cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4434
Views
5
Helpful
7
Replies

ASA port forwarding not working

ayomide1234
Level 1
Level 1

Dear All. Kindly help me look into this running-config my aim is to do port forwarding on the ASA5508. 
my server private IP is 10.234.112.10

find below my running-config on ASA. I have done all that is the running-config but it is still not working. I know I have some repeated NAT and ACL. But help me look at what I am doing wrong. 

FPNO-FIREWALL# show run
: Saved

:
: Serial Number: JAD224100BJ
: Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cor es)
:
ASA Version 9.8(2)
!
hostname FPNO-FIREWALL
domain-name fpno.edu.ng
enable password $sha512$5000$PVWY8aN9GHkmEry3QFt6Mg==$vJy25GJ8k0DhH3s8tCABog== p bkdf2
names

!
interface GigabitEthernet1/1
description LINK-TO-ISP
nameif outside
security-level 0
ip address 197.211.35.36 255.255.255.252
!
interface GigabitEthernet1/2
description LINK-TO-CORE-SWITCH
nameif inside
security-level 100
ip address 10.234.100.1 255.255.252.0
!
interface GigabitEthernet1/3
description LINK-TO-DMZ
nameif DMZ
security-level 70
ip address 10.234.104.1 255.255.252.0
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
nameif ManageASDM
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
clock timezone WAT 1
dns server-group DefaultDNS
domain-name fpno.edu.ng
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network INSIDE-NET
subnet 10.234.108.0 255.255.252.0
object network obj_10.234.112.10
host 10.234.112.10
object network host-10.234.112.10
host 10.234.112.10
object network host-10.234.112.10-80
host 10.234.112.10
object network host-10.234.112.11
host 10.234.112.11
object network inside-server
host 10.234.112.10
object network internal
host 10.234.112.10
description webserver
object network HTTPserver
host 10.234.112.10
object network AUTHserver
host 10.234.112.11
object service HTTP
service tcp source eq www
object service HTTPS
service tcp source eq https
object network HTTPSserver
host 10.234.112.10
object network Emma
host 10.234.112.10
object service Emmaservice
service tcp destination eq www
object service EmmaServ2
service tcp source eq www
object-group service svcgrp-10.234.112.10 tcp
port-object eq https
object-group service svcgrp2-10.234.112.10 tcp
port-object eq www
object-group service svcgrp3-10.234.112.11 tcp
port-object eq 8443
access-list SERVER-OUTSIDE extended permit object Emmaservice any object Emma
access-list SERVER-OUTSIDE extended permit tcp any host 10.234.112.10 eq www
access-list SERVER-OUTSIDE extended permit ip any host 10.234.112.10
access-list SERVER-OUTSIDE extended permit tcp any host 197.211.35.26 eq www
access-list outside-access extended permit tcp any object host-10.234.112.10 obj ect-group svcgrp-10.234.112.10
access-list outside-access2 extended permit tcp any object host-10.234.112.10-80 object-group svcgrp2-10.234.112.10
access-list outside-access3 extended permit tcp any object host-10.234.112.11 ob ject-group svcgrp3-10.234.112.11
access-list OUTSIDE extended permit tcp any host 197.211.35.36 eq www
access-list inside_access_out extended permit tcp host 10.234.112.10 any eq www
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu ManageASDM 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (inside,outside) source static Emma interface service any EmmaServ2
nat (inside,outside) source static HTTPserver interface service HTTP HTTP inacti ve
nat (inside,outside) source static HTTPSserver interface service HTTPS HTTPS
nat (inside,outside) source static AUTHserver interface service HTTPS HTTPS
!
object network obj_any
nat (any,outside) dynamic interface
object network INSIDE-NET
nat (inside,outside) dynamic interface
object network host-10.234.112.10
nat (inside,outside) static interface service tcp https https
object network host-10.234.112.11
nat (inside,outside) static interface service tcp 8443 8443
object network inside-server
nat (inside,outside) static interface service tcp www www
access-group SERVER-OUTSIDE in interface outside
access-group inside_access_out out interface inside
route outside 0.0.0.0 0.0.0.0 197.211.35.25 1
route inside 10.234.108.0 255.255.252.0 10.234.100.3 1
route inside 10.234.112.0 255.255.252.0 10.234.100.3 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 ManageASDM
http 10.234.100.0 255.255.252.0 inside
http 10.234.112.0 255.255.252.0 inside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 197.211.35.24 255.255.255.252 outside
ssh 172.16.0.0 255.255.0.0 outside
ssh 192.211.32.0 255.255.252.0 outside
ssh 10.234.100.0 255.255.252.0 inside
ssh 10.234.112.0 255.255.252.0 inside
ssh timeout 10
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username admin password $sha512$5000$KWYkCEuiDsXJQ+s2DcYWnQ==$Za4qjAcfl+X3U/hOfa aHCQ== pbkdf2 privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect http
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:584eb4b9ae34ee75e50b79ed42844975
: end
FPNO-FIREW

