Re: Unable to ping from my vpn ipsec to my inside address with nat exclusion

alejandrogarcia586365792 · ‎03-17-2020

When applied this nat exclusion on my local ASA I am able to ping all my local network from my remote network but not my inside interface in my local ASA, when I disable this nat exclusion I am able to do it. Why this happen?. I have enable the management-interface inside as well. Thank in advance

object network obj-local
subnet 10.1.0.0 255.255.0.0
exit
object network obj-remote
subnet 10.9.0.0 255.255.0.0
exit
!
nat (inside,outside) source static obj-local obj-local destination static obj-remote obj-remote

Cristian Matei · ‎03-18-2020

Hi,

1. Fix: use the "route-lookup" option to your NAT statement, like this:

nat (inside,outside) source static obj-local obj-local destination static obj-remote obj-remote route-lookup

2. Explanation: it has to do with how the ASA finds the egress interface, when NAT is involved; if you specify the exact interfaces and not use the "any" keyword for the egress/destination interface, the ASA finds the egress interface from the NAT statement, which means the packet HAS to be forwarded out that interface; in your case, you want packets NOT to be forwarded out the inside interface, but to be destined to the inside interface, for management; so by using the "route-lookup" option you're telling the ASA to find the egress interface by doing route-lookup, so the ASA will see the packet being destined to itself and it will no longer put it in the buffer of the egress interface, but rather terminated it on that interface, as this is what you want.

Also, for this exact NAT statement, identity NAT for VPN traffic, also use the no-proxy-arp option, as an optimisation, like:

nat (inside,outside) source static obj-local obj-local destination static obj-remote obj-remote route-lookup no-proxy-arp

Regards,

Cristian Matei.

medicaintensiva · ‎03-23-2020

I am having the same issue using AnyConnect. everything connects, but no ping to local net o http access to server behing firewall.

Result of the command: "show tech-support"

Cisco Adaptive Security Appliance Software Version 9.1(6)
Device Manager Version 7.8(2)151

Compiled on Fri 27-Feb-15 13:50 by builders
System image file is "disk0:/asa916-k8.bin"
Config file at boot was "startup-config"

paccmx up 1 hour 6 mins

Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2_05
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Ext: GigabitEthernet0/0 : address is 0026.cb48.f378, irq 9
1: Ext: GigabitEthernet0/1 : address is 0026.cb48.f379, irq 9
2: Ext: GigabitEthernet0/2 : address is 0026.cb48.f37a, irq 9
3: Ext: GigabitEthernet0/3 : address is 0026.cb48.f37b, irq 9
4: Ext: Management0/0 : address is 0026.cb48.f377, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 750 91 days
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled 91 days
AnyConnect for Cisco VPN Phone : Enabled 91 days
Advanced Endpoint Assessment : Enabled 91 days
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1340L12C
Running Permanent Activation Key: 0x752ed047 0x70ff9d0d 0x00f2c5dc 0xbeb8c458 0x4e341684
Running Timebased Activation Key: 0x836cbe5b 0x780dd8b4 0x6d9f0552 0x56c84d8b 0xcdd70489
Configuration register is 0x1
Configuration last modified by paccmx at 15:41:48.109 CST Mon Mar 23 2020

------------------ show disk0: controller ------------------

Flash Model: SMART CF

------------------ show clock ------------------

16:21:08.749 CST Mon Mar 23 2020

------------------ show crashinfo ------------------

Saved crash: 18:00:00.000 CST Wed Dec 31 1969

------------------ show module ------------------

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5520 Adaptive Security Appliance ASA5520 JMX1340L12C

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 0026.cb48.f377 to 0026.cb48.f37b 2.0 1.0(11)5 9.1(6)

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable

------------------ show memory ------------------

Free memory: 1639500952 bytes (76%)
Used memory: 507982696 bytes (24%)
------------- ------------------
Total memory: 2147483648 bytes (100%)

------------------ show conn count ------------------

205 in use, 633 most used

------------------ show xlate count ------------------

196 in use, 621 most used

------------------ show vpn-sessiondb summary ------------------

---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concur : Inactive
----------------------------------------------
AnyConnect Client : 0 : 3 : 2 : 0
SSL/TLS/DTLS : 0 : 2 : 1 : 0
IKEv2 IPsec : 0 : 1 : 1 : 0
Clientless VPN : 0 : 1 : 1
Browser : 0 : 1 : 1
---------------------------------------------------------------------------
Total Active and Inactive : 0 Total Cumulative : 4
Device Total VPN Capacity : 750
Device Load : 0%
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concurrent
----------------------------------------------
IKEv2 : 0 : 2 : 1
IPsecOverNatT : 0 : 2 : 1
Clientless : 0 : 1 : 1
AnyConnect-Parent : 0 : 3 : 2
SSL-Tunnel : 0 : 2 : 1
DTLS-Tunnel : 0 : 2 : 1
---------------------------------------------------------------------------
Totals : 0 : 12
---------------------------------------------------------------------------

------------------ show blocks ------------------

SIZE MAX LOW CNT
0 700 695 700
4 300 299 299
80 1202 1172 1202
256 3124 3115 3119
1550 9801 9426 9543
2048 1100 1096 1100
2560 2052 2050 2052
4096 100 100 100
8192 100 99 100
16384 154 153 154
65536 16 13 16
CORE LIMIT ALLOC HIGH CNT FAILED
0 24576 50 50 42 0

------------------ show blocks queue history detail ------------------

History buffer memory usage: 2832 bytes (default)
History analysis time limit: 100 msec

Please see 'show blocks exhaustion snapshot' for more information

------------------ show interface ------------------

Interface GigabitEthernet0/0 "telecable", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0026.cb48.f378, MTU 1500
IP address 172.16.5.3, subnet mask 255.255.255.0
719529 packets input, 861622064 bytes, 0 no buffer
Received 2293 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
535118 packets output, 222645063 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
8 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/230)
Traffic Statistics for "telecable":
719521 packets input, 848192210 bytes
535118 packets output, 211236532 bytes
760 packets dropped
1 minute input rate 84 pkts/sec, 86279 bytes/sec
1 minute output rate 86 pkts/sec, 17108 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 191 pkts/sec, 153689 bytes/sec
5 minute output rate 219 pkts/sec, 182910 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 2
Interface config status is active
Interface state is active
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0026.cb48.f379, MTU 1500
IP address 192.168.5.1, subnet mask 255.255.255.0
625488 packets input, 297993746 bytes, 0 no buffer
Received 6212 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
818594 packets output, 898381149 bytes, 2296 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
Traffic Statistics for "inside":
625488 packets input, 284780363 bytes
820890 packets output, 886042041 bytes
5836 packets dropped
1 minute input rate 97 pkts/sec, 17735 bytes/sec
1 minute output rate 96 pkts/sec, 89535 bytes/sec
1 minute drop rate, 1 pkts/sec
5 minute input rate 228 pkts/sec, 183455 bytes/sec
5 minute output rate 201 pkts/sec, 156388 bytes/sec
5 minute drop rate, 1 pkts/sec
Control Point Interface States:
Interface number is 3
Interface config status is active
Interface state is active
Interface GigabitEthernet0/2 "", is administratively down, line protocol is down
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address 0026.cb48.f37a, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/255)
output queue (blocks free curr/low): hardware (255/255)
Control Point Interface States:
Interface number is 4
Interface config status is not active
Interface state is not active
Interface GigabitEthernet0/3 "", is administratively down, line protocol is down
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address 0026.cb48.f37b, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/255)
output queue (blocks free curr/low): hardware (255/255)
Control Point Interface States:
Interface number is 5
Interface config status is not active
Interface state is not active
Interface Management0/0 "management", is administratively down, line protocol is down
Hardware is i82557, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
MAC address 0026.cb48.f377, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (1/0) software (0/0)
Traffic Statistics for "management":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets
0 IPv4 packets originated from management network
0 IPv4 packets destined to management network
0 IPv6 packets originated from management network
0 IPv6 packets destined to management network
Control Point Interface States:
Interface number is 6
Interface config status is not active
Interface state is not active

------------------ show cpu usage ------------------

CPU utilization for 5 seconds = 1%; 1 minute: 1%; 5 minutes: 1%

------------------ show cpu hogging process ------------------

Process: ARP Thread, NUMHOG: 4, MAXHOG: 8, LASTHOG: 4
LASTHOG At: 15:37:13 CST Mar 23 2020
PC: 0x087bf1ee (suspend)
Call stack: 0x087bf1ee 0x0806a25c

Process: Logger, PROC_PC_TOTAL: 3, MAXHOG: 4, LASTHOG: 2
LASTHOG At: 15:37:13 CST Mar 23 2020
PC: 0x09146db8 (suspend)

Process: Logger, NUMHOG: 3, MAXHOG: 4, LASTHOG: 2
LASTHOG At: 15:37:13 CST Mar 23 2020
PC: 0x09146db8 (suspend)
Call stack: 0x09146db8 0x0806a25c

