Anything in that running_config that would be wrong, backwards or incomplete to cause my issue? Really struggling to figure this crap out.

Alright, so I am starting from scratch and posting my running_config.

As I mentioned, Block of 8 STATIC IP's and IP in mentioning is x.x.x.182 which is #1 FPR WAN Main IP and #2 the FPR vlan1 is 192.168.1.0. I have an SG500X Switch connected to the FPR and the SG500X has a 192.168.1.2 PBR for LAN 192.168.5.0.

192.168.5.68 (IP LAN I am using) is the SSH I want to grant access to. EVERY HOST on 192.168.5.0 can access it SSH, therefore it is open, on Port 223.

So, 192.168.5.68 resides on SG500X 192.168.5.0 Subnet which has a PBR to the FPR1010 using 192.168.1.2 which has a WAN IP of x.x.x.182.

I am wondering, could going through a L3 Switch be the issue of data flow? I do, on the FPR1010, have a static route '192.168.5.0 255.255.255.0 192.168.1.2' so the FPR would know where and how to send data to the 192.168.5.0 (192.168.5.68) Network/Host.

With that, this is my config, and it does not work.

As far as BVI1, No idea why, was there on default install. If that could be why, I'll rid of it. Also, in ALL examples I see there was no set NAT, and people created an LANtoWANNAT whereas mine came with a NAT for each interface. Maybe mine was an older version?

I will label Port to be ssh233 and Host to be ssh233host so you can pick them out. Also, NO idea why there are so many ONBOX ACL and why my rule is spanning across each interface.

Copyright 2004-2022, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Firepower Extensible Operating System (FX-OS) v2.12.0 (build 31)
Cisco Firepower 1010 Threat Defense v7.2.0.1 (build 12)

show > show ru
rule running-config
> show running-config
: Saved

:
: Serial Number: JAD2537040H
: Hardware: FPR-1010, 2925 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 co res)
:
NGFW Version 7.2.0.1
!
hostname firepower
enable password ***** encrypted
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
names
no mac-address auto

