Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- Network Security
- Constant Deny IP Spoof Events
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
4399
Views
0
Helpful
13
Replies
Constant Deny IP Spoof Events
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 04:47 PM - edited 02-21-2020 08:10 AM
Hello,
Our ASA 5505 is nearly constantly logging the following event over and over again:
<162>Sep 01 2018 19:36:55: %ASA-2-106016: Deny IP spoof from (xxx.xx.xx.104) to xxx.xx.xx.5 on interface outside
In that event, the first IP address is the public IP address of the ASA's outside interface. However, using NAT for port 80 it is also the address of one of our web servers.
The second IP address is the public IP address used for another one of our web servers.
Can anyone give me some help in figuring out exactly what this message is indicating and how to track down the cause and stop it?
Thanks,
Tom
Labels:
13 Replies 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 08:37 PM
Hello,
Looks like someone from internal Network is trying to access the server on the public ip address.
can you please clarify the following points:
1. where is the client, server and dns server located
2. what ip address do you get when you resolve the ip address of the web server from client - is it real ip or public ip?
3. are you using ASA outside interface for the PAT for client and NAT for inbound access for the server?
depending on it, we can use dns doctoring or use internal dns to provide real ip address to the clients, if the server location is internal.
HTH
AJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 08:47 PM - edited 09-01-2018 08:48 PM
AJ,
Thank you for your quick response!
To answer your questions:
1. Physically, these machines are all located in the same rack and are a part of the same subnet. They use private IP addresses in the 192.168.0.0/24 subnet which are then translated to public IP's by the ASA. We do an internal DNS server for handling name resolution with our private IP addresses. For the resolution of our actual Internet domain names to their public IP addresses, we use GoDaddy's DNS.
2. If I am on a client machine inside the internal network, and I try to hit the Internet domain name of one of the web sites in question, it resolves to the public IP address of the site. I only get the private IP address if I use the actual name of the server rather than the Internet domain name of the site.
3. Yes, that is correct.
Thanks again,
Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 10:20 PM
Hello,
If the intention is to use the public ip address for accessing the server, you need to use dns doctoring to access the server. What it will do is modify the dns packet header and provide real ip address replacing the public ip address in the payload.
Example:
Once this is configured, it should resolve the issue and you should not get the error messages anymore.
HTH
AJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 10:27 PM
AJ,
What you said makes total sense. But the only machines on this network are our various servers and management machines. We do not have users on the network regularly accessing the web sites and so forth. So if something is attempting to hit the site using the public IP, it is a process on one of our servers that we need to isolate and figure out why.
How would I go about identifying what machine on our network is making the requests to the public IP that is causing these messages?
I assume that in the output I posted, the second IP address is the one that it is trying to be accessed and the first one is the source of the traffic, correct? But since the first IP address is the public address of our ASA, and is used for PAT, could it not theoretically be any machine inside our network generating the traffic? Is there a way to narrow down where it is coming from?
Thanks so much,
Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 10:31 PM
Got it. So, we can setup captures on the internal interface of the ASA and find out who is initiating this traffic:
capture capin interface <interface name> match tcp any host y.y.y.y
Then do a 'show capture capin' to view the source ip.
replace the interface name as on the ASA and replace y.y.y.y with the public ip address of the server being accessed. The interface would probably the default gateway of the clients and the server.
HTH
AJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 11:32 PM
AJ,
Well, I must admit to getting more confused... :-)
I did what you suggested, doing the capture on the 'inside' interface as that is the one that should be the gateway for any traffic originating from inside our network. I even tried to hit the public IP address in question from a web browser to verify the capture was working and it did, indeed, show my traffic.
However, no other attempts were captured even though I continued to see those errors reported by the ASA.
When I looked at the error message more closely, I see that it specifically references the spoof attempt as on the 'outside' interface, which none of our internal servers should be talking to directly.
I set up a capture to monitor the 'outside' interface, but now it is capturing all the legitimate traffic flowing to that web site -- hundreds of packets a minute -- which is making it difficult to see anything useful in the logs.
Any further suggestions you might have would be most appreciated.
Thanks again,
Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2018 01:34 AM
Thats interesting. Lets do this - take capture on outside interface with more buffer and analyze the captures on basis of mac address.
capture capo interface outside match tcp host <interface ip> host <web server public ip>
then take output of 'show capture capo detail'
In the capture, we need to see where the source ip is ASA outside interface ip but the mac is not for the interface. Ideally the ip and mac should match.
To get the mac address for interface, show interface ex/y should help.
HTH
AJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2018 05:04 PM
AJ,
I have set up the capture as you suggested, using the public IP address of the outside interface and the public IP address of the web server.
However, although the ASA continues to log the error messages, the captures are remaining empty, showing "0 packets captured."
Thanks,
Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2018 11:32 PM
Hello,
That means that there are no packets generated on outside interface, yet we see syslogs indicating otherwise.
Is it possible to attach the running config from the ASA, feel free to remove the sensitive info.
Regards,
AJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 12:06 AM
AJ,
I will try to "sanitize" the config file. Our config is rather large and complex -- probably unnecessarily so. But I will do my best and try to get it posted.
In the meantime, I wanted to share a couple of screenshots from the graphical ASDM interface where I was observing the notifications. The first shows the notifications themselves. I've only left the last octet of each IP address visible, but you can see that this is actually happening to multiple public web server IP's, not just one.
The second is what appears when I hover over any of the errors with the mouse.
It tells me that a packet has arrived with a destination IP address of 0. I looked that up online, and folks seem to say that indicates that a packet arrived with a destination IP address of 0.0.0.0. However, if I attempt to do a packet capture based on that, the ASA interprets 0.0.0.0 as meaning "any address" and captures all packets. Not sure to tell it that I actually am looking for packets that are really addressed to 0.0.0.0.
Thanks,
Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 12:27 AM
Hello,
The captures which I suggested earlier, can you modify the source to be any and try again for a few samples and see if you find anything funny:
capture capo interface outside match tcp any host <web server public ip>
also, lets take asp drop captures:
capture asp type asp-drop buffer 2000000
show cap asp | in 0.0.0.0
HTH
AJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 12:33 AM
AJ,
I will give that a try. In the meantime, here is the ASA config file, appropriately sanitized. Don't say that I didn't warn you it was a monstrosity. :-)
