Hi Team,

             WE tried to establish the vpn between ASA and fortrinet firewall but not possible and as per fortrinet team confirmation that ASA not received any vpn infromation from Fortinat & fortinet side configuration is fine. Pl find the ASA configuration for your reference and do the needful.Details as below:

Local LAN: 10.247.19.0

Remote LAN:10.246.19.160

Remote location Public IP: 182.71.125.195

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.02.14 12:02:11 =~=~=~=~=~=~=~=~=~=~=~=

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

citpldr up 54 days 17 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0 : address is 0024.1413.7dfc, irq 9
1: Ext: Ethernet0/1 : address is 0024.1413.7dfd, irq 9
2: Ext: Ethernet0/2 : address is 0024.1413.7dfe, irq 9
3: Ext: Ethernet0/3 : address is 0024.1413.7dff, irq 9
4: Ext: Management0/0 : address is 0024.1413.7dfb, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
<--- More --->
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 25
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Enabled
UC Proxy Sessions : 2

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1309L1DZ
Running Activation Key: 0x4517f262 0x8030a01a 0xac93098c 0xbbe4786c 0xc73d05ba
Configuration register is 0x1
Configuration last modified by enable_15 at 18:22:29.483 IST Tue Feb 12 2019

<--- More ---> ------------------ show clock ------------------

12:03:22.793 IST Thu Feb 14 2019

------------------ show crashinfo ------------------

No crash file found.

------------------ show module ------------------

Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1309L1DZ
1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF1306AKAK

Mod MAC Address Range Hw Version Fw Version Sw Version
--- --------------------------------- ------------ ------------ ---------------
0 0024.1413.7dfb to 0024.1413.7dff 2.0 1.0(11)5 8.0(4)
1 0021.a0af.ec6c to 0021.a0af.ec6c 1.0 1.0(11)5

Mod SSM Application Name Status SSM Application Version
--- ------------------------------ ---------------- --------------------------
<--- More --->
Mod Status Data Plane Status Compatibility
--- ------------------ --------------------- -------------
0 Up Sys Not Applicable
1 Unresponsive Not Applicable

------------------ show memory ------------------

Free memory: 109108008 bytes (41%)
Used memory: 154444888 bytes (59%)
------------- ----------------
Total memory: 263552896 bytes (100%)

------------------ show memory dma ------------------

DMA memory:
Unused memory: 94904 bytes ( 0%)
Crypto reserved memory: 8216700 bytes (16%)
Crypto free: 7036932 bytes (14%)
Crypto used: 1179768 bytes ( 2%)
Block reserved memory: 42659488 bytes (83%)
Block free: 38808224 bytes (76%)
Block used: 3851264 bytes ( 8%)
<--- More ---> Used memory: 253484 bytes ( 0%)
----------------------------- ----------------
Total memory: 51224576 bytes (100%)

------------------ show conn count ------------------

36 in use, 107 most used

------------------ show xlate count ------------------

32 in use, 176 most used

------------------ show blocks ------------------

SIZE MAX LOW CNT
0 400 337 400
4 200 199 199
80 652 583 652
256 2900 2895 2900
1550 9703 8302 8410
2048 3112 2818 2857
2560 716 715 716
4096 100 100 100
<--- More ---> 8192 100 100 100
16384 102 101 102
65536 16 16 16

------------------ show blocks queue history detail ------------------

History buffer memory usage: 2136 bytes (default)

------------------ show interface ------------------

Interface Ethernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address 0024.1413.7dfc, MTU 1500
IP address 180.179.33.238, subnet mask 255.255.255.252
80863241 packets input, 74884098162 bytes, 0 no buffer
Received 2 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
59558875 packets output, 11512397759 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/32) software (0/0)
<--- More ---> output queue (curr/max packets): hardware (0/71) software (0/0)
Traffic Statistics for "outside":
80863234 packets input, 73365174315 bytes
59558875 packets output, 10309442179 bytes
751030 packets dropped
1 minute input rate 6 pkts/sec, 789 bytes/sec
1 minute output rate 6 pkts/sec, 1377 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 8 pkts/sec, 1006 bytes/sec
5 minute output rate 11 pkts/sec, 1975 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 2
Interface config status is active
Interface state is active
Interface Ethernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
MAC address 0024.1413.7dfd, MTU 1500
IP address 10.247.17.1, subnet mask 255.255.255.240
56219124 packets input, 10713110497 bytes, 0 no buffer
Received 33 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
<--- More ---> 77137029 packets output, 74021726976 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/28) software (0/0)
output queue (curr/max packets): hardware (0/122) software (0/0)
Traffic Statistics for "inside":
56219126 packets input, 9569438516 bytes
77137029 packets output, 72576608367 bytes
7881 packets dropped
1 minute input rate 2 pkts/sec, 517 bytes/sec
1 minute output rate 2 pkts/sec, 343 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 650 bytes/sec
5 minute output rate 2 pkts/sec, 534 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 3
Interface config status is active
Interface state is active
Interface Ethernet0/2 "", is administratively down, line protocol is down
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Available but not configured via nameif
<--- More ---> MAC address 0024.1413.7dfe, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/0) software (0/0)
Control Point Interface States:
Interface number is 4
Interface config status is not active
Interface state is not active
Interface Ethernet0/3 "", is administratively down, line protocol is down
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 0024.1413.7dff, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
<--- More ---> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/0) software (0/0)
Control Point Interface States:
Interface number is 5
Interface config status is not active
Interface state is not active
Interface Internal-Control0/0 "cplane", is up, line protocol is down
Hardware is i82557, BW 100 Mbps, DLY 100 usec

MAC address 0000.0001.0001, MTU 1500
IP address 127.0.1.1, subnet mask 255.255.0.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
2437156 packets output, 156011648 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
<--- More ---> 2437156 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/2) software (0/1)
Traffic Statistics for "cplane":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 8
Interface config status is active
Interface state is active
Interface Internal-Data0/0 "", is down, line protocol is down
Hardware is i82547GI rev00, BW 1000 Mbps, DLY 10 usec

MAC address 0000.0001.0002, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
<--- More ---> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/0) software (0/0)
Control Point Interface States:
Interface number is 7
Interface config status is active
Interface state is active
Interface Management0/0 "management", is down, line protocol is down
Hardware is i82557, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
MAC address 0024.1413.7dfb, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
<--- More ---> 0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/0) software (0/0)
Traffic Statistics for "management":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets
0 IPv4 packets originated from management network
0 IPv4 packets destined to management network
0 IPv6 packets originated from management network
0 IPv6 packets destined to management network
Control Point Interface States:
Interface number is 6
Interface config status is active
Interface state is not active
Interface Virtual254 "", is up, line protocol is up
Hardware is VirtualAvailable but not configured via nameif
<--- More ---> MAC address 0000.0000.0000, MTU not set
IP address unassigned
Control Point Interface States:
Interface number is 9
Interface config status is active
Interface state is active

------------------ show cpu usage ------------------

CPU utilization for 5 seconds = 8%; 1 minute: 1%; 5 minutes: 1%

------------------ show cpu hogging process ------------------

Process: ci/console, PROC_PC_TOTAL: 2, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 10:07:07 IST Jan 1 2003
PC: 805faa5 (suspend)

Process: ci/console, NUMHOG: 2, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 10:07:07 IST Jan 1 2003
PC: 805faa5 (suspend)
Traceback: 805faa5 811b4cb 9119bb4 911bf7d 911bd1f 911baf0 910ae62
90faa54 911ad8a 911ac01 9109c86 90fa804 811614e 8928cc2

<--- More ---> Process: ci/console, PROC_PC_TOTAL: 2, MAXHOG: 6, LASTHOG: 3
LASTHOG At: 04:16:42 IST Jan 4 2003
PC: 8186d8b (suspend)

Process: ci/console, NUMHOG: 2, MAXHOG: 6, LASTHOG: 3
LASTHOG At: 04:16:42 IST Jan 4 2003
PC: 8186d8b (suspend)
Traceback: 87b7b75 917111d 80bce35 80b1ddb 80b2971 805e983

Process: tmatch compile thread, PROC_PC_TOTAL: 2, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 13:12:07 IST Dec 28 2018
PC: 81667e6 (suspend)

Process: tmatch compile thread, NUMHOG: 2, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 13:12:07 IST Dec 28 2018
PC: 81667e6 (suspend)
Traceback: 81667e6 8166eb9 8169c59 805e983

