Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1931
Views
0
Helpful
12
Replies

I cant ping my WebServer of DMZ Zone using Public IP

Tashi BDFCL
Level 1
Level 1

‎02-28-2013 09:04 PM - edited ‎03-11-2019 06:08 PM

Hi Everyone,

I have my webserver (30.30.30.50) located at DMZ zone. The public IP of my webserver is (119.2.116.191). From outside i can ping my webserver using public IP thats fine.

The issue out here is, if i want to ping my webserver using public IP from Internal LAN then i cannot ping but i can ping my webserver using private IP.

I am using ASA5520.

I have following line in my ASA :

static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0

static (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255

So can anyone help out, why i cant ping my webserver using public IP from inside?

Thanks,

TashiBDFCL

Labels:
0 Helpful
12 Replies 12

Julio Carvajal
VIP Alumni
VIP Alumni

‎02-28-2013 09:12 PM

Hello,

static (DMZ,inside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Tashi BDFCL
Level 1
Level 1
In response to Julio Carvajal

‎03-01-2013 01:09 AM

Hi,

Yes i tried with the following line:

static (DMZ,inside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255

I get this message when i add above line in to my ASA:

ASA(config)# static (DMZ,inside) 119.2.116.191 30.30.30.50 netmask 255.2$

WARNING: real-address conflict with existing static

  DMZ:30.30.0.0 to inside:30.30.0.0 netmask 255.255.0.0

ASA(config)#

Thanks,

TashiBDFCL

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Tashi BDFCL

‎03-01-2013 01:19 AM

Hi,

The problem might be due to the NAT order perhaps.

You could consider first removing the old configuration -> Entering the new Static NAT -> Entering the old Static NAT again

Notice though that this will potentially cause a problem with hosts connecting between "inside" and "DMZ" with their actual IP addresses. This also depends if you have "nat-control" enabled.

So basically you first have the following configuration

static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0

You could consider the following configuration

no static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0

static (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255

static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0

But again, as I said this might not be without problems

I guess there is also the possibility that the connection problem after entering the new Static NAT might be due to a setting that you have disabled Proxy ARP on the "Inside" interface.

Look if you have a configuration

sysopt noproxyarp inside

In your configuration

- Jouni

static  (DMZ,inside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255 - See  more at:  https://supportforums.cisco.com/thread/2202531?tstart=0#sthash.MWLYeunI.dpuf
0 Helpful

Tashi BDFCL
Level 1
Level 1
In response to Jouni Forss

‎03-01-2013 02:41 AM

HI,

I dont have sysopt noproxyarp inside in my ASA. I added following line:

no static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0

static (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255

static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0

still the problem is same. Please help.

TashiBDFCL

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Tashi BDFCL

‎03-01-2013 02:44 AM

Hi,

Sorry I had a copy/paste error there

static  (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255 - See  more at:  https://supportforums.cisco.com/thread/2202531?tstart=0#sthash.wpmK9gz2.dpuf
static  (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255 - See  more at:  https://supportforums.cisco.com/thread/2202531?tstart=0#sthash.wpmK9gz2.dpuf

This

static (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255

Was supposed to be this

static (DMZ,inside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255

You could use "packet-tracer" to test your traffic

packet-tracer input inside tcp 119.2.116.191

And copy the output here

- Jouni

0 Helpful

Tashi BDFCL
Level 1
Level 1
In response to Jouni Forss

‎03-01-2013 02:54 AM

HI,

Now the case is after adding the above line:

i cannot ping private IP 30.30.30.50 but i can ping 119.2.116.191. Actually i want to have both the IP ping from inside.

Thanks,

TashiBDFCL

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Tashi BDFCL

‎03-01-2013 03:02 AM

Hi,

What is the purpose for the need if you specifically ask for the DMZ host to be NATed to the public IP address towards the "inside"?