: Saved : : Serial Number: xxxx : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz : ASA Version 9.1(7)23 ! hostname EZ-Ads domain-name xxxx enable password xxxx encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd xxxx encrypted names name 207.x.x.33 BADFTPHOST name 192.168.8.191 VMH2 name 192.168.0.125 MRMCFEELY name 192.168.0.20 LBMASTER name 192.168.0.21 LBSLAVE name 192.168.0.31 DBCLUSTERLB name 192.168.0.100 HAL name 192.168.8.202 NODE-2 name 192.168.8.203 NODE-3 name 192.168.5.80 EASY name 192.168.4.85 STEWIE name 192.168.4.109 OHSVR01 name 192.168.4.53 EZNS1 name 192.168.8.88 BC1B2 name 192.168.4.187 RESVR05 name 192.168.3.179 REDEV02 name 192.168.8.207 TESTDB description TESTDB name 192.168.8.209 TESTDB2 name 192.168.4.211 TEMPNAS description TEMPNAS name 192.168.4.215 COPYHOST name 192.168.4.220 ESATA name 192.168.4.99 ENTERPRISE name 192.168.2.61 NAS01 description NAS01 name 192.168.5.79 APP1 description APP1 name 192.168.4.81 EASYSA name 192.168.4.41 CLOUD1 description CLOUD1 name 192.168.4.15 BCMM description BCMM name 192.168.3.207 EASYDB description EASYDB name 192.168.3.96 DBMONITOR description DBMONITOR name 192.168.3.59 PCSDB02 description PCSDB02 name 192.168.3.208 PCSDB description PCSDB name 192.168.3.93 PCSDBMONITOR description PCSDBMONITOR name 192.168.4.174 REALTORS01 description REALTORS01 name 192.168.3.98 MRWEED description MRWEED name 192.168.3.151 MISCHOST2 description MISCHOST1 name 192.168.3.201 NEW_EASYDB01 name 192.168.3.202 NEW_EASYDB02 name 192.168.3.203 NEW_PCSDB01 name 192.168.3.204 NEW_PCSDB02 name 192.168.0.228 DNS1 description DNS1 name 192.168.3.172 MIKEDEV01 description MIKEDEV01 name 192.168.3.171 MIKEDEV02 description MIKEDEV02 name 192.168.3.88 DEEPTHOUGHT description DEEPTHOUGHT name 192.168.3.168 TOMDEV02 description TOMDEV02 name 192.168.6.146 DEVHOST2 description DEVHOST2 name 192.168.6.164 EASYDEV01 description EASYDEV01 name 192.168.6.163 REALTORDEV01 description REALTORDEV01 name 192.168.5.92 EASYLINUX name 192.168.6.182 APP1DEV name 192.168.6.175 REALTORS02 description REALTORS02 name 192.168.5.166 MOBILEREALTORS01 name 192.168.6.176 REALTORS03 name 192.168.6.183 REPROXY name 192.168.4.165 DATASTORE01 description DATASTORE01 name 192.168.3.95 AMANDA name 192.168.3.185 NAGIOS name 192.168.6.78 EASYLINUXDEV name 192.168.0.172 DOWNTIME2 name 192.168.0.170 DOWNTIME description DOWNTIME name 192.168.0.173 DOWNTIME3 name 192.168.4.64 DATASTORE02 name 192.168.7.97 PROMETHEUS description PROMETHEUS name 192.168.6.214 DEVDB description DEVDB name 192.168.4.184 REALTORWEB name 192.168.7.206 PCSPG name 192.168.7.79 PCSDEV name 192.168.7.181 NETDEV02 description NETDEV02 name 192.168.7.110 OHDEV name 192.168.4.177 REALTOR-STAGING name 192.168.4.75 WEB1 name 192.168.4.77 WORSHIPNET name 192.168.4.87 REALTOR-LIVE name 192.168.4.84 PCS01 name 192.168.4.205 EASYPG description EASYPG name 192.168.4.90 PROMETHEUS02 description PROMETHEUS02 name 192.168.0.101 BOWMAN name 192.168.4.86 PCSWEB description PCSWEB dns-guard ip local pool RoadWarrior 192.168.9.210-192.168.9.220 mask 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 switchport access vlan 8 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.1 255.255.255.0 standby 192.168.0.2 ! interface Vlan2 nameif outside security-level 0 ip address 216.x.x.104 255.255.255.240 standby 216.x.x.103 ! interface Vlan8 description LAN Failover Interface ! interface Vlan22 no nameif no security-level no ip address ! boot system disk0:/asa917-23-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name xxxx same-security-traffic permit intra-interface object network obj-192.168.8.0 subnet 192.168.8.0 255.255.255.0 object network obj-192.168.9.0 subnet 192.168.9.0 255.255.255.0 object network obj-192.168.9.208 subnet 192.168.9.208 255.255.255.240 object network obj-192.168.4.0 subnet 192.168.4.0 255.255.255.0 object network obj-192.168.2.0 subnet 192.168.2.0 255.255.255.0 object network obj-192.168.111.0 subnet 192.168.111.0 255.255.255.0 object network obj-192.168.0.0 subnet 192.168.0.0 255.255.255.0 object network BCMM host 192.168.4.15 object network obj-192.168.0.235 host 192.168.0.235 object network obj-192.168.0.235-01 host 192.168.0.235 object network obj-192.168.0.235-02 host 192.168.0.235 object network obj-192.168.0.235-03 host 192.168.0.235 object network MRWEED host 192.168.0.98 object network MRWEED-01 host 192.168.0.98 object network EASYSA host 192.168.0.81 object network EASYSA-01 host 192.168.0.81 object network IDX-STAGING host 192.168.0.226 object network EZNS1-01 host 192.168.0.53 object network EASY host 192.168.5.80 object network EASY-01 host 192.168.5.80 object network PCSDB host 192.168.3.208 object network PCSDB02 host 192.168.3.59 object network EASYLINUX host 192.168.0.92 description was 0.92, 0.170 is downtime server object network EASYLINUX-01 host 192.168.0.92 object network EASYLINUX-02 host 192.168.0.92 object network EASYLINUX-03 host 192.168.0.92 object network EASYLINUX-04 host 192.168.0.92 object network EZNS1-02 host 192.168.0.53 object network EZNS1-03 host 192.168.0.53 object network ENTERPRISE host 192.168.0.99 object network WORSHIPNET host 192.168.0.77 object network REPROXY host 192.168.0.183 description was 0.183, 0.170 is downtime server object network REPROXY-01 host 192.168.0.183 object network EASYSA-03 host 192.168.0.81 object network EASYSA-04 host 192.168.0.81 object network MRWEED-02 host 192.168.0.98 object network STEWIE host 192.168.0.85 object network STEWIE-01 host 192.168.0.85 object network STEWIE-02 host 192.168.0.85 object network DNS1 host 192.168.0.228 object network DNS1-01 host 192.168.0.228 object network DNS1-02 host 192.168.0.228 object network PCS01 host 192.168.0.84 object network OHSVR01 host 192.168.0.109 object network OHSVR01-01 host 192.168.0.109 object network OHSVR01-02 host 192.168.0.109 object network REALTOR-LIVE host 192.168.0.87 description was 0.87, 0.172 is downtime2 server object network OHSVR01-03 host 192.168.0.109 object network OHSVR01-04 host 192.168.0.109 object network OHDEV host 192.168.0.110 object network EASYLINUX-05 host 192.168.0.92 object network MRWEED-03 host 192.168.0.98 object network DATASTORE01 host 192.168.0.165 object network PCSDBMONITOR host 192.168.3.93 object network obj-192.168.0.60 host 192.168.0.60 object network EASY-TRANS-LIVE host 192.168.0.93 object network REDEV02 host 192.168.3.179 object network NEW_EASYDB02 host 192.168.3.202 object network NEW_PCSDB01 host 192.168.3.203 object network NEW_PCSDB02 host 192.168.3.204 object network MISCHOST2 host 192.168.3.151 object network PROMETHEUS host 192.168.0.89 object network RESVR05 host 192.168.4.187 object network EASYDB host 192.168.3.207 object network DEVDB host 192.168.6.214 object network PCSDB-01 host 192.168.3.208 object network HAL host 192.168.0.100 object network BOWMAN host 192.168.0.101 object network obj-192.168.0.223 host 192.168.0.223 object network WEB1 host 192.168.0.75 object network WEB1-01 host 192.168.0.75 object network WEB1-02 host 192.168.0.75 object network WEB1-03 host 192.168.0.75 object network DEVHOST2 host 192.168.6.146 object network DEVHOST2-01 host 192.168.6.146 object network DEVHOST2-02 host 192.168.6.146 object network PCSPG host 192.168.7.206 object network TESTDB2 host 192.168.8.209 object network DEVDB-01 host 192.168.6.214 object network TEMPNAS host 192.168.4.211 object network COPYHOST host 192.168.4.215 object network ESATA host 192.168.4.220 object network DOWNTIME2 host 192.168.0.172 object network NAS01 host 192.168.0.61 object network NAS01-01 host 192.168.0.61 object network NAS01-02 host 192.168.0.61 object network NAS01-03 host 192.168.0.61 object network NAS01-04 host 192.168.0.61 object network NAS01-05 host 192.168.0.61 object network NAS01-06 host 192.168.0.61 object network NAS01-07 host 192.168.0.61 object network PCS-LIVE-web host 192.168.0.220 object network REALTORS01 host 192.168.0.174 object network REALTORWEB host 192.168.0.184 object network REALTORWEB-01 host 192.168.0.184 object network NETDEV02 host 192.168.7.181 object network NETDEV02-01 host 192.168.7.181 object network NETDEV02-02 host 192.168.7.181 object network NETDEV02-03 host 192.168.7.181 object network NETDEV02-04 host 192.168.7.181 object network NETDEV02-05 host 192.168.7.181 object network NETDEV02-06 host 192.168.7.181 object network NETDEV02-07 host 192.168.7.181 object network NETDEV02-08 host 192.168.7.181 object network NETDEV02-09 host 192.168.7.181 object network NETDEV02-10 host 192.168.7.181 object network NETDEV02-11 host 192.168.7.181 object network NETDEV02-12 host 192.168.7.181 object network NETDEV02-13 host 192.168.7.181 object network NETDEV02-14 host 192.168.7.181 object network NETDEV02-15 host 192.168.7.181 object network NETDEV02-16 host 192.168.7.181 object network NETDEV02-17 host 192.168.7.181 object network NETDEV02-18 host 192.168.7.181 object network NETDEV02-19 host 192.168.7.181 object network NETDEV02-20 host 192.168.7.181 object network NETDEV02-21 host 192.168.7.181 object network NETDEV02-22 host 192.168.7.181 object network NETDEV02-23 host 192.168.7.181 object network NETDEV02-24 host 192.168.7.181 object network NETDEV02-25 host 192.168.7.181 object network NETDEV02-26 host 192.168.7.181 object network NETDEV02-27 host 192.168.7.181 object network NETDEV02-28 host 192.168.7.181 object network NETDEV02-29 host 192.168.7.181 object network NETDEV02-30 host 192.168.7.181 object network NETDEV02-31 host 192.168.7.181 object network NETDEV02-32 host 192.168.7.181 object network NETDEV02-33 host 192.168.7.181 