12-22-2020 12:16 AM
Dear Experts,
I'm facing a problem with communication between two interfaces (outside) with different public IPs. On one of them, I have an AnyConnect server and on a second one, terminated VPNs to the data centres. I would like to allow traffic from Interface1 (from AnyConnect address pool) to the remote network (through the VPN terminated on an Interface2).
I've checked the box "Enable traffic between two or more interfaces with the same security[...]", but on both interfaces, I have access-lists so it does not apply in my case. Packet tracer shows that packets are dropped on an implicit rule, but I've added permit to the ACL.
What else I can do?
12-22-2020 12:22 AM
Potentially you'll need a NAT exemption rule, from src interface1 to dst interface2 to ensure that traffic between those networks are not unintentially natted. Provide your configuration if you require further assistance
12-22-2020 12:51 AM - edited 12-22-2020 01:06 AM
Hi @Rob Ingram,
I've tried to add something similar, but it doesn't help.
Below you can find a sh run result
: Saved : : Serial Number: xxxxxxxxxx : Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores) : ASA Version 9.8(4)26 ! names no mac-address auto ip local pool AnyConnect_pool 192.168.222.10-192.168.222.200 mask 255.255.255.0 ip local pool PG_AnyConnect_pool 192.168.223.10-192.168.223.30 mask 255.255.255.224 ip local pool Any_INFRA_LW 192.168.224.10-192.168.224.50 mask 255.255.255.0 ! interface GigabitEthernet1/1 description Inside nameif InsideSRV security-level 90 ip address 192.168.194.1 255.255.254.0 standby 192.168.194.2 ! interface GigabitEthernet1/2 nameif DMZPublic security-level 10 no ip address ! interface GigabitEthernet1/2.41 vlan 41 nameif Public_DMZ security-level 10 ip address 194.213.22.1 255.255.255.0 standby 194.213.22.254 ! interface GigabitEthernet1/2.42 vlan 42 nameif Public2_DMZ security-level 10 ip address 193.59.39.1 255.255.255.128 standby 193.59.39.2 ! interface GigabitEthernet1/2.43 vlan 43 nameif Public3_DMZ security-level 10 ip address 77.65.153.1 255.255.255.128 standby 77.65.153.2 ! interface GigabitEthernet1/4 description Public network routed no nameif no security-level no ip address ! interface GigabitEthernet1/4.101 vlan 101 nameif ASA_to_Core security-level 90 ip address 192.168.101.1 255.255.255.0 standby 192.168.101.2 ! interface GigabitEthernet1/4.255 vlan 255 nameif wifi_guest security-level 20 ip address 172.16.1.1 255.255.255.0 standby 172.16.1.2 ! interface GigabitEthernet1/5 description To_BGP_Router nameif To_ISPs_77.65.153.254 security-level 0 ip address 77.65.153.254 255.255.255.240 standby 77.65.153.253 ! interface GigabitEthernet1/6 description To_BGP_Router nameif To_ISPs security-level 0 ip address 193.59.39.254 255.255.255.240 standby 193.59.39.253 ! interface GigabitEthernet1/7 description STATE Failover Interface ! interface GigabitEthernet1/8 description LAN Failover Interface ! interface Management1/1 management-only no nameif no security-level no ip address ! boot system disk0:/asa992-36-lfbff-k8.SPA boot system disk0:/asa9-13-1-lfbff-k8.SPA no ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns domain-lookup InsideSRV dns domain-lookup DMZPublic dns domain-lookup Public_DMZ dns domain-lookup Public2_DMZ dns domain-lookup management dns domain-lookup ASA_to_Core dns domain-lookup wifi_guest dns domain-lookup To_ISPs dns domain-lookup To_ISPs_77.65.153.254 dns domain-lookup Public3_DMZ dns server-group DefaultDNS name-server 192.168.194.201 InsideSRV domain-name intra.anixe.pl same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network NETWORK_OBJ_192.168.194.0_23 subnet 192.168.194.0 255.255.254.0 object network VPNSiteToSiteRouter host 194.213.22.250 description Router do VPN Site-to-Site object network Public_194.213.22.2 host 194.213.22.2 object network NETWORK_OBJ_194.213.22.0_24 subnet 194.213.22.0 255.255.255.0 object network BEYOND_10.117.104.0 subnet 10.117.104.0 255.255.255.0 object network BEYOND_10.33.18.0 subnet 10.33.18.0 255.255.255.0 object network ATM_10.5.1.0 subnet 10.5.1.0 255.255.255.0 object network ATM_10.5.143.0 subnet 10.5.143.0 255.255.255.0 object network ATM_10.6.253.0 subnet 10.6.253.0 255.255.255.0 object network ATM_10.4.0.0 subnet 10.4.0.0 255.255.0.0 object network Anyconnect_Address_Pool subnet 192.168.222.0 255.255.255.0 object network wheels_acc_80 host 192.168.195.18 object network logmachine.anixe.pl host 192.168.194.53 object network 10.117.106.0 subnet 10.117.106.0 255.255.255.0 object service 5671 service tcp destination eq 5671 description wheels_acc object service 15672 service tcp destination eq 15672 description wheels_acc_15672 object network NETWORK_OBJ_192.168.195.142 host 192.168.195.142 object network RFC_10.0.0.0 subnet 10.0.0.0 255.0.0.0 object network Hostmonitor_Public host 194.213.22.140 object network OVH_178.32.205.187 host 178.32.205.187 object network FlyTap_77.79.212.74 host 77.79.212.74 object network acc-paysecure_public.223 host 194.213.22.223 object network Management_network subnet 192.168.254.0 255.255.255.0 object network GULF_178.32.205.187 host 178.32.205.187 object network FlyTap_ATM_77.79.212.101 host 77.79.212.101 object network FlyTap_R3Admin_77.79.212.72 host 77.79.212.72 object network Tap_Ebroker_91.198.90.105 host 91.198.90.105 object network HITIT_ACC_129.1.20.10 host 129.1.20.10 object network Beyond_Network_outside subnet 92.43.117.0 255.255.255.0 object network Beyond_109.205.52.0 subnet 109.205.52.0 255.255.255.0 object network Beyond_net_109.205.52.0 subnet 109.205.52.0 255.255.255.0 object network KCH_MACBook_192.168.195.100 host 192.168.195.100 object network Public_PCI-194.213.22.65 host 194.213.22.65 object network ATM_10.6.0.0 subnet 10.6.0.0 255.255.255.0 object network ATM_10.6.1.0 subnet 10.6.1.0 255.255.255.0 object network ATM_10.6.254.0 subnet 10.6.254.0 255.255.255.0 object network 194.213.22.72 host 194.213.22.72 object service 9000 service tcp destination eq 9000 description TeamCity object service 8443 service tcp destination eq 8443 object service 8080 service tcp destination eq 8080 object service 1055 service tcp destination eq 1055 object service 5057 service tcp destination eq 5057 object service 8000 service tcp destination eq 8000 object network 194.213.22.181 host 194.213.22.181 object service 4567 service tcp destination eq 4567 object service 8889 service tcp destination eq 8889 object service 465 service tcp destination eq 465 object service 993 service tcp destination eq 993 object service 995 service tcp destination eq 995 object service 587 service tcp destination eq 587 object service 60000 object service 1529 service tcp destination eq 1529 object service 1194_tcp service tcp destination eq 1194 object service 1194_udp service udp destination eq 1194 object service 1022 service tcp destination eq 1022 object network 194.213.22.104 host 194.213.22.104 description TAPTest2012 object network 194.213.22.103 host 194.213.22.103 description OldTensai object service 81 service tcp destination eq 81 object network 194.213.22.105 host 194.213.22.105 description Cacti object service 873 service tcp destination eq 873 object service 990 service tcp destination eq 990 object network 193.59.39.2 host 193.59.39.2 object network 194.213.22.223 host 194.213.22.223 object network KCH-WRO-001_192.168.195.136 host 192.168.195.136 object service Range6000 object service range6k service tcp destination range 6000 6600 object network 10.4.4.254 host 10.4.4.254 object network HER01 host 10.30.130.224 object network 10.83.48.120 host 10.83.48.120 object network 10.83.48.19 host 10.83.48.19 object network CiscoSX-20-vcs12 host 192.168.195.143 object network CiscoSX-20-vcs11 host 192.168.195.142 object network INSIDE_PAT_IP host 192.168.195.254 object network FTI_10.83.42.210 host 10.83.42.210 object network FTI_10.83.41.17 host 10.83.41.17 object network 10.90.0.225 host 10.90.0.225 object network GCloud_10.0.2.0 subnet 10.0.2.0 255.255.255.0 object network GCloud_10.0.3.0 subnet 10.0.3.0 255.255.255.0 object network 10.97.2.224 host 10.97.2.224 object network 10.97.2.225 host 10.97.2.225 object network 10.97.2.226 host 10.97.2.226 object service 445 service tcp destination eq 445 object network 10.83.43.191 host 10.83.43.191 object network 52.58.112.76 host 52.58.112.76 object network 85.255.10.103 host 85.255.10.103 object network anx-cl-agent host 194.213.22.113 object network anx-cl-server host 194.213.22.114 object network CyberLogic host 46.103.121.154 object service RDP_UDP service udp destination eq 3389 object service RDP_TCP service tcp destination eq 3389 object network 97.65.24.2 host 97.65.24.2 object network 190.166.237.250 host 190.166.237.250 object network 41.33.48.194 host 41.33.48.194 object network 41.33.114.210 host 41.33.114.210 object network 41.187.76.33 host 41.187.76.33 object network 41.33.124.18 host 41.33.124.18 object network 41.33.102.34 host 41.33.102.34 object network 41.33.145.242 host 41.33.145.242 object network 213.249.13.46 host 213.249.13.46 object network 213.249.49.201 host 213.249.49.201 object network 83.235.16.9 host 83.235.16.9 object network PG-AnyConnect-Pool_192.168.223.0 range 192.168.223.10 192.168.223.30 object network 10.30.2.225 host 10.30.2.225 object network Serwer_Radius host 192.168.194.100 object service 8082 service tcp destination eq 8082 object service 8089 service tcp destination eq 8089 object service 8085 service tcp destination eq 8085 object service 8083 service tcp destination eq 8083 object service 8086 service tcp destination eq 8086 object network 10.83.48.131 host 10.83.48.131 object network CyberLogic_2 host 178.59.16.232 object network 194.213.22.133 host 194.213.22.133 object network PCILogs host 192.168.194.111 object network 192.168.194.118 host 192.168.194.118 object network 35.234.74.0 host 35.234.74.0 object service 9200 service tcp destination eq 9200 object network 192.168.195.121 host 192.168.195.121 object service 27017 service tcp destination eq 27017 object network 192.168.194.170 host 192.168.194.170 object service 2525 service tcp destination eq 2525 object network 10.90.8.224 host 10.90.8.224 object network 10.35.2.224 host 10.35.2.224 object network 10.35.2.225 host 10.35.2.225 object network 10.90.8.225 host 10.90.8.225 object service 9201 service tcp destination eq 9200 object network NBCACC host 192.168.194.32 object service 3269 service tcp destination eq 3269 object service 3268 service tcp destination eq 3268 object service 636 service tcp destination eq ldaps object network 10.233.2.0 subnet 10.233.2.0 255.255.255.0 object network NETWORK_OBJ_192.168.195.185 host 192.168.195.185 object network 194.213.22.99 host 194.213.22.99 description Gulf Acc v2 object network 192.168.194.194 host 192.168.194.194 description MPA-WN object network 10.233.4.2 host 10.233.4.2 object network PCI-TEST_194.213.22.212 host 194.213.22.212 object network 194.182.86.149 host 194.182.86.149 object network 176.107.130.245 host 176.107.130.245 object network 195.181.215.158 host 195.181.215.158 object network 10.33.19.0 subnet 10.33.19.0 255.255.255.0 object network 192.168.194.134 host 192.168.194.134 object network 35.246.224.209 host 35.246.224.209 object network Infra-Host host 192.168.194.134 object network 10.10.0.0 subnet 10.10.0.0 255.255.0.0 object network JZU_WIFI_192.168.195.106 host 192.168.195.106 object network JZU_ETH_192.168.195.172 host 192.168.195.172 object network NewFPMC host 192.168.194.196 object network GuestsANX subnet 172.16.1.0 255.255.255.0 object network 10.33.21.0 subnet 10.33.21.0 255.255.255.0 object network 10.33.20.0 subnet 10.33.20.0 255.255.255.0 object network CACTI host 192.168.195.128 object network 10.33.23.0 subnet 10.33.23.0 255.255.255.0 object network 192.168.194.93 host 192.168.194.93 object network 37.187.101.6 host 37.187.101.6 object network AnyConnect-Infra-LW subnet 192.168.224.0 255.255.255.0 object network 10.33.24.0 subnet 10.33.24.0 255.255.255.0 object network ATH_Office_LAN_192.168.59.0 subnet 192.168.59.0 255.255.255.0 object network 10.83.43.222_Bamboo host 10.83.43.222 object network 10.83.20.162_FTI-BI host 10.83.20.162 object network 10.83.20.163_FTI-BI host 10.83.20.163 object service SSH service tcp destination eq ssh object service 4443 service tcp destination eq 4443 object network InsideSRV-network-23 subnet 192.168.194.0 255.255.254.0 object network 194.213.22.21 host 194.213.22.21 object network 109.233.88.8 host 109.233.88.8 object network 77.65.153.241 host 77.65.153.241 object network 10.2.0.0 subnet 10.2.0.0 255.255.0.0 object network ATH-EDGE_62.74.200.103 host 62.74.200.103 object network 192.168.222.160 host 192.168.222.160 object network 10.2.0.2 host 10.2.0.2 object network 10.2.0.3 host 10.2.0.3 object network 192.168.222.177 host 192.168.222.177 object network 10.1.100.81 host 10.1.100.81 object network 95.211.42.219_LW host 95.211.42.219 object-group network DM_INLINE_NETWORK_1 network-object object ATM_10.4.0.0 network-object object ATM_10.5.1.0 network-object object ATM_10.5.143.0 network-object object ATM_10.6.253.0 object-group network DM_INLINE_NETWORK_2 network-object object BEYOND_10.117.104.0 network-object object BEYOND_10.33.18.0 object-group network DM_INLINE_NETWORK_3 network-object 192.168.194.0 255.255.254.0 network-object 10.117.104.0 255.255.255.0 network-object 10.117.105.0 255.255.255.0 network-object 10.33.18.0 255.255.255.0 network-object 10.4.0.0 255.255.0.0 network-object 10.5.1.0 255.255.255.0 network-object 10.5.143.0 255.255.255.0 network-object 10.83.0.0 255.255.0.0 network-object object 10.117.106.0 network-object object ATM_10.6.1.0 network-object 10.6.0.0 255.255.255.0 network-object 10.6.253.0 255.255.255.0 network-object 10.6.254.0 255.255.255.0 network-object object 10.33.23.0 object-group network DM_INLINE_NETWORK_4 network-object 192.168.254.0 255.255.255.