </P><P>access-group inside_access_in in interface inside</P><P>access-group inside_access_out out interface inside</P><P>access-group outside_in_inside in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 69.130.7.113 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P>aaa authentication ssh console LOCAL </P><P>aaa authentication http console LOCAL </P><P>aaa authentication telnet console LOCAL </P><P>http server enable</P><P>http 192.168.1.0 255.255.255.0 inside</P><P>snmp-server location AIM Computer Consulting - Closet</P><P><SPAN>snmp-server contact Red Level Networks - </SPAN><A class="jive-link-email-small" href="mailto:support@redlevelnetworks.com">support@redlevelnetworks.com</A></P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac </P><P>crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport</P><P>crypto ipsec security-association lifetime seconds 28800</P><P>crypto ipsec security-association lifetime kilobytes 4608000</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5</P><P>crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP</P><P>crypto map outside_map interface outside</P><P>crypto isakmp policy 10</P><P> authentication crack</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 30</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 50</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash md5</P><P> group 2</P><P> lifetime 86400</P><P>telnet 0.0.0.0 0.0.0.0 inside</P><P>telnet timeout 30</P><P>ssh 0.0.0.0 0.0.0.0 inside</P><P>ssh 0.0.0.0 0.0.0.0 outside</P><P>ssh timeout 15</P><P>console timeout 0</P><P>dhcpd dns ADDON-INT</P><P>dhcpd domain aim-cc.com</P><P>!</P><P>dhcpd address 192.168.1.150-192.168.1.250 inside</P><P>dhcpd enable inside</P><P>!</P><P></P><P>threat-detection basic-threat</P><P>threat-detection statistics</P><P>threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200</P><P>ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1</P><P></P><P>: end</P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P>Result of the command: "access-list inside_test permit icmp any host 192.168.1.186"</P><P></P><P>The command has been sent to the device</P><P></P><P></P><P></P><P>Result of the command: "capture inside_interface access-list inside_test interface inside"</P><P></P><P>The command has been sent to the device</P><P></P><P></P><P></P><P>Result of the command: "show capture inside_interface"</P><P></P><P>4 packets captured</P><P></P><P>&nbsp;&nbsp; 1: 12:15:16.728981 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>&nbsp;&nbsp; 2: 12:15:21.260331 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>&nbsp;&nbsp; 3: 12:15:26.259858 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>&nbsp;&nbsp; 4: 12:15:31.258592 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>4 packets shown</P><P></P><P></P><P></P><P>Result of the command: "show logging"</P><P></P><P>Syslog logging: enabled</P><P>&nbsp;&nbsp;&nbsp; Facility: 20</P><P>&nbsp;&nbsp;&nbsp; Timestamp logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Standby logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Debug-trace logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Console logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Monitor logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Buffer logging: level debugging, 8205 messages logged</P><P>&nbsp;&nbsp;&nbsp; Trap logging: disabled</P><P>&nbsp;&nbsp;&nbsp; History logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Device ID: disabled</P><P>&nbsp;&nbsp;&nbsp; Mail logging: disabled</P><P>&nbsp;&nbsp;&nbsp; ASDM logging: level informational, 21494596 messages logged</P><P>tes 6464 TCP FINs</P><P>%ASA-6-106015: Deny TCP (no connection) from 207.155.253.212/25 to ADDON-EXT/53777 flags FIN PSH ACK&nbsp; on interface outside</P><P>%ASA-6-302014: Teardown TCP connection 10506718 for outside:209.85.218.56/50127 to inside:ACCIRON-INT/25 duration 0:00:30 bytes 13186 TCP FINs</P><P>%ASA-6-305012: Teardown dynamic TCP translation from inside:192.168.1.188/37212 to outside:69.130.7.114/25820 duration 0:01:00</P><P>%ASA-6-302013: Built outbound TCP connection 10507509 for outside:209.85.225.14/25 (209.85.225.14/25) to inside:ACCIRON-INT/43560 (ACCIRON-EXT/43560)</P><P>%ASA-6-302016: Teardown UDP connection 10505434 for outside:192.228.79.201/53 to inside:ACCMX-INT/32768 duration 0:03:09 bytes 667</P><P>%ASA-7-609002: Teardown local-host outside:192.26.92.30 duration 0:12:36</P><P>%ASA-6-302014: Teardown TCP connection 10503790 for outside:64.50.243.27/80 to inside:192.168.1.202/4600 duration 0:05:06 bytes 1800 TCP FINs</P><P>%ASA-6-302014: Teardown TCP connection 10503786 for outside:64.50.243.27/80 to inside:192.168.1.202/4597 duration 0:05:06 bytes 2585 TCP FINs</P><P>%ASA-6-302014: Teardown TCP connection 10503788 for outside:64.50.243.27/80 to inside:192.168.1.202/4598 duration 0:05:06 bytes 7068 TCP FINs</P><P>%ASA-6-302014: Teardown TCP connection 10489607 for outside:74.125.225.93/443 to inside:192.168.1.173/49659 duration 0:26:10 bytes 36449 TCP Reset-I</P><P>%ASA-6-305012: Teardown dynamic TCP translation from inside:192.168.1.181/59641 to outside:69.130.7.114/33656 duration 0:00:30</P><P>%ASA-6-302015: Built outbound UDP connection 10507510 for outside:216.165.129.157/53 (216.165.129.157/53) to inside:ADDON-INT/19434 (ADDON-EXT/19434)</P><P>%ASA-6-302016: Teardown UDP connection 10507510 for outside:216.165.129.157/53 to inside:ADDON-INT/19434 duration 0:00:00 bytes 354</P><P>%ASA-6-302014: Teardown TCP connection 10507487 for outside:122.169.129.112/4999 to inside:ADDON-INT/995 duration 0:00:03 bytes 6472 TCP FINs</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.170/50538 to outside:69.130.7.114/1602</P><P>%ASA-6-302013: Built outbound TCP connection 10507511 for outside:67.195.186.236/80 (67.195.186.236/80) to inside:192.168.1.170/50538 (69.130.7.114/1602)</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.173/49760 to outside:69.130.7.114/57521</P><P>%ASA-6-302013: Built outbound TCP connection 10507512 for outside:74.125.225.84/80 (74.125.225.84/80) to inside:192.168.1.173/49760 (69.130.7.114/57521)</P><P>%ASA-6-302013: Built inbound TCP connection 10507513 for outside:209.85.213.184/46523 (209.85.213.184/46523) to inside:ACCIRON-INT/25 (ACCIRON-EXT/25)</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.170/50539 to outside:69.130.7.114/31933</P><P>%ASA-6-302013: Built outbound TCP connection 10507514 for outside:98.139.240.23/80 (98.139.240.23/80) to inside:192.168.1.170/50539 (69.130.7.114/31933)</P><P>%ASA-6-302014: Teardown TCP connection 10507511 for outside:67.195.186.236/80 to inside:192.168.1.170/50538 duration 0:00:00 bytes 1893 TCP FINs</P><P>%ASA-6-302015: Built outbound UDP connection 10507515 for outside:216.165.129.157/53 (216.165.129.157/53) to inside:ADDON-INT/34614 (ADDON-EXT/34614)</P><P>%ASA-6-302016: Teardown UDP connection 10507515 for outside:216.165.129.157/53 to inside:ADDON-INT/34614 duration 0:00:00 bytes 473</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.173/49761 to outside:69.130.7.114/2730</P><P>%ASA-6-302013: Built outbound TCP connection 10507516 for outside:74.125.225.78/443 (74.125.225.78/443) to inside:192.168.1.173/49761 (69.130.7.114/2730)</P><P>%ASA-6-302014: Teardown TCP connection 10507514 for outside:98.139.240.23/80 to inside:192.168.1.170/50539 duration 0:00:00 bytes 1422 TCP FINs</P><P>%ASA-6-302013: Built inbound TCP connection 10507517 for inside:Kyle/52576 (Kyle/52576) to identity:192.168.1.1/443 (192.168.1.1/443)</P><P>%ASA-6-725001: Starting SSL handshake with client inside:Kyle/52576 for TLSv1 session.</P><P>%ASA-6-725003: SSL client inside:Kyle/52576 request to resume previous session.</P><P>%ASA-6-725002: Device completed SSL handshake with client inside:Kyle/52576</P><P>%ASA-5-111007: Begin configuration: Kyle reading from http [POST]</P></BODY></HTML> Tue, 19 Jul 2011 17:32:04 GMT bluemookie 2011-07-19T17:32:04Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710037#M535577 <P>Hello, </P><P></P><P> I am fairly new to the networking world, and I set up a web server that connects from the internal network, to the outside world. This functionality works, but something surpriseing appears to happen. I am unable to ping the server from the computers on the same network. Also I am unable to go to the website on the outside from the internal network. I am using the cisco asdm 6.2 interface to make the changes. If there is any advice you may be able to provide, I would greatly appreciate it. I suspect its a nat rule but I could be wrong, below I have a copy/paste of running config.</P><P></P><P>Clarifying: On other networks other then ours we can reach facilehr.com, but trying to access it via the web url, or internal IP we are unabel to access it.</P><P></P><P><SPAN>Domain: </SPAN><A class="jive-link-external-small" href="http://facilehr.com" target="_blank">http://facilehr.com</A></P><P>Internal IP: 192.168.1.186 Port forward to 81</P><P>internal network 192.168.1.0/24</P><P></P><P>Result of the command: "show running-config"</P><P></P><P>: Saved</P><P>:</P><P>ASA Version 8.2(2) </P><P>!</P><P></P><P>names</P><P>name 192.168.1.25 ACCMX-INT</P><P>name 192.168.1.44 ACCSUN-INT</P><P>name 192.168.1.28 ACCIRON-INT</P><P>name 69.130.7.116 ACCIRON-EXT</P><P>name 69.130.7.115 ACCMX-EXT</P><P>name 69.130.7.117 ACCSUN-EXT</P><P>name 69.130.7.118 FacileHR-EXT</P><P>name 69.130.7.120 NRIYP-EXT</P><P>name 69.130.7.126 ADDON-EXT</P><P>name 192.168.1.26 ADDON-INT</P><P>name 192.168.1.21 Kyle</P><P>name 192.168.1.30 NRIYP-INT</P><P>name 192.168.1.186 FacileHR-INT</P><P>!