- Cisco Community
- Technology and Support
- Networking
- Routing
- connect bridge (bvi) to inside network
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
connect bridge (bvi) to inside network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2018 10:08 PM
i have create a BVI and added two INT (5,6),the bridge works perfectly, i also have an inside network, asa 5585 is in routed mode, i need user from the bridge interface to be able to access servers on the lan interface, how can i achieve this?
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 02:27 AM
Hello,
the BVI is just like any other routed interface. Post the full config of your ASA (also check if you have 'same-security-traffic permit inter-interface' configured)...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 02:36 AM
Result of the command: "show running-config"
: Saved
:
: Serial Number: JAD19340036
: Hardware: ASA5585-SSP-10, 5969 MB RAM, CPU Xeon 5500 series 2000 MHz, 1 CPU (4 cores)
:
ASA Version 9.9(2)
!
hostname asa5585x
domain-name axys.local
enable password hUmXHesze5M73HS2 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool VPNPOOL 1.1.1.1-1.1.1.100 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif Inside
security-level 100
ip address 192.168.10.1 255.255.0.0
policy-route route-map testmap
!
interface GigabitEthernet0/0.100
vlan 100
nameif vlan100
security-level 100
ip address 10.0.0.2 255.255.255.0
!
interface GigabitEthernet0/0.200
vlan 200
nameif FIX
security-level 100
ip address 10.0.1.2 255.255.255.0
policy-route route-map testmap
!
interface GigabitEthernet0/0.300
vlan 300
nameif PEX
security-level 100
ip address 10.0.200.1 255.255.255.0
policy-route route-map testmap
!
interface GigabitEthernet0/1
nameif DR_Site
security-level 100
ip address 172.31.9.146 255.255.255.0
!
interface GigabitEthernet0/2
description 197.227.17.210_default_gateway_197.227.17.209
nameif Outsidefixip
security-level 0
ip address 197.227.17.210 255.255.255.248
!
interface GigabitEthernet0/3
description DMZ NETWORK
nameif DMZ
security-level 50
ip address 10.0.20.1 255.255.255.0
policy-route route-map testmap
!
interface GigabitEthernet0/4
description Outside_40MB
nameif Outside40MB
security-level 0
ip address 172.16.2.2 255.255.255.0
!
interface GigabitEthernet0/5
bridge-group 10
nameif CDS-INT-01
security-level 100
!
interface GigabitEthernet0/6
bridge-group 10
nameif CDS-INT-02
security-level 100
!
interface GigabitEthernet0/7
description WAN_70MB
nameif Outside_70MB
security-level 0
ip address 172.16.1.2 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
no ip address
!
interface Management0/1
management-only
nameif Mgmt2
security-level 100
ip address 10.10.0.1 255.255.255.0
!
interface TenGigabitEthernet0/8
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet0/9
no nameif
no security-level
no ip address
!
interface BVI10
description CDSBRIDGE
nameif CDSBRIDGE
security-level 100
ip address 172.31.19.55 255.255.255.0
!
banner exec Welcome to Axys Group Cisco ASA 5585x Firewall
banner login Welcome to Axys Group Cisco ASA 5585x Firewall
banner motd Welcome to Axys Group Cisco ASA 5585x Firewall
banner asdm Welcome to Axys Group Cisco ASA 5585x Firewall
boot system disk0:/asa992-smp-k8.bin
ftp mode passive
clock timezone MUT 4
dns domain-lookup Inside
dns domain-lookup Outsidefixip
dns domain-lookup Outside40MB
dns domain-lookup Outside_70MB
dns domain-lookup management
dns server-group DefaultDNS
name-server 192.168.10.200 Inside
name-server 192.168.10.201 Inside
domain-name axys.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network LAN
subnet 192.168.0.0 255.255.255.0
description LAN
object network INSIDE
subnet 192.168.0.0 255.255.0.0
object service remote
service tcp source eq 3389 destination eq 3389
object network Router
host 172.16.1.1
description Netgear Router
object network WANIP
host 172.16.1.10
description WANIP
object network REMOTE
host 192.168.0.151
object network TestVM
host 192.168.10.200
object network KOBILDR
host 192.168.10.209
description SQL DB
object network vlan1
range 10.10.10.1 10.10.10.254
description vlan
object network VLAN10
range 10.10.10.1 10.10.10.254
description VLAN10
object network Test
host 192.168.0.151
description Test
object network SQL_ooz
host 192.168.0.150
description SQL_ooz
object network internettovlan1
subnet 10.10.0.0 255.255.255.0
object network INTERNETVLAN
range 10.10.0.0 10.10.10.254
object network KOBIL
host 192.168.10.208
description SQL DB
object network INSIDEVPN
host 10.0.0.1
description INSIDEVPN
object network NETWORK_OBJ_10.0.0.0_26
subnet 10.0.0.0 255.255.255.192
object network Radius
host 192.168.10.166
object network any5
subnet 0.0.0.0 0.0.0.0
object network 172.31.10.157
host 172.31.10.157
description old axys server
object network 192.168.10.160
host 192.168.10.160
description PGA laptop
object service camera_11010_inside
service tcp source eq 11010 destination eq 11010
object network 192.168.100.10
host 192.168.100.10
description 192.168.100.10
object service remote3390
service tcp source eq 3390 destination eq 3390
object network Camera_telnet_11010
host 192.168.100.10
description Camera_telnet_11010
object network Camera_telnet_11011
host 192.168.100.11
description Camera_telnet_11011
object network Camera_telnet_11012
host 192.168.100.12
description Camera_telnet_11012
object network Camera_telnet_11013
host 192.168.100.13
description Camera_telnet_11013
object network Camera_telnet_11014
host 192.168.100.14
description Camera_telnet_11014
object network Camera_telnet_11015
host 192.168.100.15
description Camera_telnet_11015
object network Camera_telnet_11016
host 192.168.100.16
description Camera_telnet_11016
object network Camera_telnet_11017
host 192.168.100.17
description Camera_telnet_11017
object network Camera_telnet_11018
host 192.168.100.18
description Camera_telnet_11018
object network Camera_telnet_11019
host 192.168.100.19
description Camera_telnet_11019
object network NETWORK_OBJ_192.168.200.0_25
subnet 192.168.200.0 255.255.255.128
object network VPN
subnet 192.168.0.0 255.255.0.0
description LAN
object network VPNASA
host 192.168.10.157
object network vpn_1
subnet 1.1.1.0 255.255.255.0
object network OUTSIDE_IP
host 172.16.1.2
description WAN_ASA
object network Internal_LAN
subnet 192.168.0.0 255.255.0.0
object network my-sms-gateway
host 10.0.100.168
object network SITE_AXYS_VPN
subnet 10.0.200.0 255.255.255.0
description SITE_AXYS_VPN
object network SITE_PEX_VPN
subnet 10.10.100.0 255.255.255.0
description SITE_PEX_VPN
object network TS1
host 192.168.10.206
description Terminal Server
