Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
3
Replies

ASA 5580 static NAT problem

Go to solution
gasparmenendez
Level 3
Level 3

‎09-05-2017 08:04 AM - edited ‎02-21-2020 06:16 AM

Hi folks,

I have a PC with ip address 172.16.99.22 in my LAN behind INSIDE_Prueba interface of ASA and made a Static NAT rule to access the PC from de internet. It was working fine but suddenly it doesn't anymore. Here're some things that may help:

ASA5580# packet-tracer input outside tcp 3.3.3.3 12345 170.X.X.4 80

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network ALTAI
 nat (INSIDE_Prueba,OUTSIDE) static 170.X.X.4
Additional Information:
NAT divert to egress interface INSIDE_Prueba
Untranslate 170.X.X.4/80 to 172.16.99.22/80

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:       
access-group OUTSIDE_access_in in interface OUTSIDE
access-list OUTSIDE_access_in extended permit ip any object 172.16.99.22
access-list OUTSIDE_access_in remark Centro Valle
Additional Information:

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:       
Implicit Rule
Additional Information:

Result:
input-interface: OUTSIDE
input-status: up
input-line-status: up
output-interface: INSIDE_Prueba
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

 

ASA5580# sh nat

Auto NAT Policies (Section 2)
1 (CMTS) to (OUTSIDE) source static Stgo4646_3050 170.X.X.28   service tcp 3050 13050
    translate_hits = 0, untranslate_hits = 21
2 (CARRIERS) to (OUTSIDE) source static CACTI_Carrier 170.X.X.6  
    translate_hits = 35195, untranslate_hits = 253063
3 (CARRIERS) to (OUTSIDE) source static AutopartesStgo_Suc_NI_554 interface   service tcp rtsp 10554
    translate_hits = 0, untranslate_hits = 4
4 (CARRIERS) to (OUTSIDE) source static AutopartesStgo_Suc_NI_8000 interface   service tcp 8000 18000
    translate_hits = 0, untranslate_hits = 0
5 (CARRIERS) to (OUTSIDE) source static AutopartesStgo_Suc_NI_81 interface   service tcp 81 10081
    translate_hits = 0, untranslate_hits = 24
6 (CARRIERS) to (OUTSIDE) source static CentroValle_1930 interface   service tcp 1930 11930
    translate_hits = 7, untranslate_hits = 242
7 (CARRIERS) to (OUTSIDE) source static CentroValle_1946 interface   service tcp 1946 11946
    translate_hits = 12, untranslate_hits = 146
8 (CARRIERS) to (OUTSIDE) source static Ferrepisos_NI_3389 interface   service tcp 3389 13389
    translate_hits = 150, untranslate_hits = 13891
9 (CARRIERS) to (OUTSIDE) source static Ferrepisos_NI_8081 interface   service tcp 8081 18081
    translate_hits = 0, untranslate_hits = 2
10 (INSIDE_Prueba) to (OUTSIDE) source static ALTAI 170.X.X.4  
    translate_hits = 12805, untranslate_hits = 4440

 

Can anybody help please???

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gasparmenendez
Level 3
Level 3
In response to Maykol Rojas

‎09-05-2017 11:59 AM

never mind, laready solved!!

I was missing an access-rule

Thanks!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎09-05-2017 08:18 AM

Looks good. Can you get the syslogs when the connection attempt is made? Even if you do the packet tracer a syslog must be generated. 

 

Mike. 

Mike
0 Helpful

Go to solution
gasparmenendez
Level 3
Level 3
In response to Maykol Rojas

‎09-05-2017 08:39 AM

here's without attempting connection (from the ASDM):;

