6.3 8.3
Good day, Im in a little bit of a twine. I was trying some configs to allow public access to private nodes and my remote side can no longer ping.. Please help
Result of the command: "SHOW RUN"
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa-stx
domain-name stt.vidol.gov
enable password lb70NCTEuCJ09Sct encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif Vipowernet
security-level 0
ip address 66.248.169.106 255.255.255.248
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 10.20.60.2 255.255.254.0
!
interface Ethernet0/1.30
vlan 30
nameif guest
security-level 50
no ip address
!
interface Ethernet0/1.40
vlan 40
nameif server
security-level 100
no ip address
!
interface Ethernet0/1.50
vlan 50
nameif video
security-level 100
no ip address
!
interface Ethernet0/2
nameif bcm
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/2.11
vlan 11
nameif voice
security-level 100
no ip address
!
interface Ethernet0/3
nameif ContentFilter
security-level 100
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 10.20.80.100 255.255.255.0
!
boot system disk0:/asa831-k8.bin
ftp mode passive
clock timezone AST -4
dns domain-lookup Inside
dns server-group DefaultDNS
name-server 10.20.60.21
name-server 172.20.16.3
domain-name stt.vidol.gov
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network STT
subnet 172.20.16.0 255.255.255.0
description St. Thomas Office
object network A_66.248.169.105
host 66.248.169.105
object network PublicServer_NAT1
host 10.20.60.39
object service ClockLink
service tcp source eq 5074 destination eq 5074
description Clock Link Management Software
object network A_66.248.169.107
host 66.248.169.107
object service rdp
service tcp destination eq 3389
description Remote Desktop Protocol
object network VoIP-STT-Network
subnet 192.168.4.0 255.255.255.0
object network VoIP-STX-Network
subnet 192.168.2.0 255.255.255.0
object network STTNET
subnet 172.20.16.0 255.255.255.0
description STT NETWORK
object network STXET
subnet 10.20.60.0 255.255.254.0
description STX NETWORK
object network outside
host 66.248.169.106
object network inside
host 10.20.60.2
object network servers-net
subnet 10.20.50.0 255.255.255.0
description servernet
object network HOST-8
host 10.20.60.8
object network Public-66.248.169.108
host 66.248.169.108
object network Polycom
host 10.20.60.8
description polyunit connectoin
object service TCP8080
service tcp source eq 8080
object network Video_Connection
host 10.20.60.8
description Polycome Video
object-group network DM_INLINE_NETWORK_1
network-object host 172.20.21.4
network-object 172.20.16.0 255.255.255.0
network-object 192.168.4.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object object ClockLink
service-object object rdp
object-group network DM_INLINE_NETWORK_2
network-object 10.20.60.0 255.255.254.0
network-object 192.168.2.0 255.255.255.0
object-group network DM_INLINE_NETWORK_3
network-object 10.20.60.0 255.255.254.0
network-object 192.168.2.0 255.255.255.0
object-group network DM_INLINE_NETWORK_4
network-object 10.20.60.0 255.255.254.0
network-object object VoIP-STX-Network
object-group network DM_INLINE_NETWORK_5
network-object 10.20.60.0 255.255.254.0
network-object 192.168.2.0 255.255.255.0
object-group network DM_INLINE_NETWORK_6
network-object object STT
network-object object VoIP-STT-Network
object-group network DM_INLINE_NETWORK_7
network-object host 10.20.60.39
network-object object A_66.248.169.107
object-group network DM_INLINE_NETWORK_8
network-object host 125.210.221.172
network-object host 220.231.141.29
object-group service POLLY tcp
port-object eq h323
port-object eq sip
object-group service DM_INLINE_SERVICE_2
service-object tcp-udp destination eq domain
service-object tcp destination eq www
service-object tcp destination eq https
access-list Vipowernet_access_in extended deny ip object-group DM_INLINE_NETWORK_8 any
access-list Vipowernet_access_in extended permit object-group DM_INLINE_SERVICE_1 any object-group DM_INLINE_NETWORK_7
access-list Vipowernet_access_in extended permit ip object-group DM_INLINE_NETWORK_3 any
access-list Vipowernet_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_NETWORK_1
access-list Inside_access_in extended permit ip object VoIP-STX-Network object VoIP-STT-Network
access-list Inside_access_in extended permit ip host 10.20.61.1 any
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_2 host 10.20.60.81 any
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_4 any
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended deny ip any any
access-list VoIP_access_in extended permit ip object-group DM_INLINE_NETWORK_5 any
access-list outside_1_cryptomap extended permit ip 10.20.60.0 255.255.254.0 172.20.16.0 255.255.255.0
access-list capture extended permit ip host 172.20.16.8 host 10.20.60.8
access-list capture extended permit ip host 10.20.60.8 host 172.20.16.8
access-list STX-STT extended permit ip object STXET object STTNET
access-list STX-STT extended permit ip object STTNET object STXET
pager lines 24
logging enable
logging timestamp
logging trap notifications
logging asdm informational
logging host Inside 10.20.60.35
logging host Inside 172.20.16.87
logging permit-hostdown
mtu Vipowernet 1500
mtu Inside 1500
mtu guest 1500
mtu server 1500
mtu video 1500
mtu bcm 1500
mtu voice 1500
mtu ContentFilter 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Vipowernet
icmp permit any Inside
icmp permit any bcm
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
nat (Inside,Vipowernet) source dynamic any interface
nat (Inside,any) source static any any destination static DM_INLINE_NETWORK_6 DM_INLINE_NETWORK_6
!
object network obj_any
nat (management,Vipowernet) dynamic interface
object network PublicServer_NAT1
nat (Inside,Vipowernet) static A_66.248.169.107
access-group Vipowernet_access_in in interface Vipowernet
access-group Inside_access_in in interface Inside
access-group VoIP_access_in in interface bcm
route Vipowernet 0.0.0.0 0.0.0.0 66.248.169.105 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.20.60.0 255.255.254.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Vipowernet_map0 1 match address Vipowernet_cryptomap
crypto map Vipowernet_map0 1 set peer 66.248.182.170
crypto map Vipowernet_map0 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Vipowernet_map0 interface Vipowernet
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 66.248.161.170
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto ca trustpoint ASDM_TrustPoint0
enrollment url http://stxdc3:80/certsrv
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment url http://stxdc3:80/CertSrv
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment url http://stxdc3:80/CertEnroll
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment url http://stxdc3:80/certsrv
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto isakmp enable Vipowernet
crypto isakmp enable bcm
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 15
authentication pre-share
encryption des
hash md5
group 2
lifetime 28800
telnet 172.20.16.0 255.255.255.0 Vipowernet
telnet 10.20.61.1 255.255.255.255 Inside
telnet 10.20.60.0 255.255.254.0 Inside
telnet 0.0.0.0 0.0.0.0 Inside
telnet 172.20.16.0 255.255.255.0 Inside
telnet timeout 30
ssh timeout 5
console timeout 0
management-access Inside
threat-detection basic-threat
threat-detection statistics host number-of-rate 2
threat-detection statistics port number-of-rate 2
threat-detection statistics protocol number-of-rate 2
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 10.20.60.21 source Inside prefer
ntp server 172.20.16.3 source Inside
webvpn
username Ruser1 password IrO5kN5XfPlLpQcH encrypted
tunnel-group 66.248.182.170 type ipsec-l2l
tunnel-group 66.248.182.170 ipsec-attributes
pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
!
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:b88af984cff927463b17abc05df92bf7
: end