Process: Unicorn Admin Handler, PROC_PC_TOTAL: 1, MAXHOG: 21, LASTHOG: 21
LASTHOG At: 14:33:15 IST Jan 4 2019
PC: 8e30117 (suspend)

Process: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 21, LASTHOG: 21
LASTHOG At: 14:33:15 IST Jan 4 2019
<--- More ---> PC: 8e30117 (suspend)
Traceback: 8e30117 81dfb79 8d0814f 87c1756 87c26c3 80b0ce0 80b3c23
dd58e39d dd58f09e dd58cca1 dd58daa5 dd58674c dd586bc5 80b4a55

Process: Unicorn Admin Handler, NUMHOG: 5, MAXHOG: 57, LASTHOG: 12
LASTHOG At: 14:33:16 IST Jan 4 2019
PC: 8b39c75 (suspend)
Traceback: 8b39c75 8b4e628 8b4f761 8c26c2d 8c24c02 8c18f48 8c19eef
8c1daba 8c1ddb8 8c1cd19 8c1bab1 8c1c098 8c1ad52 8c1c868

Process: Unicorn Admin Handler, NUMHOG: 4, MAXHOG: 88, LASTHOG: 83
LASTHOG At: 14:33:17 IST Jan 4 2019
PC: 87b8305 (suspend)
Traceback: 87b8305 8b4e19b 8b4f522 8c284a5 8c13ef8 8c236cf 8c14c41
8c3e08f 8c13ef8 8c236cf 8c14c41 8c0cf51 8c131fb 8c135ca

Process: Unicorn Admin Handler, PROC_PC_TOTAL: 31, MAXHOG: 340, LASTHOG: 11
LASTHOG At: 14:33:17 IST Jan 4 2019
PC: 8b39c75 (suspend)

Process: Unicorn Admin Handler, PROC_PC_TOTAL: 3, MAXHOG: 37, LASTHOG: 12
LASTHOG At: 14:33:17 IST Jan 4 2019
PC: 80b3b5a (suspend)

<--- More ---> Process: Unicorn Admin Handler, NUMHOG: 3, MAXHOG: 37, LASTHOG: 12
LASTHOG At: 14:33:17 IST Jan 4 2019
PC: 80b3b5a (suspend)
Traceback: 80b3b5a dd58e39d dd58f09e dd58cca1 dd58daa5 dd58674c dd586bc5
80b4a55 83d484d 83cc594 83cdc90 83d2b6d 805e983

Process: ssh, NUMHOG: 2, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 14:21:50 IST Jan 11 2019
PC: 8ac72dc (suspend)
Traceback: 8ac72dc 8ad59f6 8acb245 8acb3df 8acb513 87b8397 9181e56
84d1c92 88cdae8 88cdbed 87c05ff 87b9310 888f594 888f651

Process: Dispatch Unit, PROC_PC_TOTAL: 3, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 10:02:59 IST Jan 18 2019
PC: 8172969 (suspend)

Process: Dispatch Unit, NUMHOG: 3, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 10:02:59 IST Jan 18 2019
PC: 8172969 (suspend)
Traceback: 8172969 805e983

Process: Dispatch Unit, PROC_PC_TOTAL: 221, MAXHOG: 95, LASTHOG: 3
LASTHOG At: 16:36:51 IST Feb 8 2019
PC: 8172a27 (suspend)
<--- More --->
Process: Dispatch Unit, NUMHOG: 18, MAXHOG: 95, LASTHOG: 3
LASTHOG At: 16:36:51 IST Feb 8 2019
PC: 8172a27 (suspend)
Traceback: 8172a27 805e983

Process: ssh_init, PROC_PC_TOTAL: 4944, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 14:46:44 IST Feb 12 2019
PC: 8ac72dc (suspend)

Process: ssh_init, NUMHOG: 4942, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 14:46:44 IST Feb 12 2019
PC: 8ac72dc (suspend)
Traceback: 8ac72dc 8ad3bcd 8ad1b1e 8ad1cc8 8ad2d51 8acbae4 805e983

Process: Unicorn Admin Handler, PROC_PC_TOTAL: 6, MAXHOG: 88, LASTHOG: 3
LASTHOG At: 14:47:03 IST Feb 12 2019
PC: 87b8305 (suspend)

Process: ssh, NUMHOG: 2, MAXHOG: 5, LASTHOG: 3
LASTHOG At: 14:47:03 IST Feb 12 2019
PC: 87b8305 (suspend)
Traceback: 87b8305 9181e56 84d1c92 88cdae8 88cdbed 87c05ff 87b9310
<--- More ---> 888f594 888f651 87b9187 87b91f1 87c1756 87c26c3 80b0ce0

Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 53, MAXHOG: 11, LASTHOG: 5
LASTHOG At: 15:42:36 IST Feb 12 2019
PC: 8b39f8b (suspend)

Process: Unicorn Proxy Thread, NUMHOG: 53, MAXHOG: 11, LASTHOG: 5
LASTHOG At: 15:42:36 IST Feb 12 2019
PC: 8b39f8b (suspend)
Traceback: 8b39f8b 8b3ba76 8b3bb25 8b3cc48 8b3e718 8b3a271 8b4edae
8e30482 805e983

Process: Unicorn Admin Thread, PROC_PC_TOTAL: 5712, MAXHOG: 25, LASTHOG: 3
LASTHOG At: 10:49:42 IST Feb 14 2019
PC: 8b39b0c (suspend)

Process: Unicorn Admin Thread, NUMHOG: 1140, MAXHOG: 23, LASTHOG: 3
LASTHOG At: 10:49:42 IST Feb 14 2019
PC: 8b39b0c (suspend)
Traceback: 8b39b0c 8b4e628 8b4f761 8c26c2d 8c24c02 8c17e75 8c18b82
8c1db8a 8c1dd97 8c1ab5f 8c1c098 8c1ad52 8c1c868 8c1aea1

Process: Unicorn Admin Thread, PROC_PC_TOTAL: 3320, MAXHOG: 22, LASTHOG: 4
LASTHOG At: 10:49:42 IST Feb 14 2019
<--- More ---> PC: 8b5480d (suspend)

Process: Unicorn Admin Thread, NUMHOG: 1969, MAXHOG: 22, LASTHOG: 4
LASTHOG At: 10:49:42 IST Feb 14 2019
PC: 8b5480d (suspend)
Traceback: 8b5480d 8b3a17a 8b3ba76 8b3bb25 d5b190b0

Process: ssh, PROC_PC_TOTAL: 1, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 12:03:22 IST Feb 14 2019
PC: 835eab8 (suspend)

Process: ssh, NUMHOG: 1, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 12:03:22 IST Feb 14 2019
PC: 835eab8 (suspend)
Traceback: 835eab8 835a146 835a343 8054637 88bec25 87f0622 87c1756
87c26c3 80b0ce0 80b1f3e 80b29d9 805e983

