Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2777
Views
0
Helpful
17
Replies

cisco asa 5510 remote access vpn ipsec issue

Go to solution
panchalrameshwar72
Level 1
Level 1

‎01-18-2017 04:42 AM - edited ‎03-12-2019 01:47 AM

hi team

i have setup a vpn connection for users so they can connect from outside , the vpn is working perfectly fine

i have created all this from asdm , the issue is i have added multiple network in acl and user is able to connect to only first network which i have added , i have tested this on different laptops and systems , recreated whole thing again.. all the networks are able to reach eachother internally there is no issue in routing this means . the network which i have added first is only reachable from outside and others are not even the network is already added in the acl and also when i am connected to the vpn i can see the network list to which i have access to  but i cannot ping any network or any other device which in that network.... i have done lots of research but not able to find anything .... really appreciate if some one can help me with this :(

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to panchalrameshwar72

‎01-30-2017 01:54 PM

Yes, for each subinterface the NAT rules are referenced by different ACL's. For example, if you want to reach the stardmz network, you have to update the ACL given in this statement:

nat (stardmz) 0 access-list stardmz_no_nat

If it is StarLink_Lab interface, you have to update the ACL given in the following NAT statement:

nat (StarLink_Lab) 0 access-list StarLink_Lab_nat0_outbound

All the ACL entries that you add should have the format as below:

access-list <acl-name> extended permit ip <internal subnet> 255.255.255.0 <vpn-subnet> 255.255.255.0

View solution in original post

0 Helpful
17 Replies 17

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎01-18-2017 08:29 AM

Can you paste your sanitized config so that someone can take a look? Also, which ACL has the 2 networks - split tunnel ACL, vpn filter ACL or interface ACL?

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to Rahul Govindan

‎01-18-2017 10:44 PM

hi , i did a packet tracer and below is the result

Type - NAT
Subtype - rpf-check
Action - DROP
Show rule in NAT Rules table.
Config
nat (lanvoip_data) 10 x.x.x.x x.x.x.x
nat-control
match ip lanvoip_data x.x.x.x x.x.x.x 24outside any
dynamic translation to pool 10 (x.x.x.x [Interface PAT])
translate_hits = 36225704, untranslate_hits = 9616933
0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to panchalrameshwar72

‎01-18-2017 10:53 PM

This would indicate that you do not have NAT exempt between your VPN subnet and the internal subnet that it is unable to reach. Create a nat exemption rule as seen in this example below:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_bypassing.html#wp1080803%0A

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to Rahul Govindan

‎01-19-2017 01:40 AM

hi , thank you for your reply , i was trying this and i lost the connection to my voice vlan :( now i cannot reach voice vlan from any other vlan

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to panchalrameshwar72

‎01-19-2017 05:50 AM

hi

i have fixed my vlan issue , but the issue with vpn still exist .. please help

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to panchalrameshwar72

‎01-19-2017 05:34 PM

Could you paste your config with senstive information removed on to this thread?