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_6 network-object object 194.213.22.223 network-object object Hostmonitor_Public object-group service DM_INLINE_SERVICE_1 service-object tcp destination eq www service-object tcp destination eq https service-object object 15672 service-object object 5671 object-group network DM_INLINE_NETWORK_10 network-object host 194.213.22.154 network-object host 194.213.22.160 object-group network DM_INLINE_NETWORK_9 network-object object BEYOND_10.117.104.0 network-object object BEYOND_10.33.18.0 object-group network DM_INLINE_NETWORK_11 network-object host 194.213.22.147 network-object host 194.213.22.148 network-object host 194.213.22.191 object-group network DM_INLINE_NETWORK_12 network-object host 194.213.22.117 network-object host 194.213.22.118 network-object host 194.213.22.120 network-object host 194.213.22.122 network-object host 194.213.22.123 network-object host 194.213.22.124 network-object host 194.213.22.125 network-object host 194.213.22.126 network-object host 194.213.22.127 network-object host 194.213.22.128 object-group network DM_INLINE_NETWORK_14 network-object object FlyTap_77.79.212.74 network-object object FlyTap_ATM_77.79.212.101 network-object object FlyTap_R3Admin_77.79.212.72 object-group network DM_INLINE_NETWORK_29 network-object 192.168.194.0 255.255.254.0 network-object 194.213.22.0 255.255.255.0 object-group network DM_INLINE_NETWORK_15 network-object object Beyond_Network_outside network-object object Beyond_109.205.52.0 network-object object Beyond_net_109.205.52.0 object-group network DM_INLINE_NETWORK_19 network-object object ATM_10.6.253.0 network-object object ATM_10.6.254.0 network-object object ATM_10.6.1.0 network-object object ATM_10.6.0.0 object-group network DM_INLINE_NETWORK_20 network-object object ATM_10.6.0.0 network-object object ATM_10.6.1.0 network-object object ATM_10.6.253.0 network-object object ATM_10.6.254.0 object-group network DM_INLINE_NETWORK_5 network-object object KCH_MACBook_192.168.195.100 network-object object KCH-WRO-001_192.168.195.136 network-object object JZU_ETH_192.168.195.172 network-object object JZU_WIFI_192.168.195.106 network-object object PG-AnyConnect-Pool_192.168.223.0 object-group service DM_INLINE_SERVICE_2 service-object icmp service-object tcp destination eq www service-object tcp destination eq https service-object object 873 object-group service DM_INLINE_SERVICE_11 service-object icmp service-object tcp destination eq ssh object-group network LogicalTrust network-object object 52.58.112.76 network-object object 85.255.10.103 network-object object 176.107.130.245 network-object object 194.182.86.149 network-object object 195.181.215.158 network-object object 37.187.101.6 object-group network DM_INLINE_NETWORK_46 network-object 192.168.194.0 255.255.254.0 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group service DM_INLINE_TCP_3 tcp port-object eq www port-object eq https object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service DM_INLINE_TCP_4 tcp port-object eq www port-object eq https port-object eq ssh object-group service DM_INLINE_SERVICE_3 service-object ip service-object object 1055 service-object object 5057 service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_4 service-object object 4567 service-object object 8000 service-object object 8889 service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq ssh object-group service DM_INLINE_SERVICE_5 service-object icmp service-object object 465 service-object object 587 service-object object 993 service-object object 995 service-object tcp destination eq imap4 service-object tcp destination eq pop3 service-object tcp destination eq smtp object-group service DM_INLINE_SERVICE_10 service-object icmp service-object tcp destination eq www service-object tcp destination eq ssh service-object tcp destination eq https object-group network DM_INLINE_NETWORK_13 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool network-object object AnyConnect-Infra-LW object-group network DM_INLINE_NETWORK_23 network-object 192.168.194.0 255.255.254.0 network-object object 10.117.106.0 network-object object ATM_10.4.0.0 network-object object ATM_10.5.1.0 network-object object ATM_10.5.143.0 network-object object BEYOND_10.117.104.0 network-object object BEYOND_10.33.18.0 network-object 10.117.105.0 255.255.255.0 network-object object GCloud_10.0.2.0 network-object object GCloud_10.0.3.0 network-object object 10.33.23.0 object-group network DM_INLINE_NETWORK_24 network-object object ATM_10.4.0.0 network-object object ATM_10.5.1.0 network-object object ATM_10.5.143.0 network-object object ATM_10.6.253.0 network-object object BEYOND_10.117.104.0 network-object object 10.117.106.0 network-object object 10.2.0.0 object-group service DM_INLINE_SERVICE_7 service-object tcp-udp destination eq domain service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq https port-object eq ssh object-group service DM_INLINE_SERVICE_9 service-object icmp service-object tcp destination eq domain service-object udp destination eq domain object-group service DM_INLINE_SERVICE_12 service-object icmp service-object object 81 service-object tcp destination eq www object-group network DM_INLINE_NETWORK_7 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group service DM_INLINE_TCP_5 tcp port-object eq www port-object eq https port-object eq ssh object-group service DM_INLINE_SERVICE_8 service-object object 990 service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object tcp destination eq www service-object tcp destination eq ssh object-group network DM_INLINE_NETWORK_8 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group service DM_INLINE_SERVICE_14 service-object icmp time-exceeded service-object icmp traceroute service-object icmp unreachable service-object icmp6 echo-reply service-object icmp6 time-exceeded object-group network DM_INLINE_NETWORK_17 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_18 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_25 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_28 network-object object CiscoSX-20-vcs12 network-object object CiscoSX-20-vcs11 object-group service DM_INLINE_SERVICE_16 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group network DM_INLINE_NETWORK_30 network-object object CiscoSX-20-vcs12 network-object object CiscoSX-20-vcs11 object-group network DM_INLINE_NETWORK_31 network-object object CiscoSX-20-vcs12 network-object object CiscoSX-20-vcs11 object-group network DM_INLINE_NETWORK_32 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_33 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_34 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_35 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_36 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_37 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_38 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_39 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_40 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_41 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_42 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_43 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_44 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_45 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group service DM_INLINE_SERVICE_17 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group network DM_INLINE_NETWORK_52 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_53 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_55 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_57 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group service DM_INLINE_SERVICE_18 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group network DM_INLINE_NETWORK_59 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_60 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_61 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_62 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_63 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_64 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_56 network-object host 194.213.22.154 network-object host 194.213.22.160 object-group network DM_INLINE_NETWORK_47 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_48 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_49 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_50 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_51 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_54 network-object 194.213.22.0 255.255.255.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_21 network-object object NewFPMC network-object object CACTI object-group network DM_INLINE_NETWORK_65 network-object object anx-cl-agent network-object object anx-cl-server object-group network DM_INLINE_NETWORK_66 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_67 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group service DM_INLINE_SERVICE_19 service-object object RDP_TCP service-object object RDP_UDP object-group network MeetingPointGroup network-object host 152.206.108.34 network-object host 177.237.78.34 network-object host 194.224.194.106 network-object host 194.224.194.26 network-object host 194.224.194.66 network-object host 194.224.194.90 network-object host 194.224.195.250 network-object host 195.158.111.187 network-object host 195.158.91.167 network-object host 195.175.18.82 network-object host 195.175.18.94 network-object host 195.175.65.206 network-object host 195.175.65.98 network-object host 195.175.66.22 network-object host 195.235.90.122 network-object host 195.53.118.42 network-object host 195.53.241.210 network-object host 195.53.245.10 network-object host 195.53.245.26 network-object host 195.53.245.2 network-object host 195.53.245.42 network-object host 195.53.245.58 network-object host 195.53.245.66 network-object host 195.76.192.154 network-object host 195.76.202.250 network-object host 212.156.124.154 network-object host 213.150.169.162 network-object host 213.4.210.58 network-object host 213.99.25.178 network-object host 217.125.25.164 network-object host 5.97.200.154 network-object host 58.137.228.98 network-object host 77.208.19.136 network-object host 80.106.4.130 network-object host 80.35.254.239 network-object host 81.192.177.170 network-object host 81.192.226.70 network-object host 81.192.226.74 network-object host 81.192.233.182 network-object host 81.192.255.66 network-object host 81.4.137.6 network-object host 82.178.126.74 network-object host 82.185.206.194 network-object host 83.110.231.119 network-object host 83.47.23.219 network-object host 85.114.48.210 network-object host 85.114.55.94 network-object host 85.114.63.186 network-object host 85.72.43.70 network-object host 85.72.45.148 network-object host 87.202.120.118 network-object host 87.202.121.134 network-object host 87.202.121.202 network-object host 88.10.82.55 network-object host 88.255.153.142 network-object host 88.255.182.188 network-object host 88.255.249.236 network-object host 88.255.249.244 network-object host 88.26.236.167 network-object host 91.73.172.150 network-object host 94.187.31.218 network-object host 94.91.60.210 network-object host 95.0.103.190 network-object host 95.0.170.134 network-object object 190.166.237.250 network-object object 213.249.13.46 network-object object 213.249.49.201 network-object object 41.187.76.33 network-object object 41.33.102.34 network-object object 41.33.114.210 network-object object 41.33.124.18 network-object object 41.33.145.242 network-object object 41.33.48.194 network-object object 83.235.16.9 network-object object 97.65.24.2 object-group network DM_INLINE_NETWORK_69 network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 network-object object AnyConnect-Infra-LW object-group network DM_INLINE_NETWORK_68 network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 network-object object AnyConnect-Infra-LW object-group network DM_INLINE_NETWORK_70 network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 network-object object AnyConnect-Infra-LW object-group service DM_INLINE_SERVICE_20 service-object object 8082 service-object object 8083 service-object object 8085 service-object object 8086 service-object object 8089 object-group network DM_INLINE_NETWORK_73 network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 network-object object AnyConnect-Infra-LW object-group network DM_INLINE_NETWORK_71 network-object object CyberLogic group-object MeetingPointGroup network-object object CyberLogic_2 object-group network DM_INLINE_NETWORK_72 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_74 network-object object CyberLogic network-object object CyberLogic_2 object-group service DM_INLINE_SERVICE_21 service-object icmp service-object object 873 object-group network DM_INLINE_NETWORK_75 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group network DM_INLINE_NETWORK_76 network-object object CiscoSX-20-vcs11 network-object object CiscoSX-20-vcs12 object-group service DM_INLINE_SERVICE_22 service-object icmp service-object object 9200 object-group service SMB2 tcp-udp port-object range 137 139 port-object eq 445 object-group network DM_INLINE_NETWORK_77 network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 network-object object AnyConnect-Infra-LW object-group service DM_INLINE_SERVICE_24 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group network DM_INLINE_NETWORK_83 network-object host 194.213.22.147 network-object host 194.213.22.148 network-object host 194.213.22.191 object-group network DM_INLINE_NETWORK_16 network-object 192.168.194.0 255.255.254.0 network-object 194.213.22.0 255.255.255.0 object-group network DM_INLINE_NETWORK_22 network-object object 10.33.23.