Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About sjsteve33171
Stats
Member since
10-09-2015
14
Posts
0
Helpful
1
Solution
08-15-2019
10:15 AM
Hi Paul, Thanks for the reply im half way there, however hit a snag with these commands: ip nat destination list 100 pool UniFi-WiFi ip nat destination list 101 pool Pi-Hole ip nat destination list 102 pool 3cx-Jenners It gives me an error: SteveHome(config)#ip nat destination list 100 pool UniFi-WiFi ^ % Invalid input detected at '^' marker. SteveHome(config)#ip nat destination list 101 pool Pi-Hole ^ % Invalid input detected at '^' marker. SteveHome(config)#ip nat destination list 102 pool 3cx-Jenners ^ % Invalid input detected at '^' marker. )#ip nat ? Stateful Stateful NAT configuration commands create Create flow entries inside Inside address translation log NAT Logging outside Outside address translation piggyback-support NAT Piggybacking Support pool Define pool of addresses portmap Define portmap of portranges service Special translation for application using non-standard port sip-sbc SIP Session Border Controller commands source Source address translation translation NAT translation entry configuration Which way shall i proceed?
... View more
08-14-2019
03:17 PM
Hi Again Karsten! You’ve helped me before on an ASA. Thanks for the suggestion but I can’t use it as for certain reasons i need ALL DNS traffic to go through the server on 172.16.9.5, so having the server on Cisco can’t be a route I take. Good idea though. Any other suggestions?
... View more
08-14-2019
02:14 PM
Hi, I’ve been looking around and can’t find a suitable solution or one I can understand and get the commands right and work. The short of it is I’m hosting 3 VM’s at my house behind a 887vam. Outside the LAN I can access the services fine. Inside the lan I can not access them via the public DNS name but can via the internal IP. What I need is to go to http://domain.com and get the page required when inside the LAN. As mentioned I’ve searched before asking but I can’t seem to get it right! Someone please help? Config: Building configuration... Current configuration : 5567 bytes ! ! Last configuration change at 20:30:23 UTC Wed Aug 14 2019 by cisco ! NVRAM config last updated at 20:30:25 UTC Wed Aug 14 2019 by cisco ! NVRAM config last updated at 20:30:25 UTC Wed Aug 14 2019 by cisco version 15.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SteveHome ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! crypto pki trustpoint TP-self-signed-875695804 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-875695804 revocation-check none rsakeypair TP-self-signed-875695804 ! ! crypto pki certificate chain TP-self-signed-875695804 certificate self-signed 01 30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 38373536 39353830 34301E17 0D313930 38313432 30303331 375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3837 35363935 38303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B0570E37 FD347B08 6F3C47BF 7DF5FAF7 B7A6C7D0 3BCD34F0 AF879EAB 0FB1A8D5 FA5317B2 793A6D1E 7E18CDF5 5EAF6986 0CC06777 D7BEEC38 CC7473AC 496A6953 7F4E645D 7DE56AA1 5777E9B9 37DDA0E8 007E98D0 7451D6C9 5F16BB21 2542F547 734F5A02 8F68BFEE A32E60A5 BA763D8F D2081E72 DB3C08A2 8251997E 1D50EB67 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 1680146B B9B8EF57 863D2423 A4A44994 E0158811 B87EE630 1D060355 1D0E0416 04146BB9 B8EF5786 3D2423A4 A44994E0 158811B8 7EE6300D 06092A86 4886F70D 01010505 00038181 006AE881 C98C21DC BC5E9F0F 47D2F6B3 AAC4E5AB FA62E70B 53481C6F 7DAA77C7 78DDB109 89279362 8E27488A 0AF7C802 AF372C07 82F58987 09A73DA0 4F22BDD3 69171808 CCDFCBC2 EF810176 C570B7BB 6CFA4100 C16B79E4 8B8EE297 28B7607E 7201522A 168178DE 4B3956E7 6E393C9D 05B20901 EB744369 197268B6 F96DCBD3 53 quit ! ! ! ip dhcp excluded-address 172.16.9.1 172.16.9.20 ! ip dhcp pool Home import all network 172.16.9.0 255.255.255.0 default-router 172.16.9.1 dns-server 172.16.9.5 8.8.8.8 8.8.4.4 lease 0 8 ! ip dhcp pool UniFi host 172.16.9.4 255.255.255.0 hardware-address 000c.297d.69ff ! ip dhcp pool pi-hole host 172.16.9.5 255.255.255.0 hardware-address 000c.29d3.1af5 ! ! ! ip name-server 172.16.9.5 ip name-server 8.8.8.8 ip name-server 8.8.4.4 ip cef no ipv6 cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! username ****** privilege 15 password 0 ****** ! ! ! ! ! controller VDSL 0 ! ip ssh version 2 ! ! ! ! ! ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0 no ip address ! interface Ethernet0.101 encapsulation dot1Q 101 pppoe enable group global pppoe-client dial-pool-number 1 ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface Vlan1 ip address 172.16.9.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Dialer1 mtu 1492 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip flow ingress ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication pap chap ms-chap callin ppp chap hostname ******* ppp chap password 0 ****** ppp ipcp address accept no cdp enable ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! ip nat pool Pi-Hole 172.16.9.5 172.16.9.5 netmask 255.255.255.0 type rotary ip nat pool UniFi-WiFi 172.16.9.4 172.16.9.4 netmask 255.255.255.0 type rotary ip nat pool 3cx 172.16.9.6 172.16.9.6 netmask 255.255.255.0 type rotary ip nat inside source list NAT interface Dialer1 overload ip nat inside destination list 100 pool UniFi-WiFi ip nat inside destination list 101 pool Pi-Hole ip nat inside destination list 102 pool 3cx ip route 0.0.0.0 0.0.0.0 Dialer1 permanent ! ip access-list extended NAT permit ip 172.16.9.0 0.0.0.255 any ! ! access-list 100 permit tcp any any eq 8080 access-list 100 permit tcp any any eq 8443 access-list 100 permit tcp any any eq 8880 access-list 100 permit tcp any any eq 8843 access-list 100 permit tcp any any eq 8883 access-list 100 permit tcp any any eq 6789 access-list 100 permit udp any any eq 3478 access-list 100 permit udp any any eq 1900 access-list 100 permit udp any any eq 10001 access-list 100 permit udp any any range 5656 5699 access-list 101 permit tcp any any eq www access-list 102 permit tcp any any eq 443 access-list 102 permit tcp any any eq 5060 access-list 102 permit udp any any eq 5060 access-list 102 permit tcp any any eq 5090 access-list 102 permit udp any any eq 5090 access-list 102 permit udp any any range 9000 10999 ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! line con 0 no modem enable line aux 0 line vty 0 4 exec-timeout 600 0 password ****** login local transport input telnet ssh transport output telnet ssh ! scheduler allocate 20000 1000 ntp source Dialer1 ntp server 0.uk.pool.ntp.org ntp server 2.uk.pool.ntp.org ntp server 1.uk.pool.ntp.org ntp server 3.uk.pool.ntp.org ! end
... View more
Labels:
06-15-2018
02:38 PM
I'm actually finding it's happening across the board to be fair.
Server A can't access any other server via public IP
Server B can't access any other server via public IP
Server C can't access any other server via public IP
Server D can't access any other server via public IP
etc..
ALL can talk internally fine. Somethings definitely not correct. t's only since going to the ASA, so its 100% with that.