CPU hog threshold (msec): 3.47
Last cleared: None

------------------ show process ------------------

PC SP STATE Runtime SBASE Stack Process
<--- More ---> Lwe 08051bac d450bac4 09b7aeb4 0 d4509bb0 7920/8192 block_diag
Mrd 081727e4 d453c464 09b7a7fc 2369141 d451c5f0 124468/131072 Dispatch Unit
Mwe 0835e1f5 d4541614 09b7a5ec 0 d453f820 7496/8192 CF OIR
Mwe 08963190 d454382c 09aac950 0 d4541948 7872/8192 lina_int
Mwe 08064bc5 d45b235c 09b7a5ec 0 d45b04b8 7672/8192 Reload Control Thread
Mwe 08069626 d45bd274 09b7c718 5777 d45b96c0 12688/16384 aaa
Mwe 08a8717b d45bf56c d5727540 26 d45bd7e8 7000/8192 Boot Message Proxy Process
Mwe 08092416 d45c408c 09b7c774 12718 d45c0198 11636/16384 CMGR Server Process
Mwe 08092925 d45c6154 09b7a5ec 637 d45c42c0 7696/8192 CMGR Timer Process
Lwe 08171342 d45d078c 09b877a4 16 d45ce888 5952/8192 dbgtrace
Msi 083e650c d45d8d7c 09b7a5ec 15789 d45d6e68 7808/8192 557mcfix
Msi 083e632e d45daea4 09b7a5ec 3 d45d8f90 7776/8192 557statspoll
Mwe 08b5480d d480143c 09b7a5ec 14 d45f69f8 7136/8192 netfs_thread_init
Mwe 09144be5 d4604e3c 09b7a5ec 0 d4602fb8 7640/8192 Chunk Manager
Msi 087fabee d461021c 09b7a5ec 19311 d460e328 4872/8192 PIX Garbage Collector
Mwe 087ee244 d4619e7c 09a9dcac 2 d4617f78 6184/8192 IP Address Assign
Mwe 089adaf6 d47ab874 09adf078 0 d47a9970 7904/8192 QoS Support Module
Mwe 0886b62f d47ad9d4 09a9ed50 0 d47abad0 7904/8192 Client Update Task
Lwe 091845b8 d47b024c 09b7a5ec 103973 d47ae3b8 7696/8192 Checkheaps
Mwe 089b0d45 d47b647c 09b7a5ec 0 d47b4818 6624/8192 Quack process
Mwe 08a04632 d47ba7b4 09b7a5ec 1672 d47b6940 14168/16384 Session Manager
Mwe 08b03785 d47c55e4 d5106218 8 d47c1b90 14296/16384 uauth
Mwe 08aa5795 d47c7bbc 09aebdc0 0 d47c5cb8 7376/8192 Uauth_Proxy
Msp 08adc06c d47cf954 09b7a5ec 823 d47cda40 7544/8192 SSL
<--- More ---> Mwe 08b01be6 d47d1a3c 09af18c4 0 d47cfb68 7240/8192 SMTP
Mwe 08af6f79 d47d3a04 09af1848 182524 d47d1c90 5992/8192 Logger
Mwe 08af359e d47d5c4c 09b7a5ec 0 d47d3db8 7344/8192 Thread Logger
Mwe 08cd1c42 d47e44b4 09b242e8 0 d47e25d0 7040/8192 vpnlb_thread
Mwe 0823344d d47eae5c 09b7a5ec 0 d47e8fd8 7640/8192 TLS Proxy Inspector
Msi 08a1d073 d48734b4 09b7a5ec 13816 d48715b0 7792/8192 emweb/cifs_timer
Mwe 0860ca27 d48b5f3c 09a948ac 0 d48b4048 7520/8192 netfs_mount_handler
Msi 084c2788 d45ca3e4 09b7a5ec 62664 d45c8510 7168/8192 arp_timer
Mwe 084cbc7c d45d6bf4 09b9af68 0 d45d4d40 7824/8192 arp_forward_thread
Mwe 0852fb65 d45dcf6c 09b9fd60 3 d45db0e8 7808/8192 Lic TMR
Mwe 08b06da1 d4602d84 09af1b40 6363 d4600e90 7776/8192 tcp_fast
Mwe 08b09f90 d4b31b2c 09af1b40 2918 d4b2fc48 7760/8192 tcp_slow
Mwe 08b33bf9 d4b3f81c 09af9a48 0 d4b3d928 7872/8192 udp_timer
Mwe 080e6cb8 d45e800c 09b7a5ec 0 d45e6178 7760/8192 CTCP Timer process
Mwe 08c82503 d45faa3c 09b7a5ec 0 d45f8bc8 7728/8192 L2TP data daemon
Mwe 08c832d3 d45fcb74 09b7a5ec 0 d45facf0 7744/8192 L2TP mgmt daemon
Mwe 08c6f3db d4ea0fec 09b1e224 4173 d4e9d138 16048/16384 ppp_timer_thread
Msi 08cd20a7 d4ea3034 09b7a5ec 26272 d4ea1160 7744/8192 vpnlb_timer_thread
Mwe 080fc9d7 d47c9c84 d45ca720 30 d47c7de0 4348/8192 IPsec message handler
Msi 0810ecfc d47de0d4 09b7a5ec 313036 d47dc210 6328/8192 CTM message handler
Mwe 088c5a1a d45ce4ec 09b7a5ec 0 d45cc678 7544/8192 NAT security-level reconfiguration
Mwe 089daea8 d508b4dc 09b7a5ec 0 d5089638 7776/8192 ICMP event handler
Mwe 087550b3 d508f654 09b7a5ec 5228 d508b7b0 14888/16384 IP Background
Mwe 08169957 d50f70c4 09a726f4 217 d50d7200 122008/131072 tmatch compile thread
<--- More ---> Mwe 088f1a05 d51cd804 09b7a5ec 0 d51c9950 15880/16384 Crypto PKI RECV
Mwe 088f44fa d51d190c 09b7a5ec 0 d51cda78 15848/16384 Crypto CA
Lsi 0880aad8 d520926c 09b7a5ec 224 d5207358 7808/8192 uauth_urlb clean
Lwe 087f3f2f d5419c34 09b7a5ec 110620 d5417dc0 4228/8192 pm_timer_thread
Mwe 084556c5 d541bfb4 09b7a5ec 52872 d541a120 7624/8192 IKE Timekeeper
Mwe 084492eb d542146c 09a8fcb4 11464783 d541d898 10104/16384 IKE Daemon
Mwe 08ab90da d542508c 09af04d4 0 d54231a8 7872/8192 RADIUS Proxy Event Daemon
Mwe 08a8717b d5427024 d47d9040 28 d5425280 7032/8192 RADIUS Proxy Listener
Mwe 08ab7cd7 d54291ec 09b7a5ec 0 d5427358 7760/8192 RADIUS Proxy Time Keeper
Mwe 084b3a3c d542bf9c 09b9aee8 0 d542a168 7008/8192 Integrity FW Task
Mwe 08186d8b d546f9fc 096595dc 43092 d54501f8 121156/131072 ci/console
Msi 0838bd78 d54721e4 09b7a5ec 9797 d5470320 6328/8192 fover_thread
Mwe 08c572b5 d54742dc 09d20850 684 d5472448 7504/8192 lu_ctl
Msi 0882c89c d5476274 09b7a5ec 156202 d5474570 6088/8192 update_cpu_usage
Msi 08827d31 d548062c 09b7a5ec 412143 d547e7f8 5944/8192 NIC status poll
Mwe 08381bcc d47e649c 09b8e700 0 d47e46f8 7552/8192 fover_rx
Mwe 0837e400 d47b247c 09b8f094 0 d47b05c8 7824/8192 fover_tx
Mwe 0837d50b d45f6794 09b9b5c8 0 d45f48b0 7848/8192 fover_ip
Mwe 08391b41 d549887c 09b8f0a8 0 d5494b98 15552/16384 fover_rep
Mwe 0838a51d d54a0774 09b8f0b0 7898 d5498bc0 31652/32768 fover_parse
Mwe 0836ccab d54a2a6c 09b8e1d8 4342 d54a0be8 7760/8192 fover_ifc_test
Mwe 08370b85 d54a4aa4 09b7a5ec 0 d54a2c10 7760/8192 fover_health_monitoring_thread
Mwe 083a3f10 d54a8cf4 09b7a5ec 0 d54a6e60 7760/8192 ha_trans_ctl_tx
Mwe 083a3f10 d54bbd44 09b7a5ec 0 d54b9eb0 7760/8192 ha_trans_data_tx
<--- More ---> Mwe 0839b517 d54bdd7c 09b7a5ec 0 d54bbed8 7520/8192 fover_FSM_thread
Mwe 08c56cdb d54c019c 09b9b028 0 d54be298 7832/8192 lu_rx
Lwe 08c56c0c d54c21d4 09d20700 0 d54c02c0 7920/8192 lu_dynamic_sync
Mwe 084bdd86 d54e7354 09b9b634 40833 d54e3480 12992/16384 IP Thread
Mwe 084c442e d54e949c 09b9afe8 25 d54e75a8 3800/8192 ARP Thread
Mwe 083ebe80 d54eb524 09b9b620 4583 d54e96d0 3880/8192 icmp_thread
Mwe 08b34b16 d54ed68c 09b7a5ec 14127 d54eb7f8 7656/8192 udp_thread
Mwe 08b0c06e d54ef674 09b9b63c 0 d54ed920 7472/8192 tcp_thread
Mwe 08a4e793 d54f193c 09ae3900 2 d54efa48 7176/8192 SNMP Notify Thread
Mwe 080d7543 d54f3b3c 09a6f11c 242135 d54f1c58 7580/8192 cppoll
Mwe 08b0ece5 d54f59e4 d54816f0 0 d54f3c80 6904/8192 CP Server Process
Mwe 09197050 d54f7aec 09b79ecc 0 d54f5ca8 7324/8192 rpc_server
Mwe 08b5480d d557561c 09b7a5ec 327 d54f9070 24816/32768 rtcli async executor process
Mwe 08b15643 d56da964 09b7a5ec 485 d56d8ad0 5492/8192 npshim_thread
Mwe 08a8717b d5809244 d5791060 26 d5807490 7368/8192 EAPoUDP-sock
Mwe 081acd75 d5bd2dbc 09b7a5ec 0 d5bd1258 6840/8192 EAPoUDP
Mwe 08a8717b d5c02364 d5be2cf0 66883 d5c005c0 7352/8192 IKE Receiver
Mwe 08b16758 d5c68a44 d5c5e8c8 833 d5c66d90 5904/8192 listen/ssh
Mwe 0818f651 d5c6cb94 09b7a5ec 359 d5c6acf0 7712/8192 DHCPD Timer
Mwe 081911be d5c73244 09b7a5ec 0 d5c71400 7176/8192 dhcp_daemon
Mwe 086ede53 d5c8ca3c 09b7a5ec 46241 d5c8aba8 3608/8192 NTP
Mwe 08cb260d d5d57f1c 09b24008 0 d5d50028 32464/32768 vpnfol_thread_msg
Msi 08cb85b2 d5d5a5ec 09b7a5ec 11474 d5d58708 7760/8192 vpnfol_thread_timer
Mwe 08cb6ab2 d5d5cc7c 09b24180 0 d5d5ade8 7792/8192 vpnfol_thread_sync
<--- More ---> Msi 08cb813c d5d5f3bc 09b7a5ec 85475 d5d5d4c8 7776/8192 vpnfol_thread_unsent
Mwe 084afd88 d47e86b4 09b7a5ec 0 d47e6820 7760/8192 Integrity Fw Timer Thread
Msi 0860cafc d547857c 09b7a5ec 1054 d5476698 7752/8192 netfs_vnode_reclaim
Mwe 08acd4fb d5e4535c 09b7a5ec 20 d5e434c8 4984/8192 ssh/timer
Mwe 087db649 d69ba244 d57939d4 23 d69b3680 25832/32768 Unicorn Admin Handler
Mwe 081e132f d60b4434 09b7a5ec 1916 d60b0990 8768/16384 emweb/https
Mwe 08983279 d6815f0c 09c92110 0 d6814048 7760/8192 qos_metric_daemon
Mwe 087dabef d65bdbc4 09b7a5ec 34 d65b6e30 23396/32768 Unicorn Admin Handler
Mwe 081d8b66 d5fe3a2c 09b7a5ec 696 d5fe1b88 7692/8192 Timekeeper
Mwe 08b5480d d622808c 09b7a5ec 58544 d5fe4f40 4748/8192 Unicorn Proxy Thread
M* 08ac72dc d0b2491c 09b7a7fc 799 d67ba840 22512/32768 ssh
- - - - 4702223872 - - scheduler
- - - - 4727687969 - - total elapsed