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_58 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_78 network-object object 10.33.23.0 network-object object GCloud_10.0.2.0 network-object object 10.33.19.0 network-object object 10.33.21.0 network-object object 10.33.24.0 object-group service DM_INLINE_TCP_2 tcp port-object eq www port-object eq https object-group network DM_INLINE_NETWORK_79 network-object 192.168.194.0 255.255.254.0 network-object object 10.10.0.0 object-group network DM_INLINE_NETWORK_80 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 object-group service DM_INLINE_SERVICE_6 service-object icmp service-object tcp-udp destination eq domain object-group network DM_INLINE_NETWORK_81 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_82 network-object object FTI_10.83.41.17 network-object object FTI_10.83.42.210 network-object object 10.83.43.222_Bamboo network-object object 10.83.20.162_FTI-BI network-object object 10.83.20.163_FTI-BI object-group network DM_INLINE_NETWORK_27 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool network-object object InsideSRV-network-23 object-group network DM_INLINE_NETWORK_26 network-object object 10.83.20.162_FTI-BI network-object object 10.83.20.163_FTI-BI object-group network DM_INLINE_NETWORK_84 network-object host 194.213.22.117 network-object host 194.213.22.118 network-object host 194.213.22.120 network-object host 194.213.22.122 network-object host 194.213.22.123 network-object host 194.213.22.124 network-object host 194.213.22.125 network-object host 194.213.22.126 network-object host 194.213.22.127 network-object host 194.213.22.128 object-group service DM_INLINE_SERVICE_13 service-object icmp time-exceeded service-object icmp traceroute service-object icmp unreachable service-object icmp6 echo-reply service-object icmp6 time-exceeded object-group service DM_INLINE_SERVICE_15 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_23 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_25 service-object icmp service-object tcp destination eq domain service-object udp destination eq domain object-group service DM_INLINE_SERVICE_26 service-object icmp service-object object 81 service-object tcp destination eq www object-group service DM_INLINE_SERVICE_27 service-object icmp service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq ssh object-group service DM_INLINE_SERVICE_28 service-object ip service-object object 1055 service-object object 5057 service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_29 service-object object 4567 service-object object 8000 service-object object 8889 service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq ssh object-group service DM_INLINE_SERVICE_30 service-object icmp service-object tcp-udp destination eq domain object-group service DM_INLINE_SERVICE_31 service-object icmp service-object object 465 service-object object 587 service-object object 993 service-object object 995 service-object tcp destination eq imap4 service-object tcp destination eq pop3 service-object tcp destination eq smtp object-group service DM_INLINE_SERVICE_32 service-object tcp-udp destination eq domain service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_33 service-object icmp service-object tcp destination eq ssh object-group service DM_INLINE_SERVICE_34 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_35 service-object object 990 service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object tcp destination eq www service-object tcp destination eq ssh object-group service DM_INLINE_TCP_6 tcp port-object eq www port-object eq https port-object eq ssh object-group service DM_INLINE_TCP_7 tcp port-object eq www port-object eq https object-group service DM_INLINE_TCP_8 tcp port-object eq www port-object eq https port-object eq ssh object-group service DM_INLINE_TCP_9 tcp port-object eq www port-object eq https port-object eq ssh object-group network DM_INLINE_NETWORK_85 network-object object CyberLogic network-object object CyberLogic_2 object-group network DM_INLINE_NETWORK_86 network-object object anx-cl-agent network-object object anx-cl-server object-group network DM_INLINE_NETWORK_87 network-object object CyberLogic network-object object CyberLogic_2 group-object MeetingPointGroup object-group service DM_INLINE_SERVICE_36 service-object icmp service-object object 873 service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_37 service-object icmp service-object object 873 object-group service DM_INLINE_SERVICE_38 service-object icmp service-object object 9200 object-group service DM_INLINE_SERVICE_39 service-object icmp service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_86 service-object object RDP_TCP service-object object RDP_UDP object-group service DM_INLINE_SERVICE_88 service-object object 8082 service-object object 8083 service-object object 8085 service-object object 8086 service-object object 8089 object-group service DM_INLINE_TCP_10 tcp port-object eq www port-object eq https object-group network DM_INLINE_NETWORK_88 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_89 network-object object 10.83.20.162_FTI-BI network-object object 10.83.20.163_FTI-BI network-object object 10.83.43.222_Bamboo network-object object FTI_10.83.41.17 network-object object FTI_10.83.42.210 object-group network DM_INLINE_NETWORK_90 network-object object 194.213.22.223 network-object object Hostmonitor_Public object-group network DM_INLINE_NETWORK_91 network-object object ATM_10.6.0.0 network-object object ATM_10.6.1.0 network-object object ATM_10.6.253.0 network-object object ATM_10.6.254.0 object-group network DM_INLINE_NETWORK_92 network-object object FlyTap_77.79.212.74 network-object object FlyTap_ATM_77.79.212.101 network-object object FlyTap_R3Admin_77.79.212.72 object-group network DM_INLINE_NETWORK_100 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_101 network-object object 10.33.19.0 network-object object 10.33.21.0 network-object object 10.33.23.0 network-object object 10.33.24.0 network-object object GCloud_10.0.2.0 object-group network DM_INLINE_NETWORK_102 network-object object 192.168.222.160 network-object object NETWORK_OBJ_192.168.194.0_23 object-group network DM_INLINE_NETWORK_103 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 object-group network DM_INLINE_NETWORK_104 network-object object BEYOND_10.117.104.0 network-object object BEYOND_10.33.18.0 object-group network DM_INLINE_NETWORK_105 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 object-group network DM_INLINE_NETWORK_106 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 object-group network DM_INLINE_NETWORK_107 network-object object 10.33.23.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_108 network-object object Anyconnect_Address_Pool network-object object InsideSRV-network-23 object-group network DM_INLINE_NETWORK_93 network-object object JZU_ETH_192.168.195.172 network-object object JZU_WIFI_192.168.195.106 network-object object KCH-WRO-001_192.168.195.136 network-object object KCH_MACBook_192.168.195.100 network-object object PG-AnyConnect-Pool_192.168.223.0 object-group network DM_INLINE_NETWORK_94 network-object object ATM_10.6.0.0 network-object object ATM_10.6.1.0 network-object object ATM_10.6.253.0 network-object object ATM_10.6.254.0 object-group network DM_INLINE_NETWORK_95 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_96 network-object object BEYOND_10.117.104.0 network-object object BEYOND_10.33.18.0 object-group network DM_INLINE_NETWORK_97 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool network-object object PG-AnyConnect-Pool_192.168.223.0 object-group network DM_INLINE_NETWORK_98 network-object object 10.117.106.0 network-object object ATM_10.4.0.0 network-object object ATM_10.5.1.0 network-object object ATM_10.5.143.0 network-object object ATM_10.6.253.0 network-object object BEYOND_10.117.104.0 object-group network DM_INLINE_NETWORK_99 network-object object ATM_10.4.0.0 network-object object ATM_10.5.1.0 network-object object ATM_10.5.143.0 network-object object ATM_10.6.253.0 object-group service DM_INLINE_SERVICE_40 service-object tcp-udp destination eq www service-object tcp destination eq https object-group network DM_INLINE_NETWORK_109 network-object object 192.168.222.177 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp object-group network DM_INLINE_NETWORK_110 network-object object AnyConnect-Infra-LW network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_111 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool object-group network DM_INLINE_NETWORK_112 network-object 192.168.194.0 255.255.254.0 network-object object Anyconnect_Address_Pool access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_28 host 10.83.48.111 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_30 host 10.83.48.112 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_31 host 10.83.48.113 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_32 host 10.83.48.114 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_33 host 10.83.48.115 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_34 host 10.83.48.116 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_35 host 10.83.48.117 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_36 host 10.83.48.118 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_37 host 10.83.48.119 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_38 host 10.83.41.201 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_39 host 10.83.41.202 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 host 10.83.42.210 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 host 10.83.42.211 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 host 10.83.42.212 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 host 10.83.42.213 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 object 10.83.43.191 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 object 10.83.43.222_Bamboo access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 object-group DM_INLINE_NETWORK_26 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 host 10.83.41.16 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 host 10.83.41.17 access-list To_ISPs_cryptomap_MUC01 extended permit ip 192.168.194.0 255.255.254.0 host 10.83.41.18 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_40 host 10.83.48.121 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_41 host 10.83.48.122 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_42 host 10.83.48.123 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_43 host 10.83.48.124 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_44 host 10.83.48.125 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_45 host 10.83.48.126 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_52 object 10.83.48.19 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_53 object 10.83.48.120 access-list To_ISPs_cryptomap_MUC01 extended permit ip object-group DM_INLINE_NETWORK_72 object 10.83.48.131 access-list To_ISPs_77.65.153.254_access_in extended deny object 445 any object-group DM_INLINE_NETWORK_29 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_13 any4 object-group DM_INLINE_NETWORK_46 access-list To_ISPs_77.65.153.254_access_in extended permit ip any object 192.168.194.118 access-list To_ISPs_77.65.153.254_access_in extended permit ip object Anyconnect_Address_Pool 192.168.194.0 255.255.254.0 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_15 any host 194.213.22.129 access-list To_ISPs_77.65.153.254_access_in extended permit tcp any4 host 194.213.22.145 object-group DM_INLINE_TCP_6 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_23 any host 194.213.22.157 access-list To_ISPs_77.65.153.254_access_in extended permit tcp any host 194.213.22.143 object-group DM_INLINE_TCP_7 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_25 any host 194.213.22.151 access-list To_ISPs_77.65.153.254_access_in extended permit ip any host 194.213.22.225 access-list