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to Rahul Govindan

‎01-22-2017 01:56 AM

SL-FW# show run                    
: Saved
:
ASA Version 8.2(5)
!
hostname SL-FW
enable password  encrypted
passwd  encrypted
names
name 10.10.110.0 KSA-SOC-network
!
interface Ethernet0/0
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/0.1
 vlan 666
 nameif mgmt
 security-level 100
 ip address xxxx.254 255.255.255.0
!
interface Ethernet0/0.2
 vlan 100
 nameif lanvoip
 security-level 100
 ip address xxxx.254 255.255.255.0
!
interface Ethernet0/0.3
 vlan 3
 nameif stardmz
 security-level 100
 ip address xxxx.254 255.255.255.0
!
interface Ethernet0/0.11
 vlan 1
 nameif WL
 security-level 100
 ip address xxxx1.254 255.255.255.0
!
interface Ethernet0/0.32
 vlan 32
 nameif Sharief
 security-level 100
 ip address 10.30.11.254 255.255.255.0
!
interface Ethernet0/0.60
 vlan 60
 nameif KarthiksSubnet
 security-level 100
 ip address xxxx.60.254 255.255.255.0
!
interface Ethernet0/0.111
 vlan 111
 nameif lanvoip_data
 security-level 100
 ip address xxxx11.254 255.255.255.0
!
interface Ethernet0/0.112
 vlan 112
 nameif soc_corp_machines
 security-level 100
 ip address xxxx12.254 255.255.255.0
!
interface Ethernet0/0.113
 vlan 113
 nameif GuestLAN
 security-level 100
 ip address 172.31.31.254 255.255.255.0
!
interface Ethernet0/0.200
 vlan 200
 nameif nishith
 security-level 100
 ip address xxxx00.254 255.255.255.0
!
interface Ethernet0/0.222
 vlan 2
 nameif SOC
 security-level 100
 ip address xxxx.254 255.255.255.0
!
interface Ethernet0/0.500
 description StarLink Lab
 vlan 500
 nameif StarLink_Lab
 security-level 100
 ip address xxxx.254 255.255.255.0
!
interface Ethernet0/0.501
 vlan 501
 nameif PaloAltoVMs
 security-level 100
 ip address xxxx50.254 255.255.255.0
!
interface Ethernet0/0.999
 description Wireless guest vlan
 vlan 999
 nameif WLGUEST
 security-level 100
 ip address xxxx.99.254 255.255.255.0
!
interface Ethernet0/1
 nameif 24outside
 security-level 0
 ip address 0.0.0.0 255.255.255.252
!
interface Ethernet0/2
 nameif 16outside
 security-level 0
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
 management-only
!
banner login ----------------------------------------------------------------------------------------------
banner login                         Warning! you are accessing a restricted system
banner login If you do not have authorization to access please end the session immedietly!
banner login
banner login                      For more information contact adel@securelinkme.net
banner login ----------------------------------------------------------------------------------------------
banner login ----------------------------------------------------------------------------------------------
banner login                         Warning! you are accessing a restricted system
banner login If you do not have authorization to access please end the session immedietly!
banner login
banner login                      For more information contact adel@securelinkme.net
banner login ----------------------------------------------------------------------------------------------
banner login ----------------------------------------------------------------------------------------------
banner login                         Warning! you are accessing a restricted system
banner login If you do not have authorization to access please end the session immedietly!
banner login
banner login                      For more information contact adel@securelinkme.net
banner login ----------------------------------------------------------------------------------------------
banner login ----------------------------------------------------------------------------------------------
banner login                         Warning! you are accessing a restricted system
banner login If you do not have authorization to access please end the session immedietly!
banner login  
banner login                      For more information contact adel@securelinkme.net
banner login ----------------------------------------------------------------------------------------------
banner login ----------------------------------------------------------------------------------------------
banner login                         Warning! you are accessing a restricted system
banner login If you do not have authorization to access please end the session immedietly!
banner login
banner login                      For more information contact adel@securelinkme.net
banner login ----------------------------------------------------------------------------------------------
banner login ----------------------------------------------------------------------------------------------
banner login                         Warning! you are accessing a restricted system
banner login If you do not have authorization to access please end the session immedietly!
banner login
banner login                      For more information contact adel@securelinkme.net
banner login ----------------------------------------------------------------------------------------------
banner motd ----------------------------------------------------------------------------------------------
banner motd                         Warning! you are accessing a restricted system
banner motd If you do not have authorization to access please end the session immedietly!
banner motd
banner motd                      For more information contact adel@securelinkme.net
banner motd ----------------------------------------------------------------------------------------------
banner motd ----------------------------------------------------------------------------------------------
banner motd                         Warning! you are accessing a restricted system
banner motd If you do not have authorization to access please end the session immedietly!
banner motd   
banner motd                      For more information contact adel@securelinkme.net
banner motd ----------------------------------------------------------------------------------------------
banner motd ----------------------------------------------------------------------------------------------
banner motd                         Warning! you are accessing a restricted system
banner motd If you do not have authorization to access please end the session immedietly!
banner motd
banner motd                      For more information contact adel@securelinkme.net
banner motd ----------------------------------------------------------------------------------------------
banner motd ----------------------------------------------------------------------------------------------
banner motd                         Warning! you are accessing a restricted system
banner motd If you do not have authorization to access please end the session immedietly!
banner motd
banner motd                      For more information contact adel@securelinkme.net
banner motd ----------------------------------------------------------------------------------------------
banner motd ----------------------------------------------------------------------------------------------
banner motd                         Warning! you are accessing a restricted system
banner motd If you do not have authorization to access please end the session immedietly!
banner motd
banner motd                      For more information contact adel@securelinkme.net
banner motd ----------------------------------------------------------------------------------------------
banner motd ----------------------------------------------------------------------------------------------
banner motd                         Warning! you are accessing a restricted system
banner motd If you do not have authorization to access please end the session immedietly!
banner motd   
banner motd                      For more information contact adel@securelinkme.net
banner motd ----------------------------------------------------------------------------------------------
banner asdm ----------------------------------------------------------------------------------------------
banner asdm                         Warning! you are accessing a restricted system
banner asdm If you do not have authorization to access please end the session immedietly!
banner asdm
banner asdm                      For more information contact adel@securelinkme.net
banner asdm ----------------------------------------------------------------------------------------------
banner asdm ----------------------------------------------------------------------------------------------
banner asdm                         Warning! you are accessing a restricted system
banner asdm If you do not have authorization to access please end the session immedietly!
banner asdm
banner asdm                      For more information contact adel@securelinkme.net
banner asdm ----------------------------------------------------------------------------------------------
banner asdm ----------------------------------------------------------------------------------------------
banner asdm                         Warning! you are accessing a restricted system
banner asdm If you do not have authorization to access please end the session immedietly!
banner asdm
banner asdm                      For more information contact adel@securelinkme.net
banner asdm ----------------------------------------------------------------------------------------------
banner asdm ----------------------------------------------------------------------------------------------
banner asdm                         Warning! you are accessing a restricted system
banner asdm If you do not have authorization to access please end the session immedietly!
banner asdm   
banner asdm                      For more information contact adel@securelinkme.net
banner asdm ----------------------------------------------------------------------------------------------
banner asdm ----------------------------------------------------------------------------------------------
banner asdm                         Warning! you are accessing a restricted system
banner asdm If you do not have authorization to access please end the session immedietly!
banner asdm
banner asdm                      For more information contact adel@securelinkme.net
banner asdm ----------------------------------------------------------------------------------------------
banner asdm ----------------------------------------------------------------------------------------------
banner asdm                         Warning! you are accessing a restricted system
banner asdm If you do not have authorization to access please end the session immedietly!
banner asdm
banner asdm                      For more information contact adel@securelinkme.net
banner asdm ----------------------------------------------------------------------------------------------
ftp mode passive