... View more
06-15-2018
01:37 PM
Its a pretty big config but here
: Saved
:
: Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores)
:
ASA Version 9.4(4)18
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 172.128.134.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif VLAN_TRUNK
security-level 100
no ip address
!
interface GigabitEthernet0/1.100
vlan 100
nameif VLAN_HIXSON
security-level 100
ip address 192.168.200.1 255.255.255.0
!
interface GigabitEthernet0/1.101
vlan 101
nameif VLAN_FLUENT
security-level 100
ip address 10.10.1.1 255.255.255.0
!
interface GigabitEthernet0/1.102
vlan 102
nameif VLAN_3CX
security-level 100
ip address 10.10.2.1 255.255.255.0
!
interface GigabitEthernet0/1.110
vlan 110
nameif VLAN_WHITMAR
security-level 100
ip address 192.168.52.1 255.255.255.0
!
interface GigabitEthernet0/1.115
vlan 115
nameif VLAN_RAPHAEL
security-level 100
ip address 172.16.10.1 255.255.255.0
!
interface GigabitEthernet0/1.120
vlan 120
nameif VLAN_GARTON
security-level 100
ip address 192.168.120.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
nameif outside
security-level 0
ip address 5.102.168.148 255.255.255.240
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 172.16.254.1 255.255.255.0
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup inside
dns domain-lookup VLAN_FLUENT
dns domain-lookup VLAN_3CX
dns domain-lookup outside
dns domain-lookup management
dns server-group DefaultDNS
name-server 10.10.1.2
name-server 8.8.8.8
name-server 8.8.4.4
domain-name fluent.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network PORTFORWARD_PRTG_IT
host 10.10.1.243
object network PORTFORWARD_PRTG_TELCO
host 10.10.1.242
object network PORTFORWARD_SIMPLEHELP
host 10.10.1.241
object network PORTFORWARD_HELPDESK
host 10.10.1.244
object network PORTFORWARD_BACKUP
host 10.10.1.6
object network PORTFORWARD_SOPHOS
host 10.10.1.7
object network PORTFORWARD_UNIFI_WIFI
host 10.10.1.5
object network PORTFORWARD_CPANEL
host 10.10.1.4
object network PORTFORWARD_3CX_JENNERS
host 10.10.2.10
object network PORTFORWARD_3CX_FLUENT
host 10.10.2.7
object network PORTFORWARD_3CX_LCAF
host 10.10.2.12
object network PORTFORWARD_3CX_MUNRO
host 10.10.2.5
object network PORTFORWARD_3CX_MCKENZIE
host 10.10.2.2
object network PORTFORWARD_3CX_GAP360
host 10.10.2.11
object network PORTFORWARD_3CX_SALONIQ
host 10.10.2.15
object network PORTFORWARD_3CX_PHOCAS
host 10.10.2.13
object network PORTFORWARD_3CX_OLISSON
host 10.10.2.8
object network PORTFORWARD_3CX_BRIGHTSPARK
host 10.10.2.4
object network PORTFORWARD_3CX_FALCON
host 10.10.2.6
object network PORTFORWARD_3CX_STORAGE_CONTROL_SYSTEMS
host 10.10.2.16
object network PORTFORWARD_3CX_WELLS_SPA_PLUMBING
host 10.10.2.14
object network PORTFORWARD_3CX_AZTEC
host 10.10.2.3
object network PORTFORWARD_3CX_HMO_ATAC
host 10.10.2.9
object network PORTFORWARD_3CX_NCEQUINE
host 10.10.2.17
object network PORTFORWARD_3CX_CROWBOROUGH_CABS
host 10.10.2.18
object network PORTFORWARD_3CX_RONDANINI
host 10.10.2.22
object network PORTFORWARD_3CX_VERBALISATION
host 10.10.2.23
object network PORTFORWARD_3CX_CTTRAVEL
host 10.10.2.21
object network PORTFORWARD_AVAYA_TECH21
host 10.10.2.19
object network PORTFORWARD_HIXSON_RDP
host 192.168.200.254
object network PORTFORWARD_WHITMAR_RDP
host 192.168.52.254
object network PORTFORWARD_RAPHAEL_RDP
host 172.16.10.254
object network PORTFORWARD_GARTON_RDP
host 192.168.120.254
object network PUBLICIP_OUT_FLUENT_HELPDESK_SERVER
object network PUBLICIP_OUT_FLUENT_PRTG_TELCO_SERVER
object network PUBLICIP_OUT_FLUENT_SIMPLEHELP_SERVER
object network PUBLICIP_OUT_FLUENT_UNIFI_SERVER
object network PUBLICIP_OUT_FLUENT_CPANEL_SERVER
object network PUBLICIP_OUT_RAPHAEL_RDP_SERVER
object network PUBLICIP_OUT_HIXSON_RDP_SERVER
object network PUBLICIP_OUT_WHITMAR_RDP_SERVER
object network PUBLICIP_OUT_GARTON_RDP_SERVER
object network PUBLICIP_OUT_3CX_AZTEC
object network PUBLICIP_OUT_3CX_BRIGHTSPARK
object network PUBLICIP_OUT_3CX_CTTRAVEL
object network PUBLICIP_OUT_3CX_CROWBOROUGH_CABS
object network PUBLICIP_OUT_3CX_FALCON
object network PUBLICIP_OUT_3CX_FLUENT
object network PUBLICIP_OUT_3CX_OLISSON
object network PUBLICIP_OUT_3CX_GAP360
object network PUBLICIP_OUT_3CX_JENNERS
object network PUBLICIP_OUT_3CX_LCAF
object network PUBLICIP_OUT_3CX_MCKENZIE
object network PUBLICIP_OUT_3CX_MUNRO
object network PUBLICIP_OUT_3CX_NCEQUINE
object network PUBLICIP_OUT_3CX_PHOCAS
object network PUBLICIP_OUT_3CX_RONDANINI
object network PUBLICIP_OUT_3CX_SALONIQ
object network PUBLICIP_OUT_3CX_SWAN
object network PUBLICIP_OUT_3CX_VERBALISATION
object network PUBLICIP_OUT_3CX_WELLS_SPA_PLUMBING
object network PUBLICIP_OUT_3CX_HMO_ATAC
object network PUBLICIP_OUT_AVAYA_TECH21
object network PORTFORWARD_3CX_SWAN
host 10.10.2.20
object network VPN-FLUENT-HO
subnet 192.168.62.0 255.255.255.0
object network VPN-FLUENT-DC1
subnet 10.10.1.0 255.255.255.0
object network PUBLICIP_OUT_FLUENT_SOPHOS_SERVER
object network PUBLICIP_OUT_FLUENT_BACKUP_SERVER
object network OUTBOUNDIP_3CX_VERBALISATION
object network PUBLICIP_PRTG_IT_SERVER
host 5.102.168.151
object network PRIVATEIP_PRTG_IT_SERVER
host 10.10.1.243
object network PUBLICIP_OUT_FLUENT_PRTG_IT_SERVER
object network PUBLICIP_3CX_AZTEC
host 109.74.242.213
object network PRIVATEIP_3CX_AZTEC
host 10.10.2.3
object network PUBLICIP_3CX_BRIGHTSPARK
host 176.12.106.85
object network PRIVATEIP_3CX_BRIGHTSPARK
host 10.10.2.4
object network PUBLICIP_3CX_CTTRAVEL
host 176.12.106.90
object network PRIVATEIP_3CX_CTTRAVEL
host 10.10.2.21
object network PUBLICIP_3CX_CROWBOROUGH_CABS
host 176.12.106.92
object network PRIVATEIP_3CX_CROWBOROUGH_CABS
host 10.10.2.18
object network PUBLICIP_3CX_FALCON
host 176.12.106.86
object network PRIVATEIP_3CX_FALCON
host 10.10.2.6
object network PUBLICIP_3CX_FLUENT
host 109.74.242.214
object network PRIVATEIP_3CX_FLUENT
host 10.10.2.7
object network PUBLICIP_3CX_OLISSON
host 176.12.106.84
object network PRIVATEIP_3CX_OLISSON
host 10.10.2.8
object network PUBLICIP_3CX_GAP360
host 109.74.242.220
object network PRIVATEIP_3CX_GAP360
host 10.10.2.11
object network PUBLICIP_3CX_JENNERS
host 109.74.242.217
object network PRIVATEIP_3CX_JENNERS
host 10.10.2.10
object network PUBLICIP_3CX_LCAF
host 109.74.242.218
object network PRIVATEIP_3CX_LCAF
host 10.10.2.12
object network PUBLICIP_3CX_MCKENZIE
host 109.74.242.219
object network PRIVATEIP_3CX_MCKENZIE
host 10.10.2.2
object network PUBLICIP_3CX_MUNRO
host 109.74.242.216
object network PRIVATEIP_3CX_MUNRO
host 10.10.2.5
object network PUBLICIP_3CX_NCEQUINE
host 109.74.242.222
object network PRIVATEIP_3CX_NCEQUINE
host 10.10.2.17
object network PUBLICIP_3CX_PHOCAS
host 5.102.168.149
object network PRIVATEIP_3CX_PHOCAS
host 10.10.2.13
object network PUBLICIP_3CX_RONDANINI
host 109.74.242.221
object network PRIVATEIP_3CX_RONDANINI
host 10.10.2.22
object network PUBLICIP_3CX_SALONIQ
host 109.74.242.215
object network PRIVATEIP_3CX_SALONIQ
host 10.10.2.15
object network PUBLICIP_3CX_SWAN
host 176.12.106.94
object network PRIVATEIP_3CX_SWAN
host 10.10.2.20
object network PUBLICIP_3CX_VERBALISATION
host 5.102.168.156
object network PRIVATEIP_3CX_VERBALISATION
host 10.10.2.23
object network PUBLICIP_3CX_WELLS_SPA_PLUMBING
host 176.12.106.89
object network PRIVATEIP_3CX_WELLS_SPA_PLUMBING
host 10.10.2.14
object network PUBLICIP_3CX_HMO_ATAC
host 176.12.106.91
object network PRIVATEIP_3CX_HMO_ATAC
host 10.10.2.9
object network PUBLICIP_3CX_STORAGE_CONTROL_SYSTEMS
host 176.12.106.88
object network PRIVATEIP_3CX_STORAGE_CONTROL_SYSTEMS
host 10.10.2.16
object network PUBLICIP_AVAYA_TECH21