To_ISPs_77.65.153.254_access_in extended permit ip any host 194.213.22.203 access-list To_ISPs_77.65.153.254_access_in extended permit ip any host 194.213.22.139 access-list To_ISPs_77.65.153.254_access_in extended deny icmp any host 194.213.22.87 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_26 any host 194.213.22.121 access-list To_ISPs_77.65.153.254_access_in extended permit tcp any host 194.213.22.240 eq www access-list To_ISPs_77.65.153.254_access_in extended permit tcp any host 194.213.22.226 object-group DM_INLINE_TCP_8 access-list To_ISPs_77.65.153.254_access_in extended deny ip any host 194.213.22.178 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_27 any host 194.213.22.68 access-list To_ISPs_77.65.153.254_access_in extended permit object 8080 any host 194.213.22.12 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_28 any host 194.213.22.140 access-list To_ISPs_77.65.153.254_access_in extended permit tcp any object acc-paysecure_public.223 object-group DM_INLINE_TCP_9 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_29 any object 194.213.22.181 access-list To_ISPs_77.65.153.254_access_in extended permit tcp any host 194.213.22.130 eq www access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_30 any object-group DM_INLINE_NETWORK_56 access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_31 any host 194.213.22.165 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_32 any object-group DM_INLINE_NETWORK_83 inactive access-list To_ISPs_77.65.153.254_access_in extended deny ip any host 194.213.22.146 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_33 any object 194.213.22.72 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object 9200 object 35.234.74.0 host 194.213.22.117 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_34 any object-group DM_INLINE_NETWORK_84 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_35 any host 194.213.22.87 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object range6k any host 194.213.22.87 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_36 any object 194.213.22.104 inactive access-list To_ISPs_77.65.153.254_access_in extended deny ip any object 194.213.22.103 inactive access-list To_ISPs_77.65.153.254_access_in extended permit tcp any object 194.213.22.105 eq https inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_86 object-group DM_INLINE_NETWORK_85 object-group DM_INLINE_NETWORK_86 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object RDP_TCP object-group MeetingPointGroup object anx-cl-agent inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_88 object-group DM_INLINE_NETWORK_87 object anx-cl-server inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_37 any object 194.213.22.133 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object 27017 object 35.234.74.0 object 192.168.195.121 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object 27017 object 35.234.74.0 object 192.168.194.170 inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_38 object 35.234.74.0 object NBCACC inactive access-list To_ISPs_77.65.153.254_access_in extended permit object-group DM_INLINE_SERVICE_39 any object 194.213.22.99 inactive access-list To_ISPs_77.65.153.254_access_in extended permit tcp object 35.246.224.209 object 192.168.194.134 eq https inactive access-list To_ISPs_77.65.153.254_access_in extended permit tcp any object 192.168.194.93 object-group DM_INLINE_TCP_10 inactive access-list To_ISPs_77.65.153.254_access_in extended permit tcp object-group LogicalTrust object PCI-TEST_194.213.22.212 eq ssh inactive access-list To_ISPs_77.65.153.254_access_in extended permit ip object 10.10.0.0 192.168.194.0 255.255.254.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip 194.213.22.0 255.255.255.0 10.117.104.0 255.255.255.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip object-group DM_INLINE_NETWORK_54 10.33.18.0 255.255.255.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit udp host 194.213.22.119 10.117.104.0 255.255.255.0 range 0 65535 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit tcp host 194.213.22.119 10.117.104.0 255.255.255.0 range 1 65535 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit udp host 194.213.22.119 10.33.18.0 255.255.255.0 range 0 65535 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit tcp host 194.213.22.119 10.33.18.0 255.255.255.0 range 1 65535 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip object-group DM_INLINE_NETWORK_47 10.117.104.0 255.255.255.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip object-group DM_INLINE_NETWORK_50 10.117.106.0 255.255.255.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip object-group DM_INLINE_NETWORK_51 10.117.105.0 255.255.255.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip 194.213.22.0 255.255.255.0 10.117.105.0 255.255.255.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip 192.168.194.0 255.255.254.0 object 10.33.20.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip object Anyconnect_Address_Pool object 10.33.20.0 access-list To_ISPs_cryptomap_Beyond-Colocation extended permit ip 194.213.22.0 255.255.255.0 object 10.33.20.0 access-list To_ISPs_cryptomap_ATM extended permit ip 10.4.0.0 255.255.0.0 194.213.22.0 255.255.255.0 inactive access-list To_ISPs_cryptomap_ATM extended permit ip 194.213.22.0 255.255.255.0 10.5.1.0 255.255.255.0 access-list To_ISPs_cryptomap_ATM extended permit ip 194.213.22.0 255.255.255.0 10.5.143.0 255.255.255.0 access-list To_ISPs_cryptomap_ATM extended permit ip 194.213.22.0 255.255.255.0 10.6.253.0 255.255.255.0 access-list To_ISPs_cryptomap_ATM extended permit ip 194.213.22.0 255.255.255.0 10.4.0.0 255.255.0.0 access-list To_ISPs_cryptomap_ATM extended permit ip 192.168.194.0 255.255.254.0 10.6.253.0 255.255.255.0 access-list To_ISPs_cryptomap_ATM extended permit ip 192.168.194.0 255.255.254.0 10.5.1.0 255.255.255.0 access-list To_ISPs_cryptomap_ATM extended permit ip 192.168.194.0 255.255.254.0 10.5.143.0 255.255.255.0 access-list To_ISPs_cryptomap_ATM extended permit ip 192.168.194.0 255.255.254.0 10.4.0.0 255.255.0.0 access-list To_ISPs_cryptomap_ATM extended permit ip 192.168.194.0 255.255.254.0 object 10.2.0.0 access-list To_ISPs_cryptomap_ATM extended permit ip 194.213.22.0 255.255.255.0 object 10.2.0.0 access-list To_ISPs_cryptomap_AMA extended permit ip host 194.213.22.138 host 194.156.168.68 inactive access-list To_ISPs_cryptomap_AMA extended permit ip host 194.213.22.138 host 194.156.168.69 inactive access-list To_ISPs_cryptomap_AMA extended permit ip host 194.213.22.138 host 82.150.240.212 inactive access-list To_ISPs_77.65.153.254_cryptomap_ATH-Office extended permit ip object-group DM_INLINE_NETWORK_27 object ATH_Office_LAN_192.168.59.0 access-list To_ISPs_cryptomap_PCI_DSS extended permit ip 194.213.22.0 255.255.255.0 10.6.1.0 255.255.255.0 access-list To_ISPs_cryptomap_PCI_DSS extended permit ip 194.213.22.0 255.255.255.0 10.6.0.0 255.255.255.0 access-list To_ISPs_cryptomap_PCI_DSS extended permit ip 194.213.22.0 255.255.255.0 10.6.254.0 255.255.255.0 access-list To_ISPs_cryptomap_PCI_DSS extended permit ip 192.168.194.0 255.255.254.0 10.6.0.0 255.255.255.0 access-list To_ISPs_cryptomap_PCI_DSS extended permit ip 192.168.194.0 255.255.254.0 10.6.1.0 255.255.255.0 access-list To_ISPs_cryptomap_PCI_DSS extended permit ip 192.168.194.0 255.255.254.0 10.6.253.0 255.255.255.0 access-list To_ISPs_cryptomap_PCI_DSS extended permit ip 192.168.194.0 255.255.254.0 10.6.254.0 255.255.255.0 access-list To_ISPs_cryptomap_ATH01 extended permit ip object CiscoSX-20-vcs11 host 10.30.2.224 access-list To_ISPs_cryptomap_ATH01 extended permit ip object CiscoSX-20-vcs12 host 10.30.2.224 access-list To_ISPs_cryptomap_ATH01 extended permit ip object CiscoSX-20-vcs11 object 10.30.2.225 access-list To_ISPs_cryptomap_ATH01 extended permit ip object CiscoSX-20-vcs12 object 10.30.2.225 access-list To_ISPs_cryptomap_BER01 extended permit ip object-group DM_INLINE_NETWORK_7 host 10.88.8.224 access-list To_ISPs_cryptomap_BER01 extended permit ip object-group DM_INLINE_NETWORK_59 host 10.88.8.225 access-list To_ISPs_cryptomap_ZRH01 extended permit ip object-group DM_INLINE_NETWORK_60 host 10.41.10.224 access-list To_ISPs_cryptomap_ZRH01 extended permit ip object-group DM_INLINE_NETWORK_61 host 10.41.10.225 access-list To_ISPs_cryptomap_DXB01 extended permit ip object-group DM_INLINE_NETWORK_8 object 10.97.2.224 access-list To_ISPs_cryptomap_DXB01 extended permit ip object-group DM_INLINE_NETWORK_66 object 10.97.2.225 access-list To_ISPs_cryptomap_DXB01 extended permit ip object-group DM_INLINE_NETWORK_67 object 10.97.2.226 access-list To_ISPs_cryptomap_AYT01 extended permit ip object-group DM_INLINE_NETWORK_48 object 10.90.0.225 access-list To_ISPs_cryptomap_AYT01 extended permit ip object-group DM_INLINE_NETWORK_62 host 10.90.0.224 access-list To_ISPs_cryptomap_MLA01 extended permit ip object-group DM_INLINE_NETWORK_63 object 10.35.2.224 access-list To_ISPs_cryptomap_MLA01 extended permit ip object-group DM_INLINE_NETWORK_55 object 10.35.2.225 access-list vpn_any_access_admin extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_77 access-list InsideSRV_access_in extended deny ip object NETWORK_OBJ_192.168.194.0_23 object Serwer_Radius access-list InsideSRV_access_in extended permit ip object-group DM_INLINE_NETWORK_21 object-group DM_INLINE_NETWORK_4 access-list InsideSRV_access_in extended permit ip object NETWORK_OBJ_192.168.194.0_23 object HITIT_ACC_129.1.20.10 access-list InsideSRV_access_in extended permit ip any4 any4 access-list management_access_in extended permit ip 192.168.254.0 255.255.255.0 192.168.194.0 255.255.254.0 access-list management_access_in extended permit ip 192.168.254.0 255.255.255.0 192.168.101.0 255.255.255.0 access-list management_access_in extended permit ip 192.168.254.0 255.255.255.0 any4 access-list management_access_in extended permit ip 192.168.254.0 255.255.255.0 object CACTI access-list vpn_any_access_user extended permit ip object-group DM_INLINE_NETWORK_23 object-group DM_INLINE_NETWORK_73 access-list To_ISPs_access_in extended permit ip object Anyconnect_Address_Pool 192.168.194.0 255.255.254.0 access-list To_ISPs_access_in extended deny object 445 any object-group DM_INLINE_NETWORK_16 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_14 any4 object-group DM_INLINE_NETWORK_13 access-list To_ISPs_access_in extended permit ip any object 192.168.194.118 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_16 any host 194.213.22.129 access-list To_ISPs_access_in extended permit tcp any4 host 194.213.22.145 object-group DM_INLINE_TCP_1 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_17 any host 194.213.22.157 access-list To_ISPs_access_in extended permit tcp any host 194.213.22.143 object-group DM_INLINE_TCP_3 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_9 any host 194.213.22.151 access-list To_ISPs_access_in extended permit ip any host 194.213.22.225 access-list To_ISPs_access_in extended permit ip any host 194.213.22.203 access-list To_ISPs_access_in extended permit ip any host 194.213.22.139 access-list To_ISPs_access_in extended deny icmp any host 194.213.22.87 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_12 any host 194.213.22.121 access-list To_ISPs_access_in extended permit tcp any host 194.213.22.240 eq www access-list To_ISPs_access_in extended permit tcp any host 194.213.22.226 object-group DM_INLINE_TCP_4 access-list To_ISPs_access_in extended deny ip any host 194.213.22.178 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_10 any host 194.213.22.68 access-list To_ISPs_access_in extended permit object 8080 any host 194.213.22.12 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_3 any host 194.213.22.140 access-list To_ISPs_access_in extended permit tcp any object acc-paysecure_public.223 object-group DM_INLINE_TCP_5 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_4 any object 194.213.22.181 access-list To_ISPs_access_in extended permit tcp any host 194.213.22.130 eq www access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_6 any object-group DM_INLINE_NETWORK_10 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_5 any host 194.213.22.165 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_7 any object-group DM_INLINE_NETWORK_11 access-list To_ISPs_access_in extended deny ip any host 194.213.22.146 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_11 any object 194.213.22.72 access-list To_ISPs_access_in extended permit object 9200 object 35.234.74.0 host 194.213.22.117 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_18 any object-group DM_INLINE_NETWORK_12 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_8 any host 194.213.22.87 access-list To_ISPs_access_in extended permit object range6k any host 194.213.22.87 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_2 any object 194.213.22.104 access-list To_ISPs_access_in extended deny ip any object 194.213.22.103 access-list To_ISPs_access_in extended permit tcp any object 194.213.22.105 eq https access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_40 any object 194.213.22.21 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_19 object-group DM_INLINE_NETWORK_74 