6|Sep 05 2017|10:39:15|302021|158.85.58.45|0|172.16.99.22|0|Teardown ICMP connection for faddr 158.85.58.45/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:15|302020|172.16.99.22|0|158.85.58.45|0|Built outbound ICMP connection for faddr 158.85.58.45/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:15|302015|172.16.99.22|34881|209.244.0.3|53|Built outbound UDP connection 1138427277 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/34881 (170.X.X.4/34881)
6|Sep 05 2017|10:39:14|106015|31.13.70.37|443|170.X.X.4|52401|Deny TCP (no connection) from 31.13.70.37/443 to 170.X.X.4/52401 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:39:14|106015|31.13.70.37|443|170.X.X.4|52401|Deny TCP (no connection) from 31.13.70.37/443 to 170.X.X.4/52401 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:39:14|302021|172.217.11.67|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:14|302020|172.16.99.22|0|172.217.11.67|0|Built outbound ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302021|172.217.5.78|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302020|172.16.99.22|0|172.217.5.78|0|Built outbound ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302021|31.13.77.5|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302020|172.16.99.22|0|31.13.77.5|0|Built outbound ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302021|172.217.5.78|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302021|216.58.216.10|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.216.10/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302020|172.16.99.22|0|172.217.5.78|0|Built outbound ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:13|302020|172.16.99.22|0|216.58.216.10|0|Built outbound ICMP connection for faddr 216.58.216.10/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:12|302015|172.16.99.22|38648|128.138.140.44|123|Built outbound UDP connection 1138425181 for OUTSIDE:128.138.140.44/123 (128.138.140.44/123) to INSIDE_Prueba:172.16.99.22/38648 (170.X.X.4/38648)
6|Sep 05 2017|10:39:12|302015|172.16.99.22|57783|209.244.0.3|53|Built outbound UDP connection 1138424980 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/57783 (170.X.X.4/57783)
6|Sep 05 2017|10:39:12|302015|172.16.99.22|48846|128.138.140.44|123|Built outbound UDP connection 1138424942 for OUTSIDE:128.138.140.44/123 (128.138.140.44/123) to INSIDE_Prueba:172.16.99.22/48846 (170.X.X.4/48846)
6|Sep 05 2017|10:39:11|302015|172.16.99.22|51280|209.244.0.4|53|Built outbound UDP connection 1138424403 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/51280 (170.X.X.4/51280)
6|Sep 05 2017|10:39:11|302013|172.16.99.22|41543|157.240.11.17|443|Built outbound TCP connection 1138424402 for OUTSIDE:157.240.11.17/443 (157.240.11.17/443) to INSIDE_Prueba:172.16.99.22/41543 (170.X.X.4/41543)
6|Sep 05 2017|10:39:11|302021|31.13.70.34|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.70.34/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:11|302020|172.16.99.22|0|31.13.70.34|0|Built outbound ICMP connection for faddr 31.13.70.34/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:11|302013|172.16.99.22|46864|216.58.219.14|443|Built outbound TCP connection 1138424352 for OUTSIDE:216.58.219.14/443 (216.58.219.14/443) to INSIDE_Prueba:172.16.99.22/46864 (170.X.X.4/46864)
6|Sep 05 2017|10:39:11|302015|172.16.99.22|54540|209.244.0.4|53|Built outbound UDP connection 1138424346 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/54540 (170.X.X.4/54540)
6|Sep 05 2017|10:39:11|302015|172.16.99.22|64207|209.244.0.4|53|Built outbound UDP connection 1138423901 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/64207 (170.X.X.4/64207)
