Sorry, I changed on sw4507 the static route to 10.2.93.2 (LAN network of asa)

After that, the asa routes are

asavm01# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is 10.18.108.1 to network 0.0.0.0

C    10.2.2.0 255.255.255.128 is directly connected, Administrativa

C    10.2.93.0 255.255.255.192 is directly connected, InsideLAN

C    10.18.108.0 255.255.252.0 is directly connected, OutsideWAN01

d*   0.0.0.0 0.0.0.0 [1/0] via 10.18.108.1, OutsideWAN01

asavm01#

Notes

OutsideWAN01 is the wan interface, receive ip by dhcp, their gateway is 10.18.108.1

I use a vlan of users on lan 10.2.2.0/25 to configure administrative asa interface because I need have access to asa and also to internet from the vlan 1022 to do some testings.

The NAT rule I use as source Net_Inside which is only vlan 1022 but in future I will change for something lilke -> Complete_LAN (10.2.0.0/16)

Temporally I configurate a server proxy using other wan output to access from LAN to internet while I try to solve the issue of sw4507/asa5525x

Thanks,

Eduardo

Hello Eduardo,

Think I got the solution for you....

On the ASA

object network Inside_LAN

subnet 10.2.93.0 255.255.255.0

exit

nat (InsideLAN,outside) 1 source dynamic Inside_LAN Interface

fixup protocol icmp

Then try to ping from the switch to 4.2.2.2 and keep me post dude

Regards

Yes, with this changes the ping from sw4507 is ok, but from lan not yet.

I attached a traceroute from sw and lan.

Also the log viewer is empty, why?

Eduardo

Tests and ipconfig from lan client(client on vlan 1022, gw 10.2.2.1)

Hello Eduardo,

Add this and if this does not work please share the entire configuration of both units

nat (Administrativa,outside) 1 source dynamic any interface

Regards,

Nothing, the same results!

I post actual configurations

---------------

sw4507

-----------

SW4507R_DC#sh run

SW4507R_DC#sh running-config

Building configuration...

Current configuration : 11816 bytes

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

service sequence-numbers

!

hostname SW4507R_DC

!

boot-start-marker

boot system flash bootflash:cat4500e-universalk9.SPA.03.02.00.XO.150-2.XO.bin

boot-end-marker

!

!

!

no aaa new-model

hw-module uplink select tengigabitethernet

ip subnet-zero

ip vrf Mgmt-vrf

!

ip dhcp excluded-address 10.2.1.1 10.2.1.10

ip dhcp excluded-address 10.2.2.1 10.2.2.10

ip dhcp excluded-address 10.2.3.1 10.2.3.10

ip dhcp excluded-address 10.2.4.1 10.2.4.10

ip dhcp excluded-address 10.2.5.1 10.2.5.10

ip dhcp excluded-address 10.2.6.1 10.2.6.10

ip dhcp excluded-address 10.2.7.1 10.2.7.10

ip dhcp excluded-address 10.2.8.1 10.2.8.10

!

ip dhcp pool Usuarios

   network 10.2.1.0 255.255.255.128

   default-router 10.2.1.1

   dns-server 10.18.3.10 10.31.224.2

   lease infinite

!

ip dhcp pool Usuarios1

   network 10.2.2.0 255.255.255.128

  default-router 10.2.2.1

   dns-server 10.18.3.10 10.31.224.2

   lease infinite

!

ip dhcp pool Usuarios2

   network 10.2.3.0 255.255.255.128

   default-router 10.2.3.1

   dns-server 10.18.3.10 10.31.224.2

   lease infinite

!

ip dhcp pool Usuarios3

   network 10.2.4.0 255.255.255.128

   dns-server 10.18.3.10 10.31.224.2

   default-router 10.2.4.1

   lease infinite

!

ip dhcp pool Usuarios4

   network 10.2.5.0 255.255.255.128

   default-router 10.2.5.1

   dns-server 10.18.3.10 10.31.224.2

   lease infinite

!

ip dhcp pool Usuarios5

   network 10.2.6.0 255.255.255.128

   dns-server 10.18.3.10 10.31.224.2

   default-router 10.2.6.1

   lease infinite

!

ip dhcp pool Usuarios6

   network 10.2.7.0 255.255.255.128

   default-router 10.2.7.1

   dns-server 10.18.3.10 10.31.224.2

   lease infinite

!

ip dhcp pool Usuarios7

   network 10.2.8.0 255.255.255.128

   dns-server 10.18.3.10 10.31.224.2

   default-router 10.2.8.1

lease infinite

!