!
interface Vlan1
no nameif
no security-level
no ip address
!
interface Ethernet1/1
no switchport
nameif outside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
pppoe client vpdn group pppoewan
ip address pppoe setroute
!
interface Ethernet1/2
no switchport
bridge-group 1
nameif inside_2
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Ethernet1/3
no switchport
bridge-group 1
nameif inside_3
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Ethernet1/4
no switchport
bridge-group 1
nameif inside_4
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Ethernet1/5
no switchport
bridge-group 1
nameif inside_5
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Ethernet1/6
no switchport
bridge-group 1
nameif inside_6
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Ethernet1/7
no switchport
bridge-group 1
nameif inside_7
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Ethernet1/8
no switchport
bridge-group 1
nameif inside_8
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Management1/1
management-only
nameif diagnostic
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address
!
interface BVI1
nameif inside
security-level 0
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
ngips conn-match vlan-id
dns domain-lookup any
dns server-group CiscoUmbrellaDNSServerGroup
name-server 208.67.222.222
name-server 208.67.220.220
dns server-group CustomDNSServerGroup
name-server 8.8.8.8
name-server 8.8.4.4
dns-group CustomDNSServerGroup
no object-group-search access-control
object network any-ipv4
subnet 0.0.0.0 0.0.0.0
object network any-ipv6
subnet ::/0
object network IPv4-Private-10.0.0.0-8
subnet 10.0.0.0 255.0.0.0
object network IPv4-Private-172.16.0.0-12
subnet 172.16.0.0 255.240.0.0
object network IPv4-Private-192.168.0.0-16
subnet 192.168.0.0 255.255.0.0
object network FPR_WAN
host x.x.x.182
object network OutsideRoute
subnet 0.0.0.0 0.0.0.0
object network INSIDE_to_5_Network
host 192.168.1.2
object network Inner-LAN-Subnet
subnet 192.168.5.0 255.255.255.0
object network 179-ceyea-wan
host x.x.x.179
object network 181-fhc-omv-wan
host x.x.x.181
object network 180-fbeye-wan
host x.x.x.180
object network 177-wan
host x.x.x.177
object network 179-ceyea-lan
host 192.168.5.52
object network 180-fbeye-lan
host 192.168.5.55
object network 181-fhc-omv-lan
host 192.168.5.43
object network PiHole
host 192.168.5.46
object network 178-proxmox-lan
host 192.168.5.56
object network 178-proxmox-wan
host x.x.x.178
object network Wireguard
host 192.168.5.66
object network |192.168.5.68
host 192.168.5.68
object network ssh223host
host 192.168.5.68
object service _|NatOrigSvc_e5cd5819-9c2b-11ed-9921-8de78b0f1100
service tcp source eq 223
object service _|NatMappedSvc_e5cd5819-9c2b-11ed-9921-8de78b0f1100
service tcp source eq 223
object-group network IPv4-Private-All-RFC1918
network-object object IPv4-Private-10.0.0.0-8
network-object object IPv4-Private-172.16.0.0-12
network-object object IPv4-Private-192.168.0.0-16
object-group service |acSvcg-268435458
service-object ip
object-group service |acSvcg-268435457
service-object ip
object-group service |acSvcg-268435461
service-object tcp destination eq ssh
service-object tcp destination eq smtp
service-object tcp destination eq 587
service-object tcp destination eq 993
object-group service |acSvcg-268435498
service-object tcp destination eq ssh
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq 32400
service-object udp destination eq 51820
object-group service |acSvcg-268435512
service-object tcp destination eq 222
service-object udp destination eq 51820
object-group service |acSvcg-268435513
service-object tcp destination eq 223
object-group service |acSvcg-268435515
service-object tcp destination eq 223
access-group NGFW_ONBOX_ACL global
access-list NGFW_ONBOX_ACL remark rule-id 268435458: ACCESS POLICY: NGFW_Access_ Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435458: L5 RULE: Inside_Inside_Rule
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_2 any ifc inside_2 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_2 any ifc inside_3 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_2 any ifc inside_4 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_2 any ifc inside_5 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_2 any ifc inside_6 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_2 any ifc inside_7 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_2 any ifc inside_8 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_3 any ifc inside_2 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_3 any ifc inside_3 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_3 any ifc inside_4 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_3 any ifc inside_5 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_3 any ifc inside_6 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_3 any ifc inside_7 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_3 any ifc inside_8 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_4 any ifc inside_2 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_4 any ifc inside_3 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_4 any ifc inside_4 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_4 any ifc inside_5 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_4 any ifc inside_6 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_4 any ifc inside_7 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_4 any ifc inside_8 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_5 any ifc inside_2 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_5 any ifc inside_3 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_5 any ifc inside_4 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_5 any ifc inside_5 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_5 any ifc inside_6 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_5 any ifc inside_7 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_5 any ifc inside_8 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_6 any ifc inside_2 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_6 any ifc inside_3 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_6 any ifc inside_4 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_6 any ifc inside_5 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_6 any ifc inside_6 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_6 any ifc inside_7 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_6 any ifc inside_8 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_7 any ifc inside_2 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_7 any ifc inside_3 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_7 any ifc inside_4 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_7 any ifc inside_5 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_7 any ifc inside_6 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_7 any ifc inside_7 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_7 any ifc inside_8 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_8 any ifc inside_2 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_8 any ifc inside_3 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_8 any ifc inside_4 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_8 any ifc inside_5 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_8 any ifc inside_6 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_8 any ifc inside_7 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435458 ifc ins ide_8 any ifc inside_8 any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435457: ACCESS POLICY: NGFW_Access_ Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435457: L5 RULE: Inside_Outside_Rul e