host 176.12.106.93
object network PRIVATEIP_AVAYA_TECH21
host 10.10.2.19
object network PUBLICIP_CPANEL_SERVER
host 5.102.168.152
object network PRIVATEIP_CPANEL_SERVER
host 10.10.1.4
object network PUBLICIP_BACKUP_SERVER
host 176.12.106.87
object network PRIVATEIP_BACKUP_SERVER
host 10.10.1.6
object network PUBLICIP_HELPDESK_SERVER
host 5.102.168.154
object network PRIVATEIP_HELPDESK_SERVER
host 10.10.1.244
object network PUBLICIP_PRTG_TELCO_SERVER
host 109.74.247.148
object network PRIVATEIP_PRTG_TELCO_SERVER
host 10.10.1.242
object network PUBLICIP_RAPHAELMC_SERVER
host 5.102.168.153
object network PRIVATEIP_RAPHAELMC_SERVER
host 172.16.10.254
object network PUBLICIP_SIMPLEHELP_SERVER
host 5.102.168.150
object network PRIVATEIP_SIMPLEHELP_SERVER
host 10.10.1.241
object network PUBLICIP_SOPHOS_SERVER
host 109.74.242.212
object network PRIVATEIP_SOPHOS_SERVER
host 10.10.1.8
object network PUBLICIP_HIXSON_SERVER
host 5.102.168.157
object network PRIVATEIP_HIXSON_SERVER
host 192.168.200.254
object network PUBLICIP_UNIFI_SERVER
host 5.102.168.155
object network PRIVATEIP_UNIFI_SERVER
host 10.10.1.5
object network PUBLICIP_WHITMAR_SERVER
host 5.102.168.158
object network PRIVATEIP_WHITMAR_SERVER
host 192.168.52.254
object network PRIVATEIP_GARTON_SERVER
host 192.168.120.254
object network PUBLICIP_GARTON_SERVER
host 109.74.247.149
object network PUBLICIP_OUT_STORAGE_CONTROL_SYSTEMS_SWAN
object network VPN-FLUENT-DC2
subnet 10.10.2.0 255.255.255.0
object network VPN-HIXSON-DC1
subnet 192.168.200.0 255.255.255.0
object network VPN-HIXSON-38SHOP1
subnet 192.168.5.0 255.255.255.0
object network VPN-HIXSON-HO1
subnet 192.168.1.0 255.255.255.0
object network VPN-STEVEJ-HOME1
subnet 172.16.9.0 255.255.255.0
object network VPN-VERBALISATION-HO1
subnet 192.168.88.0 255.255.255.0
object network VPN-RONDANINI-HO1
subnet 192.168.0.0 255.255.255.0
object network VPN-RAPH-DC1
subnet 172.16.10.0 255.255.255.0
object network VPN-RAPH_HILD_CLOCK
subnet 192.168.2.0 255.255.255.0
object network VPN-RAPH_HILD_SWITCH
subnet 10.9.10.0 255.255.255.0
object network VPN-RAPH_HILD_PC
subnet 10.9.30.0 255.255.255.0
object network VPN-RAPH_HILD_PRINTERS
subnet 10.9.40.0 255.255.255.0
object network VPN-RAPH_HILD_WIFI
subnet 10.9.50.0 255.255.255.0
object network VPN-RAPH_HILD_PHONES
subnet 10.9.60.0 255.255.255.0
object network VPN-WHITMAR-DC1
subnet 192.168.52.0 255.255.255.0
object network VPN-WHITMAR_HO1
subnet 192.168.8.0 255.255.255.0
object network VPN-NEWERA_HO1
subnet 192.168.40.0 255.255.255.0
object network VPN-GARTON-DC1
subnet 192.168.120.0 255.255.255.0
object network VPN-GARTON_HO1
subnet 10.55.1.0 255.255.255.0
object network VPN-SALONIQ_HO1
subnet 192.168.4.0 255.255.255.0
object network VPN-SALONIQ_HO2
subnet 192.168.3.0 255.255.255.0
object network PUBLICIP_OUT_3CX_BILITY
object network PORTFORWARD_3CX_ABILITY
host 10.10.2.24
object network VPN-HMO_ATAC_HO1
subnet 192.168.231.0 255.255.255.0
object network PRIVATEIP_RAPHAELMC_REVOLVE_SERVER
host 172.16.10.253
object network PUBLICIP_OUT_RAPHAEL_REVOLVE_RDP_SERVER
object network VPN-VERBALISATION_PHONES
subnet 192.168.88.108 255.255.255.252
object network VPN-RAPH_HILD_VPN
subnet 10.212.134.0 255.255.255.0
object network VPN-FLUENT_HO_SSLVPN
subnet 10.212.135.0 255.255.255.0
object-group network HIXSON_RDP_ALLOWED_INBOUND
network-object host 81.136.253.237
network-object host 81.140.16.38
network-object host 89.197.90.162
network-object host 81.140.5.152
network-object host 92.16.85.105
network-object host 5.102.172.151
object-group network WHITMAR_RDP_ALLOWED_INBOUND
network-object host 81.136.253.237
network-object host 81.140.16.38
network-object host 213.162.123.42
network-object host 213.162.115.143
object-group network RAPHAEL_RDP_ALLOWED_INBOUND
network-object host 81.136.253.237
network-object host 81.140.16.38
network-object host 31.53.104.254
network-object host 88.211.109.18
network-object host 194.168.100.98
network-object host 80.175.9.224
object-group network GARTON_RDP_ALLOWED_INBOUND
network-object host 81.136.253.237
network-object host 81.140.16.38
network-object host 89.197.97.122
network-object host 62.232.62.234
network-object host 109.239.94.66
object-group network BLOCKEDIP_LIST_3CX
network-object host 46.105.102.30
network-object host 85.17.73.241
network-object host 123.123.123.123
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.243 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.243 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.243 eq 23560
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.242 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.242 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.242 eq 23560
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.241 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.241 eq https
access-list OUTSIDE_IN extended permit udp any host 10.10.1.241 range 1 65535
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.244 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.244 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.6 eq 8000
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.6 eq 9000
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.8 eq smtp
access-list OUTSIDE_IN extended permit udp any host 10.10.1.5 eq 3478
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8080
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8081
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8443
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 8880
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 27117
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 6666
access-list OUTSIDE_IN extended permit udp any host 10.10.1.5 eq 7004
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7080
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7443
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7445
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7446
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.5 eq 7447
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq ftp-data
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq ftp
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq ssh
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq smtp
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 26
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq domain
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 eq domain
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq pop3
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq imap4
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 465
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 eq 465
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 783
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 eq 783
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 993
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 995
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2077
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2078
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2079
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2080
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2082
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2083
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2086
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2087
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2089
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2095
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 eq 2096