!

vtp mode transparent

!

!

!

power redundancy-mode combined

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1020-1099 priority 0

!

redundancy

mode sso

!

vlan internal allocation policy ascending

!

vlan 1021-1029,1090-1092

!

vlan 1093

name FW

!

vlan 1094,1096,1099

!

!

!

interface Port-channel20

switchport

switchport trunk allowed vlan 1021,1029,1092,1094,1096,1099

switchport mode trunk

!

interface Port-channel21

switchport

switchport trunk allowed vlan 1022,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive on

!

interface Port-channel22

switchport

switchport trunk allowed vlan 1023,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive on

!

interface Port-channel23

switchport

switchport trunk allowed vlan 1024,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive on

!

interface Port-channel24

switchport

switchport trunk allowed vlan 1025,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive on

!

interface Port-channel25

switchport

switchport trunk allowed vlan 1026,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive on

!

interface Port-channel26

switchport

switchport trunk allowed vlan 1027,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive on

!

interface Port-channel27

switchport

switchport trunk allowed vlan 1028,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive on

!

interface FastEthernet1

ip vrf forwarding Mgmt-vrf

no ip address

shutdown

speed auto

duplex auto

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

!

interface GigabitEthernet1/5

switchport access vlan 1090

switchport mode access

!

interface GigabitEthernet1/6

switchport access vlan 1093

switchport mode access

!

interface GigabitEthernet1/7

!

interface GigabitEthernet1/8

!

interface GigabitEthernet1/9

!

interface GigabitEthernet1/10

!

interface GigabitEthernet1/11

!

interface GigabitEthernet1/12

!

interface GigabitEthernet1/13

switchport access vlan 1091

switchport mode access

!

interface GigabitEthernet1/14

switchport access vlan 1091

switchport mode access

!

interface GigabitEthernet1/15

switchport access vlan 1091

switchport mode access

!

interface GigabitEthernet1/16

switchport access vlan 1091

switchport mode access

interface GigabitEthernet1/17

!

interface GigabitEthernet1/18

!

interface GigabitEthernet1/19

!

interface GigabitEthernet1/20

!

interface GigabitEthernet1/21

!

interface GigabitEthernet1/22

!

interface GigabitEthernet1/23

!

interface GigabitEthernet1/24

!

interface GigabitEthernet1/25

!

interface GigabitEthernet1/26

!

interface GigabitEthernet1/27

!

interface GigabitEthernet1/28

!

interface GigabitEthernet1/29

!

interface GigabitEthernet1/30

!

interface GigabitEthernet1/31

!

interface GigabitEthernet1/32

!

interface GigabitEthernet1/33

!

interface GigabitEthernet1/34

!

interface GigabitEthernet1/35

!

interface GigabitEthernet1/36

!

interface GigabitEthernet1/37

!

interface GigabitEthernet1/38

!

interface GigabitEthernet1/39

!

interface GigabitEthernet1/40

!

interface GigabitEthernet1/41

!

interface GigabitEthernet1/42

!

interface GigabitEthernet1/43

!

interface GigabitEthernet1/44

!

interface GigabitEthernet1/45

switchport access vlan 1022

switchport mode access

!

interface GigabitEthernet1/46

switchport access vlan 1022

switchport mode access

!

interface GigabitEthernet1/47

switchport access vlan 1022

switchport mode access

!

interface GigabitEthernet1/48

switchport access vlan 1099

switchport mode access

!