clock timezone GST 4
dns domain-lookup mgmt
dns domain-lookup lanvoip
dns domain-lookup stardmz
dns domain-lookup WL
dns domain-lookup Sharief
dns domain-lookup KarthiksSubnet
dns domain-lookup lanvoip_data
dns domain-lookup soc_corp_machines
dns domain-lookup GuestLAN
dns domain-lookup SOC
dns domain-lookup StarLink_Lab
dns domain-lookup PaloAltoVMs
dns domain-lookup WLGUEST
dns domain-lookup 24outside
dns domain-lookup 16outside
dns domain-lookup nishith
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service CCTV udp
 port-object range 8000 8160
object-group network Qatar-Qradar
 network-object host xxxx.1
 network-object host xxxx.2
 network-object host xxxx.3
 network-object host xxxx.4
 network-object host xxxx.5
 network-object host xxxx.6
 network-object host xxxx.7
 network-object host xxxx.8
 network-object host xxxx.9
 network-object host xxxx.10
object-group service CCTV-TCP
 service-object tcp source range rtsp 558
object-group service CCTV-UDP
 service-object udp source range 8000 8160
object-group service QRADAR tcp
 port-object eq https
 port-object eq ssh
object-group network DM_INLINE_NETWORK_1
 network-object 10.10.10.0 255.255.255.0
 network-object 10.10.20.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
 network-object 10.10.10.0 255.255.255.0
 network-object 10.10.20.0 255.255.255.0
object-group network DM_INLINE_NETWORK_3
 network-object 10.10.10.0 255.255.255.0
 network-object 10.10.20.0 255.255.255.0
 network-object KSA-SOC-network 255.255.255.0
object-group network DM_INLINE_NETWORK_4
 network-object xxxx.0 255.255.255.0
 network-object xxxx.0 255.255.255.0
 network-object host 10.55.2.141
 network-object xxxx1.0 255.255.255.0
 network-object xxxx11.0 255.255.255.0
 network-object 192.168.2.0 255.255.255.0
object-group network VPN-TCP
object-group service proxy tcp
 port-object eq 8080
object-group network DM_INLINE_NETWORK_6
 network-object 192.168.3.0 255.255.255.0
 network-object 192.168.42.0 255.255.255.0
object-group network DM_INLINE_NETWORK_5
 network-object xxxx.0 255.255.255.0
 network-object xxxx50.0 255.255.255.0
access-list OUT_IN extended permit ip host 10.50.30.50 object-group Qatar-Qradar
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 8888
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq rtsp
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 555
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 556
access-list OUT_IN extended permit icmp any any echo-reply
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 8443 log
access-list OUT_IN remark Guardium_access
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq ftp-data log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq ftp log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq ssh log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 990 log
access-list OUT_IN remark IPSWITCH_FTPSSH
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3000 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3001 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3002 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3003 log
access-list OUT_IN remark IPSWITCH_DATA
access-list OUT_IN remark IPSWITCH_MANAGEMENT
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 222 log
access-list OUT_IN remark UNI
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 444 log
access-list OUT_IN remark nCircle
access-list OUT_IN extended permit udp any host 0.0.0.0 eq isakmp
access-list OUT_IN remark IPSWITCH_RDP
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3389
access-list OUT_IN remark CCTV_Client
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 557
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 558
access-list OUT_IN extended permit udp any host 0.0.0.0 eq 8000
access-list OUT_IN extended permit udp any host 0.0.0.0 eq 8001
access-list OUT_IN extended permit udp any host 0.0.0.0 eq 8002
access-list OUT_IN extended permit udp any host 0.0.0.0 eq 8003
access-list OUT_IN extended permit udp any host 0.0.0.0 eq 8004
access-list OUT_IN remark Mobile_Iron_Lab
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq https
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 8080
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9997
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9998
access-list OUT_IN remark InfoBlox Access
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7443 log
access-list OUT_IN remark InfoBlox Access
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 902 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7001 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7002 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7003 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7004 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7005 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7006 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7007 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7008 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7009 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7010 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7020 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 445 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq netbios-ssn log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6996 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6969 log
access-list OUT_IN extended permit icmp any any
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 10022 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 10443 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq pptp
access-list OUT_IN extended permit gre any host 0.0.0.0
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9999
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9389
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7022 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 7389 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9449 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9450 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9451
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9390
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3390
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 8082 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9092 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9000
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3004 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3005 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3006 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3007 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 31948
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 41948
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 3008
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 39234
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 39235
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 39236
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 39237
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 23234 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9452
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9048 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9050 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9052 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9441
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9442
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9467
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6443 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6444 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6000
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6001
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6002
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6003
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6004
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6005
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6006
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6007
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6008
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6009
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6010
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 6011
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 2525 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9022 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 1397
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 4362 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 1396
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9443 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9444
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9445 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9446
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9447
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9448
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9453 log
access-list OUT_IN extended permit tcp any host 0.0.0.0 eq 9454
access-list OUT_IN extended permit ip any any
access-list OUT_IN remark Guardium_access
access-list OUT_IN remark IPSWITCH_FTPSSH
access-list OUT_IN remark IPSWITCH_DATA
access-list OUT_IN remark IPSWITCH_MANAGEMENT
access-list OUT_IN remark UNI
access-list OUT_IN remark nCircle
access-list OUT_IN remark IPSWITCH_RDP
access-list OUT_IN remark CCTV_Client
access-list OUT_IN remark Mobile_Iron_Lab
access-list OUT_IN remark InfoBlox Access
access-list OUT_IN remark InfoBlox Access
access-list Qatar extended permit tcp object-group Qatar-Qradar host 10.50.30.50
access-list nonat extended permit ip xxxx.0 255.255.255.0 KSA-SOC-network 255.255.255.0
access-list nonat extended permit ip object-group Qatar-Qradar host 10.50.30.50
access-list nonat extended permit ip xxxx.0 255.255.255.0 host 10.21.1.200
access-list nonat extended permit ip xxxx.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list nonat extended permit ip xxxx.0 255.255.255.0 object-group DM_INLINE_NETWORK_2
access-list nonat extended permit ip xxxx.0 255.255.255.0 host 10.55.2.141
access-list nonat extended permit ip host xxxx11.29 host 10.21.1.200
access-list nonat extended permit ip host xxxx.234 10.10.10.0 255.255.255.0
access-list nonat extended permit ip host xxxx.45 10.10.10.0 255.255.255.0
access-list nonat extended permit ip host xxxx.82 10.10.10.0 255.255.255.0
access-list nonat extended permit ip KSA-SOC-network 255.255.255.0 xxxx.0 255.255.255.0
access-list nonat extended permit ip host xxxx.6 10.10.10.0 255.255.255.0
access-list nonat extended permit ip xxxx11.0 255.255.255.0 192.168.100.96 255.255.255.240
access-list nonat extended permit ip any 192.168.2.0 255.255.255.248
access-list nonat extended permit ip any 192.168.30.0 255.255.255.240
access-list stardmz_nat0_outbound extended permit ip host xxxx.10 192.168.1.0 255.255.255.240