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.4 range 30000 50000
access-list OUTSIDE_IN extended permit udp any host 10.10.1.4 range 30000 50000
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.10 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.10 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.10 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.10 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.7 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.7 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.7 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.7 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.12 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.12 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.12 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.12 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.5 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.5 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.5 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.5 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.2 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.2 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.2 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.2 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.11 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.11 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.11 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.11 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.15 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.15 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.15 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.15 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.13 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.13 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.13 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.13 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.8 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.8 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.8 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.8 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.4 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.4 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.4 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.4 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.6 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.6 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.6 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.6 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.16 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.16 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.16 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.16 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.14 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.14 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.14 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.14 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.3 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.3 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.3 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.3 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.9 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.9 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.9 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.9 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.17 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.17 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.17 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.17 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.18 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.18 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.18 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.18 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.22 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.22 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.22 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.22 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.23 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.23 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.23 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.23 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.21 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.21 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.21 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.21 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 5222
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 5269
access-list OUTSIDE_IN extended permit udp any host 10.10.2.19 eq 5400
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8080
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8063
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8069
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 8443
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 eq 9443
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 range sip 5061
access-list OUTSIDE_IN extended permit udp any host 10.10.2.19 range sip 5061
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.19 range 1719 h323
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.20 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.20 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.20 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.20 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq www
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq https
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq sip
access-list OUTSIDE_IN extended permit udp any host 10.10.2.24 eq sip
access-list OUTSIDE_IN extended permit tcp any host 10.10.2.24 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.24 eq 5090
access-list OUTSIDE_IN extended permit udp any host 10.10.2.24 range 9000 9500
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.7 eq 4444
access-list OUTSIDE_IN extended permit tcp any host 10.10.1.7 eq smtp
access-list OUTSIDE_IN extended permit tcp object-group HIXSON_RDP_ALLOWED_INBOUND host 192.168.200.254 eq 3389
access-list OUTSIDE_IN extended permit tcp object-group WHITMAR_RDP_ALLOWED_INBOUND host 192.168.52.254 eq 3389
access-list OUTSIDE_IN extended permit tcp object-group RAPHAEL_RDP_ALLOWED_INBOUND host 172.16.10.254 eq 3389
access-list OUTSIDE_IN extended permit tcp object-group GARTON_RDP_ALLOWED_INBOUND host 192.168.120.254 eq 3389
access-list VPN_HIXSON_38SHOP_ACL extended permit ip 192.168.200.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list 3CX_BLOCK_IN extended deny ip object-group BLOCKEDIP_LIST_3CX any
access-list 3CX_BLOCK_IN extended permit ip any any
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.1.0 255.255.255.0 192.168.62.0 255.255.255.0
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.62.0 255.255.255.0
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.1.0 255.255.255.0 10.212.135.0 255.255.255.0
access-list VPN_FLUENT_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 10.212.135.0 255.255.255.0
access-list VPN_HIXSON_HO_ACL extended permit ip 192.168.200.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list VPN_STEVEJ_HOME_ACL extended permit ip 10.10.1.0 255.255.255.0 172.16.9.0 255.255.255.0
access-list VPN_STEVEJ_HOME_ACL extended permit ip 10.10.2.0 255.255.255.0 172.16.9.0 255.255.255.0