interface GigabitEthernet2/1

!

interface GigabitEthernet2/2

!

interface GigabitEthernet2/3

!

interface GigabitEthernet2/4

!

interface GigabitEthernet2/5

!

interface GigabitEthernet2/6

!

interface GigabitEthernet2/7

!

interface GigabitEthernet2/8

!

interface GigabitEthernet2/9

!

interface GigabitEthernet2/10

!

interface GigabitEthernet2/11

!

interface GigabitEthernet2/12

!

interface GigabitEthernet2/13

!

interface GigabitEthernet2/14

!

interface GigabitEthernet2/15

!

interface GigabitEthernet2/16

!

interface GigabitEthernet2/17

!

interface GigabitEthernet2/18

!

interface GigabitEthernet2/19

!

interface GigabitEthernet2/20

!

interface GigabitEthernet2/21

!

interface GigabitEthernet2/22

!

interface GigabitEthernet2/23

!

interface GigabitEthernet2/24

!

interface GigabitEthernet2/25

!

interface GigabitEthernet2/26

!

interface GigabitEthernet2/27

!

interface GigabitEthernet2/28

!

interface GigabitEthernet2/29

!

interface GigabitEthernet2/30

!

interface GigabitEthernet2/31

!

interface GigabitEthernet2/32

!

interface GigabitEthernet2/33

!

interface GigabitEthernet2/34

!

interface GigabitEthernet2/35

!

interface GigabitEthernet2/36

!

interface GigabitEthernet2/37

!

interface GigabitEthernet2/38

!

interface GigabitEthernet2/39

!

interface GigabitEthernet2/40

!

interface GigabitEthernet2/41

!

interface GigabitEthernet2/42

!

interface GigabitEthernet2/43

!

interface GigabitEthernet2/44

!

interface GigabitEthernet2/45

!

interface GigabitEthernet2/46

!

interface GigabitEthernet2/47

!

interface GigabitEthernet2/48

!

interface TenGigabitEthernet3/1

switchport trunk allowed vlan 1027,1029,1092,1094,1096,1099

switchport mode trunk

channel-group 26 mode on

!

interface TenGigabitEthernet3/2

!

interface GigabitEthernet3/3

!

interface GigabitEthernet3/4

!

interface GigabitEthernet3/5

!

interface GigabitEthernet3/6

!

interface TenGigabitEthernet4/1

switchport trunk allowed vlan 1028,1029,1092,1094,1096,1099

switchport mode trunk

channel-group 27 mode on

!

interface TenGigabitEthernet4/2

!

interface GigabitEthernet4/3

!

interface GigabitEthernet4/4

!

interface GigabitEthernet4/5

!

interface GigabitEthernet4/6

!

interface TenGigabitEthernet5/1

switchport trunk allowed vlan 1021,1029,1092,1094,1096,1099

switchport mode trunk

flowcontrol receive off

channel-group 20 mode on

!

interface TenGigabitEthernet5/2

switchport trunk allowed vlan 1022,1029,1092,1094,1096,1099

switchport mode trunk

channel-group 21 mode on

!

interface TenGigabitEthernet5/3

switchport trunk allowed vlan 1023,1029,1092,1094,1096,1099

switchport mode trunk

channel-group 22 mode on

!

interface TenGigabitEthernet5/4

switchport trunk allowed vlan 1024,1029,1092,1094,1096,1099

switchport mode trunk

channel-group 23 mode on

!

interface TenGigabitEthernet5/5

switchport trunk allowed vlan 1025,1029,1092,1094,1096,1099

switchport mode trunk

channel-group 24 mode on

!

interface TenGigabitEthernet5/6

switchport trunk allowed vlan 1026,1029,1092,1094,1096,1099

switchport mode trunk

channel-group 25 mode on

!

interface GigabitEthernet5/7

!

interface GigabitEthernet5/8

!

interface GigabitEthernet5/9

!

interface GigabitEthernet5/10

!

interface GigabitEthernet5/11

!

interface GigabitEthernet5/12

!