object network NETDEV02-34 host 192.168.7.181 object network NETDEV02-35 host 192.168.7.181 object network NETDEV02-36 host 192.168.7.181 object network NETDEV02-37 host 192.168.7.181 object network NETDEV02-38 host 192.168.7.181 object network NETDEV02-39 host 192.168.7.181 object network NETDEV02-40 host 192.168.7.181 object network NETDEV02-41 host 192.168.7.181 object network NETDEV02-42 host 192.168.7.181 object network NETDEV02-43 host 192.168.7.181 object network DOWNTIME host 192.168.0.170 object network REPTEST2 host 192.168.0.131 description NAS Replication Test Machine 2 object network EASYDB-01 host 192.168.3.207 object network DBMONITOR host 192.168.3.96 object network NETDEV02-44 host 192.168.7.181 object network MISCHOST2-01 host 192.168.3.151 object network REALTOR-STAGING host 192.168.0.177 object network PROMETHEUS02 host 192.168.0.90 object network REALTORS03 host 192.168.6.176 object network MIKEDEV01 host 192.168.3.172 object network OHDEV-01 host 192.168.0.110 object network REALTORS02 host 192.168.0.175 object network DEEPTHOUGHT host 192.168.3.88 object network BACKUPHOST host 192.168.0.223 description Google Drive Backup Server object network MOBILEREALTORS01 host 192.168.0.166 object network EASYLINUXDEV-01 host 192.168.0.78 object network EASYLINUXDEV-02 host 192.168.0.78 object network DATASTORE01-01 host 192.168.0.165 object network EASYDEV01 host 192.168.6.164 object network EASYDEV01-01 host 192.168.6.164 object network PCS01-01 host 192.168.0.84 object network REALTORDEV01 host 192.168.6.163 object network EASY-TRANS-LIVE-01 host 192.168.0.93 object network APP1DEV host 192.168.6.182 object network REPROXY-02 host 192.168.0.183 object network AMANDA host 192.168.3.95 object network WEB1-04 host 192.168.0.75 object network NAGIOS host 192.168.3.185 object network DATASTORE02 host 192.168.0.64 object network PCSWEB host 192.168.0.86 object network REALTORS02-01 host 192.168.0.175 object network PROMETHEUS02-01 host 192.168.0.90 object network ENTERPRISE-01 host 192.168.0.99 object network NAGIOS-01 host 192.168.0.185 object network REALTOR-LIVE-01 host 192.168.0.87 object network REALTOR-STAGING-01 host 192.168.0.177 object network REALTOR-STAGING-02 host 192.168.0.177 object network REALTOR-STAGING-03 host 192.168.0.177 object network WEB1-05 host 192.168.0.75 object network obj-192.168.3.0 subnet 192.168.3.0 255.255.255.0 object network obj-192.168.5.0 subnet 192.168.5.0 255.255.255.0 object network obj-192.168.6.0 subnet 192.168.6.0 255.255.255.0 object network obj-192.168.7.0 subnet 192.168.7.0 255.255.255.0 object network obj_any subnet 0.0.0.0 0.0.0.0 object network BADFTPHOST host 207.x.x.33 description Created during name migration object network prometheus03 host 192.168.0.102 description prometheus03 object service RDP service tcp source eq 3389 destination eq 3389 description Remote Desktop Protocol object network POSTGRES-MAIN host 192.168.0.201 description Main production postgresql server object network BOUNCER host 192.168.0.205 object network EASY-TRANS-STAGING host 192.168.0.224 object network EASY-TRANS-STAGING-01 host 192.168.0.224 object network SANDBOXDB host 192.168.0.57 object network PCS-LIVE host 192.168.0.220 object network EASY-TRANS-LIVE-02 host 192.168.0.93 object network NETWORK_OBJ_192.168.9.208_28 subnet 192.168.9.208 255.255.255.240 object network NETWORK_OBJ_192.168.0.224_27 subnet 192.168.0.224 255.255.255.224 object network bouncer host 192.168.0.205 object network EASY-TRANS-LIVE-03 host 192.168.0.93 object network PCS-LIVE-WEB host 192.168.0.220 object network TRANSFERHOST2 host 192.168.0.225 description Windows 7-Based File Transfer Host object service RDPTH2 service tcp source eq 33225 destination eq 33225 object network EASY-TRANS-02 host 192.168.0.170 object network DEFIANT host 192.168.0.234 object network QUICKBOOKS host 192.168.0.232 object network host object network REALTOR-LIVE-02 host 192.168.0.87 object network DATASTORE02-01 host 192.168.0.165 object network REPTEST1 host 192.168.0.130 description NAS Replication Test Machine object network easy-staging host 192.168.0.125 description EASy Staging Server object network realtor-staging host 192.168.0.126 description Django Realtor Staging Server object network speedtest host 192.168.0.227 object network zabbix host 192.168.0.221 description Zabbix Appliance object network realtor-public host 216.x.x.6 object network vmwhost1 host 192.168.0.230 description VMware ESXi Host # 1 object network vmwhost2 host 192.168.0.233 description VMware ESXi Host # 2 object network vmwhost3 host 192.168.0.121 description VMware ESXi Host # 3 object network xxxx host 73.x.x.97 description xxxx Home Network object network vmwhost2-A host 192.168.0.233 object-group network DM_INLINE_NETWORK_1 network-object host 24.x.x.126 network-object host 184.x.x.111 object-group service HLserve tcp-udp description HL server port range port-object range 27010 27020 object-group network DM_INLINE_NETWORK_2 network-object host 24.x.x.126 network-object host 184.x.x.111 object-group network DM_INLINE_NETWORK_3 network-object host 201.x.x.64 network-object host 61.x.x.33 network-object host 190.x.x.166 network-object host 72.x.x.170 network-object host 107.x.x.9 access-list allow_ping extended permit icmp any4 any4 echo-reply access-list allow_ping extended permit icmp any4 any4 source-quench access-list allow_ping extended permit icmp any4 any4 unreachable access-list allow_ping extended permit icmp any4 any4 time-exceeded access-list outside_1_cryptomap extended permit ip 192.168.9.0 255.255.255.0 192.168.4.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip host 38.x.x.66 192.168.4.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip 192.168.4.0 255.255.255.0 host 38.x.x.66 access-list inside_nat0_outbound extended permit ip 192.168.8.0 255.255.255.0 192.168.9.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any4 192.168.9.208 255.255.255.240 access-list inside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 192.168.9.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 any4 access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 192.168.111.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 192.168.111.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.111.0 255.255.255.0 access-list outside_1_cryptomap_1 extended permit ip 192.168.2.0 255.255.255.0 192.168.111.0 255.255.255.0 access-list outside_1_cryptomap_1 extended permit ip 192.168.4.0 255.255.255.0 192.168.111.0 255.255.255.0 access-list outside_1_cryptomap_1 extended permit ip 192.168.0.0 255.255.255.0 192.168.111.0 255.255.255.0 access-list ACL_OUT extended deny ip object-group DM_INLINE_NETWORK_3 any inactive access-list ACL_OUT extended deny udp any any eq ntp access-list ACL_OUT extended permit tcp any4 object MRWEED eq ftp access-list ACL_OUT extended permit udp any4 any4 eq ntp access-list ACL_OUT extended deny tcp object BADFTPHOST object DNS1 eq domain access-list ACL_OUT extended deny tcp object BADFTPHOST object PCS01 eq www access-list ACL_OUT extended deny tcp object BADFTPHOST object MRWEED eq ftp access-list ACL_OUT extended deny tcp object BADFTPHOST host 216.x.x.100 access-list ACL_OUT extended permit tcp any4 object PCS01 eq www access-list ACL_OUT extended permit tcp any4 host 216.x.x.103 eq www access-list ACL_OUT extended permit tcp any4 host 216.x.x.100 eq 5900 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 5900 access-list ACL_OUT extended permit tcp any4 object DNS1 eq domain access-list ACL_OUT extended permit udp any4 object DNS1 eq domain access-list ACL_OUT extended permit tcp any4 host 216.x.x.100 eq ftp-data access-list ACL_OUT extended permit tcp any4 object EASYSA eq ftp access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq ftp-data access-list ACL_OUT extended permit tcp any4 object REALTORS02 eq www access-list ACL_OUT extended permit tcp any4 host 216.x.x.99 eq 5900 access-list ACL_OUT extended permit tcp any4 host 216.x.x.99 eq 3389 access-list ACL_OUT extended permit tcp any4 object MRWEED eq www access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 8180 access-list ACL_OUT extended permit tcp any4 object DATASTORE01 eq www access-list ACL_OUT extended permit tcp any4 host 216.x.x.3 eq 5900 access-list ACL_OUT extended permit tcp any4 host 216.x.x.3 eq https access-list ACL_OUT extended permit tcp any4 host 216.x.x.3 eq pcanywhere-data access-list ACL_OUT extended permit tcp any4 host 216.x.x.3 eq 3389 access-list ACL_OUT extended permit tcp any4 object REPROXY eq www access-list ACL_OUT extended permit tcp any4 object REPROXY eq 8000 access-list ACL_OUT extended permit tcp any4 host 216.x.x.3 eq rtsp access-list ACL_OUT extended permit tcp any4 host 216.x.x.5 eq 5900 access-list ACL_OUT extended permit tcp any4 object EASYLINUX eq www access-list ACL_OUT extended permit tcp any4 object EASYLINUX eq https access-list ACL_OUT extended permit tcp any4 object EASYLINUX