------------------ show kernel process ------------------

PID PPID PRI NI VSIZE RSS WCHAN STAT RUNTIME COMMAND
1 0 20 0 1560576 508 3725684979 S 99 init
2 1 34 19 0 0 3725694381 S 0 ksoftirqd/0
3 1 10 -5 0 0 3725736671 S 0 events/0
4 1 10 -5 0 0 3725736671 S 0 khelper
5 1 20 -5 0 0 3725736671 S 0 kthread
7 5 10 -5 0 0 3725736671 S 0 kblockd/0
8 5 20 -5 0 0 3726735694 S 0 kseriod
<--- More ---> 63 5 20 0 0 0 3725811768 S 0 pdflush
64 5 15 0 0 0 3725811768 S 0 pdflush
65 1 25 0 0 0 3725824451 S 0 kswapd0
66 5 20 -5 0 0 3725736671 S 0 aio/0
175 1 17 0 1560576 116 3725684979 S 0 init
176 175 22 0 1552384 508 3725684979 S 0 rcS
183 1 21 -4 1511424 504 0 S 18 udevd
298 1 23 -2 0 0 3725683158 Z 0 modprobe
305 1 23 -2 0 0 3725683158 Z 0 modprobe
331 1 23 -2 0 0 3725683158 Z 0 modprobe
334 1 23 -2 0 0 3725683158 Z 0 modprobe
308 1 23 -2 0 0 3725683158 Z 0 modprobe
345 1 23 -2 0 0 3725683158 Z 0 modprobe
346 1 23 -2 0 0 3725683158 Z 0 modprobe
361 176 22 0 1552384 476 3725684979 S 0 S99asa
362 361 25 0 1548288 468 3725684979 S 0 rcS
383 362 25 0 1351680 344 3725712932 S 0 lina_monitor
384 383 15 0 241754112 169980 3725716348 S 50 lina
385 384 16 0 241754112 169980 0 S 1 lina
386 385 15 0 241754112 169980 0 S 51 lina
387 385 15 0 241754112 169980 3725716348 S 71 lina
388 385 25 0 241754112 169980 0 R 472749791 lina

------------------ show failover ------------------
<--- More --->
Failover Off
Failover unit Secondary
Failover LAN Interface: not Configured
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum

------------------ show failover history ------------------

==========================================================================
From State To State Reason
==========================================================================
07:07:09 IST Jan 1 2003
Not Detected Disabled No Error

==========================================================================

------------------ show traffic ------------------

outside:
received (in 431884.314 secs):
80863583 packets73365194422 bytes
<--- More ---> 8 pkts/sec169007 bytes/sec
transmitted (in 431884.314 secs):
59559523 packets10309535905 bytes
8 pkts/sec23005 bytes/sec
1 minute input rate 6 pkts/sec, 789 bytes/sec
1 minute output rate 6 pkts/sec, 1377 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 8 pkts/sec, 1006 bytes/sec
5 minute output rate 11 pkts/sec, 1975 bytes/sec
5 minute drop rate, 0 pkts/sec
inside:
received (in 431885.464 secs):
56219160 packets9569446009 bytes
0 pkts/sec22008 bytes/sec
transmitted (in 431885.464 secs):
77137063 packets72576612347 bytes
9 pkts/sec168006 bytes/sec
1 minute input rate 2 pkts/sec, 517 bytes/sec
1 minute output rate 2 pkts/sec, 343 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 650 bytes/sec
5 minute output rate 2 pkts/sec, 534 bytes/sec
5 minute drop rate, 0 pkts/sec
management:
<--- More ---> received (in 431885.584 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 431885.584 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
Ethernet0/0:
received (in 431887.564 secs):
80863622 packets74884129124 bytes
8 pkts/sec173000 bytes/sec
transmitted (in 431887.564 secs):
59559580 packets11512511142 bytes
8 pkts/sec26009 bytes/sec
1 minute input rate 6 pkts/sec, 918 bytes/sec
<--- More ---> 1 minute output rate 6 pkts/sec, 1488 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 8 pkts/sec, 1201 bytes/sec
5 minute output rate 11 pkts/sec, 2181 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/1:
received (in 431888.844 secs):
56219163 packets10713119074 bytes
0 pkts/sec24009 bytes/sec
transmitted (in 431888.844 secs):
77137067 packets74021732105 bytes
9 pkts/sec171002 bytes/sec
1 minute input rate 2 pkts/sec, 566 bytes/sec
1 minute output rate 2 pkts/sec, 395 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 702 bytes/sec
5 minute output rate 2 pkts/sec, 594 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/2:
received (in 431888.954 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 431888.954 secs):
0 packets0 bytes
<--- More ---> 0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/3:
received (in 431889.864 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 431889.864 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Control0/0:
received (in 431889.934 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
<--- More ---> transmitted (in 431889.934 secs):
2437165 packets156012224 bytes
5 pkts/sec3 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 33 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 33 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 431894.404 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 431894.404 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management0/0:
received (in 431894.544 secs):
<--- More ---> 0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 431894.544 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

------------------ show perfmon ------------------

PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 0/s 0/s
TCP Conns 0/s 0/s
UDP Conns 0/s 0/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
TCP Intercept Established Conns 0/s 0/s
<--- More ---> TCP Intercept Attempts 0/s 0/s
TCP Embryonic Conns Timeout 0/s 0/s
HTTP Fixup 0/s 0/s
FTP Fixup 0/s 0/s
AAA Authen 0/s 0/s
AAA Author 0/s 0/s
AAA Account 0/s 0/s