Can you please take the "packet-tracer" output of both situations

packet-tracer input inside icmp 0 8 119.2.116.191

packet-tracer input inside icmp 0 8 30.30.30.50

- Jouni

0 Helpful

Tashi BDFCL
Level 1
Level 1
In response to Jouni Forss

‎03-01-2013 03:09 AM

This is the result :

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.03.01 17:04:42 =~=~=~=~=~=~=~=~=~=~=~=
login as: tashi
tashi@10.10.10.1's password:
Type help or '?' for a list of available commands.

ASA> en
Password: ***************************
Invalid password
Password:
Invalid password
Password: ***************************

ASA#

ASA#

ASA#

ASA#

ASA#

ASA# pack

ASA# packet-tracer in

ASA# packet-tracer input is ns

ASA# packet-tracer input inside ic

ASA# packet-tracer input inside icmp 192.168.6.21 0 8 119.2.116.191

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   119.2.116.176   255.255.255.240 outside
<--- More --->
             

Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   192.168.0.0     255.255.0.0     inside

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 7
<--- More --->
             
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
  match ip inside 192.168.0.0 255.255.0.0 DMZ any
    static translation to 192.168.0.0
    translate_hits = 1, untranslate_hits = 17
Additional Information:

Phase: 8
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside) 1 192.168.6.21 255.255.255.255
  match ip inside host 192.168.6.21 outside any
    dynamic translation to pool 1 (119.2.116.178 [Interface PAT])
    translate_hits = 1030, untranslate_hits = 83
Additional Information:

Result:
input-interface: inside
input-status: up
<--- More --->
             
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule


ASA# pack

ASA# packet-tracer ins

ASA# packet-tracer ins   insi

ASA# packet-tracer insid

ASA# packet-tracer insid       inp

ASA# packet-tracer input in

ASA# packet-tracer input inside icm

ASA# packet-tracer input inside icmp 192.168.6.21 0 8 30.30.30.50

Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0
  match ip DMZ 30.30.0.0 255.255.0.0 inside any
    static translation to 30.30.0.0
    translate_hits = 18, untranslate_hits = 2
Additional Information:
NAT divert to egress interface DMZ
Untranslate 30.30.0.0/0 to 30.30.0.0/0 using netmask 255.255.0.0

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
<--- More --->
             
Result: ALLOW
Config:
Additional Information:
in   192.168.0.0     255.255.0.0     inside

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
<--- More --->
             
static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
  match ip inside 192.168.0.0 255.255.0.0 DMZ any
    static translation to 192.168.0.0
    translate_hits = 2, untranslate_hits = 18
Additional Information:
Static translate 192.168.0.0/0 to 192.168.0.0/0 using netmask 255.255.0.0

Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
  match ip inside 192.168.0.0 255.255.0.0 DMZ any
    static translation to 192.168.0.0
    translate_hits = 2, untranslate_hits = 18
Additional Information:

Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0
<--- More --->
             
  match ip DMZ 30.30.0.0 255.255.0.0 inside any
    static translation to 30.30.0.0
    translate_hits = 18, untranslate_hits = 2
Additional Information:

Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 4093, packet dispatched to next module

Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 30.30.30.50 using egress ifc DMZ
adjacency Active
next-hop mac address 1078.d274.f0e1 hits 129

Result:
<--- More --->
             
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow


ASA#   exit

Logoff

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Tashi BDFCL

‎03-01-2013 03:54 AM

Hi,

The one using the public IP address doesnt atleast list that it would hit any "UN-NAT" phase of the DMZ to Inside Public IP address translation.

Maybe should check the whole current NAT configuration (show run global, show run nat, sh run static + possible ACLs needed for NAT)

- Jouni

0 Helpful

Tashi BDFCL
Level 1
Level 1
In response to Jouni Forss

‎03-01-2013 09:30 PM

HI,

Please see the log which i have taken after running the above command:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.03.02 11:27:49 =~=~=~=~=~=~=~=~=~=~=~=
login as: tashi
tashi@10.10.10.1's password:
Type help or '?' for a list of available commands.