interface GigabitEthernet5/13

!

interface GigabitEthernet5/14

!

interface GigabitEthernet5/15

!

interface GigabitEthernet5/16

!

interface GigabitEthernet5/17

!

interface GigabitEthernet5/18

!

interface TenGigabitEthernet6/1

!

interface TenGigabitEthernet6/2

!

interface TenGigabitEthernet6/3

!

interface TenGigabitEthernet6/4

!

interface TenGigabitEthernet6/5

!

interface TenGigabitEthernet6/6

!

interface GigabitEthernet6/7

!

interface GigabitEthernet6/8

!

interface GigabitEthernet6/9

!

interface GigabitEthernet6/10

!

interface GigabitEthernet6/11

!

interface GigabitEthernet6/12

!

interface GigabitEthernet6/13

!

interface GigabitEthernet6/14

!

interface GigabitEthernet6/15

!

interface GigabitEthernet6/16

!

interface GigabitEthernet6/17

!

interface GigabitEthernet6/18

!

interface Vlan1

no ip address

shutdown

!

interface Vlan1021

ip address 10.2.1.1 255.255.255.128

!

interface Vlan1022

ip address 10.2.2.1 255.255.255.128

!

interface Vlan1023

ip address 10.2.3.1 255.255.255.128

!

interface Vlan1024

ip address 10.2.4.1 255.255.255.128

!

interface Vlan1025

ip address 10.2.5.1 255.255.255.128

!

interface Vlan1026

ip address 10.2.6.1 255.255.255.128

!

interface Vlan1027

ip address 10.2.7.1 255.255.255.128

!

interface Vlan1028

ip address 10.2.8.1 255.255.255.128

!

interface Vlan1029

ip address 10.2.9.1 255.255.255.0

!

interface Vlan1090

ip address 10.2.90.1 255.255.255.192

!

interface Vlan1092

ip address 10.2.92.1 255.255.255.0

!

interface Vlan1093

ip address 10.2.93.1 255.255.255.192

!

interface Vlan1094

ip address 10.2.94.1 255.255.255.128

!

interface Vlan1096

ip address 10.2.96.1 255.255.255.0

shutdown

!

interface Vlan1099

ip address 10.2.99.1 255.255.255.192

!

!

router eigrp 100

auto-summary

nsf

!

ip route 0.0.0.0 0.0.0.0 10.2.93.2

ip http server

no ip http secure-server

!

!

!

!

!

!

line con 0

stopbits 1

line vty 0 4

login local

!

end

SW4507R_DC#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.2.93.2 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 14 subnets, 3 masks

C       10.2.8.0/25 is directly connected, Vlan1028

C       10.2.9.0/24 is directly connected, Vlan1029

C       10.2.1.0/25 is directly connected, Vlan1021

C       10.2.2.0/25 is directly connected, Vlan1022

C       10.2.3.0/25 is directly connected, Vlan1023

C       10.2.4.0/25 is directly connected, Vlan1024

C       10.2.5.0/25 is directly connected, Vlan1025

C       10.2.6.0/25 is directly connected, Vlan1026

C       10.2.7.0/25 is directly connected, Vlan1027

C       10.2.90.0/26 is directly connected, Vlan1090

C       10.2.92.0/24 is directly connected, Vlan1092

C       10.2.93.0/26 is directly connected, Vlan1093

C       10.2.94.0/25 is directly connected, Vlan1094

C       10.2.99.0/26 is directly connected, Vlan1099

S*   0.0.0.0/0 [1/0] via 10.2.93.2

SW4507R_DC#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!.!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 176/176/176 ms

SW4507R_DC#exit

------

ASA

------

asavm01# sh conf

!

