09-21-2012 10:56 PM - edited 03-11-2019 04:57 PM
Real basic config on a ASA 5505 with 8.4(4)1 code.
Ethernet 0/0 is the WAN outside Internet from a ISP with DHCP configured on the interface along with the default route from the ISP.
Ehternet 0/1 is the Inside LAN inside 192.168.1.2
Ethernet 0/2 is the DMZ ciscovpn which I want to be NATed to the outside 192.168.2.1
LAN works fine and I have full internet access
Ciscovpn interface I have no outside access. I could ping the ASA but I show no xlate for 192.168.2.0
What I'm a missing????
ASA Version 8.4(4)1
!
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 12
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 12
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan3
no nameif
no security-level
no ip address
!
interface Vlan12
nameif CISCOVPN
security-level 50
ip address 192.168.2.1 255.255.255.0
!
boot system disk0:/asa844-1-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name ROB.NET
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network CISCOVPN
subnet 192.168.2.0 255.255.255.0
description Cisco VPN Access
object network INSIDE
subnet 192.168.1.0 255.255.255.0
description INSIDE Network
access-list outside_access_in extended permit icmp any any echo-reply
pager lines 24
logging enable
logging timestamp
logging monitor debugging
logging asdm informational
logging queue 0
mtu inside 1500
mtu outside 1500
mtu CISCOVPN 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
nat (CISCOVPN,outside) source dynamic any interface
!
nat (inside,outside) after-auto source dynamic INSIDE interface
nat (CISCOVPN,outside) after-auto source dynamic CISCOVPN interface
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 CISCOVPN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.100-192.168.1.150 inside
dhcpd auto_config outside interface inside
dhcpd update dns interface inside
dhcpd option 3 ip 192.168.1.1 interface inside
dhcpd enable inside
!
dhcpd address 192.168.2.10-192.168.2.13 CISCOVPN
dhcpd auto_config outside interface CISCOVPN
dhcpd update dns interface CISCOVPN
dhcpd enable CISCOVPN
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username robert password Ye1VVaIKAE72Mhl5 encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Thanks in advance!!
09-22-2012 01:26 AM
Here is the configuration:
object network CISCOVPN
nat (CISCOVPN,outside) dynamic interface
no nat (CISCOVPN,outside) source dynamic any interface
no nat (CISCOVPN,outside) after-auto source dynamic CISCOVPN interface
Then "clear xlate" after the above changes.
Also assuming that you have dns configured on the host that is connected to the CISCOVPN subnet.
09-22-2012 07:50 AM
Applied the config but still same thing.
on the CISCOVPN I get DHCP address but cant ping anyting from the outside such as 64.65.64.65
Inside lan works fine.
I included IP permit any any for the trace below just to aid in troubleshooting. Below is the trace with the modified configs.
notice the "Drop-reason: (acl-drop) Flow is denied by configured rule"
OB-ASA# packet-tracer input CISCOVPN icmp 192.168.2.13 1 1 1 64.65.64.65 deta$
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group CISCOVPN_access_in in interface CISCOVPN
access-list CISCOVPN_access_in extended permit ip any any
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacdb7590, priority=13, domain=permit, deny=false
hits=0, user_data=0xa9a35e90, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=CISCOVPN, output_ifc=any
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xac5b96c0, priority=0, domain=inspect-ip-options, deny=true
hits=479, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=CISCOVPN, output_ifc=any
Phase: 4
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xac5b9298, priority=66, domain=inspect-icmp-error, deny=false
hits=18, user_data=0xac5b88b0, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, dscp=0x0
input_ifc=CISCOVPN, output_ifc=any
Phase: 5
Type: NAT
Subtype:
Result: DROP
Config:
object network CISCOVPN
nat (CISCOVPN,outside) dynamic interface
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacdb9920, priority=6, domain=nat, deny=false
hits=4, user_data=0xa86c6688, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=192.168.2.0, mask=255.255.255.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=CISCOVPN, output_ifc=outside
Result:
input-interface: CISCOVPN
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
ROB-ASA# wr t
: Saved
:
ASA Version 8.4(4)1
!
hostname ROB-ASA
domain-name ROB.NET
enable password 3scBzwPl3/UG7Td6 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 12
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan3
no nameif
no security-level
no ip address
!
interface Vlan12
nameif CISCOVPN
security-level 50
ip address 192.168.2.1 255.255.255.0
!