</P><P>interface Vlan1</P><P> description LAN [INSIDE INTERFACE]</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.1.1 255.255.255.0 </P><P>!</P><P>interface Vlan2</P><P> description T1 LINE [EXTERNAL INTERFACE]</P><P> nameif outside</P><P> security-level 0</P><P> ip address 69.130.7.114 255.255.255.240 </P><P>!</P><P>interface Ethernet0/0</P><P> switchport access vlan 2</P><P>!</P><P>interface Ethernet0/1</P><P>!</P><P>interface Ethernet0/2</P><P>!</P><P>interface Ethernet0/3</P><P>!</P><P>interface Ethernet0/4</P><P>!</P><P>interface Ethernet0/5</P><P>!</P><P>interface Ethernet0/6</P><P>!</P><P>interface Ethernet0/7</P><P>!</P><P>boot system disk0:/asa822-k8.bin</P><P>ftp mode passive</P><P>clock timezone EST -5</P><P>clock summer-time EDT recurring</P><P>dns server-group DefaultDNS</P><P> domain-name aim-cc.com</P><P>object-group service aptela udp</P><P> description for Aptela Phones</P><P> port-object range 10000 20000</P><P> port-object range sip 5061</P><P>object-group service RDP tcp-udp</P><P> port-object range 3389 3389</P><P>object-group network BLACKLIST</P><P> network-object host 190.18.107.140</P><P> network-object host 121.244.106.2</P><P> network-object host 187.11.194.28</P><P> network-object host 188.2.237.199</P><P> network-object host 190.48.38.184</P><P> network-object host 201.47.229.72</P><P> network-object host 207.155.250.20</P><P> network-object host 209.85.160.56</P><P> network-object host 209.85.222.199</P><P> network-object host 63.246.10.50</P><P> network-object host 66.77.56.84</P><P> network-object host 83.168.1.28</P><P> network-object host 124.121.68.190</P><P> network-object host 174.35.12.35</P><P> network-object host 174.37.81.160</P><P> network-object host 188.192.97.110</P><P> network-object host 188.38.164.31</P><P> network-object host 208.75.123.162</P><P> network-object host 41.131.81.19</P><P> network-object host 65.168.1.28</P><P> network-object host 74.125.83.174</P><P> network-object host 74.125.83.184</P><P> network-object host 74.208.4.191</P><P> network-object host 82.230.100.32</P><P> network-object host 89.173.0.9</P><P> network-object host 89.228.129.126</P><P> network-object host 93.86.217.140</P><P> network-object host 123.21.107.67</P><P> network-object host 178.92.126.228</P><P> network-object host 189.10.192.107</P><P> network-object host 189.55.158.40</P><P> network-object host 189.70.186.225</P><P> network-object host 201.11.0.98</P><P> network-object host 207.250.58.8</P><P> network-object host 208.75.123.163</P><P> network-object host 208.75.123.226</P><P> network-object host 209.85.211.156</P><P> network-object host 209.85.221.146</P><P> network-object host 209.85.222.159</P><P> network-object host 211.170.114.154</P><P> network-object host 24.38.18.233</P><P> network-object host 64.49.82.68</P><P> network-object host 64.50.170.80</P><P> network-object host 65.217.159.98</P><P> network-object host 68.200.154.75</P><P> network-object host 74.208.4.195</P><P> network-object host 75.146.94.187</P><P> network-object host 80.14.122.109</P><P> network-object host 92.84.207.252</P><P> network-object host 93.153.0.155</P><P> network-object host 93.73.179.61</P><P> network-object host 96.252.6.79</P><P> network-object host 99.174.113.44</P><P> network-object host 117.6.64.137</P><P> network-object host 178.93.144.158</P><P> network-object host 190.245.171.12</P><P> network-object host 195.174.128.15</P><P> network-object host 199.238.178.138</P><P> network-object host 208.75.123.228</P><P> network-object host 209.85.217.193</P><P> network-object host 24.103.215.120</P><P> network-object host 74.208.4.194</P><P> network-object host 84.24.253.217</P><P> network-object host 98.117.251.114</P><P> network-object host 12.164.54.36</P><P> network-object host 160.75.192.3</P><P> network-object host 186.87.3.225</P><P> network-object host 190.174.208.57</P><P> network-object host 190.59.189.71</P><P> network-object host 201.4.160.18</P><P> network-object host 207.155.248.47</P><P> network-object host 208.111.169.150</P><P> network-object host 208.89.132.145</P><P> network-object host 209.85.160.46</P><P> network-object host 209.85.210.163</P><P> network-object host 62.248.88.175</P><P> network-object host 64.202.189.25</P><P> network-object host 66.165.70.198</P><P> network-object host 67.132.93.114</P><P> network-object host 69.174.244.158</P><P> network-object host 69.67.52.156</P><P> network-object host 69.74.142.209</P><P> network-object host 74.125.92.25</P><P> network-object host 74.203.196.51</P><P> network-object host 79.110.128.212</P><P> network-object host 87.70.217.30</P><P> network-object host 88.146.41.234</P><P> network-object host 88.76.127.77</P><P> network-object host 93.86.37.241</P><P> network-object host 94.70.115.94</P><P> network-object host 95.168.100.87</P><P> network-object host 123.201.69.230</P><P> network-object host 186.9.50.90</P><P> network-object host 189.73.235.78</P><P> network-object host 195.2.236.11</P><P> network-object host 202.63.105.220</P><P> network-object host 205.178.146.55</P><P> network-object host 205.178.146.57</P><P> network-object host 205.178.146.58</P><P> network-object host 205.178.146.61</P><P> network-object host 209.85.160.184</P><P> network-object host 209.85.221.171</P><P> network-object host 218.147.37.219</P><P> network-object host 64.120.250.82</P><P> network-object host 66.227.62.183</P><P> network-object host 67.228.227.25</P><P> network-object host 87.109.179.247</P><P> network-object host 87.163.5.34</P><P> network-object host 89.78.170.200</P><P> network-object host 89.78.3.139</P><P> network-object host 92.29.204.146</P><P> network-object host 94.189.180.81</P><P> network-object host 95.180.64.244</P><P> network-object host 122.169.182.129</P><P> network-object host 122.169.182.213</P><P> network-object host 111.224.250.131</P><P> network-object host 115.184.136.110</P><P> network-object host 123.176.39.134</P><P> network-object host 123.237.6.173</P><P> network-object host 209.250.243.135</P><P> network-object host 216.87.164.19</P><P> network-object host 217.23.15.143</P><P> network-object host 61.49.36.166</P><P> network-object host 67.138.108.151</P><P> network-object host 67.138.109.158</P><P> network-object host 111.118.156.170</P><P> network-object host 111.224.250.132</P><P> network-object host 111.224.250.133</P><P> network-object host 117.96.18.118</P><P> network-object host 121.151.149.220</P><P> network-object host 121.183.243.205</P><P> network-object host 123.19.170.237</P><P> network-object host 125.176.14.67</P><P> network-object host 183.107.94.151</P><P> network-object host 183.97.35.5</P><P> network-object host 186.104.230.5</P><P> network-object host 187.52.232.152</P><P> network-object host 189.211.159.220</P><P> network-object host 190.102.239.219</P><P> network-object host 190.235.13.233</P><P> network-object host 190.35.206.68</P><P> network-object host 190.7.109.65</P><P> network-object host 200.87.116.58</P><P> network-object host 204.188.223.222</P><P> network-object host 204.45.2.197</P><P> network-object host 208.83.232.3</P><P> network-object host 209.250.243.107</P><P> network-object host 209.250.243.15</P><P> network-object host 209.250.243.83</P><P> network-object host 212.200.197.62</P><P> network-object host 216.1.203.94</P><P> network-object host 220.227.80.226</P><P> network-object host 41.186.0.212</P><P> network-object host 41.249.114.143</P><P> network-object host 58.26.151.196</P><P> network-object host 62.19.51.5</P><P> network-object host 64.212.196.228</P><P> network-object host 67.138.109.68</P><P> network-object host 67.138.110.68</P><P> network-object host 68.142.134.126</P><P> network-object host 70.98.204.112</P><P> network-object host 70.98.205.140</P><P> network-object host 70.98.205.165</P><P> network-object host 74.63.107.46</P><P> network-object host 78.97.189.115</P><P> network-object host 79.106.2.46</P><P> network-object host 84.22.56.50</P><P> network-object host 89.123.211.42</P><P> network-object host 89.46.84.214</P><P> network-object host 90.169.74.53</P><P> network-object host 90.185.163.176</P><P> network-object host 95.35.16.79</P><P> network-object host 95.65.253.179</P><P>object-group service SMTP-587 tcp</P><P> description SMTP 587</P><P> port-object eq 587</P><P>object-group service smtp-587 tcp</P><P> description smtp 587</P><P> port-object eq 587</P><P>object-group protocol TCPUDP</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>object-group service SMTP-465 tcp</P><P> port-object eq 465</P><P>object-group service TCP-993 tcp</P><P> port-object eq 993</P><P>object-group service TCP-995 tcp</P><P> port-object eq 995</P><P>object-group service TCP-7071 tcp</P><P> port-object eq 7071</P><P>object-group service TCP-10000 tcp</P><P> port-object eq 10000</P><P>object-group service TCP-8080 tcp</P><P> port-object eq 8080</P><P>object-group service TCP-8443 tcp</P><P> port-object eq 8443</P><P>object-group service TCP-23781 tcp</P><P> port-object eq 23781</P><P>object-group protocol DM_INLINE_PROTOCOL_1</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>access-list outside_in_inside extended permit tcp any host FacileHR-EXT eq www </P><P>access-list outside_in_inside extended deny tcp object-group BLACKLIST any eq smtp inactive </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-EXT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host