access-list lanvoip_nat0_outbound extended permit ip xxxx11.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx11.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx.0 255.255.255.0 192.168.168.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx.0 255.255.255.0 172.18.0.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 xxxx.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx50.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list lanvoip_nat0_outbound extended permit ip xxxx.0 255.255.255.0 object-group DM_INLINE_NETWORK_6
access-list lanvoip_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_5 192.168.2.0 255.255.255.0
access-list 24outside_1_cryptomap extended permit ip xxxx.0 255.255.255.0 192.168.168.0 255.255.255.0
access-list 24outside_2_cryptomap extended permit tcp host xxxx11.29 host 10.21.1.200 object-group QRADAR
access-list cap extended permit ip xxxx.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list cap extended permit ip xxxx.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list cap extended permit ip xxxx.0 255.255.255.0 172.18.0.0 255.255.255.0
access-list cap extended permit ip 10.10.20.0 255.255.255.0 xxxx.0 255.255.255.0
access-list cap extended permit ip 10.10.10.0 255.255.255.0 xxxx.0 255.255.255.0
access-list cap extended permit ip 172.18.0.0 255.255.255.0 xxxx.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_3
access-list 24outside_3_cryptomap extended permit icmp xxxx11.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit icmp xxxx.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit icmp xxxx.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip xxxx11.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip xxxx11.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip xxxx.0 255.255.255.0 object-group DM_INLINE_NETWORK_2
access-list 24outside_3_cryptomap extended permit ip xxxx.0 255.255.255.0 host 10.21.1.200
access-list 24outside_3_cryptomap extended permit ip 10.10.10.0 255.255.255.0 host xxxx.234
access-list 24outside_3_cryptomap extended permit ip host xxxx.234 10.10.10.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip 10.10.10.0 255.255.255.0 host xxxx.45
access-list 24outside_3_cryptomap extended permit ip host xxxx.45 10.10.10.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip 10.10.10.0 255.255.255.0 host xxxx.82
access-list 24outside_3_cryptomap extended permit ip host xxxx.82 10.10.10.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip host xxxx.6 10.10.10.0 255.255.255.0
access-list 24outside_3_cryptomap extended permit ip 10.10.10.0 255.255.255.0 host xxxx.6
access-list 16_OUT_IN remark Mobile_Iron_Lab
access-list 16_OUT_IN extended permit tcp any host 94.206.93.186 eq https
access-list 16_OUT_IN extended permit tcp any host 94.206.93.186 eq 8443
access-list 16_OUT_IN remark Mobile_Iron_Lab
access-list 16_OUT_IN remark Mobile_Iron_Lab
access-list 16_OUT_IN remark Mobile_Iron_Lab
access-list 16_OUT_IN remark Mobile_Iron_Lab
access-list 16_OUT_IN remark Mobile_Iron_Lab
access-list capweb extended permit ip host xxxx11.7 host 206.188.193.240
access-list capweb extended permit ip host 206.188.193.240 host xxxx11.7
access-list capweb extended permit ip host xxxx11.7 host 94.200.200.200
access-list capweb extended permit ip host 94.200.200.200 host xxxx11.7
access-list netflow-hosts extended permit ip any any
access-list SOC_access_in extended permit ip any KSA-SOC-network 255.255.255.0
access-list SOC_access_in extended permit ip any any
access-list 24outside_4_cryptomap extended permit ip xxxx.0 255.255.255.0 host 10.55.2.141
access-list KSA-SOC-NAT extended permit ip host xxxx.100 host 10.10.110.10
access-list CAPIN extended permit gre any host 0.0.0.0
access-list CAPIN extended permit tcp any host 0.0.0.0 eq pptp
access-list CAPOUT extended permit ip any host xxxx50.1
access-list 24outside_5_cryptomap extended permit ip xxxx.0 255.255.255.0 172.18.0.0 255.255.255.0
access-list stardmz_access_in extended permit ip host xxxx.125 xxxx.0 255.255.255.0
access-list stardmz_access_in extended permit ip xxxx.0 255.255.255.0 xxxx1.0 255.255.255.0
access-list stardmz_access_in extended permit ip 192.168.1.8 255.255.255.248 xxxx.0 255.255.255.0
access-list stardmz_access_in extended permit ip any any
access-list stardmz_access_in extended permit ip xxxx.70.0 255.255.255.0 xxxx.0 255.255.255.0
access-list stardmz_access_in extended permit ip xxxx.0 255.255.255.0 xxxx.70.0 255.255.255.0
access-list WL_access_in extended permit ip host xxxx1.113 host xxxx.61
access-list WL_access_in extended deny ip any host xxxx.61 inactive
access-list WL_access_in extended permit ip any any
access-list WL_access_in extended permit ip xxxx1.0 255.255.255.0 xxxx.0 255.255.255.0
access-list StarLink_Lab_access_in extended permit tcp xxxx.0 255.255.255.0 host 10.200.252.70 eq https
access-list StarLink_Lab_access_in extended permit ip xxxx.0 255.255.255.0 xxxx1.0 255.255.255.0
access-list StarLink_Lab_access_in extended permit ip xxxx.0 255.255.255.0 xxxx11.0 255.255.255.0
access-list StarLink_Lab_access_in extended permit ip xxxx.0 255.255.255.0 192.168.1.8 255.255.255.248
access-list StarLink_Lab_access_in extended permit ip xxxx.0 255.255.255.0 host xxxx.125
access-list StarLink_Lab_access_in extended permit ip any any
access-list stardmz_no_nat extended permit ip xxxx.0 255.255.255.0 172.18.52.0 255.255.254.0
access-list stardmz_no_nat extended permit ip any 192.168.100.96 255.255.255.240
access-list StarLink_Lab_nat0_outbound extended permit ip any xxxx.64 255.255.255.224
access-list StarLink_Lab_nat0_outbound extended permit ip any 192.168.100.0 255.255.255.248
access-list StarLink_Lab_nat0_outbound extended permit ip any 192.168.100.128 255.255.255.192
access-list PaloAltoVMs_nat0_outbound extended permit ip any 192.168.100.96 255.255.255.240
access-list PaloAltoVMs_nat0_outbound extended permit ip xxxx50.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list lanvoip_data_access_in extended permit ip xxxx11.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list lanvoip_data_access_in extended permit ip 192.168.1.0 255.255.255.0 xxxx11.0 255.255.255.0
access-list lanvoip_data_access_in extended permit ip any any
access-list KarthiksSubnet_nat0_outbound extended permit ip xxxx.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Linoy_splitTunnelAcl standard permit xxxx11.0 255.255.255.0
access-list 24outside_6_cryptomap extended permit ip xxxx.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 24outside_7_cryptomap extended permit ip xxxx.0 255.255.255.0 object-group DM_INLINE_NETWORK_6
access-list Linoy_splitTunnelAcl_1 standard permit xxxx11.0 255.255.255.0
access-list stardmz_splitTunnelAcl standard permit xxxx.0 255.255.255.0
access-list stardmz_splitTunnelAcl standard permit 10.30.11.0 255.255.255.0
access-list stardmz_splitTunnelAcl standard permit xxxx1.0 255.255.255.0
access-list rameshwargroup_splitTunnelAcl_1 standard permit xxxx.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap debugging
logging asdm warnings
logging facility 23
logging host stardmz xxxx.251
logging host stardmz xxxx.214
logging host stardmz xxxx.253 17/5514
logging host stardmz xxxx.44
logging host stardmz xxxx.199
logging host stardmz xxxx.232
logging host stardmz xxxx.198
logging debug-trace
logging message 101001 level warnings
flow-export destination stardmz xxxx.198 2057
flow-export destination stardmz xxxx.24 2056
flow-export destination stardmz xxxx.126 2055
flow-export template timeout-rate 1
mtu mgmt 1500
mtu lanvoip 1500
mtu stardmz 1500
mtu WL 1500
mtu Sharief 1500
mtu KarthiksSubnet 1500
mtu lanvoip_data 1500
mtu soc_corp_machines 1500
mtu GuestLAN 1500
mtu SOC 1500
mtu StarLink_Lab 1400
mtu PaloAltoVMs 1500
mtu WLGUEST 1500
mtu 24outside 1500
mtu 16outside 1500
mtu nishith 1500
ip local pool rameshwarpool 192.168.200.1-192.168.200.5 mask 255.255.255.0
ip local pool TestDMZ xxxx.245-xxxx.250 mask 255.255.255.0
ip local pool DMZVPNPool 192.168.100.100-192.168.100.110 mask 255.255.255.0
ip local pool IBRAVPNPOOL 192.168.100.1-192.168.100.5 mask 255.255.255.0
ip local pool infobloxtraining 192.168.100.150-192.168.100.170 mask 255.255.255.0
ip local pool finance-vpn 192.168.1.1-192.168.1.10 mask 255.255.255.0
ip local pool AvayaSubnet xxxx mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any WL
icmp permit any lanvoip_data
icmp permit any SOC
asdm history enable
arp timeout 14400
nat-control
global (24outside) 10 interface
nat (mgmt) 10 xxxx.4 255.255.255.255
nat (lanvoip) 0 access-list lanvoip_nat0_outbound
nat (lanvoip) 10 xxxx.5 255.255.255.255
nat (lanvoip) 10 xxxx.6 255.255.255.255
nat (lanvoip) 10 xxxx.241 255.255.255.255
nat (stardmz) 0 access-list stardmz_no_nat
nat (stardmz) 10 xxxx.3 255.255.255.255
nat (stardmz) 10 xxxx.5 255.255.255.255
nat (stardmz) 10 xxxx.6 255.255.255.255
nat (stardmz) 10 xxxx.13 255.255.255.255
nat (stardmz) 10 xxxx.14 255.255.255.255
nat (stardmz) 10 xxxx.15 255.255.255.255
nat (stardmz) 10 xxxx.16 255.255.255.255
nat (stardmz) 10 xxxx.21 255.255.255.255
nat (stardmz) 10 xxxx.22 255.255.255.255
nat (stardmz) 10 xxxx.23 255.255.255.255
nat (stardmz) 10 xxxx.24 255.255.255.255
nat (stardmz) 10 xxxx.27 255.255.255.255
nat (stardmz) 10 xxxx.28 255.255.255.255
nat (stardmz) 10 xxxx.29 255.255.255.255
nat (stardmz) 10 xxxx.37 255.255.255.255
nat (stardmz) 10 xxxx.40 255.255.255.255
nat (stardmz) 10 xxxx.41 255.255.255.255
nat (stardmz) 10 xxxx.42 255.255.255.255
nat (stardmz) 10 xxxx.43 255.255.255.255
nat (stardmz) 10 xxxx.44 255.255.255.255
nat (stardmz) 10 xxxx.45 255.255.255.255
nat (stardmz) 10 xxxx.50 255.255.255.255
nat (stardmz) 10 xxxx.51 255.255.255.255
nat (stardmz) 10 xxxx.52 255.255.255.255
nat (stardmz) 10 xxxx.53 255.255.255.255
nat (stardmz) 10 xxxx.55 255.255.255.255
nat (stardmz) 10 xxxx.56 255.255.255.255
nat (stardmz) 10 xxxx.60 255.255.255.255
nat (stardmz) 10 xxxx.61 255.255.255.255
nat (stardmz) 10 xxxx.65 255.255.255.255
nat (stardmz) 10 xxxx.79 255.255.255.255
nat (stardmz) 10 xxxx.80 255.255.255.255
nat (stardmz) 10 xxxx.82 255.255.255.255
nat (stardmz) 10 xxxx.83 255.255.255.255
nat (stardmz) 10 xxxx.95 255.255.255.255
nat (stardmz) 10 xxxx.96 255.255.255.255
nat (stardmz) 10 xxxx.111 255.255.255.255
nat (stardmz) 10 xxxx.122 255.255.255.255
nat (stardmz) 10 xxxx.125 255.255.255.255
nat (stardmz) 10 xxxx.126 255.255.255.255
nat (stardmz) 10 xxxx.130 255.255.255.255
nat (stardmz) 10 xxxx.137 255.255.255.255
nat (stardmz) 10 xxxx.138 255.255.255.255
nat (stardmz) 10 xxxx.139 255.255.255.255
nat (stardmz) 10 xxxx.141 255.255.255.255
nat (stardmz) 10 xxxx.143 255.255.255.255
nat (stardmz) 10 xxxx.145 255.255.255.255
nat (stardmz) 10 xxxx.147 255.255.255.255
nat (stardmz) 10 xxxx.149 255.255.255.255
nat (stardmz) 10 xxxx.151 255.255.255.255
nat (stardmz) 10 xxxx.156 255.255.255.255
nat (stardmz) 10 xxxx.160 255.255.255.255
nat (stardmz) 10 xxxx.161 255.255.255.255