6|Sep 05 2017|10:39:10|302021|158.85.48.234|0|172.16.99.22|0|Teardown ICMP connection for faddr 158.85.48.234/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:10|302021|31.13.70.1|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.70.1/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:10|302020|172.16.99.22|0|158.85.48.234|0|Built outbound ICMP connection for faddr 158.85.48.234/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:10|302020|172.16.99.22|0|31.13.70.1|0|Built outbound ICMP connection for faddr 31.13.70.1/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:10|302021|172.217.5.78|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:10|302020|172.16.99.22|0|172.217.5.78|0|Built outbound ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:09|302015|172.16.99.22|15834|209.244.0.4|53|Built outbound UDP connection 1138422808 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/15834 (170.X.X.4/15834)
6|Sep 05 2017|10:39:09|302015|172.16.99.22|56343|209.244.0.4|53|Built outbound UDP connection 1138422807 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/56343 (170.X.X.4/56343)
6|Sep 05 2017|10:39:09|302021|172.217.11.67|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:09|302020|172.16.99.22|0|172.217.11.67|0|Built outbound ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:08|302013|172.16.99.22|36937|54.83.199.9|80|Built outbound TCP connection 1138421850 for OUTSIDE:54.83.199.9/80 (54.83.199.9/80) to INSIDE_Prueba:172.16.99.22/36937 (170.X.X.4/36937)
6|Sep 05 2017|10:39:08|302013|172.16.99.22|34294|216.58.216.46|443|Built outbound TCP connection 1138421689 for OUTSIDE:216.58.216.46/443 (216.58.216.46/443) to INSIDE_Prueba:172.16.99.22/34294 (170.X.X.4/34294)
6|Sep 05 2017|10:39:08|302015|172.16.99.22|45614|209.244.0.3|53|Built outbound UDP connection 1138421638 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/45614 (170.X.X.4/45614)
6|Sep 05 2017|10:39:08|302015|172.16.99.22|32094|209.244.0.4|53|Built outbound UDP connection 1138421507 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/32094 (170.X.X.4/32094)
6|Sep 05 2017|10:39:08|302015|172.16.99.22|2012|209.244.0.4|53|Built outbound UDP connection 1138421345 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/2012 (170.X.X.4/2012)
6|Sep 05 2017|10:39:08|302021|31.13.77.5|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:08|302020|172.16.99.22|0|31.13.77.5|0|Built outbound ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:07|302021|172.217.5.78|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:07|302020|172.16.99.22|0|172.217.5.78|0|Built outbound ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:07|302015|172.16.99.22|28502|209.244.0.4|53|Built outbound UDP connection 1138420594 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/28502 (170.X.X.4/28502)
6|Sep 05 2017|10:39:07|302013|172.16.99.22|35795|31.13.77.5|443|Built outbound TCP connection 1138420593 for OUTSIDE:31.13.77.5/443 (31.13.77.5/443) to INSIDE_Prueba:172.16.99.22/35795 (170.X.X.4/35795)
6|Sep 05 2017|10:39:07|302015|172.16.99.22|32843|209.244.0.3|53|Built outbound UDP connection 1138420293 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/32843 (170.X.X.4/32843)
6|Sep 05 2017|10:39:07|302021|31.13.77.5|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:07|302021|31.13.70.1|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.70.1/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:07|302020|172.16.99.22|0|31.13.77.5|0|Built outbound ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:07|302020|172.16.99.22|0|31.13.70.1|0|Built outbound ICMP connection for faddr 31.13.70.1/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:07|106015|31.13.77.49|443|170.X.X.4|48659|Deny TCP (no connection) from 31.13.77.49/443 to 170.X.X.4/48659 flags ACK  on interface OUTSIDE
6|Sep 05 2017|10:39:07|106015|31.13.77.49|443|170.X.X.4|48659|Deny TCP (no connection) from 31.13.77.49/443 to 170.X.X.4/48659 flags ACK  on interface OUTSIDE