VALID CONNS RATE in TCP INTERCEPT: Current Average
N/A 71.00%

------------------ show counters ------------------

Protocol Counter Value Context
IP IN_PKTS 2029095 Summary
IP OUT_PKTS 2920655 Summary
IP IN_DROP_NFU 15716 Summary
IP TO_ARP 962 Summary
IP TO_UDP 1847547 Summary
IP TO_ICMP 164870 Summary
TCP OUT_PKTS 157634 Summary
TCP SESS_CTOD 78817 Summary
TCP OUT_CLSD 78817 Summary
TCP HASH_ADD 78817 Summary
<--- More ---> TCP SND_SYN 78817 Summary
UDP IN_PKTS 1847547 Summary
UDP OUT_PKTS 1697371 Summary
UDP DROP_NO_APP 3 Summary
ICMP IN_PKTS 164870 Summary
ICMP OUT_PKTS 10183 Summary
ICMP DROP_IGNORE 6 Summary
ICMP PORT_UNREACH 154325 Summary
SSLERR BAD_PROTOCOL_VERSION_NUMBER 2 Summary
SSLERR BAD_SIGNATURE 2 Summary
SSLERR DATA_BETWEEN_CCS_AND_FINISHED 1 Summary
SSLERR NO_CERTIFICATES_RETURNED 2 Summary
SSLERR NO_SHARED_CIPHER 825 Summary
SSLERR SSLV3_ALERT_BAD_CERTIFICATE 8 Summary
SSLERR SSLV3_ALERT_CERT_UNKNOWN 38 Summary
SSLERR SSL_HANDSHAKE_FAILURE 6 Summary
SSLERR TLSV1_ALERT_PROTOCOL_VERSION 34 Summary
SSLERR UNKNOWN_PROTOCOL 31 Summary
SSLERR WRONG_VERSION_NUMBER 18 Summary
SSLALERT RX_CLOSE_NOTIFY 234 Summary
SSLALERT RX_NO_CERTIFICATE 3 Summary
SSLALERT RX_BAD_CERTIFICATE 8 Summary
SSLALERT RX_CERTIFICATE_UNKNOWN 38 Summary
SSLALERT RX_PROTOCOL_VERSION 34 Summary
<--- More ---> SSLALERT RX_FATAL_ALERT 80 Summary
SSLALERT RX_WARNING_ALERT 237 Summary
SSLALERT TX_CLOSE_NOTIFY 7231 Summary
SSLALERT TX_UNEXPECTED_MESSAGE 1 Summary
SSLALERT TX_HANDSHAKE_FAILURE 827 Summary
SSLALERT TX_PROTOCOL_VERSION 12 Summary
SSLALERT TX_FATAL_ALERT 840 Summary
SSLALERT TX_WARNING_ALERT 7231 Summary
SSLDEV NEW_CTX 1 Summary
SSLNP OPEN_CONN 7 Summary
SSLNP DTLS_OPEN_CONN 2 Summary
SSLNP HANDSHAKE_START 9149 Summary
SSLNP HANDSHAKE_DONE 7503 Summary
SSLNP DOWNSTREAM_CLOSE 20175 Summary
SSLNP DOWNSTREAM_CLOSE_NEXT 9725 Summary
SSLNP UPSTREAM_CLOSE 10792 Summary
SSLNP UPSTREAM_CLOSE_NEXT 9725 Summary
SSLNP FREE_CONN 9725 Summary
SSLNP NEW_CONN_SERVER 8711 Summary
SSLNP NEW_CONN_SERVER_VRFY 1003 Summary
SSLNP DTLS_NEW_CONN_SERVER 9 Summary
SSLNP EXTRACT_VIA_DUPB 8591 Summary
SSLNP IN_PKTS_RX 44108 Summary
SSLNP IN_PKTS_TX 26982 Summary
<--- More ---> SSLNP OUT_PKTS_RX 1273184 Summary
SSLNP OUT_PKTS_TX 1290379 Summary
SSLNP DTLS_IN_PKTS_RX 9 Summary
SSLNP SESSIONS_CLEARED 702 Summary
EmWeb IN_PKTS 14 Summary
EmWeb OUT_PKTS 203 Summary
NPSHIM READ_CTX_CLOSED 276 Summary
NPSHIM READ_NOBLOCK_NO_BUF 187661 Summary
NPSHIM READ_RECV 142420 Summary
NPSHIM READ_EOF 383 Summary
NPSHIM SLCT_REQUEST 13437 Summary
NPSHIM SLCT_EVENT 13436 Summary
NPSHIM CTX_ALLOC 19081 Summary
NPSHIM CTX_FREE 19075 Summary
NPSHIM CONN_PEND 2 Summary
NPSHIM CONN_PEND_PROCESS 2 Summary
NPSHIM CLOSE_REMOVE_EVENT 6 Summary
NPSHIM CLOSE_LISTEN 3 Summary
NPSHIM SEL_REMOVE_EVENT 9849 Summary
NPSHIM SEL_CLEAR 1 Summary

------------------ show mode ------------------

Security context mode: single
<--- More --->
------------------ show history ------------------

en
show version
show tech-support

------------------ show firewall ------------------

Firewall mode: Router

------------------ show running-config ------------------

: Saved
:
ASA Version 8.0(4)
!
hostname citpldr
domain-name drcitpl
enable password <removed>
passwd <removed>
names
name 10.247.19.0 DR-APP
name 10.247.19.48 DR-DB
<--- More ---> name 10.246.22.0 Remote
name 10.246.19.169 Backup
name 10.247.19.11 DRDC
name 172.16.0.0 DRVPN
name 10.246.19.160 Comm
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 180.179.33.238 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.247.17.1 255.255.255.240
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
<--- More ---> no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
banner login
banner login
banner login ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner login PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
banner login UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
banner motd WARNING:
banner motd ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner motd PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
banner motd UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
banner asdm WARNING:
banner asdm ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner asdm PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
banner asdm UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
ftp mode passive
<--- More ---> clock timezone IST 5 30
dns server-group DefaultDNS
domain-name drcitpl
object-group network APP
network-object DR-APP 255.255.255.224
object-group network DB
network-object DR-DB 255.255.255.240
object-group network RDP
network-object host 10.247.19.10
network-object host DRDC
object-group service PMP tcp
port-object eq 2345
port-object range 7272 7273
object-group service SSH tcp
port-object eq 1337
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network BACKUP
object-group service RDP1 tcp
port-object eq 3389
object-group service Commvalut tcp
port-object eq 8403
port-object eq 8400
<--- More ---> port-object eq 3389
group-object PMP
object-group service COM-PMP tcp
group-object Commvalut
group-object PMP
object-group service COMM tcp
port-object eq 8400
port-object eq 8403
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip host 172.16.24.10 host 10.247.19.10
access-list inside_access_in extended permit tcp host 180.179.59.9 host 182.71.125.197 object-group COMM
access-list outside_access_in extended permit ip any any
access-list 110 extended permit tcp any host 180.179.33.238 eq ssh inactive
access-list 110 extended permit ip host 180.179.33.238 any inactive
access-list 110 extended permit ip any host 180.179.33.238
access-list 110 extended permit tcp host 182.71.125.197 host 180.179.59.8 object-group COMM
access-list 110 extended permit tcp any host 180.179.59.8 object-group RDP1
access-list 110 extended permit tcp host 182.71.125.197 host 180.179.59.9 object-group COMM
access-list RemoteCITPLVPN_splitTunnelAcl standard permit any
access-list outside_cryptomap extended permit ip host 10.247.19.10 host Backup
access-list outside_2_cryptomap extended permit ip DR-APP 255.255.255.224 Comm 255.255.255.224
access-list 120 extended permit ip host 10.247.19.10 host Backup
access-list NO_NAT extended permit ip host 10.247.19.10 host Backup
access-list outside_cryptomap_2 extended permit ip host 10.247.19.10 host Backup
<--- More ---> access-list NONAT extended permit ip host 10.247.19.10 host 10.246.22.4
access-list NONAT extended permit ip 10.247.17.0 255.255.255.240 172.16.24.0 255.255.255.0
access-list NONAT extended permit ip DR-APP 255.255.255.224 172.16.24.0 255.255.255.0
access-list NONAT extended permit ip DR-DB 255.255.255.240 172.16.24.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip host 10.246.22.4 host 10.247.19.10
access-list Local_LAN_Access remark Local LAN Access
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list ipsec_clients extended permit ip 10.247.17.0 255.255.255.240 172.16.24.0 255.255.255.0
access-list ipsec_clients extended permit ip DR-APP 255.255.255.240 172.16.24.0 255.255.255.0
access-list ipsec_clients extended permit ip DR-APP 255.255.255.224 172.16.24.0 255.255.255.0
access-list ipsec_clients extended permit ip DR-DB 255.255.255.240 172.16.24.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool DR_VPN 172.16.24.10-172.16.24.40 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
<--- More ---> nat (outside) 0 access-list outside_nat0_outbound
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 180.179.59.8 3389 10.247.19.10 3389 netmask 255.255.255.255 dns
static (inside,outside) tcp 180.179.59.8 8400 10.247.19.10 8400 netmask 255.255.255.255 dns
static (inside,outside) tcp 180.179.59.8 7272 10.247.19.10 7272 netmask 255.255.255.255 dns
static (inside,inside) tcp 180.179.59.9 8400 10.247.19.9 8400 netmask 255.255.255.255 dns
static (inside,inside) tcp 180.179.59.9 8403 10.247.19.9 8403 netmask 255.255.255.255 dns
access-group 110 in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 180.179.33.237 1
route inside 10.247.17.0 255.255.255.240 10.247.17.3 1
route inside DR-APP 255.255.255.224 10.247.17.3 1
route inside DR-DB 255.255.255.240 10.247.17.3 1
route inside 10.247.20.0 255.255.255.128 10.247.17.3 1
route inside DRVPN 255.255.0.0 10.247.17.3 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
<--- More ---> http 182.71.125.192 255.255.255.248 outside
http 180.179.33.238 255.255.255.255 outside
http 218.248.44.128 255.255.255.240 outside
http 182.156.227.192 255.255.255.248 outside
http 10.247.20.0 255.255.255.128 inside
http DR-APP 255.255.255.224 inside
http 192.168.1.0 255.255.255.0 management
http 10.247.17.0 255.255.255.240 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set remotevpn esp-3des esp-md5-hmac
<--- More ---> crypto ipsec transform-set RA-TS esp-3des esp-sha-hmac
crypto ipsec transform-set Firstset esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set remotevpn Firstset
crypto dynamic-map dyn1 1 set security-association lifetime seconds 28800
crypto dynamic-map dyn1 1 set security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set reverse-route
crypto dynamic-map DYN_MAP 10 set transform-set RA-TS
crypto dynamic-map DYN_MAP 10 set security-association lifetime seconds 28800
crypto dynamic-map DYN_MAP 10 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap 2 match address outside_2_cryptomap
crypto map mymap 2 set pfs
crypto map mymap 2 set peer 182.71.125.195
crypto map mymap 2 set transform-set ESP-AES-256-SHA
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
<--- More ---> crypto map mymap 4 match address outside_cryptomap_2
crypto map mymap 4 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map mymap 4 set security-association lifetime seconds 28800
crypto map mymap 4 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
crypto map VPN_MAP 30 ipsec-isakmp dynamic DYN_MAP
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=citpldr
serial-number
keypair drcitpl
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate adcc005c
30820308 308201f0 a0030201 020204ad cc005c30 0d06092a 864886f7 0d010104
05003046 3110300e 06035504 03130763 6974706c 64723132 30120603 55040513
0b4a4d58 31333039 4c31445a 301c0609 2a864886 f70d0109 02160f63 6974706c
64722e64 72636974 706c301e 170d3138 31313330 30353337 34395a17 0d323831
31323730 35333734 395a3046 3110300e 06035504 03130763 6974706c 64723132
30120603 55040513 0b4a4d58 31333039 4c31445a 301c0609 2a864886 f70d0109
02160f63 6974706c 64722e64 72636974 706c3082 0122300d 06092a86 4886f70d
01010105 00038201 0f003082 010a0282 010100fc 56dbdfe7 9159eb22 14794647
e4676c6e 466fa7ea ad9f6ce3 9f3377f2 432636b8 0136597c bd958e30 816a3a2b
5fe7d4f5 f4828545 22d424c4 76fe7791 7747199f 4f1b28ad cbff6c0f 8357893f
<--- More ---> c39e6448 3589f779 273b22e5 9dc96d91 9bc95da7 8988fcac bc063e7d 03def848
37efd905 e0dfd164 b8101db7 98a963f8 c0f96cd0 65f65b4c f70811fd a3e647a5
841222a5 e00eb9f7 070fbded 21787e25 6fb1ca01 90ec7493 9d86fedd 99e72448
1fa1c4c6 5a8b0721 9b6baad1 b5f2f629 796b4542 8e1312a9 c7ccf471 b386bba5
242befd2 02eac7e0 d57fceb8 fcd1d1c9 8d5175e0 531efc3f 40144603 f5671d38
e2971f06 6ad07493 b157dc79 c50c0e7d 558b0702 03010001 300d0609 2a864886
f70d0101 04050003 82010100 a2fe3026 530a35fa 48c3a267 1903baec 3d18ce63
7b51bed7 3975423b 0aa41437 f0ccce4c a051524e 3ce451d6 236930fb 28097131
9a2544f1 82b324ed 472e2c16 60346196 d5a95545 df820c27 7244552f 6656d546
12528908 433530dd db3487bd b0395d13 7d74b11d 1939d9a5 2b0f6925 e8fdb802
7253a7d0 90ecd36e 852676a9 c461ab33 769ee58b bf2fa260 aa1074cb 16e30311
fb45bc0b ca327c97 d75475eb be622806 7c52d3de 147a3a5e 2602b878 b92bf618
0fcf1dc6 1b7b7789 eb0f67c4 7cdb1c56 46c515cf 4aaa4a38 cda72e8d b5b597ce
0f36c52b 48580113 f2e82dcb b88892f0 85292e7e cc2b04d6 d083cbc1 fcdc154a
d10f7629 5d7f6a7a 246dc736
quit
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 5
<--- More ---> authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 3600
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 50
<--- More ---> authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
telnet timeout 5
ssh 182.71.125.192 255.255.255.248 outside
ssh 182.156.227.192 255.255.255.248 outside
ssh 218.248.44.128 255.255.255.240 outside
ssh 180.179.39.242 255.255.255.255 outside
ssh 124.153.69.242 255.255.255.255 outside
ssh DR-APP 255.255.255.224 inside
ssh 10.247.17.0 255.255.255.240 inside
ssh 10.247.20.0 255.255.255.128 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
<--- More ---> dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.247.17.3
webvpn
enable outside
enable inside
group-policy DfltGrpPolicy attributes
group-policy PSAVPN internal
group-policy PSAVPN attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-filter none
vpn-tunnel-protocol svc
group-policy drvpn internal
group-policy drvpn attributes
dns-server value 10.247.19.11 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value drcitpl.co.in
group-policy RemoteCITPLVPN internal
group-policy RemoteCITPLVPN attributes
dns-server value 10.247.19.11 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec svc
<--- More ---> split-tunnel-policy tunnelspecified
split-tunnel-network-list value RemoteCITPLVPN_splitTunnelAcl
default-domain value drcitpl.local
group-policy citpldr internal
group-policy citpldr attributes
dns-server value 10.247.19.11
vpn-idle-timeout 30
vpn-tunnel-protocol IPSec webvpn
group-policy policy1 internal
group-policy policy1 attributes
split-tunnel-policy excludespecified
split-tunnel-network-list value ipsec_clients
username testuser password <removed>
username testvpn password <removed>
username prabakaran password <removed> privilege 0
username prabakaran attributes
vpn-group-policy PSAVPN
username psacitpl password <removed> privilege 15
username vpnuser password <removed>
username vpn1 password <removed> privilege 0
username vpn1 attributes
vpn-group-policy RemoteCITPLVPN
username citpl password <removed> privilege 0
username ciptl password <removed>
<--- More ---> tunnel-group DefaultRAGroup ipsec-attributes
isakmp keepalive threshold 10 retry 2
tunnel-group DefaultWEBVPNGroup ipsec-attributes
isakmp keepalive threshold 10 retry 2
tunnel-group 182.71.125.195 type ipsec-l2l
tunnel-group 182.71.125.195 ipsec-attributes
pre-shared-key *
tunnel-group RemoteCITPLVPN type remote-access
tunnel-group RemoteCITPLVPN general-attributes
address-pool DR_VPN
default-group-policy RemoteCITPLVPN
tunnel-group RemoteCITPLVPN ipsec-attributes
pre-shared-key *
trust-point ASDM_TrustPoint0
isakmp keepalive threshold 10 retry 2
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
address-pool DR_VPN
tunnel-group testgroup ipsec-attributes
pre-shared-key *
tunnel-group vpnclient type remote-access
tunnel-group vpnclient general-attributes
address-pool DR_VPN
default-group-policy citpldr
<--- More ---> tunnel-group vpnclient ipsec-attributes
pre-shared-key *
tunnel-group RVPN type remote-access
tunnel-group RVPN general-attributes
address-pool DR_VPN
tunnel-group RVPN ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
<--- More ---> inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d63c0cc1c5afa11d283efbf1b61ef91b
: end

------------------ show startup-config errors ------------------

INFO: No configuration errors

------------------ console logs ------------------

Message #1 : Message #2 :
Total SSMs found: 1
Message #3 : ASA-SSM-10, SN JAF1306AKAK, HW ver 1.0, FW ver 1.0(11)5
Message #4 :
Total NICs found: 7
<--- More ---> Message #5 : mcwa Message #6 : i82557 Ethernet at irq 11Message #7 : MAC: 0024.1413.7dfb
Message #8 : mcwa Message #9 : i82557 Ethernet at irq 5Message #10 : MAC: 0000.0001.0001
Message #11 : i82546GB rev03 Ethernet @ irq09 dev 3 index 00Message #12 : MAC: 0024.1413.7dfc
Message #13 : i82546GB rev03 Ethernet @ irq09 dev 3 index 01Message #14 : MAC: 0024.1413.7dfd
Message #15 : i82546GB rev03 Ethernet @ irq09 dev 2 index 02Message #16 : MAC: 0024.1413.7dfe
Message #17 : i82546GB rev03 Ethernet @ irq09 dev 2 index 03Message #18 : MAC: 0024.1413.7dff
Message #19 : i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05Message #20 : MAC: 0000.0001.0002
Message #21 :
Licensed features for this platform:
Message #22 : Maximum Physical Interfaces : Unlimited
Message #23 : Maximum VLANs : 100
Message #24 : Inside Hosts : Unlimited
Message #25 : Failover : Active/Active
Message #26 : VPN-DES : Enabled
Message #27 : VPN-3DES-AES : Enabled
Message #28 : Security Contexts : 2
Message #29 : GTP/GPRS : Disabled
Message #30 : VPN Peers : 250
Message #31 : WebVPN Peers : 25
Message #32 : AnyConnect for Mobile : Disabled
Message #33 : AnyConnect for Linksys phone : Disabled
Message #34 : Advanced Endpoint Assessment : Enabled
Message #35 : UC Proxy Sessions : 2
Message #36 :
<--- More ---> This platform has an ASA 5510 Security Plus license.
Message #37 :
Message #38 : Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Message #39 : Boot microcode : CN1000-MC-BOOT-2.00
Message #40 : SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
Message #41 : IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
Message #42 :
Cisco Adaptive Security Appliance Software Version 8.0(4)
Message #43 :
Message #44 : ****************************** Warning *******************************
Message #45 : This product contains cryptographic features and is
Message #46 : subject to United States and local country laws
Message #47 : governing, import, export, transfer, and use.
Message #48 : Delivery of Cisco cryptographic products does not
Message #49 : imply third-party authority to import, export,
Message #50 : distribute, or use encryption. Importers, exporters,
Message #51 : distributors and users are responsible for compliance
Message #52 : with U.S. and local country laws. By using this
Message #53 : product you agree to comply with applicable laws and
Message #54 : regulations. If you are unable to comply with U.S.
Message #55 : and local laws, return the enclosed items immediately.
Message #56 :
Message #57 : A summary of U.S. laws governing Cisco cryptographic
Message #58 : products may be found at:
<--- More ---> Message #59 : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Message #60 :
Message #61 : If you require further assistance please contact us by
Message #62 : sending email to export@cisco.com.
Message #63 : ******************************* Warning *******************************
Message #64 :
Message #65 : Copyright (c) 1996-2008 by Cisco Systems, Inc.

Message #66 : Restricted Rights Legend

Message #67 : Use, duplication, or disclosure by the Government is
Message #68 : subject to restrictions as set forth in subparagraph
Message #69 : (c) of the Commercial Computer Software - Restricted
Message #70 : Rights clause at FAR sec. 52.227-19 and subparagraph
Message #71 : (c) (1) (ii) of the Rights in Technical Data and Computer
Message #72 : Software clause at DFARS sec. 252.227-7013.

Message #73 : Cisco Systems, Inc.
Message #74 : 170 West Tasman Drive
Message #75 : San Jose, California 95134-1706

citpldr# sh run
citpldr# sh running-config
: Saved
:
ASA Version 8.0(4)
!
hostname citpldr
domain-name drcitpl
enable password Zw7RmNKdmm9poae3 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.247.19.0 DR-APP
name 10.247.19.48 DR-DB
name 10.246.22.0 Remote
name 10.246.19.169 Backup
name 10.247.19.11 DRDC
name 172.16.0.0 DRVPN
name 10.246.19.160 Comm
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 180.179.33.238 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
<--- More ---> ip address 10.247.17.1 255.255.255.240
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
banner login
banner login
banner login ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner login PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
<--- More ---> banner login UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
banner motd WARNING:
banner motd ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner motd PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
banner motd UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
banner asdm WARNING:
banner asdm ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner asdm PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
banner asdm UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
ftp mode passive
clock timezone IST 5 30
dns server-group DefaultDNS
domain-name drcitpl
object-group network APP
network-object DR-APP 255.255.255.224
object-group network DB
network-object DR-DB 255.255.255.240
object-group network RDP
network-object host 10.247.19.10
network-object host DRDC
object-group service PMP tcp
port-object eq 2345
port-object range 7272 7273
object-group service SSH tcp
<--- More ---> port-object eq 1337
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network BACKUP
object-group service RDP1 tcp
port-object eq 3389
object-group service Commvalut tcp
port-object eq 8403
port-object eq 8400
port-object eq 3389
group-object PMP
object-group service COM-PMP tcp
group-object Commvalut
group-object PMP
object-group service COMM tcp
port-object eq 8400
port-object eq 8403
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip host 172.16.24.10 host 10.247.19.10
access-list inside_access_in extended permit tcp host 180.179.59.9 host 182.71.125.197 object-group COMM
access-list outside_access_in extended permit ip any any
access-list 110 extended permit tcp any host 180.179.33.238 eq ssh inactive
access-list 110 extended permit ip host 180.179.33.238 any inactive
<--- More ---> access-list 110 extended permit ip any host 180.179.33.238
access-list 110 extended permit tcp host 182.71.125.197 host 180.179.59.8 object-group COMM
access-list 110 extended permit tcp any host 180.179.59.8 object-group RDP1
access-list 110 extended permit tcp host 182.71.125.197 host 180.179.59.9 object-group COMM
access-list RemoteCITPLVPN_splitTunnelAcl standard permit any
access-list outside_cryptomap extended permit ip host 10.247.19.10 host Backup
access-list outside_2_cryptomap extended permit ip DR-APP 255.255.255.224 Comm 255.255.255.224
access-list 120 extended permit ip host 10.247.19.10 host Backup
access-list NO_NAT extended permit ip host 10.247.19.10 host Backup
access-list outside_cryptomap_2 extended permit ip host 10.247.19.10 host Backup
access-list NONAT extended permit ip host 10.247.19.10 host 10.246.22.4
access-list NONAT extended permit ip 10.247.17.0 255.255.255.240 172.16.24.0 255.255.255.0
access-list NONAT extended permit ip DR-APP 255.255.255.224 172.16.24.0 255.255.255.0
access-list NONAT extended permit ip DR-DB 255.255.255.240 172.16.24.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip host 10.246.22.4 host 10.247.19.10
access-list Local_LAN_Access remark Local LAN Access
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list ipsec_clients extended permit ip 10.247.17.0 255.255.255.240 172.16.24.0 255.255.255.0
access-list ipsec_clients extended permit ip DR-APP 255.255.255.240 172.16.24.0 255.255.255.0
access-list ipsec_clients extended permit ip DR-APP 255.255.255.224 172.16.24.0 255.255.255.0
access-list ipsec_clients extended permit ip DR-DB 255.255.255.240 172.16.24.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
<--- More ---> mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool DR_VPN 172.16.24.10-172.16.24.40 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (outside) 0 access-list outside_nat0_outbound
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 180.179.59.8 3389 10.247.19.10 3389 netmask 255.255.255.255 dns
static (inside,outside) tcp 180.179.59.8 8400 10.247.19.10 8400 netmask 255.255.255.255 dns
static (inside,outside) tcp 180.179.59.8 7272 10.247.19.10 7272 netmask 255.255.255.255 dns
static (inside,inside) tcp 180.179.59.9 8400 10.247.19.9 8400 netmask 255.255.255.255 dns
static (inside,inside) tcp 180.179.59.9 8403 10.247.19.9 8403 netmask 255.255.255.255 dns
access-group 110 in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 180.179.33.237 1
route inside 10.247.17.0 255.255.255.240 10.247.17.3 1
route inside DR-APP 255.255.255.224 10.247.17.3 1
route inside DR-DB 255.255.255.240 10.247.17.3 1
<--- More ---> route inside 10.247.20.0 255.255.255.128 10.247.17.3 1
route inside DRVPN 255.255.0.0 10.247.17.3 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 182.71.125.192 255.255.255.248 outside
http 180.179.33.238 255.255.255.255 outside
http 218.248.44.128 255.255.255.240 outside
http 182.156.227.192 255.255.255.248 outside
http 10.247.20.0 255.255.255.128 inside
http DR-APP 255.255.255.224 inside
http 192.168.1.0 255.255.255.0 management
http 10.247.17.0 255.255.255.240 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
<--- More ---> crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set remotevpn esp-3des esp-md5-hmac
crypto ipsec transform-set RA-TS esp-3des esp-sha-hmac
crypto ipsec transform-set Firstset esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set remotevpn Firstset
crypto dynamic-map dyn1 1 set security-association lifetime seconds 28800
crypto dynamic-map dyn1 1 set security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set reverse-route
crypto dynamic-map DYN_MAP 10 set transform-set RA-TS
<--- More ---> crypto dynamic-map DYN_MAP 10 set security-association lifetime seconds 28800
crypto dynamic-map DYN_MAP 10 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap 2 match address outside_2_cryptomap
crypto map mymap 2 set pfs
crypto map mymap 2 set peer 182.71.125.195
crypto map mymap 2 set transform-set ESP-AES-256-SHA
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
crypto map mymap 4 match address outside_cryptomap_2
crypto map mymap 4 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map mymap 4 set security-association lifetime seconds 28800
crypto map mymap 4 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
crypto map VPN_MAP 30 ipsec-isakmp dynamic DYN_MAP
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=citpldr
serial-number
keypair drcitpl
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate adcc005c
<--- More ---> 30820308 308201f0 a0030201 020204ad cc005c30 0d06092a 864886f7 0d010104
05003046 3110300e 06035504 03130763 6974706c 64723132 30120603 55040513
0b4a4d58 31333039 4c31445a 301c0609 2a864886 f70d0109 02160f63 6974706c
64722e64 72636974 706c301e 170d3138 31313330 30353337 34395a17 0d323831
31323730 35333734 395a3046 3110300e 06035504 03130763 6974706c 64723132
30120603 55040513 0b4a4d58 31333039 4c31445a 301c0609 2a864886 f70d0109
02160f63 6974706c 64722e64 72636974 706c3082 0122300d 06092a86 4886f70d
01010105 00038201 0f003082 010a0282 010100fc 56dbdfe7 9159eb22 14794647
e4676c6e 466fa7ea ad9f6ce3 9f3377f2 432636b8 0136597c bd958e30 816a3a2b
5fe7d4f5 f4828545 22d424c4 76fe7791 7747199f 4f1b28ad cbff6c0f 8357893f
c39e6448 3589f779 273b22e5 9dc96d91 9bc95da7 8988fcac bc063e7d 03def848
37efd905 e0dfd164 b8101db7 98a963f8 c0f96cd0 65f65b4c f70811fd a3e647a5
841222a5 e00eb9f7 070fbded 21787e25 6fb1ca01 90ec7493 9d86fedd 99e72448
1fa1c4c6 5a8b0721 9b6baad1 b5f2f629 796b4542 8e1312a9 c7ccf471 b386bba5
242befd2 02eac7e0 d57fceb8 fcd1d1c9 8d5175e0 531efc3f 40144603 f5671d38
e2971f06 6ad07493 b157dc79 c50c0e7d 558b0702 03010001 300d0609 2a864886
f70d0101 04050003 82010100 a2fe3026 530a35fa 48c3a267 1903baec 3d18ce63
7b51bed7 3975423b 0aa41437 f0ccce4c a051524e 3ce451d6 236930fb 28097131
9a2544f1 82b324ed 472e2c16 60346196 d5a95545 df820c27 7244552f 6656d546
12528908 433530dd db3487bd b0395d13 7d74b11d 1939d9a5 2b0f6925 e8fdb802
7253a7d0 90ecd36e 852676a9 c461ab33 769ee58b bf2fa260 aa1074cb 16e30311
fb45bc0b ca327c97 d75475eb be622806 7c52d3de 147a3a5e 2602b878 b92bf618
0fcf1dc6 1b7b7789 eb0f67c4 7cdb1c56 46c515cf 4aaa4a38 cda72e8d b5b597ce
0f36c52b 48580113 f2e82dcb b88892f0 85292e7e cc2b04d6 d083cbc1 fcdc154a
<--- More ---> d10f7629 5d7f6a7a 246dc736
quit
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
<--- More ---> hash sha
group 2
lifetime 3600
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
telnet timeout 5
ssh 182.71.125.192 255.255.255.248 outside
ssh 182.156.227.192 255.255.255.248 outside
<--- More ---> ssh 218.248.44.128 255.255.255.240 outside
ssh 180.179.39.242 255.255.255.255 outside
ssh 124.153.69.242 255.255.255.255 outside
ssh DR-APP 255.255.255.224 inside
ssh 10.247.17.0 255.255.255.240 inside
ssh 10.247.20.0 255.255.255.128 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.247.17.3
webvpn
enable outside
enable inside
group-policy DfltGrpPolicy attributes
group-policy PSAVPN internal
group-policy PSAVPN attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-filter none
<--- More ---> vpn-tunnel-protocol svc
group-policy drvpn internal
group-policy drvpn attributes
dns-server value 10.247.19.11 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value drcitpl.co.in
group-policy RemoteCITPLVPN internal
group-policy RemoteCITPLVPN attributes
dns-server value 10.247.19.11 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RemoteCITPLVPN_splitTunnelAcl
default-domain value drcitpl.local
group-policy citpldr internal
group-policy citpldr attributes
dns-server value 10.247.19.11
vpn-idle-timeout 30
vpn-tunnel-protocol IPSec webvpn
group-policy policy1 internal
group-policy policy1 attributes
split-tunnel-policy excludespecified
split-tunnel-network-list value ipsec_clients
username testuser password IqY6lTColo8VIF24 encrypted
username testvpn password pU4oyO2h2X5.LJuf encrypted
<--- More ---> username prabakaran password KadMa.jTdXLCZjq4 encrypted privilege 0
username prabakaran attributes
vpn-group-policy PSAVPN
username psacitpl password 0zIEA2BLq9IzLvQS encrypted privilege 15
username vpnuser password yTbUFnIiwFLbUF29 encrypted
username vpn1 password nhLYBhFUUV5qfeaQ encrypted privilege 0
username vpn1 attributes
vpn-group-policy RemoteCITPLVPN
username citpl password 8PdTd/Yg/DxlSnEf encrypted privilege 0
username ciptl password un0/1nuHIAsvx8nZ encrypted
tunnel-group DefaultRAGroup ipsec-attributes
isakmp keepalive threshold 10 retry 2
tunnel-group DefaultWEBVPNGroup ipsec-attributes
isakmp keepalive threshold 10 retry 2
tunnel-group 182.71.125.195 type ipsec-l2l
tunnel-group 182.71.125.195 ipsec-attributes
pre-shared-key *
tunnel-group RemoteCITPLVPN type remote-access
tunnel-group RemoteCITPLVPN general-attributes
address-pool DR_VPN
default-group-policy RemoteCITPLVPN
tunnel-group RemoteCITPLVPN ipsec-attributes
pre-shared-key *
trust-point ASDM_TrustPoint0
<--- More ---> isakmp keepalive threshold 10 retry 2
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
address-pool DR_VPN
tunnel-group testgroup ipsec-attributes
pre-shared-key *
tunnel-group vpnclient type remote-access
tunnel-group vpnclient general-attributes
address-pool DR_VPN
default-group-policy citpldr
tunnel-group vpnclient ipsec-attributes
pre-shared-key *
tunnel-group RVPN type remote-access
tunnel-group RVPN general-attributes
address-pool DR_VPN
tunnel-group RVPN ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
<--- More ---> message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d63c0cc1c5afa11d283efbf1b61ef91b
: end
citpldr# exit

Logoff