Process: Unicorn Admin Handler, NUMHOG: 3, MAXHOG: 62, LASTHOG: 12
LASTHOG At: 15:37:17 CST Mar 23 2020
PC: 0x084da7de (suspend)
Call stack: 0x084da7de 0x0861ce8d 0x094755c4 0x09475c28 0x0862f4d6 0x08e42f85 0x08e42e3f
0x080f3e68 0x080f4b55 0x0856fd2c 0x08568666 0x08568a72 0x08568dae 0x0856f38b

Process: tmatch compile thread, PROC_PC_TOTAL: 2, MAXHOG: 5, LASTHOG: 5
LASTHOG At: 15:37:19 CST Mar 23 2020
PC: 0x0828202f (suspend)

Process: tmatch compile thread, NUMHOG: 2, MAXHOG: 5, LASTHOG: 5
LASTHOG At: 15:37:19 CST Mar 23 2020
PC: 0x0828202f (suspend)
Call stack: 0x0828202f 0x0806a25c

Process: Unicorn Admin Handler, PROC_PC_TOTAL: 23, MAXHOG: 7, LASTHOG: 4
LASTHOG At: 15:37:22 CST Mar 23 2020
PC: 0x08ca2a10 (suspend)

Process: Unicorn Admin Handler, NUMHOG: 23, MAXHOG: 7, LASTHOG: 4
LASTHOG At: 15:37:22 CST Mar 23 2020
PC: 0x08ca2a10 (suspend)
Call stack: 0x08ca2a10 0x08568797 0x08568a72 0x08568dae 0x0856f38b 0x0806a25c

Process: DHCPRA Monitor, PROC_PC_TOTAL: 4, MAXHOG: 6, LASTHOG: 6
LASTHOG At: 15:37:25 CST Mar 23 2020
PC: 0x082e45bc (suspend)

Process: update_cpu_usage, PROC_PC_TOTAL: 2, MAXHOG: 33, LASTHOG: 33
LASTHOG At: 15:37:26 CST Mar 23 2020
PC: 0x08d1237c (suspend)

Process: CTM message handler, NUMHOG: 28, MAXHOG: 34, LASTHOG: 33
LASTHOG At: 15:37:26 CST Mar 23 2020
PC: 0x081832e4 (suspend)
Call stack: 0x0806a25c

Process: Unicorn Admin Handler, PROC_PC_TOTAL: 1, MAXHOG: 9, LASTHOG: 9
LASTHOG At: 15:37:26 CST Mar 23 2020
PC: 0x08f27add (suspend)

Process: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 9, LASTHOG: 9
LASTHOG At: 15:37:26 CST Mar 23 2020
PC: 0x08f27add (suspend)
Call stack: 0x08f27add 0x08f27e10 0x08ca112f 0x08ca1a23 0x08568735 0x08568a72 0x08568dae
0x0856f38b 0x0806a25c

Process: Dispatch Unit, PROC_PC_TOTAL: 42, MAXHOG: 18, LASTHOG: 5
LASTHOG At: 15:37:29 CST Mar 23 2020
PC: 0x0829bb99 (suspend)

Process: Dispatch Unit, NUMHOG: 42, MAXHOG: 18, LASTHOG: 5
LASTHOG At: 15:37:29 CST Mar 23 2020
PC: 0x0829bb99 (suspend)
Call stack: 0x0829bb99 0x0806a25c

Process: Dispatch Unit, PROC_PC_TOTAL: 2, MAXHOG: 68, LASTHOG: 68
LASTHOG At: 15:41:51 CST Mar 23 2020
PC: 0x0829bc38 (suspend)

Process: Dispatch Unit, NUMHOG: 2, MAXHOG: 68, LASTHOG: 68
LASTHOG At: 15:41:51 CST Mar 23 2020
PC: 0x0829bc38 (suspend)
Call stack: 0x0829bc38 0x0806a25c

Process: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 7, LASTHOG: 7
LASTHOG At: 15:41:51 CST Mar 23 2020
PC: 0x084da7de (suspend)
Call stack: 0x084da7de 0x0861ce8d 0x08626bac 0x08632964 0x08d8df59 0x08d8e0c1 0x08c84394
0x0810191a 0x081022c5 0x08c84394 0x08c85e31 0x080f484b 0x080f5086 0x080f5249

Process: Unicorn Admin Handler, PROC_PC_TOTAL: 6, MAXHOG: 62, LASTHOG: 3
LASTHOG At: 15:41:54 CST Mar 23 2020
PC: 0x084da7de (suspend)

Process: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 15:41:54 CST Mar 23 2020
PC: 0x084da7de (suspend)
Call stack: 0x084da7de 0x0861ce8d 0x087a3c6e 0x087a694a 0x08632393 0x08d8df59 0x08d8e0c1
0x08c84394 0x0810191a 0x081022c5 0x08c84394 0x08c85e31 0x080f484b 0x080f5086

Process: IKEv2 Daemon, PROC_PC_TOTAL: 2, MAXHOG: 9, LASTHOG: 9
LASTHOG At: 15:42:58 CST Mar 23 2020
PC: 0x0806c30e (suspend)

Process: IKEv2 Daemon, NUMHOG: 2, MAXHOG: 9, LASTHOG: 9
LASTHOG At: 15:42:58 CST Mar 23 2020
PC: 0x0806c30e (suspend)
Call stack: 0x0806c30e 0x081941fb 0x098258fb 0x0982999a 0x0981bc3e 0x0981be67 0x0984093f
0x0984f987 0x0818c423 0x081bca8b 0x08156d02 0x081ba14a 0x08156f22 0x08e9facd

Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 1, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 16:06:06 CST Mar 23 2020
PC: 0x091a30c5 (suspend)

Process: Unicorn Proxy Thread, NUMHOG: 1, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 16:06:06 CST Mar 23 2020
PC: 0x091a30c5 (suspend)
Call stack: 0x0806c2c1 0x091a30c5 0x091a5cfd 0x091a5db5 0x759f65c4 0x40000000

Process: rtcli async executor process, PROC_PC_TOTAL: 822, MAXHOG: 60, LASTHOG: 3
LASTHOG At: 16:07:37 CST Mar 23 2020
PC: 0x091a3e95 (suspend)

Process: rtcli async executor process, NUMHOG: 96, MAXHOG: 47, LASTHOG: 3
LASTHOG At: 16:07:37 CST Mar 23 2020
PC: 0x091a3e95 (suspend)
Call stack: 0x0806c2c1 0x091a3e95 0x091a43ad 0x091c2682 0x092e5338 0x092be349 0x092cfc9d
0x092bf110 0x092b65c1 0x092bd63b 0x092bd83f 0x092b639a 0x092eac46 0x092be349

Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 16, MAXHOG: 9, LASTHOG: 7
LASTHOG At: 16:07:37 CST Mar 23 2020
PC: 0x091c150d (suspend)

Process: Unicorn Proxy Thread, NUMHOG: 16, MAXHOG: 9, LASTHOG: 7
LASTHOG At: 16:07:37 CST Mar 23 2020
PC: 0x091c150d (suspend)
Call stack: 0x0806b9ba 0x091c150d 0x091a3a3a 0x091a5cfd 0x091a5db5 0x759f65c4 0x40000000

Process: Dispatch Unit, PROC_PC_TOTAL: 1016, MAXHOG: 204, LASTHOG: 68
LASTHOG At: 16:21:07 CST Mar 23 2020
PC: 0x0829be8c (suspend)

Process: Dispatch Unit, NUMHOG: 397, MAXHOG: 204, LASTHOG: 68
LASTHOG At: 16:21:07 CST Mar 23 2020
PC: 0x0829be8c (suspend)
Call stack: 0x0829be8c 0x0806a25c