nat (stardmz) 10 xxxx.166 255.255.255.255
nat (stardmz) 10 xxxx.187 255.255.255.255
nat (stardmz) 10 xxxx.190 255.255.255.255
nat (stardmz) 10 xxxx.196 255.255.255.255
nat (stardmz) 10 xxxx.200 255.255.255.255
nat (stardmz) 10 xxxx.204 255.255.255.255
nat (stardmz) 10 xxxx.205 255.255.255.255
nat (stardmz) 10 xxxx.206 255.255.255.255
nat (stardmz) 10 xxxx.207 255.255.255.255
nat (stardmz) 10 xxxx.213 255.255.255.255
nat (stardmz) 10 xxxx.221 255.255.255.255
nat (stardmz) 10 xxxx.222 255.255.255.255
nat (stardmz) 10 xxxx.223 255.255.255.255
nat (stardmz) 10 xxxx.224 255.255.255.255
nat (stardmz) 10 xxxx.227 255.255.255.255
nat (stardmz) 10 xxxx.228 255.255.255.255
nat (stardmz) 10 xxxx.234 255.255.255.255
nat (stardmz) 10 xxxx.235 255.255.255.255
nat (stardmz) 10 xxxx.236 255.255.255.255
nat (stardmz) 10 xxxx.237 255.255.255.255
nat (stardmz) 10 xxxx.239 255.255.255.255
nat (stardmz) 10 xxxx.245 255.255.255.255
nat (stardmz) 10 xxxx.251 255.255.255.255
nat (stardmz) 10 xxxx.252 255.255.255.255
nat (stardmz) 10 xxxx.253 255.255.255.255
nat (stardmz) 10 xxxx.220 255.255.255.252
nat (stardmz) 10 xxxx.70.0 255.255.255.0
nat (stardmz) 10 192.168.1.0 255.255.255.0
nat (stardmz) 10 172.18.52.0 255.255.254.0
nat (stardmz) 10 xxxx.0.0 255.255.0.0
nat (WL) 10 xxxx1.0 255.255.255.0
nat (Sharief) 10 10.30.11.0 255.255.255.0
nat (Sharief) 10 172.32.32.0 255.255.255.0
nat (Sharief) 10 192.168.20.0 255.255.255.0
nat (KarthiksSubnet) 0 access-list KarthiksSubnet_nat0_outbound
nat (KarthiksSubnet) 10 xxxx.60.0 255.255.255.0
nat (lanvoip_data) 0 access-list nonat
nat (lanvoip_data) 10 xxxx11.0 255.255.255.0
nat (lanvoip_data) 10 0.0.0.0 0.0.0.0
nat (soc_corp_machines) 10 xxxx12.0 255.255.255.0
nat (GuestLAN) 10 172.31.31.0 255.255.255.0
nat (SOC) 0 access-list nonat
nat (StarLink_Lab) 0 access-list StarLink_Lab_nat0_outbound
nat (StarLink_Lab) 10 xxxx.0 255.255.255.0
nat (PaloAltoVMs) 0 access-list PaloAltoVMs_nat0_outbound
nat (PaloAltoVMs) 10 xxxx50.0 255.255.255.0
nat (WLGUEST) 10 xxxx.99.0 255.255.255.0
static (mgmt,24outside) tcp interface 8888 xxxx.4 www netmask 255.255.255.255
static (mgmt,24outside) tcp interface rtsp xxxx.4 rtsp netmask 255.255.255.255
static (mgmt,24outside) tcp interface 555 xxxx.4 555 netmask 255.255.255.255
static (mgmt,24outside) tcp interface 556 xxxx.4 556 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 990 xxxx.13 990 netmask 255.255.255.255
static (stardmz,24outside) tcp interface ftp-data xxxx.13 ftp-data netmask 255.255.255.255
static (stardmz,24outside) tcp interface ftp xxxx.13 ftp netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3001 xxxx.13 3001 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3002 xxxx.13 3002 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3003 xxxx.13 3003 netmask 255.255.255.255
static (stardmz,24outside) udp interface 8000 xxxx.13 8000 netmask 255.255.255.255
static (stardmz,24outside) udp interface 8002 xxxx.13 8002 netmask 255.255.255.255
static (stardmz,24outside) udp interface 8003 xxxx.13 8003 netmask 255.255.255.255
static (stardmz,24outside) udp interface 8004 xxxx.13 8004 netmask 255.255.255.255
static (stardmz,24outside) udp interface 557 xxxx.13 557 netmask 255.255.255.255
static (stardmz,24outside) udp interface 558 xxxx.13 558 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3009 xxxx.26 3009 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3010 xxxx.26 3010 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3011 xxxx.26 3011 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3012 xxxx.26 3012 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3014 xxxx.27 3014 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3015 xxxx.27 3015 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3016 xxxx.27 3016 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3017 xxxx.27 3017 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3018 xxxx.28 3018 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3019 xxxx.28 3019 netmask 255.255.255.255
static (stardmz,24outside) tcp interface cifs xxxx.28 cifs netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3021 xxxx.28 3021 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3022 xxxx.29 3022 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3024 xxxx.29 3024 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3025 xxxx.29 3025 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3026 xxxx.29 3026 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3027 xxxx.213 3027 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3028 xxxx.213 3028 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3029 xxxx.213 3029 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3030 xxxx.213 3030 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3031 xxxx.239 3031 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3032 xxxx.239 3032 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3033 xxxx.239 3033 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3034 xxxx.239 3034 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3036 xxxx.41 3036 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3037 xxxx.41 3037 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3038 xxxx.41 3038 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3039 xxxx.42 3039 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3040 xxxx.42 3040 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3041 xxxx.42 3041 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3042 xxxx.42 3042 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3043 xxxx.43 3043 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3044 xxxx.43 3044 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3045 xxxx.43 3045 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3046 xxxx.43 3046 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3048 xxxx.44 3048 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3049 xxxx.44 3049 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3050 xxxx.44 3050 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3051 xxxx.44 3051 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3052 xxxx.45 3052 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3053 xxxx.45 3053 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3054 xxxx.45 3054 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3055 xxxx.45 3055 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3056 xxxx.55 3056 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3057 xxxx.55 3057 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3058 xxxx.55 3058 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3059 xxxx.55 3059 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3060 xxxx.56 3060 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3061 xxxx.56 3061 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3062 xxxx.56 3062 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3064 xxxx.60 3064 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3065 xxxx.60 3065 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3066 xxxx.60 3066 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3067 xxxx.60 3067 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3063 xxxx.56 3063 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9997 xxxx.55 9997 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9998 xxxx.55 9998 netmask 255.255.255.255
static (stardmz,16outside) tcp interface https xxxx.56 https netmask 255.255.255.255
static (stardmz,16outside) tcp interface 8443 xxxx.56 8443 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3068 xxxx.41 3068 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3069 xxxx.40 3069 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3071 xxxx.40 3071 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3072 xxxx.40 3072 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3073 xxxx.40 3073 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3074 xxxx.130 3074 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3075 xxxx.130 3075 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3076 xxxx.130 3076 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3077 xxxx.130 3077 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3078 xxxx.130 3078 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3079 xxxx.130 3079 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3080 xxxx.21 3080 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3081 xxxx.21 3081 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3082 xxxx.21 3082 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3083 xxxx.21 3083 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 445 xxxx.13 445 netmask 255.255.255.255
static (stardmz,24outside) tcp interface netbios-ssn xxxx.13 netbios-ssn netmask 255.255.255.255
static (stardmz,24outside) tcp interface 6969 xxxx.139 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 6996 xxxx.139 6996 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9999 xxxx.13 8443 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9389 xxxx.13 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 7022 xxxx.61 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9450 xxxx.44 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9451 xxxx.37 https netmask 255.255.255.255
static (lanvoip_data,24outside) tcp interface 9390 xxxx11.240 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3390 xxxx.200 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 8082 xxxx.65 8082 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9092 xxxx.61 8082 netmask 255.255.255.255
static (lanvoip_data,24outside) tcp interface 9000 xxxx11.172 9000 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3004 xxxx.210 www netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3005 xxxx.207 www netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3006 xxxx.212 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3007 xxxx.213 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 3008 xxxx.251 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 39234 xxxx.234 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 39235 xxxx.235 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 39236 xxxx.236 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 39237 xxxx.237 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9452 xxxx.60 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 902 xxxx.30 902 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 7443 xxxx.30 https netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9050 xxxx.175 https netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9052 xxxx.175 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9441 xxxx.199 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9442 xxxx.199 https netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9467 xxxx.85 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 6443 xxxx.3 https netmask 255.255.255.255