object-group DM_INLINE_NETWORK_65 access-list To_ISPs_access_in extended permit object RDP_TCP object-group MeetingPointGroup object anx-cl-agent access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_20 object-group DM_INLINE_NETWORK_71 object anx-cl-server access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_21 any object 194.213.22.133 access-list To_ISPs_access_in extended permit object 27017 object 35.234.74.0 object 192.168.195.121 access-list To_ISPs_access_in extended permit object 27017 object 35.234.74.0 object 192.168.194.170 access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_22 object 35.234.74.0 object NBCACC access-list To_ISPs_access_in extended permit object-group DM_INLINE_SERVICE_24 any object 194.213.22.99 access-list To_ISPs_access_in extended permit tcp object 35.246.224.209 object 192.168.194.134 eq https access-list To_ISPs_access_in extended permit tcp any object 192.168.194.93 object-group DM_INLINE_TCP_2 access-list To_ISPs_access_in extended permit tcp object-group LogicalTrust object PCI-TEST_194.213.22.212 eq ssh access-list To_ISPs_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object 10.2.0.0 192.168.194.0 255.255.254.0 access-list To_ISPs_cryptomap extended permit ip object NETWORK_OBJ_194.213.22.0_24 10.6.1.0 255.255.255.0 access-list vpn_acl standard permit 10.117.104.0 255.255.255.0 access-list ISPs_access_in extended permit object-group DM_INLINE_SERVICE_1 any object wheels_acc_80 access-list ISPs_access_in extended permit tcp host 151.80.35.118 host 194.213.22.145 eq https access-list ISPs_access_in extended permit tcp host 92.43.117.104 host 194.213.22.118 eq 8088 access-list ISPs_access_in extended permit tcp any host 194.213.22.147 range 60000 60049 access-list ISPs_access_in extended permit tcp any host 194.213.22.251 range 65000 65001 access-list ISPs_access_in extended permit udp any host 194.213.22.251 range 65000 65001 access-list ISPs_access_in extended permit tcp host 87.204.125.100 host 194.213.22.204 eq ftp access-list ISPs_access_in extended permit udp host 109.205.49.52 host 194.213.22.116 eq syslog access-list ISPs_access_in extended permit tcp any 194.213.22.0 255.255.255.0 eq ssh access-list ISPs_access_in extended permit ip host 194.156.168.68 194.213.22.0 255.255.255.0 access-list ISPs_access_in extended permit ip host 194.156.168.69 194.213.22.0 255.255.255.0 access-list ISPs_access_in extended permit ip host 213.70.140.105 194.213.22.0 255.255.255.0 access-list ISPs_access_in extended permit ip host 82.150.240.212 194.213.22.0 255.255.255.0 access-list ISPs_access_in extended permit tcp host 149.202.138.210 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.78.58 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.78.59 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.82.239 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.82.240 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.82.241 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.213 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.217 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.218 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.220 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.221 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.239 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.240 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 149.202.84.241 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 37.59.27.49 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 46.105.117.101 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.10 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.11 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.13 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.14 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.15 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.16 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.17 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.19 host 194.213.22.145 access-list ISPs_access_in extended permit tcp host 51.255.80.20 host 194.213.22.145 access-list ISPs_access_in extended permit ip host 87.105.184.224 host 194.213.22.147 access-list ISPs_access_in extended permit tcp host 51.254.128.25 host 194.213.22.150 access-list ISPs_access_in extended permit tcp host 51.254.128.61 host 194.213.22.150 access-list ISPs_access_in extended permit tcp host 51.254.128.97 host 194.213.22.150 access-list ISPs_access_in extended permit tcp host 51.254.211.50 host 194.213.22.150 access-list ISPs_access_in extended permit udp host 51.254.211.50 host 194.213.22.150 access-list ISPs_access_in extended permit tcp host 51.254.211.51 host 194.213.22.150 access-list ISPs_access_in extended permit udp host 51.254.211.51 host 194.213.22.150 access-list ISPs_access_in extended permit tcp host 51.255.160.160 host 194.213.22.150 access-list ISPs_access_in extended permit ip host 5.196.65.208 host 194.213.22.93 access-list ISPs_access_in extended permit ip host 52.58.112.76 host 194.213.22.93 access-list ISPs_access_in extended permit tcp any host 194.213.22.196 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.196 eq https access-list ISPs_access_in extended permit tcp any host 194.213.22.130 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.163 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.163 eq https access-list ISPs_access_in extended permit tcp any host 194.213.22.164 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.164 eq https access-list ISPs_access_in extended permit tcp any host 194.213.22.163 eq 8098 access-list ISPs_access_in extended permit tcp any host 194.213.22.164 eq 8098 access-list ISPs_access_in extended permit tcp any host 194.213.22.163 eq 8443 access-list ISPs_access_in extended permit tcp any host 194.213.22.164 eq 8443 access-list ISPs_access_in extended permit tcp any host 194.213.22.163 eq 8099 access-list ISPs_access_in extended permit tcp any host 194.213.22.164 eq 8099 access-list ISPs_access_in extended permit tcp any host 194.213.22.117 eq 8074 access-list ISPs_access_in extended permit tcp any host 194.213.22.205 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.205 eq https access-list ISPs_access_in extended permit tcp any host 194.213.22.226 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.226 eq https access-list ISPs_access_in extended permit tcp any host 194.213.22.226 eq ssh access-list ISPs_access_in extended permit tcp any host 194.213.22.165 eq domain access-list ISPs_access_in extended permit tcp any host 194.213.22.111 eq 1194 access-list ISPs_access_in extended permit tcp any host 194.213.22.113 eq 3306 access-list ISPs_access_in extended permit tcp any host 194.213.22.111 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.112 eq www access-list ISPs_access_in extended permit tcp any host 194.213.22.111 eq 81 inactive access-list ISPs_access_in extended permit tcp any host 194.213.22.111 eq 1022 inactive access-list ISPs_access_in extended permit udp any host 194.213.22.3 eq 1701 access-list ISPs_access_in extended permit udp any host 194.213.22.55 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.129 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.147 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.151 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.163 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.203 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.154 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.160 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.165 eq domain access-list ISPs_access_in extended permit udp any host 194.213.22.111 eq 1194 access-list ISPs_access_in extended permit ip any host 194.213.22.88 access-list ISPs_access_in extended permit ip any host 194.213.22.87 access-list ISPs_access_in extended permit tcp any host 194.213.22.12 access-list ISPs_access_in extended permit tcp any host 194.213.22.70 access-list ISPs_access_in extended permit tcp any host 194.213.22.71 access-list ISPs_access_in extended permit tcp any host 194.213.22.240 access-list ISPs_access_in extended permit tcp any host 194.213.22.77 access-list ISPs_access_in extended permit tcp any host 194.213.22.151 access-list ISPs_access_in extended permit tcp any host 194.213.22.113 access-list ISPs_access_in extended permit ip host 193.16.240.67 194.213.22.0 255.255.255.0 access-list ISPs_access_in extended permit ip host 193.16.240.68 194.213.22.0 255.255.255.0 access-list To_ISPs_cryptomap_HER01 extended permit ip object-group DM_INLINE_NETWORK_64 object HER01 access-list ASA_to_Core_access_in extended permit ip object Serwer_Radius any access-list ASA_to_Core_access_in extended deny ip any 192.168.254.0 255.255.255.0 access-list To_ISPs_cryptomap_GCP-3 extended permit ip object-group DM_INLINE_NETWORK_49 object GCloud_10.0.2.0 access-list To_ISPs_cryptomap_GCP-1 extended permit ip object-group DM_INLINE_NETWORK_57 object GCloud_10.0.3.0 access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns access-list To_ISPs_cryptomap_IST01 extended permit ip object-group DM_INLINE_NETWORK_75 object 10.90.8.224 access-list To_ISPs_cryptomap_IST01 extended permit ip object-group DM_INLINE_NETWORK_76 object 10.90.8.225 access-list To_ISPs_77.65.153.254_cryptomap_1 extended permit ip 192.168.194.0 255.255.254.0 object 10.10.0.0 access-list To_ISPs_cryptomap_GCP-4 extended permit ip host 192.168.195.185 object 10.233.2.0 access-list To_ISPs_cryptomap_GCP-2 extended permit ip object 192.168.194.194 object 10.233.4.2 access-list To_ISPs_cryptomap_BeyondCloud-4 extended permit ip 192.168.194.0 255.255.254.0 object 10.33.19.0 access-list To_ISPs_77.65.153.254_cryptomap extended permit ip object-group DM_INLINE_NETWORK_111 object 10.10.0.0 access-list wifi_guest_access_in extended permit ip any any access-list To_ISPs_cryptomap_BeyondCloud-2 extended permit ip 192.168.194.0 255.255.254.0 object 10.33.21.0 access-list To_ISPs_cryptomap_BeyondCloud-3 extended permit ip object-group DM_INLINE_NETWORK_58 object 10.33.23.0 access-list vpn_any_access_infra_lw extended permit ip object-group DM_INLINE_NETWORK_79 object AnyConnect-Infra-LW access-list To_ISPs_cryptomap_BeyondCloud-1 extended permit ip object-group DM_INLINE_NETWORK_81 object 10.33.24.0 pager lines 24 logging enable logging timestamp no logging hide username logging console informational logging monitor informational logging buffered debugging logging trap informational logging history informational logging asdm debugging logging mail informational logging from-address asa-alerts@anixe.pl logging device-id hostname logging host InsideSRV 192.168.194.55 mtu InsideSRV 1500 mtu DMZPublic 1500 mtu Public_DMZ 1500 mtu Public2_DMZ 1500 mtu management 1500 mtu ASA_to_Core 1500 mtu wifi_guest 1500 mtu To_ISPs 1500 mtu To_ISPs_77.65.153.254 1500 mtu Public3_DMZ 1500 ip verify reverse-path interface To_ISPs ip verify reverse-path interface To_ISPs_77.65.153.254 failover failover lan unit primary failover lan interface failover_int GigabitEthernet1/8 failover link statelink GigabitEthernet1/7 failover interface ip failover_int 192.168.200.1 255.255.255.0 standby 192.168.200.2 failover interface ip statelink 192.168.20.1 255.255.255.0 standby 192.168.20.2 no failover wait-disable no monitor-interface DMZPublic monitor-interface Public_DMZ monitor-interface ASA_to_Core no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 icmp permit any InsideSRV icmp permit any ASA_to_Core icmp permit 194.181.47.128 255.255.255.240 To_ISPs icmp permit any To_ISPs icmp permit any To_ISPs_77.65.153.254 icmp permit 194.181.47.128 255.255.255.240 To_ISPs_77.65.153.254 asdm image disk0:/asdm-7131.