FacileHR-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-INT </P><P>access-list outside_in_inside extended permit ip any host FacileHR-INT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-INT eq www </P><P>access-list outside_in_inside extended permit tcp any eq www host FacileHR-INT eq www </P><P>access-list outside_in_inside extended permit tcp any host ACCSUN-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any eq ssh host FacileHR-EXT eq ssh </P><P>access-list outside_in_inside extended permit ip any host ACCMX-EXT </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host ADDON-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCIRON-EXT </P><P>access-list outside_in_inside extended permit ip any host NRIYP-EXT </P><P>access-list outside_in_inside extended permit tcp any host NRIYP-EXT eq www </P><P>access-list outside_in_inside extended permit udp any any object-group aptela </P><P>access-list outside_in_inside extended permit udp any host 64.50.254.253 inactive </P><P>access-list outside_in_inside extended deny ip host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny tcp host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny udp host 216.101.194.154 any </P><P>access-list outside_in_inside extended permit tcp any any eq 15250 </P><P>access-list outside_in_inside extended permit tcp any eq 3389 any eq 3389 </P><P>access-list outside_in_inside extended permit tcp any eq 23781 host 192.168.1.121 eq 23781 </P><P>access-list outside_in_inside extended permit tcp any eq smtp any eq smtp inactive </P><P>access-list outside_in_inside extended deny ip any host 192.168.1.188 </P><P>access-list outside_in_inside extended deny tcp any host 192.168.1.188 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq smtp </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq domain </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq https </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-587 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-465 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-993 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-995 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq imap4 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq pop3 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8443 </P><P>access-list outside_in_inside extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit ip any any </P><P>access-list inside_access_in extended permit tcp any any </P><P>access-list inside_access_in extended permit udp any any </P><P>access-list inside_access_in extended deny ip host 216.101.194.154 any </P><P>access-list inside_access_in extended deny tcp host 216.101.194.154 any </P><P>access-list inside_access_in extended deny udp host 216.101.194.154 any </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-7071 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list inside_access_in extended permit tcp any host Kyle object-group TCP-23781 </P><P>access-list inside_access_in extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit object-group TCPUDP host FacileHR-INT any </P><P>access-list inside_access_in extended permit ip any host FacileHR-INT </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host FacileHR-INT eq www </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 192.168.1.0 255.255.255.0 host FacileHR-EXT eq www </P><P>access-list inside_access_out extended permit tcp any any </P><P>access-list inside_access_out extended permit ip any any </P><P>access-list inside_access_out extended permit udp any any </P><P>access-list inside_access_out extended permit tcp any eq 3389 any eq 3389 </P><P>access-list inside_access_out extended permit tcp any eq domain any eq domain </P><P>access-list inside_access_out extended permit udp any eq domain any eq domain </P><P>access-list inside_access_out extended permit tcp any eq www any eq www </P><P>access-list inside_access_out extended permit udp any eq www any eq www </P><P>access-list inside_access_out extended permit tcp any eq https any eq https </P><P>access-list inside_access_out extended permit udp any eq 443 any eq 443 </P><P>access-list inside_access_out extended permit tcp any eq smtp any eq smtp </P><P>pager lines 24</P><P>logging enable</P><P>logging asdm informational</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>ip local pool new 192.168.1.45-192.168.1.50 mask 255.255.255.255</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>icmp permit any inside</P><P>icmp permit any outside</P><P>asdm image disk0:/asdm-625.bin</P><P>no asdm history enable</P><P>arp inside 192.168.1.43 0019.d137.8533 </P><P>arp outside 192.168.1.43 0019.d137.8533 </P><P>arp timeout 14400</P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.168.1.0 255.255.255.0</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>static (outside,inside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (inside,outside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (outside,inside) ACCSUN-INT ACCSUN-EXT netmask 255.255.255.255 </P><P>static (outside,inside) ACCIRON-INT ACCIRON-EXT netmask 255.255.255.255 </P><P>static (inside,outside) ACCMX-EXT ACCMX-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCSUN-EXT ACCSUN-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCIRON-EXT ACCIRON-INT netmask 255.255.255.255 </P><P>static (inside,outside) NRIYP-EXT NRIYP-INT netmask 255.255.255.255 </P><P>static (inside,outside) ADDON-EXT ADDON-INT netmask 255.255.255.255 </P><P>static (inside,outside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 </P><P>access-group inside_access_in in interface inside</P><P>access-group inside_access_out out interface inside</P><P>access-group outside_in_inside in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 69.130.7.113 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P>aaa authentication ssh console LOCAL </P><P>aaa authentication http console LOCAL </P><P>aaa authentication telnet console LOCAL </P><P>http server enable</P><P>http 192.168.1.0 255.255.255.0 inside</P><P>snmp-server location AIM Computer Consulting - Closet</P><P><SPAN>snmp-server contact Red Level Networks - </SPAN><A class="jive-link-email-small" href="mailto:support@redlevelnetworks.com" target="_blank">support@redlevelnetworks.com</A></P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac </P><P>crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport</P><P>crypto ipsec security-association lifetime seconds 28800</P><P>crypto ipsec security-association lifetime kilobytes 4608000</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5</P><P>crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP</P><P>crypto map outside_map interface outside</P><P>crypto isakmp policy 10</P><P> authentication crack</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 30</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 50</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash md5</P><P> group 2</P><P> lifetime 86400</P><P>telnet 0.0.0.0 0.0.0.0 inside</P><P>telnet timeout 30</P><P>ssh 0.0.0.0 0.0.0.0 inside</P><P>ssh 0.0.0.0 0.0.0.0 outside</P><P>ssh timeout 15</P><P>console timeout 0</P><P>dhcpd dns ADDON-INT</P><P>dhcpd domain aim-cc.com</P><P>!</P><P>dhcpd address 192.168.1.150-192.168.1.250 inside</P><P>dhcpd enable inside</P><P>!</P><P></P><P>threat-detection basic-threat</P><P>threat-detection statistics</P><P>threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200</P><P>ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1</P><P>webvpn</P><P>group-policy DefaultRAGroup internal</P><P>group-policy DefaultRAGroup attributes</P><P> wins-server value 192.168.1.189 192.168.1.26</P><P> dns-server value 192.168.1.189 192.168.1.26</P><P> vpn-tunnel-protocol l2tp-ipsec </P><P> default-domain value Addon</P><P>group-policy DefaultRAGroup_1 internal</P><P>group-policy DefaultRAGroup_1 attributes</P><P> dns-server value 192.168.1.189 192.168.1.26</P><P> vpn-tunnel-protocol l2tp-ipsec </P><P> default-domain value Addon</P><P>group-policy addonusa internal</P><P>group-policy addonusa attributes</P><P> wins-server value 192.168.1.189 192.168.1.26</P><P> dns-server value 192.168.1.189 192.168.1.26</P><P> vpn-tunnel-protocol IPSec </P><P> default-domain value Addon</P><P>username Patrick.Addon nopassword privilege 0</P><P>username Patrick.Addon attributes</P><P> vpn-group-policy addonusa</P><P>username redlevel password OqxvfJhMsUFUOSg7 encrypted privilege 15</P><P>username aimfwadm password a87SLutMml8bG8MZ encrypted privilege 15</P><P>tunnel-group DefaultRAGroup general-attributes</P><P> address-pool new</P><P> default-group-policy DefaultRAGroup_1</P><P>tunnel-group DefaultRAGroup ipsec-attributes</P><P> pre-shared-key *****</P><P>tunnel-group addonusa type remote-access</P><P>tunnel-group addonusa general-attributes</P><P> default-group-policy addonusa</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map type inspect dns preset_dns_map</P><P> parameters</P><P>&nbsp; message-length maximum 512</P><P>policy-map global_policy</P><P> class inspection_default</P><P>&nbsp; inspect dns preset_dns_map </P><P>&nbsp; inspect ftp </P><P>&nbsp; inspect h323 h225 </P><P>&nbsp; inspect h323 ras </P><P>&nbsp; inspect rsh </P><P>&nbsp; inspect rtsp </P><P>&nbsp; inspect sqlnet </P><P>&nbsp; inspect skinny&nbsp; </P><P>&nbsp; inspect sunrpc </P><P>&nbsp; inspect xdmcp </P><P>&nbsp; inspect sip&nbsp; </P><P>&nbsp; inspect netbios </P><P>&nbsp; inspect tftp </P><P>&nbsp; inspect ip-options </P><P>policy-map global-policy</P><P> class inspection_default</P><P>!