static (PaloAltoVMs,24outside) tcp interface 6444 xxxx50.225 www netmask 255.255.255.255
static (stardmz,24outside) tcp interface 8080 xxxx.61 8080 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 8443 xxxx.55 8443 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6000 xxxx.147 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6001 xxxx.148 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6002 xxxx.149 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6003 xxxx.150 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6004 xxxx.151 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6005 xxxx.152 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6006 xxxx.153 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6007 xxxx.154 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6008 xxxx.155 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6009 xxxx.156 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6010 xxxx.157 3389 netmask 255.255.255.255
static (StarLink_Lab,24outside) tcp interface 6011 xxxx.158 3389 netmask 255.255.255.255
static (KarthiksSubnet,24outside) tcp interface 2525 xxxx.60.132 3389 netmask 255.255.255.255
static (PaloAltoVMs,24outside) tcp interface 9048 xxxx50.99 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 1397 xxxx.97 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 4362 xxxx.62 https netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9439 xxxx.198 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9440 xxxx.198 https netmask 255.255.255.255
static (stardmz,24outside) tcp interface 1396 xxxx.233 3389 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9443 xxxx.31 8443 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9444 xxxx.31 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9445 xxxx.31 www netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9446 xxxx.32 8443 netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9447 xxxx.32 ssh netmask 255.255.255.255
static (lanvoip_data,24outside) tcp interface 9448 xxxx.32 www netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9449 xxxx.228 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9453 xxxx.226 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface https xxxx.14 https netmask 255.255.255.255
static (KarthiksSubnet,24outside) tcp interface 3000 xxxx.60.10 https netmask 255.255.255.255
static (stardmz,24outside) tcp interface ssh xxxx.14 ssh netmask 255.255.255.255
static (stardmz,24outside) tcp interface 9454 xxxx.229 3389 netmask 255.255.255.255
static (WL,mgmt) xxxx1.5 xxxx1.5 netmask 255.255.255.255
static (lanvoip,WL) xxxx.2 xxxx.2 netmask 255.255.255.255
static (lanvoip,WL) xxxx.3 xxxx.3 netmask 255.255.255.255
static (WL,lanvoip) xxxx1.5 xxxx1.5 netmask 255.255.255.255
static (WL,mgmt) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (WL,stardmz) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (WL,mgmt) xxxx1.7 xxxx1.7 netmask 255.255.255.255
static (lanvoip_data,stardmz) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (lanvoip_data,WL) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (WL,lanvoip_data) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (mgmt,WL) xxxx.4 xxxx.4 netmask 255.255.255.255
static (lanvoip_data,mgmt) xxxx11.7 xxxx11.7 netmask 255.255.255.255
static (lanvoip_data,lanvoip) xxxx11.7 xxxx11.7 netmask 255.255.255.255
static (lanvoip_data,WL) xxxx1.236 xxxx11.236 netmask 255.255.255.255
static (lanvoip_data,WL) xxxx1.235 xxxx11.235 netmask 255.255.255.255
static (lanvoip_data,mgmt) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (mgmt,lanvoip_data) xxxx.4 xxxx.4 netmask 255.255.255.255
static (WLGUEST,stardmz) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (WLGUEST,stardmz) xxxx.99.0 xxxx.99.0 netmask 255.255.255.0
static (WL,mgmt) xxxx1.8 xxxx1.8 netmask 255.255.255.255
static (lanvoip_data,mgmt) xxxx11.8 xxxx11.8 netmask 255.255.255.255
static (lanvoip_data,lanvoip) xxxx11.8 xxxx11.8 netmask 255.255.255.255
static (lanvoip,mgmt) xxxx.5 xxxx.5 netmask 255.255.255.255
static (lanvoip_data,WL) xxxx1.237 xxxx11.237 netmask 255.255.255.255
static (lanvoip_data,StarLink_Lab) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (lanvoip_data,WL) xxxx1.238 xxxx11.238 netmask 255.255.255.255
static (lanvoip_data,WL) xxxx1.138 xxxx11.138 netmask 255.255.255.255
static (WL,stardmz) xxxx.13 xxxx.13 netmask 255.255.255.255
static (lanvoip_data,lanvoip) xxxx11.19 xxxx11.19 netmask 255.255.255.255
static (soc_corp_machines,stardmz) xxxx12.0 xxxx12.0 netmask 255.255.255.0
static (soc_corp_machines,lanvoip_data) xxxx12.0 xxxx12.0 netmask 255.255.255.0
static (lanvoip_data,soc_corp_machines) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (lanvoip_data,WL) xxxx1.90 xxxx11.90 netmask 255.255.255.255
static (WL,lanvoip) xxxx1.230 xxxx1.230 netmask 255.255.255.255
static (WL,lanvoip_data) xxxx11.90 xxxx1.90 netmask 255.255.255.255
static (WL,StarLink_Lab) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (lanvoip_data,soc_corp_machines) xxxx11.76 xxxx11.76 netmask 255.255.255.255
static (lanvoip_data,KarthiksSubnet) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (WL,KarthiksSubnet) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (PaloAltoVMs,WL) xxxx50.0 xxxx50.0 netmask 255.255.255.0
static (WL,PaloAltoVMs) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (PaloAltoVMs,lanvoip) xxxx50.225 xxxx50.225 netmask 255.255.255.255
static (PaloAltoVMs,stardmz) xxxx50.225 xxxx50.225 netmask 255.255.255.255
static (lanvoip_data,PaloAltoVMs) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (PaloAltoVMs,lanvoip_data) xxxx50.0 xxxx50.0 netmask 255.255.255.0
static (lanvoip,stardmz) xxxx.251 xxxx.251 netmask 255.255.255.255
static (soc_corp_machines,PaloAltoVMs) xxxx12.0 xxxx12.0 netmask 255.255.255.0
static (PaloAltoVMs,soc_corp_machines) xxxx50.0 xxxx50.0 netmask 255.255.255.0
static (PaloAltoVMs,stardmz) xxxx50.224 xxxx50.224 netmask 255.255.255.255
static (PaloAltoVMs,stardmz) xxxx50.0 xxxx50.0 netmask 255.255.255.0
static (lanvoip,lanvoip_data) xxxx.5 xxxx.5 netmask 255.255.255.255
static (lanvoip_data,lanvoip) xxxx11.236 xxxx11.236 netmask 255.255.255.255
static (WL,lanvoip) xxxx.8 xxxx1.8 netmask 255.255.255.255
static (lanvoip,stardmz) xxxx.1 xxxx.1 netmask 255.255.255.255
static (soc_corp_machines,WL) xxxx12.0 xxxx12.0 netmask 255.255.255.0
static (WL,soc_corp_machines) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (lanvoip,PaloAltoVMs) xxxx.0 xxxx.0 netmask 255.255.255.0
static (PaloAltoVMs,lanvoip) xxxx50.0 xxxx50.0 netmask 255.255.255.0
static (lanvoip,mgmt) xxxx.6 xxxx.6 netmask 255.255.255.255
static (mgmt,lanvoip) xxxx.4 xxxx.4 netmask 255.255.255.255
static (Sharief,stardmz) 172.32.32.0 172.32.32.0 netmask 255.255.255.0
static (Sharief,soc_corp_machines) 10.30.11.0 10.30.11.0 netmask 255.255.255.0
static (soc_corp_machines,Sharief) xxxx12.0 xxxx12.0 netmask 255.255.255.0
static (WL,Sharief) xxxx1.0 xxxx1.0 netmask 255.255.255.0
static (Sharief,WL) 10.30.11.0 10.30.11.0 netmask 255.255.255.0
static (lanvoip_data,Sharief) xxxx11.0 xxxx11.0 netmask 255.255.255.0
static (Sharief,lanvoip_data) 10.30.11.0 10.30.11.0 netmask 255.255.255.0
static (Sharief,stardmz) 10.30.11.0 10.30.11.0 netmask 255.255.255.0
static (lanvoip,WL) xxxx.5 xxxx.5 netmask 255.255.255.255
static (KarthiksSubnet,WL) xxxx.60.0 xxxx.60.0 netmask 255.255.255.0
static (KarthiksSubnet,lanvoip_data) xxxx.60.0 xxxx.60.0 netmask 255.255.255.0
static (KarthiksSubnet,stardmz) xxxx.60.132 xxxx.60.132 netmask 255.255.255.255
static (stardmz,WL) xxxx.0 xxxx.0 netmask 255.255.255.0
static (stardmz,lanvoip_data) xxxx.0 xxxx.0 netmask 255.255.255.0
static (stardmz,SOC) xxxx.50 xxxx.44 netmask 255.255.255.255
static (stardmz,lanvoip) xxxx.253 xxxx.253 netmask 255.255.255.255
static (stardmz,lanvoip) xxxx.252 xxxx.252 netmask 255.255.255.255
static (stardmz,SOC) xxxx.95 xxxx.95 netmask 255.255.255.255
static (stardmz,soc_corp_machines) xxxx.0 xxxx.0 netmask 255.255.255.0
static (stardmz,lanvoip) xxxx.79 xxxx.79 netmask 255.255.255.255
static (stardmz,StarLink_Lab) 172.18.52.0 172.18.52.0 netmask 255.255.254.0
static (stardmz,StarLink_Lab) xxxx.125 xxxx.125 netmask 255.255.255.255
static (stardmz,PaloAltoVMs) xxxx.125 xxxx.125 netmask 255.255.255.255
static (stardmz,lanvoip) xxxx.193 xxxx.193 netmask 255.255.255.255
static (stardmz,PaloAltoVMs) xxxx.199 xxxx.199 netmask 255.255.255.255
static (stardmz,SOC) xxxx.10 xxxx.85 netmask 255.255.255.255
static (stardmz,PaloAltoVMs) xxxx.0 xxxx.0 netmask 255.255.255.0
static (stardmz,lanvoip) xxxx.15 xxxx.15 netmask 255.255.255.255
static (stardmz,KarthiksSubnet) xxxx.0 xxxx.0 netmask 255.255.255.0
static (stardmz,lanvoip) xxxx.8 xxxx.8 netmask 255.255.255.255
static (stardmz,Sharief) xxxx.0 xxxx.0 netmask 255.255.255.0
static (stardmz,Sharief) xxxx.231 xxxx.231 netmask 255.255.255.255
static (StarLink_Lab,WL) xxxx.0 xxxx.0 netmask 255.255.255.0
static (StarLink_Lab,stardmz) xxxx.0 xxxx.0 netmask 255.255.255.0
static (StarLink_Lab,lanvoip_data) xxxx.0 xxxx.0 netmask 255.255.255.0
static (WL,lanvoip) xxxx1.7 xxxx1.7 netmask 255.255.255.255
access-group stardmz_access_in in interface stardmz
access-group WL_access_in in interface WL
access-group lanvoip_data_access_in in interface lanvoip_data
access-group SOC_access_in in interface SOC
access-group StarLink_Lab_access_in in interface StarLink_Lab
access-group OUT_IN in interface 24outside
access-group 16_OUT_IN in interface 16outside
route 24outside 0.0.0.0 0.0.0.0 94.206.93.209 1
route stardmz 10.200.252.70 255.255.255.255 xxxx.125 1
route stardmz xxxx.70.0 255.255.255.0 xxxx.6 1
route stardmz 172.18.52.0 255.255.254.0 xxxx.125 1
route lanvoip_data 192.168.1.0 255.255.255.0 xxxx11.146 1
route stardmz 192.168.1.2 255.255.255.255 xxxx.125 1
route stardmz 192.168.1.3 255.255.255.255 xxxx.125 1
route stardmz 192.168.1.8 255.255.255.248 xxxx.125 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http xxxx.0 255.255.255.0 mgmt
http xxxx1.5 255.255.255.255 WL
http xxxx1.7 255.255.255.255 WL
http xxxx11.7 255.255.255.255 lanvoip_data
http xxxx1.8 255.255.255.255 WL
http xxxx11.8 255.255.255.255 lanvoip_data
http xxxx.5 255.255.255.255 lanvoip
http xxxx.60.106 255.255.255.255 KarthiksSubnet
snmp-server group test v3 auth
snmp-server group Authentication&Encryption v3 priv
snmp-server group aunthentication&Encryption v3 noauth
snmp-server host WL xxxx1.230 poll community xxxx version 2c
snmp-server host lanvoip_data xxxx11.19 poll community xxxx version 2c
snmp-server host PaloAltoVMs xxxx50.225 poll community xxxx
snmp-server host stardmz xxxx.126 community xxxx
snmp-server host stardmz xxxx.252 poll community xxxx version 2c
snmp-server host stardmz xxxx.253 poll community xxxx version 2c
snmp-server host stardmz xxxx.79 poll community xxxx version 2c
snmp-server host mgmt xxxx11.7 community xxxx
no snmp-server location
no snmp-server contact
snmp-server community xxxx