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (InsideSRV,To_ISPs_77.65.153.254) source static InsideSRV-network-23 InsideSRV-network-23 destination static ATH_Office_LAN_192.168.59.0 ATH_Office_LAN_192.168.59.0 nat (InsideSRV,To_ISPs) source static InsideSRV-network-23 InsideSRV-network-23 destination static 10.2.0.0 10.2.0.0 nat (To_ISPs_77.65.153.254,ASA_to_Core) source dynamic Anyconnect_Address_Pool INSIDE_PAT_IP nat (To_ISPs,ASA_to_Core) source dynamic Anyconnect_Address_Pool INSIDE_PAT_IP nat (To_ISPs_77.65.153.254,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_88 INSIDE_PAT_IP destination static DM_INLINE_NETWORK_89 DM_INLINE_NETWORK_89 inactive nat (To_ISPs,To_ISPs) source dynamic DM_INLINE_NETWORK_25 INSIDE_PAT_IP destination static DM_INLINE_NETWORK_82 DM_INLINE_NETWORK_82 nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static ATM_10.5.1.0 ATM_10.5.1.0 inactive nat (InsideSRV,To_ISPs) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static ATM_10.5.1.0 ATM_10.5.1.0 nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static 10.4.4.254 10.4.4.254 inactive nat (InsideSRV,To_ISPs) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static 10.4.4.254 10.4.4.254 nat (InsideSRV,Public_DMZ) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static NETWORK_OBJ_194.213.22.0_24 NETWORK_OBJ_194.213.22.0_24 nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static DM_INLINE_NETWORK_92 DM_INLINE_NETWORK_92 inactive nat (InsideSRV,To_ISPs) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static DM_INLINE_NETWORK_14 DM_INLINE_NETWORK_14 nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static OVH_178.32.205.187 OVH_178.32.205.187 inactive nat (InsideSRV,To_ISPs) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static OVH_178.32.205.187 OVH_178.32.205.187 nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_93 Public_PCI-194.213.22.65 destination static DM_INLINE_NETWORK_94 DM_INLINE_NETWORK_94 inactive nat (InsideSRV,To_ISPs) source dynamic DM_INLINE_NETWORK_5 Public_PCI-194.213.22.65 destination static DM_INLINE_NETWORK_19 DM_INLINE_NETWORK_19 nat (Public_DMZ,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_90 Public_PCI-194.213.22.65 destination static DM_INLINE_NETWORK_91 DM_INLINE_NETWORK_91 inactive nat (Public_DMZ,To_ISPs) source dynamic DM_INLINE_NETWORK_6 Public_PCI-194.213.22.65 destination static DM_INLINE_NETWORK_20 DM_INLINE_NETWORK_20 nat (To_ISPs_77.65.153.254,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_95 193.59.39.2 destination static Beyond_Network_outside Beyond_Network_outside inactive nat (To_ISPs,To_ISPs) source dynamic DM_INLINE_NETWORK_17 193.59.39.2 destination static Beyond_Network_outside Beyond_Network_outside nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static DM_INLINE_NETWORK_96 DM_INLINE_NETWORK_96 inactive nat (InsideSRV,To_ISPs) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static Tap_Ebroker_91.198.90.105 Tap_Ebroker_91.198.90.105 inactive nat (InsideSRV,To_ISPs) source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 destination static Tap_Ebroker_91.198.90.105 Tap_Ebroker_91.198.90.105 nat (To_ISPs_77.65.153.254,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_97 INSIDE_PAT_IP destination static DM_INLINE_NETWORK_98 DM_INLINE_NETWORK_98 inactive nat (To_ISPs,To_ISPs) source dynamic DM_INLINE_NETWORK_69 INSIDE_PAT_IP destination static DM_INLINE_NETWORK_24 DM_INLINE_NETWORK_24 nat (InsideSRV,To_ISPs_77.65.153.254) source dynamic logmachine.anixe.pl Public_194.213.22.2 inactive nat (InsideSRV,To_ISPs) source dynamic logmachine.anixe.pl Public_194.213.22.2 nat (InsideSRV,To_ISPs_77.65.153.254) source static NETWORK_OBJ_192.168.195.142 NETWORK_OBJ_192.168.195.142 destination static RFC_10.0.0.0 RFC_10.0.0.0 no-proxy-arp inactive nat (InsideSRV,To_ISPs_77.65.153.254) source static InsideSRV-network-23 InsideSRV-network-23 destination static 10.10.0.0 10.10.0.0 nat (To_ISPs,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_110 INSIDE_PAT_IP destination static 10.10.0.0 10.10.0.0 nat (InsideSRV,To_ISPs) source static NETWORK_OBJ_192.168.195.142 NETWORK_OBJ_192.168.195.142 destination static RFC_10.0.0.0 RFC_10.0.0.0 no-proxy-arp nat (InsideSRV,To_ISPs_77.65.153.254) source static any any destination static RFC_10.0.0.0 RFC_10.0.0.0 unidirectional no-proxy-arp inactive nat (InsideSRV,To_ISPs) source static any any destination static RFC_10.0.0.0 RFC_10.0.0.0 unidirectional no-proxy-arp nat (Public_DMZ,To_ISPs_77.65.153.254) source static NETWORK_OBJ_194.213.22.0_24 NETWORK_OBJ_194.213.22.0_24 destination static DM_INLINE_NETWORK_99 DM_INLINE_NETWORK_99 no-proxy-arp route-lookup inactive nat (Public_DMZ,To_ISPs) source static NETWORK_OBJ_194.213.22.0_24 NETWORK_OBJ_194.213.22.0_24 destination static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup nat (To_ISPs_77.65.153.254,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_100 INSIDE_PAT_IP destination static DM_INLINE_NETWORK_101 DM_INLINE_NETWORK_101 inactive nat (To_ISPs,To_ISPs) source dynamic DM_INLINE_NETWORK_18 INSIDE_PAT_IP destination static DM_INLINE_NETWORK_78 DM_INLINE_NETWORK_78 nat (To_ISPs_77.65.153.254,Public_DMZ) source dynamic Anyconnect_Address_Pool Public_194.213.22.2 destination static acc-paysecure_public.223 acc-paysecure_public.223 inactive nat (To_ISPs,Public_DMZ) source dynamic Anyconnect_Address_Pool Public_194.213.22.2 destination static acc-paysecure_public.223 acc-paysecure_public.223 nat (To_ISPs,To_ISPs) source dynamic DM_INLINE_NETWORK_109 INSIDE_PAT_IP destination static 10.10.0.0 10.10.0.0 inactive nat (any,To_ISPs_77.65.153.254) source static DM_INLINE_NETWORK_27 DM_INLINE_NETWORK_27 destination static ATH_Office_LAN_192.168.59.0 ATH_Office_LAN_192.168.59.0 no-proxy-arp route-lookup nat (To_ISPs_77.65.153.254,management) source dynamic AnyConnect-Infra-LW INSIDE_PAT_IP destination static Management_network Management_network inactive nat (To_ISPs,management) source dynamic AnyConnect-Infra-LW INSIDE_PAT_IP destination static Management_network Management_network nat (To_ISPs_77.65.153.254,To_ISPs_77.65.153.254) source dynamic DM_INLINE_NETWORK_103 Public_194.213.22.2 nat (To_ISPs,To_ISPs) source dynamic DM_INLINE_NETWORK_68 Public_194.213.22.2 nat (InsideSRV,To_ISPs) source dynamic NETWORK_OBJ_192.168.194.0_23 interface destination static DM_INLINE_NETWORK_15 DM_INLINE_NETWORK_15 nat (Public_DMZ,To_ISPs_77.65.153.254) source dynamic Hostmonitor_Public Public_194.213.22.2 destination static GULF_178.32.205.187 GULF_178.32.205.187 inactive nat (Public_DMZ,To_ISPs) source dynamic Hostmonitor_Public Public_194.213.22.2 destination static GULF_178.32.205.187 GULF_178.32.205.187 nat (Public_DMZ,To_ISPs_77.65.153.254) source static NETWORK_OBJ_194.213.22.0_24 NETWORK_OBJ_194.213.22.0_24 destination static DM_INLINE_NETWORK_104 DM_INLINE_NETWORK_104 no-proxy-arp route-lookup inactive nat (Public_DMZ,To_ISPs) source static NETWORK_OBJ_194.213.22.0_24 NETWORK_OBJ_194.213.22.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (Public_DMZ,To_ISPs_77.65.153.254) source static Hostmonitor_Public Public_194.213.22.2 destination static Beyond_net_109.205.52.0 Beyond_net_109.205.52.0 inactive nat (Public_DMZ,To_ISPs) source static Hostmonitor_Public Public_194.213.22.2 destination static Beyond_net_109.205.52.0 Beyond_net_109.205.52.0 nat (Public_DMZ,To_ISPs) source dynamic Hostmonitor_Public interface nat (Public_DMZ,To_ISPs_77.65.153.254) source static NETWORK_OBJ_194.213.22.0_24 NETWORK_OBJ_194.213.22.0_24 unidirectional no-proxy-arp inactive nat (Public_DMZ,To_ISPs) source static NETWORK_OBJ_194.213.22.0_24 NETWORK_OBJ_194.213.22.0_24 unidirectional no-proxy-arp nat (To_ISPs_77.65.153.254,InsideSRV) source dynamic DM_INLINE_NETWORK_105 interface destination static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 nat (To_ISPs,InsideSRV) source dynamic DM_INLINE_NETWORK_70 interface destination static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 nat (management,To_ISPs_77.65.153.254) source static Management_network Management_network destination static DM_INLINE_NETWORK_106 DM_INLINE_NETWORK_106 route-lookup nat (management,To_ISPs) source static Management_network Management_network destination static DM_INLINE_NETWORK_80 DM_INLINE_NETWORK_80 route-lookup nat (any,To_ISPs_77.65.153.254) source static NETWORK_OBJ_192.168.195.185 NETWORK_OBJ_192.168.195.185 destination static 10.233.2.0 10.233.2.0 no-proxy-arp route-lookup inactive nat (any,To_ISPs) source static NETWORK_OBJ_192.168.195.185 NETWORK_OBJ_192.168.195.185 destination static 10.233.2.0 10.233.2.0 no-proxy-arp route-lookup nat (any,To_ISPs_77.65.153.254) source static 192.168.194.194 192.168.194.194 destination static 10.233.4.2 10.233.4.2 no-proxy-arp route-lookup inactive nat (any,To_ISPs) source static 192.168.194.194 192.168.194.194 destination static 10.233.4.2 10.233.4.2 no-proxy-arp route-lookup nat (any,To_ISPs_77.65.153.254) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static 10.33.19.0 10.33.19.0 no-proxy-arp route-lookup inactive nat (any,To_ISPs) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static 10.33.19.0 10.33.19.0 no-proxy-arp route-lookup nat (any,To_ISPs_77.65.153.254) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static 10.33.21.0 10.33.21.0 no-proxy-arp route-lookup inactive nat (any,To_ISPs) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static 10.33.21.0 10.33.21.0 no-proxy-arp route-lookup nat (any,To_ISPs_77.65.153.254) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static 10.33.23.0 10.33.23.0 no-proxy-arp route-lookup inactive nat (any,To_ISPs) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static 10.33.23.0 10.33.23.0 no-proxy-arp route-lookup nat (ASA_to_Core,To_ISPs_77.65.153.254) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static DM_INLINE_NETWORK_107 DM_INLINE_NETWORK_107 no-proxy-arp route-lookup inactive nat (ASA_to_Core,To_ISPs) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static DM_INLINE_NETWORK_22 DM_INLINE_NETWORK_22 no-proxy-arp route-lookup nat (ASA_to_Core,To_ISPs_77.65.153.254) source static DM_INLINE_NETWORK_108 DM_INLINE_NETWORK_108 destination static 10.33.23.0 10.33.23.0 no-proxy-arp route-lookup inactive nat (ASA_to_Core,To_ISPs) source static DM_INLINE_NETWORK_58 DM_INLINE_NETWORK_58 destination static 10.33.23.0 10.33.23.0 no-proxy-arp route-lookup nat (any,To_ISPs) source static NETWORK_OBJ_192.168.194.0_23 NETWORK_OBJ_192.168.194.0_23 destination static 10.10.0.0 10.10.0.0 no-proxy-arp route-lookup inactive ! object network 192.168.195.121 nat (any,any) static 194.213.22.134 net-to-net object network 192.168.194.170 nat (any,any) static 194.213.22.135 net-to-net object network NBCACC nat (any,any) static 194.213.22.32 net-to-net object network Infra-Host nat (any,any) static 194.213.22.200 net-to-net object network GuestsANX nat (wifi_guest,To_ISPs) dynamic 194.213.22.3 dns object network 192.168.194.93 nat (any,any) static 194.213.22.131 net-to-net ! nat (ASA_to_Core,To_ISPs) after-auto source dynamic any interface nat (InsideSRV,To_ISPs) after-auto source dynamic NETWORK_OBJ_192.168.194.0_23 Public_194.213.22.2 nat (management,To_ISPs) after-auto source dynamic Management_network interface access-group InsideSRV_access_in in interface InsideSRV access-group management_access_in in interface management access-group ASA_to_Core_access_in in interface ASA_to_Core access-group wifi_guest_access_in in interface wifi_guest access-group To_ISPs_access_in in interface To_ISPs access-group To_ISPs_77.65.153.254_access_in in interface To_ISPs_77.65.153.254 ! prefix-list bgp_in_prefix seq 5 permit 0.0.0.0/0 le 16 ! router bgp xxxxx bgp log-neighbor-changes address-family ipv4 unicast neighbor 193.59.39.241 remote-as xxxxx neighbor 193.59.39.241 description To_ANIXE_GBP_Router_1 neighbor 193.59.39.241 activate neighbor 193.59.39.242 remote-as xxxxx neighbor 193.59.39.242 description To_ANIXE_GBP_Router_2 neighbor 193.59.39.242 activate network 194.213.22.0 network 193.59.39.0 mask 255.255.255.128 network 77.65.153.0 mask 255.255.255.128 maximum-paths 2 maximum-paths ibgp 2 no auto-summary no synchronization exit-address-family ! route To_ISPs_77.65.153.254 62.74.200.103 255.255.255.255 77.65.153.241 1 route To_ISPs_77.65.153.254 95.211.42.219 255.255.255.255 77.65.153.241 1 route ASA_to_Core 192.168.125.0 255.255.255.224 192.168.101.254 1 route ASA_to_Core 192.168.208.0 255.255.255.0 192.168.101.254 1 route ASA_to_Core 192.168.209.0 255.255.255.0 192.168.101.254 1 route ASA_to_Core 192.168.210.0 255.255.255.0 192.168.101.254 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 aaa-server Domain_Radius protocol radius aaa-server Domain_Radius (InsideSRV) host 192.168.194.55 key ***** radius-common-pw ***** aaa-server FreeRadius protocol radius aaa-server FreeRadius (InsideSRV) host 192.168.194.100 key ***** authentication-port 1812 accounting-port 1812 radius-common-pw ***** user-identity default-domain LOCAL aaa authentication enable console LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authorization command LOCAL aaa authorization exec LOCAL auto-enable aaa authentication login-history http server enable 4443 http server idle-timeout 60 http 192.168.254.0 255.255.255.0 management http 0.0.0.0 0.0.0.0 InsideSRV http 217.96.245.191 255.255.255.255 To_ISPs snmp-server listen-port 162 snmp-server host management 192.168.195.128 trap community ***** version 2c udp-port 161 snmp-server location ANX HQ WRO snmp-server contact IT Support snmp-server community ***** snmp-server enable traps syslog snmp-server enable traps ipsec start stop snmp-server enable traps entity config-change cpu-temperature snmp-server enable traps memory-threshold snmp-server enable traps interface-threshold snmp-server enable traps remote-access session-threshold-exceeded snmp-server enable traps connection-limit-reached snmp-server enable traps cpu threshold rising snmp-server enable traps ikev2 start stop snmp-server enable traps nat packet-discard snmp-server enable traps config service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ATHOffice esp-aes-256 esp-sha-hmac crypto ipsec ikev2 ipsec-proposal LeaseWeb protocol esp encryption aes-256 protocol esp integrity sha-1 crypto ipsec ikev2 ipsec-proposal ath protocol esp encryption aes protocol esp integrity sha-256 crypto ipsec ikev2 ipsec-proposal google protocol esp encryption aes-256 protocol esp integrity sha-512 crypto ipsec ikev2 ipsec-proposal AES256-SHA1 protocol esp encryption aes-gcm-256 aes-256 protocol esp integrity sha-1 crypto ipsec ikev2 ipsec-proposal PROP-AZURE protocol esp encryption aes-256 protocol esp integrity sha-384 sha-256 sha-1 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal BeyondCloud protocol