</P><P>service-policy global_policy global</P><P>prompt hostname context </P><P>call-home</P><P> profile CiscoTAC-1</P><P>&nbsp; no active</P><P><SPAN>&nbsp; destination address http </SPAN><A class="jive-link-external-small" href="https://tools.cisco.com/its/service/oddce/services/DDCEService" target="_blank">https://tools.cisco.com/its/service/oddce/services/DDCEService</A></P><P><SPAN>&nbsp; destination address email </SPAN><A class="jive-link-email-small" href="mailto:callhome@cisco.com" target="_blank">callhome@cisco.com</A></P><P>&nbsp; destination transport-method http</P><P>&nbsp; subscribe-to-alert-group diagnostic</P><P>&nbsp; subscribe-to-alert-group environment</P><P>&nbsp; subscribe-to-alert-group inventory periodic monthly</P><P>&nbsp; subscribe-to-alert-group configuration periodic monthly</P><P>&nbsp; subscribe-to-alert-group telemetry periodic daily</P><P>Cryptochecksum:20abefdb02ddf76a4c8656fa30da43cd</P><P>: end</P> Mon, 11 Mar 2019 21:00:40 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710037#M535577 bluemookie 2019-03-11T21:00:40Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710038#M535578 <HTML><HEAD></HEAD><BODY><P>Hi Kyle,</P><P></P><P>What you are trying to do on the ASA is called u-turning, you would need the following config for it:</P><P></P><P>global (inside) 1 interface</P><P>static (inside,inside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 </P><P>same-security-traffic permit intra-interface</P><P></P><P>Try adding these commands, and ping after that. If it still doesn'y ping, paste the config(the one after making the changes) , i'll have a look at it.</P><P></P><P>Hope this helps</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 19 Jul 2011 16:05:27 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710038#M535578 varrao 2011-07-19T16:05:27Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710039#M535579 <HTML><HEAD></HEAD><BODY><P>Varun,</P><P></P><P>Thank you by the way for your help, it is greatly appreciated. I entered the commands, but I am still unable to ping/access. </P><P></P><P>below I have a copy/paste of the config again.</P><P>Result of the command: "show running-config"</P><P></P><P>: Saved</P><P>:</P><P>ASA Version 8.2(2) </P><P>!</P><P></P><P>names</P><P>name 192.168.1.25 ACCMX-INT</P><P>name 192.168.1.44 ACCSUN-INT</P><P>name 192.168.1.28 ACCIRON-INT</P><P>name 69.130.7.116 ACCIRON-EXT</P><P>name 69.130.7.115 ACCMX-EXT</P><P>name 69.130.7.117 ACCSUN-EXT</P><P>name 69.130.7.118 FacileHR-EXT</P><P>name 69.130.7.120 NRIYP-EXT</P><P>name 69.130.7.126 ADDON-EXT</P><P>name 192.168.1.26 ADDON-INT</P><P>name 192.168.1.21 Kyle</P><P>name 192.168.1.30 NRIYP-INT</P><P>name 192.168.1.186 FacileHR-INT</P><P>!</P><P>interface Vlan1</P><P> description LAN [INSIDE INTERFACE]</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.1.1 255.255.255.0 </P><P>!</P><P>interface Vlan2</P><P> description T1 LINE [EXTERNAL INTERFACE]</P><P> nameif outside</P><P> security-level 0</P><P> ip address 69.130.7.114 255.255.255.240 </P><P>!</P><P>interface Ethernet0/0</P><P> switchport access vlan 2</P><P>!</P><P>interface Ethernet0/1</P><P>!</P><P>interface Ethernet0/2</P><P>!</P><P>interface Ethernet0/3</P><P>!</P><P>interface Ethernet0/4</P><P>!</P><P>interface Ethernet0/5</P><P>!</P><P>interface Ethernet0/6</P><P>!</P><P>interface Ethernet0/7</P><P>!</P><P>boot system disk0:/asa822-k8.bin</P><P>ftp mode passive</P><P>clock timezone EST -5</P><P>clock summer-time EDT recurring</P><P>dns server-group DefaultDNS</P><P> domain-name aim-cc.com</P><P>same-security-traffic permit intra-interface</P><P>object-group service aptela udp</P><P> description for Aptela Phones</P><P> port-object range 10000 20000</P><P> port-object range sip 5061</P><P>object-group service RDP tcp-udp</P><P> port-object range 3389 3389</P><P>object-group network BLACKLIST</P><P> network-object host 190.18.107.140</P><P> network-object host 121.244.106.2</P><P> network-object host 187.11.194.28</P><P> network-object host 188.2.237.199</P><P> network-object host 190.48.38.184</P><P> network-object host 201.47.229.72</P><P> network-object host 207.155.250.20</P><P> network-object host 209.85.160.56</P><P> network-object host 209.85.222.199</P><P> network-object host 63.246.10.50</P><P> network-object host 66.77.56.84</P><P> network-object host 83.168.1.28</P><P> network-object host 124.121.68.190</P><P> network-object host 174.35.12.35</P><P> network-object host 174.37.81.160</P><P> network-object host 188.192.97.110</P><P> network-object host 188.38.164.31</P><P> network-object host 208.75.123.162</P><P> network-object host 41.131.81.19</P><P> network-object host 65.168.1.28</P><P> network-object host 74.125.83.174</P><P> network-object host 74.125.83.184</P><P> network-object host 74.208.4.191</P><P> network-object host 82.230.100.32</P><P> network-object host 89.173.0.9</P><P> network-object host 89.228.129.126</P><P> network-object host 93.86.217.140</P><P> network-object host 123.21.107.67</P><P> network-object host 178.92.126.228</P><P> network-object host 189.10.192.107</P><P> network-object host 189.55.158.40</P><P> network-object host 189.70.186.225</P><P> network-object host 201.11.0.98</P><P> network-object host 207.250.58.8</P><P> network-object host 208.75.123.163</P><P> network-object host 208.75.123.226</P><P> network-object host 209.85.211.156</P><P> network-object host 209.85.221.146</P><P> network-object host 209.85.222.159</P><P> network-object host 211.170.114.154</P><P> network-object host 24.38.18.233</P><P> network-object host 64.49.82.68</P><P> network-object host 64.50.170.80</P><P> network-object host 65.217.159.98</P><P> network-object host 68.200.154.75</P><P> network-object host 74.208.4.195</P><P> network-object host 75.146.94.187</P><P> network-object host 80.14.122.109</P><P> network-object host 92.84.207.252</P><P> network-object host 93.153.0.155</P><P> network-object host 93.73.179.61</P><P> network-object host 96.252.6.79</P><P> network-object host 99.174.113.44</P><P> network-object host 117.6.64.137</P><P> network-object host 178.93.144.158</P><P> network-object host 190.245.171.12</P><P> network-object host 195.174.128.15</P><P> network-object host 199.238.178.138</P><P> network-object host 208.75.123.228</P><P> network-object host 209.85.217.193</P><P> network-object host 24.103.215.120</P><P> network-object host 74.208.4.194</P><P> network-object host 84.24.253.217</P><P> network-object host 98.117.251.114</P><P> network-object host 12.164.54.36</P><P> network-object host 160.75.192.3</P><P> network-object host 186.87.3.225</P><P> network-object host 190.174.208.57</P><P> network-object host 190.59.189.71</P><P> network-object host 201.4.160.18</P><P> network-object host 207.155.248.47</P><P> network-object host 208.111.169.150</P><P> network-object host 208.89.132.145</P><P> network-object host 209.85.160.46</P><P> network-object host 209.85.210.163</P><P> network-object host 62.248.88.175</P><P> network-object host 64.202.189.25</P><P> network-object host 66.165.70.198</P><P> network-object host 67.132.93.114</P><P> network-object host 69.174.244.158</P><P> network-object host 69.67.52.156</P><P> network-object host 69.74.142.209</P><P> network-object host 74.125.92.25</P><P> network-object host 74.203.196.51</P><P> network-object host 79.110.128.212</P><P> network-object host 87.70.217.30</P><P> network-object host 88.146.41.234</P><P> network-object host 88.76.127.77</P><P> network-object host 93.86.37.241</P><P> network-object host 94.70.115.94</P><P> network-object host 95.168.100.87</P><P> network-object host 123.201.69.230</P><P> network-object host 186.9.50.90</P><P> network-object host 189.73.235.78</P><P> network-object host 195.2.236.11</P><P> network-object host 202.63.105.220</P><P> network-object host 205.178.146.55</P><P> network-object host 205.178.146.57</P><P> network-object host 205.178.146.58</P><P> network-object host 205.178.146.61</P><P> network-object host 209.85.160.184</P><P> network-object host 209.85.221.171</P><P> network-object host 218.147.37.219</P><P> network-object host 64.120.250.82</P><P> network-object host 66.227.62.183</P><P> network-object host 67.228.227.25</P><P> network-object host 87.109.179.247</P><P> network-object host 87.163.5.34</P><P> network-object host 89.78.170.200</P><P> network-object host 89.78.3.139</P><P> network-object host 92.29.204.146</P><P> network-object host 94.189.180.81</P><P> network-object host 95.180.64.244</P><P> network-object host 122.169.182.129</P><P> network-object host 122.169.182.213</P><P> network-object host 111.224.250.131</P><P> network-object host 115.184.136.110</P><P> network-object host 123.176.39.134</P><P> network-object host 123.237.6.173</P><P> network-object host 209.250.243.135</P><P> network-object host 216.87.164.19</P><P> network-object host 217.23.15.143</P><P> network-object host 61.49.36.166</P><P> network-object host 67.138.108.151</P><P> network-object host 67.138.109.158</P><P> network-object host 111.118.156.170</P><P> network-object host 111.224.250.132</P><P> network-object host 111.224.250.133</P><P> network-object host 117.96.18.118</P><P> network-object host 121.151.149.220</P><P> network-object host 121.183.243.205</P><P> network-object host 123.19.170.237</P><P> network-object host 125.176.14.67</P><P> network-object host 183.107.94.151</P><P> network-object host 183.97.35.5</P><P> network-object host 186.104.230.5</P><P> network-object host 187.52.232.152</P><P> network-object