access-list VPN_VERBALISATION_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.88.0 255.255.255.0
access-list VPN_RONDANINI_HO_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.10.0 255.255.255.0
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.30.0 255.255.255.0
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.40.0 255.255.255.0
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.50.0 255.255.255.0
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.9.60.0 255.255.255.0
access-list VPN_RAPH_HILD_ACL extended permit ip 172.16.10.0 255.255.255.0 10.212.134.0 255.255.255.0
access-list VPN_WHITMAR_HO_ACL extended permit ip 192.168.52.0 255.255.255.0 192.168.8.0 255.255.255.0
access-list VPN_NEWERA_ACL extended permit ip 10.10.1.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list VPN_GARTON_WEST_ACL extended permit ip 192.168.120.0 255.255.255.0 10.55.1.0 255.255.255.0
access-list VPN_SALONIQ_HO1_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list VPN_SALONIQ_HO2_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list VPN_HMO_ATAC_ACL extended permit ip 10.10.2.0 255.255.255.0 192.168.231.0 255.255.255.0
pager lines 24
logging enable
logging list Fluent level errors
logging asdm Fluent
mtu inside 1500
mtu VLAN_TRUNK 1500
mtu VLAN_HIXSON 1500
mtu VLAN_FLUENT 1500
mtu VLAN_3CX 1500
mtu VLAN_WHITMAR 1500
mtu VLAN_RAPHAEL 1500
mtu VLAN_GARTON 1500
mtu outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
arp permit-nonconnected
nat (outside,outside) source static PUBLICIP_SIMPLEHELP_SERVER PUBLICIP_SIMPLEHELP_SERVER destination static PUBLICIP_SIMPLEHELP_SERVER PUBLICIP_SIMPLEHELP_SERVER no-proxy-arp route-lookup
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_HMO_ATAC PRIVATEIP_3CX_HMO_ATAC destination static VPN-HMO_ATAC_HO1 VPN-HMO_ATAC_HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SALONIQ PRIVATEIP_3CX_SALONIQ destination static VPN-SALONIQ_HO2 VPN-SALONIQ_HO2 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SALONIQ PRIVATEIP_3CX_SALONIQ destination static VPN-SALONIQ_HO1 VPN-SALONIQ_HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_VERBALISATION PRIVATEIP_3CX_VERBALISATION destination static VPN-VERBALISATION-HO1 VPN-VERBALISATION-HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_RONDANINI PRIVATEIP_3CX_RONDANINI destination static VPN-RONDANINI-HO1 VPN-RONDANINI-HO1 no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_SOPHOS_SERVER PRIVATEIP_SOPHOS_SERVER destination static VPN-NEWERA_HO1 VPN-NEWERA_HO1 no-proxy-arp
nat (VLAN_3CX,outside) source static VPN-FLUENT-DC2 VPN-FLUENT-DC2 destination static VPN-FLUENT_HO_SSLVPN VPN-FLUENT_HO_SSLVPN
nat (VLAN_FLUENT,outside) source static VPN-FLUENT-DC1 VPN-FLUENT-DC1 destination static VPN-FLUENT_HO_SSLVPN VPN-FLUENT_HO_SSLVPN
nat (VLAN_GARTON,outside) source static VPN-GARTON-DC1 VPN-GARTON-DC1 destination static VPN-GARTON_HO1 VPN-GARTON_HO1
nat (VLAN_WHITMAR,outside) source static VPN-WHITMAR-DC1 VPN-WHITMAR-DC1 destination static VPN-WHITMAR_HO1 VPN-WHITMAR_HO1
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_VPN VPN-RAPH_HILD_VPN
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_PHONES VPN-RAPH_HILD_PHONES
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_WIFI VPN-RAPH_HILD_WIFI
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_PRINTERS VPN-RAPH_HILD_PRINTERS
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_PC VPN-RAPH_HILD_PC
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_SWITCH VPN-RAPH_HILD_SWITCH
nat (VLAN_RAPHAEL,outside) source static VPN-RAPH-DC1 VPN-RAPH-DC1 destination static VPN-RAPH_HILD_CLOCK VPN-RAPH_HILD_CLOCK
nat (VLAN_FLUENT,outside) source static VPN-FLUENT-DC1 VPN-FLUENT-DC1 destination static VPN-STEVEJ-HOME1 VPN-STEVEJ-HOME1
nat (VLAN_3CX,outside) source static VPN-FLUENT-DC2 VPN-FLUENT-DC2 destination static VPN-STEVEJ-HOME1 VPN-STEVEJ-HOME1
nat (VLAN_HIXSON,outside) source static VPN-HIXSON-DC1 VPN-HIXSON-DC1 destination static VPN-HIXSON-HO1 VPN-HIXSON-HO1
nat (VLAN_HIXSON,outside) source static VPN-HIXSON-DC1 VPN-HIXSON-DC1 destination static VPN-HIXSON-38SHOP1 VPN-HIXSON-38SHOP1
nat (VLAN_FLUENT,outside) source static VPN-FLUENT-DC1 VPN-FLUENT-DC1 destination static VPN-FLUENT-HO VPN-FLUENT-HO
nat (VLAN_3CX,outside) source static VPN-FLUENT-DC2 VPN-FLUENT-DC2 destination static VPN-FLUENT-HO VPN-FLUENT-HO
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_VERBALISATION PUBLICIP_3CX_VERBALISATION no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_CTTRAVEL PUBLICIP_3CX_CTTRAVEL no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_RONDANINI PUBLICIP_3CX_RONDANINI no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_AZTEC PUBLICIP_3CX_AZTEC no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_BRIGHTSPARK PUBLICIP_3CX_BRIGHTSPARK no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_CROWBOROUGH_CABS PUBLICIP_3CX_CROWBOROUGH_CABS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_FALCON PUBLICIP_3CX_FALCON no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_FLUENT PUBLICIP_3CX_FLUENT no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_OLISSON PUBLICIP_3CX_OLISSON no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_GAP360 PUBLICIP_3CX_GAP360 no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_JENNERS PUBLICIP_3CX_JENNERS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_LCAF PUBLICIP_3CX_LCAF no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_MCKENZIE PUBLICIP_3CX_MCKENZIE no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_MUNRO PUBLICIP_3CX_MUNRO no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_NCEQUINE PUBLICIP_3CX_NCEQUINE no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_PHOCAS PUBLICIP_3CX_PHOCAS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SALONIQ PUBLICIP_3CX_SALONIQ no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_STORAGE_CONTROL_SYSTEMS PUBLICIP_3CX_STORAGE_CONTROL_SYSTEMS no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_SWAN PUBLICIP_3CX_SWAN no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_WELLS_SPA_PLUMBING PUBLICIP_3CX_WELLS_SPA_PLUMBING no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_3CX_HMO_ATAC PUBLICIP_3CX_HMO_ATAC no-proxy-arp
nat (VLAN_3CX,outside) source static PRIVATEIP_AVAYA_TECH21 PUBLICIP_AVAYA_TECH21 no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_BACKUP_SERVER PUBLICIP_BACKUP_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_HELPDESK_SERVER PUBLICIP_HELPDESK_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_PRTG_IT_SERVER PUBLICIP_PRTG_IT_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_PRTG_TELCO_SERVER PUBLICIP_PRTG_TELCO_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_SIMPLEHELP_SERVER PUBLICIP_SIMPLEHELP_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_SOPHOS_SERVER PUBLICIP_SOPHOS_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_UNIFI_SERVER PUBLICIP_UNIFI_SERVER no-proxy-arp
nat (VLAN_FLUENT,outside) source static PRIVATEIP_CPANEL_SERVER PUBLICIP_CPANEL_SERVER no-proxy-arp
nat (VLAN_RAPHAEL,outside) source static PRIVATEIP_RAPHAELMC_SERVER PUBLICIP_RAPHAELMC_SERVER no-proxy-arp
nat (VLAN_HIXSON,outside) source static PRIVATEIP_HIXSON_SERVER PUBLICIP_HIXSON_SERVER no-proxy-arp
nat (VLAN_WHITMAR,outside) source static PRIVATEIP_WHITMAR_SERVER PUBLICIP_WHITMAR_SERVER no-proxy-arp
nat (VLAN_GARTON,outside) source static PRIVATEIP_GARTON_SERVER PUBLICIP_GARTON_SERVER no-proxy-arp
nat (VLAN_RAPHAEL,outside) source static PRIVATEIP_RAPHAELMC_REVOLVE_SERVER PUBLICIP_RAPHAELMC_SERVER no-proxy-arp
!