eq 8000 access-list ACL_OUT extended permit tcp any4 host 216.x.x.6 eq 8000 access-list ACL_OUT extended permit tcp any4 host 216.x.x.6 eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.6 eq 3389 access-list ACL_OUT extended permit tcp any4 host 192.168.0.235 eq 8192 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 2201 access-list ACL_OUT extended permit tcp any4 host 192.168.0.235 eq 3211 access-list ACL_OUT extended permit udp any4 host 192.168.0.235 eq 3211 access-list ACL_OUT extended permit tcp any4 object EASYSA eq www access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59097 access-list ACL_OUT extended permit tcp any4 object MRWEED eq 5900 access-list ACL_OUT extended permit tcp any4 object MRWEED eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59099 access-list ACL_OUT extended permit tcp any4 object ENTERPRISE eq 3389 access-list ACL_OUT extended permit tcp any4 object TRANSFERHOST2 eq 3389 access-list ACL_OUT extended permit tcp any4 object EASYSA eq 5900 access-list ACL_OUT extended permit tcp any4 object REPTEST1 eq ssh access-list ACL_OUT extended permit tcp any4 object REPTEST2 eq ssh access-list ACL_OUT extended permit tcp any4 object EASYSA eq 3389 access-list ACL_OUT extended permit tcp any4 object IDX-STAGING eq 5900 access-list ACL_OUT extended permit tcp any4 object IDX-STAGING eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59086 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33086 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59087 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33087 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59062 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33062 access-list ACL_OUT extended permit tcp any4 object STEWIE eq 5900 access-list ACL_OUT extended permit tcp any4 object STEWIE eq 3389 access-list ACL_OUT extended permit tcp any4 object QUICKBOOKS eq 3389 access-list ACL_OUT extended permit tcp any4 object EASY eq 5900 access-list ACL_OUT extended permit tcp any4 object EASY eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59088 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33088 access-list ACL_OUT extended permit tcp any4 object WORSHIPNET eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59084 access-list ACL_OUT extended permit tcp any4 object PCS01 eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59083 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33083 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59060 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33060 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22065 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22066 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22067 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22068 access-list ACL_OUT extended permit tcp any4 object IDX-STAGING eq domain access-list ACL_OUT extended permit udp any4 object IDX-STAGING eq domain access-list ACL_OUT extended permit tcp any4 object EASYLINUX eq domain access-list ACL_OUT extended permit udp any4 object EASYLINUX eq domain access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59064 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33064 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 873 access-list ACL_OUT extended permit tcp any4 object PROMETHEUS02 eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22091 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22201 access-list ACL_OUT extended permit tcp any4 object REALTOR-LIVE eq www access-list ACL_OUT extended permit tcp any4 object REALTOR-LIVE eq https access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22089 access-list ACL_OUT extended permit tcp any4 host 216.x.x.6 eq 10000 access-list ACL_OUT extended permit tcp any4 host 216.x.x.6 eq https access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 33064 access-list ACL_OUT extended permit tcp any4 object EASYSA eq 8080 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21090 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 8000 access-list ACL_OUT extended permit tcp any4 host 216.x.x.6 eq 3306 access-list ACL_OUT extended permit tcp any4 object STEWIE eq ftp access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59102 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59104 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33102 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33104 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21102 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21104 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21105 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59105 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33105 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21107 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59107 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33107 access-list ACL_OUT extended permit tcp any4 object WEB1 eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22076 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22077 access-list ACL_OUT extended permit tcp any4 object EASY-TRANS-LIVE eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21180 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59180 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33180 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21112 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59112 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33112 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 8112 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21110 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59110 access-list ACL_OUT extended permit tcp any4 object OHDEV eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 8110 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22111 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 8111 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 10000 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 10565 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 10566 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 10567 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 10568 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 10569 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22113 access-list ACL_OUT extended permit tcp any4 object PCSWEB eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22083 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22121 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22122 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22123 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22124 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22119 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22120 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21083 access-list ACL_OUT extended permit tcp any4 object OHSVR01 eq www access-list ACL_OUT extended permit tcp any4 host 216.x.x.101 eq ftp access-list ACL_OUT extended permit tcp any4 object OHSVR01 eq domain access-list ACL_OUT extended permit udp any4 object OHSVR01 eq domain access-list ACL_OUT extended permit tcp any4 object OHSVR01 eq ftp-data access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 21109 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 59109 access-list ACL_OUT extended permit tcp any4 object OHSVR01 eq 3389 access-list ACL_OUT extended permit tcp any4 object EASYLINUX eq ssh access-list ACL_OUT extended permit tcp any4 object PCSDBMONITOR eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.101 eq 8080 access-list ACL_OUT extended permit tcp any4 object EASYDB eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22190 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22191 access-list ACL_OUT extended permit tcp any4 object REDEV02 eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33176 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33177 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33178 access-list ACL_OUT extended permit tcp any4 object OHDEV eq www access-list ACL_OUT extended permit tcp any4 object PCS-LIVE-web eq www access-list ACL_OUT extended permit tcp any4 object prometheus03 eq 3389 access-list ACL_OUT extended permit tcp host 184.x.x.111 object DEVDB eq 3306 access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT extended permit tcp any4 object HAL eq 3389 access-list ACL_OUT extended permit tcp any4 object BOWMAN eq 3389 access-list ACL_OUT extended permit tcp any4 object PROMETHEUS eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22125 access-list ACL_OUT extended permit tcp any4 host 192.168.0.223 eq ssh access-list ACL_OUT extended permit tcp any4 object RESVR05 eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33175 access-list ACL_OUT extended permit tcp any4 object WEB1 eq www access-list ACL_OUT extended permit tcp any4 object WEB1 eq 8000 access-list ACL_OUT extended permit tcp any4 