host 189.211.159.220</P><P> network-object host 190.102.239.219</P><P> network-object host 190.235.13.233</P><P> network-object host 190.35.206.68</P><P> network-object host 190.7.109.65</P><P> network-object host 200.87.116.58</P><P> network-object host 204.188.223.222</P><P> network-object host 204.45.2.197</P><P> network-object host 208.83.232.3</P><P> network-object host 209.250.243.107</P><P> network-object host 209.250.243.15</P><P> network-object host 209.250.243.83</P><P> network-object host 212.200.197.62</P><P> network-object host 216.1.203.94</P><P> network-object host 220.227.80.226</P><P> network-object host 41.186.0.212</P><P> network-object host 41.249.114.143</P><P> network-object host 58.26.151.196</P><P> network-object host 62.19.51.5</P><P> network-object host 64.212.196.228</P><P> network-object host 67.138.109.68</P><P> network-object host 67.138.110.68</P><P> network-object host 68.142.134.126</P><P> network-object host 70.98.204.112</P><P> network-object host 70.98.205.140</P><P> network-object host 70.98.205.165</P><P> network-object host 74.63.107.46</P><P> network-object host 78.97.189.115</P><P> network-object host 79.106.2.46</P><P> network-object host 84.22.56.50</P><P> network-object host 89.123.211.42</P><P> network-object host 89.46.84.214</P><P> network-object host 90.169.74.53</P><P> network-object host 90.185.163.176</P><P> network-object host 95.35.16.79</P><P> network-object host 95.65.253.179</P><P>object-group service SMTP-587 tcp</P><P> description SMTP 587</P><P> port-object eq 587</P><P>object-group service smtp-587 tcp</P><P> description smtp 587</P><P> port-object eq 587</P><P>object-group protocol TCPUDP</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>object-group service SMTP-465 tcp</P><P> port-object eq 465</P><P>object-group service TCP-993 tcp</P><P> port-object eq 993</P><P>object-group service TCP-995 tcp</P><P> port-object eq 995</P><P>object-group service TCP-7071 tcp</P><P> port-object eq 7071</P><P>object-group service TCP-10000 tcp</P><P> port-object eq 10000</P><P>object-group service TCP-8080 tcp</P><P> port-object eq 8080</P><P>object-group service TCP-8443 tcp</P><P> port-object eq 8443</P><P>object-group service TCP-23781 tcp</P><P> port-object eq 23781</P><P>object-group protocol DM_INLINE_PROTOCOL_1</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>access-list outside_in_inside extended permit tcp any host FacileHR-EXT eq www </P><P>access-list outside_in_inside extended deny tcp object-group BLACKLIST any eq smtp inactive </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-EXT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host FacileHR-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-INT </P><P>access-list outside_in_inside extended permit ip any host FacileHR-INT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-INT eq www </P><P>access-list outside_in_inside extended permit tcp any eq www host FacileHR-INT eq www </P><P>access-list outside_in_inside extended permit tcp any host ACCSUN-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any eq ssh host FacileHR-EXT eq ssh </P><P>access-list outside_in_inside extended permit ip any host ACCMX-EXT </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host ADDON-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCIRON-EXT </P><P>access-list outside_in_inside extended permit ip any host NRIYP-EXT </P><P>access-list outside_in_inside extended permit tcp any host NRIYP-EXT eq www </P><P>access-list outside_in_inside extended permit udp any any object-group aptela </P><P>access-list outside_in_inside extended permit udp any host 64.50.254.253 inactive </P><P>access-list outside_in_inside extended deny ip host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny tcp host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny udp host 216.101.194.154 any </P><P>access-list outside_in_inside extended permit tcp any any eq 15250 </P><P>access-list outside_in_inside extended permit tcp any eq 3389 any eq 3389 </P><P>access-list outside_in_inside extended permit tcp any eq 23781 host 192.168.1.121 eq 23781 </P><P>access-list outside_in_inside extended permit tcp any eq smtp any eq smtp inactive </P><P>access-list outside_in_inside extended deny ip any host 192.168.1.188 </P><P>access-list outside_in_inside extended deny tcp any host 192.168.1.188 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq smtp </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq domain </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq https </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-587 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-465 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-993 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-995 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq imap4 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq pop3 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8443 </P><P>access-list outside_in_inside extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit ip any any </P><P>access-list inside_access_in extended permit tcp any any </P><P>access-list inside_access_in extended permit udp any any </P><P>access-list inside_access_in extended deny ip host 216.101.194.154 any </P><P>access-list inside_access_in extended deny tcp host 216.101.194.154 any </P><P>access-list inside_access_in extended deny udp host 216.101.194.154 any </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-7071 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list inside_access_in extended permit tcp any host Kyle object-group TCP-23781 </P><P>access-list inside_access_in extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit object-group TCPUDP host FacileHR-INT any </P><P>access-list inside_access_in extended permit ip any host FacileHR-INT </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host FacileHR-INT eq www </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 192.168.1.0 255.255.255.0 host FacileHR-EXT eq www </P><P>access-list inside_access_out extended permit tcp any any </P><P>access-list inside_access_out extended permit ip any any </P><P>access-list inside_access_out extended permit udp any any </P><P>access-list inside_access_out extended permit tcp any eq 3389 any eq 3389 </P><P>access-list inside_access_out extended permit tcp any eq domain any eq domain </P><P>access-list inside_access_out extended permit udp any eq domain any eq domain </P><P>access-list inside_access_out extended permit tcp any eq www any eq www </P><P>access-list inside_access_out extended permit udp any eq www any eq www </P><P>access-list inside_access_out extended permit tcp any eq https any eq https </P><P>access-list inside_access_out extended permit udp any eq 443 any eq 443 </P><P>access-list inside_access_out extended permit tcp any eq smtp any eq smtp </P><P>pager lines 24</P><P>logging enable</P><P>logging asdm informational</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>ip local pool new 192.168.1.45-192.168.1.50 mask 255.255.255.255</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>icmp permit any inside</P><P>icmp permit any outside</P><P>asdm image disk0:/asdm-625.bin</P><P>no asdm history enable</P><P>arp inside 192.168.1.43 0019.d137.8533 </P><P>arp outside 192.168.1.43 0019.d137.8533 </P><P>arp timeout 14400</P><P>global (inside) 1 interface</P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.168.1.0 255.255.255.0</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>static (outside,inside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (inside,outside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (outside,inside) ACCSUN-INT ACCSUN-EXT netmask 255.255.255.255 </P><P>static (outside,inside) ACCIRON-INT ACCIRON-EXT netmask 255.255.255.255 </P><P>static (inside,outside) ACCMX-EXT ACCMX-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCSUN-EXT ACCSUN-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCIRON-EXT ACCIRON-INT netmask 255.255.255.255 </P><P>static (inside,outside) NRIYP-EXT NRIYP-INT netmask 255.255.255.255 </P><P>static (inside,outside) ADDON-EXT ADDON-INT netmask 255.255.255.255 </P><P>static (inside,outside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 </P><P>static (inside,inside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 </P><P>access-group inside_access_in in interface inside</P><P>access-group inside_access_out out interface inside</P><P>access-group outside_in_inside in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 69.130.7.113 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P>aaa authentication ssh console LOCAL </P><P>aaa authentication http console LOCAL </P><P>aaa authentication telnet console LOCAL </P><P>http server enable</P><P>http 192.168.1.0 255.255.255.0 inside</P><P>snmp-server location AIM Computer Consulting - Closet</P><P><SPAN>snmp-server contact Red Level Networks - </SPAN><A class="jive-link-email-small" href="mailto:support@redlevelnetworks.com">support@redlevelnetworks.com</A></P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac </P><P>crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport</P><P>crypto ipsec security-association lifetime seconds 28800</P><P>crypto ipsec security-association lifetime kilobytes 4608000</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5</P><P>crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP</P><P>crypto map outside_map interface outside</P><P>crypto isakmp policy 10</P><P> authentication crack</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 30</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 50</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash md5</P><P> group 2</P><P> lifetime 86400</P><P>telnet 0.0.0.0 0.0.0.0 inside</P><P>telnet timeout 30</P><P>ssh 0.0.0.0 0.0.0.0 inside</P><P>ssh 0.0.0.0 0.0.0.0 outside</P><P>ssh timeout 15</P><P>console timeout 0</P><P>dhcpd dns ADDON-INT</P><P>dhcpd domain aim-cc.com</P><P>!