ASA Version 8.6(1)2

!

hostname asavm01

names

!

interface GigabitEthernet0/0

description Vinculo Internet Principal AUI

nameif OutsideWAN01

security-level 10

ip address dhcp setroute

!

interface GigabitEthernet0/1

description Contingencia Vinculo Internet Principal

shutdown

nameif Outside02

security-level 10

ip address dhcp

!

interface GigabitEthernet0/2

description VLAN Servidores

nameif InsideLAN

security-level 100

ip address 10.2.90.5 255.255.255.192

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/4

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/5

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/6

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/7

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif Administrativa

security-level 100

ip address 10.2.2.5 255.255.255.128

management-only

!

boot system disk0:/asa861-2-smp-k8.bin

ftp mode passive

clock timezone ART -3

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network Net_Inside

subnet 10.2.90.0 255.255.255.192

object-group service DM_INLINE_SERVICE_1

service-object icmp echo-reply

service-object tcp-udp destination eq domain

service-object tcp-udp destination eq kerberos

service-object tcp-udp destination eq nfs

service-object tcp destination eq domain

service-object tcp destination eq ftp

service-object tcp destination eq www

service-object tcp destination eq https

service-object tcp destination eq ldap

service-object tcp destination eq ldaps

service-object tcp destination eq netbios-ssn

service-object tcp destination eq nfs

service-object tcp destination eq pop3

service-object tcp destination eq smtp

service-object tcp destination eq ssh

service-object tcp destination eq telnet

service-object udp destination eq domain

service-object udp destination eq www

service-object udp destination eq netbios-dgm

service-object udp destination eq netbios-ns

service-object udp destination eq nfs

service-object udp destination eq snmp

service-object udp destination eq time

object-group service DM_INLINE_TCP_1 tcp

port-object eq www

port-object eq https

access-list Outside01_access_in extended permit ip any interface OutsideWAN01

access-list Outside01_access_in extended permit ip any any

access-list InsideLAN_access_in extended permit tcp any any object-group DM_INLINE_TCP_1

access-list InsideLAN_access_in extended permit ip any any

access-list InsideLAN_access_in extended permit icmp any any

access-list InsideLAN_access_in extended permit object-group DM_INLINE_SERVICE_1 any any

pager lines 24

logging enable

logging asdm informational

mtu OutsideWAN01 1500

mtu Outside02 1500

mtu InsideLAN 1500

mtu Administrativa 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-66114.bin

no asdm history enable

arp timeout 14400

!

object network Net_Inside

nat (InsideLAN,OutsideWAN01) dynamic interface

access-group Outside01_access_in in interface OutsideWAN01

access-group InsideLAN_access_in in interface InsideLAN

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 10.35.4.4 255.255.255.255 OutsideWAN01

http 10.2.2.0 255.255.255.128 InsideLAN

http 10.2.2.0 255.255.255.128 Administrativa

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet 10.35.4.4 255.255.255.255 OutsideWAN01

telnet 10.2.2.0 255.255.255.128 Administrativa

telnet timeout 5

ssh timeout 5

console timeout 0

dhcp-client client-id interface OutsideWAN01

dhcp-client client-id interface Outside02

dhcpd address 10.2.2.10-10.2.2.20 Administrativa

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

webvpn

username maxi password etOtP8ASRWMFptNM encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:cef9aba890d3e80a792624d1bb02cfcf

asavm01# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is 10.18.108.1 to network 0.0.0.0

C    10.2.2.0 255.255.255.128 is directly connected, Administrativa

C    10.2.93.0 255.255.255.192 is directly connected, InsideLAN

C    10.18.108.0 255.255.252.0 is directly connected, OutsideWAN01

d*   0.0.0.0 0.0.0.0 [1/0] via 10.18.108.1, OutsideWAN01

asavm01# ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 170/172/180 ms

asavm01# exit

Logoff

Ohh!!! I see that the output configuration by shell mismatch with gui configuration, a bug???