object network TS2
host 192.168.10.207
description Terminal Server
object network OUTSIDEFIX
subnet 192.168.0.0 255.255.0.0
description added_internet_access IPfix
object network steven
host 192.168.20.83
description steven_temp
object network Outside40
subnet 192.168.0.0 255.255.0.0
description Outside 40Mbps
object network vlan100
subnet 10.0.0.0 255.255.255.0
object network vlan300
subnet 10.0.200.0 255.255.255.0
object network DMZNETWORK
subnet 10.0.20.0 255.255.255.0
object network obj-10.0.20.20
host 10.0.20.20
object network obj-41.212.214.205
host 41.212.214.205
object network VLAN200
subnet 10.0.1.0 255.255.255.0
description VLAN200_FIX
object network FIX
subnet 172.20.16.0 255.255.255.0
description FIX
object network VLAN200NAT
subnet 10.0.1.0 255.255.255.0
object network PEX
subnet 10.0.200.0 255.255.255.0
description PEX
object network VLAN300
subnet 10.0.200.0 255.255.255.0
description PEX_VLAN300
object network VLANPEX
subnet 10.0.200.0 255.255.255.0
description VLAN300
object network VPNPOOL
range 1.1.1.1 1.1.1.100
object network TEST
host 10.0.20.10
object network 197.227.17.212
host 197.227.17.212
description 197.227.17.212
object network 192.168.10.166
host 192.168.10.166
description 192.168.10.166
object network RADIUS
host 192.168.10.166
description 192.168.10.166
object network 192.168.0.0_16
subnet 192.168.0.0 255.255.0.0
object network CDS
subnet 172.31.19.0 255.255.255.0
description CDS
object network CDS1
subnet 192.168.0.0 255.255.255.0
description cds
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_8
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object udp
protocol-object tcp
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object icmp
protocol-object udp
protocol-object tcp
protocol-object icmp6
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object icmp
protocol-object udp
protocol-object tcp
protocol-object icmp6
object-group protocol DM_INLINE_PROTOCOL_5
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_6
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_7
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_9
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_11
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_10
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_12
protocol-object icmp
protocol-object icmp6
object-group protocol DM_INLINE_PROTOCOL_13
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_14
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group user LDAP
user-group AXYS\\INTERNET_ALLOW_USERS
object-group network RDP_Servers
description Machines that RDP is Allowed
network-object host 192.168.10.157
network-object object TS1
network-object object TS2
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.10.206
network-object host 192.168.10.207
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.11
network-object host 192.168.100.12
network-object host 192.168.100.13
network-object host 192.168.100.14
network-object host 192.168.100.15
network-object host 192.168.100.16
network-object host 192.168.100.17
network-object host 192.168.100.18
network-object host 192.168.100.19
network-object object 192.168.100.10
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
icmp-object redirect
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp
service-object icmp echo
service-object icmp echo-reply
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.10.157
network-object host 192.168.20.83
network-object host 192.168.20.79
network-object host 192.168.30.11
network-object host 192.168.30.12
network-object host 192.168.30.13
network-object host 192.168.20.86
network-object host 192.168.20.97
network-object host 192.168.20.45
network-object host 192.168.20.36
network-object host 192.168.20.40
network-object host 192.168.30.15
network-object host 192.168.20.61
network-object host 192.168.10.166
network-object host 192.168.20.4
object-group protocol DM_INLINE_PROTOCOL_15
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object icmp6
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_16
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object icmp6
protocol-object tcp
object-group service DM_INLINE_SERVICE_2
service-object tcp-udp
service-object icmp echo
object-group service DM_INLINE_SERVICE_3
service-object tcp-udp
service-object icmp echo
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_4
service-object tcp-udp
service-object icmp echo
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_5
service-object tcp-udp
service-object icmp echo-reply
object-group user DM_INLINE_USER_1
user-group AXYS\\INTERNET_ALLOW_USERS
user-group "AXYS\\Domain Computers"
object-group service DM_INLINE_SERVICE_6
service-object tcp-udp
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq echo
service-object udp destination eq echo
object-group service DM_INLINE_SERVICE_7
service-object icmp echo-reply
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
object-group protocol DM_INLINE_PROTOCOL_17
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_4
network-object host 172.31.10.60
network-object 192.168.0.0 255.255.0.0
object-group service DM_INLINE_TCP_3 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_8
service-object icmp
service-object udp
service-object tcp
service-object tcp destination eq www
service-object tcp destination eq https
object-group network DM_INLINE_NETWORK_5
network-object host 10.0.20.20
network-object 192.168.0.0 255.255.0.0
object-group service DM_INLINE_SERVICE_9
service-object tcp destination eq 445
service-object tcp destination eq netbios-ssn
service-object udp destination eq netbios-ns
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.20.67
network-object host 192.168.20.89
network-object host 192.168.20.125
network-object host 192.168.20.214
network-object host 192.168.10.244
network-object host 192.168.20.194
network-object host 192.168.20.86
network-object host 192.168.0.245
network-object host 192.168.1.244
object-group service DM_INLINE_SERVICE_10
service-object icmp
service-object tcp destination eq telnet
service-object tcp-udp
service-object tcp destination eq echo
service-object udp destination eq echo
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_11
service-object tcp-udp
service-object icmp
service-object icmp unreachable
service-object tcp destination eq telnet
object-group protocol DM_INLINE_PROTOCOL_18
protocol-object ip
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_TCP_4 tcp
port-object eq imap4
port-object eq pop2
port-object eq pop3
port-object eq smtp
object-group network DM_INLINE_NETWORK_7
network-object host 10.10.100.136
network-object host 10.10.100.191
object-group network DM_INLINE_NETWORK_8
network-object host 10.0.200.100
network-object host 10.0.200.150
network-object host 10.0.200.200
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
object-group service DM_INLINE_SERVICE_12
service-object tcp-udp
service-object icmp echo-reply
service-object object remote
object-group service DM_INLINE_SERVICE_13
service-object tcp-udp
service-object icmp echo
object-group service DM_INLINE_SERVICE_14
service-object tcp-udp
service-object icmp echo
object-group service DM_INLINE_SERVICE_15
service-object tcp-udp
service-object icmp echo
object-group service DM_INLINE_SERVICE_16
service-object tcp-udp
service-object icmp echo
service-object icmp echo-reply
object-group icmp-type DM_INLINE_ICMP_3
icmp-object echo
icmp-object echo-reply
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.20.214
network-object host 192.168.20.89
network-object host 192.168.20.194
network-object host 192.168.20.86
object-group service DM_INLINE_TCP_5 tcp
port-object eq 445
port-object eq netbios-ssn
object-group service DM_INLINE_SERVICE_17
service-object icmp
service-object icmp echo-reply
service-object tcp destination eq echo
service-object udp destination eq echo
object-group service DM_INLINE_SERVICE_18
service-object icmp
service-object icmp echo-reply
service-object tcp-udp destination eq echo
access-list inside remark LAN inside
access-list inside standard permit 192.168.0.0 255.255.0.0
access-list outside remark wan outside
access-list outside standard permit 172.16.0.0 255.255.0.0
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_10 host 41.189.69.169 any
access-list Outside_access_in remark TEST
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_10 1.1.1.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Outside_access_in remark FingerPrint Sensors
access-list Outside_access_in extended permit tcp host 197.227.35.87 range 1 65535 object-group DM_INLINE_NETWORK_1 range 11010 11019
access-list Outside_access_in remark by PGA RDP from VPN
access-list Outside_access_in extended permit tcp 1.1.1.0 255.255.255.0 object-group RDP_Servers eq 3389
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 user-group AXYS\\INTERNET_ALLOW_USERS any 192.168.0.0 255.255.0.0 inactive
access-list Outside_access_in extended permit ip any object NETWORK_OBJ_10.0.0.0_26 inactive
access-list Outside_access_in remark steven_temp
access-list Outside_access_in extended permit ip any any
access-list Outside_access_in extended deny object-group DM_INLINE_PROTOCOL_10 host 185.28.23.67 any
access-list remote3390 standard permit host 192.168.10.157
access-list VPN standard permit 1.1.1.0 255.255.255.0
access-list VPN remark ANYCONNECT VPN
access-list vlan10 remark vlan10
access-list vlan10 standard permit 10.10.0.0 255.255.255.0
access-list vlan1_access_in extended permit ip any any
access-list old_axys_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list old_axys_access_out extended permit object-group DM_INLINE_PROTOCOL_4 any any
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_10 192.168.0.0 255.255.0.0 host 41.189.69.169
access-list acl_inside extended permit object-group DM_INLINE_SERVICE_1 object SITE_AXYS_VPN object SITE_PEX_VPN inactive
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_12 any 172.31.10.0 255.255.255.0
access-list acl_inside remark Destination: 172.31.10.150
access-list acl_inside extended permit ip host 172.31.10.150 10.70.0.0 255.255.255.0 log debugging inactive
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_5 10.0.0.0 255.255.255.0 any inactive
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_10 10.0.1.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list acl_inside extended permit tcp any range 1 65535 object vpn_1 inactive
access-list acl_inside remark Netflow QRadar from ASA
access-list acl_inside extended permit udp host 192.168.10.1 host 192.168.0.245 inactive
access-list acl_inside extended permit udp any range 1 65535 any inactive
access-list acl_inside extended permit tcp user AXYS\sru host 192.168.20.87 range 1 65535 any object-group DM_INLINE_TCP_1 inactive
access-list acl_inside remark by steven_temp
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_1 object SITE_AXYS_VPN any inactive
access-list acl_inside remark 192.168.30.10, 192.168.30.11, 192.168.30.12, 192.168.30.13(temp users)
access-list acl_inside remark 192.168.10.157, 192.168.20.79, 192.168.20.83,192.168.20.4(IT)
access-list acl_inside remark 192.168.10.157, 192.168.20.79, 192.168.20.83,(IT)
access-list acl_inside remark 192.168.20.86(aruba),192.168.20.45
access-list acl_inside remark 92.168.20.86(aruba)
access-list acl_inside extended permit ip object-group DM_INLINE_NETWORK_3 any inactive
access-list acl_inside remark ALLOW ALL
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_17 any any
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_1 10.0.200.0 255.255.255.0 any inactive
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_1 10.0.200.0 255.255.255.0 10.10.100.0 255.255.255.0 inactive
access-list acl_inside remark RDP for LAN
access-list acl_inside extended permit tcp host 192.168.20.97 192.168.0.0 255.255.0.0 object-group DM_INLINE_TCP_2 inactive
access-list acl_inside extended permit ip any 172.31.59.0 255.255.255.0 inactive
access-list acl_inside extended permit ip 192.168.0.0 255.255.0.0 10.0.1.0 255.255.255.0
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_10 192.168.0.0 255.255.0.0 object VPNPOOL
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_1 any 172.31.19.0 255.255.255.0
access-list vlan200_access_in extended permit ip any any
access-list vlan200_access_out extended permit ip any any
access-list Inside_access_out extended permit tcp any eq 65535 host 192.168.10.166 eq 3389
access-list Inside_access_out extended permit tcp host 197.227.35.87 eq 65535 object LAN eq 11011
access-list Inside_access_out remark block 139,445 from LAN to wan network
access-list Inside_access_out extended deny tcp any 192.168.0.0 255.255.0.0 object-group DM_INLINE_TCP_5 inactive
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_10 object VPNPOOL 192.168.0.0 255.255.0.0
access-list Inside_access_out extended deny object-group DM_INLINE_PROTOCOL_10 host 185.28.23.67 192.168.0.0 255.255.0.0
access-list Inside_access_out extended permit icmp host 10.0.1.100 host 192.168.77.26 echo
access-list Inside_access_out extended permit icmp host 194.176.70.61 192.168.0.0 255.255.0.0 echo-reply
access-list Inside_access_out extended permit object-group DM_INLINE_SERVICE_12 10.0.1.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Inside_access_out remark Allow Email by PGA for IBM Servers
access-list Inside_access_out extended permit tcp any4 host 192.168.77.23 object-group DM_INLINE_TCP_4
access-list Inside_access_out extended permit object-group DM_INLINE_SERVICE_11 172.31.59.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Inside_access_out remark Scan to folder for Printer
access-list Inside_access_out extended permit object-group DM_INLINE_SERVICE_9 host 192.168.30.10 host 192.168.10.202
access-list Inside_access_out remark Anusha Access
access-list Inside_access_out extended permit object-group DM_INLINE_SERVICE_7 host 192.168.10.44 host 192.168.20.97 inactive
access-list Inside_access_out remark from Ferriere to Dias Pier
access-list Inside_access_out extended permit object-group DM_INLINE_SERVICE_2 172.31.40.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Inside_access_out remark DMZ to LAN + Kobil in DR
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_10 10.0.20.0 255.255.255.0 object-group DM_INLINE_NETWORK_4
access-list Inside_access_out remark Anusha machines
access-list Inside_access_out extended permit object-group DM_INLINE_SERVICE_5 object LAN object LAN
access-list Inside_access_out remark RDP Access from VPN by PGA
access-list Inside_access_out extended permit tcp any range 1 65535 host 192.168.10.9 eq 3389 inactive
access-list Inside_access_out remark ACL by PGA
access-list Inside_access_out extended permit tcp any range 1 65535 object 192.168.100.10 range 11010 11020
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_6 10.0.0.0 255.255.255.0 any
access-list Inside_access_out remark source:172.31.10.0/24
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_13 172.31.10.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_10 10.0.1.0 255.255.255.0 any
access-list Inside_access_out extended permit tcp any eq 3389 host 192.168.10.157 eq 3389 inactive
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out extended permit tcp host 197.227.35.87 range 1 65000 host 192.168.100.11 range 11011 11021
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out remark Camera_telnet_11012
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out extended permit tcp host 197.227.35.87 host 192.168.100.12 range 11012 11022
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out remark Camera_telnet_11013
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out extended permit tcp host 197.227.35.87 host 192.168.100.13 range 11013 11023
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out remark Camera_telnet_11014
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out extended permit tcp host 197.227.35.87 host 192.168.100.14 range 11014 11024
access-list Inside_access_out remark FingerPrint Sensor
access-list Inside_access_out remark Camera_telnet_11015
access-list Inside_access_out extended permit tcp host 197.227.35.87 range 1 65535 host 192.168.100.15 range 11015 11025
access-list Inside_access_out remark Camera_telnet_11016
access-list Inside_access_out extended permit tcp host 197.227.35.87 host 192.168.100.16 range 11016 11026
access-list Inside_access_out remark Camera_telnet_11017
access-list Inside_access_out extended permit tcp host 197.227.35.87 host 192.168.100.17 range 11017 11027
access-list Inside_access_out remark Camera_telnet_11018
access-list Inside_access_out extended permit tcp host 197.227.35.87 host 192.168.100.18 range 11018 11028
access-list Inside_access_out remark Camera_telnet_11019
access-list Inside_access_out extended permit tcp host 197.227.35.87 host 192.168.100.19 range 11019 11029
access-list Inside_access_out extended permit object-group DM_INLINE_SERVICE_18 any any log disable
access-list Inside_access_out extended permit tcp any range 1 65535 host 192.168.10.157 eq pptp inactive
access-list Inside_access_out extended permit icmp object SITE_AXYS_VPN object SITE_PEX_VPN object-group DM_INLINE_ICMP_1
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_1 172.31.20.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_1 172.31.10.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_1 10.0.200.0 255.255.255.0 any
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_10 192.168.0.0 255.255.0.0 112.112.112.0 255.255.255.0
access-list Inside_access_out remark Bank Servers Access by PGA 18.01.2016
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_18 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0
access-list Inside_access_out extended permit ip 192.168.0.0 255.255.0.0 10.0.1.0 255.255.255.0
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_10 192.168.0.0 255.255.0.0 host 41.189.69.169
access-list Inside_access_out extended permit object-group DM_INLINE_PROTOCOL_10 host 41.189.69.169 192.168.0.0 255.255.0.0
access-list Inside_access_out extended permit ip 192.168.0.0 255.255.0.0 object VPNPOOL
access-list VLAN100 standard permit 10.0.0.0 255.255.255.0
access-list vlan200 remark vlan200
access-list vlan200 standard permit 10.0.1.0 255.255.255.0
access-list vlan100_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 10.0.0.0 255.255.255.0 any
access-list vlan100_access_out_1 extended permit ip any any
access-list AnyConnect_Client_Local_Print extended permit ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list DMZ_access_out extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list Outside_fixip_access_in extended permit object remote any4 object Radius
access-list Outside_fixip_access_in remark BLOOMBERG FIX IP
access-list Outside_fixip_access_in extended permit object-group DM_INLINE_PROTOCOL_10 host 192.168.20.89 any
access-list Outside_fixip_access_in extended permit tcp host 197.225.77.230 host 10.0.100.168 eq 3389 inactive
access-list Outside_fixip_access_in extended permit ip object SITE_AXYS_VPN object SITE_PEX_VPN
access-list Outside_fixip_access_in remark by steven_temp
access-list Outside_fixip_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list Outside_fixip_access_in extended permit ip object VLAN200 object FIX
access-list Outside_fixip_access_in extended permit ip 10.0.1.0 255.255.255.0 object FIX inactive
access-list Outside_fixip_access_in extended permit object-group DM_INLINE_PROTOCOL_10 1.1.1.0 255.255.255.0 any
access-list DMZ_RDP standard permit host 10.0.100.168
access-list OUTSIDE_FIX standard permit host 197.227.17.209
access-list OUTSIDE_FIX standard permit host 197.227.17.212
access-list OUTSIDE_FIX standard permit host 197.227.17.210
access-list Outside_fixip_cryptomap_1 extended permit ip object SITE_AXYS_VPN object SITE_PEX_VPN
access-list Outside_fixip_cryptomap_1 extended permit ip 10.0.200.0 255.255.255.0 10.10.100.0 255.255.255.0
access-list testcal standard permit host 192.168.20.97
access-list testacl remark QRADAR
access-list testacl extended permit object-group DM_INLINE_PROTOCOL_10 host 192.168.0.245 any
access-list testacl remark XGS
access-list testacl extended permit object-group DM_INLINE_PROTOCOL_10 host 192.168.1.244 any
access-list testacl remark BLOOBERG FIX IP
access-list testacl extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_9 any
access-list testacl extended permit object-group DM_INLINE_PROTOCOL_1 host 10.0.20.20 any
access-list testacl remark REUTERS 7th FLOOR
access-list testacl extended permit object-group DM_INLINE_PROTOCOL_10 host 192.168.20.125 any
access-list mail extended permit tcp object Internal_LAN any eq https
access-list mail extended permit tcp any interface Outside40MB eq https inactive
access-list pex_vpn extended permit ip 10.0.200.0 255.255.255.0 any
access-list pex_vpn extended permit object-group DM_INLINE_SERVICE_8 10.0.200.0 255.255.255.0 10.10.100.0 255.255.255.0 inactive
access-list CDSLEASELINE_access_in extended permit object-group DM_INLINE_PROTOCOL_15 any any
access-list CDSLEASELINE_access_out extended permit object-group DM_INLINE_PROTOCOL_16 any any
access-list PEX_access_in extended permit ip any any
access-list PEX_access_in extended permit object-group DM_INLINE_PROTOCOL_10 10.0.200.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list PEX_access_in remark new 2 VPN
access-list PEX_access_in extended permit icmp object SITE_AXYS_VPN object SITE_PEX_VPN echo-reply
access-list PEX_access_in extended permit object-group DM_INLINE_SERVICE_3 object SITE_AXYS_VPN object SITE_PEX_VPN
access-list PEX_access_in extended permit object-group DM_INLINE_PROTOCOL_1 10.0.200.0 255.255.255.0 any inactive
access-list PEX_access_out extended permit ip any any
access-list PEX_access_out extended permit icmp 192.168.0.0 255.255.0.0 10.0.200.0 255.255.255.0 echo
access-list PEX_access_out extended permit object-group DM_INLINE_SERVICE_15 10.0.1.0 255.255.255.0 10.0.200.0 255.255.255.0
access-list PEX_access_out extended permit object-group DM_INLINE_PROTOCOL_10 192.168.0.0 255.255.0.0 10.0.200.0 255.255.255.0
access-list PEX_access_out remark New Site Pex
access-list PEX_access_out extended permit icmp object SITE_PEX_VPN 10.0.200.0 255.255.255.0 echo-reply
access-list PEX_access_out extended permit object-group DM_INLINE_SERVICE_4 object SITE_PEX_VPN object SITE_AXYS_VPN
access-list PEX_access_out extended permit object-group DM_INLINE_PROTOCOL_1 10.0.200.0 255.255.255.0 any inactive
access-list asdm_cap_selector_inside extended permit ip host 192.168.20.83 host 41.212.214.205
access-list asdm_cap_selector_inside extended permit ip host 41.212.214.205 host 192.168.20.83
access-list asdm_cap_selector_outside extended permit ip host 41.212.214.205 host 192.168.20.83
access-list asdm_cap_selector_outside extended permit ip host 192.168.20.83 host 41.212.214.205
access-list site_DR extended permit object-group DM_INLINE_PROTOCOL_10 any 172.31.10.0 255.255.255.0
access-list DMZ_OUTSIDEFIX extended permit object-group DM_INLINE_PROTOCOL_10 any 10.0.20.0 255.255.255.0
access-list DMZ_to_FixIP extended permit object-group DM_INLINE_PROTOCOL_10 10.0.20.0 255.255.255.0 host 41.212.214.205 inactive
access-list DMZ_to_FixIP extended permit object-group DM_INLINE_PROTOCOL_10 10.0.20.0 255.255.255.0 any
access-list DMZ_access_in remark test by pga for DMZ to internet
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_6 any any
access-list test-dmz extended permit tcp object obj-10.0.20.20 any4
access-list test-inter-dmz extended permit object remote any4 object Radius
access-list test-inter-dmz remark DMZ access to Kobil
access-list test-inter-dmz extended permit tcp host 10.0.20.20 host 172.31.10.60 eq 3389
access-list test-inter-dmz extended permit tcp 10.0.20.0 255.255.255.0 any
access-list test-inter-dmz extended permit udp 10.0.20.0 255.255.255.0 any
access-list dmz-internet extended permit tcp object obj-10.0.20.20 any eq www
access-list dmz-to-lan remark Access to Kobil in DR.
access-list dmz-to-lan remark Note to change routemap interface to Inside if we need access to LAN
access-list dmz-to-lan extended permit tcp 10.0.20.0 255.255.255.0 host 172.31.10.60 object-group DM_INLINE_TCP_3
access-list dmz-to-lan remark Note to change routemap interface to Inside if we need access to LAN
access-list dmz-to-lan extended permit tcp 10.0.20.0 255.255.255.0 host 192.168.10.157 eq 3389 inactive
access-list Outsidefixip_access_out extended permit tcp any range 1 65535 host 197.227.17.212
access-list Outsidefixip_access_out extended permit udp any range 1 65535 host 197.227.17.212
access-list Outsidefixip_access_out extended permit tcp any range 1 65535 host 192.168.10.166 eq 3389 inactive
access-list Outsidefixip_access_out extended permit object-group DM_INLINE_PROTOCOL_10 host 192.168.10.166 any
access-list Outsidefixip_access_out extended permit ip 192.168.0.0 255.255.0.0 object VPNPOOL
access-list Outsidefixip_access_out extended permit udp host 10.0.1.100 eq netbios-ns host 172.20.16.11 eq netbios-ns
access-list Outsidefixip_access_out extended permit icmp 10.0.1.0 255.255.255.0 172.20.16.0 255.255.255.0 echo
access-list Outsidefixip_access_out extended permit icmp 10.0.1.0 255.255.255.0 172.20.16.0 255.255.255.0 echo-reply
access-list Outsidefixip_access_out extended permit icmp 10.0.1.0 255.255.255.0 host 194.176.70.61 echo
access-list Outsidefixip_access_out extended permit icmp 192.168.0.0 255.255.0.0 host 194.176.70.61 echo
access-list Outsidefixip_access_out extended permit tcp 192.168.0.0 255.255.0.0 range 1 65535 host 10.0.1.100 eq 3389 inactive
access-list Outsidefixip_access_out extended permit tcp host 192.168.20.57 range 1 65535 host 10.0.1.100 eq 3389 inactive
access-list Outsidefixip_access_out extended permit tcp 192.168.0.0 255.255.0.0 range 1 65535 10.0.1.0 255.255.255.0 inactive
access-list Outsidefixip_access_out extended permit tcp host 192.168.20.57 range 1 65535 host 10.0.1.11 eq 3389 inactive
access-list Outsidefixip_access_out remark VPN Ping to 10.10.100.136 for PEX by PGA
access-list Outsidefixip_access_out extended permit icmp object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_7 object-group DM_INLINE_ICMP_2
access-list Outsidefixip_access_out remark TEMP BY STEVEN
access-list Outsidefixip_access_out extended permit ip object SITE_AXYS_VPN object SITE_PEX_VPN
access-list Outsidefixip_access_out remark BLOOMBERG FIX IP,Reuters
access-list Outsidefixip_access_out remark BLOOMBERG FIX IP
access-list Outsidefixip_access_out remark QRADAR,XGS
access-list Outsidefixip_access_out extended permit object-group DM_INLINE_PROTOCOL_10 object-group DM_INLINE_NETWORK_6 any
access-list Outsidefixip_access_out extended permit tcp object VLAN200 object FIX
access-list Outsidefixip_access_out extended permit ip 10.0.200.0 255.255.255.0 any
access-list Outsidefixip_access_out extended deny ip object LAN host 185.28.23.67
access-list Outsidefixip_access_out extended permit object-group DM_INLINE_PROTOCOL_10 object VPNPOOL any
access-list Outsidefixip_access_out extended permit object-group DM_INLINE_PROTOCOL_10 object LAN object VPNPOOL
access-list Outsidefixip_access_out extended permit object-group DM_INLINE_SERVICE_17 any any
access-list Outsidefixip_access_out extended permit ip 10.0.20.0 255.255.255.0 host 197.227.17.210
access-list Outsidefixip_access_out extended permit tcp any range 1 65535 host 192.168.10.166
access-list Swift_access_out extended permit object-group DM_INLINE_SERVICE_10 192.168.0.0 255.255.0.0 172.31.59.0 255.255.255.0
access-list Swift_access_out extended permit object-group DM_INLINE_PROTOCOL_10 any 112.112.112.0 255.255.255.0
access-list Outsidefixip_cryptomap extended permit ip object VLAN200 object FIX
access-list FIX_access_out extended permit icmp host 194.176.70.61 10.0.1.0 255.255.255.0 echo-reply
access-list FIX_access_out extended permit icmp 192.168.0.0 255.255.0.0 10.0.1.0 255.255.255.0 object-group DM_INLINE_ICMP_3
access-list FIX_access_out extended permit tcp 192.168.0.0 255.255.0.0 range 1 65535 10.0.1.0 255.255.255.0
access-list FIX_access_out extended permit icmp host 192.168.200.200 172.20.16.0 255.255.255.0 echo inactive
access-list FIX_access_out extended permit ip object VLAN200 object FIX
access-list FIX_access_out extended permit udp 192.168.0.0 255.255.0.0 range 1 65535 10.0.1.0 255.255.255.0
access-list FIX_access_out extended permit ip any any inactive
access-list FIX_access_out extended permit object-group DM_INLINE_PROTOCOL_10 10.0.1.0 255.255.255.0 any inactive
access-list FIX_access_out extended permit ip object FIX 10.0.1.0 255.255.255.0
access-list FIX_access_out extended permit object-group DM_INLINE_SERVICE_16 10.0.1.0 255.255.255.0 192.168.0.0 255.255.0.0 inactive
access-list FIX_access_in extended permit icmp host 10.0.1.100 host 192.168.77.26 echo
access-list FIX_access_in extended permit object-group DM_INLINE_SERVICE_14 10.0.1.0 255.255.255.0 10.0.200.0 255.255.255.0
access-list FIX_access_in extended permit icmp 10.0.1.0 255.255.255.0 172.20.16.0 255.255.255.0 echo-reply
access-list FIX_access_in extended permit icmp 10.0.1.0 255.255.255.0 host 194.176.70.61 echo
access-list FIX_access_in extended permit icmp 10.0.1.0 255.255.255.0 192.168.0.0 255.255.0.0 echo-reply
access-list FIX_access_in extended permit object remote 10.0.1.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list FIX_access_in extended permit object-group DM_INLINE_SERVICE_13 10.0.1.0 255.255.255.0 172.20.16.0 255.255.255.0
access-list FIX_access_in extended permit object-group DM_INLINE_PROTOCOL_10 any any
access-list FIX_access_in extended permit object-group DM_INLINE_PROTOCOL_10 192.168.0.0 255.255.0.0 10.0.1.0 255.255.255.0
access-list FIXpbr extended permit ip 10.0.1.0 255.255.255.0 object FIX
access-list PEX remark PEX
access-list PEX standard permit 10.0.200.0 255.255.255.0
access-list anyconnect extended permit ip any any
access-list 197.227.17.212 extended permit object-group DM_INLINE_PROTOCOL_10 host 192.168.10.166 any
access-list 197.227.17.212 extended permit ip object 197.227.17.212 any
access-list internet166 extended permit tcp any host 192.168.10.166 eq 3389
access-list CDS remark CDS
access-list CDS standard permit 172.31.19.0 255.255.255.0
access-list CDS-INT-02_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list CDSBRIDGE_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list CDS-INT-01_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list CDS-INT-01_access_in extended permit object-group DM_INLINE_PROTOCOL_1 192.168.0.0 255.255.0.0 172.31.19.0 255.255.255.0
access-list CDSBRIDGE_access_out extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list CDS-INT-01_access_out extended permit icmp host 192.168.200.200 host 172.31.19.54 echo
access-list CDS-INT-01_access_out extended permit icmp 192.168.0.0 255.255.0.0 host 172.31.19.54 echo
access-list CDS-INT-01_access_out extended permit icmp 192.168.0.0 255.255.0.0 172.31.19.0 255.255.255.0 echo
access-list CDS-INT-01_access_out extended permit icmp 192.168.0.0 255.255.0.0 172.31.19.0 255.255.255.0 redirect
access-list CDS-INT-01_access_out extended permit object-group DM_INLINE_PROTOCOL_1 192.168.0.0 255.255.0.0 172.31.19.0 255.255.255.0
access-list CDS-INT-01_access_out extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list CDS-INT-02_access_out extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list Inside_access_out_1 extended permit object-group DM_INLINE_PROTOCOL_1 172.31.10.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list Inside_access_out_1 extended permit object-group DM_INLINE_PROTOCOL_1 172.31.19.0 255.255.255.0 192.168.0.0 255.255.0.0
pager lines 24
logging enable
logging timestamp
logging buffer-size 16384
logging buffered debugging
logging asdm informational
logging from-address asaaxys@tylers.mu
logging recipient-address pga@tylers.mu level critical
logging device-id hostname
logging host Inside 192.168.0.245
logging debug-trace
logging permit-hostdown
flow-export destination Inside 192.168.0.245 2056
mtu Inside 1500
mtu vlan100 1500
mtu FIX 1500
mtu PEX 1500
mtu DR_Site 1500
mtu Outsidefixip 1500
mtu DMZ 1500
mtu Outside40MB 1500
mtu CDS-INT-01 1500
mtu CDS-INT-02 1500
mtu Outside_70MB 1500
mtu management 1500
mtu Mgmt2 1500
no failover
no monitor-interface vlan100
no monitor-interface FIX
no monitor-interface PEX
no monitor-interface CDSBRIDGE
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
icmp permit any Outsidefixip
icmp permit any Outside40MB
icmp permit any Outside_70MB
asdm image disk0:/asdm-792.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
nat (Outsidefixip,Inside) source static VPNPOOL VPNPOOL no-proxy-arp route-lookup
nat (Inside,Outside_70MB) source static any any destination static vpn_1 vpn_1 no-proxy-arp route-lookup
nat (PEX,Outsidefixip) source static SITE_AXYS_VPN SITE_AXYS_VPN destination static SITE_PEX_VPN SITE_PEX_VPN
nat (FIX,Outsidefixip) source static VLAN200 VLAN200 destination static FIX FIX
!
object network INSIDE
nat (any,Outside_70MB) dynamic interface
object network TestVM
nat (any,Outside_70MB) static interface service tcp 3389 3391
object network KOBILDR
nat (any,Outside_70MB) static interface service tcp 3389 8892
object network KOBIL
nat (any,Outside_70MB) static interface service tcp 3389 8891
object network Radius
nat (Inside,Outsidefixip) static 197.227.17.212
object network Camera_telnet_11010
nat (any,Outside_70MB) static interface service tcp 11010 11010
object network Camera_telnet_11011
nat (any,Outside_70MB) static interface service tcp 11011 11011
object network Camera_telnet_11012
nat (any,Outside_70MB) static interface service tcp 11012 11012
object network Camera_telnet_11013
nat (any,Outside_70MB) static interface service tcp 11013 11013
object network Camera_telnet_11014
nat (any,Outside_70MB) static interface service tcp 11014 11014
object network Camera_telnet_11015
nat (any,Outside_70MB) static interface service tcp 11015 11015
object network Camera_telnet_11016
nat (any,Outside_70MB) static interface service tcp 11016 11016
object network Camera_telnet_11017
nat (any,Outside_70MB) static interface service tcp 11017 11017
object network Camera_telnet_11018
nat (any,Outside_70MB) static interface service tcp 11018 11018
object network Camera_telnet_11019
nat (any,Outside_70MB) static interface service tcp 11019 11019
object network VPNASA
nat (any,Outside_70MB) static interface service tcp pptp pptp
object network OUTSIDEFIX
nat (any,Outsidefixip) dynamic interface
object network Outside40
nat (any,Outside40MB) dynamic interface
object network obj-10.0.20.20
nat (DMZ,Outsidefixip) dynamic interface
object network VLAN200NAT
nat (any,Outsidefixip) dynamic interface
object network VLANPEX
nat (any,Outsidefixip) dynamic interface
object network TEST
nat (DMZ,Outsidefixip) static interface service tcp 3328 3328
object network 192.168.10.166
nat (Inside,Outsidefixip) static 197.227.17.212
object network 192.168.0.0_16
nat (Inside,Outsidefixip) dynamic 197.227.17.212
access-group acl_inside in interface Inside
access-group Inside_access_out_1 out interface Inside
access-group vlan100_access_in_1 in interface vlan100
access-group vlan100_access_out_1 out interface vlan100
access-group FIX_access_in in interface FIX
access-group FIX_access_out out interface FIX
access-group PEX_access_in in interface PEX
access-group PEX_access_out out interface PEX
access-group old_axys_access_in in interface DR_Site
access-group old_axys_access_out out interface DR_Site
access-group internet166 in interface Outsidefixip
access-group Outsidefixip_access_out out interface Outsidefixip
access-group test-inter-dmz in interface DMZ
access-group DMZ_access_out out interface DMZ
access-group CDS-INT-01_access_in in interface CDS-INT-01
access-group CDS-INT-01_access_out out interface CDS-INT-01
access-group CDS-INT-02_access_in in interface CDS-INT-02
access-group CDS-INT-02_access_out out interface CDS-INT-02
access-group Outside_access_in in interface Outside_70MB
access-group CDSBRIDGE_access_in in interface CDSBRIDGE
access-group CDSBRIDGE_access_out out interface CDSBRIDGE
!
route-map testmap permit 6
match ip address Swift_access_out
set ip next-hop 172.31.59.146
set ip next-hop recursive 172.31.59.146
!
route-map testmap permit 7
match ip address dmz-to-lan
set interface DR_Site
!
route-map testmap permit 8
match ip address test-dmz
set ip next-hop 197.227.17.209
set ip next-hop recursive 197.227.17.209
!
route-map testmap permit 9
match ip address pex_vpn
set ip next-hop 197.227.17.209
set ip next-hop recursive 197.227.17.209
!
route-map testmap permit 10
match ip address FIXpbr
set ip next-hop 197.227.17.209
set ip next-hop recursive 197.227.17.209
!
route-map testmap permit 11
match ip address 197.227.17.212
set ip next-hop 197.227.17.209
set ip next-hop recursive 197.227.17.209
!
route-map testmap permit 19
match ip address site_DR
set ip next-hop 172.31.9.147
set ip next-hop recursive 172.31.9.147
!
route-map testmap permit 20
match ip address testacl
set ip next-hop 197.227.17.209
set ip next-hop recursive 197.227.17.209
!
route-map testmap permit 21
match ip address mail
set ip next-hop verify-availability 8.8.8.8 1 track 1
set ip next-hop 172.16.2.1
set ip next-hop recursive 172.16.2.1
!
route Outside_70MB 0.0.0.0 0.0.0.0 172.16.1.1 1 track 1
route Outsidefixip 0.0.0.0 0.0.0.0 197.227.17.209 100
route Outside40MB 0.0.0.0 0.0.0.0 172.16.2.1 254
route Inside 1.1.1.0 255.255.255.0 172.16.1.1 1
route PEX 10.10.100.0 255.255.255.0 197.227.17.209 1
route FIX 172.20.16.0 255.255.255.0 197.227.17.209 1
route DR_Site 172.31.10.0 255.255.255.0 172.31.9.147 1
route Outsidefixip 194.176.70.61 255.255.255.255 197.227.17.209 1
route Outsidefixip 196.192.9.50 255.255.255.255 197.227.17.209 1
route Outsidefixip 197.227.17.212 255.255.255.255 197.227.17.209 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
ldap attribute-map vpnusers
map-name vpnusers Access-Hours
aaa-server AXYSDC protocol radius
ad-agent-mode
interim-accounting-update
aaa-server AXYSDC (Inside) host 192.168.10.200
key *****
aaa-server ADAXYS protocol ldap
aaa-server ADAXYS (Inside) host 192.168.10.200
ldap-base-dn DC=AXYS,DC=LOCAL
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn asa
server-type microsoft
aaa-server AXADC protocol radius
ad-agent-mode
aaa-server AXADC (Inside) host 192.168.10.201
key *****
aaa-server CDA protocol ldap
reactivation-mode depletion deadtime 60
max-failed-attempts 5
aaa-server CDA (Inside) host 192.168.10.201
timeout 60
ldap-base-dn DC=AXYS,DC=LOCAL
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn asa
server-type microsoft
group-search-timeout 60
aaa-server CDAAXYS protocol radius
ad-agent-mode
aaa-server CDAAXYS (Inside) host 192.168.10.50
key *****
user-identity domain AXYS aaa-server CDA
user-identity default-domain LOCAL
user-identity action domain-controller-down AXYS disable-user-identity-rule
no user-identity action mac-address-mismatch remove-user-ip
no user-identity inactive-user-timer
user-identity ad-agent aaa-server AXYSDC
user-identity ad-agent event-timestamp-check
user-identity user-not-found enable
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
aaa proxy-limit 128
aaa authentication secure-http-client
aaa authorization exec LOCAL auto-enable
aaa authorization http console LOCAL
aaa authentication login-history
http server enable
http server idle-timeout 1440
http 10.10.0.0 255.255.255.0 Mgmt2
snmp-server host Inside 192.168.10.1 community *****
no snmp-server location
snmp-server contact sru@tylers.mu
snmp-server enable traps config
virtual http 192.168.10.2 warning
virtual telnet 192.168.10.3
sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface Outside_70MB
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
no service resetoutbound interface Outside_70MB
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside_70MB
crypto map Inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_fixip_map 1 match address Outsidefixip_cryptomap
crypto map Outside_fixip_map 1 set peer 194.176.70.61
crypto map Outside_fixip_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_fixip_map 1 set security-association lifetime seconds 28800
crypto map Outside_fixip_map 1 set security-association lifetime kilobytes unlimited
crypto map Outside_fixip_map 1 set nat-t-disable
crypto map Outside_fixip_map 2 match address Outside_fixip_cryptomap_1
crypto map Outside_fixip_map 2 set peer 196.192.9.50
crypto map Outside_fixip_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_fixip_map 2 set nat-t-disable
crypto map Outside_fixip_map interface Outsidefixip
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=asa5585x
proxy-ldc-issuer
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev1 enable Outsidefixip
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 160
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
!
track 1 rtr 123 reachability
telnet 192.168.0.0 255.255.0.0 Inside
telnet timeout 5
ssh scopy enable
ssh stricthostkeycheck
ssh pubkey-chain
server 192.168.200.200
ssh 192.168.0.0 255.255.0.0 Inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-addr-assign local reuse-delay 4
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd address 192.168.200.10-192.168.200.100 Inside
dhcpd dns 192.168.10.200 8.8.8.8 interface Inside
dhcpd domain axys.local interface Inside
!
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable Outsidefixip
anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 2
anyconnect profiles ANYCONNECT_TEST disk0:/anyconnect_test.xml
anyconnect enable
tunnel-group-list enable
internal-password enable
cache
disable
error-recovery disable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server none
dns-server value 192.168.10.200 192.168.10.201
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value inside
default-domain value axys.local
split-tunnel-all-dns enable
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
wins-server none
dns-server value 192.168.10.200 192.168.10.201
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
split-tunnel-policy tunnelall
split-tunnel-network-list value inside
default-domain value axys.local
split-tunnel-all-dns enable
group-policy DfltGrpPolicy attributes
dns-server value 192.168.10.200 192.168.10.201
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
split-tunnel-policy excludespecified
ipv6-split-tunnel-policy excludespecified
split-tunnel-network-list value inside
default-domain value axys.local
split-tunnel-all-dns enable
client-bypass-protocol enable
msie-proxy method no-proxy
msie-proxy local-bypass enable
webvpn
anyconnect mtu 1300
anyconnect ssl compression lzs
anyconnect dtls compression lzs
anyconnect ssl df-bit-ignore enable
group-policy RA_VPN internal
group-policy RA_VPN attributes
wins-server none
dns-server value 192.168.10.200 192.168.10.201
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value inside
default-domain value axys.local
split-tunnel-all-dns enable
vlan none
address-pools value VPNPOOL
group-policy GroupPolicy_196.192.9.50 internal
group-policy GroupPolicy_196.192.9.50 attributes
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol ikev1
group-policy FIX internal
group-policy FIX attributes
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol ikev1 l2tp-ipsec
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record VPNUSERS
priority 1
quota management-session 2
username sshd password $sha512$5000$6sndfcspevCT2e3N83AbAA==$+4mEK6Ogpn4k9j1wSP/QsQ== pbkdf2 privilege 15
username sshd attributes
service-type admin
username admin password $sha512$5000$3JRNSx807+Kkd6SyBfWucg==$8MKkpNfqmXX9jHzAomBHFw== pbkdf2 privilege 15
username readonly password 6i9qU5JWVy3n2RJ3 encrypted privilege 5
tunnel-group DefaultRAGroup general-attributes
address-pool VPNPOOL
authentication-server-group ADAXYS LOCAL
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPOOL
authentication-server-group ADAXYS LOCAL
default-group-policy DefaultRAGroup
tunnel-group DefaultWEBVPNGroup webvpn-attributes
nbns-server 192.168.10.203 master timeout 2 retry 2
nbns-server 192.168.10.202 master timeout 2 retry 2
nbns-server 192.168.10.200 master timeout 2 retry 2
tunnel-group RA_VPN type remote-access
tunnel-group RA_VPN general-attributes
address-pool VPNPOOL
authentication-server-group ADAXYS LOCAL
default-group-policy RA_VPN
tunnel-group RA_VPN ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 196.192.9.50 type ipsec-l2l
tunnel-group 196.192.9.50 general-attributes
default-group-policy GroupPolicy_196.192.9.50
tunnel-group 196.192.9.50 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 194.176.70.61 type ipsec-l2l
tunnel-group 194.176.70.61 general-attributes
default-group-policy GroupPolicy_196.192.9.50
tunnel-group 194.176.70.61 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
!
class-map global-class
match any
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
description NESL for QRadar by PGA
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
inspect icmp
class global-class
flow-export event-type all destination 192.168.0.245
!
service-policy global_policy global
smtp-server 202.123.2.28 202.123.2.8
privilege cmd level 3 mode exec command perfmon
privilege cmd level 5 mode exec command more
privilege cmd level 5 mode exec command dir
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege cmd level 5 mode exec command export
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command eigrp
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command aaa-server
prompt hostname context
service call-home
call-home reporting anonymous
call-home
contact-email-addr pga@tylers.mu
contact-name Pravesh
sender from info@tylers.mu
sender reply-to pga@tylers.mu
mail-server smtp.orange.mu priority 1
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 8
subscribe-to-alert-group configuration periodic monthly 8
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:dd56e72da00c30f6fd3afa55b889479d
: end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 02:37 AM
yes bridge and lan are on security 100.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 02:57 AM
Hello,
is your firewall in transparent mode ? As far as I recall, BVIs require transparent mode (ciscoasa(config)# firewall transparent)...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 03:18 AM
no routed mode, the bridge is working perfectly, i just want to traffic from inside int to connect to the bridge and vice versa.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 07:40 AM
Hello,
the config looks perfectly good, the only thing I could think of is the route map used for policy routing. Try and add:
route-map testmap permit 22
without any match and set statements, this should allow all traffic not matched by the route map to be allowed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2018 02:56 AM
hello
not working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