BDFCL-ASA> en
Password: ***************************

BDFCL-ASA#

BDFCL-ASA#

BDFCL-ASA#

BDFCL-ASA# sh run gl

BDFCL-ASA# sh run global
global (outside) 1 interface

BDFCL-ASA# sh run nat
nat (outside) 0 access-list inside_nat0_outbound
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.2.8 255.255.255.255
nat (inside) 1 192.168.2.13 255.255.255.255
nat (inside) 1 192.168.3.18 255.255.255.255
nat (inside) 1 192.168.3.20 255.255.255.255
nat (inside) 1 192.168.3.26 255.255.255.255
nat (inside) 1 192.168.3.28 255.255.255.255
nat (inside) 1 192.168.3.31 255.255.255.255
nat (inside) 1 192.168.3.36 255.255.255.255
nat (inside) 1 192.168.3.42 255.255.255.255
nat (inside) 1 192.168.3.46 255.255.255.255
nat (inside) 1 192.168.4.16 255.255.255.255
nat (inside) 1 192.168.4.17 255.255.255.255
nat (inside) 1 192.168.4.19 255.255.255.255
nat (inside) 1 192.168.4.21 255.255.255.255
nat (inside) 1 192.168.4.22 255.255.255.255
nat (inside) 1 192.168.4.24 255.255.255.255
nat (inside) 1 192.168.4.25 255.255.255.255
nat (inside) 1 192.168.4.26 255.255.255.255
nat (inside) 1 192.168.4.27 255.255.255.255
nat (inside) 1 192.168.4.28 255.255.255.255
nat (inside) 1 192.168.4.29 255.255.255.255
nat (inside) 1 192.168.4.30 255.255.255.255
nat (inside) 1 192.168.4.32 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.39 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.42 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.54 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.55 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.60 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.63 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.200 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.203 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.204 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.205 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.206 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.207 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.208 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.209 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.4.210 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.19 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.21 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.23 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.26 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.27 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.28 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.29 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.35 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.37 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.40 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.41 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.42 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.43 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.45 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.46 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.47 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.48 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.61 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.99 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.204 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.5.205 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.20 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.21 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.23 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.25 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.26 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.27 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.28 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.29 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.30 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.32 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.36 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.37 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.55 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.56 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.102 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.103 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.105 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.201 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.202 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.209 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.210 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.214 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.6.220 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.20 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.21 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.24 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.25 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.26 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.27 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.29 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.31 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.203 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.205 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.9.206 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.11.203 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.20 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.21 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.101 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.102 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.103 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.104 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.200 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.201 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.202 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.203 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.12.204 255.255.255.255
<--- More --->
             
nat (inside) 1 192.168.70.100 255.255.255.255
<--- More --->
             
nat (inside) 1 173.16.3.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.4.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.5.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.6.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.7.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.8.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.9.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.10.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.11.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.12.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.13.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.14.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.15.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.16.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.17.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.18.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.19.0 255.255.255.248
<--- More --->
             
nat (inside) 1 173.16.20.0 255.255.255.248
nat (inside) 1 173.16.21.0 255.255.255.248
nat (inside) 1 173.16.22.0 255.255.255.248
nat (inside) 1 173.16.23.0 255.255.255.248
nat (inside) 1 173.16.24.0 255.255.255.248
nat (inside) 1 173.16.25.0 255.255.255.248
nat (inside) 1 173.16.26.0 255.255.255.248
nat (inside) 1 173.16.27.0 255.255.255.248
nat (inside) 1 173.16.28.0 255.255.255.248
nat (inside) 1 173.16.29.0 255.255.255.248
nat (inside) 1 173.16.30.0 255.255.255.248
nat (inside) 1 173.16.31.0 255.255.255.248
nat (inside) 1 173.16.32.0 255.255.255.248
nat (inside) 1 173.16.33.0 255.255.255.248
nat (inside) 1 192.168.1.0 255.255.255.0
nat (DMZ) 1 192.168.6.203 255.255.255.255
nat (thimphuWAN) 0 access-list inside_nat0_outbound

