- Cisco Community
- Technology and Support
- Security
- VPN
- vpn cisco ASA with CLIENT
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
vpn cisco ASA with CLIENT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2015 02:37 PM
hello I am setting up a VPN IP'sec times through the ASA.Porem am finding great difficulty. create a VPN through the VPN wizards and when I test the esterna network and receive the return so with the information and terminates the connection with my client without even request the password validating aaa . Teardown UDP connection is 91028286 Sonnicwaal ( Internet interface) : 177.114.178.70/54998 to identity : 10.209.8.253/500 duration 00:02:15 Follows the error print . could help me thank the support .
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2015 05:32 PM
Hi Anderson,
To be able to help you could you please attach the following information:
- Are you configuring VPN client IPSec?
- show tech-support
- show run all sysopt
- is this working from the inside of your network?
David Castro,
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2015 07:07 AM
hi dcastrof thank you for attention more we go to the questions . 1- Are you configuring IPSec VPN client ? - Yes, I'm setting up a IP'sec and ultilizando the CISCO client to connect to my network remotely. 2 show tech-support - Is attached 3 show run all sysopt -segue attached 4 is this working from the inside of your network ? - But in my internal network
==========================================================================
ASA-INDRA# show tech-support
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(1)
Compiled on Wed 28-Nov-12 10:38 by builders
System image file is "disk0:/asa911-k8.bin"
Config file at boot was "startup-config"
ASA-INDRA up 54 days 18 hours
failover cluster up 54 days 18 hours
Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Number of accelerators: 1
0: Ext: GigabitEthernet0/0 : address is 5475.d026.e0e4, irq 9
1: Ext: GigabitEthernet0/1 : address is 5475.d026.e0e5, irq 9
2: Ext: GigabitEthernet0/2 : address is 5475.d026.e0e6, irq 9
3: Ext: GigabitEthernet0/3 : address is 5475.d026.e0e7, irq 9
4: Ext: Management0/0 : address is 5475.d026.e0e8, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual
This platform has an ASA 5540 VPN Premium license.
Serial Number: JMX1419L0EU
Running Permanent Activation Key: 0xf8204668 0xe81efec9 0x08e16dc4 0xbe58fc04 0xcd24d191
Configuration register is 0x1
Configuration last modified by aramosd at 18:25:20.341 BRST Mon Mar 16 2015
------------------ show disk0: controller ------------------
Flash Model: Flash Card
------------------ show clock ------------------
10:07:18.819 BRST Tue Mar 17 2015
------------------ show crashinfo ------------------
Saved crash: 21:00:00.000 BRST Wed Dec 31 1969
------------------ show module ------------------
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5540 Adaptive Security Appliance ASA5540 JMX1419L0EU
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 5475.d026.e0e4 to 5475.d026.e0e8 2.0 1.0(11)5 9.1(1)
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
------------------ show memory ------------------
Free memory: 1611771976 bytes (75%)
Used memory: 535711672 bytes (25%)
------------- ------------------
Total memory: 2147483648 bytes (100%)
------------------ show conn count ------------------
2619 in use, 7394 most used
------------------ show xlate count ------------------
98 in use, 165 most used
------------------ show vpn-sessiondb summary ------------------
---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concur : Inactive
----------------------------------------------
Site-to-Site VPN : 1 : 42 : 2
IKEv2 IPsec : 1 : 17 : 1
IKEv1 IPsec : 0 : 25 : 1
---------------------------------------------------------------------------
Total Active and Inactive : 1 Total Cumulative : 42
Device Total VPN Capacity : 5000
Device Load : 0%
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concurrent
----------------------------------------------
IKEv1 : 0 : 25 : 1
IKEv2 : 1 : 17 : 1
IPsec : 3 : 63 : 5
---------------------------------------------------------------------------
Totals : 4 : 105
---------------------------------------------------------------------------
------------------ show blocks ------------------
SIZE MAX LOW CNT
0 950 945 950
4 500 499 499
80 1400 1374 1400
256 2600 2584 2595
1550 11986 11602 11719
2048 2100 2098 2100
2560 3852 3851 3852
4096 100 99 100
8192 152 151 152
16384 210 210 210
65536 16 16 16
CORE LIMIT ALLOC HIGH CNT FAILED
0 24576 937 937 901 0
------------------ show blocks queue history detail ------------------
History buffer memory usage: 2832 bytes (default)
History analysis time limit: 100 msec
Please see 'show blocks exhaustion snapshot' for more information
------------------ show interface ------------------
Interface GigabitEthernet0/0 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 5475.d026.e0e4, MTU 1500
IP address 10.209.14.1, subnet mask 255.255.255.128
2820569755 packets input, 1550986464369 bytes, 0 no buffer
Received 152 broadcasts, 0 runts, 0 giants
121496 input errors, 0 CRC, 0 frame, 121496 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
4195436430 packets output, 4675378426536 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (511/486)
output queue (blocks free curr/low): hardware (511/345)
Traffic Statistics for "inside":
2820569740 packets input, 1497207298240 bytes
4195436430 packets output, 4596496167759 bytes
1571739 packets dropped
1 minute input rate 730 pkts/sec, 744059 bytes/sec
1 minute output rate 523 pkts/sec, 135512 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1652 pkts/sec, 2112975 bytes/sec
5 minute output rate 789 pkts/sec, 122109 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 2
Interface config status is active
Interface state is active
Interface GigabitEthernet0/1 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address 5475.d026.e0e5, MTU not set
IP address unassigned
5237437991 packets input, 4922081885542 bytes, 0 no buffer
Received 259 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
4628060283 packets output, 3477684946665 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 41 interface resets
0 late collisions, 0 deferred
4 input reset drops, 8029 output reset drops, 37 tx hangs
input queue (blocks free curr/low): hardware (511/486)
output queue (blocks free curr/low): hardware (511/319)
Control Point Interface States:
Interface number is 3
Interface config status is active
Interface state is active
Interface GigabitEthernet0/1.10 "MPLS_INTELIG", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
VLAN identifier 10
MAC address 5475.d026.e0e5, MTU 1500
IP address 172.19.235.113, subnet mask 255.255.255.248
Traffic Statistics for "MPLS_INTELIG":
2164770 packets input, 206578362 bytes
1449001 packets output, 105773378 bytes
699863 packets dropped
Control Point Interface States:
Interface number is 8
Interface config status is active
Interface state is active
Control Point Vlan10 States:
Interface vlan config status is active
Interface vlan state is UP
Interface GigabitEthernet0/1.20 "MPLS_EBT", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
VLAN identifier 20
MAC address 5475.d026.e0e5, MTU 1500
IP address 172.19.235.97, subnet mask 255.255.255.248
Traffic Statistics for "MPLS_EBT":
5234947336 packets input, 4802387046360 bytes
4626642779 packets output, 3375166236456 bytes
694821 packets dropped
Control Point Interface States:
Interface number is 9
Interface config status is active
Interface state is active
Control Point Vlan20 States:
Interface vlan config status is active
Interface vlan state is UP
Interface GigabitEthernet0/2 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address 5475.d026.e0e6, MTU not set
IP address unassigned
317278 packets input, 27389714 bytes, 0 no buffer
Received 147860 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
169332 packets output, 18652656 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
1 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (511/510)
output queue (blocks free curr/low): hardware (511/509)
Control Point Interface States:
Interface number is 4
Interface config status is active
Interface state is active
Interface GigabitEthernet0/2.70 "DMZ", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
VLAN identifier 70
Description: CONEXAO DMZ
MAC address 5475.d026.e0e6, MTU 1500
IP address 10.209.12.129, subnet mask 255.255.255.128
Traffic Statistics for "DMZ":
317287 packets input, 20409342 bytes
169332 packets output, 14922486 bytes
66068 packets dropped
Control Point Interface States:
Interface number is 10
Interface config status is active
Interface state is active
Control Point Vlan70 States:
Interface vlan config status is active
Interface vlan state is UP
Interface GigabitEthernet0/3 "SONICWALL", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 5475.d026.e0e7, MTU 1500
IP address 10.209.8.253, subnet mask 255.255.255.252
518729968683 packets input, 47115456284582 bytes, 0 no buffer
Received 15646 broadcasts, 0 runts, 0 giants
199340 input errors, 1 CRC, 0 frame, 199339 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
518063147449 packets output, 45489999061951 bytes, 6 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 5 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (511/486)
output queue (blocks free curr/low): hardware (510/0)
Traffic Statistics for "SONICWALL":
518729967468 packets input, 37776297142769 bytes
518063147475 packets output, 36160587138571 bytes
5572834 packets dropped
1 minute input rate 106588 pkts/sec, 8355932 bytes/sec
1 minute output rate 106236 pkts/sec, 7432357 bytes/sec
1 minute drop rate, 6 pkts/sec
5 minute input rate 107509 pkts/sec, 8295759 bytes/sec
5 minute output rate 107226 pkts/sec, 7524754 bytes/sec
5 minute drop rate, 5 pkts/sec
Control Point Interface States:
Interface number is 5
Interface config status is active
Interface state is active
Interface GigabitEthernet0/3.110 "TESA", is administratively down, line protocol is down
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
VLAN identifier 110
Description: LINK INTERNET TESA
MAC address 5475.d026.e0e7, MTU 1500
IP address 200.236.223.138, subnet mask 255.255.255.252
Traffic Statistics for "TESA":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
Control Point Interface States:
Interface number is 11
Interface config status is not active
Interface state is not active
Control Point Vlan110 States:
Interface vlan config status is not active
Interface vlan state is DOWN
Interface GigabitEthernet0/3.120 "LEVEL3", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
VLAN identifier 120
Description: LINK INTERNET LEVEL 3
MAC address 5475.d026.e0e7, MTU 1500
IP address unassigned
Traffic Statistics for "LEVEL3":
2 packets input, 80 bytes
0 packets output, 0 bytes
1 packets dropped
Control Point Interface States:
Interface number is 12
Interface config status is active
Interface state is active
Control Point Vlan120 States:
Interface vlan config status is active
Interface vlan state is UP
Interface Management0/0 "maneger", is down, line protocol is down
Hardware is i82557, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Description: LAN/STATE Failover Interface
MAC address 5475.d026.e0e8, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
1806351 packets input, 109882357 bytes, 0 no buffer
Received 6245 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
3550911 packets output, 802363574 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
79 lost carrier, 0 no carrier
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (0/1) software (0/41)
output queue (curr/max packets): hardware (0/52) software (0/1)
Traffic Statistics for "maneger":
1806454 packets input, 73946447 bytes
3551182 packets output, 752536803 bytes
20937 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 75580 through-the-device packets
13953 IPv4 packets originated from management network
61627 IPv4 packets destined to management network
0 IPv6 packets originated from management network
0 IPv6 packets destined to management network
Control Point Interface States:
Interface number is 6
Interface config status is active
Interface state is not active
------------------ show cpu usage ------------------
CPU utilization for 5 seconds = 60%; 1 minute: 60%; 5 minutes: 61%
------------------ show cpu hogging process ------------------
Process: Unicorn Admin Handler, NUMHOG: 77, MAXHOG: 35, LASTHOG: 5
LASTHOG At: 13:10:44 BRDT Jan 23 2015
PC: 0x0910b21e (suspend)
Call stack: 0x0910b21e 0x0910b4e2 0x08552692 0x0854b41d 0x0854b65c 0x0854b94e 0x08551b6b
0x0806922c
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 8, MAXHOG: 30, LASTHOG: 28
LASTHOG At: 14:16:36 BRDT Jan 23 2015
PC: 0x084c44e2 (suspend)
Process: Unicorn Admin Handler, NUMHOG: 4, MAXHOG: 30, LASTHOG: 28
LASTHOG At: 14:16:36 BRDT Jan 23 2015
PC: 0x084c44e2 (suspend)
Call stack: 0x084c44e2 0x085fb9ad 0x0860516b 0x0860fce4 0x08d54229 0x08d54391 0x08c51654
0x080f8b5a 0x080f9505 0x08c51654 0x08c52f61 0x080ecf73 0x080ed986 0x080edb49
Process: rtcli async executor process, PROC_PC_TOTAL: 6, MAXHOG: 2, LASTHOG: 2
LASTHOG At: 13:57:33 BRDT Jan 24 2015
PC: 0x0916ad6d (suspend)
Process: rtcli async executor process, NUMHOG: 6, MAXHOG: 2, LASTHOG: 2
LASTHOG At: 13:57:33 BRDT Jan 24 2015
PC: 0x0916ad6d (suspend)
Call stack: 0x0806a82a 0x0916ad6d 0x0914e906 0x091503dd 0x09150495 0x788bee80
Process: Unicorn Admin Handler, NUMHOG: 4, MAXHOG: 20, LASTHOG: 19
LASTHOG At: 13:57:33 BRDT Jan 24 2015
PC: 0x08c483c5 (suspend)
Call stack: 0x08c483c5 0x09875a7e 0x08e4a55d 0x08c51654 0x08c52f61 0x080ecf73 0x08552e9c
0x0854b2ae 0x0854b65c 0x0854b94e 0x08551b6b 0x0806922c
Process: ssh, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 17:14:58 BRDT Jan 28 2015
PC: 0x08c483c5 (suspend)
Call stack: 0x08c483c5 0x0987be58 0x087a5253 0x08df2305 0x08df233c 0x08c50587 0x08c48c3b
0x08d810a3 0x08d8114d 0x08c492b7 0x08c51654 0x08c52f61 0x080ecf73 0x080efbf7
Process: Unicorn Admin Handler, NUMHOG: 2, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 18:11:15 BRDT Jan 29 2015
PC: 0x08c483c5 (suspend)
Call stack: 0x08c483c5 0x0987be58 0x08d0ccff 0x08d0db01 0x08d0de00 0x08d0e3c1 0x08d7ad2f
0x080eca36 0x080ed2ca 0x08552e9c 0x0854b2ae 0x0854b65c 0x0854b94e 0x08551b6b
Process: Unicorn Admin Handler, NUMHOG: 2, MAXHOG: 57, LASTHOG: 6
LASTHOG At: 21:20:40 BRST Feb 20 2015
PC: 0x0914eb33 (suspend)
Call stack: 0x0806b131 0x0914eb33 0x0916c0f8 0x0928eb68 0x09267c79 0x0927955d 0x09268a40
0x0925fef1 0x09266f6b 0x0926716f 0x0925fcca 0x0927eff1 0x09267c79 0x0927955d
Process: Unicorn Admin Handler, NUMHOG: 5, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 10:12:24 BRST Mar 6 2015
PC: 0x08c483c5 (suspend)
Call stack: 0x08c483c5 0x0987be58 0x08cfc87b 0x08d0c762 0x08d0db01 0x08d0de00 0x08d0e3c1
0x08d7ad2f 0x080eca36 0x080ed2ca 0x08552e9c 0x0854b2ae 0x0854b65c 0x0854b94e
Process: ssh, PROC_PC_TOTAL: 1, MAXHOG: 2, LASTHOG: 2
LASTHOG At: 12:09:00 BRST Mar 6 2015
PC: 0x08d0e2a5 (suspend)
Process: ssh, NUMHOG: 1, MAXHOG: 2, LASTHOG: 2
LASTHOG At: 12:09:00 BRST Mar 6 2015
PC: 0x08d0e2a5 (suspend)
Call stack: 0x08d0e2a5 0x08d7ad2f 0x080eca36 0x080ed2ca 0x080efbf7 0x080f0a1c 0x0806922c
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 16, MAXHOG: 20, LASTHOG: 4
LASTHOG At: 12:09:28 BRST Mar 6 2015
PC: 0x08c483c5 (suspend)
Process: ssh, NUMHOG: 4, MAXHOG: 4, LASTHOG: 4
LASTHOG At: 12:09:28 BRST Mar 6 2015
PC: 0x08c483c5 (suspend)
Call stack: 0x08c483c5 0x0987be58 0x08d0c1da 0x08d0db01 0x08d0de00 0x08d0e3c1 0x08d7ad2f
0x080eca36 0x080ed2ca 0x080efbf7 0x080f0a1c 0x0806922c
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 21, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 17:56:17 BRST Mar 13 2015
PC: 0x08c6f370 (suspend)
Process: Unicorn Admin Handler, NUMHOG: 21, MAXHOG: 4, LASTHOG: 3
LASTHOG At: 17:56:17 BRST Mar 13 2015
PC: 0x08c6f370 (suspend)
Call stack: 0x08c6f370 0x0854b3cb 0x0854b65c 0x0854b94e 0x08551b6b 0x0806922c
Process: rtcli async executor process, NUMHOG: 26, MAXHOG: 33, LASTHOG: 23
LASTHOG At: 16:45:40 BRST Mar 14 2015
PC: 0x0914eb33 (suspend)
Call stack: 0x0806b131 0x0914eb33 0x0916193d 0x091632dc 0x09283fda 0x092841b4 0x09267c79
0x0927955d 0x09268a40 0x09294223 0x09267c79 0x0927955d 0x09268a40 0x0925fef1
Process: rtcli async executor process, NUMHOG: 21, MAXHOG: 47, LASTHOG: 47
LASTHOG At: 16:45:40 BRST Mar 14 2015
PC: 0x0914eb33 (suspend)
Call stack: 0x0806b131 0x0914eb33 0x0916bee2 0x0928e878 0x09267c79 0x0927955d 0x09268a40
0x09294223 0x09267c79 0x0927955d 0x09268a40 0x0925fef1 0x09266f6b 0x0926716f
Process: rtcli async executor process, PROC_PC_TOTAL: 194, MAXHOG: 64, LASTHOG: 2
LASTHOG At: 16:45:41 BRST Mar 14 2015
PC: 0x0914eb33 (suspend)
Process: Dispatch Unit, PROC_PC_TOTAL: 1897, MAXHOG: 132, LASTHOG: 4
LASTHOG At: 17:53:41 BRST Mar 14 2015
PC: 0x0827e9aa (suspend)
Process: Dispatch Unit, NUMHOG: 342, MAXHOG: 132, LASTHOG: 4
LASTHOG At: 17:53:41 BRST Mar 14 2015
PC: 0x0827e9aa (suspend)
Call stack: 0x0827e9aa 0x0806922c
Process: Dispatch Unit, PROC_PC_TOTAL: 365, MAXHOG: 47, LASTHOG: 2
LASTHOG At: 11:50:13 BRST Mar 16 2015
PC: 0x0827e8d2 (suspend)
Process: Dispatch Unit, NUMHOG: 167, MAXHOG: 47, LASTHOG: 2
LASTHOG At: 11:50:13 BRST Mar 16 2015
PC: 0x0827e8d2 (suspend)
Call stack: 0x0827e8d2 0x0806922c
Process: Unicorn Admin Handler, NUMHOG: 10133, MAXHOG: 3, LASTHOG: 2
LASTHOG At: 16:54:52 BRST Mar 16 2015
PC: 0x0806b172 (suspend)
Call stack: 0x0806b172 0x08ceb515 0x08d0dd9c 0x08d7b03a 0x080eca36 0x080ed2ca 0x080ed986
0x080edb49 0xdd708c1c 0xdd7091b5 0xdd709b07 0xdd70ad5c 0xdd70338d 0xdd70447a
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 10576, MAXHOG: 7, LASTHOG: 5
LASTHOG At: 16:54:52 BRST Mar 16 2015
PC: 0x080edd45 (suspend)
Process: Unicorn Admin Handler, NUMHOG: 10576, MAXHOG: 7, LASTHOG: 5
LASTHOG At: 16:54:52 BRST Mar 16 2015
PC: 0x080edd45 (suspend)
Call stack: 0x080edd45 0xdd708c1c 0xdd7091b5 0xdd709b07 0xdd70ad5c 0xdd70338d 0xdd70447a
0x080eb802 0x0855112a 0x08549d77 0x0854ba51 0x08551b6b 0x0806922c
Process: rtcli async executor process, PROC_PC_TOTAL: 84, MAXHOG: 16, LASTHOG: 3
LASTHOG At: 18:15:54 BRST Mar 16 2015
PC: 0x0914e19b (suspend)
Process: rtcli async executor process, NUMHOG: 84, MAXHOG: 16, LASTHOG: 3
LASTHOG At: 18:15:54 BRST Mar 16 2015
PC: 0x0914e19b (suspend)
Call stack: 0x0806b131 0x0914e19b 0x091503dd 0x09150495 0x788bee80
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 10179, MAXHOG: 25, LASTHOG: 3
LASTHOG At: 10:03:24 BRST Mar 17 2015
PC: 0x0806b172 (suspend)
Process: ssh_init, NUMHOG: 33, MAXHOG: 3, LASTHOG: 3
LASTHOG At: 10:03:24 BRST Mar 17 2015
PC: 0x0806b172 (suspend)
Call stack: 0x0806b172 0x0818545b 0x097c048b 0x097c452a 0x097b67ce 0x097b69f7 0x097db4cf
0x097ea517 0x097defba 0x0817df40 0x0814bc8a 0x090bfefb 0x090bccfb 0x090bc01f
CPU hog threshold (msec): 2.560
Last cleared: None
------------------ show process ------------------
PC SP STATE Runtime SBASE Stack Process
Lwe 0x080596a4 0x726ea17c 0x0ad37aa8 0 0x726e6290 15760/16384 block_diag
Mrd 0x0827e9aa 0x7271d7ec 0x0ad38468 2377167625 0x726fd980 119588/131072 Dispatch Unit
Mwe 0x090b527d 0x7284c51c 0x0ad37bd0 8 0x72848670 13616/16384 ssh/timer
Msi 0x08854a74 0x7273e204 0x0ad37bd0 5042 0x7273a2f8 15688/16384 WebVPN KCD Process
Mwe 0x084c6b6d 0x7274532c 0x0ad37bd0 0 0x727414e0 15680/16384 CF OIR
Mwe 0x08eafaec 0x72749544 0x0abda120 0 0x72745678 16072/16384 lina_int
Mwe 0x0807209d 0x72834bb4 0x0ad37bd0 0 0x7282ccf8 32192/32768 Reload Control Thread
Mwe 0x08086369 0x7283fb64 0x0ad3918c 861 0x7283bfc8 12328/16384 aaa
Mwe 0x0916ad6d 0x7387d644 0x0ad37bd0 4 0x72840160 15056/16384 UserFromCert Thread
Mwe 0x0916ad6d 0x73833204 0x0ad37bd0 2 0x72844338 14528/16384 aaa_shim_thread
Mwe 0x080bae3c 0x72854f84 0x0ad3a234 0 0x7284d0a8 32144/32768 CMGR Server Process
Mwe 0x080bd4ad 0x728590ec 0x0ad37bd0 0 0x72855240 15416/16384 CMGR Timer Process
Mwe 0x0816d455 0x72875c14 0x0ad37bd0 0 0x72871d68 15832/16384 CTM Daemon
Mwe 0x081df2c5 0x7287c304 0x0ad37bd0 0 0x72878478 15624/16384 SXP CORE
Mwe 0x081d7041 0x728855fc 0x0ad37bd0 0 0x72881760 15488/16384 RBM CORE
Mwe 0x081cde3c 0x7289e484 0x0ad45288 0 0x72896708 31704/32768 cts_task
Mwe 0x081cf2ed 0x728a275c 0x0ad37bd0 0 0x7289e8a0 15672/16384 cts_timer_task
Lwe 0x0827c804 0x728b3204 0x0ad4a9c0 0 0x728af318 15632/16384 dbgtrace
Msi 0x0856b194 0x728c39d4 0x0ad37bd0 17632 0x728bfac8 15688/16384 557mcfix
Msi 0x0856b126 0x728c7b7c 0x0ad37bd0 2 0x728c3c60 15672/16384 557statspoll
Mwe 0x0859389d 0x728d6634 0x0ad37bd0 0 0x728ce798 31680/32768 idfw_proc
Mwe 0x0859f56b 0x728de7dc 0x0ad37bd0 0 0x728d6930 32216/32768 idfw_service
Mwe 0x085ab0e5 0x728e2934 0x0ad37bd0 0 0x728deac8 15524/16384 idfw_adagent
Mwe 0x0820b305 0x728f8254 0x0ad37bd0 0 0x728f4398 15656/16384 cluster interface health monitor
Mwe 0x0916ad6d 0x73266574 0x0ad37bd0 0 0x72942250 15280/16384 netfs_thread_init
Mwe 0x098099d5 0x7295a8bc 0x0ad37bd0 0 0x72956a40 15848/16384 Chunk Manager
Msi 0x08cadf8e 0x72f4ce4c 0x0ad37bd0 30619 0x72f48f60 14592/16384 PIX Garbage Collector
Mwe 0x08c89f2a 0x72f7da2c 0x0abc49c4 0 0x72f79b40 16104/16384 IP Address Assign
Mwe 0x08f10fda 0x73117e74 0x0ac41198 0 0x73113f88 16104/16384 QoS Support Module
Mwe 0x08d3941a 0x7311c04c 0x0abc5928 0 0x73118160 16104/16384 Client Update Task
Lwe 0x0987e775 0x73120d0c 0x0ad37bd0 1226208 0x7311ce60 14432/16384 Checkheaps
Mwe 0x08f1651d 0x731368dc 0x0ad37bd0 0 0x7312ea70 31776/32768 Quack process
Mwe 0x08f9817d 0x7313ea94 0x0ad37bd0 3476 0x73136c08 30804/32768 Session Manager
Mwe 0x090fb11d 0x7314ad84 0x7853a720 5 0x73146f38 15464/16384 uauth
Mwe 0x09084331 0x7314efbc 0x0ac54b10 0 0x7314b0d0 15632/16384 Uauth_Proxy
Msp 0x090c92bf 0x7315b4b4 0x0ad37bd0 4015 0x73157598 15704/16384 SSL
Mwe 0x090f8e14 0x7315f5fc 0x0ac5cdd4 0 0x7315b730 15708/16384 SMTP
Mwe 0x090f312c 0x73163754 0x0ac5c0f8 1965277 0x7315f8c8 13144/16384 Logger
Mwe 0x090f173d 0x731678dc 0x0ad37bd0 0 0x73163a60 15784/16384 Syslog Retry Thread
Mwe 0x090ec9e5 0x7316baa4 0x0ad37bd0 0 0x73167bf8 15600/16384 Thread Logger
Mwe 0x090f6b37 0x73190b3c 0x0ac5c7a0 0 0x7318cc50 15592/16384 syslogd
Mwe 0x0937cdc2 0x731ad644 0x0ac96428 0 0x731a9778 15328/16384 vpnlb_thread
Mwe 0x094526cc 0x731bdc74 0x0ac9b7c8 0 0x731b9dd8 16024/16384 pci_nt_bridge
Mwe 0x0945a89d 0x731c1dac 0x0ad37bd0 1531 0x731bdf70 15200/16384 scansafe_poll
M* 0x090b0155 0x68b3ff2c 0x0ad38468 1421 0x7c683858 12316/32768 ssh
Mwe 0x08366895 0x7324ce5c 0x0ad37bd0 0 0x73248fd0 15864/16384 TLS Proxy Inspector
Msi 0x08fb69cc 0x732ca4bc 0x0ad37bd0 30320 0x732c65b0 15688/16384 emweb/cifs_timer
Mwe 0x08962fb4 0x7331f1bc 0x0a65c824 0 0x7331b2e0 15712/16384 netfs_mount_handler
Msi 0x0878bcf8 0x728bf81c 0x0ad37bd0 70400 0x728bb930 15456/16384 arp_timer
Mwe 0x0879676e 0x728eac94 0x0ad85710 0 0x728e6df8 16024/16384 arp_forward_thread
Mwe 0x08855766 0x7292d6d4 0x0ad8e440 818 0x72929808 11712/16384 Lic TMR
Mwe 0x08855515 0x7312e7b4 0x0a658980 1897 0x7312a8d8 15800/16384 Lic HA Cluster
Mwe 0x090ff5e7 0x72956784 0x0ac5d840 0 0x729528a8 15672/16384 tcp_fast
Mwe 0x09108028 0x72939c54 0x0ac5d840 0 0x72935d88 15656/16384 tcp_slow
Mwe 0x09146474 0x7286144c 0x0ac657d0 0 0x7285d570 15672/16384 udp_timer
Mwe 0x0812d75d 0x728cbca4 0x0ad37bd0 0 0x728c7df8 15832/16384 CTCP Timer process
Mwe 0x09317075 0x7294a32c 0x0ad37bd0 0 0x72946490 15816/16384 L2TP data daemon
Mwe 0x093198e5 0x7294e35c 0x0ad37bd0 0 0x7294a4c0 15816/16384 L2TP mgmt daemon
Mwe 0x09305f2e 0x751baefc 0x0ac8af2c 4128 0x751b7050 16040/16384 ppp_timer_thread
Msi 0x0937d12d 0x751bef5c 0x0ad37bd0 15567 0x751bb080 15640/16384 vpnlb_timer_thread
Mwe 0x0815acba 0x755b98ac 0x731a0778 530 0x755b5a20 8928/16384 IPsec message handler
Msi 0x081735b4 0x755bd89c 0x0ad37bd0 449428 0x755b9a50 14568/16384 CTM message handler
Mwe 0x08264cc0 0x755ebb74 0x0a5d67c0 39521 0x755cbe18 119268/131072 tmatch compile thread
Mwe 0x08f47eed 0x782d3e1c 0x0ad37bd0 0 0x782cff60 15848/16384 ICMP event handler
Mwe 0x092a9f4d 0x782d7fa4 0x0ad37bd0 0 0x782d40f8 15832/16384 Dynamic Filter VC Housekeeper
Mwe 0x08b34422 0x78338e84 0x0ad37bd0 8854 0x78334fd8 14208/16384 IP Background
Mwe 0x08e1c923 0x786704dc 0x0ad37bd0 0 0x7866c630 15832/16384 Crypto CA
Mwe 0x08e5bd58 0x7867450c 0x0ad37bd0 0 0x78670660 15896/16384 CERT API
Mwe 0x08e1b295 0x7867d00c 0x0ad37bd0 0 0x78679140 15928/16384 Crypto PKI RECV
Lsi 0x08cc2589 0x728e6b7c 0x0ad37bd0 401 0x728e2c60 15704/16384 uauth_urlb clean
Lwe 0x08c95dc6 0x72941f0c 0x0ad37bd0 50253 0x7293e090 12408/16384 pm_timer_thread
Mwe 0x0861ab2d 0x73142c4c 0x0ad37bd0 145 0x7313eda0 14116/16384 IKE Common thread
Mwe 0x086532f5 0x73146bfc 0x0ad37bd0 61688 0x73142dd0 15480/16384 IKE Timekeeper
Mwe 0x08641b3b 0x787288c4 0x0a654490 43109 0x78720d08 22244/32768 IKE Daemon
Mwe 0x086f9223 0x72928cc4 0x0ad37bd0 7692 0x72925178 7060/16384 IKEv2 Daemon
Mwe 0x086f8772 0x7872cbe4 0x0ad37bd0 5987 0x78728d38 15624/16384 IKEv2 DPD Client Process
Mwe 0x0909bf14 0x7876f36c 0x0ac5a274 0 0x7876b4a0 16072/16384 RADIUS Proxy Event Daemon
Mwe 0x0905b923 0x78773344 0x787ddd38 31 0x7876f638 14800/16384 RADIUS Proxy Listener
Mwe 0x0909b63d 0x7877767c 0x0ad37bd0 0 0x787737d0 15832/16384 RADIUS Proxy Time Keeper
Mwe 0x0877a6e4 0x7877b774 0x0ad856c8 0 0x78777968 15264/16384 Integrity FW Task
Mrd 0x08370f9a 0x787c0304 0x0ad38468 0 0x787bc448 14552/16384 CP Threat-Detection Processing
Mwe 0x082984ce 0x787feb54 0x09f9b57c 6556 0x787df418 119524/131072 ci/console
Msi 0x08507430 0x7285d2a4 0x0ad37bd0 15200 0x728593d8 13248/16384 fover_thread
Mwe 0x092eae2c 0x788032d4 0x0afe0584 778 0x787ff448 15648/16384 lu_ctl
Msi 0x08cdd5cc 0x78807394 0x0ad37bd0 533625 0x78803478 14004/16384 update_cpu_usage
Msi 0x08cdcea4 0x7880b3b4 0x0ad37bd0 45 0x788074a8 15688/16384 health_check
Mwe 0x090f173d 0x731678dc 0x0ad37bd0 0 0x73163a60 15784/16384 Syslog Retry Thread
Mwe 0x090ec9e5 0x7316baa4 0x0ad37bd0 0 0x73167bf8 15600/16384 Thread Logger
Mwe 0x090f6b37 0x73190b3c 0x0ac5c7a0 0 0x7318cc50 15592/16384 syslogd
Mwe 0x0937cdc2 0x731ad644 0x0ac96428 0 0x731a9778 15328/16384 vpnlb_thread
Mwe 0x094526cc 0x731bdc74 0x0ac9b7c8 0 0x731b9dd8 16024/16384 pci_nt_bridge
Mwe 0x0945a89d 0x731c1dac 0x0ad37bd0 1531 0x731bdf70 15200/16384 scansafe_poll
M* 0x090b0155 0x68b3ff2c 0x0ad38468 1421 0x7c683858 12316/32768 ssh
Mwe 0x08366895 0x7324ce5c 0x0ad37bd0 0 0x73248fd0 15864/16384 TLS Proxy Inspector
Msi 0x08fb69cc 0x732ca4bc 0x0ad37bd0 30320 0x732c65b0 15688/16384 emweb/cifs_timer
Mwe 0x08962fb4 0x7331f1bc 0x0a65c824 0 0x7331b2e0 15712/16384 netfs_mount_handler
Msi 0x0878bcf8 0x728bf81c 0x0ad37bd0 70400 0x728bb930 15456/16384 arp_timer
Mwe 0x0879676e 0x728eac94 0x0ad85710 0 0x728e6df8 16024/16384 arp_forward_thread
Mwe 0x08855766 0x7292d6d4 0x0ad8e440 818 0x72929808 11712/16384 Lic TMR
Mwe 0x08855515 0x7312e7b4 0x0a658980 1897 0x7312a8d8 15800/16384 Lic HA Cluster
Mwe 0x090ff5e7 0x72956784 0x0ac5d840 0 0x729528a8 15672/16384 tcp_fast
Mwe 0x09108028 0x72939c54 0x0ac5d840 0 0x72935d88 15656/16384 tcp_slow
Mwe 0x09146474 0x7286144c 0x0ac657d0 0 0x7285d570 15672/16384 udp_timer
Mwe 0x0812d75d 0x728cbca4 0x0ad37bd0 0 0x728c7df8 15832/16384 CTCP Timer process
Mwe 0x09317075 0x7294a32c 0x0ad37bd0 0 0x72946490 15816/16384 L2TP data daemon
Mwe 0x093198e5 0x7294e35c 0x0ad37bd0 0 0x7294a4c0 15816/16384 L2TP mgmt daemon
Mwe 0x09305f2e 0x751baefc 0x0ac8af2c 4128 0x751b7050 16040/16384 ppp_timer_thread
Msi 0x0937d12d 0x751bef5c 0x0ad37bd0 15567 0x751bb080 15640/16384 vpnlb_timer_thread
Mwe 0x0815acba 0x755b98ac 0x731a0778 530 0x755b5a20 8928/16384 IPsec message handler
Msi 0x081735b4 0x755bd89c 0x0ad37bd0 449428 0x755b9a50 14568/16384 CTM message handler
Mwe 0x08264cc0 0x755ebb74 0x0a5d67c0 39521 0x755cbe18 119268/131072 tmatch compile thread
Mwe 0x08f47eed 0x782d3e1c 0x0ad37bd0 0 0x782cff60 15848/16384 ICMP event handler
Mwe 0x092a9f4d 0x782d7fa4 0x0ad37bd0 0 0x782d40f8 15832/16384 Dynamic Filter VC Housekeeper
Mwe 0x08b34422 0x78338e84 0x0ad37bd0 8854 0x78334fd8 14208/16384 IP Background
Mwe 0x08e1c923 0x786704dc 0x0ad37bd0 0 0x7866c630 15832/16384 Crypto CA
Mwe 0x08e5bd58 0x7867450c 0x0ad37bd0 0 0x78670660 15896/16384 CERT API
Mwe 0x08e1b295 0x7867d00c 0x0ad37bd0 0 0x78679140 15928/16384 Crypto PKI RECV
Lsi 0x08cc2589 0x728e6b7c 0x0ad37bd0 401 0x728e2c60 15704/16384 uauth_urlb clean
Lwe 0x08c95dc6 0x72941f0c 0x0ad37bd0 50253 0x7293e090 12408/16384 pm_timer_thread
Mwe 0x0861ab2d 0x73142c4c 0x0ad37bd0 145 0x7313eda0 14116/16384 IKE Common thread
Mwe 0x086532f5 0x73146bfc 0x0ad37bd0 61688 0x73142dd0 15480/16384 IKE Timekeeper
Mwe 0x08641b3b 0x787288c4 0x0a654490 43109 0x78720d08 22244/32768 IKE Daemon
Mwe 0x086f9223 0x72928cc4 0x0ad37bd0 7692 0x72925178 7060/16384 IKEv2 Daemon
Mwe 0x086f8772 0x7872cbe4 0x0ad37bd0 5987 0x78728d38 15624/16384 IKEv2 DPD Client Process
Mwe 0x0909bf14 0x7876f36c 0x0ac5a274 0 0x7876b4a0 16072/16384 RADIUS Proxy Event Daemon
Mwe 0x0905b923 0x78773344 0x787ddd38 31 0x7876f638 14800/16384 RADIUS Proxy Listener
Mwe 0x0909b63d 0x7877767c 0x0ad37bd0 0 0x787737d0 15832/16384 RADIUS Proxy Time Keeper
Mwe 0x0877a6e4 0x7877b774 0x0ad856c8 0 0x78777968 15264/16384 Integrity FW Task
Mrd 0x08370f9a 0x787c0304 0x0ad38468 0 0x787bc448 14552/16384 CP Threat-Detection Processing
Mwe 0x082984ce 0x787feb54 0x09f9b57c 6556 0x787df418 119524/131072 ci/console
Msi 0x08507430 0x7285d2a4 0x0ad37bd0 15200 0x728593d8 13248/16384 fover_thread
Mwe 0x092eae2c 0x788032d4 0x0afe0584 778 0x787ff448 15648/16384 lu_ctl
Msi 0x08cdd5cc 0x78807394 0x0ad37bd0 533625 0x78803478 14004/16384 update_cpu_usage
Msi 0x08cdcea4 0x7880b3b4 0x0ad37bd0 45 0x788074a8 15688/16384 health_check
Mwe 0x091198f5 0x7880f314 0x0ad37bd0 5028 0x7880b4d8 14408/16384 npshim_thread
Msi 0x08cdd664 0x7881b324 0x0ad37bd0 0 0x78817538 12616/16384 NIC status poll
Mwe 0x0850171c 0x73126434 0x0ad79f80 0 0x731225a8 16008/16384 fover_rx
Mwe 0x085032b6 0x7882b434 0x0ad7a27c 0 0x788275f8 15928/16384 fover_tx
Mwe 0x085032b6 0x7882f464 0x0ad7a284 0 0x7882b628 15928/16384 fover_tx_2
Mwe 0x084f3c9c 0x78833444 0x0ad85ce8 0 0x7882f658 15816/16384 fover_ip
Mwe 0x0850c704 0x78837354 0x0ad7a298 0 0x78833688 15560/16384 fover_rep
Mwe 0x085015f4 0x7883f264 0x0ad7a2a0 9825 0x788376b8 31652/32768 fover_parse
Mwe 0x084e0aad 0x78843594 0x0ad37bd0 0 0x7883f6e8 15832/16384 fover_fail_check
Mwe 0x084dea50 0x788475b4 0x0ad7a8ec 4412 0x78843718 16024/16384 fover_ifc_test
Mwe 0x084e2936 0x7884b5e4 0x0ad37bd0 0 0x78847748 15816/16384 fover_health_monitoring_thread
Mwe 0x0851d64f 0x788539d4 0x0ad37bd0 0 0x7884fba8 15704/16384 ha_trans_ctl_tx
Mwe 0x0851d64f 0x78879a34 0x0ad37bd0 0 0x78875c08 15704/16384 ha_trans_data_tx
Mwe 0x08513aed 0x78881af4 0x0ad37bd0 0 0x78879c38 30736/32768 fover_FSM_thread
Mwe 0x092eace5 0x78889b54 0x0ad85c88 0 0x78881c68 32456/32768 lu_rx
Lwe 0x092ead34 0x7888db94 0x0afe0528 0 0x78889c98 16120/16384 lu_dynamic_sync
Mwe 0x0916ad6d 0x78931ef4 0x0ad37bd0 3348 0x788b7058 26600/32768 rtcli async executor process
Mwe 0x08fea744 0x78b77944 0x0ac498c8 911 0x78b73a68 8356/16384 SNMP Notify Thread
Mwe 0x08785b0e 0x78c3e6ac 0x0ad85d6c 7412 0x78c367f0 30400/32768 IP Thread
Mwe 0x0878d2de 0x78c42864 0x0ad85700 9940 0x78c3e988 8948/16384 ARP Thread
Mwe 0x0857089e 0x78c46a5c 0x0ad85d28 14347 0x78c42cb0 12856/16384 icmp_thread
Mwe 0x09147041 0x78c4acc4 0x0ad37bd0 183 0x78c46e48 15736/16384 udp_thread
Mwe 0x09102974 0x78c4eb3c 0x0ad85dec 0 0x78c4afe0 15192/16384 tcp_thread
Lwe 0x0828b634 0x78d4c514 0x0ad37bd0 270 0x78d48668 15608/16384 dns_cache_timer
Mwe 0x08287ed9 0x78d505fc 0x0ad37bd0 0 0x78d4c850 15576/16384 dns_process
Mwe 0x0905b923 0x78f73ec4 0x78dd8b60 30 0x78f701c8 15304/16384 EAPoUDP-sock
Mwe 0x082c07dd 0x78f77d74 0x0ad37bd0 0 0x78f741f8 15016/16384 EAPoUDP
Mrd 0x08ba4f45 0x7a121c94 0x0ad38468 56529 0x7a119e08 28784/32768 OSPF Router
Mwe 0x08ba16a1 0x7a114ee4 0x0ad37bd0 32952 0x7a111098 10120/16384 OSPF Hello
Mrd 0x08ba4f45 0x7a1584dc 0x0ad38468 16326 0x7a150650 28460/32768 OSPF Router
Mwe 0x08ba16a1 0x7a14b72c 0x0ad37bd0 32967 0x7a1478e0 10120/16384 OSPF Hello
Mwe 0x082fa14a 0x7a46a59c 0x0ad37bd0 2225 0x7a466b80 10160/16384 emweb/https
Mwe 0x082ef425 0x7a46f54c 0x0ad37bd0 1092 0x7a46b690 15624/16384 Timekeeper
Mwe 0x0916ad6d 0x7a5becf4 0x0ad37bd0 13290 0x7a4eb750 15008/16384 Unicorn Proxy Thread
Mwe 0x09145c99 0x7a9c69f4 0x73aa8138 189 0x7a9c2e68 11704/16384 snmp
Lwe 0x09045d15 0x7a9dbda4 0x0ad37bd0 148238 0x7a9d7ef8 10456/16384 Event mib process
Mwe 0x0905b923 0x7aa38abc 0x7aa3b7c8 233 0x7aa34eb0 14080/16384 IKE Receiver
Mwe 0x08b0afd3 0x7aa6ce1c 0x0ad37bd0 53688 0x7aa68f70 8804/16384 NTP
Mwe 0x09353964 0x7ab1c0f4 0x0ac960b8 0 0x7ab14218 32472/32768 vpnfol_thread_msg
Msi 0x0935c832 0x7ab2018c 0x0ad37bd0 30005 0x7ab1c2a0 15656/16384 vpnfol_thread_timer
Mwe 0x0935a892 0x7ab242b4 0x0ac96100 0 0x7ab20438 15992/16384 vpnfol_thread_sync
Msi 0x0935c5be 0x7ab284bc 0x0ad37bd0 48594 0x7ab245d0 15656/16384 vpnfol_thread_unsent
Lwe 0x08d22c66 0x731a945c 0x0ad37bd0 364 0x731a55e0 15560/16384 vPif_stats_cleaner
Mwe 0x08776c05 0x731a52f4 0x0ad37bd0 0 0x731a1448 15832/16384 Integrity Fw Timer Thread
Msi 0x089632c6 0x78823444 0x0ad37bd0 1621 0x7881f558 15656/16384 netfs_vnode_reclaim
Mwe 0x08c6f370 0x7966de1c 0x78d74e54 1780091 0x7964e5d0 126784/131072 Unicorn Admin Handler
Mwe 0x08ee4a01 0x7b5a82ec 0x0af20048 0 0x7b5a4430 15816/16384 qos_metric_daemon
Mwe 0x08c6f370 0x7bfaeed4 0x78d74e54 73 0x7bf8f688 127524/131072 Unicorn Admin Handler
Mwe 0x08c6e63d 0x7d455244 0x0ad37bd0 52 0x7d435b18 123808/131072 Unicorn Admin Handler
M* 0x090b0155 0x68b3ff2c 0x0ad38468 246 0x7c683858 19536/32768 ssh
Mwe 0x09110128 0x726f8474 0x78ba6ca8 2 0x726f4758 14780/16384 listen/ssh
- - - - 0 - - DATAPATH-0-519
- - - - 2343606155 - - scheduler
- - - - 4733446734 - - total elapsed
------------------ show kernel process ------------------
PID PPID PRI NI VSIZE RSS WCHAN STAT RUNTIME GTIME CGTIME COMMAND
1 0 20 0 2084864 616 3725686580 S 147 0 0 init
2 0 15 - 5 0 0 3725738556 S 0 0 0 kthreadd
3 2 15 - 5 0 0 3725692956 S 0 0 0 ksoftirqd/0
4 2 15 - 5 0 0 3725728656 S 18 0 0 events/0
5 2 15 - 5 0 0 3725728656 S 0 0 0 khelper
50 2 15 - 5 0 0 3725728656 S 0 0 0 kblockd/0
53 2 15 - 5 0 0 3726777703 S 0 0 0 kseriod
112 2 20 0 0 0 3725848262 S 0 0 0 pdflush
113 2 20 0 0 0 3725848262 S 0 0 0 pdflush
114 2 15 - 5 0 0 3725861131 S 18 0 0 kswapd0
115 2 15 - 5 0 0 3725728656 S 0 0 0 aio/0
116 2 15 - 5 0 0 3725728656 S 0 0 0 nfsiod
227 2 15 - 5 0 0 3725728656 S 0 0 0 hid_compat
228 2 15 - 5 0 0 3725728656 S 0 0 0 rpciod/0
253 1 16 - 4 1925120 632 3725997327 S 0 0 0 udevd
298 253 18 - 2 1921024 628 3725997327 S 0 0 0 udevd
299 253 18 - 2 1921024 576 3725997327 S 0 0 0 udevd
484 1 20 0 5206016 1604 4294967295 S 0 0 0 lwsmd
486 484 20 0 16736256 3604 4294967295 S 27 0 0 lwregd
511 1 20 0 2088960 516 3725686580 S 0 0 0 sh
512 511 20 0 10186752 524 4294967295 S 0 0 0 lina_monitor
514 512 0 -20 2006495232 66360 4294967295 S 43885379 0 0 lina
------------------ show kernel cgroup-controller detail ------------------
memory controller:
-----------------
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 66293760 (3%)
memory.max_usage_in_bytes: 69533696 (4%)
memory.failcnt: 0
tasks:
group "normal"
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 77824 (0%)
memory.max_usage_in_bytes: 700416 (0%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
1 630784 init
2 0 kthreadd
3 0 ksoftirqd/0
4 0 events/0
5 0 khelper
50 0 kblockd/0
53 0 kseriod
112 0 pdflush
113 0 pdflush
114 0 kswapd0
115 0 aio/0
116 0 nfsiod
227 0 hid_compat
228 0 rpciod/0
253 647168 udevd
298 643072 udevd
299 589824 udevd
511 528384 sh
group "privileged"
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 37744640 (2%)
memory.max_usage_in_bytes: 37904384 (2%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
512 536576 lina_monitor
513 0 lina_monitor
514 67960832 lina
515 0 lina
516 0 lina
517 0 lina
518 0 lina
519 0 lina
group "restricted"
memory.limit_in_bytes: 23068672 (1%)
memory.usage_in_bytes: 1732608 (0%)
memory.max_usage_in_bytes: 1908736 (0%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
484 1642496 lwsmd
485 0 lwsmd
486 3690496 lwregd
488 0 lwregd
489 0 lwregd
490 0 lwregd
491 0 lwregd
492 0 lwregd
493 0 lwsmd
494 0 lwsmd
495 0 lwsmd
496 0 lwsmd
497 0 lwsmd
cpu controller:
---------------
cpu.shares: 1024
cpuacct.usage: 4733634160020619
tasks:
group "normal"
cpu.shares: 4106
cpuacct.usage: 123519023779 (0%)
tasks:
PID RSS COMMAND
1 630784 init
2 0 kthreadd
3 0 ksoftirqd/0
4 0 events/0
5 0 khelper
50 0 kblockd/0
53 0 kseriod
112 0 pdflush
113 0 pdflush
114 0 kswapd0
115 0 aio/0
116 0 nfsiod
227 0 hid_compat
228 0 rpciod/0
253 647168 udevd
298 643072 udevd
299 589824 udevd
511 528384 sh
512 536576 lina_monitor
513 0 lina_monitor
514 67960832 lina
515 0 lina
516 0 lina
517 0 lina
518 0 lina
group "privileged"
cpu.shares: 65696
cpuacct.usage: 4733508481648152 (100%)
tasks:
PID RSS COMMAND
519 0 lina
group "restricted"
cpu.shares: 1024
cpuacct.usage: 325596589 (0%)
tasks:
PID RSS COMMAND
484 1642496 lwsmd
485 0 lwsmd
486 3690496 lwregd
488 0 lwregd
489 0 lwregd
490 0 lwregd
491 0 lwregd
492 0 lwregd
493 0 lwsmd
494 0 lwsmd
495 0 lwsmd
496 0 lwsmd
497 0 lwsmd
------------------ show failover ------------------
Failover On
Failover unit Secondary
Failover LAN Interface: not Configured
Unit Poll frequency 300 milliseconds, holdtime 900 milliseconds
Interface Poll frequency 1 seconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 3 of 210 maximum
Version: Ours 9.1(1), Mate Unknown
Last Failover at: 16:15:31 BRDT Jan 21 2015
This host: Secondary - Disabled
Active time: 0 (sec)
slot 0: ASA5540 hw/sw rev (2.0/9.1(1)) status (Up Sys)
Interface MPLS_INTELIG (172.19.235.113): Normal (Not-Monitored)
Interface MPLS_EBT (172.19.235.97): Normal (Not-Monitored)
Interface DMZ (10.209.12.129): Normal (Not-Monitored)
Interface SONICWALL (10.209.8.253): Unknown (Waiting)
Interface TESA (200.236.223.138): Link Down (Not-Monitored)
Interface LEVEL3 (0.0.0.0): Normal (Not-Monitored)
Interface maneger (192.168.1.1): No Link (Waiting)
Interface inside (10.209.14.1): Unknown (Waiting)
slot 1: empty
Other host: Primary - Not Detected
Active time: 0 (sec)
Interface MPLS_INTELIG (0.0.0.0): Unknown (Not-Monitored)
Interface MPLS_EBT (0.0.0.0): Unknown (Not-Monitored)
Interface DMZ (0.0.0.0): Unknown (Not-Monitored)
Interface SONICWALL (0.0.0.0): Unknown (Waiting)
Interface TESA (0.0.0.0): Unknown (Not-Monitored)
Interface LEVEL3 (0.0.0.0): Unknown (Not-Monitored)
Interface maneger (0.0.0.0): Unknown (Waiting)
Interface inside (0.0.0.0): Unknown (Waiting)
Stateful Failover Logical Update Statistics
Link : Unconfigured.
------------------ show failover history ------------------
==========================================================================
From State To State Reason
==========================================================================
16:15:36 BRDT Jan 21 2015
Not Detected Disabled LAN Interface become un-configured
==========================================================================
------------------ show cluster info ------------------
Clustering is not configured
------------------ show cluster history ------------------
==========================================================================
From State To State Reason
==========================================================================
16:29:18 BRDT Jan 21 2015
DISABLED DISABLED Disabled at startup
==========================================================================
------------------ show traffic ------------------
MPLS_INTELIG:
received (in 438703.654 secs):
2165089 packets 206636228 bytes
4 pkts/sec 1 bytes/sec
transmitted (in 438703.654 secs):
1449289 packets 105796401 bytes
3 pkts/sec 6 bytes/sec
1 minute input rate 0 pkts/sec, 351 bytes/sec
1 minute output rate 0 pkts/sec, 41 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 25 bytes/sec
5 minute output rate 0 pkts/sec, 15 bytes/sec
5 minute drop rate, 0 pkts/sec
MPLS_EBT:
received (in 438704.394 secs):
5236217412 packets 4802618853825 bytes
11005 pkts/sec 10947003 bytes/sec
transmitted (in 438704.394 secs):
4628995660 packets 3377930036953 bytes
10003 pkts/sec 7699002 bytes/sec
1 minute input rate 1535 pkts/sec, 274738 bytes/sec
1 minute output rate 3181 pkts/sec, 3923233 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1644 pkts/sec, 276497 bytes/sec
5 minute output rate 3047 pkts/sec, 3665386 bytes/sec
5 minute drop rate, 0 pkts/sec
DMZ:
received (in 438704.404 secs):
317313 packets 20410538 bytes
0 pkts/sec 7 bytes/sec
transmitted (in 438704.404 secs):
169332 packets 14922486 bytes
0 pkts/sec 4 bytes/sec
1 minute input rate 0 pkts/sec, 1 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 1 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
SONICWALL:
received (in 438717.154 secs):
518822723952 packets 37783567521529 bytes
1182003 pkts/sec 86122008 bytes/sec
transmitted (in 438717.154 secs):
518155623206 packets 36167095671058 bytes
1181001 pkts/sec 82438004 bytes/sec
1 minute input rate 108847 pkts/sec, 8510133 bytes/sec
1 minute output rate 108554 pkts/sec, 7659709 bytes/sec
1 minute drop rate, 4 pkts/sec
5 minute input rate 111301 pkts/sec, 8970828 bytes/sec
5 minute output rate 110865 pkts/sec, 7796599 bytes/sec
5 minute drop rate, 7 pkts/sec
TESA:
received (in 438717.154 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 438717.154 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
LEVEL3:
received (in 438718.024 secs):
2 packets 80 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 438718.024 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
maneger:
received (in 438718.034 secs):
1806454 packets 73946447 bytes
4 pkts/sec 2 bytes/sec
transmitted (in 438718.034 secs):
3551182 packets 752536803 bytes
8 pkts/sec 1000 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
inside:
received (in 438756.644 secs):
2822142192 packets 1499184929194 bytes
6001 pkts/sec 3416003 bytes/sec
transmitted (in 438756.644 secs):
4196195152 packets 4596621614460 bytes
9005 pkts/sec 10476001 bytes/sec
1 minute input rate 2106 pkts/sec, 2732493 bytes/sec
1 minute output rate 921 pkts/sec, 166989 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1881 pkts/sec, 2403697 bytes/sec
5 minute output rate 850 pkts/sec, 138655 bytes/sec
5 minute drop rate, 0 pkts/sec
----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
received (in 438758.084 secs):
2822145910 packets 1552997841313 bytes
6001 pkts/sec 3539002 bytes/sec
transmitted (in 438758.084 secs):
4196196745 packets 4675520604566 bytes
9005 pkts/sec 10656006 bytes/sec
1 minute input rate 2106 pkts/sec, 2770996 bytes/sec
1 minute output rate 921 pkts/sec, 187284 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1881 pkts/sec, 2438151 bytes/sec
5 minute output rate 850 pkts/sec, 157210 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
received (in 438758.084 secs):
5238807761 packets 4922365785551 bytes
11000 pkts/sec 11218008 bytes/sec
transmitted (in 438758.084 secs):
4630604354 packets 3480725976075 bytes
10005 pkts/sec 7933005 bytes/sec
1 minute input rate 1589 pkts/sec, 354753 bytes/sec
1 minute output rate 3183 pkts/sec, 3858158 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1600 pkts/sec, 335551 bytes/sec
5 minute output rate 3045 pkts/sec, 3602619 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
received (in 438786.954 secs):
317306 packets 27391618 bytes
0 pkts/sec 3 bytes/sec
transmitted (in 438786.954 secs):
169332 packets 18652656 bytes
0 pkts/sec 3 bytes/sec
1 minute input rate 0 pkts/sec, 2 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 2 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
received (in 438786.964 secs):
518830261852 packets 47125107753119 bytes
1182008 pkts/sec 107398007 bytes/sec
transmitted (in 438786.964 secs):
518163142603 packets 45498840685567 bytes
1180008 pkts/sec 103692002 bytes/sec
1 minute input rate 109539 pkts/sec, 10503492 bytes/sec
1 minute output rate 109229 pkts/sec, 9698555 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 109623 pkts/sec, 10560042 bytes/sec
5 minute output rate 109310 pkts/sec, 9678077 bytes/sec
5 minute drop rate, 0 pkts/sec
Management0/0:
received (in 438787.894 secs):
1806351 packets 109882357 bytes
4 pkts/sec 5 bytes/sec
transmitted (in 438787.894 secs):
3550911 packets 802363574 bytes
8 pkts/sec 1006 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
------------------ show perfmon ------------------
PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 53/s 0/s
TCP Conns 39/s 0/s
UDP Conns 13/s 0/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
TCP Intercept Established Conns 0/s 0/s
TCP Intercept Attempts 0/s 0/s
TCP Embryonic Conns Timeout 0/s 0/s
HTTP Fixup 0/s 0/s
FTP Fixup 0/s 0/s
AAA Authen 0/s 0/s
AAA Author 0/s 0/s
AAA Account 0/s 0/s
VALID CONNS RATE in TCP INTERCEPT: Current Average
N/A 100.00%
------------------ show counters ------------------
Protocol Counter Value Context
IP IN_PKTS 607016 Summary
IP OUT_PKTS 1408461 Summary
IP OUT_DROP_DWN 1046 Summary
IP TO_ARP 167330 Summary
IP TO_UDP 64119 Summary
IP TO_ICMP 375567 Summary
UDP IN_PKTS 64119 Summary
UDP OUT_PKTS 67630 Summary
ICMP IN_PKTS 375567 Summary
ICMP OUT_PKTS 374466 Summary
ICMP DROP_IGNORE 1 Summary
ICMP PORT_UNREACH 9 Summary
SSLERR BAD_PROTOCOL_VERSION_NUMBER 5 Summary
SSLERR BAD_SIGNATURE 2 Summary
SSLALERT RX_CLOSE_NOTIFY 103 Summary
SSLALERT RX_WARNING_ALERT 103 Summary
SSLALERT TX_CLOSE_NOTIFY 14961 Summary
SSLALERT TX_WARNING_ALERT 14961 Summary
SSLDEV NEW_CTX 1 Summary
SSL_NP OPEN_CONN 9 Summary
SSL_NP DTLS_OPEN_CONN 5 Summary
SSL_NP HANDSHAKE_START 15103 Summary
SSL_NP HANDSHAKE_DONE 15103 Summary
SSL_NP DOWNSTREAM_CLOSE 17681 Summary
SSL_NP DOWNSTREAM_CLOSE_NEXT 15106 Summary
SSL_NP UPSTREAM_CLOSE 15206 Summary
SSL_NP UPSTREAM_CLOSE_NEXT 15106 Summary
SSL_NP FREE_CONN 15106 Summary
SSL_NP NEW_CONN_SERVER 15103 Summary
SSL_NP IN_PKTS_RX 87404 Summary
SSL_NP IN_PKTS_TX 26890 Summary
SSL_NP OUT_PKTS_RX 209326555 Summary
SSL_NP OUT_PKTS_TX 209371722 Summary
SSL_NP SESSIONS_CLEARED 15009 Summary
TM_NP LISTEN_FAIL 2 Summary
EmWeb IN_PKTS 33 Summary
EmWeb OUT_PKTS 138 Summary
NPSHIM CTX_ALLOC 15085 Summary
NPSHIM CTX_FREE 15077 Summary
NPSHIM WRITE_UNBLOCKED 407658 Summary
NPSHIM PUT_REQUEST 234 Summary
NPSHIM PUT_XMT 234 Summary
NPSHIM READ_RECV 15125 Summary
VPIF BAD_VALUE 161271 Summary
VPIF NOT_FOUND 70681962 Summary
IPSEC IN_SA_CREATED 992 Summary
IPSEC OUT_SA_CREATED 992 Summary
IPSEC IN_SA_ACTIVATED 418 Summary
IPSEC SA_DELETION_RETRY 21 Summary
IPSEC INVALID_PFKEY_PARAMETERS 209 Summary
SSLENC CONTEXT_CREATED 15103 Summary
SSLENC CONTEXT_UPDATED 15103 Summary
SSLENC CONTEXT_DESTROYED 15100 Summary
------------------ show service-policy ------------------
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 2947494860, drop 164160, reset-drop 0, v6-fail-close 0
message-length maximum client auto, drop 0
message-length maximum 512, drop 0
dns-guard, count 14607583
protocol-enforcement, drop 0
nat-rewrite, count 1083
Inspect: ftp, packet 798700, drop 6, reset-drop 0, v6-fail-close 0
Cmd not port drop 6
Inspect: h323 h225 _default_h323_map, packet 142544, drop 0, reset-drop 32, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 1664
h245-tunnel-block drops 0 connection
Inspect: h323 ras _default_h323_map, packet 8, drop 1, reset-drop 0, v6-fail-close 0
h245-tunnel-block drops 0 connection
Inspect: rsh, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: rtsp, packet 917, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: esmtp _default_esmtp_map, packet 21256773, drop 0, reset-drop 0, v6-fail-close 0
mask-banner, count 47283
match cmd line length gt 512
drop-connection log, packet 0
match cmd RCPT count gt 100
drop-connection log, packet 0
match body line length gt 998
log, packet 72
match header line length gt 998
drop-connection log, packet 0
match sender-address length gt 320
drop-connection log, packet 0
match MIME filename length gt 255
drop-connection log, packet 0
match ehlo-reply-parameter others
mask, packet 131647
Inspect: sqlnet, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: skinny , packet 6, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: sunrpc, packet 156, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: xdmcp, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: sip , packet 175, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: netbios, packet 2630082453, drop 0, reset-drop 0, v6-fail-close 0
Inspect: tftp, packet 6600, drop 0, reset-drop 0, v6-fail-close 0
Inspect: ip-options _default_ip_options_map, packet 0, drop 0, reset-drop 0, v6-fail-close 0
Router Alert: allow 0, clear 0
Inspect: icmp, packet 27211931, drop 1154, reset-drop 0, v6-fail-close 0
Inspect: pptp, packet 37028, drop 0, reset-drop 0, v6-fail-close 0
Inspect: icmp error, packet 78741141, drop 11820, reset-drop 0, v6-fail-close 0
Inspect: snmp, packet 8869400, drop 0, reset-drop 0, v6-fail-close 0
------------------ show mode ------------------
Security context mode: single
------------------ show history ------------------
enable
------------------ show firewall ------------------
Firewall mode: Router
------------------ show running-config ------------------
: Saved
:
ASA Version 9.1(1)
!
hostname ASA-INDRA
enable password <removed>
passwd <removed>
names
ip local pool INSIDE_INDRA 10.209.14.10-10.209.14.15 mask 255.255.255.128
ip local pool DESENVOLVEDORES 10.209.14.17-10.209.14.20 mask 255.255.255.128
ip local pool VPNCOC 10.209.14.129-10.209.14.134 mask 255.255.255.248
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 10.209.14.1 255.255.255.128
ospf cost 10
ospf authentication null
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.10
vlan 10
nameif MPLS_INTELIG
security-level 60
ip address 172.19.235.113 255.255.255.248
ospf cost 10
ospf authentication null
!
interface GigabitEthernet0/1.20
vlan 20
nameif MPLS_EBT
security-level 60
ip address 172.19.235.97 255.255.255.248
ospf cost 10
ospf authentication null
!
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2.70
description CONEXAO DMZ
vlan 70
nameif DMZ
security-level 50
ip address 10.209.12.129 255.255.255.128
ospf authentication null
!
interface GigabitEthernet0/3
nameif SONICWALL
security-level 0
ip address 10.209.8.253 255.255.255.252
!
interface GigabitEthernet0/3.110
description LINK INTERNET TESA
shutdown
vlan 110
nameif TESA
security-level 0
ip address 200.236.223.138 255.255.255.252
ospf network point-to-point non-broadcast
ospf authentication null
<--- More --->
WARNING: Failover enabled but the failover interface configuration is incomplete
Failover will not take effect until the interface is fully configured
interface GigabitEthernet0/3.120
description LINK INTERNET LEVEL 3
vlan 120
nameif LEVEL3
security-level 0
no ip address
ospf cost 10
ospf network point-to-point non-broadcast
ospf authentication null
!
interface Management0/0
description LAN/STATE Failover Interface
management-only
nameif maneger
security-level 0
ip address 192.168.1.1 255.255.255.0
!
banner login ||========================================||
banner login SOMENTE USUARIOS AUTORIZADOS
banner login AUTHORIZED USERS ONLY
banner login OS ACESSOS SERAO MONITORADOS
banner login ||========================================||
boot system disk0:/asdm-645.bin
ftp mode passive
clock timezone BRST -3
clock summer-time BRDT recurring 2 Sun Oct 0:00 3 Sun Feb 0:00
dns domain-lookup MPLS_INTELIG
dns domain-lookup MPLS_EBT
dns domain-lookup DMZ
dns domain-lookup SONICWALL
dns domain-lookup LEVEL3
dns domain-lookup maneger
same-security-traffic permit intra-interface
object network SERVIDORES-LEVEL3
subnet 10.209.8.0 255.255.255.128
description Rede Servidores Alphaville - VLAN 10
object network DESKTOP-LEVEL3
subnet 10.209.10.0 255.255.255.0
description Rede Desktop Alphaville - VLAN 40
object network DESKTOP-2
subnet 10.209.11.0 255.255.255.0
description Rede Desktop Alphaville - VLAN 50
object network DESKTOP-3
subnet 10.209.12.0 255.255.255.128
description Rede Desktop Alphaville - VLAN 60
object network IMPRESSORAS
subnet 10.209.8.192 255.255.255.192
description Rede Impressoras Alphaville - VLAN 30
object network GERENCIA
subnet 10.209.9.0 255.255.255.0
description Rede Gerencia Alphaville - VLAN 255
object network WIRELESS-ALPHAVILLE
subnet 10.209.8.128 255.255.255.192
description Rede Wirelless Alphaville - VLAN 20
object network FONES-IP
subnet 10.209.13.0 255.255.255.0
description Rede Fones IP Alphaville - VLAN 100
object network INDRA-DUMAS
subnet 10.209.32.0 255.255.248.0
description Rede Indra Dumas
object network ALGAR-LAN
subnet 10.209.17.0 255.255.255.0
description Rede Servidores Algar
object network ALGAR
subnet 10.209.16.0 255.255.255.248
description Rede WAN Site Algar
object network ALGAR-CAMPINAS
subnet 10.209.18.0 255.255.254.0
description Rede Site Algar Campinas
object network DATAMETRICA-RECIFE
subnet 10.209.24.0 255.255.248.0
description Site Datametrica Itapetininga
object network DATAMETRICA-ITAPETININGA
description Site Datametrica Itapetininga
object network NAT-CEF
host 172.28.6.26
description IP Sada NAT to CEF
object network HSRP-VLAN-FIREWALL
host 10.209.14.3
description Endereco VIP HSRP Switch Core 4507R
object network FIREWALL
subnet 10.209.14.0 255.255.255.240
description Rede Transito Interno Alphaville - VLAN 150
object network CEF
subnet 172.19.240.0 255.255.248.0
description Rede Interna CEF
object network NAT-INTERNET-TESA
host 200.236.223.138
object network DNS_EXTERNO_PRIMARIO
host 10.209.12.140
description DNS EXTERNO - DMZ
object service DNS_EXTERNO_TCP
service tcp destination eq domain
object service DNS_SERVICE_UDP
service udp destination eq domain
object network EXCHANGE
host 10.209.8.15
description Servidor de E-mail
object service HTTPS
service tcp destination eq https
object service SMTP
service tcp destination eq smtp
object service SMTP587
service tcp destination eq 587
object network NAT-CEF-2
host 172.28.6.25
description Ip Sada NAT to CEF 2
object network LAN-ROUTER-MPLS-INTELIG
host 172.19.232.126
description LAN-ROUTER-MPLS-INTELIG
object network DNS
host 172.16.32.162
object network DNS-CEF
host 172.16.32.163
object network FALCON
subnet 172.19.82.0 255.255.255.0
object network CONNECT_DIRECT
host 172.16.32.148
object network MPLS_CAMPINAS_INTERNO
subnet 10.201.0.0 255.255.0.0
description Rede interna campinas fones
object network VOIP_EXTERNO
subnet 10.201.58.0 255.255.255.0
description POSSIBILITAR VOIP_EXTERNO - ALGAR
object service HTTP
service tcp destination eq www
description KASEYA
object network SERVIDOR-NTP-INTERNO
host 10.209.8.23
description SERVIDOR-NTP
object network SERVIDOR_NTP-1-EXTERNO
host 200.160.7.186
description a.st1.ntp.br
object network SERVIDOR_NTP-2-EXTERNO
host 200.186.125.195
description c.st1.ntp.br
object network SERVIDOR_NTP-3-EXTERNO
host 200.20.186.76
description d.st1.ntp.br
object network SERVIDOR_NTP-4-EXTERNO
host 200.160.7.193
description gps.ntp.br
object network SERVIDOR_NTP-5-EXTERNO
host 200.189.40.8
description b.ntp.br
object network SERVIDOR_NTP-6-EXTERNO
host 200.192.232.8
description c.ntp.br
object network SERVIDOR_VPN
host 10.209.8.28
description SERVIDOR_VPN
object service VPN1
service tcp destination eq pptp
object network A_200.236.223.137
host 200.236.223.137
object service L2TP
service tcp destination eq 1701
object network Redmine
host 10.209.8.51
object service HTTP1
service tcp destination eq 8080
description REDMINE PRODU..O
object network SERVER-BATIMENTO
host 10.209.8.52
object service HTTP2
service tcp destination eq 8081
description MANTIS PRODU..O
object service AGENT_KASEYA
service tcp destination eq 5721
object network A_201.90.225.177
host 201.90.225.177
description Link Internet Embratel
object service BO_FALCON
service tcp destination eq 6400
object service BO_FALCON1
service tcp destination eq ldap
object service BO_FALCON2
service tcp destination eq sqlnet
object network VOIP_EXTERNO2
subnet 10.201.57.0 255.255.255.0
object network LAN-MPLS-EMBRATEL
subnet 172.19.240.0 255.255.255.128
object network LAN-ROUTER-MPLS-EMBRATEL
host 172.19.240.246
object network ALGAR-LAN-EBT
subnet 172.19.242.0 255.255.255.0
description ALGAR-LAN-EBT
object network Datametrica-LAN-EBT
subnet 172.19.243.248 255.255.255.252
description REDE DMZ Datametrica EBT
object network BSB-LAN-EBT
subnet 172.28.6.64 255.255.255.252
description Rede DMZ Brasilia EBT
object network DUMAS-LAN-EBT
subnet 172.19.241.0 255.255.255.0
description DUMAS-LAN-EBT
object network DMZ-EBT-LAN
subnet 172.19.240.240 255.255.255.248
description Rede DMZ EBT
object network NAT-CEF-EBT
host 172.28.6.66
description IP Sada to CEF EBT
object network NAT-CEF2-EBT
host 172.28.6.65
description IP Sada NAT to CEF 2
object network Redmine_Prev
host 10.209.8.24
description Redmine_Prev
object service HTTP3
service tcp destination eq 8082
description REDMINE_PREV
object network FALCON-BO
host 10.195.192.134
object network FALCON-BO-NAT
host 172.19.82.14
object network SERVIDOR_PRTG
host 10.209.10.254
description SERVER_PRTG
object service HTTP4
service tcp destination eq 8083
description MONITORAMENTO PRTG
object network Recife_Lan
subnet 10.0.0.0 255.255.240.0
description Recife_Lan
object network ALGAR1_FRONTEND
host 10.209.17.50
description ALGAR1_FRONTEND
object network ALGAR2_FRONTEND
host 10.209.17.51
description ALGAR2_FRONTEND
object service ALGAR_FRONTEND
service tcp destination eq 8090
description ALGAR_FRONTEND
object network NETWORK_OBJ_10.209.8.128_29
subnet 10.209.8.128 255.255.255.248
object network ACTIVE_DIRECTORY_EBT
host 10.209.8.14
description ACTIVE_DIRECTORY_EBT
object network ACTIVE_DIRECTORY_INT
host 10.209.8.14
description ACTIVE_DIRECTORY_INT
object network SIPCS_NAT_EBT
host 172.19.240.126
description SIPCS_NAT_EBT
object network SIPCS_NAT_INT
host 172.19.232.116
description SIPCS_NAT_INT
object network CLAN_AVAYA
host 10.209.8.72
description CLAN_AVAYA
object network CONNECT_LAN_EBT
host 10.209.8.25
description CONNECT_LAN_EBT
object network CONNECT_NAT_EBT
host 172.19.240.50
description CONNECT_NAT_EBT
object network CONNECT_LAN_INT
host 10.209.8.25
description CONNECT_LAN_INT
object network CONNECT_NAT_INT
host 172.19.232.50
description CONNECT_NAT_INT
object network DNS_EXTERNO_SECUNDARIO
host 10.209.12.141
description DNS_EXTERNO_SECUNDARIO
object network DUMAS_NAT_EBT
range 172.19.240.161 172.19.240.190
description DUMAS_NAT_EBT
object network ALGAR-LAN-INT
subnet 172.19.233.0 255.255.255.128
description ALGAR-LAN-INT
object network DUMAS-LAN-INT
subnet 172.19.232.128 255.255.255.128
description DUMAS-LAN-INT
object network DUMAS-NAT-INT
range 172.19.232.240 172.19.232.247
description DUMAS-NAT-INT
object network PABX_DATAMETRICA
host 10.0.0.66
description PABX_DATAMETRICA_DIGITRO
object network PROULER_AVAYA
host 10.209.8.73
description PROULER_AVAYA
object network REDE_LAN_RECIFE
subnet 172.19.243.0 255.255.255.0
description REDE_LAN_RECIFE
object network REDE_LAN_RECIFE_INT
subnet 172.19.233.128 255.255.255.128
description REDE_LAN_RECIFE_INT
object service AVAYA_TELEFONE
service udp source eq 1719 destination eq 1719
object service FTP
service tcp destination eq ftp
description FTP
object service FTP-DATA
service tcp destination eq ftp-data
description FTP-DATA
object service PRAWLER
service udp destination eq 72
description PRAWLER
object service PRAWLER_VOZ1
service udp destination eq 2580
description PRAWLER_VOZ1
object service PRAWLER_VOZ2
service udp destination eq 2581
description PRAWLER_VOZ2
object network 10.192.195.132
subnet 10.192.195.132 255.255.255.252
object network ALGAR-TESTE
subnet 10.201.37.0 255.255.255.0
object network NETWORK_OBJ_10.209.10.192_27
subnet 10.209.10.192 255.255.255.224
object network SERVIDOR-SNMP
host 10.209.8.90
description SERVIDOR-SNMP
object network SERVIDOR-SNMP-NAT-EBT
host 172.19.240.30
description SERVIDOR-SNMP-NAT
object network ALGAR-UBERLANDIA
host 172.19.244.113
description ALGAR-UBERLANDIA
object service HTTP5
service tcp destination eq 8084
description SERVER-CACTI
object network SERVIDOR-SNMP-INT
host 10.209.8.90
description SERVIDOR-SNMP-INT
object network SERVIDOR-SNMP-NAT-INT
host 172.19.232.30
description SERVIDOR-SNMP-NAT-INT
object network SERVIDOR-CACTI
host 10.209.8.90
description SERVIDOR-CACTI
object network VITOR-VPN
host 10.209.10.40
description VITOR-VPN
object network VITOR-VPN-2
host 10.209.10.68
description VITOR-VPN-2
object network SIPCS_NAT_EBT_VPN02
host 172.19.240.125
description NAT para aceso ao sipcs atraves da vpn bpo.
object network VPN02_EBT
host 10.209.8.28
description NAT para acesso ao Sipcs.extracaixa atraves da vpn bpo
object network SIPCS_NAT_INT_VPN02
host 172.19.232.115
description Nat para acesso ao sipcs atraves da VPN BPO
object network VPN02_INT
host 10.209.8.28
description Servidor de VPN.
object network SONICWALL-FW
host 10.209.8.254
description SONICWALL
object network ACTIVE-DIRECTORY-INSIDE
host 10.209.8.14
description ACTIVE-DIRECTORY-INSIDE
object network NETWORK_OBJ_10.209.12.0_25
subnet 10.209.12.0 255.255.255.128
object network BPOSRV-GIS_ALPHAVILLE_NAT
host 172.19.235.71
description BPOSRV-GIS_ALPHAVILLE_NAT
object network NETWORK_OBJ_10.209.14.0_27
subnet 10.209.14.0 255.255.255.224
object network NETWORK_OBJ_10.209.14.0_28
subnet 10.209.14.0 255.255.255.240
object network VPN-CISCO
range 10.209.14.10 10.209.14.30
object network VPN-CISCO-NAT
host 172.19.240.127
description VPN-CISCO-NAT
object network SIPCS-CAIXA
host 172.16.32.190
description SIPCS-CAIXA
object network WIFI-DUMAS
host 10.209.35.25
object network NETWORK_OBJ_10.209.14.16_28
subnet 10.209.14.16 255.255.255.240
object network NETWORK_OBJ_10.209.8.252_30
subnet 10.209.8.252 255.255.255.252
object network ALGAR_UBERLANDIA_CLAN
host 10.200.132.103
description IP CLAN AlGAR UBERLANDIA
object network NETWORK_OBJ_10.209.14.128_29
subnet 10.209.14.128 255.255.255.248
object network ALGAR_UBERLANDIA_MEDPRO
subnet 10.200.96.128 255.255.255.240
description Endreos IPs da MEDPRO da Algar Uberlandia
object network FILE-SERVER
host 10.209.8.19
description FILE-SERVER
object service SMB
service tcp destination eq 445
description SMB
object service SMB-UDP
service udp destination eq 445
description SMB
object service netbios-dgm
service tcp destination eq 138
description netbios-dgm
object service netbios-ns
service tcp destination eq 137
description netbios-ns
object service netbios-ssn
service udp destination eq 139
description netbios-ssn
object network CONNECT-LAN
host 10.209.8.25
object network Algar_Uberlandia_Firewall
host 172.19.244.249
description Porta LAN firewall da Algar Uberlandia
object network NETWORK_OBJ_10.209.14.8_29
subnet 10.209.14.8 255.255.255.248
object network NETWORK_OBJ_10.209.14.136_29
subnet 10.209.14.136 255.255.255.248
object network SISCC-CAIXA
host 172.16.32.246
description Objeto para acesso ao SISCC da caixa.