object WEB1 eq 8080 access-list ACL_OUT extended permit tcp any4 object WEB1 eq 8081 access-list ACL_OUT extended permit tcp any4 object REALTOR-STAGING eq 8082 access-list ACL_OUT extended permit tcp any4 object REALTOR-STAGING eq 8081 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33174 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33173 access-list ACL_OUT extended permit tcp any4 object BOUNCER eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33204 access-list ACL_OUT extended permit tcp any4 object EASY-TRANS-LIVE eq www access-list ACL_OUT extended permit tcp any4 object EASY-TRANS-LIVE eq 8000 access-list ACL_OUT extended permit tcp any4 object NAS01 eq ftp access-list ACL_OUT extended permit tcp any4 object NAS01 eq 10000 access-list ACL_OUT extended permit tcp any4 object NAS01 eq 10565 access-list ACL_OUT extended permit tcp any4 object NAS01 eq 10566 access-list ACL_OUT extended permit tcp any4 object NAS01 eq 10567 access-list ACL_OUT extended permit tcp any4 object NAS01 eq 10568 access-list ACL_OUT extended permit tcp any4 object NAS01 eq 10569 access-list ACL_OUT extended permit tcp any4 object NAS01 eq telnet access-list ACL_OUT extended permit tcp any4 object PCSPG eq ssh access-list ACL_OUT extended permit tcp any4 object TESTDB2 eq ssh access-list ACL_OUT extended permit tcp any4 object PCSDB eq ssh access-list ACL_OUT extended permit tcp any4 object PCSDB02 eq ssh access-list ACL_OUT extended permit tcp any4 object DEVDB eq ssh access-list ACL_OUT extended permit tcp any4 object DEFIANT eq 3389 access-list ACL_OUT extended permit tcp any4 object COPYHOST eq 3389 access-list ACL_OUT extended permit tcp any4 object ESATA eq 3389 access-list ACL_OUT extended permit tcp any4 object DOWNTIME2 eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22171 access-list ACL_OUT extended permit tcp any4 object PCS-LIVE-web eq ssh access-list ACL_OUT extended permit tcp any4 object REALTORS01 eq ssh access-list ACL_OUT extended permit tcp any4 object REALTORWEB eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7770 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7771 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7772 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7773 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7774 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7775 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7776 access-list ACL_OUT extended permit tcp any4 object ENTERPRISE eq 7777 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7778 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 7779 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7770 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7771 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7772 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7773 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7774 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7775 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7776 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7777 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7778 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 7779 access-list ACL_OUT extended permit udp any4 object NETDEV02 eq 27900 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 2302 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 2303 access-list ACL_OUT extended permit udp any4 host 216.x.x.102 eq 26901 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22058 access-list ACL_OUT extended permit tcp any4 object DBMONITOR eq ssh access-list ACL_OUT extended permit tcp any4 object DOWNTIME eq ssh access-list ACL_OUT extended permit tcp any4 object NETDEV02 eq ssh access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 902 access-list ACL_OUT extended permit tcp any4 object MISCHOST2 eq 903 access-list ACL_OUT extended permit tcp any4 object DEVHOST2 eq 3960 access-list ACL_OUT extended permit tcp any4 object DEVHOST2 eq 3961 access-list ACL_OUT extended permit tcp any4 object DEVHOST2 eq 902 access-list ACL_OUT extended permit tcp any4 object EASYDEV01 eq https access-list ACL_OUT extended permit tcp any4 object REALTOR-STAGING eq www access-list ACL_OUT extended permit tcp any4 object POSTGRES-MAIN eq ssh access-list ACL_OUT extended permit tcp any4 object REALTORS03 eq ssh access-list ACL_OUT extended permit tcp any4 object REALTORS02 eq ssh access-list ACL_OUT extended permit tcp any4 object MIKEDEV01 eq 3389 access-list ACL_OUT extended permit tcp any4 object DNS1 eq 3389 access-list ACL_OUT extended permit tcp any4 object BACKUPHOST eq 3389 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22169 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22205 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33167 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 33090 access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 22220 access-list ACL_OUT extended permit tcp any4 object DEEPTHOUGHT eq ssh access-list ACL_OUT extended permit tcp any4 object MOBILEREALTORS01 eq ssh access-list ACL_OUT extended permit tcp any4 object EASY-TRANS-LIVE eq https access-list ACL_OUT extended permit tcp any4 object EASY-TRANS-STAGING eq www access-list ACL_OUT extended permit tcp any4 object EASY-TRANS-STAGING-01 eq ssh access-list ACL_OUT extended permit tcp any4 object DATASTORE01 eq ssh access-list ACL_OUT extended permit tcp any4 object EASYDEV01 eq 3389 access-list ACL_OUT extended permit tcp any4 object REALTORDEV01 eq ssh access-list ACL_OUT extended permit tcp any4 object APP1DEV eq ssh access-list ACL_OUT extended permit tcp any4 object REPROXY eq ssh access-list ACL_OUT extended permit tcp any4 object AMANDA eq ssh access-list ACL_OUT extended permit tcp any4 object NAGIOS eq ssh access-list ACL_OUT extended permit tcp any4 object DATASTORE02 eq ssh access-list ACL_OUT extended permit tcp any4 object REALTOR-LIVE eq ssh access-list ACL_OUT extended permit tcp any4 object PROMETHEUS02 eq https access-list ACL_OUT extended permit tcp any4 host 216.x.x.102 eq 18580 access-list ACL_OUT extended permit tcp any4 object REALTORWEB eq 5500 access-list ACL_OUT extended permit tcp any4 object REALTOR-STAGING eq ssh access-list ACL_OUT extended permit tcp any4 object WEB1 eq 35729 access-list ACL_OUT extended permit tcp any4 host 216.x.x.21 eq www access-list ACL_OUT extended permit tcp any4 object SANDBOXDB eq ssh access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT extended permit tcp any4 object PCS-LIVE eq ssh access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT extended permit tcp any4 object PCS-LIVE eq www access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT extended permit tcp any4 object DATASTORE01 eq https access-list ACL_OUT extended permit tcp any4 object easy-staging eq ssh access-list ACL_OUT extended permit tcp any4 object realtor-staging eq ssh access-list ACL_OUT extended permit tcp any4 object speedtest eq ssh access-list ACL_OUT extended permit tcp any4 object zabbix eq ssh access-list ACL_OUT extended permit tcp object xxxx object vmwhost1 eq https access-list ACL_OUT extended permit tcp object xxxx object vmwhost2 eq https access-list ACL_OUT extended permit tcp object xxxx object vmwhost3 eq https access-list ACL_OUT extended permit tcp object xxxx object vmwhost2 eq www access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion access-list ACL_OUT remark Migration: End of expansion pager lines 24 logging enable logging timestamp logging list e-mail-notification level errors logging buffer-size 1048576 logging console critical logging monitor critical logging buffered errors logging asdm errors logging mail errors logging from-address xxxx@xxxx logging recipient-address xxxx@xxxx level errors logging ftp-bufferwrap logging ftp-server 192.168.0.223 / xxxx xxxx mtu inside 1500 mtu outside 1500 ip audit name ezads attack action drop ip audit interface outside ezads ip audit attack action drop failover failover lan unit primary failover lan interface failover Vlan8 failover interface ip failover 192.168.8.1 255.255.255.0 standby 192.168.8.2 icmp unreachable rate-limit 1 burst-size 1 icmp permit host 216.x.x.15 outside icmp permit host 216.x.x.34 outside icmp permit host 66.x.x.123 outside icmp permit host 73.x.x.114 outside icmp permit host 24.x.x.78 outside icmp permit host 8.8.8.8 outside icmp permit host 216.x.x.97 outside asdm history enable arp timeout 14400 arp permit-nonconnected nat (inside,any) source static obj-192.168.8.0 obj-192.168.8.0 destination static obj-192.168.9.0 obj-192.168.9.0 no-proxy-arp route-lookup nat (inside,any) source static any any destination static obj-192.168.9.208 obj-192.168.9.208 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.4.0 obj-192.168.4.0 destination static obj-192.168.9.0 obj-192.168.9.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.2.0 obj-192.168.2.0 destination static obj-192.168.111.0 obj-192.168.111.