esp encryption aes-gcm-256 aes-256 protocol esp integrity sha-256 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 2 match address To_ISPs_cryptomap_Beyond-Colocation crypto map To_ISPs_map 2 set pfs crypto map To_ISPs_map 2 set peer 109.205.49.52 crypto map To_ISPs_map 2 set ikev1 transform-set ESP-3DES-MD5 ESP-AES-256-SHA crypto map To_ISPs_map 2 set security-association lifetime seconds 28800 crypto map To_ISPs_map 2 set reverse-route crypto map To_ISPs_map 3 match address To_ISPs_cryptomap_ATM crypto map To_ISPs_map 3 set pfs group5 crypto map To_ISPs_map 3 set peer 85.232.238.188 crypto map To_ISPs_map 3 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_map 3 set nat-t-disable crypto map To_ISPs_map 5 match address To_ISPs_cryptomap_PCI_DSS crypto map To_ISPs_map 5 set pfs crypto map To_ISPs_map 5 set peer 46.229.150.206 crypto map To_ISPs_map 5 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 5 set security-association lifetime seconds 180 crypto map To_ISPs_map 5 set nat-t-disable crypto map To_ISPs_map 5 set reverse-route crypto map To_ISPs_map 6 match address To_ISPs_cryptomap_MUC01 crypto map To_ISPs_map 6 set peer 213.61.78.228 crypto map To_ISPs_map 6 set ikev1 transform-set ESP-3DES-SHA crypto map To_ISPs_map 6 set nat-t-disable crypto map To_ISPs_map 6 set reverse-route crypto map To_ISPs_map 7 match address To_ISPs_cryptomap_ATH01 crypto map To_ISPs_map 7 set peer 213.249.13.46 crypto map To_ISPs_map 7 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_map 8 match address To_ISPs_cryptomap_BER01 crypto map To_ISPs_map 8 set peer 213.61.135.78 crypto map To_ISPs_map 8 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_map 9 match address To_ISPs_cryptomap_ZRH01 crypto map To_ISPs_map 9 set peer 217.192.100.82 crypto map To_ISPs_map 9 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_map 10 match address To_ISPs_cryptomap_DXB01 crypto map To_ISPs_map 10 set peer 91.73.172.150 crypto map To_ISPs_map 10 set ikev1 transform-set ESP-AES-128-SHA crypto map To_ISPs_map 11 match address To_ISPs_cryptomap_AYT01 crypto map To_ISPs_map 11 set peer 95.0.103.190 crypto map To_ISPs_map 11 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_map 12 match address To_ISPs_cryptomap_MLA01 crypto map To_ISPs_map 12 set peer 78.133.122.98 crypto map To_ISPs_map 12 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_map 13 match address To_ISPs_cryptomap_GCP-1 crypto map To_ISPs_map 13 set peer 35.198.140.98 crypto map To_ISPs_map 13 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 13 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES PROP-AZURE AES256-SHA1 google crypto map To_ISPs_map 14 match address To_ISPs_cryptomap_HER01 crypto map To_ISPs_map 14 set pfs crypto map To_ISPs_map 14 set peer 213.249.36.6 crypto map To_ISPs_map 14 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_map 15 match address To_ISPs_cryptomap_GCP-3 crypto map To_ISPs_map 15 set peer 35.198.121.184 crypto map To_ISPs_map 15 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 15 set ikev2 ipsec-proposal google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 AES256 crypto map To_ISPs_map 16 match address To_ISPs_cryptomap_IST01 crypto map To_ISPs_map 16 set peer 212.156.124.154 crypto map To_ISPs_map 16 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 16 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES PROP-AZURE AES256-SHA1 google crypto map To_ISPs_map 18 match address To_ISPs_cryptomap_GCP-4 crypto map To_ISPs_map 18 set peer 35.234.106.215 crypto map To_ISPs_map 18 set ikev2 ipsec-proposal google AES256 AES192 AES 3DES DES AES256-SHA1 crypto map To_ISPs_map 19 match address To_ISPs_cryptomap_GCP-2 crypto map To_ISPs_map 19 set pfs crypto map To_ISPs_map 19 set peer 35.246.169.116 crypto map To_ISPs_map 19 set ikev2 ipsec-proposal google AES256 AES192 AES 3DES DES AES256-SHA1 crypto map To_ISPs_map 19 set security-association lifetime seconds 10800 crypto map To_ISPs_map 19 set security-association lifetime kilobytes unlimited crypto map To_ISPs_map 19 set validate-icmp-errors crypto map To_ISPs_map 20 match address To_ISPs_cryptomap_BeyondCloud-4 crypto map To_ISPs_map 20 set pfs group5 crypto map To_ISPs_map 20 set peer 185.49.148.167 crypto map To_ISPs_map 20 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 20 set ikev2 ipsec-proposal google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 AES256 BeyondCloud crypto map To_ISPs_map 20 set nat-t-disable crypto map To_ISPs_map 22 match address To_ISPs_cryptomap_BeyondCloud-2 crypto map To_ISPs_map 22 set pfs group5 crypto map To_ISPs_map 22 set peer 185.49.148.168 crypto map To_ISPs_map 22 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 22 set ikev2 ipsec-proposal google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 AES256 BeyondCloud crypto map To_ISPs_map 22 set nat-t-disable crypto map To_ISPs_map 23 match address To_ISPs_cryptomap_BeyondCloud-3 crypto map To_ISPs_map 23 set pfs group5 crypto map To_ISPs_map 23 set peer 109.205.52.52 crypto map To_ISPs_map 23 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 23 set ikev2 ipsec-proposal google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 AES256 BeyondCloud crypto map To_ISPs_map 23 set nat-t-disable crypto map To_ISPs_map 24 match address To_ISPs_cryptomap_BeyondCloud-1 crypto map To_ISPs_map 24 set pfs group5 crypto map To_ISPs_map 24 set peer 109.205.52.42 crypto map To_ISPs_map 24 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_map 24 set ikev2 ipsec-proposal google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 AES256 BeyondCloud crypto map To_ISPs_map 24 set nat-t-disable crypto map To_ISPs_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map To_ISPs_map interface To_ISPs crypto map To_ISPs_77.65.153.254_map 1 match address To_ISPs_77.65.153.254_cryptomap_ATH-Office crypto map To_ISPs_77.65.153.254_map 1 set peer 62.74.200.103 crypto map To_ISPs_77.65.153.254_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_77.65.153.254_map 1 set ikev2 ipsec-proposal ath google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 AES256 crypto map To_ISPs_77.65.153.254_map 2 match address To_ISPs_77.65.153.254_cryptomap crypto map To_ISPs_77.65.153.254_map 2 set pfs group5 crypto map To_ISPs_77.65.153.254_map 2 set peer 95.211.42.219 crypto map To_ISPs_77.65.153.254_map 2 set ikev1 transform-set ESP-AES-256-SHA crypto map To_ISPs_77.65.153.254_map 2 set ikev2 ipsec-proposal LeaseWeb ath google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 crypto map To_ISPs_77.65.153.254_map 3 match address To_ISPs_77.65.153.254_cryptomap_1 crypto map To_ISPs_77.65.153.254_map 3 set peer 95.211.42.219 crypto map To_ISPs_77.65.153.254_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map To_ISPs_77.65.153.254_map 3 set ikev2 ipsec-proposal ath google AES256-SHA1 PROP-AZURE DES 3DES AES AES192 AES256 crypto map To_ISPs_77.65.153.254_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map To_ISPs_77.65.153.254_map interface To_ISPs_77.65.153.254 crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 2 encryption aes-256 3des integrity sha384 sha256 sha group 14 5 2 prf sha384 sha256 sha lifetime seconds 86400 crypto ikev2 policy 3 encryption aes-256 integrity sha group 2 prf sha lifetime seconds 10800 crypto ikev2 policy 4 encryption aes-256 integrity sha512 group 14 prf sha lifetime seconds 36000 crypto ikev2 policy 5 encryption aes integrity sha256 group 2 prf sha256 lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 50 encryption aes-256 integrity sha512 group 14 prf sha lifetime seconds 36000 crypto ikev2 policy 60 encryption aes-256 integrity sha256 group 2 prf sha lifetime seconds 28800 crypto ikev2 enable To_ISPs client-services port 443 crypto ikev2 enable To_ISPs_77.65.153.254 client-services port 443 crypto ikev1 enable To_ISPs crypto ikev1 enable To_ISPs_77.65.153.254 crypto ikev1 am-disable crypto ikev1 policy 1 authentication pre-share encryption 3des hash sha group 2 lifetime 10800 crypto ikev1 policy 5 authentication pre-share encryption aes-256 hash sha group 5 lifetime 28800 crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 crypto ikev1 policy 20 authentication pre-share encryption 3des hash sha group 2 lifetime 28800 crypto ikev1 policy 30 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 50 authentication pre-share encryption 3des hash md5 group 2 lifetime 28800 crypto ikev1 policy 60 authentication pre-share encryption 3des hash md5 group 5 lifetime 86400 crypto ikev1 policy 80 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash md5 group 2 lifetime 10800 crypto ikev1 policy 130 authentication pre-share encryption aes-256 hash sha group 2 lifetime 28800 crypto ikev1 policy 160 authentication pre-share encryption 3des hash sha group 5 lifetime 10800 crypto ikev1 policy 200 authentication pre-share encryption aes hash sha group 2 lifetime 36600 crypto ikev1 policy 220 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 InsideSRV ssh 192.168.254.0 255.255.255.0 management ssh timeout 60 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access InsideSRV dhcpd auto_config InsideSRV ! dhcpd address 172.16.1.10-172.16.1.240 wifi_guest dhcpd dns 8.8.8.8 8.8.4.4 interface wifi_guest dhcpd enable wifi_guest ! dhcprelay server 192.168.194.55 InsideSRV dhcprelay timeout 60 threat-detection basic-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 91.212.242.21 ssl server-version tlsv1.2 ssl client-version tlsv1.2 ssl cipher default all ssl cipher tlsv1 fips ssl cipher tlsv1.1 fips ssl cipher tlsv1.2 custom "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256" ssl cipher dtlsv1 custom "DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA" ssl dh-group group24 ssl trust-point Cisco-AnyConnect-ASA-2021 ssl trust-point Cisco-AnyConnect-ASA-2021 To_ISPs ssl trust-point Cisco-AnyConnect-ASA-2021 To_ISPs_77.65.153.254 ssl trust-point Cisco-AnyConnect-ASA-2021 To_ISPs vpnlb-ip ssl trust-point Cisco-AnyConnect-ASA-2021 To_ISPs_77.65.153.254 vpnlb-ip webvpn enable InsideSRV enable To_ISPs enable To_ISPs_77.65.153.254 hsts enable max-age 31536000 include-sub-domains no preload anyconnect image disk0:/anyconnect-win-4.9.04043-webdeploy-k9.pkg 1 regex "Windows" anyconnect image disk0:/anyconnect-macos-4.9.04043-webdeploy-k9.pkg 2 regex "Intel Mac OS X" anyconnect image disk0:/anyconnect-linux64-4.9.04043-webdeploy-k9.pkg 3 regex "Linux" anyconnect enable tunnel-group-list enable cache no disable error-recovery disable group-policy GroupPolicy_Any_Admin internal group-policy GroupPolicy_Any_Admin attributes dns-server value 8.8.8.8 vpn-tunnel-protocol ikev1 ikev2 ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value vpn_any_access_admin default-domain value anixe.pl webvpn anyconnect profiles value ANIXE_VPN type user group-policy GroupPolicy_ATM internal group-policy GroupPolicy_ATM attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_95.211.42.219 internal group-policy GroupPolicy_95.211.42.219 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_35.198.140.98 internal group-policy GroupPolicy_35.198.140.98 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_185.49.148.168 internal group-policy GroupPolicy_185.49.148.168 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_185.49.148.167 internal group-policy GroupPolicy_185.49.148.167 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy-InfraLW internal group-policy GroupPolicy-InfraLW attributes wins-server value 192.168.194.208 dns-server value 192.168.194.201 vpn-idle-timeout 15 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value intra.anixe.pl group-policy GroupPolicy_46.229.150.206 internal group-policy GroupPolicy_46.229.150.206 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_213.249.36.6 internal group-policy GroupPolicy_213.249.36.6 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_35.246.169.116 internal group-policy GroupPolicy_35.246.169.116 attributes vpn-tunnel-protocol ikev2 group-policy GroupPolicy_AZURE internal group-policy GroupPolicy_AZURE attributes vpn-tunnel-protocol l2tp-ipsec group-policy GroupPolicy_35.234.106.215 internal group-policy GroupPolicy_35.234.106.215 attributes vpn-tunnel-protocol ikev2 group-policy GroupPolicy_BEYOND internal group-policy GroupPolicy_BEYOND attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_35.198.121.184 internal group-policy GroupPolicy_35.198.121.184 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_212.156.124.154 internal group-policy GroupPolicy_212.156.124.154 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy4 internal group-policy GroupPolicy4 attributes wins-server value 192.168.194.208 dns-server value 192.168.194.201 vpn-idle-timeout 15 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value intra.anixe.pl group-policy GroupPolicy3 internal group-policy GroupPolicy3 attributes wins-server value 192.168.194.208 dns-server value 192.168.194.201 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value intra.anixe.pl group-policy GroupPolicy_62.74.200.103 internal group-policy GroupPolicy_62.74.200.103 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy2 internal group-policy GroupPolicy2 attributes wins-server value 192.168.194.208 