I rebooted asa and now the configutation is updated

asavm01# sh config

ASA Version 8.6(1)2

!

hostname asavm01

enable password 9GsK.aUQ4.dpnEzg encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0/0

description Vinculo Internet Principal AUI

nameif OutsideWAN01

security-level 10

ip address dhcp setroute

!

interface GigabitEthernet0/1

description Contingencia Vinculo Internet Principal

shutdown

nameif bkpout

security-level 10

ip address dhcp

!

interface GigabitEthernet0/2

description VLAN Servidores

nameif InsideLAN

security-level 100

ip address 10.2.93.2 255.255.255.192

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/4

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/5

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/6

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/7

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif Administrativa

security-level 100

ip address 10.2.2.5 255.255.255.128

management-only

!

boot system disk0:/asa861-2-smp-k8.bin

ftp mode passive

clock timezone ART -3

dns domain-lookup OutsideWAN01

dns domain-lookup InsideLAN

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network Net_Inside

subnet 10.2.90.0 255.255.255.192

object network LAN_COMPLETA

subnet 10.2.0.0 255.255.0.0

object network Vlan1022

subnet 10.2.2.0 255.255.255.128

object network INSIDE

subnet 10.2.93.0 255.255.255.192

object-group service DM_INLINE_SERVICE_1

service-object icmp echo-reply

service-object tcp-udp destination eq domain

service-object tcp-udp destination eq kerberos

service-object tcp-udp destination eq nfs

service-object tcp destination eq domain

service-object tcp destination eq ftp

service-object tcp destination eq www

service-object tcp destination eq https

service-object tcp destination eq ldap

service-object tcp destination eq ldaps

service-object tcp destination eq netbios-ssn

service-object tcp destination eq nfs

service-object tcp destination eq pop3

service-object tcp destination eq smtp

service-object tcp destination eq ssh

service-object tcp destination eq telnet

service-object udp destination eq domain

service-object udp destination eq www

service-object udp destination eq netbios-dgm

service-object udp destination eq netbios-ns

service-object udp destination eq nfs

service-object udp destination eq snmp

service-object udp destination eq time

object-group service DM_INLINE_SERVICE_2

service-object icmp

service-object tcp destination eq domain

service-object tcp destination eq www

service-object tcp destination eq https

service-object tcp destination eq pop3

service-object tcp destination eq smtp

service-object icmp echo

service-object icmp echo-reply

service-object icmp traceroute

service-object icmp unreachable

object-group network DM_INLINE_NETWORK_1

network-object object INSIDE

network-object object LAN_COMPLETA

access-list Outside01_access_in extended permit ip any interface OutsideWAN01

access-list Outside01_access_in extended permit ip any any

access-list Outside01_access_in extended permit object-group DM_INLINE_SERVICE_2 any any

access-list InsideLAN_access_in extended permit ip any any

access-list InsideLAN_access_in extended permit icmp any any

access-list InsideLAN_access_in extended permit object-group DM_INLINE_SERVICE_1 any any

access-list InsideLAN_access_in extended permit icmp object LAN_COMPLETA any

pager lines 24

logging enable

logging asdm debugging

mtu OutsideWAN01 1500

mtu bkpout 1500

mtu InsideLAN 1500

mtu Administrativa 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-66114.bin

no asdm history enable

arp timeout 14400

nat (InsideLAN,OutsideWAN01) source dynamic DM_INLINE_NETWORK_1 interface

!

object network LAN_COMPLETA

nat (any,OutsideWAN01) dynamic interface

object network INSIDE

nat (any,OutsideWAN01) dynamic interface

access-group Outside01_access_in in interface OutsideWAN01

access-group InsideLAN_access_in in interface InsideLAN

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 10.35.4.4 255.255.255.255 OutsideWAN01

http 10.2.2.0 255.255.255.128 InsideLAN

http 10.2.2.0 255.255.255.128 Administrativa

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet 10.35.4.4 255.255.255.255 OutsideWAN01

telnet 10.2.2.0 255.255.255.128 Administrativa

telnet timeout 5

ssh 10.2.2.0 255.255.255.128 Administrativa

ssh timeout 5

console timeout 0

dhcp-client client-id interface OutsideWAN01

dhcp-client client-id interface bkpout

dhcpd address 10.2.2.10-10.2.2.20 Administrativa

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

webvpn

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:7bf87889888cd113c5dc1f6e255ff2da