object network PORTFORWARD_PRTG_IT
nat (VLAN_FLUENT,outside) static 5.102.168.151
object network PORTFORWARD_PRTG_TELCO
nat (VLAN_FLUENT,outside) static 109.74.247.148
object network PORTFORWARD_SIMPLEHELP
nat (VLAN_FLUENT,outside) static 5.102.168.150
object network PORTFORWARD_HELPDESK
nat (VLAN_FLUENT,outside) static 5.102.168.154
object network PORTFORWARD_BACKUP
nat (VLAN_FLUENT,outside) static 176.12.106.87
object network PORTFORWARD_SOPHOS
nat (VLAN_FLUENT,outside) static 109.74.242.212
object network PORTFORWARD_UNIFI_WIFI
nat (VLAN_FLUENT,outside) static 5.102.168.155
object network PORTFORWARD_CPANEL
nat (VLAN_FLUENT,outside) static 5.102.168.152
object network PORTFORWARD_3CX_JENNERS
nat (VLAN_3CX,outside) static 109.74.242.217 net-to-net
object network PORTFORWARD_3CX_FLUENT
nat (VLAN_3CX,outside) static 109.74.242.214 net-to-net
object network PORTFORWARD_3CX_LCAF
nat (VLAN_3CX,outside) static 109.74.242.218 net-to-net
object network PORTFORWARD_3CX_MUNRO
nat (VLAN_3CX,outside) static 109.74.242.216 net-to-net
object network PORTFORWARD_3CX_MCKENZIE
nat (VLAN_3CX,outside) static 109.74.242.219 net-to-net
object network PORTFORWARD_3CX_GAP360
nat (VLAN_3CX,outside) static 109.74.242.220 net-to-net
object network PORTFORWARD_3CX_SALONIQ
nat (VLAN_3CX,outside) static 109.74.242.215 net-to-net
object network PORTFORWARD_3CX_PHOCAS
nat (VLAN_3CX,outside) static 5.102.168.149 net-to-net
object network PORTFORWARD_3CX_OLISSON
nat (VLAN_3CX,outside) static 176.12.106.84 net-to-net
object network PORTFORWARD_3CX_BRIGHTSPARK
nat (VLAN_3CX,outside) static 176.12.106.85 net-to-net
object network PORTFORWARD_3CX_FALCON
nat (VLAN_3CX,outside) static 176.12.106.86 net-to-net
object network PORTFORWARD_3CX_STORAGE_CONTROL_SYSTEMS
nat (VLAN_3CX,outside) static 176.12.106.88 net-to-net
object network PORTFORWARD_3CX_WELLS_SPA_PLUMBING
nat (VLAN_3CX,outside) static 176.12.106.89 net-to-net
object network PORTFORWARD_3CX_AZTEC
nat (VLAN_3CX,outside) static 109.74.242.213 net-to-net
object network PORTFORWARD_3CX_HMO_ATAC
nat (VLAN_3CX,outside) static 176.12.106.91 net-to-net
object network PORTFORWARD_3CX_NCEQUINE
nat (VLAN_3CX,outside) static 109.74.242.222 net-to-net
object network PORTFORWARD_3CX_CROWBOROUGH_CABS
nat (VLAN_3CX,outside) static 176.12.106.92 net-to-net
object network PORTFORWARD_3CX_RONDANINI
nat (inside,outside) static 109.74.242.221 net-to-net
object network PORTFORWARD_3CX_VERBALISATION
nat (inside,outside) static 5.102.168.156 net-to-net
object network PORTFORWARD_3CX_CTTRAVEL
nat (inside,outside) static 176.12.106.90 net-to-net
object network PORTFORWARD_AVAYA_TECH21
nat (VLAN_3CX,outside) static 176.12.106.93 net-to-net
object network PORTFORWARD_HIXSON_RDP
nat (VLAN_HIXSON,outside) static 5.102.168.157
object network PORTFORWARD_WHITMAR_RDP
nat (VLAN_WHITMAR,outside) static 5.102.168.158
object network PORTFORWARD_RAPHAEL_RDP
nat (VLAN_RAPHAEL,outside) static 5.102.168.153
object network PORTFORWARD_GARTON_RDP
nat (VLAN_GARTON,outside) static 109.74.247.149
object network PORTFORWARD_3CX_SWAN
nat (VLAN_3CX,outside) static 176.12.106.94 net-to-net
object network PORTFORWARD_3CX_ABILITY
nat (VLAN_3CX,outside) static 109.74.247.150 net-to-net
access-group OUTSIDE_IN in interface outside
route outside 0.0.0.0 0.0.0.0 5.102.168.145 1
route outside 0.0.0.0 0.0.0.0 109.74.242.209 2
route outside 0.0.0.0 0.0.0.0 176.12.106.81 3
route outside 0.0.0.0 0.0.0.0 109.74.247.145 4
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 VLAN_FLUENT
http 0.0.0.0 0.0.0.0 management
http 81.136.253.237 255.255.255.255 outside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set FirstSet esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set FirstSet_NewEra esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set FirstSet_Fluent_Ho esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal AES256-SHA1
protocol esp encryption aes-256
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association lifetime kilobytes unlimited
crypto ipsec security-association pmtu-aging infinite
crypto map VPN_FLUENT_HO_MAP 1 match address VPN_FLUENT_HO_ACL
crypto map VPN_FLUENT_HO_MAP 1 set pfs
crypto map VPN_FLUENT_HO_MAP 1 set peer 81.136.253.237
crypto map VPN_FLUENT_HO_MAP 1 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 1 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 2 match address VPN_HIXSON_38SHOP_ACL
crypto map VPN_FLUENT_HO_MAP 2 set pfs
crypto map VPN_FLUENT_HO_MAP 2 set peer 81.140.5.152
crypto map VPN_FLUENT_HO_MAP 2 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 2 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 3 match address VPN_HIXSON_HO_ACL
crypto map VPN_FLUENT_HO_MAP 3 set pfs
crypto map VPN_FLUENT_HO_MAP 3 set peer 89.197.90.162
crypto map VPN_FLUENT_HO_MAP 3 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 3 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map VPN_FLUENT_HO_MAP 3 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 4 match address VPN_STEVEJ_HOME_ACL
crypto map VPN_FLUENT_HO_MAP 4 set pfs
crypto map VPN_FLUENT_HO_MAP 4 set peer 81.140.16.38
crypto map VPN_FLUENT_HO_MAP 4 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 4 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 5 match address VPN_RONDANINI_HO_ACL
crypto map VPN_FLUENT_HO_MAP 5 set pfs
crypto map VPN_FLUENT_HO_MAP 5 set peer 62.253.180.58
crypto map VPN_FLUENT_HO_MAP 5 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 5 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 6 match address VPN_VERBALISATION_HO_ACL
crypto map VPN_FLUENT_HO_MAP 6 set pfs
crypto map VPN_FLUENT_HO_MAP 6 set peer 195.99.223.228
crypto map VPN_FLUENT_HO_MAP 6 set ikev1 transform-set ESP-AES-256-SHA
crypto map VPN_FLUENT_HO_MAP 6 set ikev2 pre-shared-key *****
crypto map VPN_FLUENT_HO_MAP 6 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 7 match address VPN_RAPH_HILD_ACL
crypto map VPN_FLUENT_HO_MAP 7 set pfs
crypto map VPN_FLUENT_HO_MAP 7 set peer 88.211.109.18
crypto map VPN_FLUENT_HO_MAP 7 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 7 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 8 match address VPN_WHITMAR_HO_ACL
crypto map VPN_FLUENT_HO_MAP 8 set pfs
crypto map VPN_FLUENT_HO_MAP 8 set peer 213.162.123.42
crypto map VPN_FLUENT_HO_MAP 8 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 8 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 9 match address VPN_NEWERA_ACL
crypto map VPN_FLUENT_HO_MAP 9 set pfs
crypto map VPN_FLUENT_HO_MAP 9 set peer 81.133.108.186
crypto map VPN_FLUENT_HO_MAP 9 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 9 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 10 match address VPN_GARTON_WEST_ACL
crypto map VPN_FLUENT_HO_MAP 10 set pfs
crypto map VPN_FLUENT_HO_MAP 10 set peer 109.239.94.66
crypto map VPN_FLUENT_HO_MAP 10 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 10 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 11 match address VPN_SALONIQ_HO1_ACL
crypto map VPN_FLUENT_HO_MAP 11 set pfs
crypto map VPN_FLUENT_HO_MAP 11 set peer 81.140.109.212
crypto map VPN_FLUENT_HO_MAP 11 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 11 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 12 match address VPN_SALONIQ_HO2_ACL
crypto map VPN_FLUENT_HO_MAP 12 set pfs
crypto map VPN_FLUENT_HO_MAP 12 set peer 81.140.109.213
crypto map VPN_FLUENT_HO_MAP 12 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 12 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP 13 match address VPN_HMO_ATAC_ACL
crypto map VPN_FLUENT_HO_MAP 13 set pfs
crypto map VPN_FLUENT_HO_MAP 13 set peer 46.33.136.84
crypto map VPN_FLUENT_HO_MAP 13 set ikev1 transform-set ESP-3DES-SHA
crypto map VPN_FLUENT_HO_MAP 13 set security-association lifetime kilobytes unlimited
crypto map VPN_FLUENT_HO_MAP interface outside
crypto map VPN_HIXSON_38SHOP_MAP 1 set pfs
crypto map VPN_HIXSON_38SHOP_MAP 1 set peer 81.140.5.152
crypto map VPN_HIXSON_38SHOP_MAP 1 set ikev1 transform-set FirstSet
crypto map VPN_NEW_ERA_MAP 1 set pfs
crypto map VPN_NEW_ERA_MAP 1 set peer 81.133.108.186
crypto map VPN_NEW_ERA_MAP 1 set ikev1 transform-set FirstSet_NewEra
crypto map VPN_NEW_ERA_MAP 2 set pfs
crypto map VPN_NEW_ERA_MAP 2 set peer 81.133.108.186
crypto ca trustpool policy
no crypto isakmp nat-traversal
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 2
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 VLAN_FLUENT
ssh 81.136.253.237 255.255.255.255 outside
ssh 109.74.240.30 255.255.255.255 outside
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
group-policy DfltGrpPolicy attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_81.140.16.38 internal
group-policy GroupPolicy_81.140.16.38 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_195.99.223.228 internal
group-policy GroupPolicy_195.99.223.228 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_62.253.180.58 internal
group-policy GroupPolicy_62.253.180.58 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_88.211.109.18 internal
group-policy GroupPolicy_88.211.109.18 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_81.133.108.186 internal
group-policy GroupPolicy_81.133.108.186 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_109.239.94.66 internal
group-policy GroupPolicy_109.239.94.66 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_46.33.136.84 internal
group-policy GroupPolicy_46.33.136.84 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_81.140.109.213 internal
group-policy GroupPolicy_81.140.109.213 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_81.140.5.152 internal
group-policy GroupPolicy_81.140.5.152 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_89.197.90.162 internal
group-policy GroupPolicy_89.197.90.162 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_213.162.123.42 internal
group-policy GroupPolicy_213.162.123.42 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_81.140.109.212 internal
group-policy GroupPolicy_81.140.109.212 attributes
vpn-tunnel-protocol ikev1
dynamic-access-policy-record DfltAccessPolicy
tunnel-group 81.136.253.237 type ipsec-l2l
tunnel-group 81.136.253.237 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 81.140.5.152 type ipsec-l2l
tunnel-group 81.140.5.152 general-attributes
default-group-policy GroupPolicy_81.140.5.152
tunnel-group 81.140.5.152 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 89.197.90.162 type ipsec-l2l
tunnel-group 89.197.90.162 general-attributes
default-group-policy GroupPolicy_89.197.90.162
tunnel-group 89.197.90.162 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 81.140.16.38 type ipsec-l2l
tunnel-group 81.140.16.38 general-attributes
default-group-policy GroupPolicy_81.140.16.38
tunnel-group 81.140.16.38 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 195.99.223.228 type ipsec-l2l
tunnel-group 195.99.223.228 general-attributes
default-group-policy GroupPolicy_195.99.223.228
tunnel-group 195.99.223.228 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 62.253.180.58 type ipsec-l2l
tunnel-group 62.253.180.58 general-attributes
default-group-policy GroupPolicy_62.253.180.58
tunnel-group 62.253.180.58 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 88.211.109.18 type ipsec-l2l
tunnel-group 88.211.109.18 general-attributes
default-group-policy GroupPolicy_88.211.109.18
tunnel-group 88.211.109.18 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 213.162.123.42 type ipsec-l2l
tunnel-group 213.162.123.42 general-attributes
default-group-policy GroupPolicy_213.162.123.42
tunnel-group 213.162.123.42 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 81.133.108.186 type ipsec-l2l
tunnel-group 81.133.108.186 general-attributes
default-group-policy GroupPolicy_81.133.108.186
tunnel-group 81.133.108.186 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 109.239.94.66 type ipsec-l2l
tunnel-group 109.239.94.66 general-attributes
default-group-policy GroupPolicy_109.239.94.66
tunnel-group 109.239.94.66 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 81.140.109.212 type ipsec-l2l
tunnel-group 81.140.109.212 general-attributes
default-group-policy GroupPolicy_81.140.109.212
tunnel-group 81.140.109.212 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 81.140.109.213 type ipsec-l2l
tunnel-group 81.140.109.213 general-attributes
default-group-policy GroupPolicy_81.140.109.213
tunnel-group 81.140.109.213 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 46.33.136.84 type ipsec-l2l
tunnel-group 46.33.136.84 general-attributes
default-group-policy GroupPolicy_46.33.136.84
tunnel-group 46.33.136.84 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:9d15b0f9e2710d5e5a25e4d91bfcc436
: end
no asdm history enable
... View more
06-15-2018
12:48 PM
I have an ASA 5512 running 9.4(4).18 here's my issue.
Server A on lan range 10.10.1.0/24.
Server B on lan range 10.10.1.0/24.
From the outside world i can access mydnsname.com and reach services on server B fine. Server B has internet access. Server B can talk to server A and server A can talk to server B.
From server A if i browse to mydnsnme.com it fails. They're both windows server 2012 R2. I've done netstat and can see i get a SYN_SENT from Server A, Server B shows SYN_RECEIVED from the public IP of server A so i know traffic is getting there.
However i can't see any return traffic happening from server B to server A and i'm not sure why. Any hints where to look? Packet tracer shows it should work fine.
... View more
Labels:
06-09-2018
09:32 AM
Hi All,
I have the following device:
Cisco Adaptive Security Appliance Software Version 9.4(4)18 Device Manager Version 7.9(2)
Compiled on Thu 29-Mar-18 22:10 PDT by builders System image file is "disk0:/asa944-18-smp-k8.bin" Config file at boot was "startup-config"
Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores) ASA: 2048 MB RAM, 1 CPU (1 core) Internal ATA Compact Flash, 4096MB
Short and Simple, i am NOT a cisco guy. I'm a level 3 IT technician and i work with Dell Sonicwall's and Fortinet Firewall's. However due to IP limitations we've migrating to Cisco so we can have 32+ Public IP's used on the firewall. Now, I have the device on and in our datacenter and googling the hell out of everything i'm trying to put a config together so i can go down and essentially migrate config from the current Fortigate to the Cisco ASA.
I've been to the datacenter 5 times and cannot get it right by guessing the command line. I f someone could go over my config please and see what i'm doing wrong? We basically have a bunch of virtual servers running on multiple VLAN's so what I'm trying to accomplish is the following:
Private IP A out to internet showing Public Address A.
Private IP B out to internet showing Public Address B.
Private IP C out to internet showing Public Address C.
etc...
Also
Public IP A Port 80 forwarded to PrivateIP A port 80.
Public IP B Port 80 forwarded to PrivateIP B port 80.
Public IP C Port 80 forwarded to PrivateIP C port 80.
etc..
If i can get those parts done, it's only VPN's to do which I'm sure i'll figure out in ASDM wizard, but i cannot leave the Cisco in live until all our services are working via it, and they are down while I test it out. This is the latest script i'm going to test. I think this is right, but could do with a yes or no you need to change to this.
======================== OBJECT CREATION BEGIN ===============================
object network PUBLICIP_CPANEL_SERVER
host X.X.X.X
exit
object network PRIVATEIP_CPANEL_SERVER
host X.X.X.X
exit
======================== PORT FORWARDING BEGIN ==========================
object network PORTFORWARD_CPANEL_TCP20
host X.X.X.X
nat (inside,OUTSIDE) static PUBLICIP_CPANEL_SERVER service tcp 20 20
exit
access-list CPANEL_TCP20 permit tcp any host X.X.X.X eq 20
======================== RANGE FORWARDING BEGIN ============================
object network PORTFORWARD_CPANEL_RANGE_IN
host X.X.X.X
nat (inside,outside) static PUBLICIP_CPANEL_SERVER
exit
access-list CPANEL_IN_RANGE_TCP permit tcp any host X.X.X.X range 30000 50000
access-list CPANEL_IN_RANGE_UDP permit udp any host X.X.X.X range 30000 50000
======================== OUTBOUND IP BEGIN ===============================
object network PUBLICIP_OUT_CPANEL_SERVER
nat (inside,outside) source dynamic PRIVATEIP_CPANEL_SERVER PUBLICIP_CPANEL_SERVER
exit
Thanks in Advance!
... View more
Labels:
10-09-2015
05:26 AM
Couldn't telnet on TCP I altered access-list 100 permit udp any any range 30000 30030 to access-list 100 permit udp any any access-list 100 permit tcp any any It done the trick.
... View more
10-09-2015
03:25 AM
Ok Thank you Karsten, i've marked you as correct. If i could get you a few beers i would! Thank You Again
... View more
10-09-2015
02:41 AM
Hi Karsten, You were exactly spot on! After adding that line into 102, i can now ping from UK to Abroad. Do i need to add another line for: 2 deny ip <REMOTE LAN> 0.0.0.255 <LOCAL LAN> 0.0.0.255 To allow communication both ways or is that enough to work now? The list currently shows: access-list 102 deny ip <LOCAL LAN> 0.0.0.255 <REMOTE LAN> 0.0.0.255 access-list 102 permit ip <LOCAL LAN> 0.0.0.255 any
... View more
10-09-2015
02:20 AM
Hi Karsten, Thanks for the pointer. 1) I have removed the permit as stated. 2) I wasn't aware of that, so thank you, makes perfect sense, i shall try and access a PC there. 3) Please could you look at the below and advise? By the looks of it im assuming its not excluded: ! ip nat pool PORTFWD <LAN MACHINE> <LAN MACHINE> netmask 255.255.255.0 type rotary ip nat inside source list 102 interface FastEthernet4 overload ip nat inside source static tcp <LAN MACHINE> 25 <WAN IP> 25 extendable ip nat inside source static tcp <LAN MACHINE> 110 <WAN IP> 110 extendable ip nat inside source static tcp <LAN MACHINE> 3000 <WAN IP> 3000 extendable ip nat inside source static udp <LAN MACHINE> 30000 <WAN IP> 30000 extendable ip nat inside source static udp <LAN MACHINE> 30030 <WAN IP> 30030 extendable ip nat inside source static tcp <LAN MACHINE> 5003 <WAN IP> 5003 extendable ip nat inside source static udp <LAN MACHINE> 5003 <WAN IP> 5003 extendable ip nat inside source static tcp <LAN MACHINE> 5090 <WAN IP> 5090 extendable ip nat inside source static udp <LAN MACHINE> 5090 <WAN IP> 5090 extendable ip nat inside source static tcp <LAN MACHINE> 6001 <WAN IP> 6001 extendable ip nat inside source static tcp <LAN MACHINE> 6100 <WAN IP> 6100 extendable ip nat inside source static udp <LAN MACHINE> 6100 <WAN IP> 6100 extendable ip nat inside destination list 100 pool PORTFWD ip route 0.0.0.0 0.0.0.0 <GATEWAY IP > ip route <REMOTE LAN> 255.255.255.0 <REMOTE WAN> ! access-list 102 permit ip <LOCAL LAN> 0.0.0.255 any I'm assuming i need to 1) Remove ip route <REMOTE LAN> 255.255.255.0 <REMOTE WAN> 2) Adjust source-list 102 with a deny of some sort? Thanks again
... View more
10-09-2015
01:20 AM
Hi All, I'm not cisco trained nor ever worked with cisco, im a complete newbie when it comes to Cisco platforms. We are a IT Support MSP and we've recently taken on a customer who has an office abroad using a Cisco 881 device with a Draytek router in the UK. Site to site connectivity is required. I've looked around and watched some youtube videos on how to setup the VPN and believe i have this in place using the below config on the cisco: crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 28800 crypto isakmp key ******** address ******* ! crypto ipsec transform-set sha3des esp-3des esp-sha-hmac ! crypto map VPN 1 ipsec-isakmp set peer ********** set transform-set sha3des set pfs group2 match address UK ! interface FastEthernet4 ip address <WAN IP> <WAN SUBNET> ip access-group netbios in ip access-group netbios out no ip proxy-arp ip nat outside ip virtual-reassembly in no ip route-cache cef no ip route-cache duplex auto speed auto no cdp enable crypto map VPN ! interface Vlan1 ip address <WAN IP 2> <WAN SUBNET> secondary ip address <LAN IP> 255.255.255.0 ip access-group netbios in ip access-group netbios out no ip proxy-arp ip nat inside ip virtual-reassembly in no ip route-cache cef no ip route-cache ! ip access-list extended UK permit ip <LOCAL LAN> 0.0.0.255 <REMOTE LAN> 0.0.0.255 permit ip <REMOTE LAN> 0.0.0.255 <LOCAL LAN> 0.0.0.255 The VPN shows it up and active but there is no traffic flow between the two and i have no idea why... Crypto session current status Interface: FastEthernet4 Session status: UP-ACTIVE Peer: <REMOTE WAN> port 500 IKEv1 SA: local <LOCAL WAN>/500 remote <REMOTE WAN>/500 Active IPSEC FLOW: permit ip <REMOTE LAN>/255.255.255.0 <LOCAL LAN>/255.255.255.0 Active SAs: 0, origin: crypto map IPSEC FLOW: permit ip <LOCAL LAN>/255.255.255.0 <REMOTE LAN>/255.255.255.0 Active SAs: 2, origin: crypto map So it all looks fine, however if i try and ping the remote sites router over the remote LAN ip i get the following: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to <REMOTE IP>, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) I also cannot ping from remote site into the Cisco lan. I believe this is down to the cisco end, the Draytek is a basic router and no routing is able to be configured. It does it automatically. So the VPN is up, no traffic flow.. Please can someone point me in the right directoin? Thank You
... View more
Labels:
08-15-2019
Hi Paul, Thanks for the reply im half way there, however hit a snag with
these commands: ip nat dest...
08-14-2019
Hi Again Karsten! You’ve helped me before on an ASA. Thanks for the
suggestion but I can’t use it as...
08-14-2019
Hi, I’ve been looking around and can’t find a suitable solution or one I
can understand and get the ...
06-15-2018
I'm actually finding it's happening across the board to be fair. Server
A can't access any other ser...
06-15-2018
Its a pretty big config but here : Saved : : Hardware: ASA5512, 4096 MB
RAM, CPU Clarkdale 2793 MHz,...
06-15-2018
I have an ASA 5512 running 9.4(4).18 here's my issue. Server A on lan
range 10.10.1.0/24. Server B o...
06-09-2018
Hi All, I have the following device: Cisco Adaptive Security Appliance
Software Version 9.4(4)18Devi...
10-09-2015
Couldn't telnet on TCP I altered access-list 100 permit udp any any
range 30000 30030 to access-list...
10-09-2015
Ok Thank you Karsten, i've marked you as correct. If i could get you a
few beers i would! Thank You ...
10-09-2015
Hi Karsten,You were exactly spot on! After adding that line into 102, i
can now ping from UK to Abro...
10-09-2015
Hi Karsten, Thanks for the pointer. 1) I have removed the permit as
stated.2) I wasn't aware of that...
Public Statistics
| Date Registered | 10-09-2015 01:06 AM |
| Date Last Visited | 08-21-2019 12:28 AM |
| Total Messages Posted | 14 |
.jpg "VIP Mentor"){kind=icon}