6|Sep 05 2017|10:39:06|302021|108.177.98.188|0|172.16.99.22|0|Teardown ICMP connection for faddr 108.177.98.188/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:06|302020|172.16.99.22|0|108.177.98.188|0|Built outbound ICMP connection for faddr 108.177.98.188/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:06|302015|172.16.99.22|6561|209.244.0.4|53|Built outbound UDP connection 1138419035 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/6561 (170.X.X.4/6561)
6|Sep 05 2017|10:39:06|302015|172.16.99.22|54176|209.244.0.3|53|Built outbound UDP connection 1138419024 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/54176 (170.X.X.4/54176)
6|Sep 05 2017|10:39:04|302015|172.16.99.22|2901|209.244.0.4|53|Built outbound UDP connection 1138418132 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/2901 (170.X.X.4/2901)
6|Sep 05 2017|10:39:04|302015|172.16.99.22|37748|209.244.0.3|53|Built outbound UDP connection 1138418090 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/37748 (170.X.X.4/37748)
6|Sep 05 2017|10:39:04|302021|172.217.5.78|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:04|302020|172.16.99.22|0|172.217.5.78|0|Built outbound ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:04|302021|172.217.11.67|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:04|302020|172.16.99.22|0|172.217.11.67|0|Built outbound ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:03|302021|31.13.70.1|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.70.1/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:03|302020|172.16.99.22|0|31.13.70.1|0|Built outbound ICMP connection for faddr 31.13.70.1/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:03|302013|172.16.99.22|59205|140.205.159.56|80|Built outbound TCP connection 1138417146 for OUTSIDE:140.205.159.56/80 (140.205.159.56/80) to INSIDE_Prueba:172.16.99.22/59205 (170.X.X.4/59205)
6|Sep 05 2017|10:39:03|302015|172.16.99.22|9119|209.244.0.4|53|Built outbound UDP connection 1138417097 for OUTSIDE:209.244.0.4/53 (209.244.0.4/53) to INSIDE_Prueba:172.16.99.22/9119 (170.X.X.4/9119)
6|Sep 05 2017|10:39:03|302015|172.16.99.22|9119|209.244.0.3|53|Built outbound UDP connection 1138417096 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/9119 (170.X.X.4/9119)
6|Sep 05 2017|10:39:03|302021|172.217.5.202|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.202/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:03|302021|172.217.4.170|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.4.170/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:03|302020|172.16.99.22|0|172.217.5.202|0|Built outbound ICMP connection for faddr 172.217.5.202/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:03|302020|172.16.99.22|0|172.217.4.170|0|Built outbound ICMP connection for faddr 172.217.4.170/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:01|302013|172.16.99.22|56595|173.194.161.43|443|Built outbound TCP connection 1138415180 for OUTSIDE:173.194.161.43/443 (173.194.161.43/443) to INSIDE_Prueba:172.16.99.22/56595 (170.X.X.4/56595)
6|Sep 05 2017|10:39:01|302013|172.16.99.22|56594|173.194.161.43|443|Built outbound TCP connection 1138415113 for OUTSIDE:173.194.161.43/443 (173.194.161.43/443) to INSIDE_Prueba:172.16.99.22/56594 (170.X.X.4/56594)
6|Sep 05 2017|10:39:01|302013|172.16.99.22|47903|216.58.217.206|443|Built outbound TCP connection 1138415110 for OUTSIDE:216.58.217.206/443 (216.58.217.206/443) to INSIDE_Prueba:172.16.99.22/47903 (170.X.X.4/47903)
6|Sep 05 2017|10:39:00|302015|172.16.99.22|22611|209.244.0.3|53|Built outbound UDP connection 1138415011 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/22611 (170.X.X.4/22611)
6|Sep 05 2017|10:39:00|302015|172.16.99.22|19618|209.244.0.3|53|Built outbound UDP connection 1138414984 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/19618 (170.X.X.4/19618)
6|Sep 05 2017|10:39:00|302013|172.16.99.22|59809|172.217.4.138|443|Built outbound TCP connection 1138414798 for OUTSIDE:172.217.4.138/443 (172.217.4.138/443) to INSIDE_Prueba:172.16.99.22/59809 (170.X.X.4/59809)
6|Sep 05 2017|10:39:00|302015|172.16.99.22|34099|209.244.0.3|53|Built outbound UDP connection 1138414761 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/34099 (170.X.X.4/34099)
