Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
802
Views
0
Helpful
7
Replies

access list or nat issue?

sjsteve33171
Level 1
Level 1

‎06-15-2018 12:48 PM - edited ‎03-08-2019 03:23 PM

I have an ASA 5512 running 9.4(4).18 here's my issue.

 

Server A on lan range 10.10.1.0/24.

Server B on lan range 10.10.1.0/24.

 

From the outside world i can access mydnsname.com and reach services on server B fine. Server B has internet access. Server B can talk to server A and server A can talk to server B.

 

From server A if i browse to mydnsnme.com it fails. They're both windows server 2012 R2. I've done netstat and can see i get a SYN_SENT from Server A, Server B shows SYN_RECEIVED from the public IP of server A so i know traffic is getting there.

 

However i can't see any return traffic happening from server B to server A and i'm not sure why. Any hints where to look? Packet tracer shows it should work fine.

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎06-15-2018 01:25 PM

Hello,

 

hard to say without seeing the configuration of your ASA, can you post that ? How is your DNS configured ? Is Server B in your DefaultDNS server group ?

0 Helpful

sjsteve33171
Level 1
Level 1
In response to Georg Pauwen

‎06-15-2018 01:37 PM - edited ‎06-15-2018 01:37 PM

Its a pretty big config but here

 

: Saved

: 
: Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores)
:
ASA Version 9.4(4)18 
!
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address 172.128.134.1 255.255.255.0 
!
interface GigabitEthernet0/1
 nameif VLAN_TRUNK
 security-level 100
 no ip address
!
interface GigabitEthernet0/1.100
 vlan 100
 nameif VLAN_HIXSON
 security-level 100
 ip address 192.168.200.1 255.255.255.0 
!
interface GigabitEthernet0/1.101
 vlan 101
 nameif VLAN_FLUENT
 security-level 100
 ip address 10.10.1.1 255.255.255.0 
!
interface GigabitEthernet0/1.102
 vlan 102
 nameif VLAN_3CX
 security-level 100
 ip address 10.10.2.1 255.255.255.0 
!
interface GigabitEthernet0/1.110
 vlan 110
 nameif VLAN_WHITMAR
 security-level 100
 ip address 192.168.52.1 255.255.255.0 
!
interface GigabitEthernet0/1.115
 vlan 115
 nameif VLAN_RAPHAEL
 security-level 100
 ip address 172.16.10.1 255.255.255.0 
!
interface GigabitEthernet0/1.120
 vlan 120
 nameif VLAN_GARTON
 security-level 100
 ip address 192.168.120.1 255.255.255.0 
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 nameif outside
 security-level 0
 ip address 5.102.168.148 255.255.255.240 
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 172.16.254.1 255.255.255.0 
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup inside
dns domain-lookup VLAN_FLUENT
dns domain-lookup VLAN_3CX
dns domain-lookup outside
dns domain-lookup management
dns server-group DefaultDNS
 name-server 10.10.1.2
 name-server 8.8.8.8
 name-server 8.8.4.4
 domain-name fluent.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network PORTFORWARD_PRTG_IT
 host 10.10.1.243
object network PORTFORWARD_PRTG_TELCO
 host 10.10.1.242
object network PORTFORWARD_SIMPLEHELP
 host 10.10.1.241
object network PORTFORWARD_HELPDESK
 host 10.10.1.244
object network PORTFORWARD_BACKUP
 host 10.10.1.6
object network PORTFORWARD_SOPHOS
 host 10.10.1.7
object network PORTFORWARD_UNIFI_WIFI
 host 10.10.1.5
object network PORTFORWARD_CPANEL
 host 10.10.1.4
object network PORTFORWARD_3CX_JENNERS
 host 10.10.2.10
object network PORTFORWARD_3CX_FLUENT
 host 10.10.2.7
object network PORTFORWARD_3CX_LCAF
 host 10.10.2.12
object network PORTFORWARD_3CX_MUNRO
 host 10.10.2.5
object network PORTFORWARD_3CX_MCKENZIE
 host 10.10.2.2
object network PORTFORWARD_3CX_GAP360
 host 10.10.2.11
object network PORTFORWARD_3CX_SALONIQ
 host 10.10.2.15
object network PORTFORWARD_3CX_PHOCAS
 host 10.10.2.13
object network PORTFORWARD_3CX_OLISSON
 host 10.10.2.8
object network PORTFORWARD_3CX_BRIGHTSPARK
 host 10.10.2.4
object network PORTFORWARD_3CX_FALCON
 host 10.10.2.6
object network PORTFORWARD_3CX_STORAGE_CONTROL_SYSTEMS
 host 10.10.2.16
object network PORTFORWARD_3CX_WELLS_SPA_PLUMBING
 host 10.10.2.14
object network PORTFORWARD_3CX_AZTEC
 host 10.10.2.3
object network PORTFORWARD_3CX_HMO_ATAC
 host 10.10.2.9
object network PORTFORWARD_3CX_NCEQUINE
 host 10.10.2.17
object network PORTFORWARD_3CX_CROWBOROUGH_CABS
 host 10.10.2.18
object network PORTFORWARD_3CX_RONDANINI
 host 10.10.2.22
object network PORTFORWARD_3CX_VERBALISATION
 host 10.10.2.23
object network PORTFORWARD_3CX_CTTRAVEL
 host 10.10.2.21
object network PORTFORWARD_AVAYA_TECH21
 host 10.10.2.19
object network PORTFORWARD_HIXSON_RDP
 host 192.168.200.254
object network PORTFORWARD_WHITMAR_RDP
 host 192.168.52.254
object network PORTFORWARD_RAPHAEL_RDP
 host 172.16.10.254
object network PORTFORWARD_GARTON_RDP
 host 192.168.120.254
object network PUBLICIP_OUT_FLUENT_HELPDESK_SERVER
object network PUBLICIP_OUT_FLUENT_PRTG_TELCO_SERVER
object network PUBLICIP_OUT_FLUENT_SIMPLEHELP_SERVER
object network PUBLICIP_OUT_FLUENT_UNIFI_SERVER
object network PUBLICIP_OUT_FLUENT_CPANEL_SERVER
object network PUBLICIP_OUT_RAPHAEL_RDP_SERVER
object network PUBLICIP_OUT_HIXSON_RDP_SERVER
object network PUBLICIP_OUT_WHITMAR_RDP_SERVER
object network PUBLICIP_OUT_GARTON_RDP_SERVER
object network PUBLICIP_OUT_3CX_AZTEC
object network PUBLICIP_OUT_3CX_BRIGHTSPARK
object network PUBLICIP_OUT_3CX_CTTRAVEL
object network PUBLICIP_OUT_3CX_CROWBOROUGH_CABS
object network PUBLICIP_OUT_3CX_FALCON
object network PUBLICIP_OUT_3CX_FLUENT
object network PUBLICIP_OUT_3CX_OLISSON
object network PUBLICIP_OUT_3CX_GAP360
object network PUBLICIP_OUT_3CX_JENNERS
object network PUBLICIP_OUT_3CX_LCAF
object network PUBLICIP_OUT_3CX_MCKENZIE
object network PUBLICIP_OUT_3CX_MUNRO
object network PUBLICIP_OUT_3CX_NCEQUINE
object network PUBLICIP_OUT_3CX_PHOCAS
object network PUBLICIP_OUT_3CX_RONDANINI
object network PUBLICIP_OUT_3CX_SALONIQ
object network PUBLICIP_OUT_3CX_SWAN
object network PUBLICIP_OUT_3CX_VERBALISATION
object network PUBLICIP_OUT_3CX_WELLS_SPA_PLUMBING
object network PUBLICIP_OUT_3CX_HMO_ATAC
object network PUBLICIP_OUT_AVAYA_TECH21
object network PORTFORWARD_3CX_SWAN
 host 10.10.2.20
object network VPN-FLUENT-HO
 subnet 192.168.62.0 255.255.255.0
object network VPN-FLUENT-DC1
 subnet 10.10.1.0 255.255.255.0
object network PUBLICIP_OUT_FLUENT_SOPHOS_SERVER
object network PUBLICIP_OUT_FLUENT_BACKUP_SERVER
object network OUTBOUNDIP_3CX_VERBALISATION
object network PUBLICIP_PRTG_IT_SERVER
 host 5.102.168.151
object network PRIVATEIP_PRTG_IT_SERVER
 host 10.10.1.243
object network PUBLICIP_OUT_FLUENT_PRTG_IT_SERVER
object network PUBLICIP_3CX_AZTEC
 host 109.74.242.213
object network PRIVATEIP_3CX_AZTEC
 host 10.10.2.3
object network PUBLICIP_3CX_BRIGHTSPARK
 host 176.12.106.85
object network PRIVATEIP_3CX_BRIGHTSPARK
 host 10.10.2.4
object network PUBLICIP_3CX_CTTRAVEL
 host 176.12.106.90
object network PRIVATEIP_3CX_CTTRAVEL
 host 10.10.2.21
object network PUBLICIP_3CX_CROWBOROUGH_CABS
 host 176.12.106.92
object network PRIVATEIP_3CX_CROWBOROUGH_CABS
 host 10.10.2.18
object network PUBLICIP_3CX_FALCON
 host 176.12.106.86
object network PRIVATEIP_3CX_FALCON
 host 10.10.2.6
object network PUBLICIP_3CX_FLUENT
 host 109.74.242.214
object network PRIVATEIP_3CX_FLUENT
 host 10.10.2.7
object network PUBLICIP_3CX_OLISSON
 host 176.12.106.84
object network PRIVATEIP_3CX_OLISSON
 host 10.10.2.8
object network PUBLICIP_3CX_GAP360
 host 109.74.242.220
object network PRIVATEIP_3CX_GAP360
 host 10.10.2.11
object network PUBLICIP_3CX_JENNERS
 host 109.74.242.217
object network PRIVATEIP_3CX_JENNERS
 host 10.10.2.10
object network PUBLICIP_3CX_LCAF
 host 109.74.242.218
object network PRIVATEIP_3CX_LCAF
 host 10.10.2.12
object network PUBLICIP_3CX_MCKENZIE
 host 109.74.242.219
object network PRIVATEIP_3CX_MCKENZIE
 host 10.10.2.2
object network PUBLICIP_3CX_MUNRO
 host 109.74.242.216
object network PRIVATEIP_3CX_MUNRO
 host 10.10.2.5
object network PUBLICIP_3CX_NCEQUINE
 host 109.74.242.222
object network PRIVATEIP_3CX_NCEQUINE
 host 10.10.2.17
object network PUBLICIP_3CX_PHOCAS
 host 5.102.168.149
object network PRIVATEIP_3CX_PHOCAS
 host 10.10.2.13
object network PUBLICIP_3CX_RONDANINI
 host 109.74.242.221
object network PRIVATEIP_3CX_RONDANINI
 host 10.10.2.22
object network PUBLICIP_3CX_SALONIQ
 host 109.74.242.215
object network PRIVATEIP_3CX_SALONIQ
 host 10.10.2.15
object network PUBLICIP_3CX_SWAN
 host 176.12.106.94
object network PRIVATEIP_3CX_SWAN
 host 10.10.2.20
object network PUBLICIP_3CX_VERBALISATION
 host 5.102.168.156
object network PRIVATEIP_3CX_VERBALISATION
 host 10.10.2.23
object network PUBLICIP_3CX_WELLS_SPA_PLUMBING
 host 176.12.106.89
object network PRIVATEIP_3CX_WELLS_SPA_PLUMBING
 host 10.10.2.14
object network PUBLICIP_3CX_HMO_ATAC
 host 176.12.106.91
object network PRIVATEIP_3CX_HMO_ATAC
 host 10.10.2.9
object network PUBLICIP_3CX_STORAGE_CONTROL_SYSTEMS
 host 176.12.106.88
object network PRIVATEIP_3CX_STORAGE_CONTROL_SYSTEMS
 host 10.10.2.16
object network PUBLICIP_AVAYA_TECH21
 host 176.12.106.93
object network PRIVATEIP_AVAYA_TECH21
 host 10.10.2.19
object network PUBLICIP_CPANEL_SERVER
 host 5.102.168.152
object network PRIVATEIP_CPANEL_SERVER
 host 10.10.1.4
object network PUBLICIP_BACKUP_SERVER
 host 176.12.106.87
object network PRIVATEIP_BACKUP_SERVER
 host 10.10.1.6
object network PUBLICIP_HELPDESK_SERVER
 host 5.102.168.154
object network PRIVATEIP_HELPDESK_SERVER
 host 10.10.1.244
object network PUBLICIP_PRTG_TELCO_SERVER
 host 109.74.247.148
object network PRIVATEIP_PRTG_TELCO_SERVER
 host 10.10.1.242
object network PUBLICIP_RAPHAELMC_SERVER
 host 5.102.168.153
object network PRIVATEIP_RAPHAELMC_SERVER
 host 172.16.10.254
object network PUBLICIP_SIMPLEHELP_SERVER
 host 5.102.168.150
object network PRIVATEIP_SIMPLEHELP_SERVER
 host 10.10.1.241
object network PUBLICIP_SOPHOS_SERVER
 host 109.74.242.212
object network PRIVATEIP_SOPHOS_SERVER
 host 10.10.1.8
object network PUBLICIP_HIXSON_SERVER
 host 5.102.168.157
object network PRIVATEIP_HIXSON_SERVER
 host 192.168.200.254
object network PUBLICIP_UNIFI_SERVER
 host 5.102.168.155
object network PRIVATEIP_UNIFI_SERVER
 host 10.10.1.5
object network PUBLICIP_WHITMAR_SERVER
 host 5.102.168.158
object network PRIVATEIP_WHITMAR_SERVER
 host 192.168.52.254
object network PRIVATEIP_GARTON_SERVER
 host 192.168.120.254
object network PUBLICIP_GARTON_SERVER
 host 109.74.247.149
object network PUBLICIP_OUT_STORAGE_CONTROL_SYSTEMS_SWAN
object network VPN-FLUENT-DC2
 subnet 10.10.2.0 255.255.255.0
object network VPN-HIXSON-DC1
 subnet 192.168.200.0 255.255.255.0
object network VPN-HIXSON-38SHOP1
 subnet 192.168.5.0 255.255.255.0
object network VPN-HIXSON-HO1
 subnet 192.168.1.0 255.255.255.0
object network VPN-STEVEJ-HOME1
 subnet 172.16.9.0 255.255.255.0
object network VPN-VERBALISATION-HO1
 subnet 192.168.88.0 255.255.255.0
object network VPN-RONDANINI-HO1
 subnet 192.168.0.0 255.255.255.0
object network VPN-RAPH-DC1
 subnet 172.16.10.0 255.255.255.0
object network VPN-RAPH_HILD_CLOCK
 subnet 192.168.2.0 255.255.255.0
object network VPN-RAPH_HILD_SWITCH
 subnet 10.9.10.0 255.255.255.0
object network VPN-RAPH_HILD_PC
 subnet 10.9.30.0 255.255.255.0
object network VPN-RAPH_HILD_PRINTERS
 subnet 10.9.40.0 255.255.255.0
object network VPN-RAPH_HILD_WIFI
 subnet 10.9.50.0 255.255.255.0
object network VPN-RAPH_HILD_PHONES
 subnet 10.9.60.0 255.255.255.0
object network VPN-WHITMAR-DC1
 subnet 192.168.52.0 255.255.255.0
object network VPN-WHITMAR_HO1
 subnet 192.168.8.0 255.255.255.0
object network VPN-NEWERA_HO1
 subnet 192.168.40.0 255.255.255.0
object network VPN-GARTON-DC1
 subnet 192.168.120.0 255.255.255.0
object network VPN-GARTON_HO1
 subnet 10.55.1.0 255.255.255.0
object network VPN-SALONIQ_HO1
 subnet 192.168.4.0 255.255.255.0
object network VPN-SALONIQ_HO2
 subnet 192.168.3.0 255.255.255.0
object network PUBLICIP_OUT_3CX_BILITY
object network PORTFORWARD_3CX_ABILITY
 host 10.10.2.24
object network VPN-HMO_ATAC_HO1
 subnet 192.168.231.0 255.255.255.0
object network PRIVATEIP_RAPHAELMC_REVOLVE_SERVER
 host 172.16.10.253
object network PUBLICIP_OUT_RAPHAEL_REVOLVE_RDP_SERVER
object network VPN-VERBALISATION_PHONES
 subnet 192.168.88.108 255.255.255.252
object network VPN-RAPH_HILD_VPN
 subnet 10.212.134.0 255.255.255.0
object network VPN-FLUENT_HO_SSLVPN
 subnet 10.212.135.0 255.255.255.0
object-group network HIXSON_RDP_ALLOWED_INBOUND
 network-object host 81.136.253.237
 network-object host 81.140.16.38
 network-object host 89.197.90.162
 network-object host 81.140.5.152
 network-object host 92.16.85.105
 network-object host 5.102.172.151
object-group network WHITMAR_RDP_ALLOWED_INBOUND
 network-object host 81.136.253.237
 network-object host 81.140.16.38
 network-object host 213.162.123.42
 network-object host 213.162.115.143
object-group network RAPHAEL_RDP_ALLOWED_INBOUND
 network-object host 81.136.253.237
 network-object host 81.140.16.38
 network-object host 31.53.104.254
 network-object host 88.211.109.18
 network-object host 194.168.100.98
 network-object host 80.175.9.224
object-group network GARTON_RDP_ALLOWED_INBOUND
 network-object host 81.136.253.237
 network-object host 81.140.16.38
 network-object host 89.197.97.122
 network-object host 62.232.62.234
 network-object host 109.239.94.66
object-group network BLOCKEDIP_LIST_3CX
 network-object host 46.105.102.30
 network-object host 85.17.73.241
 network-object host 123.123.123.123
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.243 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.243 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.243 eq 23560 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.242 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.242 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.242 eq 23560 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.241 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.241 eq https 
access-list OUTSIDE_IN extended permit udp any host 10.10.1.241 range 1 65535 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.244 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.244 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.6 eq 8000 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.6 eq 9000 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.8 eq smtp 
access-list OUTSIDE_IN extended permit udp any host 10.10.1.5 eq 3478 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8080 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8081 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8443 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8880 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 27117 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 6666 
access-list OUTSIDE_IN extended permit udp any host 10.10.1.5 eq 7004 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7080 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7443 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7445 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7446 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7447 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq ftp-data 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq ftp 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq ssh 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq smtp 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 26 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq domain 
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 eq domain 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq pop3 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq imap4 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 465 
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 eq 465 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 783 
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 eq 783 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 993 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 995 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2077 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2078 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2079 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2080 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2082 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2083 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2086 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2087 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2089 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2095 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2096 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 range 30000 50000 
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 range 30000 50000 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.10 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.10 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.10 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.7 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.7 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.7 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.12 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.12 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.12 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.5 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.5 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.5 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.2 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.2 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.2 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.11 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.11 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.11 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.15 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.15 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.15 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.13 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.13 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.13 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.8 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.8 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.8 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.4 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.4 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.4 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.6 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.6 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.6 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.16 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.16 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.16 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.14 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.14 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.14 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.3 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.3 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.3 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.9 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.9 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.9 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.17 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.17 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.17 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.18 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.18 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.18 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.22 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.22 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.22 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.23 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.23 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.23 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.21 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.21 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.21 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 5222 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 5269 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.19 eq 5400 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8080 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8063 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8069 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8443 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 9443 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 range sip 5061 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.19 range sip 5061 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 range 1719 h323 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.20 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.20 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.20 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq www 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq https 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq sip 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.24 eq sip 
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.24 eq 5090 
access-list OUTSIDE_IN extended permit udp any host 10.10.2.24 range 9000 9500 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.7 eq 4444 
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.7 eq smtp 
access-list OUTSIDE_IN extended permit tcp object-group HIXSON_RDP_ALLOWED_INBOUND host 192.168.200.254 eq 3389 
access-list OUTSIDE_IN extended permit tcp object-group WHITMAR_RDP_ALLOWED_INBOUND host 192.168.52.254 eq 3389 
access-list OUTSIDE_IN extended permit tcp object-group RAPHAEL_RDP_ALLOWED_INBOUND host 172.16.10.254 eq 3389 
access-list OUTSIDE_IN extended permit tcp object-group GARTON_RDP_ALLOWED_INBOUND host 192.168.120.254 eq 3389 
access-list VPN_HIXSON_38SHOP_ACL extended permit ip 192.168.200.0 255.255.255.0 192.168.5.0 255.255.255.0 
access-list 3CX_BLOCK_IN extended deny ip object-group BLOCKEDIP_LIST_3CX any 
access-list 3CX_BLOCK_IN extended permit ip any any 
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.1.0 255.255.255.0 192.168.62.0 255.255.255.0 
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.62.0 255.255.255.0 
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.1.0 255.255.255.0 10.212.135.0 255.255.255.0 
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 10.212.135.0 255.255.255.0 
access-list VPN_HIXSON_HO_ACL extended permit ip 192.168.200.0 255.255.255.0 192.168.1.0 255.255.255.0 
access-list VPN_STEVEJ_HOME_ACL extended permit ip 10.10.1.0 255.255.255.0 172.16.9.0 255.255.255.0 
access-list VPN_STEVEJ_HOME_ACL extended permit ip 10.10.2.0 255.255.255.0 172.16.9.0 255.255.255.0 
access-list VPN_VERBALISATION_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.88.0 255.255.255.0 
access-list VPN_RONDANINI_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.0.0 255.255.255.0 
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 192.168.2.0 255.255.255.0 
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.10.0 255.255.255.0 
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.30.0 255.255.255.0 
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.40.0 255.255.255.0 
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.50.0 255.255.255.0 
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.60.0 255.255.255.0 
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.212.134.0 255.255.255.0 
access-list VPN_WHITMAR_HO_ACL extended permit ip 192.168.52.0 255.255.255.0 192.168.8.0 255.255.255.0 
access-list VPN_NEWERA_ACL extended permit ip 10.10.1.0 255.255.255.0 192.168.40.0 255.255.255.0 
access-list VPN_GARTON_WEST_ACL extended permit ip 192.168.120.0 255.255.255.0 10.55.1.0 255.255.255.0 
access-list VPN_SALONIQ_HO1_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.4.0 255.255.255.0 
access-list VPN_SALONIQ_HO2_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.3.0 255.255.255.0 
access-list VPN_HMO_ATAC_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.231.0 255.255.255.0 
pager lines 24
logging enable
logging list Fluent level errors
logging asdm Fluent
mtu inside 1500
mtu VLAN_TRUNK 1500
mtu VLAN_HIXSON 1500
mtu VLAN_FLUENT 1500
mtu VLAN_3CX 1500
mtu VLAN_WHITMAR 1500
mtu VLAN_RAPHAEL 1500
mtu VLAN_GARTON 1500
mtu outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
arp permit-nonconnected
nat (outside,outside) source static PUBLICIP_SIMPLEHELP_SERVER PUBLICIP_SIMPLEHELP_SERVER destination static PUBLICIP_SIMPLEHELP_SERVER PUBLICIP_SIMPLEHELP_SERVER no-proxy-arp route-lookup
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_HMO_ATAC PRIVATEIP_3CX_HMO_ATAC destination static VPN-HMO_ATAC_HO1 VPN-HMO_ATAC_HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SALONIQ PRIVATEIP_3CX_SALONIQ destination static VPN-SALONIQ_HO2 VPN-SALONIQ_HO2 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SALONIQ PRIVATEIP_3CX_SALONIQ destination static VPN-SALONIQ_HO1 VPN-SALONIQ_HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_VERBALISATION PRIVATEIP_3CX_VERBALISATION destination static VPN-VERBALISATION-HO1 VPN-VERBALISATION-HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_RONDANINI PRIVATEIP_3CX_RONDANINI destination static VPN-RONDANINI-HO1 VPN-RONDANINI-HO1 no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_SOPHOS_SERVER PRIVATEIP_SOPHOS_SERVER destination static VPN-NEWERA_HO1 VPN-NEWERA_HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static VPN-FLUENT-DC2 VPN-FLUENT-DC2 destination static VPN-FLUENT_HO_SSLVPN VPN-FLUENT_HO_SSLVPN
nat (VLAN_FLUENT,outside) source static VPN-FLUENT-DC1 VPN-FLUENT-DC1 destination static VPN-FLUENT_HO_SSLVPN VPN-FLUENT_HO_SSLVPN
nat (VLAN_GARTON,outside) source static VPN-GARTON-DC1 VPN-GARTON-DC1 destination static VPN-GARTON_HO1 VPN-GARTON_HO1
nat (VLAN_WHITMAR,outside) source static VPN-WHITMAR-DC1 VPN-WHITMAR-DC1 destination static VPN-WHITMAR_HO1 VPN-WHITMAR_HO1
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_VPN VPN-RAPH_HILD_VPN
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_PHONES VPN-RAPH_HILD_PHONES
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_WIFI VPN-RAPH_HILD_WIFI
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_PRINTERS VPN-RAPH_HILD_PRINTERS
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_PC VPN-RAPH_HILD_PC
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_SWITCH VPN-RAPH_HILD_SWITCH
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_CLOCK VPN-RAPH_HILD_CLOCK
nat (VLAN_FLUENT,outside) source static VPN-FLUENT-DC1 VPN-FLUENT-DC1 destination static VPN-STEVEJ-HOME1 VPN-STEVEJ-HOME1
nat (VLAN_3CX,outside) source static VPN-FLUENT-DC2 VPN-FLUENT-DC2 destination static VPN-STEVEJ-HOME1 VPN-STEVEJ-HOME1
nat (VLAN_HIXSON,outside) source static VPN-HIXSON-DC1 VPN-HIXSON-DC1 destination static VPN-HIXSON-HO1 VPN-HIXSON-HO1
nat (VLAN_HIXSON,outside) source static VPN-HIXSON-DC1 VPN-HIXSON-DC1 destination static VPN-HIXSON-38SHOP1 VPN-HIXSON-38SHOP1
nat (VLAN_FLUENT,outside) source static VPN-FLUENT-DC1 VPN-FLUENT-DC1 destination static VPN-FLUENT-HO VPN-FLUENT-HO
nat (VLAN_3CX,outside) source static VPN-FLUENT-DC2 VPN-FLUENT-DC2 destination static VPN-FLUENT-HO VPN-FLUENT-HO
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_VERBALISATION PUBLICIP_3CX_VERBALISATION no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_CTTRAVEL PUBLICIP_3CX_CTTRAVEL no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_RONDANINI PUBLICIP_3CX_RONDANINI no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_AZTEC PUBLICIP_3CX_AZTEC no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_BRIGHTSPARK PUBLICIP_3CX_BRIGHTSPARK no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_CROWBOROUGH_CABS PUBLICIP_3CX_CROWBOROUGH_CABS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_FALCON PUBLICIP_3CX_FALCON no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_FLUENT PUBLICIP_3CX_FLUENT no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_OLISSON PUBLICIP_3CX_OLISSON no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_GAP360 PUBLICIP_3CX_GAP360 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_JENNERS PUBLICIP_3CX_JENNERS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_LCAF PUBLICIP_3CX_LCAF no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_MCKENZIE PUBLICIP_3CX_MCKENZIE no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_MUNRO PUBLICIP_3CX_MUNRO no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_NCEQUINE PUBLICIP_3CX_NCEQUINE no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_PHOCAS PUBLICIP_3CX_PHOCAS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SALONIQ PUBLICIP_3CX_SALONIQ no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_STORAGE_CONTROL_SYSTEMS PUBLICIP_3CX_STORAGE_CONTROL_SYSTEMS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SWAN PUBLICIP_3CX_SWAN no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_WELLS_SPA_PLUMBING PUBLICIP_3CX_WELLS_SPA_PLUMBING no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_HMO_ATAC PUBLICIP_3CX_HMO_ATAC no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_AVAYA_TECH21 PUBLICIP_AVAYA_TECH21 no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_BACKUP_SERVER PUBLICIP_BACKUP_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_HELPDESK_SERVER PUBLICIP_HELPDESK_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_PRTG_IT_SERVER PUBLICIP_PRTG_IT_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_PRTG_TELCO_SERVER PUBLICIP_PRTG_TELCO_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_SIMPLEHELP_SERVER PUBLICIP_SIMPLEHELP_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_SOPHOS_SERVER PUBLICIP_SOPHOS_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_UNIFI_SERVER PUBLICIP_UNIFI_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_CPANEL_SERVER PUBLICIP_CPANEL_SERVER no-proxy-arp
nat (VLAN_RAPHAEL,outside) source static PRIVATEIP_RAPHAELMC_SERVER PUBLICIP_RAPHAELMC_SERVER no-proxy-arp
nat (VLAN_HIXSON,outside) source static PRIVATEIP_HIXSON_SERVER PUBLICIP_HIXSON_SERVER no-proxy-arp
nat (VLAN_WHITMAR,outside) source static PRIVATEIP_WHITMAR_SERVER PUBLICIP_WHITMAR_SERVER no-proxy-arp
nat (VLAN_GARTON,outside) source static PRIVATEIP_GARTON_SERVER PUBLICIP_GARTON_SERVER no-proxy-arp
nat (VLAN_RAPHAEL,outside) source static PRIVATEIP_RAPHAELMC_REVOLVE_SERVER PUBLICIP_RAPHAELMC_SERVER no-proxy-arp
!
object network PORTFORWARD_PRTG_IT
 nat (VLAN_FLUENT,outside) static 5.102.168.151
object network PORTFORWARD_PRTG_TELCO
 nat (VLAN_FLUENT,outside) static 109.74.247.148
object network PORTFORWARD_SIMPLEHELP
 nat (VLAN_FLUENT,outside) static 5.102.168.150
object network PORTFORWARD_HELPDESK
 nat (VLAN_FLUENT,outside) static 5.102.168.154
object network PORTFORWARD_BACKUP
 nat (VLAN_FLUENT,outside) static 176.12.106.87
object network PORTFORWARD_SOPHOS
 nat (VLAN_FLUENT,outside) static 109.74.242.212
object network PORTFORWARD_UNIFI_WIFI
 nat (VLAN_FLUENT,outside) static 5.102.168.155
object network PORTFORWARD_CPANEL
 nat (VLAN_FLUENT,outside) static 5.102.168.152
object network PORTFORWARD_3CX_JENNERS
 nat (VLAN_3CX,outside) static 109.74.242.217 net-to-net
object network PORTFORWARD_3CX_FLUENT
 nat (VLAN_3CX,outside) static 109.74.242.214 net-to-net
object network PORTFORWARD_3CX_LCAF
 nat (VLAN_3CX,outside) static 109.74.242.218 net-to-net
object network PORTFORWARD_3CX_MUNRO
 nat (VLAN_3CX,outside) static 109.74.242.216 net-to-net
object network PORTFORWARD_3CX_MCKENZIE
 nat (VLAN_3CX,outside) static 109.74.242.219 net-to-net
object network PORTFORWARD_3CX_GAP360
 nat (VLAN_3CX,outside) static 109.74.242.220 net-to-net
object network PORTFORWARD_3CX_SALONIQ
 nat (VLAN_3CX,outside) static 109.74.242.215 net-to-net
object network PORTFORWARD_3CX_PHOCAS
 nat (VLAN_3CX,outside) static 5.102.168.149 net-to-net
object network PORTFORWARD_3CX_OLISSON
 nat (VLAN_3CX,outside) static 176.12.106.84 net-to-net
object network PORTFORWARD_3CX_BRIGHTSPARK
 nat (VLAN_3CX,outside) static 176.12.106.85 net-to-net
object network PORTFORWARD_3CX_FALCON
 nat (VLAN_3CX,outside) static 176.12.106.86 net-to-net
object network PORTFORWARD_3CX_STORAGE_CONTROL_SYSTEMS
 nat (VLAN_3CX,outside) static 176.12.106.88 net-to-net
object network PORTFORWARD_3CX_WELLS_SPA_PLUMBING
 nat (VLAN_3CX,outside) static 176.12.106.89 net-to-net
object network PORTFORWARD_3CX_AZTEC
 nat (VLAN_3CX,outside) static 109.74.242.213 net-to-net
object network PORTFORWARD_3CX_HMO_ATAC
 nat (VLAN_3CX,outside) static 176.12.106.91 net-to-net
object network PORTFORWARD_3CX_NCEQUINE
 nat (VLAN_3CX,outside) static 109.74.242.222 net-to-net
object network PORTFORWARD_3CX_CROWBOROUGH_CABS
 nat (VLAN_3CX,outside) static 176.12.106.92 net-to-net
object network PORTFORWARD_3CX_RONDANINI
 nat (inside,outside) static 109.74.242.221 net-to-net
object network PORTFORWARD_3CX_VERBALISATION
 nat (inside,outside) static 5.102.168.156 net-to-net
object network PORTFORWARD_3CX_CTTRAVEL
 nat (inside,outside) static 176.12.106.90 net-to-net
object network PORTFORWARD_AVAYA_TECH21
 nat (VLAN_3CX,outside) static 176.12.106.93 net-to-net
object network PORTFORWARD_HIXSON_RDP
 nat (VLAN_HIXSON,outside) static 5.102.168.157
object network PORTFORWARD_WHITMAR_RDP
 nat (VLAN_WHITMAR,outside) static 5.102.168.158
object network PORTFORWARD_RAPHAEL_RDP
 nat (VLAN_RAPHAEL,outside) static 5.102.168.153
object network PORTFORWARD_GARTON_RDP
 nat (VLAN_GARTON,outside) static 109.74.247.149
object network PORTFORWARD_3CX_SWAN
 nat (VLAN_3CX,outside) static 176.12.106.94 net-to-net
object network PORTFORWARD_3CX_ABILITY
 nat (VLAN_3CX,outside) static 109.74.247.150 net-to-net
access-group OUTSIDE_IN in interface outside
route outside 0.0.0.0 0.0.0.0 5.102.168.145 1
route outside 0.0.0.0 0.0.0.0 109.74.242.209 2
route outside 0.0.0.0 0.0.0.0 176.12.106.81 3
route outside 0.0.0.0 0.0.0.0 109.74.247.145 4
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 VLAN_FLUENT
http 0.0.0.0 0.0.0.0 management
http 81.136.253.237 255.255.255.255 outside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set FirstSet esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set FirstSet_NewEra esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set FirstSet_Fluent_Ho esp-3des esp-sha-hmac 
crypto ipsec ikev2 ipsec-proposal AES256-SHA1
 protocol esp encryption aes-256
 protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association lifetime kilobytes unlimited
crypto ipsec security-association pmtu-aging infinite
crypto map VPN_FLUENT_HO_MAP 1 match address VPN_FLUENT_HO_ACL
crypto map VPN_FLUENT_HO_MAP 1 set pfs 
crypto map VPN_FLUENT_HO_MAP 1 set peer 81.136.253.237 
crypto map VPN_FLUENT_HO_MAP 1 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 1 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 2 match address VPN_HIXSON_38SHOP_ACL
crypto map VPN_FLUENT_HO_MAP 2 set pfs 
crypto map VPN_FLUENT_HO_MAP 2 set peer 81.140.5.152 
crypto map VPN_FLUENT_HO_MAP 2 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 2 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 3 match address VPN_HIXSON_HO_ACL
crypto map VPN_FLUENT_HO_MAP 3 set pfs 
crypto map VPN_FLUENT_HO_MAP 3 set peer 89.197.90.162 
crypto map VPN_FLUENT_HO_MAP 3 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 3 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map VPN_FLUENT_HO_MAP 3 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 4 match address VPN_STEVEJ_HOME_ACL
crypto map VPN_FLUENT_HO_MAP 4 set pfs 
crypto map VPN_FLUENT_HO_MAP 4 set peer 81.140.16.38 
crypto map VPN_FLUENT_HO_MAP 4 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 4 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 5 match address VPN_RONDANINI_HO_ACL
crypto map VPN_FLUENT_HO_MAP 5 set pfs 
crypto map VPN_FLUENT_HO_MAP 5 set peer 62.253.180.58 
crypto map VPN_FLUENT_HO_MAP 5 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 5 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 6 match address VPN_VERBALISATION_HO_ACL
crypto map VPN_FLUENT_HO_MAP 6 set pfs 
crypto map VPN_FLUENT_HO_MAP 6 set peer 195.99.223.228 
crypto map VPN_FLUENT_HO_MAP 6 set ikev1 transform-set ESP-AES-256-SHA
crypto map VPN_FLUENT_HO_MAP 6 set ikev2 pre-shared-key *****
crypto map VPN_FLUENT_HO_MAP 6 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 7 match address VPN_RAPH_HILD_ACL
crypto map VPN_FLUENT_HO_MAP 7 set pfs 
crypto map VPN_FLUENT_HO_MAP 7 set peer 88.211.109.18 
crypto map VPN_FLUENT_HO_MAP 7 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 7 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 8 match address VPN_WHITMAR_HO_ACL
crypto map VPN_FLUENT_HO_MAP 8 set pfs 
crypto map VPN_FLUENT_HO_MAP 8 set peer 213.162.123.42 
crypto map VPN_FLUENT_HO_MAP 8 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 8 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 9 match address VPN_NEWERA_ACL
crypto map VPN_FLUENT_HO_MAP 9 set pfs 
crypto map VPN_FLUENT_HO_MAP 9 set peer 81.133.108.186 
crypto map VPN_FLUENT_HO_MAP 9 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 9 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 10 match address VPN_GARTON_WEST_ACL
crypto map VPN_FLUENT_HO_MAP 10 set pfs 