boot system disk0:/asa844-1-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name ROB.NET
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network CISCOVPN
subnet 192.168.2.0 255.255.255.0
description Cisco VPN Access
object network INSIDE
subnet 192.168.1.0 255.255.255.0
description INSIDE Network
object network CISCOCPN
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit ip any any
access-list CISCOVPN_access_in extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging monitor debugging
logging asdm informational
logging queue 0
mtu inside 1500
mtu outside 1500
mtu CISCOVPN 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
!
object network CISCOVPN
nat (CISCOVPN,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic INSIDE interface
access-group outside_access_in in interface outside
access-group CISCOVPN_access_in in interface CISCOVPN
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 CISCOVPN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.100-192.168.1.150 inside
dhcpd auto_config outside interface inside
dhcpd update dns interface inside
dhcpd option 3 ip 192.168.1.1 interface inside
dhcpd enable inside
!
dhcpd address 192.168.2.10-192.168.2.13 CISCOVPN
dhcpd auto_config outside interface CISCOVPN
dhcpd update dns interface CISCOVPN
dhcpd enable CISCOVPN
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username robert password Ye1VVaIKAE72Mhl5 encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
09-22-2012 09:12 PM
There is a mistake in your packet-tracer command. In packet-tracer for ICMP you enter ‘’. As per your packet-tracer command, the inputs are:
Type = 1
Code = 1
This is not equivalent to ICMP echo-request. Hence, will be dropped. You should be entering values such that:
Type = 8
Code = 0
This is equivalent to ICMP echo-request and should pass.
Could you please try to ping 64.65.64.65 from the firewall itself, Since you are doing a PAT with the Firewall outside interface address ?
09-22-2012 11:19 PM
Thanks used Type 8 and Code 0 and packet trace was a succes but still when I connect a client PC to the CISCOVPN port unable to reach outside.
I am able to ping 64.65.64.65 from the ASA and also from the same client when sitting on the inside interface.
09-23-2012 01:52 AM
Please perform the below steps and get the following output in log file
1- Clear local-host 192.168.2.13
2- Clear interface e0/2
3- Clear asp drop
Apply Bidirectional captures on CISCOVPN and outside interface (both ingress and Egress interface)
Take ASP drop Captures, below is how you can get asp captures
capture asp type asp-drop all packet-length 1518 buffer 200000
logging buffered 7
Initiate the traffic and collect the below output
1- sh local-host 192.168.2.13
2- sh interface e0/2
3- sh asp drop
Capture output of both interfaces
sh capture asp | in icmp
sh logging
sh ver
10-08-2012 02:07 PM
Been traveling and finally got a chance to sit down and take a look. Here are the outputs requested.
ROB-ASA# sh local-host 192.168.2.13
Licensed host limit: Unlimited.
Interface CISCOVPN: 3 active, 4 maximum active, 0 denied
Interface outside: 56 active, 1649 maximum active, 0 denied
Interface inside: 7 active, 15 maximum active, 0 denied
Interface _internal_loopback: 0 active, 0 maximum active, 0 denied
ROB-ASA# sh inter
ROB-ASA# sh interface e0/2
Interface Ethernet0/2 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0019.0724.b4f3, MTU not set
IP address unassigned
165 packets input, 26608 bytes, 0 no buffer
Received 64 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
106 switch ingress policy drops
7 packets output, 1288 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
ROB-ASA# sh asp dro
ROB-ASA# sh asp drop
Frame drop:
Invalid encapsulation (invalid-encap) 2
Flow is denied by configured rule (acl-drop) 19
TCP RST/FIN out of order (tcp-rstfin-ooo) 4
Slowpath security checks failed (sp-security-failed) 50
Last clearing: 20:52:53 UTC Oct 8 2012 by enable_15
Flow drop:
Last clearing: 20:52:53 UTC Oct 8 2012 by enable_15
ROB-ASA# sh cap
ROB-ASA# sh capture as
ROB-ASA# sh capture asp | in icmp
ROB-ASA# sh capture asp | in icmp
ROB-ASA# sh log
ROB-ASA# sh logging
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: level debugging, 4413383 messages logged
Buffer logging: level debugging, 4217511 messages logged
Trap logging: disabled
Permit-hostdown logging: disabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 3227433 messages logged
nside:192.168.1.165/64626 (70.181.146.81/64626)
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900289 for outside:68.105.29.12/53 to inside:192.168.1.165/51436 duration 0:00:00 bytes 191