</P><P>dhcpd address 192.168.1.150-192.168.1.250 inside</P><P>dhcpd enable inside</P><P>!</P></BODY></HTML> Tue, 19 Jul 2011 16:17:11 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710039#M535579 bluemookie 2011-07-19T16:17:11Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710040#M535580 <HTML><HEAD></HEAD><BODY><P>Hi Kyle,</P><P></P><P>Could you just remove this static staement on the firewall, do :</P><P>no static (inside,inside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 </P><P></P><P>and add this:</P><P>static (inside,inside) FacileHR-EXT FacileHR-INT norand nailed</P><P></P><P>and try again, if this doesn't work, we'll need to take the captures on the ASA and the logs as well.</P><P></P><P>One more thing, these statements are overlapping on ASA:</P><P></P><P>nat (inside) 1 192.168.1.0 255.255.255.0</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P></P><P>so you can remove the first statement, because the second one include all the ip's. (don't you think so)</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 19 Jul 2011 16:26:13 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710040#M535580 varrao 2011-07-19T16:26:13Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710041#M535581 <HTML><HEAD></HEAD><BODY><P>I have done what you asked, the same issue persists. Below is the log again, again thank you your a great help.</P><P></P><P>Result of the command: "show running-config"</P><P></P><P>: Saved</P><P>:</P><P>ASA Version 8.2(2) </P><P>!</P><P></P><P>names</P><P>name 192.168.1.25 ACCMX-INT</P><P>name 192.168.1.44 ACCSUN-INT</P><P>name 192.168.1.28 ACCIRON-INT</P><P>name 69.130.7.116 ACCIRON-EXT</P><P>name 69.130.7.115 ACCMX-EXT</P><P>name 69.130.7.117 ACCSUN-EXT</P><P>name 69.130.7.118 FacileHR-EXT</P><P>name 69.130.7.120 NRIYP-EXT</P><P>name 69.130.7.126 ADDON-EXT</P><P>name 192.168.1.26 ADDON-INT</P><P>name 192.168.1.21 Kyle</P><P>name 192.168.1.30 NRIYP-INT</P><P>name 192.168.1.186 FacileHR-INT</P><P>!</P><P>interface Vlan1</P><P> description LAN [INSIDE INTERFACE]</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.1.1 255.255.255.0 </P><P>!</P><P>interface Vlan2</P><P> description T1 LINE [EXTERNAL INTERFACE]</P><P> nameif outside</P><P> security-level 0</P><P> ip address 69.130.7.114 255.255.255.240 </P><P>!</P><P>interface Ethernet0/0</P><P> switchport access vlan 2</P><P>!</P><P>interface Ethernet0/1</P><P>!</P><P>interface Ethernet0/2</P><P>!</P><P>interface Ethernet0/3</P><P>!</P><P>interface Ethernet0/4</P><P>!</P><P>interface Ethernet0/5</P><P>!</P><P>interface Ethernet0/6</P><P>!</P><P>interface Ethernet0/7</P><P>!</P><P>boot system disk0:/asa822-k8.bin</P><P>ftp mode passive</P><P>clock timezone EST -5</P><P>clock summer-time EDT recurring</P><P>dns server-group DefaultDNS</P><P> domain-name aim-cc.com</P><P>same-security-traffic permit intra-interface</P><P>object-group service aptela udp</P><P> description for Aptela Phones</P><P> port-object range 10000 20000</P><P> port-object range sip 5061</P><P>object-group service RDP tcp-udp</P><P> port-object range 3389 3389</P><P>object-group network BLACKLIST</P><P> network-object host 190.18.107.140</P><P> network-object host 121.244.106.2</P><P> network-object host 187.11.194.28</P><P> network-object host 188.2.237.199</P><P> network-object host 190.48.38.184</P><P> network-object host 201.47.229.72</P><P> network-object host 207.155.250.20</P><P> network-object host 209.85.160.56</P><P> network-object host 209.85.222.199</P><P> network-object host 63.246.10.50</P><P> network-object host 66.77.56.84</P><P> network-object host 83.168.1.28</P><P> network-object host 124.121.68.190</P><P> network-object host 174.35.12.35</P><P> network-object host 174.37.81.160</P><P> network-object host 188.192.97.110</P><P> network-object host 188.38.164.31</P><P> network-object host 208.75.123.162</P><P> network-object host 41.131.81.19</P><P> network-object host 65.168.1.28</P><P> network-object host 74.125.83.174</P><P> network-object host 74.125.83.184</P><P> network-object host 74.208.4.191</P><P> network-object host 82.230.100.32</P><P> network-object host 89.173.0.9</P><P> network-object host 89.228.129.126</P><P> network-object host 93.86.217.140</P><P> network-object host 123.21.107.67</P><P> network-object host 178.92.126.228</P><P> network-object host 189.10.192.107</P><P> network-object host 189.55.158.40</P><P> network-object host 189.70.186.225</P><P> network-object host 201.11.0.98</P><P> network-object host 207.250.58.8</P><P> network-object host 208.75.123.163</P><P> network-object host 208.75.123.226</P><P> network-object host 209.85.211.156</P><P> network-object host 209.85.221.146</P><P> network-object host 209.85.222.159</P><P> network-object host 211.170.114.154</P><P> network-object host 24.38.18.233</P><P> network-object host 64.49.82.68</P><P> network-object host 64.50.170.80</P><P> network-object host 65.217.159.98</P><P> network-object host 68.200.154.75</P><P> network-object host 74.208.4.195</P><P> network-object host 75.146.94.187</P><P> network-object host 80.14.122.109</P><P> network-object host 92.84.207.252</P><P> network-object host 93.153.0.155</P><P> network-object host 93.73.179.61</P><P> network-object host 96.252.6.79</P><P> network-object host 99.174.113.44</P><P> network-object host 117.6.64.137</P><P> network-object host 178.93.144.158</P><P> network-object host 190.245.171.12</P><P> network-object host 195.174.128.15</P><P> network-object host 199.238.178.138</P><P> network-object host 208.75.123.228</P><P> network-object host 209.85.217.193</P><P> network-object host 24.103.215.120</P><P> network-object host 74.208.4.194</P><P> network-object host 84.24.253.217</P><P> network-object host 98.117.251.114</P><P> network-object host 12.164.54.36</P><P> network-object host 160.75.192.3</P><P> network-object host 186.87.3.225</P><P> network-object host 190.174.208.57</P><P> network-object host 190.59.189.71</P><P> network-object host 201.4.160.18</P><P> network-object host 207.155.248.47</P><P> network-object host 208.111.169.150</P><P> network-object host 208.89.132.145</P><P> network-object host 209.85.160.46</P><P> network-object host 209.85.210.163</P><P> network-object host 62.248.88.175</P><P> network-object host 64.202.189.25</P><P> network-object host 66.165.70.198</P><P> network-object host 67.132.93.114</P><P> network-object host 69.174.244.158</P><P> network-object host 69.67.52.156</P><P> network-object host 69.74.142.209</P><P> network-object host 74.125.92.25</P><P> network-object host 74.203.196.51</P><P> network-object host 79.110.128.212</P><P> network-object host 87.70.217.30</P><P> network-object host 88.146.41.234</P><P> network-object host 88.76.127.77</P><P> network-object host 93.86.37.241</P><P> network-object host 94.70.115.94</P><P> network-object host 95.168.100.87</P><P> network-object host 123.201.69.230</P><P> network-object host 186.9.50.90</P><P> network-object host 189.73.235.78</P><P> network-object host 195.2.236.11</P><P> network-object host 202.63.105.220</P><P> network-object host 205.178.146.55</P><P> network-object host 205.178.146.57</P><P> network-object host 205.178.146.58</P><P> network-object host 205.178.146.61</P><P> network-object host 209.85.160.184</P><P> network-object host 209.85.221.171</P><P> network-object host 218.147.37.219</P><P> network-object host 64.120.250.82</P><P> network-object host 66.227.62.183</P><P> network-object host 67.228.227.25</P><P> network-object host 87.109.179.247</P><P> network-object host 87.163.5.34</P><P> network-object host 89.78.170.200</P><P> network-object host 89.78.3.139</P><P> network-object host 92.29.204.146</P><P> network-object host 94.189.180.81</P><P> network-object host 95.180.64.244</P><P> network-object host 122.169.182.129</P><P> network-object host 122.169.182.213</P><P> network-object host 111.224.250.131</P><P> network-object host 115.184.136.110</P><P> network-object host 123.176.39.134</P><P> network-object host 123.237.6.173</P><P> network-object host 209.250.243.135</P><P> network-object host 216.87.164.19</P><P> network-object host 217.23.15.143</P><P> network-object host 61.49.36.166</P><P> network-object host 67.138.108.151</P><P> network-object host 67.138.109.158</P><P> network-object host 111.118.156.170</P><P> network-object host 111.224.250.132</P><P> network-object host 111.224.250.133</P><P> network-object host 117.96.18.118</P><P> network-object host 121.151.149.220</P><P> network-object host 121.183.243.205</P><P> network-object host 123.19.170.237</P><P> network-object host 125.176.14.67</P><P> network-object host 183.107.94.151</P><P> network-object host 183.97.35.5</P><P> network-object host 186.104.230.5</P><P> network-object host 187.52.232.152</P><P> network-object host 189.211.159.220</P><P> network-object host 190.102.239.219</P><P> network-object host 190.235.13.233</P><P> network-object host 190.35.206.68</P><P> network-object host 190.7.109.65</P><P> network-object host 200.87.116.58</P><P> network-object host 204.188.223.222</P><P> network-object