sysopt noproxyarp stardmz
sysopt noproxyarp WL
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set Pub-ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address 24outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 78.189.187.196
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address 24outside_2_cryptomap
crypto map outside_map 2 set peer 185.3.122.130
crypto map outside_map 2 set transform-set ESP-3DES-MD5
crypto map outside_map 2 set security-association lifetime seconds 3600
crypto map outside_map 3 match address 24outside_3_cryptomap
crypto map outside_map 3 set peer 94.97.244.59
crypto map outside_map 3 set transform-set ESP-3DES-SHA
crypto map outside_map 3 set nat-t-disable
crypto map outside_map 4 match address 24outside_4_cryptomap
crypto map outside_map 4 set peer 212.57.20.100
crypto map outside_map 4 set transform-set ESP-AES-128-SHA
crypto map outside_map 5 match address 24outside_5_cryptomap
crypto map outside_map 5 set pfs group1
crypto map outside_map 5 set peer 41.242.164.105
crypto map outside_map 5 set transform-set ESP-3DES-SHA
crypto map outside_map 6 match address 24outside_6_cryptomap
crypto map outside_map 6 set peer 41.32.170.26 197.51.9.170
crypto map outside_map 6 set transform-set ESP-3DES-SHA
crypto map outside_map 7 match address 24outside_7_cryptomap
crypto map outside_map 7 set peer 62.150.102.234
crypto map outside_map 7 set transform-set ESP-3DES-SHA
crypto map outside_map 10 match address Qatar
crypto map outside_map 10 set peer 213.130.124.130
crypto map outside_map 10 set transform-set Pub-ESP-3DES-MD5
crypto map outside_map 10 set security-association lifetime seconds 28800
crypto map outside_map 10 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface 24outside
crypto isakmp enable 24outside
crypto isakmp enable 16outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 20
 authentication pre-share
 encryption 3des
 hash md5
 group 2      
 lifetime 28800
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash sha
 group 1
 lifetime 86400
crypto isakmp policy 60
 authentication pre-share
 encryption 3des
 hash sha
 group 1
 lifetime 28800
crypto isakmp policy 70
 authentication pre-share
 encryption 3des
 hash md5
 group 1      
 lifetime 28800
crypto isakmp policy 90
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 110
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 130
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
crypto isakmp ipsec-over-tcp port 10000
telnet xxxx.0 255.255.255.0 lanvoip
telnet xxxx.1 255.255.255.255 lanvoip
telnet timeout 5
ssh xxxx.0 255.255.255.0 mgmt
ssh xxxx.5 255.255.255.255 lanvoip
ssh xxxx.42 255.255.255.255 stardmz
ssh xxxx.13 255.255.255.255 stardmz
ssh xxxx.47 255.255.255.255 stardmz
ssh xxxx.193 255.255.255.255 stardmz
ssh xxxx1.5 255.255.255.255 WL
ssh xxxx1.7 255.255.255.255 WL
ssh xxxx1.8 255.255.255.255 WL
ssh xxxx.60.106 255.255.255.255 KarthiksSubnet
ssh xxxx11.7 255.255.255.255 lanvoip_data
ssh xxxx11.8 255.255.255.255 lanvoip_data
ssh xxxx.47 255.255.255.255 SOC
ssh xxxx50.225 255.255.255.255 PaloAltoVMs
ssh timeout 60
ssh version 2
console timeout 0
dhcpd dns 94.200.200.200 91.94.94.94
!
dhcpd address xxxx1.25-xxxx1.250 WL
dhcpd dns xxxx.2 8.8.8.8 interface WL
dhcpd enable WL
!
dhcpd address xxxx11.10-xxxx11.235 lanvoip_data
dhcpd dns xxxx.2 8.8.8.8 interface lanvoip_data
dhcpd enable lanvoip_data
!
dhcpd address xxxx12.1-xxxx12.20 soc_corp_machines
dhcpd enable soc_corp_machines
!
dhcpd address 172.31.31.1-172.31.31.40 GuestLAN
dhcpd dns 94.200.200.200 8.8.8.8 interface GuestLAN
dhcpd enable GuestLAN
!
dhcpd address xxxx.10-xxxx.50 StarLink_Lab
dhcpd dns 94.200.200.200 91.94.94.94 interface StarLink_Lab
dhcpd enable StarLink_Lab
!
dhcpd address xxxx.99.50-xxxx.99.200 WLGUEST
dhcpd enable WLGUEST
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 port 442
 enable 24outside
 svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy PaloAltoSubnet internal
group-policy PaloAltoSubnet attributes
 dns-server value 94.200.200.200 8.8.8.8
 vpn-tunnel-protocol IPSec
 default-domain none
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy rameshwargroup internal
group-policy rameshwargroup attributes
 dns-server value 94.200.200.200 8.8.8.8
 vpn-tunnel-protocol IPSec l2tp-ipsec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value rameshwargroup_splitTunnelAcl_1
 default-domain none
group-policy Linoy internal
group-policy Linoy attributes
 dns-server value 8.8.8.8 94.200.200.200
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Linoy_splitTunnelAcl_1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-idle-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy Avaya internal
group-policy Avaya attributes
 dns-server value 8.8.8.8
 vpn-tunnel-protocol svc
 default-domain none
group-policy starlinkdmz internal
group-policy starlinkdmz attributes
 dns-server value 94.200.200.200 4.2.2.2
 vpn-tunnel-protocol IPSec l2tp-ipsec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value stardmz_splitTunnelAcl
 default-domain none
 address-pools value DMZVPNPool
group-policy elabs internal
group-policy elabs attributes
 dns-server value 8.8.8.8 4.2.2.2
 vpn-tunnel-protocol IPSec
group-policy IBRA internal
group-policy IBRA attributes
 vpn-tunnel-protocol IPSec
group-policy finance internal
group-policy finance attributes
 dns-server value 94.200.200.200
 vpn-tunnel-protocol IPSec
 default-domain value starlinkme.net
username safenet password yPSHuZ806k0fDXvd encrypted
username safenet attributes
 service-type remote-access
username prashant password 3q2svHPD82l8hLCB encrypted
username prashant attributes
 service-type remote-access
username Sajjad password srRkZdAsADKgYlPi encrypted privilege 0
username Sajjad attributes
 vpn-group-policy starlinkdmz
 service-type remote-access
username qradar password BeepgXJp95pVeGA/ encrypted
username qradar attributes
 service-type nas-prompt
username rahul password IVEWeIDgJQLBor/w encrypted
username rahul attributes
 vpn-group-policy starlinkdmz
username rameshwar password FGU8zOdEtW6ZAwrA encrypted privilege 15
username rameshwar attributes
 vpn-group-policy rameshwargroup
 vpn-tunnel-protocol IPSec l2tp-ipsec
 group-lock value rameshwargroup
username linoy password BgI5LiR5D3TgKDM2 encrypted privilege 0
username linoy attributes
 vpn-group-policy Avaya
username adel password NB4WOKMHv1X/NhSX encrypted privilege 15
username adel attributes
 vpn-group-policy starlinkdmz
username user1 password LsDLBZWpj2hJXVXv encrypted
username user1 attributes
 vpn-group-policy Avaya
username training password /u08KNQVBESvnvka encrypted privilege 0
username training attributes
 vpn-group-policy elabs
username nizar password Ew/pt2gnkUCuXUPr encrypted privilege 0
username nizar attributes
 vpn-group-policy PaloAltoSubnet
username steven password jwRXptLQF8IQYPCC encrypted
username steven attributes
 vpn-group-policy starlinkdmz
 service-type remote-access
username karthik password jMMK./Qga.tfjge3 encrypted
username sharief password ciEsvrL2OWDO9BXgREyeKA== nt-encrypted
username sharief attributes
 vpn-group-policy starlinkdmz
 service-type admin
username amjad password 32/tH/FZfLsJFyA8 encrypted privilege 0
username amjad attributes
 vpn-group-policy finance
 password-storage disable
 group-lock value finance
 service-type remote-access
username julito password 9TljTjX4SF35Fr9r encrypted privilege 0
username julito attributes
 vpn-group-policy finance
 password-storage disable
 group-lock value finance
 service-type remote-access
tunnel-group 213.130.124.130 type ipsec-l2l
tunnel-group 213.130.124.130 ipsec-attributes
 pre-shared-key xxxx
tunnel-group finance type remote-access
tunnel-group finance general-attributes
 address-pool finance-vpn
 default-group-policy finance
tunnel-group finance ipsec-attributes
 pre-shared-key xxxx
tunnel-group 78.189.187.196 type ipsec-l2l
tunnel-group 78.189.187.196 ipsec-attributes
 pre-shared-key xxxx
tunnel-group 185.3.122.130 type ipsec-l2l
tunnel-group 185.3.122.130 ipsec-attributes
 pre-shared-key xxxx
tunnel-group PaloAltoSubnet type remote-access
tunnel-group PaloAltoSubnet general-attributes
 address-pool DMZVPNPool
 default-group-policy PaloAltoSubnet
tunnel-group PaloAltoSubnet ipsec-attributes
 pre-shared-key xxxx
tunnel-group 212.57.20.100 type ipsec-l2l
tunnel-group 212.57.20.100 ipsec-attributes
 pre-shared-key xxxx
tunnel-group 41.242.164.105 type ipsec-l2l
tunnel-group 41.242.164.105 ipsec-attributes
 pre-shared-key xxxx
 peer-id-validate nocheck
tunnel-group IBRA type remote-access
tunnel-group IBRA general-attributes
 address-pool IBRAVPNPOOL
 default-group-policy IBRA
tunnel-group IBRA ipsec-attributes
 pre-shared-key xxxx
tunnel-group StarLinkLab type remote-access
tunnel-group StarLinkLab general-attributes
 address-pool IBRAVPNPOOL
tunnel-group StarLinkLab ipsec-attributes
 pre-shared-key xxxx
tunnel-group starlinkdmz type remote-access
tunnel-group starlinkdmz general-attributes
 address-pool TestDMZ
 default-group-policy starlinkdmz
tunnel-group starlinkdmz ipsec-attributes
 pre-shared-key xxxx
tunnel-group 94.97.244.59 type ipsec-l2l
tunnel-group 94.97.244.59 ipsec-attributes
 pre-shared-key xxxx
tunnel-group elabs type remote-access
tunnel-group elabs general-attributes
 address-pool infobloxtraining
 default-group-policy elabs
tunnel-group elabs ipsec-attributes
 pre-shared-key xxxx
tunnel-group 41.32.170.26 type ipsec-l2l
tunnel-group 41.32.170.26 ipsec-attributes
 pre-shared-key xxxx
tunnel-group Linoy type remote-access
tunnel-group Linoy general-attributes
 address-pool DMZVPNPool
 default-group-policy Linoy
tunnel-group Linoy ipsec-attributes
 pre-shared-key xxxx
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
 address-pool AvayaSubnet
 default-group-policy Avaya
tunnel-group SSLVPN webvpn-attributes
 group-alias sslvpn enable
tunnel-group 62.150.102.234 type ipsec-l2l
tunnel-group 62.150.102.234 ipsec-attributes
 pre-shared-key xxxx
tunnel-group rameshwargroup type remote-access
tunnel-group rameshwargroup general-attributes
 address-pool rameshwarpool
 default-group-policy rameshwargroup
tunnel-group rameshwargroup ipsec-attributes
 pre-shared-key xxxx
tunnel-group 197.51.9.170 type ipsec-l2l
tunnel-group 197.51.9.170 ipsec-attributes
 pre-shared-key xxxx
!
class-map global-class
 match any
class-map inspection_default
 match default-inspection-traffic
class-map netflow-traffic
 match access-list netflow-hosts
class-map global_class
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 description NetflowRiverbed
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect rsh
  inspect esmtp
  inspect sunrpc
  inspect xdmcp
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect skinny  
  inspect icmp
  inspect pptp
 class global-class
  flow-export event-type all destination xxxx.24 xxxx.126
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:5f0ed2ee1499a6786ef8b99ca0eebc84
: end