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435457 ifc ins ide_2 any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435457 ifc ins ide_3 any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435457 ifc ins ide_4 any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435457 ifc ins ide_5 any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435457 ifc ins ide_6 any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435457 ifc ins ide_7 any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced trust object-group |acSvcg-268435457 ifc ins ide_8 any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435461: ACCESS POLICY: NGFW_Access_ Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435461: L7 RULE: 180-fbeye-mail
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc ou tside any ifc inside_2 object 180-fbeye-lan rule-id 268435461
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc ou tside any ifc inside_3 object 180-fbeye-lan rule-id 268435461
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc ou tside any ifc inside_4 object 180-fbeye-lan rule-id 268435461
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc ou tside any ifc inside_5 object 180-fbeye-lan rule-id 268435461
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc ou tside any ifc inside_6 object 180-fbeye-lan rule-id 268435461
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc ou tside any ifc inside_7 object 180-fbeye-lan rule-id 268435461
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc ou tside any ifc inside_8 object 180-fbeye-lan rule-id 268435461
access-list NGFW_ONBOX_ACL remark rule-id 268435498: ACCESS POLICY: NGFW_Access_ Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435498: L7 RULE: 181-fhc-omv
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435498 ifc ou tside any ifc inside_2 object 181-fhc-omv-lan rule-id 268435498
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435498 ifc ou tside any ifc inside_3 object 181-fhc-omv-lan rule-id 268435498
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435498 ifc ou tside any ifc inside_4 object 181-fhc-omv-lan rule-id 268435498
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435498 ifc ou tside any ifc inside_5 object 181-fhc-omv-lan rule-id 268435498
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435498 ifc ou tside any ifc inside_6 object 181-fhc-omv-lan rule-id 268435498
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435498 ifc ou tside any ifc inside_7 object 181-fhc-omv-lan rule-id 268435498
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435498 ifc ou tside any ifc inside_8 object 181-fhc-omv-lan rule-id 268435498
access-list NGFW_ONBOX_ACL remark rule-id 268435512: ACCESS POLICY: NGFW_Access_ Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435512: L5 RULE: Proxmox
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435512 ifc ou tside any ifc inside_2 object 178-proxmox-lan rule-id 268435512
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435512 ifc ou tside any ifc inside_3 object 178-proxmox-lan rule-id 268435512
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435512 ifc ou tside any ifc inside_4 object 178-proxmox-lan rule-id 268435512
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435512 ifc ou tside any ifc inside_5 object 178-proxmox-lan rule-id 268435512
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435512 ifc ou tside any ifc inside_6 object 178-proxmox-lan rule-id 268435512
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435512 ifc ou tside any ifc inside_7 object 178-proxmox-lan rule-id 268435512
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435512 ifc ou tside any ifc inside_8 object 178-proxmox-lan rule-id 268435512
access-list NGFW_ONBOX_ACL remark rule-id 268435515: ACCESS POLICY: NGFW_Access_ Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435515: L5 RULE: ssh223acl
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435515 ifc ou tside any ifc inside_2 object ssh223host rule-id 268435515
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435515 ifc ou tside any ifc inside_3 object ssh223host rule-id 268435515
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435515 ifc ou tside any ifc inside_4 object ssh223host rule-id 268435515
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435515 ifc ou tside any ifc inside_5 object ssh223host rule-id 268435515
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435515 ifc ou tside any ifc inside_6 object ssh223host rule-id 268435515
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435515 ifc ou tside any ifc inside_7 object ssh223host rule-id 268435515
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435515 ifc ou tside any ifc inside_8 object ssh223host rule-id 268435515
access-list NGFW_ONBOX_ACL remark rule-id 268435513: ACCESS POLICY: NGFW_Access_ Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435513: L5 RULE: 182ssh
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435513 ifc ou tside object FPR_WAN ifc inside_2 object |192.168.5.68 rule-id 268435513 event-l og both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435513 ifc ou tside object FPR_WAN ifc inside_3 object |192.168.5.68 rule-id 268435513 event-l og both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435513 ifc ou tside object FPR_WAN ifc inside_4 object |192.168.5.68 rule-id 268435513 event-l og both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435513 ifc ou tside object FPR_WAN ifc inside_5 object |192.168.5.68 rule-id 268435513 event-l og both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435513 ifc ou tside object FPR_WAN ifc inside_6 object |192.168.5.68 rule-id 268435513 event-l og both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435513 ifc ou tside object FPR_WAN ifc inside_7 object |192.168.5.68 rule-id 268435513 event-l og both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435513 ifc ou tside object FPR_WAN ifc inside_8 object |192.168.5.68 rule-id 268435513 event-l og both
access-list NGFW_ONBOX_ACL remark rule-id 1: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 1: L5 RULE: DefaultActionRule
access-list NGFW_ONBOX_ACL advanced deny ip any any rule-id 1
pager lines 24
logging enable
logging timestamp
logging permit-hostdown
mtu outside 1492
mtu inside_2 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
mtu inside_8 1500
mtu diagnostic 1500
no failover
no monitor-interface inside
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (inside_8,outside) source dynamic any-ipv4 interface
nat (inside_7,outside) source dynamic any-ipv4 interface
nat (inside_6,outside) source dynamic any-ipv4 interface
nat (inside_5,outside) source dynamic any-ipv4 interface
nat (inside_4,outside) source dynamic any-ipv4 interface
nat (inside_3,outside) source dynamic any-ipv4 interface
nat (inside_2,outside) source static 180-fbeye-lan 180-fbeye-wan
nat (inside_2,outside) source static 181-fhc-omv-lan 181-fhc-omv-wan
nat (inside_2,outside) source static 179-ceyea-lan 179-ceyea-wan
nat (inside_2,outside) source static 178-proxmox-lan 178-proxmox-wan
nat (inside_2,outside) source static ssh223host interface service _|NatOrigSvc_e 5cd5819-9c2b-11ed-9921-8de78b0f1100 _|NatMappedSvc_e5cd5819-9c2b-11ed-9921-8de78 b0f1100
nat (inside_2,outside) source dynamic any interface
nat (inside_2,outside) source dynamic any-ipv4 interface
!
object network |192.168.5.68
nat (inside_2,outside) static interface service tcp 223 223