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.4.0 obj-192.168.4.0 destination static obj-192.168.111.0 obj-192.168.111.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.111.0 obj-192.168.111.0 no-proxy-arp route-lookup nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.224_27 NETWORK_OBJ_192.168.0.224_27 no-proxy-arp route-lookup nat (inside,outside) source static REALTOR-LIVE realtor-public dns ! object network obj-192.168.8.0 nat (inside,outside) dynamic interface object network obj-192.168.9.0 nat (inside,outside) dynamic interface object network obj-192.168.4.0 nat (inside,outside) dynamic interface object network obj-192.168.2.0 nat (inside,outside) dynamic interface object network obj-192.168.0.0 nat (inside,outside) dynamic interface object network obj-192.168.0.235 nat (inside,outside) static 216.x.x.102 service tcp 8192 8192 object network obj-192.168.0.235-01 nat (inside,outside) static 216.x.x.102 service tcp 3211 3211 object network obj-192.168.0.235-02 nat (inside,outside) static 216.x.x.102 service udp 3211 3211 object network obj-192.168.0.235-03 nat (inside,outside) static 216.x.x.102 service tcp 2068 2068 object network MRWEED-01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33098 object network EASYSA-01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33081 object network IDX-STAGING nat (any,any) static 216.x.x.102 service tcp 3389 33226 object network EZNS1-01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33053 object network EASY-01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33080 object network PCSDB nat (inside,outside) static 216.x.x.102 service tcp ssh 22208 object network PCSDB02 nat (inside,outside) static 216.x.x.102 service tcp ssh 22059 object network EASYLINUX nat (inside,outside) static 216.x.x.5 service tcp www www object network EASYLINUX-01 nat (inside,outside) static 216.x.x.5 service tcp https https object network EASYLINUX-02 nat (inside,outside) static 216.x.x.5 service tcp 8000 8000 object network EASYLINUX-03 nat (inside,outside) static 216.x.x.5 service tcp domain domain object network EASYLINUX-04 nat (inside,outside) static 216.x.x.5 service udp domain domain object network EZNS1-02 nat (inside,outside) static 216.x.x.4 service tcp domain domain object network EZNS1-03 nat (inside,outside) static 216.x.x.4 service udp domain domain object network ENTERPRISE nat (inside,outside) static 216.x.x.102 service tcp 3389 33099 object network WORSHIPNET nat (inside,outside) static 216.x.x.102 service tcp 3389 33077 object network REPROXY nat (inside,outside) static 216.x.x.4 service tcp www www object network REPROXY-01 nat (inside,outside) static 216.x.x.4 service tcp 8000 8000 object network EASYSA-03 nat (inside,outside) static 216.x.x.102 service tcp 8080 8080 object network EASYSA-04 nat (inside,outside) static 216.x.x.102 service tcp ftp ftp object network MRWEED-02 nat (inside,outside) static 216.x.x.99 service tcp www www object network STEWIE-01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33085 object network STEWIE-02 nat (inside,outside) static 216.x.x.102 service tcp ftp 21085 object network DNS1 nat (inside,outside) static 216.x.x.102 service tcp 3389 33228 object network DNS1-01 nat (inside,outside) static 216.x.x.100 service udp domain domain object network DNS1-02 nat (inside,outside) static 216.x.x.100 service tcp domain domain object network PCS01 nat (inside,outside) static 216.x.x.100 service tcp www www object network OHSVR01 nat (inside,outside) static 216.x.x.101 service udp domain domain object network OHSVR01-01 nat (inside,outside) static 216.x.x.101 service tcp domain domain object network OHSVR01-02 nat (inside,outside) static 216.x.x.101 service tcp www www object network REALTOR-LIVE nat (inside,outside) static 216.x.x.6 service tcp www www object network OHSVR01-03 nat (inside,outside) static 216.x.x.101 service tcp ftp-data ftp-data object network OHSVR01-04 nat (inside,outside) static 216.x.x.102 service tcp 3389 33109 object network OHDEV nat (inside,outside) static 216.x.x.102 service tcp 3389 33110 object network EASYLINUX-05 nat (inside,outside) static 216.x.x.102 service tcp ssh 22092 object network MRWEED-03 nat (inside,outside) static 216.x.x.100 service tcp ftp ftp object network DATASTORE01 nat (inside,outside) static 216.x.x.3 service tcp www www object network PCSDBMONITOR nat (inside,outside) static 216.x.x.102 service tcp ssh 22093 object network obj-192.168.0.60 nat (inside,outside) static 216.x.x.101 service tcp 9000 9000 object network EASY-TRANS-LIVE nat (inside,outside) static 216.x.x.22 service tcp www www object network REDEV02 nat (inside,outside) static 216.x.x.102 service tcp 3389 33179 object network NEW_EASYDB02 nat (inside,outside) static 216.x.x.102 service tcp ssh 22202 object network NEW_PCSDB01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22203 object network NEW_PCSDB02 nat (inside,outside) static 216.x.x.102 service tcp ssh 22204 object network MISCHOST2 nat (inside,outside) static 216.x.x.20 service tcp ssh ssh object network PROMETHEUS nat (inside,outside) static 216.x.x.102 service tcp ssh 22089 object network RESVR05 nat (inside,outside) static 216.x.x.102 service tcp 3389 33187 object network EASYDB nat (inside,outside) static 216.x.x.102 service tcp 3306 5577 object network DEVDB nat (inside,outside) static 216.x.x.102 service tcp 3306 5578 object network PCSDB-01 nat (inside,outside) static 216.x.x.20 service tcp 3306 3306 object network HAL nat (inside,outside) static 216.x.x.102 service tcp 3389 33100 object network BOWMAN nat (inside,outside) static 216.x.x.102 service tcp 3389 33101 object network obj-192.168.0.223 nat (inside,outside) static 216.x.x.102 service tcp ssh 22223 object network WEB1 nat (inside,outside) static 216.x.x.21 service tcp www www object network WEB1-01 nat (inside,outside) static 216.x.x.21 service tcp 8000 8000 object network WEB1-02 nat (inside,outside) static 216.x.x.21 service tcp 8080 8080 object network WEB1-03 nat (inside,outside) static 216.x.x.21 service tcp 8081 8081 object network DEVHOST2 nat (inside,outside) static 216.x.x.20 service tcp 902 902 object network DEVHOST2-01 nat (inside,outside) static 216.x.x.20 service tcp 3960 3960 object network DEVHOST2-02 nat (inside,outside) static 216.x.x.20 service tcp 3961 3961 object network PCSPG nat (inside,outside) static 216.x.x.102 service tcp ssh 22206 object network TESTDB2 nat (inside,outside) static 216.x.x.102 service tcp ssh 22209 object network DEVDB-01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22214 object network TEMPNAS nat (inside,outside) static 216.x.x.102 service tcp 3389 33211 object network COPYHOST nat (inside,outside) static 216.x.x.102 service tcp 3389 33215 object network ESATA nat (inside,outside) static 216.x.x.102 service tcp 3389 33220 object network DOWNTIME2 nat (inside,outside) static 216.x.x.102 service tcp ssh 22172 object network NAS01 nat (inside,outside) static 216.x.x.22 service tcp 10000 10000 object network NAS01-01 nat (inside,outside) static 216.x.x.22 service tcp 10565 10565 object network NAS01-02 nat (inside,outside) static 216.x.x.22 service tcp 10566 10566 object network NAS01-03 nat (inside,outside) static 216.x.x.22 service tcp 10567 10567 object network NAS01-04 nat (inside,outside) static 216.x.x.22 service tcp 10568 10568 object network NAS01-05 nat (inside,outside) static 216.x.x.22 service tcp 10569 10569 object network NAS01-06 nat (inside,outside) static 216.x.x.22 service tcp ftp ftp object network NAS01-07 nat (inside,outside) static 216.x.x.22 service tcp telnet telnet object network PCS-LIVE-web nat (inside,outside) static interface service tcp www www object network REALTORS01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22174 object network REALTORWEB nat (inside,outside) static 216.x.x.102 service tcp ssh 22184 object network REALTORWEB-01 nat (inside,outside) static 216.x.x.102 service tcp 5500 5500 object network NETDEV02 nat (inside,outside) static 216.x.x.102 service udp 27900 27900 object network NETDEV02-01 nat (inside,outside) static 216.x.x.102 service tcp 27010 27010 object network NETDEV02-02 nat (inside,outside) static 216.x.x.102 service tcp 27011 27011 object network NETDEV02-03 nat (inside,outside) static 216.x.x.102 service tcp 27012 27012 object network NETDEV02-04 nat (inside,outside) static 216.x.x.102 service tcp 27013 27013 object network NETDEV02-05 nat (inside,outside) static 216.x.x.102 service tcp 27014 27014 object network NETDEV02-06 nat (inside,outside) static 216.x.x.102 service tcp 27015 27015 object network NETDEV02-07 nat (inside,outside) static 216.x.x.102 service tcp 27016 27016 object network NETDEV02-08 nat (inside,outside) static 216.x.x.102 service tcp 27017 27017 object network NETDEV02-09 nat (inside,outside) static 216.x.x.102 service tcp 27018 27018 object network NETDEV02-10 nat (inside,outside) static 216.x.x.102 service tcp 27019 27019 object network