BDFCL-ASA# sh run sta

BDFCL-ASA# sh run static + pos

BDFCL-ASA# sh run static + pos     
static (DMZ,inside) 30.30.0.0 30.30.0.0 netmask 255.255.0.0
static (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255
static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
static (inside,DMZ) 173.16.0.0 173.16.0.0 netmask 255.255.0.0
static (DMZ,outside) 119.2.116.182 30.30.30.51 netmask 255.255.255.255
static (DMZ,outside) 119.2.116.183 30.30.30.52 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.10 173.16.3.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.11 173.16.3.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.12 173.16.3.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.13 173.16.3.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.14 173.16.3.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.15 173.16.3.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.16 173.16.3.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.17 173.16.3.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.18 173.16.3.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.19 173.16.4.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.20 173.16.4.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.21 173.16.4.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.22 173.16.4.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.23 173.16.4.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.24 173.16.4.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.25 173.16.4.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.26 173.16.4.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.27 173.16.4.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.28 173.16.5.2 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.29 173.16.5.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.30 173.16.5.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.31 173.16.5.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.32 173.16.5.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.33 173.16.5.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.34 173.16.5.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.35 173.16.5.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.36 173.16.5.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.37 173.16.6.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.38 173.16.6.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.39 173.16.6.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.40 173.16.6.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.41 173.16.6.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.42 173.16.6.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.43 173.16.6.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.44 173.16.6.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.46 173.16.7.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.47 173.16.7.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.48 173.16.7.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.49 173.16.7.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.50 173.16.7.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.51 173.16.7.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.52 173.16.7.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.53 173.16.7.9 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.54 173.16.7.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.55 173.16.8.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.56 173.16.8.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.57 173.16.8.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.58 173.16.8.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.59 173.16.8.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.60 173.16.8.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.61 173.16.8.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.62 173.16.8.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.63 173.16.8.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.64 173.16.9.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.65 173.16.9.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.66 173.16.9.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.67 173.16.9.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.68 173.16.9.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.69 173.16.9.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.70 173.16.9.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.71 173.16.9.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.72 173.16.9.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.73 173.16.10.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.74 173.16.10.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.75 173.16.10.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.76 173.16.10.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.77 173.16.10.6 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.78 173.16.10.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.79 173.16.10.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.80 173.16.10.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.81 173.16.10.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.82 173.16.11.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.83 173.16.11.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.84 173.16.11.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.85 173.16.11.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.86 173.16.11.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.87 173.16.11.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.88 173.16.11.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.89 173.16.11.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.90 173.16.11.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.91 173.16.12.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.92 173.16.12.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.93 173.16.12.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.94 173.16.12.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.95 173.16.12.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.96 173.16.12.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.97 173.16.12.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.98 173.16.12.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.99 173.16.12.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.100 173.16.13.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.101 173.16.13.3 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.102 173.16.13.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.103 173.16.13.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.104 173.16.13.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.105 173.16.13.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.106 173.16.13.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.107 173.16.13.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.108 173.16.13.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.109 173.16.14.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.110 173.16.14.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.111 173.16.14.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.112 173.16.14.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.113 173.16.14.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.114 173.16.14.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.115 173.16.14.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.116 173.16.14.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.117 173.16.14.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.118 173.16.15.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.119 173.16.15.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.120 173.16.15.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.121 173.16.15.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.122 173.16.15.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.123 173.16.15.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.124 173.16.15.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.125 173.16.15.9 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.126 173.16.15.