Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 45.140.4.40 using egress ifc outside
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group Server_Net_access_in in interface Server_Net
access-list Server_Net_access_in remark inside whitelist
access-list Server_Net_access_in extended permit ip object-group inside_mpls_whitelist_blanket any
object-group network inside_mpls_whitelist_blanket
network-object 192.168.40.0 255.255.255.0
network-object 172.31.0.0 255.255.255.0
network-object 192.168.45.32 255.255.255.224
network-object object OBJ-172.31.40.0-24
network-object object VLAN_110
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac8b29390, priority=13, domain=permit, deny=false
hits=55911369, user_data=0x2aaabdb03a40, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=192.168.40.0, mask=255.255.255.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=any
Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (Server_Net,outside) source static LOCAL_LANS LOCAL_LANS destination static LOCAL_LANS LOCAL_LANS no-proxy-arp route-lookup
Additional Information:
Static translate 192.168.40.39/0 to 192.168.40.39/0
Forward Flow based lookup yields rule:
in id=0x2aaac89f3cd0, priority=6, domain=nat, deny=false
hits=11300731, user_data=0x2aaac89aad40, cs_id=0x0, flags=0x0, protocol=0
src ip/id=192.168.40.0, mask=255.255.255.0, port=0, tag=any
dst ip/id=172.0.0.0, mask=255.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=outside
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac77ec9d0, priority=0, domain=nat-per-session, deny=true
hits=8118746480, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac84d1fc0, priority=0, domain=inspect-ip-options, deny=true
hits=8003902666, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=any
Phase: 6
Type: SFR
Subtype:
Result: ALLOW
Config:
class-map sfr
match access-list sfr_redirect
policy-map global_policy
class sfr
sfr fail-open
service-policy global_policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac9873920, priority=71, domain=sfr, deny=false
hits=280884612, user_data=0x2aaac99ed250, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=any
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac84d17d0, priority=66, domain=inspect-icmp-error, deny=false
hits=3565155285, user_data=0x2aaac84d1480, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=any
Phase: 8
Type: FLOW-EXPORT
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac99f1100, priority=18, domain=flow-export, deny=false
hits=3833965363, user_data=0x2aaac9e76820, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=any
Phase: 9
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac98d6c70, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=3817482473, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=any
Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (Server_Net,outside) source static LOCAL_LANS LOCAL_LANS destination static LOCAL_LANS LOCAL_LANS no-proxy-arp route-lookup
Additional Information:
Forward Flow based lookup yields rule:
out id=0x2aaac89f61f0, priority=6, domain=nat-reverse, deny=false
hits=8797542, user_data=0x2aaac8976190, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=192.168.40.0, mask=255.255.255.0, port=0, tag=any
dst ip/id=172.0.0.0, mask=255.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=Server_Net, output_ifc=outside
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 4096940090, packet dispatched to next module
Module information for forward flow ...
snp_fp_inspect_ip_options
snp_sfr
snp_fp_inspect_icmp
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_fp_tracer_drop
snp_ifc_stat
Module information for reverse flow ...
Result:
input-interface: Server_Net
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