6|Sep 05 2017|10:39:00|302015|172.16.99.22|58336|209.244.0.3|53|Built outbound UDP connection 1138414723 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/58336 (170.X.X.4/58336)
6|Sep 05 2017|10:39:00|302021|172.217.5.78|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:00|302021|172.217.11.174|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.11.174/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:00|302020|172.16.99.22|0|172.217.5.78|0|Built outbound ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:00|302020|172.16.99.22|0|172.217.11.174|0|Built outbound ICMP connection for faddr 172.217.11.174/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:39:00|302013|172.16.99.22|58321|172.217.5.74|443|Built outbound TCP connection 1138414376 for OUTSIDE:172.217.5.74/443 (172.217.5.74/443) to INSIDE_Prueba:172.16.99.22/58321 (170.X.X.4/58321)
6|Sep 05 2017|10:38:59|302015|172.16.99.22|22705|209.244.0.3|53|Built outbound UDP connection 1138413864 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/22705 (170.X.X.4/22705)
6|Sep 05 2017|10:38:59|302021|31.13.77.5|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:59|302020|172.16.99.22|0|31.13.77.5|0|Built outbound ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:59|302021|158.85.48.234|0|172.16.99.22|0|Teardown ICMP connection for faddr 158.85.48.234/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:59|302020|172.16.99.22|0|158.85.48.234|0|Built outbound ICMP connection for faddr 158.85.48.234/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:59|106015|31.13.70.1|443|170.X.X.4|39776|Deny TCP (no connection) from 31.13.70.1/443 to 170.X.X.4/39776 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:38:59|106015|31.13.70.1|443|170.X.X.4|39776|Deny TCP (no connection) from 31.13.70.1/443 to 170.X.X.4/39776 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:38:59|106015|52.16.13.130|5223|170.X.X.4|40720|Deny TCP (no connection) from 52.16.13.130/5223 to 170.X.X.4/40720 flags PSH ACK  on interface OUTSIDE
6|Sep 05 2017|10:38:59|106015|52.16.13.130|5223|170.X.X.4|40720|Deny TCP (no connection) from 52.16.13.130/5223 to 170.X.X.4/40720 flags PSH ACK  on interface OUTSIDE
6|Sep 05 2017|10:38:58|302021|172.217.5.78|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:58|302020|172.16.99.22|0|172.217.5.78|0|Built outbound ICMP connection for faddr 172.217.5.78/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:57|302013|172.16.99.22|56919|217.12.210.54|53|Built outbound TCP connection 1138411692 for OUTSIDE:217.12.210.54/53 (217.12.210.54/53) to INSIDE_Prueba:172.16.99.22/56919 (170.X.X.4/56919)
6|Sep 05 2017|10:38:56|302013|172.16.99.22|51162|162.211.64.20|53|Built outbound TCP connection 1138411604 for OUTSIDE:162.211.64.20/53 (162.211.64.20/53) to INSIDE_Prueba:172.16.99.22/51162 (170.X.X.4/51162)
6|Sep 05 2017|10:38:56|302021|172.217.11.67|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:56|302021|172.217.4.131|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.4.131/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:56|302021|172.217.11.174|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.11.174/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:56|302020|172.16.99.22|0|172.217.11.67|0|Built outbound ICMP connection for faddr 172.217.11.67/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:56|302020|172.16.99.22|0|172.217.4.131|0|Built outbound ICMP connection for faddr 172.217.4.131/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:56|302020|172.16.99.22|0|172.217.11.174|0|Built outbound ICMP connection for faddr 172.217.11.174/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:38:56|302013|172.16.99.22|51162|162.211.64.20|53|Built outbound TCP connection 1138411131 for OUTSIDE:162.211.64.20/53 (162.211.64.20/53) to INSIDE_Prueba:172.16.99.22/51162 (170.X.X.4/51162)