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.127 173.16.16.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.128 173.16.16.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.129 173.16.16.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.130 173.16.16.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.131 173.16.16.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.132 173.16.16.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.133 173.16.16.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.134 173.16.16.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.135 173.16.16.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.136 173.16.17.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.137 173.16.17.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.138 173.16.17.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.139 173.16.17.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.140 173.16.17.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.141 173.16.17.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.142 173.16.17.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.143 173.16.17.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.144 173.16.17.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.145 173.16.18.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.146 173.16.18.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.147 173.16.18.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.148 173.16.18.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.149 173.16.18.6 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.150 173.16.18.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.151 173.16.18.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.152 173.16.18.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.153 173.16.18.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.154 173.16.19.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.155 173.16.19.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.156 173.16.19.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.157 173.16.19.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.158 173.16.19.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.159 173.16.19.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.160 173.16.19.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.161 173.16.19.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.162 173.16.19.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.163 173.16.20.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.164 173.16.20.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.165 173.16.20.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.166 173.16.20.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.167 173.16.20.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.168 173.16.20.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.169 173.16.20.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.170 173.16.20.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.171 173.16.20.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.172 173.16.21.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.173 173.16.21.3 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.174 173.16.21.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.175 173.16.21.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.176 173.16.21.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.177 173.16.21.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.178 173.16.21.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.179 173.16.21.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.180 173.16.21.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.181 173.16.22.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.182 173.16.22.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.183 173.16.22.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.184 173.16.22.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.185 173.16.22.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.186 173.16.22.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.187 173.16.22.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.188 173.16.22.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.189 173.16.22.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.190 173.16.23.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.191 173.16.23.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.192 173.16.23.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.193 173.16.23.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.194 173.16.23.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.195 173.16.23.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.196 173.16.23.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.197 173.16.23.9 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.198 173.16.23.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.199 173.16.24.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.200 173.16.24.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.201 173.16.24.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.202 173.16.24.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.203 173.16.24.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.204 173.16.24.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.205 173.16.24.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.206 173.16.24.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.207 173.16.24.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.208 173.16.25.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.209 173.16.25.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.210 173.16.25.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.211 173.16.25.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.212 173.16.25.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.213 173.16.25.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.214 173.16.25.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.215 173.16.25.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.216 173.16.25.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.217 173.16.26.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.218 173.16.26.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.219 173.16.26.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.220 173.16.26.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.221 173.16.26.6 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.222 173.16.26.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.223 173.16.26.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.224 173.16.26.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.225 173.16.26.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.226 173.16.27.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.227 173.16.27.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.228 173.16.27.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.229 173.16.27.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.230 173.16.27.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.231 173.16.27.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.232 173.16.27.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.233 173.16.27.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.234 173.16.27.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.235 173.16.28.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.236 173.16.28.3 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.237 173.16.28.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.238 173.16.28.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.239 173.16.28.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.240 173.16.28.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.241 173.16.28.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.242 173.16.28.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.243 173.16.28.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.245 173.16.29.2 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.246 173.16.29.3 netmask 255.255.255.255
<--- More --->
             