route outside 0.0.0.0 0.0.0.0 x.x.x.182 1
route inside 192.168.5.0 255.255.255.0 192.168.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 inside_3
http 0.0.0.0 0.0.0.0 inside_8
http 0.0.0.0 0.0.0.0 inside_7
http 0.0.0.0 0.0.0.0 inside_5
http 0.0.0.0 0.0.0.0 inside_6
http 0.0.0.0 0.0.0.0 inside_2
http 0.0.0.0 0.0.0.0 inside_4
ip-client inside_4
ip-client inside_4 ipv6
ip-client inside_6
ip-client inside_6 ipv6
ip-client inside_7
ip-client inside_7 ipv6
ip-client inside_8
ip-client inside_8 ipv6
ip-client diagnostic
ip-client diagnostic ipv6
ip-client inside_2
ip-client inside_2 ipv6
ip-client inside_3
ip-client inside_3 ipv6
ip-client inside_5
ip-client inside_5 ipv6
ip-client outside
ip-client outside ipv6
snmp-server group AUTH v3 auth
snmp-server group PRIV v3 priv
snmp-server group NOAUTH v3 noauth
snmp-server location null
snmp-server contact null
snmp-server community *****
sysopt connection tcpmss 1452
no sysopt connection permit-vpn
crypto ipsec security-association pmtu-aging infinite
crypto ca permit-weak-crypto
crypto ca trustpoint DefaultInternalCertificate
crl configure
crypto ca trustpoint DefaultWebserverCertificate
crl configure
crypto ca trustpool policy
crypto ikev2 policy 20
encryption aes-256 aes-192 aes
integrity sha512 sha384 sha256 sha
group 21 20 16 15 14
prf sha512 sha384 sha256 sha
lifetime seconds 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside_2
ssh 0.0.0.0 0.0.0.0 inside_3
ssh 0.0.0.0 0.0.0.0 inside_4
ssh 0.0.0.0 0.0.0.0 inside_5
ssh 0.0.0.0 0.0.0.0 inside_6
ssh 0.0.0.0 0.0.0.0 inside_7
ssh 0.0.0.0 0.0.0.0 inside_8
console timeout 0
vpdn group pppoewan request dialout pppoe
vpdn group pppoewan localname ****
vpdn group pppoewan ppp authentication chap
vpdn username **** password *****
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
!
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ssl-client
webvpn
anyconnect ssl dtls none
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
match default-inspection-traffic
class-map class_snmp
match port udp eq 4161
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
inspect xdmcp
class class_snmp
inspect snmp
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD CEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
snort preserve-connection
Cryptochecksum:128a3bfd78ccbecd831a7fc24947f69c
: end
>