host 204.45.2.197</P><P> network-object host 208.83.232.3</P><P> network-object host 209.250.243.107</P><P> network-object host 209.250.243.15</P><P> network-object host 209.250.243.83</P><P> network-object host 212.200.197.62</P><P> network-object host 216.1.203.94</P><P> network-object host 220.227.80.226</P><P> network-object host 41.186.0.212</P><P> network-object host 41.249.114.143</P><P> network-object host 58.26.151.196</P><P> network-object host 62.19.51.5</P><P> network-object host 64.212.196.228</P><P> network-object host 67.138.109.68</P><P> network-object host 67.138.110.68</P><P> network-object host 68.142.134.126</P><P> network-object host 70.98.204.112</P><P> network-object host 70.98.205.140</P><P> network-object host 70.98.205.165</P><P> network-object host 74.63.107.46</P><P> network-object host 78.97.189.115</P><P> network-object host 79.106.2.46</P><P> network-object host 84.22.56.50</P><P> network-object host 89.123.211.42</P><P> network-object host 89.46.84.214</P><P> network-object host 90.169.74.53</P><P> network-object host 90.185.163.176</P><P> network-object host 95.35.16.79</P><P> network-object host 95.65.253.179</P><P>object-group service SMTP-587 tcp</P><P> description SMTP 587</P><P> port-object eq 587</P><P>object-group service smtp-587 tcp</P><P> description smtp 587</P><P> port-object eq 587</P><P>object-group protocol TCPUDP</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>object-group service SMTP-465 tcp</P><P> port-object eq 465</P><P>object-group service TCP-993 tcp</P><P> port-object eq 993</P><P>object-group service TCP-995 tcp</P><P> port-object eq 995</P><P>object-group service TCP-7071 tcp</P><P> port-object eq 7071</P><P>object-group service TCP-10000 tcp</P><P> port-object eq 10000</P><P>object-group service TCP-8080 tcp</P><P> port-object eq 8080</P><P>object-group service TCP-8443 tcp</P><P> port-object eq 8443</P><P>object-group service TCP-23781 tcp</P><P> port-object eq 23781</P><P>object-group protocol DM_INLINE_PROTOCOL_1</P><P> protocol-object udp</P><P> protocol-object tcp</P><P>access-list outside_in_inside extended permit tcp any host FacileHR-EXT eq www </P><P>access-list outside_in_inside extended deny tcp object-group BLACKLIST any eq smtp inactive </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-EXT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host FacileHR-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCSUN-INT </P><P>access-list outside_in_inside extended permit ip any host FacileHR-INT </P><P>access-list outside_in_inside extended permit tcp any eq www host ACCSUN-INT eq www </P><P>access-list outside_in_inside extended permit tcp any eq www host FacileHR-INT eq www </P><P>access-list outside_in_inside extended permit tcp any host ACCSUN-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any eq ssh host FacileHR-EXT eq ssh </P><P>access-list outside_in_inside extended permit ip any host ACCMX-EXT </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq www </P><P>access-list outside_in_inside extended permit ip any host ADDON-EXT </P><P>access-list outside_in_inside extended permit ip any host ACCIRON-EXT </P><P>access-list outside_in_inside extended permit ip any host NRIYP-EXT </P><P>access-list outside_in_inside extended permit tcp any host NRIYP-EXT eq www </P><P>access-list outside_in_inside extended permit udp any any object-group aptela </P><P>access-list outside_in_inside extended permit udp any host 64.50.254.253 inactive </P><P>access-list outside_in_inside extended deny ip host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny tcp host 216.101.194.154 any </P><P>access-list outside_in_inside extended deny udp host 216.101.194.154 any </P><P>access-list outside_in_inside extended permit tcp any any eq 15250 </P><P>access-list outside_in_inside extended permit tcp any eq 3389 any eq 3389 </P><P>access-list outside_in_inside extended permit tcp any eq 23781 host 192.168.1.121 eq 23781 </P><P>access-list outside_in_inside extended permit tcp any eq smtp any eq smtp inactive </P><P>access-list outside_in_inside extended deny ip any host 192.168.1.188 </P><P>access-list outside_in_inside extended deny tcp any host 192.168.1.188 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq smtp </P><P>access-list outside_in_inside extended permit object-group TCPUDP any host ADDON-EXT eq domain </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq ssh </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq https </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-587 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group SMTP-465 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-993 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-995 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq imap4 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT eq pop3 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list outside_in_inside extended permit tcp any host ADDON-EXT object-group TCP-8443 </P><P>access-list outside_in_inside extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit ip any any </P><P>access-list inside_access_in extended permit tcp any any </P><P>access-list inside_access_in extended permit udp any any </P><P>access-list inside_access_in extended deny ip host 216.101.194.154 any </P><P>access-list inside_access_in extended deny tcp host 216.101.194.154 any </P><P>access-list inside_access_in extended deny udp host 216.101.194.154 any </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-7071 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-10000 </P><P>access-list inside_access_in extended permit tcp any host ADDON-EXT object-group TCP-8080 </P><P>access-list inside_access_in extended permit tcp any host Kyle object-group TCP-23781 </P><P>access-list inside_access_in extended permit tcp any any eq pptp </P><P>access-list inside_access_in extended permit object-group TCPUDP host FacileHR-INT any </P><P>access-list inside_access_in extended permit ip any host FacileHR-INT </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host FacileHR-INT eq www </P><P>access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 192.168.1.0 255.255.255.0 host FacileHR-EXT eq www </P><P>access-list inside_access_out extended permit tcp any any </P><P>access-list inside_access_out extended permit ip any any </P><P>access-list inside_access_out extended permit udp any any </P><P>access-list inside_access_out extended permit tcp any eq 3389 any eq 3389 </P><P>access-list inside_access_out extended permit tcp any eq domain any eq domain </P><P>access-list inside_access_out extended permit udp any eq domain any eq domain </P><P>access-list inside_access_out extended permit tcp any eq www any eq www </P><P>access-list inside_access_out extended permit udp any eq www any eq www </P><P>access-list inside_access_out extended permit tcp any eq https any eq https </P><P>access-list inside_access_out extended permit udp any eq 443 any eq 443 </P><P>access-list inside_access_out extended permit tcp any eq smtp any eq smtp </P><P>pager lines 24</P><P>logging enable</P><P>logging asdm informational</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>ip local pool new 192.168.1.45-192.168.1.50 mask 255.255.255.255</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>icmp permit any inside</P><P>icmp permit any outside</P><P>asdm image disk0:/asdm-625.bin</P><P>no asdm history enable</P><P>arp inside 192.168.1.43 0019.d137.8533 </P><P>arp outside 192.168.1.43 0019.d137.8533 </P><P>arp timeout 14400</P><P>global (inside) 1 interface</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>static (outside,inside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (inside,outside) tcp FacileHR-INT 81 FacileHR-EXT www netmask 255.255.255.255 </P><P>static (outside,inside) ACCSUN-INT ACCSUN-EXT netmask 255.255.255.255 </P><P>static (outside,inside) ACCIRON-INT ACCIRON-EXT netmask 255.255.255.255 </P><P>static (inside,outside) ACCMX-EXT ACCMX-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCSUN-EXT ACCSUN-INT netmask 255.255.255.255 </P><P>static (inside,outside) ACCIRON-EXT ACCIRON-INT netmask 255.255.255.255 </P><P>static (inside,outside) NRIYP-EXT NRIYP-INT netmask 255.255.255.255 </P><P>static (inside,outside) ADDON-EXT ADDON-INT netmask 255.255.255.255 </P><P>static (inside,outside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 </P><P>static (inside,inside) FacileHR-EXT FacileHR-INT netmask 255.255.255.255 norandomseq nailed </P><P>access-group inside_access_in in interface inside</P><P>access-group inside_access_out out interface inside</P><P>access-group outside_in_inside in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 69.130.7.113 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P>aaa authentication ssh console LOCAL </P><P>aaa authentication http console LOCAL </P><P>aaa authentication telnet console LOCAL </P><P>http server enable</P><P>http 192.168.1.0 255.255.255.0 inside</P><P>snmp-server location AIM Computer Consulting - Closet</P><P><SPAN>snmp-server contact Red Level Networks - </SPAN><A class="jive-link-email-small" href="mailto:support@redlevelnetworks.com">support@redlevelnetworks.com</A></P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac </P><P>crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac </P><P>crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac </P><P>crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac </P><P>crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac </P><P>crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport</P><P>crypto ipsec security-association lifetime seconds 28800</P><P>crypto ipsec security-association lifetime kilobytes 4608000</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1</P><P>crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5</P><P>crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP</P><P>crypto map outside_map interface outside</P><P>crypto isakmp policy 10</P><P> authentication crack</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 30</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash sha</P><P> group 2</P><P> lifetime 86400</P><P>crypto isakmp policy 50</P><P> authentication pre-share</P><P> encryption 3des</P><P> hash md5</P><P> group 2</P><P> lifetime 86400</P><P>telnet 0.0.0.0 0.0.0.0 inside</P><P>telnet timeout 30</P><P>ssh 0.0.0.0 0.0.0.0 inside</P><P>ssh 0.0.0.0 0.0.0.0 outside</P><P>ssh timeout 15</P><P>console timeout 0</P><P>dhcpd dns ADDON-INT</P><P>dhcpd domain aim-cc.com</P><P>!