NETDEV02-11 nat (inside,outside) static 216.x.x.102 service tcp 27020 27020 object network NETDEV02-12 nat (inside,outside) static 216.x.x.102 service udp 27010 27010 object network NETDEV02-13 nat (inside,outside) static 216.x.x.102 service udp 27011 27011 object network NETDEV02-14 nat (inside,outside) static 216.x.x.102 service udp 27012 27012 object network NETDEV02-15 nat (inside,outside) static 216.x.x.102 service udp 27013 27013 object network NETDEV02-16 nat (inside,outside) static 216.x.x.102 service udp 27014 27014 object network NETDEV02-17 nat (inside,outside) static 216.x.x.102 service udp 27015 27015 object network NETDEV02-18 nat (inside,outside) static 216.x.x.102 service udp 27016 27016 object network NETDEV02-19 nat (inside,outside) static 216.x.x.102 service udp 27017 27017 object network NETDEV02-20 nat (inside,outside) static 216.x.x.102 service udp 27018 27018 object network NETDEV02-21 nat (inside,outside) static 216.x.x.102 service udp 27019 27019 object network NETDEV02-22 nat (inside,outside) static 216.x.x.102 service udp 27020 27020 object network NETDEV02-23 nat (inside,outside) static 216.x.x.102 service tcp 27000 27000 object network NETDEV02-24 nat (inside,outside) static 216.x.x.102 service tcp 27001 27001 object network NETDEV02-25 nat (inside,outside) static 216.x.x.102 service tcp 27002 27002 object network NETDEV02-26 nat (inside,outside) static 216.x.x.102 service tcp 27003 27003 object network NETDEV02-27 nat (inside,outside) static 216.x.x.102 service tcp 27004 27004 object network NETDEV02-28 nat (inside,outside) static 216.x.x.102 service tcp 27005 27005 object network NETDEV02-29 nat (inside,outside) static 216.x.x.102 service tcp 27006 27006 object network NETDEV02-30 nat (inside,outside) static 216.x.x.102 service tcp 27007 27007 object network NETDEV02-31 nat (inside,outside) static 216.x.x.102 service tcp 27008 27008 object network NETDEV02-32 nat (inside,outside) static 216.x.x.102 service tcp 27009 27009 object network NETDEV02-33 nat (inside,outside) static 216.x.x.102 service udp 27000 27000 object network NETDEV02-34 nat (inside,outside) static 216.x.x.102 service udp 27001 27001 object network NETDEV02-35 nat (inside,outside) static 216.x.x.102 service udp 27002 27002 object network NETDEV02-36 nat (inside,outside) static 216.x.x.102 service udp 27003 27003 object network NETDEV02-37 nat (inside,outside) static 216.x.x.102 service udp 27004 27004 object network NETDEV02-38 nat (inside,outside) static 216.x.x.102 service udp 27005 27005 object network NETDEV02-39 nat (inside,outside) static 216.x.x.102 service udp 27006 27006 object network NETDEV02-40 nat (inside,outside) static 216.x.x.102 service udp 27007 27007 object network NETDEV02-41 nat (inside,outside) static 216.x.x.102 service udp 27008 27008 object network NETDEV02-42 nat (inside,outside) static 216.x.x.102 service udp 27009 27009 object network NETDEV02-43 nat (inside,outside) static 216.x.x.102 service udp 26901 29601 object network DOWNTIME nat (inside,outside) static 216.x.x.102 service tcp ssh 22170 object network REPTEST2 nat (inside,outside) static 216.x.x.102 service tcp ssh 22131 object network EASYDB-01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22207 object network DBMONITOR nat (inside,outside) static 216.x.x.102 service tcp ssh 22096 object network NETDEV02-44 nat (inside,outside) static 216.x.x.102 service tcp ssh 22181 object network MISCHOST2-01 nat (inside,outside) static 216.x.x.20 service tcp 903 903 object network REALTOR-STAGING nat (inside,outside) static 216.x.x.20 service tcp www www object network PROMETHEUS02 nat (inside,outside) static 216.x.x.102 service tcp ssh 22090 object network REALTORS03 nat (inside,outside) static 216.x.x.102 service tcp ssh 22176 object network MIKEDEV01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33172 object network REALTORS02 nat (inside,outside) static 216.x.x.102 service tcp ssh 22175 object network DEEPTHOUGHT nat (inside,outside) static 216.x.x.102 service tcp ssh 22088 object network BACKUPHOST nat (inside,outside) static 216.x.x.102 service tcp 3389 33223 object network MOBILEREALTORS01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22166 object network EASYLINUXDEV-02 nat (inside,outside) static 216.x.x.22 service tcp 8000 8000 object network DATASTORE01-01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22165 object network EASYDEV01-01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33164 object network PCS01-01 nat (inside,outside) static 216.x.x.102 service tcp 3389 33084 object network REALTORDEV01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22163 object network EASY-TRANS-LIVE-01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22093 object network APP1DEV nat (inside,outside) static 216.x.x.102 service tcp ssh 22182 object network REPROXY-02 nat (inside,outside) static 216.x.x.102 service tcp ssh 22183 object network AMANDA nat (inside,outside) static 216.x.x.102 service tcp ssh 22095 object network WEB1-04 nat (inside,outside) static 216.x.x.102 service tcp ssh 22075 object network NAGIOS nat (inside,outside) static 216.x.x.102 service tcp ssh 22185 object network DATASTORE02 nat (inside,outside) static 216.x.x.102 service tcp ssh 22064 object network PCSWEB nat (inside,outside) static interface service tcp ssh 22093 object network REALTORS02-01 nat (inside,outside) static 216.x.x.2 service tcp www www object network PROMETHEUS02-01 nat (inside,outside) static 216.x.x.102 service tcp https https object network ENTERPRISE-01 nat (inside,outside) static 216.x.x.102 service tcp 7777 7777 object network NAGIOS-01 nat (inside,outside) static 216.x.x.2 service tcp www 18580 object network REALTOR-LIVE-01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22087 object network REALTOR-STAGING-01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22177 object network REALTOR-STAGING-02 nat (inside,outside) static 216.x.x.20 service tcp 8082 8082 object network REALTOR-STAGING-03 nat (inside,outside) static 216.x.x.20 service tcp 8081 8081 object network WEB1-05 nat (inside,outside) static 216.x.x.21 service tcp 35729 35729 object network obj-192.168.3.0 nat (inside,outside) dynamic interface object network obj-192.168.5.0 nat (inside,outside) dynamic interface object network obj-192.168.6.0 nat (inside,outside) dynamic interface object network obj-192.168.7.0 nat (inside,outside) dynamic interface object network obj_any nat (inside,outside) dynamic interface object network prometheus03 nat (inside,outside) static 216.x.x.102 service tcp 3389 33102 object network POSTGRES-MAIN nat (inside,outside) static 216.x.x.102 service tcp ssh 22201 object network BOUNCER nat (inside,outside) static 216.x.x.102 service tcp ssh 22205 object network EASY-TRANS-STAGING nat (inside,outside) static 216.x.x.102 service tcp www www object network EASY-TRANS-STAGING-01 nat (inside,outside) static 216.x.x.102 service tcp ssh 22224 object network PCS-LIVE nat (inside,outside) static 216.x.x.102 service tcp ssh 22220 object network EASY-TRANS-LIVE-02 nat (inside,outside) static 216.x.x.22 service tcp https https object network TRANSFERHOST2 nat (inside,outside) static 216.x.x.102 service tcp 3389 33225 object network DEFIANT nat (inside,outside) static 216.x.x.102 service tcp 3389 33234 object network QUICKBOOKS nat (inside,outside) static 216.x.x.102 service tcp 3389 33232 object network REALTOR-LIVE-02 nat (inside,outside) static 216.x.x.6 service tcp https https object network DATASTORE02-01 nat (inside,outside) static 216.x.x.3 service tcp https https object network REPTEST1 nat (inside,outside) static 216.x.x.102 service tcp ssh 22130 object network easy-staging nat (any,any) static 216.x.x.102 service tcp ssh 22125 object network realtor-staging nat (any,any) static 216.x.x.102 service tcp ssh 22126 object network speedtest nat (any,any) static 216.x.x.102 service tcp ssh 22227 object network zabbix nat (any,any) static 216.x.x.102 service tcp ssh 22221 object network vmwhost1 nat (any,any) static 216.x.x.102 service tcp https 60230 object network vmwhost2 nat (any,any) static 216.x.x.102 service tcp https 60233 object network vmwhost3 nat (any,any) static 216.x.x.102 service tcp https 60121 access-group ACL_OUT in interface outside route outside 0.0.0.0 0.0.0.0 216.x.x.97 1 route inside 192.168.2.0 255.255.255.0 192.168.0.240 1 route inside 192.168.3.0 255.255.255.0 192.168.0.240 1 route inside 192.168.4.0 255.255.255.0 192.168.0.240 1 route inside 192.168.5.0 255.255.255.0 192.168.0.240 1 route inside 192.168.6.0 255.255.255.0 192.168.0.240 1 route inside 192.168.7.0 255.255.255.0 192.168.0.240 1 timeout xlate 0:05:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius user-identity default-domain LOCAL http server enable http 192.168.0.0 255.255.255.0 inside http 68.x.x.9 255.255.255.255 outside http 216.x.x.11 255.255.255.255 outside http 71.x.x.40 255.255.255.255 outside http 192.168.0.0 255.255.0.0 