CPU hog threshold (msec): 2.844
Last cleared: None

------------------ show process ------------------

PC SP STATE Runtime SBASE Stack Process
Msi 0x08889804 0x6ef65d24 0x0b5aa9d0 10 0x6ef61e18 15688/16384 WebVPN KCD Process
Msi 0x093d9c1d 0x719e453c 0x0b5aa9d0 33 0x719e0660 15640/16384 vpnlb_timer_thread
Mwe 0x093d98b2 0x6fbd7ef4 0x0b5057c8 0 0x6fbd4028 15328/16384 vpnlb_thread
Msi 0x093bbaae 0x76211e04 0x0b5aa9d0 92 0x7620df18 15656/16384 vpnfol_thread_unsent
Msi 0x093bbd22 0x76209da4 0x0b5aa9d0 50 0x76205eb8 15656/16384 vpnfol_thread_timer
Mwe 0x093b9d82 0x7620dd64 0x0b5054a0 0 0x76209ee8 15992/16384 vpnfol_thread_sync
Mwe 0x093b2e54 0x76205d64 0x0b505458 0 0x761fde88 32472/32768 vpnfol_thread_msg
Mwe 0x091c150d 0x702aa644 0x0b5aa9d0 2 0x6f067218 15072/16384 UserFromCert Thread
Msi 0x08d1237c 0x7501e914 0x0b5aa9d0 606 0x7501a9f8 14004/16384 update_cpu_usage
Mwe 0x091c150d 0x75962b24 0x0b5aa9d0 244 0x7588f538 15008/16384 Unicorn Proxy Thread
Mwe 0x08ca2a10 0x7627a414 0x754ea07c 724 0x7625abd8 127400/131072 Unicorn Admin Handler
Mwe 0x08ca1825 0x761c0844 0x0b5aa9d0 349 0x761a1138 123396/131072 Unicorn Admin Handler
M* 0x08c7ad25 0x68b3ff1c 0x0b5ab268 219 0x7938af98 118212/131072 Unicorn Admin Handler
Mwe 0x0919b824 0x6f088504 0x0b4d4870 6 0x6f084628 15672/16384 udp_timer
Mwe 0x0919c4a1 0x75468a1c 0x0b5aa9d0 59 0x75464ba0 15696/16384 udp_thread
Lsi 0x08cf72a9 0x6f10db54 0x0b5aa9d0 0 0x6f109c38 15704/16384 uauth_urlb clean
Mwe 0x090ce641 0x6fb78b2c 0x0b4c3ad0 0 0x6fb74c40 15632/16384 Uauth_Proxy
Mwe 0x0914ea2d 0x6fb748f4 0x74d69ea0 5 0x6fb70aa8 15448/16384 uauth
Mwe 0x0828202f 0x71eaf35c 0x0ae3f01c 114 0x71e8f5f0 120804/131072 tmatch compile thread
Mwe 0x0838ed15 0x6fc77c94 0x0b5aa9d0 0 0x6fc73e08 15864/16384 TLS Proxy Inspector
Mwe 0x08316e55 0x75509424 0x0b5aa9d0 0 0x75505568 15624/16384 Timekeeper
Mwe 0x0913ffa5 0x6fb95614 0x0b5aa9d0 0 0x6fb91768 15600/16384 Thread Logger
Mwe 0x091562d4 0x7546c72c 0x0b5fed8c 0 0x75468bd0 14848/16384 tcp_thread
Mwe 0x0915b998 0x6f166f8c 0x0b4cc8a0 0 0x6f1630c0 15656/16384 tcp_slow
Mwe 0x09152f27 0x6f162f6c 0x0b4cc8a0 0 0x6f15f090 15672/16384 tcp_fast
Mwe 0x0914a477 0x6fbbb3ec 0x0b4cb800 0 0x6fbb7500 15592/16384 syslogd
Mwe 0x09144a8d 0x6fb9143c 0x0b5aa9d0 0 0x6fb8d5d0 15768/16384 Syslog Retry Thread
Mwe 0x081f4325 0x6f0a33bc 0x0b5aa9d0 1 0x6f09f530 15624/16384 SXP CORE
Msp 0x0911cbaf 0x6fb85024 0x0b5aa9d0 9 0x6fb81108 15704/16384 SSL
Msi 0x0902fe2c 0x74ec561c 0x0b5aa9d0 0 0x74ec1700 15704/16384 snmpfo_timer_thread
Mwe 0x0902f524 0x7522719c 0x0b4b872c 0 0x752232d0 15656/16384 SNMP Notify Thread
Mwe 0x0914c754 0x6fb8916c 0x0b4cbe34 0 0x6fb852a0 15708/16384 SMTP
Mwe 0x08fdc17d 0x6fb68604 0x0b5aa9d0 8 0x6fb60778 29296/32768 Session Manager
Mwe 0x094d1bed 0x7615ea1c 0x0b5aa9d0 1005 0x76156ec0 25056/32768 sch_module
Mwe 0x094eb2dd 0x76166cec 0x0b5aa9d0 0 0x76163190 14736/16384 sch_inventory
Mwe 0x094dbe4a 0x7642ecdc 0x0b5aa9d0 4 0x76427150 17744/32768 sch_dispatcher
Mwe 0x094dbe4a 0x76436d0c 0x0b5aa9d0 31 0x7642f180 17744/32768 sch_dispatcher
Mwe 0x094ea085 0x76162b54 0x0b5aa9d0 0 0x7615eff8 14736/16384 sch_config
Mwe 0x094bb25d 0x6fbec65c 0x0b5aa9d0 2 0x6fbe8820 15200/16384 scansafe_poll
Mwe 0x091c150d 0x75151ba4 0x0b5aa9d0 30426 0x750d8d10 26600/32768 rtcli async executor process
Mwe 0x0807358d 0x6f05bc6c 0x0b5aa9d0 0 0x6f053db0 32192/32768 Reload Control Thread
Mwe 0x081ec031 0x6f0ac6b4 0x0b5aa9d0 0 0x6f0a8818 15488/16384 RBM CORE
Mwe 0x090e591d 0x74f8bc8c 0x0b5aa9d0 0 0x74f87de0 15832/16384 RADIUS Proxy Time Keeper
Mwe 0x090a5703 0x74f87954 0x74fda930 0 0x74f83c48 14752/16384 RADIUS Proxy Listener
Mwe 0x090e61f4 0x74f8397c 0x0b4c9294 0 0x74f7fab0 16072/16384 RADIUS Proxy Event Daemon
Mwe 0x08f5912d 0x6fb6044c 0x0b5aa9d0 0 0x6fb585e0 31776/32768 Quack process
Mwe 0x08f274e1 0x76140b94 0x0b7a3a68 4 0x7613ccd8 15816/16384 qos_metric_daemon
Mwe 0x08f53bda 0x6fb419d4 0x0b4a9ad8 0 0x6fb3dae8 16104/16384 QoS Support Module
Mwe 0x09360f11 0x719e04cc 0x0b4fa2cc 7 0x719dc630 16024/16384 ppp_timer_thread
Lwe 0x08cc9e96 0x6f16b214 0x0b5aa9d0 45 0x6f167398 12392/16384 pm_timer_thread
Msi 0x08ce296e 0x6f992244 0x0b5aa9d0 63 0x6f98e358 15656/16384 PIX Garbage Collector
Mwe 0x094b2edc 0x6fbe8524 0x0b50ab68 0 0x6fbe4688 16024/16384 pci_nt_bridge
Mwe 0x08b3a0c3 0x75dc8414 0x0b5aa9d0 98 0x75dc4568 9332/16384 NTP
Mwe 0x0916de25 0x75026b64 0x0b5aa9d0 153 0x75022d28 15604/16384 npshim_thread
Msi 0x08d12444 0x75032e9c 0x0b5aa9d0 0 0x7502f0c0 13472/16384 NIC status poll
Msi 0x08997606 0x7503b2dc 0x0b5aa9d0 2 0x750373f0 15656/16384 netfs_vnode_reclaim
Mwe 0x091c150d 0x6fc93414 0x0b5aa9d0 0 0x6f16b558 15264/16384 netfs_thread_init
Mwe 0x089972f4 0x6fd4c024 0x0aec4de4 0 0x6fd48148 15696/16384 netfs_mount_handler
Mwe 0x09341aa5 0x750a9d34 0x0b5fec28 0 0x750a1e48 32456/32768 lu_rx
Lwe 0x09341af4 0x750adedc 0x0b864048 0 0x750a9fe0 16120/16384 lu_dynamic_sync
Mwe 0x09341bec 0x7501a6ec 0x0b8640a4 4 0x75016860 15632/16384 lu_ctl
Mwe 0x0914652c 0x6fb8d2c4 0x0b4cb158 406 0x6fb89438 14536/16384 Logger
Mwe 0x09163c58 0x75d84134 0x75d80368 0 0x75d80418 15536/16384 listen/ssh
Mwe 0x08ef1d7c 0x6ef70ed4 0x0b442a40 0 0x6ef6d008 16072/16384 lina_int
Mwe 0x0888a4f6 0x6f1569dc 0x0b607840 0 0x6f152b10 16008/16384 Lic TMR
Mwe 0x0888a2b5 0x6fb58324 0x0aec1140 3 0x6fb54448 16040/16384 Lic HA Cluster
Mwe 0x093789f5 0x6f177664 0x0b5aa9d0 0 0x6f1737c8 15816/16384 L2TP mgmt daemon
Mwe 0x09376185 0x6f173634 0x0b5aa9d0 0 0x6f16f798 15816/16384 L2TP data daemon
Mwe 0x08166daa 0x71dde1ec 0x6f097188 4 0x71dda360 8192/16384 IPsec message handler
Mwe 0x087b79de 0x7545c9cc 0x0b5fed0c 123 0x75454b10 31864/32768 IP Thread
Mwe 0x08b638c2 0x74b619a4 0x0b5aa9d0 3 0x74b5daf8 14368/16384 IP Background
Mwe 0x08cbde4a 0x6f9a8524 0x0b42cf84 0 0x6f9a4638 9908/16384 IP Address Assign
Mwe 0x087a8445 0x6fbe01f4 0x0b5aa9d0 0 0x6fbdc348 15832/16384 Integrity Fw Timer Thread
Mwe 0x087abf24 0x74f8fd84 0x0b5fe668 0 0x74f8bf78 15264/16384 Integrity FW Task
Mwe 0x087225a4 0x74f5f91c 0x0b5aa9d0 6 0x74f5ba70 15624/16384 IKEv2 DPD Client Process
Mwe 0x087230b2 0x6f14ca94 0x0b5aa9d0 192 0x6f148f48 8836/16384 IKEv2 Daemon
Mwe 0x08676925 0x6fb7076c 0x0b5aa9d0 121 0x6fb6c940 15480/16384 IKE Timekeeper
Mwe 0x08674bdd 0x6f1527ac 0x0b5aa9d0 0 0x6f14e900 13316/16384 IKE Receiver
Mwe 0x0866454b 0x74f5b5fc 0x0aebcc70 76 0x74f53a40 28432/32768 IKE Daemon
Mwe 0x0863cd8d 0x6fb6c7bc 0x0b5aa9d0 0 0x6fb68910 15832/16384 IKE Common thread
Mwe 0x085be30b 0x6f1057b4 0x0b5aa9d0 0 0x6f0fd908 32216/32768 idfw_service
Mwe 0x085b1e35 0x6f0fd60c 0x0b5aa9d0 0 0x6f0f5770 31680/32768 idfw_proc
Mwe 0x085ca305 0x6f10990c 0x0b5aa9d0 0 0x6f105aa0 15524/16384 idfw_adagent
Mwe 0x0858e28e 0x7546491c 0x0b5fecc8 0 0x75460b70 13764/16384 icmp_thread
Mwe 0x08f8b5ad 0x74afc2f4 0x0b5aa9d0 0 0x74af8438 15848/16384 ICMP event handler
Msi 0x08d11c44 0x75022a9c 0x0b5aa9d0 0 0x7501eb90 15688/16384 health_check
Mwe 0x0853a4af 0x750989a4 0x0b5aa9d0 0 0x75094b88 15688/16384 ha_trans_data_tx
Mwe 0x0853a4af 0x750727dc 0x0b5aa9d0 0 0x7506e9c0 15688/16384 ha_trans_ctl_tx
Mwe 0x0851ad16 0x7504d8a4 0x0b5f3144 0 0x75049a68 15928/16384 fover_tx_2
Mwe 0x0851ad16 0x7504970c 0x0b5f313c 0 0x750458d0 15928/16384 fover_tx
Msi 0x0851f7bc 0x75016594 0x0b5aa9d0 25 0x750126c8 14720/16384 fover_thread
Mwe 0x0851915c 0x750455c4 0x0b5ec160 0 0x75041738 16008/16384 fover_rx
Mwe 0x08524554 0x75055a54 0x0b5f3158 0 0x75051d98 15544/16384 fover_rep
Mwe 0x08519034 0x7505dadc 0x0b5f3160 16 0x75055f30 31652/32768 fover_parse
Mwe 0x0850b08c 0x7505198c 0x0b5fec88 0 0x7504dc00 15720/16384 fover_ip
Mwe 0x084f5770 0x750660fc 0x0b5f37cc 7 0x75062260 16024/16384 fover_ifc_test
Mwe 0x084f97a6 0x7506a294 0x0b5aa9d0 0 0x750663f8 15816/16384 fover_health_monitoring_thread
Mwe 0x0853091d 0x750a0bdc 0x0b5aa9d0 0 0x75098d20 32040/32768 fover_FSM_thread
Mwe 0x084f951d 0x75061f74 0x0b5aa9d0 0 0x7505e0c8 15832/16384 fover_fail_check
Mwe 0x08321b5a 0x7581462c 0x0b5aa9d0 26 0x7580cbb0 24680/32768 emweb/https
Msi 0x08ffaf5c 0x6fcf7324 0x0b5aa9d0 42 0x6fcf3418 15688/16384 emweb/cifs_timer
Mwe 0x090a5703 0x754fafcc 0x754ff920 0 0x754f72d0 15304/16384 EAPoUDP-sock
Mwe 0x082e7d4d 0x754fefe4 0x0b5aa9d0 0 0x754fb468 15016/16384 EAPoUDP
Mwe 0x09300b5d 0x74b0047c 0x0b5aa9d0 0 0x74afc5d0 15832/16384 Dynamic Filter VC Housekeeper
Mwe 0x082a5381 0x7623404c 0x0b5aa9d0 0 0x762302b0 15560/16384 dns_process
Lwe 0x082a8b64 0x7503f2cc 0x0b5aa9d0 0 0x7503b420 15608/16384 dns_cache_timer
Mrd 0x0829bb99 0x6ef49fcc 0x0b5ab268 48865 0x6ef2a170 122948/131072 Dispatch Unit
Msi 0x082e45bc 0x7548007c 0x0b5aa9d0 82 0x7547c1c0 15608/16384 DHCPRA Monitor
Mwe 0x082be921 0x7547bee4 0x0b5aa9d0 85 0x75478028 15624/16384 DHCPD Timer
Mwe 0x0919b009 0x7549039c 0x704cf2cc 3 0x754885c0 22420/32768 DHCPC Receiver
Mwe 0x082c1391 0x75d8bc94 0x0b5aa9d0 6 0x75d87e78 6948/16384 dhcp_daemon
Mwe 0x082d85b2 0x754882c4 0x0b5aa9d0 0 0x75484428 9492/16384 DHCP Client
Lwe 0x08299f44 0x6f0da1dc 0x0b5bdb00 0 0x6f0d62f0 15632/16384 dbgtrace
Mwe 0x081e42dd 0x6f0c9814 0x0b5aa9d0 0 0x6f0c5958 15672/16384 cts_timer_task
Mwe 0x081e2e2c 0x6f0c553c 0x0b5b82e8 0 0x6f0bd7c0 31704/32768 cts_task
Msi 0x081832e4 0x71de202c 0x0b5aa9d0 793 0x71dde390 14680/16384 CTM message handler
Mwe 0x0817ce35 0x6f09cccc 0x0b5aa9d0 0 0x6f098e20 15832/16384 CTM Daemon
Mwe 0x0813693d 0x6f0f2c7c 0x0b5aa9d0 0 0x6f0eedd0 15832/16384 CTCP Timer process
Mwe 0x08e59935 0x74e95cbc 0x0b5aa9d0 0 0x74e91df0 15928/16384 Crypto PKI RECV
Mwe 0x08e5afc3 0x74e87bcc 0x0b5aa9d0 0 0x74e83d20 15832/16384 Crypto CA
Mrd 0x08399501 0x74fd4904 0x0b5ab268 0 0x74fd0a58 14536/16384 CP Threat-Detection Processing
Mwe 0x080c2d0d 0x6f0801a4 0x0b5aa9d0 0 0x6f07c2f8 15832/16384 CMGR Timer Process
Mwe 0x080c069c 0x6f07c03c 0x0b5ad034 0 0x6f074160 32144/32768 CMGR Server Process
Mwe 0x08222a55 0x6f11d3b4 0x0b5aa9d0 0 0x6f1194f8 15656/16384 cluster interface health monitor
Mwe 0x08d7244a 0x6fb45bac 0x0b42dee8 0 0x6fb41cc0 16104/16384 Client Update Task
Mwe 0x082b5d04 0x75011c3c 0x0a7d921c 3 0x74ff2530 124976/131072 ci/console
Mwe 0x09868e35 0x6f183bc4 0x0b5aa9d0 0 0x6f17fd48 15848/16384 Chunk Manager
Lwe 0x098deec5 0x6fb4a86c 0x0b5aa9d0 208 0x6fb469d0 15592/16384 Checkheaps
Mwe 0x084dc1ad 0x6ef6ccbc 0x0b5aa9d0 0 0x6ef68e70 15680/16384 CF OIR
Mwe 0x08e9c288 0x74e8bd64 0x0b5aa9d0 13 0x74e87eb8 12384/16384 CERT API
Mwe 0x091c150d 0x75fe44d4 0x0b5aa9d0 0 0x75e29500 15344/16384 cachefs
Lwe 0x080598d4 0x6ef1682c 0x0b5aa8a8 0 0x6ef12940 15760/16384 block_diag
Msi 0x087bdc18 0x6f0e67f4 0x0b5aa9d0 50 0x6f0e2908 15456/16384 arp_timer
Mwe 0x087c875e 0x6f111c6c 0x0b5fe6b0 0 0x6f10ddd0 16024/16384 arp_forward_thread
Mwe 0x087bf1ee 0x75460a1c 0x0b5fe6a0 188 0x7545cb40 9476/16384 ARP Thread
Mwe 0x091c150d 0x70260204 0x0b5aa9d0 4 0x6f06b3f0 14512/16384 aaa_shim_thread
Mwe 0x08087d09 0x6f066c1c 0x0b5abf8c 0 0x6f063080 12824/16384 aaa
Msi 0x08588e26 0x6f0eeb54 0x0b5aa9d0 0 0x6f0eac38 15672/16384 557statspoll
Msi 0x08588a54 0x6f0ea9bc 0x0b5aa9d0 21 0x6f0e6aa0 15704/16384 557mcfix
- - - - 0 - - DATAPATH-0-519
- - - - 4003953 - - scheduler
- - - - 4114821 - - total elapsed

------------------ show kernel process ------------------

PID PPID PRI NI VSIZE RSS WCHAN STAT RUNTIME GTIME CGTIME COMMAND

1 0 20 0 2084864 616 3708909432 S 161 0 0 init

2 0 15 - 5 0 0 3708961408 S 0 0 0 kthreadd

3 2 15 - 5 0 0 3708915808 S 0 0 0 ksoftirqd/0

4 2 15 - 5 0 0 3708951508 S 12 0 0 events/0

5 2 15 - 5 0 0 3708951508 S 0 0 0 khelper

50 2 15 - 5 0 0 3708951508 S 0 0 0 kblockd/0

53 2 15 - 5 0 0 3710000551 S 0 0 0 kseriod

112 2 20 0 0 0 3709071114 S 0 0 0 pdflush

113 2 20 0 0 0 3709071114 S 3 0 0 pdflush

114 2 15 - 5 0 0 3709083983 S 54 0 0 kswapd0

115 2 15 - 5 0 0 3708951508 S 0 0 0 aio/0

116 2 15 - 5 0 0 3708951508 S 0 0 0 nfsiod

227 2 15 - 5 0 0 3708951508 S 0 0 0 hid_compat

228 2 15 - 5 0 0 3708951508 S 0 0 0 rpciod/0

253 1 16 - 4 1789952 624 3709220179 S 2 0 0 udevd

308 253 18 - 2 1916928 628 3709220179 S 0 0 0 udevd

309 253 18 - 2 1916928 500 3709220179 S 0 0 0 udevd

484 1 20 0 5251072 1616 4294967295 S 0 0 0 lwsmd

486 484 20 0 16785408 3624 4294967295 S 54 0 0 lwregd

511 1 20 0 2088960 516 3708909432 S 0 0 0 sh

512 511 20 0 10186752 524 4294967295 S 0 0 0 lina_monitor

514 512 0 -20 1996238848 72728 4294967295 S 398673 0 0 lina

------------------ show kernel cgroup-controller detail ------------------

memory controller:
-----------------
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 74072064 (4%)
memory.max_usage_in_bytes: 77742080 (4%)
memory.failcnt: 0
tasks:

group "normal"
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 77824 (0%)
memory.max_usage_in_bytes: 733184 (0%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
1 630784 init
2 0 kthreadd
3 0 ksoftirqd/0
4 0 events/0
5 0 khelper
50 0 kblockd/0
53 0 kseriod
112 0 pdflush
113 0 pdflush
114 0 kswapd0
115 0 aio/0
116 0 nfsiod
227 0 hid_compat
228 0 rpciod/0
253 638976 udevd
308 643072 udevd
309 512000 udevd
511 528384 sh

group "privileged"
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 49086464 (2%)
memory.max_usage_in_bytes: 49659904 (2%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
512 536576 lina_monitor
513 0 lina_monitor
514 74481664 lina
515 0 lina
516 0 lina
517 0 lina
518 0 lina
519 0 lina

group "restricted"
memory.limit_in_bytes: 23068672 (1%)
memory.usage_in_bytes: 1748992 (0%)
memory.max_usage_in_bytes: 1933312 (0%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
484 1654784 lwsmd
485 0 lwsmd
486 3710976 lwregd
488 0 lwregd
489 0 lwregd
490 0 lwregd
491 0 lwregd
492 0 lwregd
493 0 lwsmd
494 0 lwsmd
495 0 lwsmd
496 0 lwsmd
497 0 lwsmd

cpu controller:
---------------
cpu.shares: 1024
cpuacct.usage: 3990755940490
tasks:

group "normal"
cpu.shares: 4106
cpuacct.usage: 13351652078 (0%)
tasks:
PID RSS COMMAND
1 630784 init
2 0 kthreadd
3 0 ksoftirqd/0
4 0 events/0
5 0 khelper
50 0 kblockd/0
53 0 kseriod
112 0 pdflush
113 0 pdflush
114 0 kswapd0
115 0 aio/0
116 0 nfsiod
227 0 hid_compat
228 0 rpciod/0
253 638976 udevd
308 643072 udevd
309 512000 udevd
511 528384 sh
512 536576 lina_monitor
513 0 lina_monitor
514 74481664 lina
515 0 lina
516 0 lina
517 0 lina
518 0 lina

group "privileged"
cpu.shares: 65696
cpuacct.usage: 3974643978332 (100%)
tasks:
PID RSS COMMAND
519 0 lina

group "restricted"
cpu.shares: 1024
cpuacct.usage: 635734883 (0%)
tasks:
PID RSS COMMAND
484 1654784 lwsmd
485 0 lwsmd
486 3710976 lwregd
488 0 lwregd
489 0 lwregd
490 0 lwregd
491 0 lwregd
492 0 lwregd
493 0 lwsmd
494 0 lwsmd
495 0 lwsmd
496 0 lwsmd
497 0 lwsmd

------------------ show failover ------------------

Failover Off
Failover unit Secondary
Failover LAN Interface: not Configured
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum

------------------ show failover history ------------------

==========================================================================
From State To State Reason
==========================================================================
15:15:10 CST Mar 23 2020
Not Detected Disabled No Error

==========================================================================

------------------ show traffic ------------------

telecable:
received (in 3993.030 secs):
719521 packets 848192210 bytes
180 pkts/sec 212418 bytes/sec
transmitted (in 3993.030 secs):
535118 packets 211236532 bytes
134 pkts/sec 52901 bytes/sec
1 minute input rate 84 pkts/sec, 86279 bytes/sec
1 minute output rate 86 pkts/sec, 17108 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 191 pkts/sec, 153689 bytes/sec
5 minute output rate 219 pkts/sec, 182910 bytes/sec
5 minute drop rate, 0 pkts/sec
inside:
received (in 3993.030 secs):
625488 packets 284780363 bytes
156 pkts/sec 71319 bytes/sec
transmitted (in 3993.030 secs):
820890 packets 886042041 bytes
205 pkts/sec 221897 bytes/sec
1 minute input rate 97 pkts/sec, 17735 bytes/sec
1 minute output rate 96 pkts/sec, 89535 bytes/sec
1 minute drop rate, 1 pkts/sec
5 minute input rate 228 pkts/sec, 183455 bytes/sec
5 minute output rate 201 pkts/sec, 156388 bytes/sec
5 minute drop rate, 1 pkts/sec
management:
received (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
received (in 3993.030 secs):
719529 packets 861622064 bytes
180 pkts/sec 215781 bytes/sec
transmitted (in 3993.030 secs):
535118 packets 222645063 bytes
134 pkts/sec 55758 bytes/sec
1 minute input rate 84 pkts/sec, 87867 bytes/sec
1 minute output rate 86 pkts/sec, 19050 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 191 pkts/sec, 157584 bytes/sec
5 minute output rate 219 pkts/sec, 187325 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
received (in 3993.030 secs):
625488 packets 297993746 bytes
156 pkts/sec 74628 bytes/sec
transmitted (in 3993.030 secs):
818594 packets 898381149 bytes
205 pkts/sec 224987 bytes/sec
1 minute input rate 97 pkts/sec, 19924 bytes/sec
1 minute output rate 96 pkts/sec, 91347 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 228 pkts/sec, 188075 bytes/sec
5 minute output rate 201 pkts/sec, 159847 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
received (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
received (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management0/0:
received (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3993.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

------------------ show perfmon ------------------

PERFMON STATS: Current Average
Xlates 2/s 1/s
Connections 2/s 1/s
TCP Conns 2/s 0/s
UDP Conns 0/s 1/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
TCP Intercept Established Conns 0/s 0/s
TCP Intercept Attempts 0/s 0/s
TCP Embryonic Conns Timeout 0/s 0/s
HTTP Fixup 0/s 0/s
FTP Fixup 0/s 0/s
AAA Authen 0/s 0/s
AAA Author 0/s 0/s
AAA Account 0/s 0/s

VALID CONNS RATE in TCP INTERCEPT: Current Average
N/A N/A

------------------ show counters ------------------

Protocol Counter Value Context
IP IN_PKTS 8666 Summary
IP OUT_PKTS 207 Summary
IP OUT_DROP_DWN 6 Summary
IP TO_ARP 3932 Summary
IP TO_UDP 4696 Summary
IP TO_ICMP 31 Summary
IP TO_TCP 7 Summary
TCP IN_PKTS 7 Summary
TCP DROP_NRST 7 Summary
TCP HASH_MISS 7 Summary
UDP IN_PKTS 4696 Summary
UDP OUT_PKTS 151 Summary
UDP DROP_NO_APP 4649 Summary
ICMP IN_PKTS 31 Summary
ICMP OUT_PKTS 3 Summary
ICMP PORT_UNREACH 7 Summary
SSLERR BAD_AUTHENTICATION_TYPE 9 Summary
SSLERR BAD_PROTOCOL_VERSION_NUMBER 4 Summary
SSLERR BAD_SIGNATURE 11 Summary
SSLERR CERTIFICATE_VERIFY_FAILED 5 Summary
SSLERR SSLV3_ALERT_CERT_UNKNOWN 10 Summary
SSLALERT RX_CLOSE_NOTIFY 4 Summary
SSLALERT RX_CERTIFICATE_UNKNOWN 10 Summary
SSLALERT RX_FATAL_ALERT 10 Summary
SSLALERT RX_WARNING_ALERT 4 Summary
SSLALERT TX_CLOSE_NOTIFY 214 Summary
SSLALERT TX_HANDSHAKE_FAILURE 5 Summary
SSLALERT TX_FATAL_ALERT 5 Summary
SSLALERT TX_WARNING_ALERT 214 Summary
SSLDEV NEW_CTX 1 Summary
SSL_NP OPEN_CONN 11 Summary
SSL_NP DTLS_OPEN_CONN 1 Summary
SSL_NP HANDSHAKE_START 246 Summary
SSL_NP HANDSHAKE_DONE 223 Summary
SSL_NP DOWNSTREAM_CLOSE 675 Summary
SSL_NP DOWNSTREAM_CLOSE_NEXT 247 Summary
SSL_NP UPSTREAM_CLOSE 253 Summary
SSL_NP UPSTREAM_CLOSE_NEXT 247 Summary
SSL_NP FREE_CONN 247 Summary
SSL_NP NEW_CONN_SERVER 234 Summary
SSL_NP NEW_CONN_CLIENT 5 Summary
SSL_NP DTLS_NEW_CONN_SERVER 8 Summary
SSL_NP EXTRACT_VIA_DUPB 8335 Summary
SSL_NP IN_PKTS_RX 49798 Summary
SSL_NP IN_PKTS_TX 8858 Summary
SSL_NP OUT_PKTS_RX 49203 Summary
SSL_NP OUT_PKTS_TX 50076 Summary
SSL_NP DTLS_IN_PKTS_RX 90 Summary
SSL_NP DTLS_IN_PKTS_TX 79 Summary
SSL_NP DTLS_OUT_PKTS_RX 12 Summary
SSL_NP DTLS_OUT_PKTS_TX 12 Summary
SSL_NP SESSIONS_CLEARED 205 Summary
SSL_NP FAST_START 5 Summary
SSL_NP RESUME_FAST_START 5 Summary
EmWeb OUT_PKTS 220 Summary
DNS IN_PKTS 8 Summary
DNS OUT_PKTS 32 Summary
NPSHIM CTX_ALLOC 220 Summary
NPSHIM CTX_FREE 215 Summary
NPSHIM WRITE_UNBLOCKED 3881 Summary
NPSHIM READ_RECV 8452 Summary
VPIF BAD_VALUE 105 Summary
VPIF NOT_FOUND 436128 Summary
IPSEC IN_SA_CREATED 2 Summary
IPSEC OUT_SA_CREATED 2 Summary
SSLENC CONTEXT_CREATED 240 Summary
SSLENC CONTEXT_UPDATED 211 Summary
SSLENC CONTEXT_DESTROYED 237 Summary
CRYPTO INVALID_INPUT_PARAM 57 Summary

------------------ show service-policy ------------------

Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns migrated_dns_map_1, packet 3432, drop 0, reset-drop 0, v6-fail-close 0
message-length maximum 512, drop 0
dns-guard, count 1655
protocol-enforcement, drop 0
nat-rewrite, count 0
Inspect: ftp, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
h245-tunnel-block drops 0 connection
Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0, v6-fail-close 0
h245-tunnel-block drops 0 connection
Inspect: rsh, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: rtsp, packet 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: esmtp _default_esmtp_map, packet 0, drop 0, reset-drop 0, v6-fail-close 0
mask-banner, count 0
match cmd line length gt 512
drop-connection log, packet 0
match cmd RCPT count gt 100
drop-connection log, packet 0
match body line length gt 998
log, packet 0
match header line length gt 998
drop-connection log, packet 0
match sender-address length gt 320
drop-connection log, packet 0
match MIME filename length gt 255
drop-connection log, packet 0
match ehlo-reply-parameter others
mask, packet 0
Inspect: sqlnet, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: skinny , packet 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: sunrpc, packet 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: xdmcp, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: sip , packet 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: netbios, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: tftp, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: ip-options _default_ip_options_map, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Router Alert: allow 0, clear 0

------------------ show capture ------------------

------------------ show mode ------------------

Security context mode: single

------------------ show history ------------------

------------------ show firewall ------------------

Firewall mode: Router

------------------ show running-config ------------------

: Saved
:
: Serial Number: JMX1340L12C
: Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
:
ASA Version 9.1(6)
!
hostname paccmx
domain-name pacc-consultores.mx
enable password <removed>
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd <removed>
names
name 192.168.10.0 vpn-net
dns-guard
ip local pool pacc-vpn 192.168.5.10-192.168.5.20 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif telecable
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.5.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
shutdown
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa916-k8.bin
boot system disk0:/asa911-k8.bin
boot system disk0:/disck0:/
boot system disk0:/disck0:/asa916-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name pacc-consultores.mx
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.10.0_27
subnet 192.168.10.0 255.255.255.224
access-list inside_access_in extended permit ip any4 any4
access-list split-acl standard permit 192.168.10.0 255.255.255.0
access-list INSIDE-NAT0 remark NAT0 for VPN
pager lines 24
logging enable
logging asdm informational
mtu telecable 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-782-151.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,telecable) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
!
object network obj_any
nat (inside,telecable) dynamic interface
access-group inside_access_in in interface inside control-plane
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map telecable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map telecable_map interface telecable
crypto ca trustpoint ASDM_SSL_FREE
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpoint paccmx.trustpoint
enrollment terminal
fqdn pacc-consultores.mx
subject-name CN=paccmx.pacc-consultores.mx ,O=MX
keypair paccmx.key
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment self
subject-name CN=paccmx
keypair paccmx.key
proxy-ldc-issuer
crl configure
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint2
certificate d15e625e
30820359 30820241 a0030201 020204d1 5e625e30 0d06092a 864886f7 0d010104
0500303c 310f300d 06035504 03130670 6163636d 78312930 2706092a 864886f7
0d010902 161a7061 63636d78 2e706163 632d636f 6e73756c 746f7265 732e6d78
301e170d 32303033 30363134 33313435 5a170d33 30303330 34313433 3134355a
303c310f 300d0603 55040313 06706163 636d7831 29302706 092a8648 86f70d01
0902161a 70616363 6d782e70 6163632d 636f6e73 756c746f 7265732e 6d783082
0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100f4
06e9517e b1b05623 6b4655e8 2a973927 8781f726 2ee26a95 c57751e8 57181f39
5f51b127 8081d78e 8d761fca f7c8c4f6 bd69ddc5 ef1d4d0c dc591b8b 4f222299
d31d4741 64d56a17 304e616a 8ae88670 0a104f71 d5293186 77d934ab 3c4a4318
73ce9c7f c136b52b a51e9dfd a0f45e3a 1831bf66 e0b99b96 b20caa6f a3e0036b
80be60cb 2e5148af 34187f97 2651181e 76743769 7027a19f 7d5b8bcd f7eb3976
b0a62bc0 7e154f37 a6a4038d 31c7018e 2ad863e3 2b9774b0 2666a377 9fe100d3
fa9b4822 08dbf96f d778a8f1 70dd5cb8 538bd987 114fdcc3 3e1ef438 b16deaa0
536cec2e 0a94fecd 01cf64ca 1bf9ab57 cce38eca 23fad644 30e70584 3e198102
03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f
0101ff04 04030201 86301f06 03551d23 04183016 8014dbb1 ccfa9851 49729e1c
156d78ff f81714c2 831e301d 0603551d 0e041604 14dbb1cc fa985149 729e1c15
6d78fff8 1714c283 1e300d06 092a8648 86f70d01 01040500 03820101 00035f71
57e1ec9e b51ed024 e537420b 52a5143f 482b2c5c c00c47dc 1a477be3 5131ad68
efc147bc df1da245 884b5bdc e30e6760 72dc2069 502e1d30 3c4cf7d1 59a20959
d545c03f e72caaef 726e96ef 2170fff4 9f997e2c 597ebe73 1919f34f ac774239
1510e755 2de31611 c63da77e 1b389783 f136ae14 0e8997f8 c8635e02 b303fb1e
80706d3c d9841a43 104f1d6b d2a22d17 618b6250 065edb57 999dfecc 8047a631
a1c903fc ddee635a c3a784f0 8728d9f1 0c445c4c 51e2cdfb 7525cde8 ce8d832f
dce29ca2 a46c981d a5149c94 2a0fdfd9 784855b7 5dae9677 6b35ff4b e5f14441
7417487a b623d8f2 d24efb77 a7afdb5d 88e5fb2f e27af738 5968b6f1 3a
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable telecable
crypto ikev2 remote-access trustpoint ASDM_TrustPoint2
crypto ikev1 enable telecable
crypto ikev1 policy 10
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.5.0 255.255.255.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-addr-assign local reuse-delay 5
dhcpd address 192.168.5.100-192.168.5.150 inside
dhcpd dns 192.168.5.1 8.8.8.8 interface inside
dhcpd lease 86400 interface inside
dhcpd option 3 ip 192.168.5.1 interface inside
dhcpd enable inside
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 128.138.140.50 source telecable prefer
ssl trust-point ASDM_TrustPoint2
ssl trust-point ASDM_TrustPoint2 telecable
ssl trust-point ASDM_TrustPoint2 telecable vpnlb-ip
ssl trust-point ASDM_TrustPoint2 inside
webvpn
enable telecable
anyconnect image disk0:/anyconnect-win-3.1.05160-k9.pkg 1
anyconnect image disk0:/anyconnect-win-3.1.14018-k9.pkg 2
anyconnect image disk0:/anyconnect-win-4.4.02039-webdeploy-k9.pkg 3
anyconnect profiles PACC-VPN_client_profile disk0:/PACC-VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-acl
address-pools value pacc-vpn
group-policy GroupPolicy_PACC-VPN internal
group-policy GroupPolicy_PACC-VPN attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev2 ssl-client
default-domain value pacc-consultores.mx
webvpn
anyconnect profiles value PACC-VPN_client_profile type user
username paccmx password <removed> privilege 15
username paccmx attributes
webvpn
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ask none default anyconnect
tunnel-group DefaultRAGroup general-attributes
address-pool pacc-vpn
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool pacc-vpn
tunnel-group anyconnect type remote-access
tunnel-group anyconnect general-attributes
address-pool pacc-vpn
tunnel-group PACC-VPN type remote-access
tunnel-group PACC-VPN general-attributes
address-pool pacc-vpn
default-group-policy GroupPolicy_PACC-VPN
tunnel-group PACC-VPN webvpn-attributes
group-alias PACC-VPN enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command aaa-server
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:cbd0857a40beeff05b9c59aff08dec7c
: end
Cannot open disk0:/csco_config/97/bookmarks/index.ini

------------------ show ak47 detailed ------------------

instance 0001 0x75cb3390 (cachefs) arena *0x75e4d850 arena 0x75e4d7a0 fiber count 2
Arena 0x75e4d850 of 60945584 bytes (802 blocks of size 76000), no size limit
Arena is dynamically allocated, not contiguous
Features: GroupMgmt: unset, MemDebugLog: unset
Arena 0x75e4d7a0 of 2093552 bytes (28 blocks of size 76000), no size limit
Arena is dynamically allocated, not contiguous
Features: GroupMgmt: unset, MemDebugLog: unset

instance 0002 0x75893788 (Unicorn Proxy Thread) arena 0x758936d0 fiber count 3
Arena 0x758936d0 of 6485712 bytes (86 blocks of size 76000), maximum 1073741824
1067256112 free bytes (100%; 14042 blocks, zone 0)
Arena is dynamically allocated, not contiguous
Features: GroupMgmt: SET, MemDebugLog: unset

instance 0003 0x74ecd240 (rtcli async executor process) arena 0x74ecd190 fiber count 2
Arena 0x74ecd190 of 3502608 bytes (54 blocks of size 65536), no size limit
Arena is dynamically allocated, not contiguous
Features: GroupMgmt: unset, MemDebugLog: unset

instance 0004 0x6ef53230 (UserFromCert Thread) arena 0x6ef53180 fiber count 2
Arena 0x6ef53180 of 1672000 bytes (22 blocks of size 76000), no size limit
Arena is dynamically allocated, not contiguous
Features: GroupMgmt: unset, MemDebugLog: unset

instance 0005 0x6ef50df0 (aaa_shim_thread) arena 0x6ef4b100 fiber count 2
Arena 0x6ef4b100 of 304000 bytes (4 blocks of size 76000), maximum 71303168
70999168 free bytes (100%; 934 blocks, zone 0)
Arena is dynamically allocated, not contiguous
Features: GroupMgmt: SET, MemDebugLog: unset

instance 0006 0x6fc7a2f0 (netfs_thread_init) arena 0x6fc7a240 fiber count 2
Arena 0x6fc7a240 of 858528 bytes (13 blocks of size 66048), no size limit
Arena is dynamically allocated, not contiguous
Features: GroupMgmt: SET, MemDebugLog: unset

------------------ show startup-config errors ------------------

Reading from flash...
!!!WARNING: BOOT variable added, but unable to find disk0:/disck0:/
*** Output from config line 58, "boot system disk0:/disck..."
WARNING: BOOT variable added, but unable to find disk0:/disck0:/asa916-k8.bin
*** Output from config line 59, "boot system disk0:/disck..."
ERROR: Failed to start client services listener
*** Output from config line 227, "crypto ikev2 enable tele..."
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...
Warning: A trustpoint with the name '_SmartCallHome_ServerCA' exists.
Please remove or rename the trustpoint and re-issue
the command "call-home reporting anonymous".
*** Output from config line 397, "call-home reporting anon..."

------------------ console logs ------------------

Message #1 : Message #2 :
Total SSMs found: 0
Message #3 :
Total NICs found: 7
Message #4 : mcwa Message #5 : i82557 Ethernet at irq 11Message #6 : MAC: 0026.cb48.f377
Message #7 : mcwa Message #8 : i82557 Ethernet at irq 5Message #9 : MAC: 0000.0001.0001
Message #10 : i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05Message #11 : MAC: 0000.0001.0002
Message #12 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 03Message #13 : MAC: 0026.cb48.f37b
Message #14 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 02Message #15 : MAC: 0026.cb48.f37a
Message #16 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 01Message #17 : MAC: 0026.cb48.f379
Message #18 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 00Message #19 : MAC: 0026.cb48.f378
Message #20 : Verify the activation-key, it might take a while...
Message #21 : Running Permanent Message #22 : Activation Key: Message #23 : 0x752ed047 Message #24 : 0x70ff9d0d Message #25 : 0x00f2c5dc Message #26 : 0xbeb8c458 Message #27 : 0x4e341684 Message #28 :
Message #29 :
Licensed Message #30 : features for this platform:
Message #31 : Maximum Physical Interfaces : Unlimited perpetual
Message #32 : Maximum VLANs : 150 perpetual
Message #33 : Inside Hosts : Unlimited perpetual
Message #34 : Failover : Active/Active perpetual
Message #35 : Encryption-DES : Enabled perpetual
Message #36 : Encryption-3DES-AES : Enabled perpetual
Message #37 : Security Contexts : 2 perpetual
Message #38 : GTP/GPRS : Disabled perpetual
Message #39 : AnyConnect Premium Peers : 2 perpetual
Message #40 : AnyConnect Essentials : Disabled perpetual
Message #41 : Other VPN Peers : 750 perpetual
Message #42 : Total VPN Peers : 750 perpetual
Message #43 : Shared License : Disabled perpetual
Message #44 : AnyConnect for Mobile : Disabled perpetual
Message #45 : AnyConnect for Cisco VPN Phone : Disabled perpetual
Message #46 : Advanced Endpoint Assessment : Disabled perpetual
Message #47 : UC Phone Proxy Sessions : 2 perpetual
Message #48 : Total UC Proxy Sessions : 2 perpetual
Message #49 : Botnet Traffic Filter : Disabled perpetual
Message #50 : Intercompany Media Engine : Disabled perpetual
Message #51 : Cluster : Disabled perpetual
Message #52 :
This platform has an ASA 5520 VPN Plus license.
Message #53 :
Message #54 : Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Message #55 : Boot microcode : CN1000-MC-BOOT-2.00
Message #56 : SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2_05
Message #57 : IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Message #58 :
Cisco Adaptive Security Appliance Software Version 9.1(6)
Message #59 :
Message #60 : ****************************** Warning *******************************
Message #61 : This product contains cryptographic features and is
Message #62 : subject to United States and local country laws
Message #63 : governing, import, export, transfer, and use.
Message #64 : Delivery of Cisco cryptographic products does not
Message #65 : imply third-party authority to import, export,
Message #66 : distribute, or use encryption. Importers, exporters,
Message #67 : distributors and users are responsible for compliance
Message #68 : with U.S. and local country laws. By using this
Message #69 : product you agree to comply with applicable laws and
Message #70 : regulations. If you are unable to comply with U.S.
Message #71 : and local laws, return the enclosed items immediately.
Message #72 :
Message #73 : A summary of U.S. laws governing Cisco cryptographic
Message #74 : products may be found at:
Message #75 : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Message #76 :
Message #77 : If you require further assistance please contact us by
Message #78 : sending email to export@cisco.com.
Message #79 : ******************************* Warning *******************************
Message #80 :
Message #81 : This product includes software developed by the OpenSSL Project
Message #82 : for use in the OpenSSL Toolkit (http://www.openssl.org/)
Message #83 : Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
Message #84 : All rights reserved.
Message #85 : Copyright (c) 1998-2011 The OpenSSL Project.
Message #86 : All rights reserved.

Message #87 : This product includes software developed at the University of
Message #88 : California, Irvine for use in the DAV Explorer project
Message #89 : (http://www.ics.uci.edu/~webdav/)
Message #90 : Copyright (c) 1999-2005 Regents of the University of California.
Message #91 : All rights reserved.

Message #92 : Busybox, version 1.16.1, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #93 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #94 : Busybox comes with ABSOLUTELY NO WARRANTY.
Message #95 : This is free software, and you are welcome to redistribute it under the General
Message #96 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #97 : See User Manual (''Licensing'') for details.

Message #98 : DOSFSTOOLS, version 2.11, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #99 : 59 Temple Place, Suite 330, Boston, MA 02111-1307
Message #100 : 675 Mass Ave, Cambridge, MA 02139
Message #101 : DOSFSTOOLS comes with ABSOLUTELY NO WARRANTY.
Message #102 : This is free software, and you are welcome to redistribute it under the General
Message #103 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #104 : See User Manual (''Licensing'') for details.

Message #105 : grub, version 0.94, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #106 : 59 Temple Place, Suite 330, Boston, MA 02111-1307
Message #107 : grub comes with ABSOLUTELY NO WARRANTY.
Message #108 : This is free software, and you are welcome to redistribute it under the General
Message #109 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #110 : See User Manual (''Licensing'') for details.

Message #111 : libgcc, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
Message #112 : libgcc comes with ABSOLUTELY NO WARRANTY.
Message #113 : This is free software, and you are welcome to redistribute it under the General
Message #114 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #115 : See User Manual (''Licensing'') for details.

Message #116 : libstdc++, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
Message #117 : libstdc++ comes with ABSOLUTELY NO WARRANTY.
Message #118 : This is free software, and you are welcome to redistribute it under the General
Message #119 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #120 : See User Manual (''Licensing'') for details.

Message #121 : Linux kernel, version 2.6.29.6, Copyright (C) 1989, 1991 Free Software
Message #122 : Foundation, Inc.
Message #123 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #124 : Linux kernel comes with ABSOLUTELY NO WARRANTY.
Message #125 : This is free software, and you are welcome to redistribute it under the General
Message #126 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #127 : See User Manual (''Licensing'') for details.

Message #128 : module-init-tools, version 3.10, Copyright (C) 1989, 1991 Free Software
Message #129 : Foundation, Inc.
Message #130 : 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Message #131 : module-init-tools comes with ABSOLUTELY NO WARRANTY.
Message #132 : This is free software, and you are welcome to redistribute it under the General
Message #133 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #134 : See User Manual (''Licensing'') for details.

Message #135 : numactl, version 2.0.3, Copyright (C) 2008 SGI.
Message #136 : Author: Andi Kleen, SUSE Labs
Message #137 : Version 2.0.0 by Cliff Wickman, Chritopher Lameter and Lee Schermerhorn
Message #138 : numactl comes with ABSOLUTELY NO WARRANTY.
Message #139 : This is free software, and you are welcome to redistribute it under the General
Message #140 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #141 : See User Manual (''Licensing'') for details.

Message #142 : pciutils, version 3.1.4, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #143 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #144 : pciutils comes with ABSOLUTELY NO WARRANTY.
Message #145 : This is free software, and you are welcome to redistribute it under the General
Message #146 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #147 : See User Manual (''Licensing'') for details.

Message #148 : readline, version 5.2, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #149 : 59 Temple Place, Suite 330, Boston, MA 02111 USA
Message #150 : readline comes with ABSOLUTELY NO WARRANTY.
Message #151 : This is free software, and you are welcome to redistribute it under the General
Message #152 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #153 : See User Manual (''Licensing'') for details.

Message #154 : udev, version 146, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #155 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #156 : udev comes with ABSOLUTELY NO WARRANTY.
Message #157 : This is free software, and you are welcome to redistribute it under the General
Message #158 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #159 : See User Manual (''Licensing'') for details.

Message #160 : util-linux, version 2.16.1, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #161 : The following components, built for inclusion in Busybox.
Message #162 : The following components from util-linux come with ABSOLUTELY NO WARRANTY.
Message #163 : fdisk:
Message #164 : Copyright (C) 1992 A. V. Le Blanc (LeBlanc@mcc.ac.uk)
Message #165 : Copyright (C) 2001,2002 Vladimir Oleynik <dzo@simtreas.ru> (initial bb port)
Message #166 : dmesg:
Message #167 : Copyright 2006 Rob Landley <rob@landley.net>
Message #168 : Copyright 2006 Bernhard Reutner-Fischer <rep.nop@aon.at>
Message #169 : mkswap:
Message #170 : Copyright 2006 Rob Landley <rob@landley.net>
Message #171 : mount:
Message #172 : Copyright (C) 1995, 1996 by Bruce Perens <bruce@pixar.com>.
Message #173 : Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org>
Message #174 : Copyright (C) 2005-2006 by Rob Landley <rob@landley.net>
Message #175 : umount:
Message #176 : Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org>
Message #177 : Copyright (C) 2005 by Rob Landley <rob@landley.net>
Message #178 : This is free software, and you are welcome to redistribute it under the General
Message #179 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #180 : See User Manual (''Licensing'') for details.

Message #181 : Cisco Adapative Security Appliance Software, version 9.1,
Message #182 : Copyright (c) 1996-2015 by Cisco Systems, Inc.
Message #183 : Certain components of Cisco ASA Software, Version 9.1 are licensed under the GNU
Message #184 : Lesser Public License (LGPL) Version 2.1. The software code licensed under LGPL
Message #185 : Version 2.1 is free software that comes with ABSOLUTELY NO WARRANTY. You can
Message #186 : redistribute and/or modify such LGPL code under the terms of LGPL Version 2.1
Message #187 : (http://www.gnu.org/licenses/lgpl-2.1.html). See User Manual for licensing
Message #188 : details.

Message #189 : Restricted Rights Legend

Message #190 : Use, duplication, or disclosure by the Government is
Message #191 : subject to restrictions as set forth in subparagraph
Message #192 : (c) of the Commercial Computer Software - Restricted
Message #193 : Rights clause at FAR sec. 52.227-19 and subparagraph
Message #194 : (c) (1) (ii) of the Rights in Technical Data and Computer
Message #195 : Software clause at DFARS sec. 252.227-7013.

Message #196 : Cisco Systems, Inc.
Message #197 : 170 West Tasman Drive
Message #198 : San Jose, California 95134-1706

Message #199 :
INFO: Power-On Self-Test in process.
Message #200 : .Message #201 : .Message #202 : .Message #203 : .Message #204 : .Message #205 : .Message #206 : .Message #207 : .Message #208 : .Message #209 : .Message #210 : .Message #211 : .Message #212 : .Message #213 : .Message #214 : .Message #215 : .Message #216 : .Message #217 : .Message #218 : .Message #219 : .Message #220 : .Message #221 : .Message #222 : .Message #223 : .Message #224 : .Message #225 : .Message #226 : .Message #227 : .Message #228 : .Message #229 : .Message #230 : .Message #231 : .Message #232 : .Message #233 : .Message #234 : .Message #235 : .Message #236 : .Message #237 : .Message #238 : .Message #239 : .Message #240 : .Message #241 : .Message #242 : .Message #243 : .Message #244 : .Message #245 : .Message #246 : .Message #247 : .Message #248 : .Message #249 : .Message #250 : .Message #251 : .Message #252 : .Message #253 : .Message #254 : .Message #255 : .Message #256 : .Message #257 : .Message #258 : .Message #259 :
INFO: Power-On Self-Test complete.

Cristian Matei · ‎03-24-2020

Hi,

Do the following changes and ensure that traffic towards 192.168.6.0/24 is routed through the ASA.

no ip local pool pacc-vpn 192.168.5.10-192.168.5.20 mask 255.255.255.0

ip local pool pacc-vpn 192.168.6.10-192.168.6.20 mask 255.255.255.0

!

object network VPN_POOL

subnet 192.168.6.0 255.255.255.0

!

nat (inside,telecable) source static any any destination static VPN_POOL VPN_POOL

Regards,

Cristian Matei.