</P><P>dhcpd address 192.168.1.150-192.168.1.250 inside</P><P>dhcpd enable inside</P><P>!</P><P></P><P>threat-detection basic-threat</P><P>threat-detection statistics</P><P>threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200</P><P>ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1</P><P></P><P>: end</P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P>Result of the command: "access-list inside_test permit icmp any host 192.168.1.186"</P><P></P><P>The command has been sent to the device</P><P></P><P></P><P></P><P>Result of the command: "capture inside_interface access-list inside_test interface inside"</P><P></P><P>The command has been sent to the device</P><P></P><P></P><P></P><P>Result of the command: "show capture inside_interface"</P><P></P><P>4 packets captured</P><P></P><P>&nbsp;&nbsp; 1: 12:15:16.728981 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>&nbsp;&nbsp; 2: 12:15:21.260331 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>&nbsp;&nbsp; 3: 12:15:26.259858 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>&nbsp;&nbsp; 4: 12:15:31.258592 802.1Q vlan#1 P0 192.168.1.21 &gt; 192.168.1.186: icmp: echo request </P><P>4 packets shown</P><P></P><P></P><P></P><P>Result of the command: "show logging"</P><P></P><P>Syslog logging: enabled</P><P>&nbsp;&nbsp;&nbsp; Facility: 20</P><P>&nbsp;&nbsp;&nbsp; Timestamp logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Standby logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Debug-trace logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Console logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Monitor logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Buffer logging: level debugging, 8205 messages logged</P><P>&nbsp;&nbsp;&nbsp; Trap logging: disabled</P><P>&nbsp;&nbsp;&nbsp; History logging: disabled</P><P>&nbsp;&nbsp;&nbsp; Device ID: disabled</P><P>&nbsp;&nbsp;&nbsp; Mail logging: disabled</P><P>&nbsp;&nbsp;&nbsp; ASDM logging: level informational, 21494596 messages logged</P><P>tes 6464 TCP FINs</P><P>%ASA-6-106015: Deny TCP (no connection) from 207.155.253.212/25 to ADDON-EXT/53777 flags FIN PSH ACK&nbsp; on interface outside</P><P>%ASA-6-302014: Teardown TCP connection 10506718 for outside:209.85.218.56/50127 to inside:ACCIRON-INT/25 duration 0:00:30 bytes 13186 TCP FINs</P><P>%ASA-6-305012: Teardown dynamic TCP translation from inside:192.168.1.188/37212 to outside:69.130.7.114/25820 duration 0:01:00</P><P>%ASA-6-302013: Built outbound TCP connection 10507509 for outside:209.85.225.14/25 (209.85.225.14/25) to inside:ACCIRON-INT/43560 (ACCIRON-EXT/43560)</P><P>%ASA-6-302016: Teardown UDP connection 10505434 for outside:192.228.79.201/53 to inside:ACCMX-INT/32768 duration 0:03:09 bytes 667</P><P>%ASA-7-609002: Teardown local-host outside:192.26.92.30 duration 0:12:36</P><P>%ASA-6-302014: Teardown TCP connection 10503790 for outside:64.50.243.27/80 to inside:192.168.1.202/4600 duration 0:05:06 bytes 1800 TCP FINs</P><P>%ASA-6-302014: Teardown TCP connection 10503786 for outside:64.50.243.27/80 to inside:192.168.1.202/4597 duration 0:05:06 bytes 2585 TCP FINs</P><P>%ASA-6-302014: Teardown TCP connection 10503788 for outside:64.50.243.27/80 to inside:192.168.1.202/4598 duration 0:05:06 bytes 7068 TCP FINs</P><P>%ASA-6-302014: Teardown TCP connection 10489607 for outside:74.125.225.93/443 to inside:192.168.1.173/49659 duration 0:26:10 bytes 36449 TCP Reset-I</P><P>%ASA-6-305012: Teardown dynamic TCP translation from inside:192.168.1.181/59641 to outside:69.130.7.114/33656 duration 0:00:30</P><P>%ASA-6-302015: Built outbound UDP connection 10507510 for outside:216.165.129.157/53 (216.165.129.157/53) to inside:ADDON-INT/19434 (ADDON-EXT/19434)</P><P>%ASA-6-302016: Teardown UDP connection 10507510 for outside:216.165.129.157/53 to inside:ADDON-INT/19434 duration 0:00:00 bytes 354</P><P>%ASA-6-302014: Teardown TCP connection 10507487 for outside:122.169.129.112/4999 to inside:ADDON-INT/995 duration 0:00:03 bytes 6472 TCP FINs</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.170/50538 to outside:69.130.7.114/1602</P><P>%ASA-6-302013: Built outbound TCP connection 10507511 for outside:67.195.186.236/80 (67.195.186.236/80) to inside:192.168.1.170/50538 (69.130.7.114/1602)</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.173/49760 to outside:69.130.7.114/57521</P><P>%ASA-6-302013: Built outbound TCP connection 10507512 for outside:74.125.225.84/80 (74.125.225.84/80) to inside:192.168.1.173/49760 (69.130.7.114/57521)</P><P>%ASA-6-302013: Built inbound TCP connection 10507513 for outside:209.85.213.184/46523 (209.85.213.184/46523) to inside:ACCIRON-INT/25 (ACCIRON-EXT/25)</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.170/50539 to outside:69.130.7.114/31933</P><P>%ASA-6-302013: Built outbound TCP connection 10507514 for outside:98.139.240.23/80 (98.139.240.23/80) to inside:192.168.1.170/50539 (69.130.7.114/31933)</P><P>%ASA-6-302014: Teardown TCP connection 10507511 for outside:67.195.186.236/80 to inside:192.168.1.170/50538 duration 0:00:00 bytes 1893 TCP FINs</P><P>%ASA-6-302015: Built outbound UDP connection 10507515 for outside:216.165.129.157/53 (216.165.129.157/53) to inside:ADDON-INT/34614 (ADDON-EXT/34614)</P><P>%ASA-6-302016: Teardown UDP connection 10507515 for outside:216.165.129.157/53 to inside:ADDON-INT/34614 duration 0:00:00 bytes 473</P><P>%ASA-6-305011: Built dynamic TCP translation from inside:192.168.1.173/49761 to outside:69.130.7.114/2730</P><P>%ASA-6-302013: Built outbound TCP connection 10507516 for outside:74.125.225.78/443 (74.125.225.78/443) to inside:192.168.1.173/49761 (69.130.7.114/2730)</P><P>%ASA-6-302014: Teardown TCP connection 10507514 for outside:98.139.240.23/80 to inside:192.168.1.170/50539 duration 0:00:00 bytes 1422 TCP FINs</P><P>%ASA-6-302013: Built inbound TCP connection 10507517 for inside:Kyle/52576 (Kyle/52576) to identity:192.168.1.1/443 (192.168.1.1/443)</P><P>%ASA-6-725001: Starting SSL handshake with client inside:Kyle/52576 for TLSv1 session.</P><P>%ASA-6-725003: SSL client inside:Kyle/52576 request to resume previous session.</P><P>%ASA-6-725002: Device completed SSL handshake with client inside:Kyle/52576</P><P>%ASA-5-111007: Begin configuration: Kyle reading from http [POST]</P></BODY></HTML> Tue, 19 Jul 2011 17:32:04 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710041#M535581 bluemookie 2011-07-19T17:32:04Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710042#M535582 <HTML><HEAD></HEAD><BODY><P>Hi Kyle,</P><P></P><P>Make sure you ping the public ip of your server, you would not be able to ping the real ip, you should try:</P><P></P><P>ping 69.130.7.118</P><P></P><P>otherwise it wont work, the static has been put in place so that internal users can access serevr only on public ip.</P><P></P><P>Before trying again, do " clear logging buffer"</P><P></P><P>and then try and ping and collect the captures and logs again.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 19 Jul 2011 17:41:02 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710042#M535582 varrao 2011-07-19T17:41:02Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710043#M535583 <HTML><HEAD></HEAD><BODY><P>I just want to say....... "YOU ROCK MAH SOCKS!"</P><P></P><P></P><P>Anyhow, you have helped me resolve my issue, I am always cheerful to see knowledgeable professionals that are willing to help the young runts in the business, I tip my hat to you sir, and a bid you a great day.</P><P></P><P></P><P></P><P></P><P>Cheers~!</P><P></P><P></P><P></P><P></P><P>Status: "<STRONG>Resolved</STRONG>"</P></BODY></HTML> Tue, 19 Jul 2011 18:03:01 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710043#M535583 bluemookie 2011-07-19T18:03:01Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710044#M535584 <HTML><HEAD></HEAD><BODY><P>Wow......thats great Kyle, really happy to help you out.... <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN> would be always be there for your help.</P><P></P><P>You can mark this thread as anwered.</P><P></P><P>-Varun</P></BODY></HTML> Tue, 19 Jul 2011 18:05:00 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710044#M535584 varrao 2011-07-19T18:05:00Z Cisco ASA 5500 routing issue https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710045#M535585 <HTML><HEAD></HEAD><BODY><P>Will do~</P></BODY></HTML> Tue, 19 Jul 2011 18:12:41 GMT https://community.cisco.com/t5/network-security/cisco-asa-5500-routing-issue/m-p/1710045#M535585 bluemookie 2011-07-19T18:12:41Z