static (inside,thimphuWAN) 172.23.48.247 173.16.29.4 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.248 173.16.29.5 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.249 173.16.29.6 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.250 173.16.29.7 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.251 173.16.29.8 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.252 173.16.29.9 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.253 173.16.29.10 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.254 192.168.6.21 netmask 255.255.255.255
static (inside,thimphuWAN) 172.23.48.45 192.168.6.204 netmask 255.255.255.255

BDFCL-ASA#       sh run acl

BDFCL-ASA# sh run acl

BDFCL-ASA# sh run access-li

BDFCL-ASA# sh run access-list ?

  WORD < 241 char  Show a specific access policy identified by this name
  alert-interval   Show the alert interval for generating syslog message 106001
                   which alerts that the system has reached a deny flow maximum
  deny-flow-max    Show the maximum number of concurrent deny flows that can be
                   created
  |                Output modifiers
 

BDFCL-ASA# sh run access-list 
access-list acl_outside_in extended permit icmp any any echo-reply
access-list acl_outside_in extended permit icmp any any time-exceeded
access-list acl_outside_in extended permit icmp any any unreachable
access-list acl_outside_in extended permit tcp 173.16.0.0 255.255.0.0 eq www any eq www time-range Internet
access-list acl_outside_in extended permit tcp any host 119.2.116.191
access-list acl_outside_in extended permit icmp any host 119.2.116.191
access-list acl_outside_in extended permit tcp any host 119.2.116.182
access-list acl_outside_in extended permit icmp any host 119.2.116.182
access-list acl_outside_in extended permit tcp any host 119.2.116.183
access-list acl_outside_in extended permit icmp any host 119.2.116.183
access-list bdfcl_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.120.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.16.0 255.255.255.128
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.16.128 255.255.255.128
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.16.0 255.255.255.128
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.16.128 255.255.255.128
access-list global_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
access-list acl_dmz_in extended permit tcp host 30.30.30.50 any
access-list acl_dmz_in extended permit icmp host 30.30.30.50 any
access-list acl_dmz_in extended permit tcp host 30.30.30.51 any
access-list acl_dmz_in extended permit icmp host 30.30.30.51 any
access-list acl_dmz_in extended permit icmp host 30.30.30.52 any
access-list acl_dmz_in extended permit tcp host 30.30.30.52 any
access-list acl_dmz_in extended permit ip any any
access-list acl_thimphuWAN_in extended permit icmp any any echo-reply
<--- More --->
             
access-list acl_thimphuWAN_in extended permit icmp any any time-exceeded
access-list acl_thimphuWAN_in extended permit icmp any any unreachable
access-list acl_thimphuWAN_in extended permit icmp any any echo
access-list acl_thimphuWAN_in extended permit tcp any any eq ssh
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.16.0 255.255.255.128
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.16.128 255.255.255.128
access-list 103 extended permit ip 192.168.6.0 255.255.255.0 192.168.16.0 255.255.255.128
access-list 103 extended permit ip 192.168.6.0 255.255.255.0 192.168.16.128 255.255.255.128

BDFCL-ASA#   exit

Logoff

0 Helpful

Tashi BDFCL
Level 1
Level 1
In response to Jouni Forss

‎03-01-2013 03:02 AM

HI,

Here is the pack-tracer result:

ASA# packet-tracer input inside tc

ASA# packet-tracer input inside tcp 192.168.6.2`1  1 80 119.2.116.191  81 80

Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (DMZ,inside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255
  match ip DMZ host 30.30.30.50 inside any
    static translation to 119.2.116.191
    translate_hits = 135, untranslate_hits = 3
Additional Information:
NAT divert to egress interface DMZ
Untranslate 119.2.116.191/0 to 30.30.30.50/0 using netmask 255.255.255.255

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
<--- More --->
             
Result: ALLOW
Config:
Additional Information:
in   192.168.0.0     255.255.0.0     inside

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: SSM-DIVERT
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: SSM_SERVICE
Subtype:
Result: ALLOW
Config:
<--- More --->
             
Additional Information:

Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
  match ip inside 192.168.0.0 255.255.0.0 DMZ any
    static translation to 192.168.0.0
    translate_hits = 121, untranslate_hits = 177
Additional Information:
Static translate 192.168.0.0/0 to 192.168.0.0/0 using netmask 255.255.0.0

Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
  match ip inside 192.168.0.0 255.255.0.0 DMZ any
    static translation to 192.168.0.0
    translate_hits = 121, untranslate_hits = 177
Additional Information:
<--- More --->
             

Phase: 9
Type: SSM_SERVICE
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (DMZ,inside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255
  match ip DMZ host 30.30.30.50 inside any
    static translation to 119.2.116.191
    translate_hits = 136, untranslate_hits = 3
Additional Information:

Phase: 11
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
<--- More --->
             
static (DMZ,outside) 119.2.116.191 30.30.30.50 netmask 255.255.255.255
  match ip DMZ host 30.30.30.50 outside any
    static translation to 119.2.116.191
    translate_hits = 0, untranslate_hits = 64
Additional Information:

Phase: 12
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 13
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 15549, packet dispatched to next module

Phase: 14
Type: ROUTE-LOOKUP
Subtype: output and adjacency
<--- More --->
             
Result: ALLOW
Config:
Additional Information:
found next-hop 30.30.30.50 using egress ifc DMZ
adjacency Active
next-hop mac address 1078.d274.f0e1 hits 207

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow


ASA#     exit

Logoff

0 Helpful

jocamare
Level 4
Level 4

‎03-01-2013 02:27 PM

Hairpinning aka U-turn will be your new best friend.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card