 

and here trying to connect:

6|Sep 05 2017|10:42:13|302021|108.168.176.241|0|172.16.99.22|0|Teardown ICMP connection for faddr 108.168.176.241/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:13|302020|172.16.99.22|0|108.168.176.241|0|Built outbound ICMP connection for faddr 108.168.176.241/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:13|302021|216.58.216.35|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.216.35/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:13|302021|172.217.4.142|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.4.142/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:13|302020|172.16.99.22|0|216.58.216.35|0|Built outbound ICMP connection for faddr 216.58.216.35/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:13|302020|172.16.99.22|0|172.217.4.142|0|Built outbound ICMP connection for faddr 172.217.4.142/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:12|302021|31.13.77.5|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:12|302020|172.16.99.22|0|31.13.77.5|0|Built outbound ICMP connection for faddr 31.13.77.5/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:12|302015|172.16.99.22|58235|209.244.0.3|53|Built outbound UDP connection 1138576041 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/58235 (170.X.X.4/58235)
6|Sep 05 2017|10:42:12|106015|74.6.34.10|443|170.X.X.4|38502|Deny TCP (no connection) from 74.6.34.10/443 to 170.X.X.4/38502 flags ACK  on interface OUTSIDE
6|Sep 05 2017|10:42:12|106015|74.6.34.10|443|170.X.X.4|38502|Deny TCP (no connection) from 74.6.34.10/443 to 170.X.X.4/38502 flags ACK  on interface OUTSIDE
6|Sep 05 2017|10:42:12|302021|216.58.219.14|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:12|302021|31.13.70.34|0|172.16.99.22|0|Teardown ICMP connection for faddr 31.13.70.34/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:12|302020|172.16.99.22|0|216.58.219.14|0|Built outbound ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:12|302020|172.16.99.22|0|31.13.70.34|0|Built outbound ICMP connection for faddr 31.13.70.34/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:11|302015|172.16.99.22|43395|209.244.0.3|53|Built outbound UDP connection 1138575403 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/43395 (170.X.X.4/43395)
6|Sep 05 2017|10:42:10|302015|172.16.99.22|27212|8.8.8.8|53|Built outbound UDP connection 1138574940 for OUTSIDE:8.8.8.8/53 (8.8.8.8/53) to INSIDE_Prueba:172.16.99.22/27212 (170.X.X.4/27212)
6|Sep 05 2017|10:42:10|302021|169.45.210.72|0|172.16.99.22|0|Teardown ICMP connection for faddr 169.45.210.72/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:10|302021|216.58.219.14|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:10|302020|172.16.99.22|0|216.58.219.14|0|Built outbound ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:10|302020|172.16.99.22|0|169.45.210.72|0|Built outbound ICMP connection for faddr 169.45.210.72/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:10|302021|172.217.4.142|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.4.142/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:10|302020|172.16.99.22|0|172.217.4.142|0|Built outbound ICMP connection for faddr 172.217.4.142/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:10|106015|52.26.205.231|443|170.X.X.4|54143|Deny TCP (no connection) from 52.26.205.231/443 to 170.X.X.4/54143 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:42:10|106015|52.26.205.231|443|170.X.X.4|54143|Deny TCP (no connection) from 52.26.205.231/443 to 170.X.X.4/54143 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:42:09|302013|172.16.99.22|59168|52.40.40.14|443|Built outbound TCP connection 1138573944 for OUTSIDE:52.40.40.14/443 (52.40.40.14/443) to INSIDE_Prueba:172.16.99.22/59168 (170.X.X.4/59168)
6|Sep 05 2017|10:42:09|106015|157.240.11.32|443|170.X.X.4|51308|Deny TCP (no connection) from 157.240.11.32/443 to 170.X.X.4/51308 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:42:09|106015|157.240.11.32|443|170.X.X.4|51308|Deny TCP (no connection) from 157.240.11.32/443 to 170.X.X.4/51308 flags RST  on interface OUTSIDE
