Hi Jennifer,

Thanks for your answer.

Sec. Level 90 .

Can you write me correct NAT and exeption configuration? That is my conf.

This is my test Firewall system

ciscoasa(config)# sh run

: Saved

:

ASA Version 8.0(2)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Ethernet0/0

nameif outisde

security-level 0

ip address 200.100.100.200 255.255.255.240

!

interface Ethernet0/1

nameif vpm

security-level 90

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet0/2

nameif wundplan

security-level 90

ip address 10.0.1.1 255.255.255.0

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/4

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/5

shutdown

no nameif

no security-level

no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

boot config disk0:/.private/startup-config

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group service DM_INLINE_TCP_1 tcp

port-object eq www

port-object eq https

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

access-list wundplan_access_in extended permit ip 10.0.1.0 255.255.255.0 any

access-list vpm_access_in extended permit ip 192.168.1.0 255.255.255.0 any

access-list outisde_access_in extended permit ip any 200.100.100.192 255.255.255.240

access-list wundplan_nonat extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu outisde 1500

mtu vpm 1500

mtu wundplan 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-625-53.bin

no asdm history enable

arp timeout 14400

global (outisde) 101 interface

global (wundplan) 1 10.0.1.0 netmask 255.255.0.0

access-group outisde_access_in in interface outisde

access-group vpm_access_in in interface vpm

access-group wundplan_access_in in interface wundplan

route outisde 0.0.0.0 0.0.0.0 200.100.100.199 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 10.0.1.0 255.255.255.0 wundplan

http 192.168.1.0 255.255.255.0 vpm

http 10.0.0.0 255.255.255.0 wundplan

http 192.168.0.0 255.255.255.0 vpm

http redirect wundplan 80

http redirect vpm 80

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:5cd35a1417360a176153562a9c67e266

: end

Thynk you very mach.

Hi Jenifer,

I have one good Idea. If you have Time we cann with Team Viewer connecting. What are you seing?

THANK YOU VERY VERY MUCH !!!!! YOU SAVED MY LIVE THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

THANK YOU !!!!!!!!!!!!!!

Have a nica day!!!