inside http 192.168.4.0 255.255.255.0 inside http 66.x.x.123 255.255.255.255 outside http 76.x.x.166 255.255.255.255 outside http 73.x.x.114 255.255.255.255 outside http 24.x.x.78 255.255.255.255 outside snmp-server host inside 192.168.0.99 xxxx xxxx version 2c snmp-server location xxxx snmp-server contact xxxx snmp-server xxxx xxxx snmp-server enable traps syslog snmp-server enable traps ipsec start stop snmp-server enable traps entity config-change fru-insert fru-remove snmp-server enable traps memory-threshold snmp-server enable traps interface-threshold snmp-server enable traps remote-access session-threshold-exceeded snmp-server enable traps connection-limit-reached snmp-server enable traps cpu threshold rising crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 1 match address outside_1_cryptomap_1 crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 209.x.x.192 crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA crypto map outside_map 1 set security-association lifetime seconds 28800 crypto map outside_map 1 set security-association lifetime kilobytes 4608000 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=EZ-Ads keypair VPN crl configure crypto ca trustpoint ASDM_TrustPoint1 enrollment self subject-name CN=xxxx.xxxx keypair VPN crl configure crypto ca trustpool policy crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint1 crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 0.0.0.0 0.0.0.0 inside telnet 216.x.x.11 255.255.255.255 outside telnet 24.x.x.78 255.255.255.255 outside telnet timeout 5 ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 inside ssh 192.168.0.99 255.255.255.255 inside ssh 216.x.x.104 255.255.255.255 outside ssh 24.x.x.78 255.255.255.255 outside ssh timeout 5 ssh version 1 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.0.5-192.168.0.254 inside ! threat-detection basic-threat threat-detection statistics host number-of-rate 2 threat-detection statistics port number-of-rate 2 threat-detection statistics protocol number-of-rate 2 threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server HAL source inside prefer ntp server 129.x.x.29 source outside ntp server 129.x.x.28 source outside ssl trust-point ASDM_TrustPoint1 outside ssl trust-point ASDM_TrustPoint1 inside webvpn enable outside anyconnect-essentials anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 anyconnect enable tunnel-group-list enable cache disable group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes wins-server value 192.168.0.100 192.168.0.101 dns-server value 192.168.0.100 192.168.0.101 vpn-tunnel-protocol ikev1 l2tp-ipsec default-domain value xxxx.xxxx group-policy DefaultRAGroup_1 internal group-policy DefaultRAGroup_1 attributes vpn-tunnel-protocol l2tp-ipsec split-tunnel-policy tunnelspecified default-domain value xxxx.xxxx group-policy "GroupPolicy_EASy Palantir" internal group-policy "GroupPolicy_EASy Palantir" attributes wins-server value 192.168.0.100 dns-server value 192.168.0.100 8.8.8.8 vpn-tunnel-protocol ikev2 ssl-client default-domain value xxxx.xxxx username xxxx password xxxx nt-encrypted privilege 0 username xxxx attributes vpn-group-policy DefaultRAGroup username xxxx password xxxx encrypted tunnel-group DefaultRAGroup general-attributes address-pool RoadWarrior default-group-policy DefaultRAGroup_1 tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 209.x.x.192 type ipsec-l2l tunnel-group 209.x.x.192 ipsec-attributes ikev1 pre-shared-key xxxx tunnel-group "EASy Palantir" type remote-access tunnel-group "EASy Palantir" general-attributes address-pool RoadWarrior default-group-policy "GroupPolicy_EASy Palantir" tunnel-group "EASy Palantir" webvpn-attributes group-alias "EASy Palantir" enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 4096 policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect http inspect dns inspect icmp policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 ! service-policy global_policy global smtp-server 69.x.x.6 prompt hostname context no call-home reporting anonymous hpm topN enable Cryptochecksum:xxxx : end asdm location 192.168.0.0 255.255.255.0 inside asdm location 210.x.x.133 255.255.255.255 outside asdm location 59.x.x.117 255.255.255.255 outside asdm location BADFTPHOST 255.255.255.255 outside asdm location 192.168.0.10 255.255.255.255 inside asdm location 192.168.2.0 255.255.255.0 inside asdm location 192.168.3.0 255.255.255.0 inside asdm location 192.168.4.0 255.255.255.0 inside asdm location 192.168.5.0 255.255.255.0 inside asdm location 192.168.6.0 255.255.255.0 inside asdm location 192.168.7.0 255.255.255.0 inside asdm location 192.168.8.0 255.255.255.0 inside asdm location 192.168.9.0 255.255.255.0 inside asdm location 192.168.0.235 255.255.255.255 inside asdm location 192.168.4.63 255.255.255.255 inside asdm location 192.168.4.66 255.255.255.255 inside asdm location APP1DEV 255.255.255.255 inside asdm location 192.168.3.91 255.255.255.255 inside asdm location 192.168.0.102 255.255.255.255 inside asdm location 192.168.0.107 255.255.255.255 inside asdm location 192.168.0.108 255.255.255.255 inside asdm location 216.x.x.104 255.255.255.255 inside asdm location VMH2 255.255.255.255 inside asdm location MRMCFEELY 255.255.255.255 inside asdm location 216.x.x.1 255.255.255.255 inside asdm location 216.x.x.7 255.255.255.255 inside asdm location LBMASTER 255.255.255.255 inside asdm location LBSLAVE 255.255.255.255 inside asdm location DBCLUSTERLB 255.255.255.255 inside asdm location HAL 255.255.255.255 inside asdm location NODE-2 255.255.255.255 inside asdm location NODE-3 255.255.255.255 inside asdm location EASY 255.255.255.255 inside asdm location STEWIE 255.255.255.255 inside asdm location WEB1 255.255.255.255 inside asdm location OHSVR01 255.255.255.255 inside asdm location EZNS1 255.255.255.255 inside asdm location BC1B2 255.255.255.255 inside asdm location RESVR05 255.255.255.255 inside asdm location REDEV02 255.255.255.255 inside asdm location TESTDB 255.255.255.255 inside asdm location TESTDB2 255.255.255.255 inside asdm location TEMPNAS 255.255.255.255 inside asdm location COPYHOST 255.255.255.255 inside asdm location ESATA 255.255.255.255 inside asdm location ENTERPRISE 255.255.255.255 inside asdm location NAS01 255.255.255.255 inside asdm location APP1 255.255.255.255 inside asdm location EASYSA 255.255.255.255 inside asdm location CLOUD1 255.255.255.255 inside asdm location EASYDB 255.255.255.255 inside asdm location DBMONITOR 255.255.255.255 inside asdm location PCSDB02 255.255.255.255 inside asdm location PCSDB 255.255.255.255 inside asdm location PCSDBMONITOR 255.255.255.255 inside asdm location REALTORS01 255.255.255.255 inside asdm location MRWEED 255.255.255.255 inside asdm location MISCHOST2 255.255.255.255 inside asdm location NEW_EASYDB01 255.255.255.255 inside asdm location NEW_EASYDB02 255.255.255.255 inside asdm location NEW_PCSDB01 255.255.255.255 inside asdm location NEW_PCSDB02 255.255.255.255 inside asdm location DNS1 255.255.255.255 inside asdm location MIKEDEV01 255.255.255.255 inside asdm location MIKEDEV02 255.255.255.255 inside asdm location TOMDEV02 255.255.255.255 inside asdm location DEEPTHOUGHT 255.255.255.255 inside asdm location DATASTORE01 255.255.255.255 inside asdm location DEVHOST2 255.255.255.255 inside asdm location EASYDEV01 255.255.255.255 inside asdm location REALTORDEV01 255.255.255.255 inside asdm location 192.168.111.0 255.255.255.0 inside asdm location EASYLINUX 255.255.255.255 inside asdm location REALTORS02 255.255.255.255 inside asdm location MOBILEREALTORS01 255.255.255.255 inside asdm location REALTORS03 255.255.255.255 inside asdm location REPROXY 255.255.255.255 inside asdm location AMANDA 255.255.255.255 inside asdm location NAGIOS 255.255.255.255 inside asdm location EASYLINUXDEV 255.255.255.255 inside asdm location DOWNTIME2 255.255.255.255 inside asdm location DOWNTIME 255.255.255.255 inside asdm location DOWNTIME3 255.255.255.255 inside asdm location PROMETHEUS 255.255.255.255 inside asdm location DEVDB 255.255.255.255 inside asdm location REALTORWEB 255.255.255.255 inside asdm location PCSPG 255.255.255.255 inside asdm location PCSDEV 255.255.255.255 inside asdm location NETDEV02 255.255.255.255 inside asdm location OHDEV 255.255.255.255 inside asdm location REALTOR-STAGING 255.255.255.255 inside asdm location WORSHIPNET 255.255.255.255 inside asdm location PCS01 255.255.255.255 inside asdm location PROMETHEUS02 255.255.255.255 inside asdm location EASYPG 255.255.255.255 inside asdm location BOWMAN 255.255.255.255 inside asdm history enable
Thanks,
Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 11:52 AM
You were right, the config is huge. Apart from any,any type of NAT statements, I dont see any misconfig.
Any,Any type of NAT statements are known to cause issues in some scenarios.
Anyways, could you please update on the capture that we discussed earlier.
Regards,
AJ
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents