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900290 for outside:68.105.29.12/53 to inside:192.168.1.165/53667 duration 0:00:00 bytes 193
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900294 for outside:68.105.29.12/53 to inside:192.168.1.165/55396 duration 0:00:00 bytes 132
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900292 for outside:68.105.29.12/53 to inside:192.168.1.165/64971 duration 0:00:00 bytes 193
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900291 for outside:68.105.29.12/53 to inside:192.168.1.165/65038 duration 0:00:00 bytes 191
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900293 for outside:68.105.29.12/53 to inside:192.168.1.165/59363 duration 0:00:00 bytes 193
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900298 for outside:68.105.29.12/53 to inside:192.168.1.165/64626 duration 0:00:00 bytes 134
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900297 for outside:68.105.29.12/53 to inside:192.168.1.165/49453 duration 0:00:00 bytes 134
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900296 for outside:68.105.29.12/53 to inside:192.168.1.165/59131 duration 0:00:00 bytes 132
Oct 08 2012 21:00:48: %ASA-6-302016: Teardown UDP connection 900295 for outside:68.105.29.12/53 to inside:192.168.1.165/51618 duration 0:00:00 bytes 134
Oct 08 2012 21:00:57: %ASA-7-111009: User 'enable_15' executed cmd: show local-host 192.168.2.13
Oct 08 2012 21:01:10: %ASA-7-111009: User 'enable_15' executed cmd: show interface Ethernet 0/2
Oct 08 2012 21:01:15: %ASA-7-111009: User 'enable_15' executed cmd: show asp drop
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/51436 to outside:70.181.146.81/51436 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/53667 to outside:70.181.146.81/53667 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/55396 to outside:70.181.146.81/55396 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/65038 to outside:70.181.146.81/65038 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/64971 to outside:70.181.146.81/64971 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/59363 to outside:70.181.146.81/59363 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/49453 to outside:70.181.146.81/49453 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/64626 to outside:70.181.146.81/64626 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/51618 to outside:70.181.146.81/51618 duration 0:00:30
Oct 08 2012 21:01:18: %ASA-6-305012: Teardown dynamic UDP translation from inside:192.168.1.165/59131 to outside:70.181.146.81/59131 duration 0:00:30
Oct 08 2012 21:01:27: %ASA-6-302016: Teardown UDP connection 900271 for CISCOVPN:0.0.0.0/68 to identity:255.255.255.255/67 duration 0:02:01 bytes 910
Oct 08 2012 21:01:27: %ASA-6-302016: Teardown UDP connection 900272 for CISCOVPN:255.255.255.255/68 to identity:192.168.2.1/67 duration 0:02:01 bytes 866
Oct 08 2012 21:01:31: %ASA-7-609002: Teardown local-host outside:68.105.29.12 duration 0:10:26
Oct 08 2012 21:01:46: %ASA-7-609002: Teardown local-host outside:174.76.228.8 duration 0:10:26
Oct 08 2012 21:01:48: %ASA-7-609002: Teardown local-host outside:174.76.228.35 duration 0:10:26
Oct 08 2012 21:01:49: %ASA-6-302016: Teardown UDP connection 900288 for outside:216.218.192.202/123 to inside:192.168.1.77/123 duration 0:02:01 bytes 96
ROB-ASA# sh ver
Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 6.4(9)
Compiled on Thu 14-Jun-12 11:20 by builders
System image file is "disk0:/asa844-1-k8.bin"
Config file at boot was "startup-config"
ROB-ASA up 16 days 4 hours
Hardware: ASA5505, 1024 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 512MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is 0019.0724.b4f9, irq 11
1: Ext: Ethernet0/0 : address is 0019.0724.b4f1, irq 255
2: Ext: Ethernet0/1 : address is 0019.0724.b4f2, irq 255
3: Ext: Ethernet0/2 : address is 0019.0724.b4f3, irq 255
4: Ext: Ethernet0/3 : address is 0019.0724.b4f4, irq 255
5: Ext: Ethernet0/4 : address is 0019.0724.b4f5, irq 255
6: Ext: Ethernet0/5 : address is 0019.0724.b4f6, irq 255
7: Ext: Ethernet0/6 : address is 0019.0724.b4f7, irq 255
8: Ext: Ethernet0/7 : address is 0019.0724.b4f8, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 24 perpetual
Total UC Proxy Sessions : 24 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5505 Security Plus license.
Serial Number: JMX1047K3AN
Running Permanent Activation Key: 0x651eef6c 0x307def3d 0x2c33297c 0xa65060d0 0x813304a1
Configuration register is 0x1
Configuration last modified by enable_15 at 16:50:28.708 UTC Sun Sep 23 2012
ROB-ASA#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide