Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
2
Replies

need help on cisco router script.

jeffcao
Level 1
Level 1

‎10-09-2019 05:39 AM

NQTIPALC1FW01# show running-config
: Saved
:
ASA Version 8.2(2)
!
hostname NQTIPALC1FW01
domain-name quantatech.local
enable password 4ZvsdfrPqQdXyL.m1K encrypted
passwd 4asfd1rPqQdXyL.m1K encrypted
names
name 192.168.208.5 QuantaSBS11 description Server
name 50.244.241.153 CiscoASA
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.208.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address CiscoASA 255.255.255.252
!
interface Ethernet0/0
switchport access vlan 2
no shutdown
!
interface Ethernet0/1
no shutdown
!
interface Ethernet0/2
no shutdown
!
interface Ethernet0/3
no shutdown
!
interface Ethernet0/4
no shutdown
!
interface Ethernet0/5
no shutdown
!
interface Ethernet0/6
no shutdown
!
interface Ethernet0/7
no shutdown
!
boot system disk0:/asa822-k8.bin
boot system disk0:/asa724-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server QuantaSBS11
name-server 75.75.75.75
domain-name quantatech.local
same-security-traffic permit intra-interface
object-group service DM_INLINE_SERVICE_1
service-object gre
service-object tcp eq pptp
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host CiscoASA
access-list inside_nat0_outbound extended permit ip 192.168.208.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.209.0 255.255.255.192
access-list QTI_Lanc_Internal standard permit 192.168.208.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool RA-VPN 192.168.209.11-192.168.209.50 mask 255.255.255.192
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-625-53.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 1 192.168.209.0 255.255.255.192
static (inside,outside) interface QuantaSBS11 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 50.244.241.158 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 216.164.162.254 255.255.255.255 outside
http 192.168.208.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.208.51-192.168.208.82 inside
dhcpd dns 68.87.64.146 68.87.75.194 interface inside
dhcpd domain quantatechnologies.com interface inside
!

threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
enable outside
group-policy QTI-Lanc internal
group-policy QTI-Lanc attributes
dns-server value 208.67.222.222 208.67.220.220
vpn-tunnel-protocol IPSec webvpn
default-domain value quantatechnologies.com
username kkulp password zDVP52PKVziquSIq encrypted privilege 15
username test1 password aeE9XL5MJW28r5Tk encrypted
username test1 attributes
vpn-group-policy QTI-Lanc
username admin password U4hsccQqSHBzaRKx encrypted
username qtiadmin password YBebU5unpkAcXqu2 encrypted privilege 15
username mhorvath password Num/M2d7spxWgT9a encrypted privilege 0
username mhorvath attributes
vpn-group-policy QTI-Lanc
username jreyher password A.gd7G/a/dXjmnX6 encrypted privilege 0
username jreyher attributes
vpn-group-policy QTI-Lanc
tunnel-group QTI-Lanc type remote-access
tunnel-group QTI-Lanc general-attributes
address-pool RA-VPN
default-group-policy QTI-Lanc
tunnel-group QTI-Lanc ipsec-attributes
pre-shared-key *****
!
!
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:8ed988bdc14e5488ecf5d994c7f795cb
: end
NQTIPALC1FW01#

 

 

 

 

 

 

above is the running config of my cisco router.  When connect to the router, i can not access 209.236.127.154, which is a specific website www.quantapanel.com.  Would some one please look at the script and help me out.

thank you.

 

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎10-09-2019 07:47 AM

Hello,

 

your outside IP address is 50.244.241.153 255.255.255.252. Your default route points to:

 

route outside 0.0.0.0 0.0.0.0 50.244.241.158 1

 

153 and 158 are not in the same subnet. Change the default route to:

 

route outside 0.0.0.0 0.0.0.0 50.244.241.154 1

 

 

0 Helpful

Giovanni Alexander Molina
Level 1
Level 1

‎10-09-2019 10:17 AM

I see the route configured is pointing to 50.244.241.158 check out the Mask if it should be on the interface vlan 2 as /30 or /29
If its /30 you need to change the firewall ip to one thats in the same segment than the ISP. Try confirming with the ISP whats the correct ip and mask. With the /29 it could be able to reach the 241.158.

route outside 0.0.0.0 0.0.0.0 50.244.241.158 1

In case its a /29 change the mask on this interface to the next one:

interface Vlan2
nameif outside
security-level 0
ip address CiscoASA 255.255.255.248
!
Regards,
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card