dns-server value 192.168.194.201 vpn-simultaneous-logins 300 vpn-idle-timeout 15 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value intra.anixe.pl split-tunnel-all-dns disable group-policy AdminVPNGroup internal group-policy AdminVPNGroup attributes wins-server value 192.168.194.208 dns-server value 192.168.194.201 192.168.194.203 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value vpn_any_access_admin default-domain value intra.anixe.pl group-policy GroupPolicy_109.205.52.52 internal group-policy GroupPolicy_109.205.52.52 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_109.205.52.42 internal group-policy GroupPolicy_109.205.52.42 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_BER01 internal group-policy GroupPolicy_BER01 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_MUC01 internal group-policy GroupPolicy_MUC01 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_DXB01 internal group-policy GroupPolicy_DXB01 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_AYT01 internal group-policy GroupPolicy_AYT01 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_ATH01 internal group-policy GroupPolicy_ATH01 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_MLA01 internal group-policy GroupPolicy_MLA01 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_ZRH01 internal group-policy GroupPolicy_ZRH01 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes dns-server value 194.213.22.151 vpn-tunnel-protocol l2tp-ipsec group-policy GroupPolicy_35.195.155.181 internal group-policy GroupPolicy_35.195.155.181 attributes vpn-tunnel-protocol ikev2 group-policy GroupPolicy_TAP internal group-policy GroupPolicy_TAP attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy_35.202.130.230 internal group-policy GroupPolicy_35.202.130.230 attributes vpn-tunnel-protocol ikev2 group-policy UserVPNGroup internal group-policy UserVPNGroup attributes dns-server value 192.168.194.201 192.168.194.203 split-tunnel-policy tunnelall split-tunnel-network-list value vpn_any_access_user webvpn anyconnect profiles value ANIXE_VPN type user dynamic-access-policy-record DfltAccessPolicy vpn-group-policy UserVPNGroup group-lock value TunnelGroup_Admin service-type remote-access tunnel-group 109.205.49.52 type ipsec-l2l tunnel-group 109.205.49.52 general-attributes default-group-policy GroupPolicy_BEYOND tunnel-group 109.205.49.52 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group TAP type ipsec-l2l tunnel-group TAP general-attributes default-group-policy GroupPolicy_TAP tunnel-group TAP ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 62.74.200.103 type ipsec-l2l tunnel-group 62.74.200.103 general-attributes default-group-policy GroupPolicy_62.74.200.103 tunnel-group 62.74.200.103 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 85.232.238.188 type ipsec-l2l tunnel-group 85.232.238.188 general-attributes default-group-policy GroupPolicy_ATM tunnel-group 85.232.238.188 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 95.211.42.219 type ipsec-l2l tunnel-group 95.211.42.219 general-attributes default-group-policy GroupPolicy_95.211.42.219 tunnel-group 95.211.42.219 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 46.229.150.206 type ipsec-l2l tunnel-group 46.229.150.206 general-attributes default-group-policy GroupPolicy_46.229.150.206 tunnel-group 46.229.150.206 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 213.61.78.228 type ipsec-l2l tunnel-group 213.61.78.228 general-attributes default-group-policy GroupPolicy_MUC01 tunnel-group 213.61.78.228 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 213.249.13.46 type ipsec-l2l tunnel-group 213.249.13.46 general-attributes default-group-policy GroupPolicy_ATH01 tunnel-group 213.249.13.46 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 213.61.135.78 type ipsec-l2l tunnel-group 213.61.135.78 general-attributes default-group-policy GroupPolicy_BER01 tunnel-group 213.61.135.78 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 217.192.100.82 type ipsec-l2l tunnel-group 217.192.100.82 general-attributes default-group-policy GroupPolicy_ZRH01 tunnel-group 217.192.100.82 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 91.73.172.150 type ipsec-l2l tunnel-group 91.73.172.150 general-attributes default-group-policy GroupPolicy_DXB01 tunnel-group 91.73.172.150 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 95.0.103.190 type ipsec-l2l tunnel-group 95.0.103.190 general-attributes default-group-policy GroupPolicy_AYT01 tunnel-group 95.0.103.190 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 78.133.122.98 type ipsec-l2l tunnel-group 78.133.122.98 general-attributes default-group-policy GroupPolicy_MLA01 tunnel-group 78.133.122.98 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group TunnelGroup_Users type remote-access tunnel-group TunnelGroup_Users general-attributes address-pool AnyConnect_pool tunnel-group TunnelGroup_Users webvpn-attributes group-alias Users enable tunnel-group TunnelGroup_Admin type remote-access tunnel-group TunnelGroup_Admin general-attributes address-pool AnyConnect_pool secondary-authentication-server-group (InsideSRV) Domain_Radius default-group-policy AdminVPNGroup tunnel-group TunnelGroup_Admin webvpn-attributes group-alias Admins enable tunnel-group AnixeVPN type remote-access tunnel-group AnixeVPN general-attributes address-pool AnyConnect_pool authentication-server-group Domain_Radius default-group-policy GroupPolicy4 tunnel-group AnixeVPN webvpn-attributes group-alias vpnanixe enable tunnel-group 40.114.144.209 type ipsec-l2l tunnel-group 40.114.144.209 general-attributes default-group-policy GroupPolicy_AZURE tunnel-group 40.114.144.209 ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 35.195.155.181 type ipsec-l2l tunnel-group 35.195.155.181 general-attributes default-group-policy GroupPolicy_35.195.155.181 tunnel-group 35.195.155.181 ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 213.249.36.6 type ipsec-l2l tunnel-group 213.249.36.6 general-attributes default-group-policy GroupPolicy_213.249.36.6 tunnel-group 213.249.36.6 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 35.198.121.184 type ipsec-l2l tunnel-group 35.198.121.184 general-attributes default-group-policy GroupPolicy_35.198.121.184 tunnel-group 35.198.121.184 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 35.198.140.98 type ipsec-l2l tunnel-group 35.198.140.98 general-attributes default-group-policy GroupPolicy_35.198.140.98 tunnel-group 35.198.140.98 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 109.205.52.52 type ipsec-l2l tunnel-group 109.205.52.52 general-attributes default-group-policy GroupPolicy_109.205.52.52 tunnel-group 109.205.52.52 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 212.156.124.154 type ipsec-l2l tunnel-group 212.156.124.154 general-attributes default-group-policy GroupPolicy_212.156.124.154 tunnel-group 212.156.124.154 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 35.234.106.215 type ipsec-l2l tunnel-group 35.234.106.215 general-attributes default-group-policy GroupPolicy_35.234.106.215 tunnel-group 35.234.106.215 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 35.246.169.116 type ipsec-l2l tunnel-group 35.246.169.116 general-attributes default-group-policy GroupPolicy_35.246.169.116 tunnel-group 35.246.169.116 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 185.49.148.167 type ipsec-l2l tunnel-group 185.49.148.167 general-attributes default-group-policy GroupPolicy_185.49.148.167 tunnel-group 185.49.148.167 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 185.49.148.168 type ipsec-l2l tunnel-group 185.49.148.168 general-attributes default-group-policy GroupPolicy_185.49.148.168 tunnel-group 185.49.148.168 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group TunnelGroup1 type remote-access tunnel-group TunnelGroup1 general-attributes address-pool PG_AnyConnect_pool authentication-server-group Domain_Radius secondary-authentication-server-group FreeRadius default-group-policy GroupPolicy3 tunnel-group TunnelGroup1 webvpn-attributes group-alias ANIXE-PG enable tunnel-group Infra-LW type remote-access tunnel-group Infra-LW general-attributes address-pool Any_INFRA_LW authentication-server-group Domain_Radius secondary-authentication-server-group FreeRadius default-group-policy GroupPolicy-InfraLW tunnel-group Infra-LW webvpn-attributes group-alias INFRA-LAN-LW enable tunnel-group 109.205.52.42 type ipsec-l2l tunnel-group 109.205.52.42 general-attributes default-group-policy GroupPolicy_109.205.52.42 tunnel-group 109.205.52.42 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map sfr match access-list sfr_redirect class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error inspect ipsec-pass-thru class sfr sfr fail-open class class-default user-statistics accounting ! service-policy global_policy global privilege cmd level 3 mode exec command perfmon privilege cmd level 5 mode exec command more privilege cmd level 5 mode exec command dir privilege cmd level 3 mode exec command ping privilege cmd level 3 mode exec command who privilege cmd level 3 mode exec command logging privilege cmd level 3 mode exec command failover privilege cmd level 3 mode exec command vpn-sessiondb privilege cmd level 3 mode exec command packet-tracer privilege cmd level 5 mode exec command export privilege show level 5 mode exec command import privilege show level 5 mode exec command running-config privilege show level 3 mode exec command reload privilege show level 3 mode exec command mode privilege show level 3 mode exec command firewall privilege show level 3 mode exec command asp privilege show level 3 mode exec command cpu privilege show level 3 mode exec command interface privilege show level 3 mode exec command clock privilege show level 3 mode exec command dns-hosts privilege show level 3 mode exec command access-list privilege show level 3 mode exec command logging privilege show level 3 mode exec command vlan privilege show level 3 mode exec command ip privilege show level 3 mode exec command failover privilege show level 3 mode exec command asdm privilege show level 3 mode exec command arp privilege show level 3 mode exec command ipv6 privilege show level 3 mode exec command route privilege show level 3 mode exec command aaa-server privilege show level 3 mode exec command aaa privilege show level 3 mode exec command crypto privilege show level 3 mode exec command ssh privilege show level 3 mode exec command vpn-sessiondb privilege show level 3 mode exec command vpn privilege show level 3 mode exec command dhcpd privilege show level 3 mode exec command blocks privilege show level 3 mode exec command wccp privilege show level 3 mode exec command dynamic-filter privilege show level 3 mode exec command webvpn privilege show level 3 mode exec command service-policy privilege show level 3 mode exec command module privilege show level 3 mode exec command uauth privilege show level 3 mode exec command compression privilege show level 3 mode exec command ospf privilege show level 3 mode exec command eigrp privilege show level 3 mode configure command interface privilege show level 3 mode configure command clock privilege show level 3 mode configure command access-list privilege show level 3 mode configure command logging privilege show level 3 mode configure command ip privilege show level 3 mode configure command failover privilege show level 5 mode configure command asdm privilege show level 3 mode configure command arp privilege show level 3 mode configure command route privilege show level 3 mode configure command aaa-server privilege show level 3 mode configure command aaa privilege show level 3 mode configure command crypto privilege show level 3 mode configure command ssh privilege show level 3 mode configure command ssh privilege show level 3 mode configure command dhcpd privilege show level 5 mode configure command privilege privilege clear level 3 mode exec command crypto privilege clear level 3 mode exec command dns-hosts privilege clear level 3 mode exec command logging privilege clear level 3 mode exec command arp privilege clear level 3 mode exec command aaa-server privilege clear level 3 mode exec command dynamic-filter privilege cmd level 3 mode configure command failover privilege clear level 3 mode configure command logging privilege clear level 3 mode configure command crypto privilege clear level 3 mode configure command arp privilege clear level 3 mode configure command aaa-server prompt hostname context no call-home reporting anonymous hpm topN enable Cryptochecksum:1f9cc4bdf49ca37dc1b62f2626ee6b5c : end
12-22-2020 12:58 AM
Interface1 = To_ISPs 193.59.39.254
Interface2 = To_ISPs_77.65.153.254
Int2 is a new interface which I'm using to migrate the VPN's, but default routing is set on Int1
12-22-2020 01:29 AM
I don't know the remote networks, but I'd expect a NAT rule similar to this rule below (just replace the objects I've defined in the example).
nat (To_ISPs,To_ISPs_77.65.153.254) source static RAVPN-NET RAVPN-NET destination static REMOTE-NET REMOTE-NET no-proxy
If that doesn't work run packet-tracer from the CLI to determine the cause.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide