i tryed with this configuration with permit ip any any on below of acl Outeside_in on outside interface
Building configuration...
Current configuration : 10115 bytes
!
! Last configuration change at 15:13:17 PCTime Fri Aug 21 2015 by administrator
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname servers-r
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200
enable secret 5 $1$zUjL$rAvZbXspCYjotGe/jL48T1
enable password 7 097C4F1A0A1218000F4D557878
!
no aaa new-model
clock timezone PCTime 1 0
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
no ipv6 cef
!
!
ip port-map user-paragraf port tcp 6190 list 2
!
!
!
ip domain name dri.local
ip name-server 192.168.0.20
ip name-server 192.168.0.24
ip cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2259530887
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2259530887
revocation-check none
rsakeypair TP-self-signed-2259530887
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name e=sdmtest@sdmtest.com
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-2259530887
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323539 35333038 3837301E 170D3135 30373038 31333139
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32353935
33303838 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B259 D0C431C4 B525F2EE 1D9BF630 C149CE34 786795EC B6355D65 A8EF7B3D
C65EEAC8 729155F5 5BC853AE 976AC249 B40FFED6 59CF457F 0F4FA191 2080218C
4380C255 33DAEF9C E103307A 69477BC6 5A740E2C D944326B 461DC373 2F1F6CE2
F1B8C22E A5010323 815804D3 7C3BAFB2 62BC7842 C8D0D506 0FB9CA8B 0F49236E
AE8B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14A5124D 5912F9BC C4109E65 E49489B7 24AC8345 22301D06
03551D0E 04160414 A5124D59 12F9BCC4 109E65E4 9489B724 AC834522 300D0609
2A864886 F70D0101 05050003 81810033 1A9BEBA8 0736025C 5740E525 0A45910B
406A0CFA F2ADE31F 76D92B73 40EBBF98 F2E261C0 247D6BD9 94D3AE79 313D7AE4
0CA635B3 A62205B4 67F9CD78 6CD47554 F5F184BD C88BB35C C01E44AD E8491DF7
0A46F0AF 39867593 6F21B2D3 E8B5B787 D430E64B F3F7A7D3 C2D54690 E31E2B35
E77E55D8 02E035B1 0965616F 00AC1A
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
license udi pid CISCO1921/K9 sn FCZ163293TE
!
!
object-group network DRI_mreze
192.168.0.0 255.255.255.0
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.4.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.7.0 255.255.255.0
192.168.8.0 255.255.255.0
192.168.50.0 255.255.255.0
!
object-group network backup_server
host 192.168.0.152
host 192.168.0.32
range 192.168.0.29 192.168.0.30
!
object-group network SQL_servers
host 192.168.200.14
host 192.168.200.34
host 192.168.200.16
!
object-group network wsus_servers
host 192.168.200.12
host 192.168.200.27
host 192.168.200.15
!
object-group network sharepoint_web_servers
range 192.168.200.36 192.168.200.37
host 192.168.200.13
host 192.168.200.17
!
object-group network virtual_servers
host 192.168.200.11
host 192.168.200.25
host 192.168.200.41
!
object-group network domain_controllers
host 192.168.200.20
host 192.168.200.24
!
object-group network Pinged_server
group-object backup_server
group-object SQL_servers
group-object wsus_servers
group-object sharepoint_web_servers
group-object virtual_servers
group-object domain_controllers
host 192.168.200.22
host 192.168.200.26
host 192.168.200.23
host 192.168.200.31
host 192.168.200.28
host 192.168.200.33
!
object-group service RDP_service
tcp eq 3389
!
object-group network REMOTE_DESKTOP_client
host 192.168.0.123
host 192.168.0.188
host 192.168.0.61
192.168.50.0 255.255.255.0
!
object-group service SPSQL_server
description sql server for sharepoint
tcp eq 5357
tcp eq 49207
tcp range 49152 49155
tcp eq 49177
tcp eq 47001
tcp eq 5985
!
object-group service WDS_server
tcp eq 5985
tcp eq 5357
tcp eq 1027
tcp eq 14236
tcp eq 1033
tcp eq 5040
tcp eq 3389
icmp echo
icmp echo-reply
!
object-group service backup_servers
tcp eq 135
tcp eq 139
tcp eq 3389
tcp eq 9876
tcp eq 445
tcp eq 2301
tcp eq 2381
tcp eq 3260
!
object-group service domain_controller
tcp eq 49188
tcp eq 49177
tcp eq 47001
tcp eq 5985
tcp eq 5357
icmp echo
icmp echo-reply
tcp lt 3389
!
object-group service dri-net_server
tcp eq 3306
tcp eq www
tcp eq 1025
tcp range 1029 1030
!
object-group service finansije_server
tcp eq 135
tcp eq 139
tcp eq 3389
tcp eq 445
tcp eq www
tcp eq 5357
!
object-group service paragraflex_server
tcp eq 5357
tcp eq 5985
tcp eq 47001
icmp echo
icmp echo-reply
!
object-group network ping_server
host 192.168.0.61
192.168.50.0 255.255.255.0
!
object-group service pinging_service
icmp echo-reply
icmp echo
!
object-group service sharepoint_application_service
tcp eq 135
tcp eq 139
tcp eq 3389
tcp eq 2103
tcp eq 2105
tcp eq 2107
tcp eq 1801
tcp eq smtp
tcp eq 4361
tcp eq 8080
tcp eq 4860
tcp eq 445
tcp eq 1053
tcp eq 5357
tcp range www 82
!
object-group service sharepoint_web_application
tcp eq 2103
tcp eq 2105
tcp eq 2107
tcp eq 1801
tcp range 1025 1028
tcp eq 49098
tcp eq 1065
tcp eq 1063
tcp eq 1043
tcp eq 47001
tcp eq 5985
tcp eq 1110
tcp eq 5357
tcp eq 23456
tcp range 32843 32844
!
object-group service terminal_server
tcp eq 135
tcp eq 139
tcp eq 3389
tcp eq 1947
tcp eq 445
tcp eq 5357
!
object-group service virtual_server_services
tcp eq 2179
tcp eq 2301
tcp eq 2381
tcp eq 49166
tcp eq 55478
tcp eq 47001
tcp eq 5985
tcp eq 55480
tcp range 49152 49155
tcp range 49161 49163
!
object-group service wsus_services
tcp eq 5357
tcp range 49152 49155
tcp eq 49194
tcp eq 49176
!
username administrator privilege 15 password 7 01230717481C091D250D1F5B4A
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 192.168.0.253 255.255.255.0
ip access-group Outside_in in
ip mask-reply
ip nbar protocol-discovery
ip flow ingress
ip flow egress
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.200.254 255.255.255.0
ip access-group Inside_in in
ip flow ingress
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip flow-export destination 192.168.0.61 2055
ip flow-top-talkers
top 10
sort-by packets
cache-timeout 1000
!
ip route 0.0.0.0 0.0.0.0 192.168.0.254 255 permanent
ip route 192.168.1.0 255.255.255.0 192.168.0.254 4 permanent
ip route 192.168.2.0 255.255.255.0 192.168.0.254 5 permanent
ip route 192.168.3.0 255.255.255.0 192.168.0.254 3 permanent
ip route 192.168.4.0 255.255.255.0 192.168.0.254 7 permanent
ip route 192.168.5.0 255.255.255.0 192.168.0.254 2 permanent
ip route 192.168.7.0 255.255.255.0 192.168.0.254 6 permanent
ip route 192.168.8.0 255.255.255.0 192.168.0.254 8 permanent
ip route 192.168.50.0 255.255.255.0 192.168.0.10 permanent
!
ip access-list extended Inside_in
remark CCP_ACL Category=1
remark Auto generated by CCP for NTP (123) 192.168.0.20
permit udp host 192.168.0.20 eq ntp host 192.168.200.254 eq ntp
permit ip any any
ip access-list extended Outside_in
remark CCP_ACL Category=1
remark Auto generated by CCP for NTP (123) 192.168.0.20
permit udp host 192.168.0.20 eq ntp host 192.168.0.253 eq ntp
permit ip host 192.168.0.61 host 192.168.0.253
permit udp host 192.168.0.20 192.168.200.0 0.0.0.255 range 49152 56535
permit tcp host 192.168.0.20 192.168.200.0 0.0.0.255 range 49152 56535
permit object-group pinging_service object-group REMOTE_DESKTOP_client object-group Pinged_server log
permit object-group RDP_service object-group REMOTE_DESKTOP_client object-group Pinged_server log
deny object-group virtual_server_services object-group DRI_mreze object-group virtual_servers
deny object-group paragraflex_server object-group DRI_mreze host 192.168.200.26
deny object-group wsus_services object-group DRI_mreze object-group wsus_servers
deny object-group sharepoint_web_application object-group DRI_mreze object-group sharepoint_web_servers log
deny object-group SPSQL_server object-group DRI_mreze object-group SQL_servers
deny object-group dri-net_server 192.168.0.0 0.0.0.255 host 192.168.200.31 log
deny object-group domain_controller object-group DRI_mreze object-group domain_controllers log
deny object-group WDS_server object-group DRI_mreze host 192.168.200.28
permit ip object-group DRI_mreze 192.168.200.0 0.0.0.255 log
ip access-list extended outside_out
remark CCP_ACL Category=1
permit icmp 192.168.200.0 0.0.0.255 object-group DRI_mreze
permit ip any any
!
logging trap debugging
logging source-interface GigabitEthernet0/0
logging 192.168.0.61
access-list 1 permit 192.168.0.61
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.200.0 0.0.0.255
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.200.26
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit ip 192.168.200.0 0.0.0.255 any
access-list 100 permit ip host 192.168.0.61 any
!
!
snmp-server ifindex persist
snmp-server enable traps entity-sensor threshold
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 100 in
exec-timeout 40 0
privilege level 15
password 7 097C4F1A0A1218000F4D557878
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 192.168.0.20 prefer source GigabitEthernet0/0
!
end
and again i have same problem my servers cannot ping workstations but workstations can ping and access to servers.
Where is problem?