crypto map VPN_FLUENT_HO_MAP 10 set peer 109.239.94.66 
crypto map VPN_FLUENT_HO_MAP 10 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 10 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 11 match address VPN_SALONIQ_HO1_ACL
crypto map VPN_FLUENT_HO_MAP 11 set pfs 
crypto map VPN_FLUENT_HO_MAP 11 set peer 81.140.109.212 
crypto map VPN_FLUENT_HO_MAP 11 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 11 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 12 match address VPN_SALONIQ_HO2_ACL
crypto map VPN_FLUENT_HO_MAP 12 set pfs 
crypto map VPN_FLUENT_HO_MAP 12 set peer 81.140.109.213 
crypto map VPN_FLUENT_HO_MAP 12 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 12 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 13 match address VPN_HMO_ATAC_ACL
crypto map VPN_FLUENT_HO_MAP 13 set pfs 
crypto map VPN_FLUENT_HO_MAP 13 set peer 46.33.136.84 
crypto map VPN_FLUENT_HO_MAP 13 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 13 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP interface outside
crypto map VPN_HIXSON_38SHOP_MAP 1 set pfs 
crypto map VPN_HIXSON_38SHOP_MAP 1 set peer 81.140.5.152 
crypto map VPN_HIXSON_38SHOP_MAP 1 set ikev1 transform-set FirstSet
crypto map VPN_NEW_ERA_MAP 1 set pfs 
crypto map VPN_NEW_ERA_MAP 1 set peer 81.133.108.186 
crypto map VPN_NEW_ERA_MAP 1 set ikev1 transform-set FirstSet_NewEra
crypto map VPN_NEW_ERA_MAP 2 set pfs 
crypto map VPN_NEW_ERA_MAP 2 set peer 81.133.108.186 
crypto ca trustpool policy
no crypto isakmp nat-traversal
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 2
 prf sha
 lifetime seconds 86400
crypto ikev1 enable outside
crypto ikev1 policy 1
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 2
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 VLAN_FLUENT
ssh 81.136.253.237 255.255.255.255 outside
ssh 109.74.240.30 255.255.255.255 outside
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
group-policy DfltGrpPolicy attributes
 vpn-idle-timeout none
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_81.140.16.38 internal
group-policy GroupPolicy_81.140.16.38 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_195.99.223.228 internal
group-policy GroupPolicy_195.99.223.228 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_62.253.180.58 internal
group-policy GroupPolicy_62.253.180.58 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_88.211.109.18 internal
group-policy GroupPolicy_88.211.109.18 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_81.133.108.186 internal
group-policy GroupPolicy_81.133.108.186 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_109.239.94.66 internal
group-policy GroupPolicy_109.239.94.66 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_46.33.136.84 internal
group-policy GroupPolicy_46.33.136.84 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_81.140.109.213 internal
group-policy GroupPolicy_81.140.109.213 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_81.140.5.152 internal
group-policy GroupPolicy_81.140.5.152 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_89.197.90.162 internal
group-policy GroupPolicy_89.197.90.162 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_213.162.123.42 internal
group-policy GroupPolicy_213.162.123.42 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy_81.140.109.212 internal
group-policy GroupPolicy_81.140.109.212 attributes
 vpn-tunnel-protocol ikev1 
dynamic-access-policy-record DfltAccessPolicy
tunnel-group 81.136.253.237 type ipsec-l2l
tunnel-group 81.136.253.237 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 81.140.5.152 type ipsec-l2l
tunnel-group 81.140.5.152 general-attributes
 default-group-policy GroupPolicy_81.140.5.152
tunnel-group 81.140.5.152 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 89.197.90.162 type ipsec-l2l
tunnel-group 89.197.90.162 general-attributes
 default-group-policy GroupPolicy_89.197.90.162
tunnel-group 89.197.90.162 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 81.140.16.38 type ipsec-l2l
tunnel-group 81.140.16.38 general-attributes
 default-group-policy GroupPolicy_81.140.16.38
tunnel-group 81.140.16.38 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 195.99.223.228 type ipsec-l2l
tunnel-group 195.99.223.228 general-attributes
 default-group-policy GroupPolicy_195.99.223.228
tunnel-group 195.99.223.228 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 62.253.180.58 type ipsec-l2l
tunnel-group 62.253.180.58 general-attributes
 default-group-policy GroupPolicy_62.253.180.58
tunnel-group 62.253.180.58 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 88.211.109.18 type ipsec-l2l
tunnel-group 88.211.109.18 general-attributes
 default-group-policy GroupPolicy_88.211.109.18
tunnel-group 88.211.109.18 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 213.162.123.42 type ipsec-l2l
tunnel-group 213.162.123.42 general-attributes
 default-group-policy GroupPolicy_213.162.123.42
tunnel-group 213.162.123.42 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 81.133.108.186 type ipsec-l2l
tunnel-group 81.133.108.186 general-attributes
 default-group-policy GroupPolicy_81.133.108.186
tunnel-group 81.133.108.186 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 109.239.94.66 type ipsec-l2l
tunnel-group 109.239.94.66 general-attributes
 default-group-policy GroupPolicy_109.239.94.66
tunnel-group 109.239.94.66 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 81.140.109.212 type ipsec-l2l
tunnel-group 81.140.109.212 general-attributes
 default-group-policy GroupPolicy_81.140.109.212
tunnel-group 81.140.109.212 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 81.140.109.213 type ipsec-l2l
tunnel-group 81.140.109.213 general-attributes
 default-group-policy GroupPolicy_81.140.109.213
tunnel-group 81.140.109.213 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group 46.33.136.84 type ipsec-l2l
tunnel-group 46.33.136.84 general-attributes
 default-group-policy GroupPolicy_46.33.136.84
tunnel-group 46.33.136.84 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect netbios 
  inspect tftp 
  inspect ip-options 
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:9d15b0f9e2710d5e5a25e4d91bfcc436
: end
no asdm history enable
0 Helpful

Georg Pauwen
VIP
VIP
In response to sjsteve33171

‎06-15-2018 02:32 PM

Hello,

 

config looks good, your server (10.10.1.2) is the first in the list, so unless it is down, it should always be queried first.

I have a feeling that Windows 2012 might be the problem. Do you have a regular client PC you can test the same with ? 

0 Helpful

sjsteve33171
Level 1
Level 1
In response to Georg Pauwen

‎06-15-2018 02:38 PM

I'm actually finding it's happening across the board to be fair.

 

Server A can't access any other server via public IP

Server B can't access any other server via public IP

Server C can't access any other server via public IP

Server D can't access any other server via public IP

etc..

 

ALL can talk internally fine. Somethings definitely not correct. t's only since going to the ASA, so its 100% with that.

0 Helpful

Georg Pauwen
VIP
VIP
In response to sjsteve33171

‎06-15-2018 03:16 PM

Hello,

 

I think that you need a static NAT entry mapping your external address. I'll do some testing and let you know...

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎06-16-2018 02:30 PM

Hello,

 

here is what I have come up with in GNS3. I am not sure it works in your environment as well, but basically DNS doctoring intercept DNS requests to an external webserver and redirects it to the internal one. In the example, 10.10.1.2 is your internal webserver address, and 5.102.168.x is the external address (I couldn't figure out from your config which address you are using, so just fill the 'x' with the correct digits):

 

access-list OUTSIDE_IN extended permit tcp any host 10.10.1.2 eq www
access-group OUTSIDE_IN in interface outside

!

object network INTERNAL_WEBSERVER
host 10.10.1.2
nat (VLAN_FLUENT,outside) static 5.102.168.x dns

0 Helpful

paul driver
VIP
VIP

‎06-17-2018 02:02 AM - edited ‎06-17-2018 02:32 AM

Hello

I assume you can access the url via ip address ( local address)

Do you have a local dns server on site if so, This is most probably an authoritative dns server to your domain.

You should be able to add (split) an a additional Local A host record for your web server so users local will still be able resolve and to access this web server via url but locally.

 

Now when they are off site using the internet and what ever dns server they are pointed to, This will query and get a resolution for your same web server be it via its public facing registered address.


Another way would to configure  domain-less nat (NVI) or DNS doctoring as Georg stated so to enable local users resolve your web server via its public address which would seem like they are exiting the local lan and coming back in just to hit you local web server.

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card