- Cisco Community
- Technology and Support
- Security
- Network Security
- I can not ping DMZ or any other remote Networks from VPN client (Firepower)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
I can not ping DMZ or any other remote Networks from VPN client (Firepower)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2020 06:46 AM
All users are able to reach inside networks only.
: Hardware: FPR-2110, 6589 MB RAM, CPU MIPS 1200 MHz, 1 CPU (6 cores)
:
NGFW Version 6.6.1
!
hostname wdgngfw
enable password ----- encrypted
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
names
no mac-address auto
ip local pool NW-VPN 10.1.1.0-10.1.1.255 mask 255.255.255.0
!
interface Ethernet1/1
nameif inside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.99.254 255.255.255.248
!
interface Ethernet1/2
nameif shelburne
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.250.1 255.255.255.0
!
interface Ethernet1/2.464
vlan 464
nameif shelburne-sub
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.16.13.1 255.255.255.0
!
interface Ethernet1/3
nameif fergus-orangeville
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.251.1 255.255.255.0
!
interface Ethernet1/3.100
vlan 100
nameif fergus-sub
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.16.11.1 255.255.255.0
!
interface Ethernet1/3.200
vlan 200
nameif orangeville-sub
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.16.12.1 255.255.255.0
!
interface Ethernet1/4
nameif markham
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.252.1 255.255.255.0
!
interface Ethernet1/4.130
vlan 130
nameif markham-sub
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.130.1 255.255.255.0
!
interface Ethernet1/5
nameif dmz
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.124.127.254 255.255.255.0
!
interface Ethernet1/6
nameif outside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 216.xx.xx.xx 255.255.255.252
!
interface Ethernet1/7
shutdown
nameif dmz2
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.253.1 255.255.255.0
!
interface Ethernet1/8
shutdown
nameif guest
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.24.1 255.255.255.0
!
interface Ethernet1/9
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/10
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/11
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/12
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/13
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/14
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/15
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/16
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
nameif diagnostic
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address
!
access-list NGFW_ONBOX_ACL remark rule-id 268435478: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435478: L7 RULE: TrafficURL
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435478 ifc fergus-orangeville any ifc outside any rule-id 268435478 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435478 ifc fergus-sub any ifc outside any rule-id 268435478 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435478 ifc inside any ifc outside any rule-id 268435478 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435478 ifc orangeville-sub any ifc outside any rule-id 268435478 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435478 ifc shelburne-sub any ifc outside any rule-id 268435478 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435479: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435479: L7 RULE: BlockedApplications
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435479 ifc outside any any rule-id 268435479 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435469: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435469: L7 RULE: Internal Traffic
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-orangeville any ifc fergus-orangeville any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-orangeville any ifc fergus-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-orangeville any ifc inside any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-orangeville any ifc orangeville-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-orangeville any ifc shelburne-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-sub any ifc fergus-orangeville any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-sub any ifc fergus-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-sub any ifc inside any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-sub any ifc orangeville-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc fergus-sub any ifc shelburne-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc inside any ifc fergus-orangeville any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc inside any ifc fergus-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc inside any ifc inside any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc inside any ifc orangeville-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc inside any ifc shelburne-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc orangeville-sub any ifc fergus-orangeville any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc orangeville-sub any ifc fergus-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc orangeville-sub any ifc inside any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc orangeville-sub any ifc orangeville-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc orangeville-sub any ifc shelburne-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc shelburne-sub any ifc fergus-orangeville any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc shelburne-sub any ifc fergus-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc shelburne-sub any ifc inside any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc shelburne-sub any ifc orangeville-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435469 ifc shelburne-sub any ifc shelburne-sub any rule-id 268435469
access-list NGFW_ONBOX_ACL remark rule-id 268435457: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435457: L7 RULE: InsideToDMZ
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435457 ifc fergus-orangeville any ifc dmz object NW-DMZ rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435457 ifc fergus-sub any ifc dmz object NW-DMZ rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435457 ifc inside any ifc dmz object NW-DMZ rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435457 ifc orangeville-sub any ifc dmz object NW-DMZ rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435457 ifc shelburne-sub any ifc dmz object NW-DMZ rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435458: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435458: L7 RULE: InsideToOutside
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435458 ifc fergus-orangeville any ifc outside any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435458 ifc fergus-sub any ifc outside any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435458 ifc inside any ifc outside any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435458 ifc orangeville-sub any ifc outside any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435458 ifc shelburne-sub any ifc outside any rule-id 268435458 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435460: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435460: L7 RULE: InsideToDR
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc fergus-orangeville object-group |acSrcNwg-268435460 ifc markham object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc fergus-orangeville object-group |acSrcNwg-268435460 ifc markham-sub object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc fergus-sub object-group |acSrcNwg-268435460 ifc markham object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc fergus-sub object-group |acSrcNwg-268435460 ifc markham-sub object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc inside object-group |acSrcNwg-268435460 ifc markham object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc inside object-group |acSrcNwg-268435460 ifc markham-sub object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc orangeville-sub object-group |acSrcNwg-268435460 ifc markham object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc orangeville-sub object-group |acSrcNwg-268435460 ifc markham-sub object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc shelburne-sub object-group |acSrcNwg-268435460 ifc markham object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc shelburne-sub object-group |acSrcNwg-268435460 ifc markham-sub object-group |acDestNwg-268435460 rule-id 268435460
access-list NGFW_ONBOX_ACL remark rule-id 268435459: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435459: L7 RULE: DMZToOutside
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435459 ifc dmz object NW-DMZ ifc outside any rule-id 268435459 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435462: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435462: L7 RULE: SQLInside
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435462 ifc dmz object-group |acSrcNwg-268435462 ifc fergus-orangeville object WDGDATAB-SRV rule-id 268435462 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435462 ifc dmz object-group |acSrcNwg-268435462 ifc fergus-sub object WDGDATAB-SRV rule-id 268435462 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435462 ifc dmz object-group |acSrcNwg-268435462 ifc inside object WDGDATAB-SRV rule-id 268435462 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435462 ifc dmz object-group |acSrcNwg-268435462 ifc orangeville-sub object WDGDATAB-SRV rule-id 268435462 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435462 ifc dmz object-group |acSrcNwg-268435462 ifc shelburne-sub object WDGDATAB-SRV rule-id 268435462 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435463: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435463: L7 RULE: LDAP
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435463 ifc dmz object-group |acSrcNwg-268435463 ifc fergus-orangeville object NW-Guelph-126 rule-id 268435463 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435463 ifc dmz object-group |acSrcNwg-268435463 ifc fergus-sub object NW-Guelph-126 rule-id 268435463 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435463 ifc dmz object-group |acSrcNwg-268435463 ifc inside object NW-Guelph-126 rule-id 268435463 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435463 ifc dmz object-group |acSrcNwg-268435463 ifc orangeville-sub object NW-Guelph-126 rule-id 268435463 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435463 ifc dmz object-group |acSrcNwg-268435463 ifc shelburne-sub object NW-Guelph-126 rule-id 268435463 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435483: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435483: L5 RULE: VPN-DMZ
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435483 ifc outside object NW-VPN ifc dmz any rule-id 268435483
access-list NGFW_ONBOX_ACL remark rule-id 268435475: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435475: L5 RULE: VPN
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435475 ifc outside object NW-VPN ifc fergus-orangeville any rule-id 268435475 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435475 ifc outside object NW-VPN ifc fergus-sub any rule-id 268435475 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435475 ifc outside object NW-VPN ifc inside any rule-id 268435475 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435475 ifc outside object NW-VPN ifc orangeville-sub any rule-id 268435475 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435475 ifc outside object NW-VPN ifc shelburne-sub any rule-id 268435475 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435461: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435461: L7 RULE: Websites
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435461 ifc outside any ifc dmz object WEB_Servers rule-id 268435461 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435465: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435465: L7 RULE: Exchange16
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435465 ifc outside any ifc fergus-orangeville object WDGEXCHANGE-SRV rule-id 268435465
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435465 ifc outside any ifc fergus-sub object WDGEXCHANGE-SRV rule-id 268435465
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435465 ifc outside any ifc inside object WDGEXCHANGE-SRV rule-id 268435465
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435465 ifc outside any ifc orangeville-sub object WDGEXCHANGE-SRV rule-id 268435465
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435465 ifc outside any ifc shelburne-sub object WDGEXCHANGE-SRV rule-id 268435465
access-list NGFW_ONBOX_ACL remark rule-id 268435466: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435466: L7 RULE: OneMail
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435466 ifc outside object-group OneMail ifc fergus-orangeville object-group |acDestNwg-268435466 rule-id 268435466
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435466 ifc outside object-group OneMail ifc fergus-sub object-group |acDestNwg-268435466 rule-id 268435466
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435466 ifc outside object-group OneMail ifc inside object-group |acDestNwg-268435466 rule-id 268435466
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435466 ifc outside object-group OneMail ifc orangeville-sub object-group |acDestNwg-268435466 rule-id 268435466
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435466 ifc outside object-group OneMail ifc shelburne-sub object-group |acDestNwg-268435466 rule-id 268435466
access-list NGFW_ONBOX_ACL remark rule-id 268435467: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435467: L7 RULE: FireSystem
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435467 ifc outside object FireSystemOut ifc fergus-orangeville object FireSystem rule-id 268435467
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435467 ifc outside object FireSystemOut ifc fergus-sub object FireSystem rule-id 268435467
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435467 ifc outside object FireSystemOut ifc inside object FireSystem rule-id 268435467
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435467 ifc outside object FireSystemOut ifc orangeville-sub object FireSystem rule-id 268435467
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435467 ifc outside object FireSystemOut ifc shelburne-sub object FireSystem rule-id 268435467
access-list NGFW_ONBOX_ACL remark rule-id 268435468: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435468: L7 RULE: HVAC
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-orangeville any ifc fergus-orangeville object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-orangeville any ifc fergus-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-orangeville any ifc inside object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-orangeville any ifc orangeville-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-orangeville any ifc shelburne-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-sub any ifc fergus-orangeville object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-sub any ifc fergus-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-sub any ifc inside object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-sub any ifc orangeville-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc fergus-sub any ifc shelburne-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc inside any ifc fergus-orangeville object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc inside any ifc fergus-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc inside any ifc inside object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc inside any ifc orangeville-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc inside any ifc shelburne-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc orangeville-sub any ifc fergus-orangeville object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc orangeville-sub any ifc fergus-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc orangeville-sub any ifc inside object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc orangeville-sub any ifc orangeville-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc orangeville-sub any ifc shelburne-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc outside any ifc fergus-orangeville object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc outside any ifc fergus-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc outside any ifc inside object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc outside any ifc orangeville-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc outside any ifc shelburne-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc shelburne-sub any ifc fergus-orangeville object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc shelburne-sub any ifc fergus-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc shelburne-sub any ifc inside object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc shelburne-sub any ifc orangeville-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435468 ifc shelburne-sub any ifc shelburne-sub object HVAC-Sys rule-id 268435468 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435472: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435472: L5 RULE: Testing GW
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435472 ifc outside any ifc outside object GW-internet rule-id 268435472
access-list NGFW_ONBOX_ACL remark rule-id 1: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 1: L5 RULE: DefaultActionRule
access-list NGFW_ONBOX_ACL advanced deny ip any any rule-id 1
access-list Support_Axsys|splitAcl extended permit ip object Excelicare any
access-list WDGStaff|splitAcl extended permit ip object NW-Fergus any
access-list WDGStaff|splitAcl extended permit ip object NW-Guelph-0 any
access-list WDGStaff|splitAcl extended permit ip object NW-Guelph-111 any
access-list WDGStaff|splitAcl extended permit ip object NW-Guelph-125 any
access-list WDGStaff|splitAcl extended permit ip object NW-Guelph-126 any
access-list WDGStaff|splitAcl extended permit ip object NW-Guelph-3rdFloor any
access-list WDGStaff|splitAcl extended permit ip object NW-Guelph-Voice any
access-list WDGStaff|splitAcl extended permit ip object NW-Guelph1stFloor any
access-list WDGStaff|splitAcl extended permit ip object NW-Orangeville any
access-list WDGStaff|splitAcl extended permit ip object NW-Shelburne any
access-list WDGStaff|splitAcl extended permit ip object NW-VPN any
access-list WDGStaff|splitAcl extended permit ip object NW-WiFi-Agency any
access-list ITGroup|splitAcl extended permit ip object any-ipv4 any
access-list ITGroup|splitAcl extended permit ip object any-ipv6 any
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
nat (dmz,outside) source static WDGWEB10 Wells service _|NatOrigSvc_eec57c25-f1d1-11ea-99a0-19067ab70011 _|NatMappedSvc_eec57c25-f1d1-11ea-99a0-19067ab70011
nat (dmz,outside) source static WDGWEB10 Survey service _|NatOrigSvc_0e265268-f1d2-11ea-99a0-c1a89fd652d0 _|NatMappedSvc_0e265268-f1d2-11ea-99a0-c1a89fd652d0
nat (dmz,outside) source static WDGWEB10 Bi service _|NatOrigSvc_23009bfb-f1d2-11ea-99a0-13637e0c6e7c _|NatMappedSvc_23009bfb-f1d2-11ea-99a0-13637e0c6e7c
nat (dmz,outside) source static WDGWEB10 ORS service _|NatOrigSvc_358a8cee-f1d2-11ea-99a0-f349b48ffcb1 _|NatMappedSvc_358a8cee-f1d2-11ea-99a0-f349b48ffcb1
nat (dmz,outside) source static WDGWEB10 ONOR service _|NatOrigSvc_4843cb41-f1d2-11ea-99a0-05cf02fb6caa _|NatMappedSvc_4843cb41-f1d2-11ea-99a0-05cf02fb6caa
nat (dmz,outside) source static WDGWEB10 Elph service _|NatOrigSvc_5743d224-f1d2-11ea-99a0-f12c2c7c990d _|NatMappedSvc_5743d224-f1d2-11ea-99a0-f12c2c7c990d
nat (dmz,outside) source static WDGWEB10 Piwiki service _|NatOrigSvc_6f5e0477-f1d2-11ea-99a0-3f56097509e9 _|NatMappedSvc_6f5e0477-f1d2-11ea-99a0-3f56097509e9
nat (dmz,outside) source static WDGWEB10 Speech service _|NatOrigSvc_8114c6ea-f1d2-11ea-99a0-85f489da2814 _|NatMappedSvc_8114c6ea-f1d2-11ea-99a0-85f489da2814
nat (dmz,outside) source static WDGWEB10 Weetalk service _|NatOrigSvc_97f62b1d-f1d2-11ea-99a0-c54d2b091480 _|NatMappedSvc_97f62b1d-f1d2-11ea-99a0-c54d2b091480
nat (dmz,outside) source static WDGWEB9 ALCOHOL1 service _|NatOrigSvc_b09d8240-f1d2-11ea-99a0-13fd568c6de8 _|NatMappedSvc_b09d8240-f1d2-11ea-99a0-13fd568c6de8
nat (dmz,outside) source static WDGHR-SRV InfoHR-Public service _|NatOrigSvc_a34c8f9c-f3c2-11ea-beba-2d199c3e5294 _|NatMappedSvc_a34c8f9c-f3c2-11ea-beba-2d199c3e5294
nat (dmz,outside) source static ADFS_INT ADFS_Pub service _|NatOrigSvc_f0380742-f3c2-11ea-beba-ef17d984212c _|NatMappedSvc_f0380742-f3c2-11ea-beba-ef17d984212c
nat (inside,outside) source static any any destination static NW-VPN NW-VPN
nat (dmz,outside) source static NW-DMZ NW-DMZ destination static NW-VPN NW-VPN route-lookup
nat (outside,outside) source static NW-VPN NW-VPN destination static NW-VPN NW-VPN route-lookup
nat (inside,outside) source static NW-Fergus NW-Fergus destination static NW-VPN NW-VPN route-lookup
!
object network any-ipv4
nat (inside,outside) dynamic interface
object network NW-DMZ
nat (dmz,outside) dynamic interface
object network WDGEXCHANGE-SRV
nat (inside,outside) static Exchange_Public
object network WDGOTV-SRV
nat (inside,outside) static WDGOTV_Public service tcp https https
object network WDGWISE-SRV
nat (dmz,outside) static WDGWISE-Public service tcp www www
object network WDGHHAPP-SRV
nat (dmz,outside) static CBYC service tcp https https
object network WDGLAMP-PROD
nat (dmz,outside) static WDGLAMP-Public service tcp https https
object network GW-internet
nat (outside,outside) static any-ipv4
access-group NGFW_ONBOX_ACL global
route outside 0.0.0.0 0.0.0.0 216.171.104.57 1
route inside 10.0.0.0 255.255.0.0 192.168.99.250 1
route inside 10.124.125.0 255.255.255.128 192.168.99.250 1
route inside 10.124.126.0 255.255.255.0 192.168.99.250 1
route markham-sub 10.125.125.0 255.255.255.0 192.168.130.2 1
route markham-sub 10.125.126.0 255.255.255.0 192.168.130.2 1
route inside 172.18.0.0 255.255.252.0 192.168.99.250 1
route inside 192.168.0.0 255.255.255.0 192.168.99.250 1
route fergus-sub 192.168.1.0 255.255.255.0 172.16.11.2 1
route orangeville-sub 192.168.2.0 255.255.255.0 172.16.12.2 1
route shelburne-sub 192.168.3.0 255.255.255.0 172.16.13.2 1
route inside 192.168.6.0 255.255.255.0 192.168.99.250 1
route inside 192.168.22.0 255.255.254.0 192.168.99.250 1
route inside 192.168.24.0 255.255.254.0 192.168.99.250 1
route fergus-orangeville 192.168.100.0 255.255.255.192 192.168.100.2 1
route inside 192.168.111.0 255.255.255.0 192.168.99.250 1
quit
crypto ikev2 policy 11
encryption aes-gcm-256 aes-gcm-192 aes-gcm
integrity null
group 21 20 19 14 5
prf sha512 sha384 sha256
lifetime seconds 86400
crypto ikev2 policy 21
encryption aes-256 aes-192 aes
integrity sha512 sha384 sha256 sha
group 21 20 24 14 5
prf sha512 sha384 sha256 sha
lifetime seconds 86400
crypto ikev2 policy 100
encryption des
integrity sha
group 14
prf sha
lifetime seconds 86400
crypto ikev2 policy 101
encryption des
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev1 policy 2
authentication rsa-sig
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 6
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 11
authentication pre-share
encryption aes-192
hash sha
group 5
lifetime 86400
crypto ikev1 policy 21
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
crypto ikev1 policy 150
authentication rsa-sig
encryption des
hash sha
group 14
lifetime 86400
crypto ikev1 policy 160
authentication pre-share
encryption des
hash sha
group 14
lifetime 86400
telnet timeout 5
console timeout 0
dhcpd auto_config inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point THECORE outside
webvpn
enable outside
http-headers
hsts-server
enable
max-age 31536000
include-sub-domains
no preload
hsts-client
enable
x-content-type-options
x-xss-protection
content-security-policy
anyconnect image disk0:/anyconnpkgs/anyconnect-win-4.8.03052-webdeploy-k9.pkg 2
anyconnect profiles defaultClientProfile disk0:/anyconncprofs/defaultClientProfile.xml
anyconnect enable
tunnel-group-list enable
cache
disable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ssl-client
webvpn
anyconnect ssl dtls none
anyconnect profiles value defaultClientProfile type user
group-policy WDGStaff internal
group-policy WDGStaff attributes
dns-server value 10.124.126.20 10.124.126.21
dhcp-network-scope none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list value WDGStaff|splitAcl
default-domain value wdghu.local
split-dns none
split-tunnel-all-dns disable
client-bypass-protocol disable
msie-proxy method no-modify
vlan none
address-pools none
ipv6-address-pools none
webvpn
anyconnect ssl dtls none
anyconnect mtu 1406
anyconnect ssl keepalive none
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client none
anyconnect dpd-interval gateway none
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect profiles value defaultClientProfile type user
anyconnect ssl df-bit-ignore disable
always-on-vpn profile-setting
group-policy Support_Axsys internal
group-policy Support_Axsys attributes
dhcp-network-scope none
vpn-simultaneous-logins 0
vpn-idle-timeout 3
vpn-idle-timeout alert-interval 3
vpn-session-timeout 120
vpn-session-timeout alert-interval 30
vpn-filter none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list value Support_Axsys|splitAcl
split-dns none
split-tunnel-all-dns disable
client-bypass-protocol disable
msie-proxy method no-modify
vlan none
address-pools none
ipv6-address-pools none
webvpn
anyconnect ssl dtls none
anyconnect mtu 1406
anyconnect ssl keepalive none
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client none
anyconnect dpd-interval gateway none
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect profiles value defaultClientProfile type user
anyconnect ssl df-bit-ignore disable
always-on-vpn profile-setting
group-policy ITGroup internal
group-policy ITGroup attributes
dns-server value 10.124.126.20 10.124.126.21
dhcp-network-scope none
vpn-simultaneous-logins 1
vpn-idle-timeout 5
vpn-idle-timeout alert-interval 4
vpn-session-timeout 300
vpn-session-timeout alert-interval 1
vpn-filter none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
ipv6-split-tunnel-policy excludespecified
split-tunnel-network-list value ITGroup|splitAcl
default-domain value wdghu.local
split-dns none
split-tunnel-all-dns disable
client-bypass-protocol disable
msie-proxy method no-modify
vlan none
address-pools none
ipv6-address-pools none
webvpn
anyconnect ssl dtls none
anyconnect mtu 1406
anyconnect ssl keepalive none
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client none
anyconnect dpd-interval gateway none
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect profiles value defaultClientProfile type user
anyconnect ssl df-bit-ignore disable
always-on-vpn profile-setting
dynamic-access-policy-record DfltAccessPolicy
username ashrafa password ***** pbkdf2
tunnel-group Support type remote-access
tunnel-group Support general-attributes
address-pool NW-VPN
authentication-server-group RSA
secondary-authentication-server-group AD use-primary-username
authorization-server-group RSA
default-group-policy Support_Axsys
tunnel-group Support webvpn-attributes
group-alias ExtSupport enable
tunnel-group WDGStaff type remote-access
tunnel-group WDGStaff general-attributes
address-pool NW-VPN
authentication-server-group RSA
secondary-authentication-server-group AD use-primary-username
authorization-server-group RSA
default-group-policy WDGStaff
tunnel-group WDGStaff webvpn-attributes
group-alias WDGStaff enable
tunnel-group ITGroup type remote-access
tunnel-group ITGroup general-attributes
address-pool NW-VPN
authentication-server-group RSA
secondary-authentication-server-group AD use-primary-username
authorization-server-group RSA
default-group-policy ITGroup
tunnel-group ITGroup webvpn-attributes
group-alias ITGroup enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
inspect snmp
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