 

 

 

 

 

 

 

 

7 Replies 7

ayomide1234
Level 1
Level 1

Core switch connected to the ASA. 

 

 

CORE-SWITCH#show run
Building configuration...

Current configuration : 10106 bytes
!
! Last configuration change at 16:27:41 UTC Fri Nov 29 2019 by admin
!
version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname CORE-SWITCH
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision ws-c3650-24ps
!
!
!
!
ip routing
!
!
!
ip domain name fpno.edu.ng
ip dhcp excluded-address 10.234.108.5 10.234.108.10
ip dhcp excluded-address 10.234.112.5 10.234.112.10
!
ip dhcp pool PUBLIC-WIFI-NETWORK
network 10.234.108.0 255.255.252.0
default-router 10.234.108.1
dns-server 8.8.8.8
!
ip dhcp pool LAN-NETWORK
network 10.234.112.0 255.255.252.0
default-router 10.234.112.1
dns-server 8.8.8.8
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-144731844
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-144731844
revocation-check none
rsakeypair TP-self-signed-144731844
!
!
crypto pki certificate chain TP-self-signed-144731844
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343437 33313834 34301E17 0D313931 31323731 34343830
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3134 34373331
38343430 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
82010100 DED35292 B00238E9 9E4B87C0 764C82A9 F8154B5A 4F77D885 316E8A20
CD173092 510001BE 51C96CCE 2372DF5F 9926D919 69CD2AFB 93466CA2 8C881FEF
B661E01A 5661F130 15F5813C 9A558149 F0ABC2CD E30C3A48 58823EE8 210D7974
77412928 974D7F2A 1682B357 FE4D5278 CB053681 398FB57A 0DDE63A5 692ED19F
9A89ED51 EECDB077 93A2453D 382F2677 4F591C22 001CF0FE 878EC7C9 F852ABD9
4B847E38 CBDE17AA DA3CFA62 83B9A610 1ED21EA2 1BDD6303 34B73388 EEE9C5D6
182488F6 82BF1207 D01BFDA1 D6AFC397 5394F3A5 5819FEC5 D5EF87A9 6C8C90EE
7DBF22D9 F9E1849C BFADDC97 B8C0867F 70F19FFB 0E0A4758 93B89F43 816AF786
726849A9 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F
0603551D 23041830 168014E9 7015F639 3E053BD0 D97CC7CE 107F18EA 64670330
1D060355 1D0E0416 0414E970 15F6393E 053BD0D9 7CC7CE10 7F18EA64 6703300D
06092A86 4886F70D 01010505 00038201 01001C6D DF69879C B53D31C1 D7E1916E
77D26BDF 2E3A346F A1BD53AF 08092AA9 951081AD F08E002F 9174ABDF 9F977849
B0BBCF86 2AFF9A3F 27A4E598 C5CE3DDC A715CB52 4B1FB5B2 13BAA0C7 F004CAE9
2BAC8C00 20063F89 079EE834 2C804042 7B8EA2D6 0B5FE622 05048053 48A5E028
0E6DF613 C8484A7A B81F5BF6 C70B1B91 5D7B30CD 246E5CD0 C96F39B4 830CEC06
52E5F44E 63DAD270 7B793935 4C04027A 55C8BD9D 7C12237B 19C30055 C971A5E0
FA8F9392 C5B8E79D EDD898C0 C58824A4 5A8DB868 62871149 F5015734 99890D3F
B04A9EB9 BEA0B956 B2207EC9 99B117EE 336B1259 9B19F0AF 000B73EA 86B23B5E
09FDFF47 9B9D65B7 DF42829A E312E453 0AC3
quit
!
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
username admin privilege 15 secret 5 $1$ArJ2$4podUdu1jxmyZpWHKiG400
!
redundancy
mode sso
!
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
description LINK-TO-ASA
no switchport
ip address 10.234.100.3 255.255.252.0
!
interface GigabitEthernet1/0/2
spanning-tree portfast
!
interface GigabitEthernet1/0/3
spanning-tree portfast
!
interface GigabitEthernet1/0/4
description NEW-LINK-WLC
spanning-tree portfast
!
interface GigabitEthernet1/0/5
spanning-tree portfast
!
interface GigabitEthernet1/0/6
description LINK-AP1
switchport mode access
!
interface GigabitEthernet1/0/7
description LINK-TO-APS
switchport mode access
!
interface GigabitEthernet1/0/8
description LINK-TO-APS
switchport mode access
!
interface GigabitEthernet1/0/9
description LINK-TO-APS
switchport mode access
!
interface GigabitEthernet1/0/10
description LINK-TO_WLC
switchport trunk allowed vlan 1
switchport mode trunk
!
interface GigabitEthernet1/0/11
description LINK-TO-LAN_MGT-SG350
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
switchport access vlan 108
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 108
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 108
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 108
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 108
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
ip address 10.234.112.1 255.255.252.0
!
interface Vlan108
ip address 10.234.108.1 255.255.252.0
!
!
router eigrp 100
network 10.234.100.0 0.0.3.255
network 10.234.108.0 0.0.3.255
network 10.234.112.0 0.0.3.255
redistribute static
eigrp stub connected summary
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface Vlan1
ip route 0.0.0.0 0.0.0.0 10.234.100.1
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
logging synchronous
login local
transport input ssh
line vty 5
logging synchronous
login local
transport input ssh
line vty 6 15
login
!
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

Hi,

You are natting (port forwarding) https (tcp/443) to 10.234.112.10 - therefore only https traffic will be natted. Are you attempting to connect using https?

 

Please upload the output of "show nat detail" and "show access-list".

 

Can you also run packet-tracer from the cli and provide the output for review.

Pls find attached my NAT and ACL. 
ASDM view. 

What port are you attempting connect on though?
Only tcp/443 is currently natted. The hit count on your ACLs confirm the most hits on rule no 2, which is tcp/80.

Can you run packet-tracer from the CLI and upload the output.

I want the server with 10.234.112.10 to be accessible with public IP  via http and https. That’s port 80 and 443. 

What is the output of packet-tracer? That will reveal what nat rules the traffic is currently matching.

 

Also provide the output of "show nat detail" from the CLI

FPNO-FIREWALL# show nat detail Manual NAT Policies (Section 1) 1 (inside) to (outside) source static Emma interface service any EmmaServ2 translate_hits = 6, untranslate_hits = 6 Source - Origin: 10.234.112.10/32, Translated: 197.211.xx.xx/30 Service - Origin: any, Translated: tcp source eq https destination eq https 2 (inside) to (outside) source static HTTPserver interface service HTTP HTTP translate_hits = 4, untranslate_hits = 9 Source - Origin: 10.234.112.10/32, Translated: 197.211.xx.xx/30 Service - Origin: tcp source eq www , Translated: tcp source eq www 3 (inside) to (outside) source static HTTPSserver interface service HTTPS HTTPS inactive translate_hits = 0, untranslate_hits = 0 Source - Origin: 10.234.112.10/32, Translated: 197.211.xx.xx/30 Service - Origin: tcp source eq https , Translated: tcp source eq https 4 (inside) to (outside) source static AUTHserver interface service HTTPS HTTPS inactive translate_hits = 0, untranslate_hits = 0 Source - Origin: 10.234.112.11/32, Translated: 197.211.xx.xx/30 Service - Origin: tcp source eq https , Translated: tcp source eq https Auto NAT Policies (Section 2) 1 (inside) to (outside) source static host-10.234.112.10 interface service tcp https https translate_hits = 0, untranslate_hits = 10 Source - Origin: 10.234.112.10/32, Translated: 197.211.xx.xx/30 Service - Protocol: tcp Real: https Mapped: https 2 (inside) to (outside) source static inside-server interface service tcp www www translate_hits = 0, untranslate_hits = 0 Source - Origin: 10.234.112.10/32, Translated: 197.211.xx.xx/30 Service - Protocol: tcp Real: www Mapped: www 3 (inside) to (outside) source static host-10.234.112.11 interface service tcp 8443 8443 translate_hits = 0, untranslate_hits = 1 Source - Origin: 10.234.112.11/32, Translated: 197.211.xx.xx/30 Service - Protocol: tcp Real: 8443 Mapped: 8443 4 (inside) to (outside) source dynamic INSIDE-NET interface translate_hits = 0, untranslate_hits = 0 Source - Origin: 10.234.108.0/22, Translated: 197.211.xx.xx/30 5 (any) to (outside) source dynamic obj_any interface translate_hits = 270, untranslate_hits = 0 Source - Origin: 0.0.0.0/0, Translated: 197.211.xx.xx/30 FPNO-FIREWALL# FPNO-FIREWALL# FPNO-FIREWALL# FPNO-FIREWALL# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list SERVER-OUTSIDE; 4 elements; name hash: 0xc7e0fe0e access-list SERVER-OUTSIDE line 1 extended permit object EmmaServ2 any object Emma (hitcnt=0) 0x3b5be78c access-list SERVER-OUTSIDE line 1 extended permit tcp any eq https host 10.234.112.10 eq https (hitcnt=0) 0x3b5be78c access-list SERVER-OUTSIDE line 2 extended permit tcp any host 10.234.112.10 eq www (hitcnt=4) 0x0c817540 access-list SERVER-OUTSIDE line 3 extended permit ip any host 10.234.112.10 (hitcnt=12) 0xe130afa1 access-list SERVER-OUTSIDE line 4 extended permit tcp any host 197.211.xx.xx eq www (hitcnt=0) 0x3e9f10a6 access-list outside-access; 1 elements; name hash: 0x5a1e8320 access-list outside-access line 1 extended permit tcp any object host-10.234.112.10 object-group svcgrp-10.234.112.10 (hitcnt=0) 0xe21fd977 access-list outside-access line 1 extended permit tcp any host 10.234.112.10 eq https (hitcnt=0) 0xa2452b21 access-list outside-access2; 1 elements; name hash: 0xa6bf5a53 access-list outside-access2 line 1 extended permit tcp any object host-10.234.112.10-80 object-group svcgrp2-10.234.112.10 (hitcnt=0) 0xcaae63ac access-list outside-access2 line 1 extended permit tcp any host 10.234.112.10 eq www (hitcnt=0) 0xe8aea271 access-list outside-access3; 1 elements; name hash: 0x41c1188a access-list outside-access3 line 1 extended permit tcp any object host-10.234.112.11 object-group svcgrp3-10.234.112.11 (hitcnt=0) 0x07822309 access-list outside-access3 line 1 extended permit tcp any host 10.234.112.11 eq 8443 (hitcnt=0) 0x572891f0 access-list OUTSIDE; 1 elements; name hash: 0x97f9426 access-list OUTSIDE line 1 extended permit tcp any host 197.211.xx.xx eq www (hitcnt=0) 0x2ed12827
Review Cisco Networking for a $25 gift card