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to panchalrameshwar72

‎01-23-2017 08:58 PM

hi rahul

did u managed to find something from my config , appreciate your support on this

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to panchalrameshwar72

‎01-23-2017 09:22 PM

Which tunnel-group are you using to connect? If you are using the "rameshwargroup", it only has one network in the split tunnel.

access-list rameshwargroup_splitTunnelAcl_1 standard permit xxxx.0 255.255.255.0

You need to add all the networks you need to access in the split tunnel ACL.

Also, you need a statement in your nat 0 access-list:

access-list nonat extended permit ip <internal subnet> 255.255.255.0 <vpn-subnet> 255.255.255.0

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to Rahul Govindan

‎01-23-2017 10:29 PM

so i just have to add this extended accesslist which you have mention for my all networks which i want to be access via vpn ..

but can u let me know about thie statement (Also, you need a statement in your nat 0 access-list:) is it the same ? or something else

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to panchalrameshwar72

‎01-23-2017 10:44 PM

hi , thankyou for the support before i was not able to reach any network , but when i add this command access-list nonat extended permit ip 172.16.X.0 255.255.255.0 192.168.X.0 255.255.255.0 - once subnet i can reach

but when i enter another command for another subnet and try reaching it , it is not reaching from vpn :( it seems the issue is still the same .. i can only reach one subnet from vpn connection - can you suggest on this

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to panchalrameshwar72

‎01-24-2017 06:19 AM

What are the subnets you are trying to reach? You have to add the ACL entry for the right interface nat exemption rule.

0 Helpful

Go to solution
panchalrameshwar72
Level 1
Level 1
In response to Rahul Govindan

‎01-24-2017 09:13 PM

this is the command for nonat for the network i want to reach

access-list nonat extended permit ip 172.16.111.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list nonat extended permit ip 172.16.11.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list nonat extended permit ip 172.16.3.0 255.255.255.0 192.168.200.0 255.255.255.0

and below is the acl which i has the same network which i want to reach via subnet

access-list rameshwargroup_splitTunnelAcl_1 standard permit 172.16.111.0 255.255.255.0
access-list rameshwargroup_splitTunnelAcl_1 standard permit 172.16.3.0 255.255.255.0
access-list rameshwargroup_splitTunnelAcl_1 standard permit 172.16.11.0 255.255.255.0

is there any thing else i have to do , or someting is wrong with this cisco

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to panchalrameshwar72

‎01-25-2017 04:45 AM

Are all the 3 subnets on your "lanvoip_data" interface? I can see that the 172.16.111/24 is part of that interface but can't make out the other 2.

So the nonat acl was referenced in your existing nat exemption rule:

nat (lanvoip_data) 0 access-list nonat

If your other subnets reside on other interface, identify the "nat (intrface name) 0 <acl name" command in your config. Then add the ACL entry in that ACL.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card