6|Sep 05 2017|10:42:09|302021|216.58.219.14|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:09|302021|216.58.216.42|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.216.42/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:09|302020|172.16.99.22|0|216.58.216.42|0|Built outbound ICMP connection for faddr 216.58.216.42/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:09|302020|172.16.99.22|0|216.58.219.14|0|Built outbound ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:09|302015|172.16.99.22|32534|209.244.0.3|53|Built outbound UDP connection 1138573473 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/32534 (170.X.X.4/32534)
6|Sep 05 2017|10:42:09|302013|172.16.99.22|54758|157.240.11.32|443|Built outbound TCP connection 1138573472 for OUTSIDE:157.240.11.32/443 (157.240.11.32/443) to INSIDE_Prueba:172.16.99.22/54758 (170.X.X.4/54758)
6|Sep 05 2017|10:42:08|302015|172.16.99.22|63655|209.244.0.3|53|Built outbound UDP connection 1138573119 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/63655 (170.X.X.4/63655)
6|Sep 05 2017|10:42:08|302021|74.125.23.94|0|172.16.99.22|0|Teardown ICMP connection for faddr 74.125.23.94/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:08|302020|172.16.99.22|0|74.125.23.94|0|Built outbound ICMP connection for faddr 74.125.23.94/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:08|302013|172.16.99.22|38502|74.6.34.10|443|Built outbound TCP connection 1138572764 for OUTSIDE:74.6.34.10/443 (74.6.34.10/443) to INSIDE_Prueba:172.16.99.22/38502 (170.X.X.4/38502)
6|Sep 05 2017|10:42:08|302013|172.16.99.22|63928|193.242.211.137|80|Built outbound TCP connection 1138572611 for OUTSIDE:193.242.211.137/80 (193.242.211.137/80) to INSIDE_Prueba:172.16.99.22/63928 (170.X.X.4/63928)
6|Sep 05 2017|10:42:08|302015|172.16.99.22|55868|209.244.0.3|53|Built outbound UDP connection 1138572476 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/55868 (170.X.X.4/55868)
6|Sep 05 2017|10:42:07|302013|172.16.99.22|63927|89.18.27.34|53|Built outbound TCP connection 1138572238 for OUTSIDE:89.18.27.34/53 (89.18.27.34/53) to INSIDE_Prueba:172.16.99.22/63927 (170.X.X.4/63927)
6|Sep 05 2017|10:42:07|302015|172.16.99.22|65329|209.244.0.3|53|Built outbound UDP connection 1138572108 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/65329 (170.X.X.4/65329)
6|Sep 05 2017|10:42:07|302021|172.217.4.142|0|172.16.99.22|0|Teardown ICMP connection for faddr 172.217.4.142/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:07|302020|172.16.99.22|0|172.217.4.142|0|Built outbound ICMP connection for faddr 172.217.4.142/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:07|302021|169.45.210.72|0|172.16.99.22|0|Teardown ICMP connection for faddr 169.45.210.72/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:07|302021|216.58.219.14|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:07|302020|172.16.99.22|0|216.58.219.14|0|Built outbound ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:07|302020|172.16.99.22|0|169.45.210.72|0|Built outbound ICMP connection for faddr 169.45.210.72/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:06|302013|172.16.99.22|34599|192.44.68.6|80|Built outbound TCP connection 1138571486 for OUTSIDE:192.44.68.6/80 (192.44.68.6/80) to INSIDE_Prueba:172.16.99.22/34599 (170.X.X.4/34599)
6|Sep 05 2017|10:42:06|302015|172.16.99.22|18515|209.244.0.3|53|Built outbound UDP connection 1138571231 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/18515 (170.X.X.4/18515)
6|Sep 05 2017|10:42:06|302015|172.16.99.22|53695|209.244.0.3|53|Built outbound UDP connection 1138571164 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/53695 (170.X.X.4/53695)
6|Sep 05 2017|10:42:06|302021|216.58.216.42|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.216.42/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:06|302021|216.58.219.14|0|172.16.99.22|0|Teardown ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:06|302020|172.16.99.22|0|216.58.216.42|0|Built outbound ICMP connection for faddr 216.58.216.42/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:06|302020|172.16.99.22|0|216.58.219.14|0|Built outbound ICMP connection for faddr 216.58.219.14/0 gaddr 170.X.X.4/0 laddr 172.16.99.22/0
6|Sep 05 2017|10:42:06|302015|172.16.99.22|59488|209.244.0.3|53|Built outbound UDP connection 1138570832 for OUTSIDE:209.244.0.3/53 (209.244.0.3/53) to INSIDE_Prueba:172.16.99.22/59488 (170.X.X.4/59488)

 

Thanks.

0 Helpful

Go to solution
gasparmenendez
Level 3
Level 3
In response to Maykol Rojas

‎09-05-2017 11:59 AM

never mind, laready solved!!

I was missing an access-rule

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card