object service SMTP-587
service tcp source eq 587 destination eq 587
description SMTP-587
object service Remote_Desktop
service tcp source eq 3389 destination eq 3389
description Remote Desktop Windows
object network Right_Fax
host 10.209.8.21
description Servidor Right Fax
object network Right_Fax_NAT
host 172.19.240.9
description NAT de traduo Right FAX
object network AD_MPLS_DC
host 172.19.235.65
description AD_MPLS_DC
object network LAN-ROUTER-MPLS-EMBRATEL-DC
subnet 172.19.235.96 255.255.255.248
description LAN-ROUTER-MPLS-EMBRATEL-DC
object network CONNECT_NAT_DC
host 172.19.235.66
description CONNECT_NAT_DC
object network Active-directory
host 10.209.8.14
description AD
object network INTERNET_EBT
host 201.90.225.178
description INTERNET EBT
object network INTERNET-DC
host 189.125.156.83
description INTERNET-DC
object network INTERNET-WS
host 201.90.225.178
description INTERNET-WS
object network EXCHANGE_02
host 10.209.8.27
description EXCHANGE_02
object network Alphaville_WestSide_NAT_EBT
range 172.19.240.129 172.19.240.158
description Alphaville_WestSide_NAT_EBT
object service MYSQL
service tcp source eq 3306 destination eq 3306
description Banco de dados MySql
object network RIONEGRO_NETWORK_NAT
subnet 172.19.235.128 255.255.255.128
description RIONEGRO_NETWORK_NAT_MPLS
object network TOCANTIS_NAT_INTELIG
subnet 172.19.232.0 255.255.255.128
description TOCANTIS_NAT_INTELIG
object network RIONEGRO_AD_NAT
host 172.19.235.199
description RIONEGRO_AD_NAT
object network COTIA_FS_NAT
host 172.19.235.72
description COTIA_FS_NAT
object network NETWORK_OBJ_10.209.42.14
host 10.209.42.14
object network RIONEGRO_NAT_EBT_TEMP
host 172.19.240.225
description RIONEGRO_NAT_EBT_TEMP
object network ACTIVE_DIRECTORY_INT_NAT
host 172.19.235.65
description ACTIVE_DIRECTORY_INTELIG_NAT
object network RIONEGRO_NAT_INT_TEMP
host 172.19.232.105
description RIONEGRO_NAT_INT_TEMP
object network RIONEGRO_NAT_INT_TESTE
host 172.19.235.246
description RIONEGRO_NAT_INT_TESTE
object network RIONEGRO_NETWORK_TESTE
subnet 172.19.235.0 255.255.255.0
description RIONEGRO_NETWORK_TESTE
object service HTTP6
service tcp destination eq 8085
description SERVIDOR_GIS
object network Servidor_GIS
host 10.209.8.79
description Servidor_GIS
object service PORTA_BPOSRVZAB
service tcp source eq 10051 destination eq 10051
description PORTA_BPOSRVZAB
object network RIONEGRO-BPOSRV_ZBX_NAT
host 172.19.235.214
description BPOSRV_ZBX_NAT
object service SERVER_JAVA
service tcp destination eq 12345
description SERVER_JAVA
object service ALGAR_RIDFAX
service tcp source eq h323
object network NETWORK_OBJ_10.209.42.0
host 10.209.42.0
object service FRONT_ALGAR
service tcp source eq ssh destination eq ssh
object network NETWORK_OBJ_10.209.42.0_26
subnet 10.209.42.0 255.255.255.192
object network NETWORK_OBJ_10.209.8.0_25
subnet 10.209.8.0 255.255.255.128
object network BPOSRV-ZBX02
host 10.209.8.11
description BPOSRV-ZBX02
object service SSH_ZBX
service tcp source eq ssh destination eq ssh
description SSH_ZBX
object network HOST_BPOSRV_AD05_RN
host 10.209.42.20
description HOST_BPOSRV_AD05_RN
object network MPLS_TESTE
host 172.19.235.97
object network HOST_RN_TEMP
host 10.209.41.19
description HOST_RN_TEMP
object network RIONEGRO_NETWOK_BACKOFFICE
subnet 10.209.40.0 255.255.255.0
object network BPOSRV_OPNVPN
host 10.209.8.12
description BPOSRV_OPNVPN
object service BPOSRV_OPENVPN
service tcp destination eq 943
description BPOSRV_OPENVPN
object service BPOSRV_OPENVPN2
service udp source eq 1154
object service BPOSRV_OPENVPN3
service tcp source eq 4443
object network KASEYA
host 10.209.8.14
description KASEYA
object network KASEYA_B
host 10.209.8.14
description KASEYA_B
object network SERASA
host 200.245.207.181
description SERASA
object service SERVIDOR_ATC
service tcp destination eq 3306
description SERVIDOR_ATC
object-group network REDES-INTERNAS
network-object object SERVIDORES-LEVEL3
network-object object DESKTOP-LEVEL3
network-object object DESKTOP-2
network-object object IMPRESSORAS
network-object object GERENCIA
network-object object FONES-IP
network-object object WIRELESS-ALPHAVILLE
network-object object FIREWALL
network-object object DESKTOP-3
network-object object LAN-MPLS-EMBRATEL
object-group network REDES-EXTERNAS
network-object object ALGAR-LAN
network-object object ALGAR
network-object object ALGAR-CAMPINAS
network-object object DATAMETRICA-RECIFE
network-object object NAT-CEF
network-object object NAT-CEF-2
network-object object INDRA-DUMAS
network-object object DNS
network-object object DNS-CEF
network-object object FALCON
network-object object CONNECT_DIRECT
network-object object VOIP_EXTERNO
network-object object VOIP_EXTERNO2
network-object object LAN-ROUTER-MPLS-EMBRATEL
network-object object ALGAR-LAN-INT
network-object object DUMAS-LAN-INT
network-object object REDE_LAN_RECIFE_INT
network-object object DUMAS-NAT-INT
network-object object LAN-ROUTER-MPLS-INTELIG
network-object object Recife_Lan
network-object object ALGAR_UBERLANDIA_CLAN
network-object object ALGAR_UBERLANDIA_MEDPRO
network-object object LAN-ROUTER-MPLS-EMBRATEL-DC
network-object object Alphaville_WestSide_NAT_EBT
network-object object TOCANTIS_NAT_INTELIG
network-object object RIONEGRO_NETWORK_NAT
network-object object ALGAR-LAN-EBT
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
network-object object NETWORK_OBJ_10.209.42.0_26
network-object object RIONEGRO_NETWOK_BACKOFFICE
object-group service DM_INLINE_SERVICE_62
service-object ip
service-object tcp destination eq smtp
service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object udp destination eq domain
object-group service DNS_SERVICES
service-object tcp destination eq domain
service-object udp destination eq domain
object-group service DM_INLINE_TCP_1 tcp
port-object eq https
port-object eq smtp
port-object eq 587
object-group network mpls-campinas-interno
description Rede interna campinas fones
network-object object MPLS_CAMPINAS_INTERNO
object-group network SERVIDORES_NTP_EXTERNOS
description GRUPO COM OS SERVIDORES NTP EXTERNOS
network-object object SERVIDOR_NTP-1-EXTERNO
network-object object SERVIDOR_NTP-2-EXTERNO
network-object object SERVIDOR_NTP-3-EXTERNO
network-object object SERVIDOR_NTP-4-EXTERNO
network-object object SERVIDOR_NTP-5-EXTERNO
network-object object SERVIDOR_NTP-6-EXTERNO
object-group service DM_INLINE_SERVICE_2
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_14
network-object 10.209.42.0 255.255.255.192
network-object 10.209.8.0 255.255.255.128
object-group network DM_INLINE_NETWORK_1
network-object object FALCON
network-object object FALCON-BO-NAT
object-group network REDES-EXTERNAS-EBT
network-object object ALGAR
network-object object ALGAR-CAMPINAS
network-object object ALGAR-LAN
network-object object CEF
network-object object CONNECT_DIRECT
network-object object DATAMETRICA-RECIFE
network-object object DNS
network-object object DNS-CEF
network-object object FALCON
network-object object LAN-ROUTER-MPLS-EMBRATEL
network-object object VOIP_EXTERNO
network-object object VOIP_EXTERNO2
network-object object NAT-CEF-EBT
network-object object NAT-CEF2-EBT
network-object object ALGAR-LAN-EBT
network-object object DUMAS-LAN-EBT
network-object object DUMAS_NAT_EBT
network-object object INDRA-DUMAS
network-object object REDE_LAN_RECIFE
network-object object Recife_Lan
network-object object ALGAR-UBERLANDIA
network-object object ALGAR_UBERLANDIA_CLAN
network-object object ALGAR_UBERLANDIA_MEDPRO
network-object object LAN-ROUTER-MPLS-EMBRATEL-DC
network-object object LAN-MPLS-EMBRATEL
network-object object Alphaville_WestSide_NAT_EBT
network-object object RIONEGRO_NETWORK_NAT
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
network-object object NETWORK_OBJ_10.209.42.0_26
network-object object RIONEGRO_NETWOK_BACKOFFICE
object-group network REDES-INTERNAS-EBT
network-object object LAN-ROUTER-MPLS-EMBRATEL
object-group service DM_INLINE_SERVICE_66
service-object ip
service-object object SMTP
object-group network AVAYA_EBT
network-object object CLAN_AVAYA
network-object object PROULER_AVAYA
object-group service DIGITRO udp
port-object eq 2060
port-object eq 4060
port-object eq 6060
object-group service Digitro tcp
port-object eq 3060
port-object eq 5061
object-group service DM_INLINE_TCP_3 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DM_INLINE_SERVICE_3
service-object tcp destination eq 3060
service-object tcp destination eq 5061
service-object tcp destination eq sip
service-object udp destination eq 2060
service-object udp destination eq 4060
service-object udp destination eq 6060
object-group service DM_INLINE_SERVICE_4
service-object object AVAYA_TELEFONE
service-object object PRAWLER
service-object object PRAWLER_VOZ1
service-object object PRAWLER_VOZ2
service-object tcp destination eq 3060
service-object tcp destination eq 5061
service-object tcp destination eq h323
service-object tcp destination eq sip
service-object udp destination eq 2060
service-object udp destination eq 4060
service-object udp destination eq 6060
service-object udp destination eq bootps
object-group service DM_INLINE_SERVICE_5
service-object tcp destination eq 3060
service-object tcp destination eq 5061
service-object tcp destination eq sip
service-object udp destination eq 2060
service-object udp destination eq 4060
service-object udp destination eq 6060
object-group service DM_INLINE_SERVICE_6
service-object object AVAYA_TELEFONE
service-object object PRAWLER
service-object object PRAWLER_VOZ1
service-object object PRAWLER_VOZ2
service-object tcp destination eq 3060
service-object tcp destination eq 5061
service-object tcp destination eq h323
service-object tcp destination eq sip
service-object udp destination eq 2060
service-object udp destination eq 4060
service-object udp destination eq 6060
service-object udp destination eq bootps
object-group service DM_INLINE_TCP_4 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DM_INLINE_SERVICE_7
service-object ip
service-object gre
service-object object L2TP
service-object object Remote_Desktop
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_8
service-object ip
service-object icmp
service-object gre
service-object object L2TP
service-object object PORTA_BPOSRVZAB
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_9
service-object tcp destination eq domain
service-object udp destination eq domain
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_TCP_6 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DM_INLINE_SERVICE_10
service-object gre
service-object tcp destination eq pptp
service-object icmp
object-group service DM_INLINE_SERVICE_11
service-object ip
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_12
service-object ip
service-object object ALGAR_RIDFAX
service-object tcp destination eq h323
object-group service DM_INLINE_SERVICE_13
service-object object HTTP2
service-object object HTTP3
service-object object HTTP4
service-object object HTTP5
object-group service DM_INLINE_SERVICE_14
service-object gre
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_16
service-object object SMB
service-object object SMB-UDP
service-object object netbios-dgm
service-object object netbios-ns
service-object object netbios-ssn
service-object tcp destination eq netbios-ssn
service-object udp destination eq netbios-dgm
service-object udp destination eq netbios-ns
object-group service DM_INLINE_SERVICE_17
service-object object SMB
service-object object SMB-UDP
service-object object netbios-dgm
service-object object netbios-ns
service-object object netbios-ssn
service-object tcp destination eq netbios-ssn
service-object udp destination eq netbios-dgm
service-object udp destination eq netbios-ns
object-group network DM_INLINE_NETWORK_4
network-object object SIPCS-CAIXA
network-object object SISCC-CAIXA
object-group service DM_INLINE_SERVICE_18
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object ip
service-object tcp destination eq www
object-group service DM_INLINE_SERVICE_15
service-object ip
service-object object Remote_Desktop
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
service-object icmp
service-object object SERVER_JAVA
service-object tcp destination eq h323
service-object object ALGAR_RIDFAX
service-object tcp destination eq ssh
service-object object FRONT_ALGAR
service-object tcp destination eq smtp
service-object udp destination eq snmp
object-group network DM_INLINE_NETWORK_5
network-object object DUMAS_NAT_EBT
network-object object RIONEGRO_NAT_EBT_TEMP
object-group service Desenv_Contabil udp
description Portas de VPN para o Desenvolvimento Contabil
port-object eq 10000
port-object eq 4500
port-object eq isakmp
object-group service DM_INLINE_SERVICE_19
service-object tcp destination eq ssh
service-object udp destination eq 10000
service-object udp destination eq 4500
service-object udp destination eq isakmp
object-group network DM_INLINE_NETWORK_19
network-object 10.209.40.0 255.255.255.0
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
network-object object FALCON-BO-NAT
object-group service DM_INLINE_SERVICE_20
service-object object MYSQL
service-object tcp destination eq ssh
service-object udp destination eq 10000
service-object udp destination eq 4500
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_21
service-object ip
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
service-object icmp
service-object object PORTA_BPOSRVZAB
service-object object SERVER_JAVA
object-group service DM_INLINE_SERVICE_22
service-object ip
service-object gre
service-object object L2TP
service-object object Remote_Desktop
service-object tcp destination eq pptp
service-object icmp
service-object object PORTA_BPOSRVZAB
service-object object SERVER_JAVA
object-group service DM_INLINE_SERVICE_23
service-object ip
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_24
service-object ip
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_25
service-object ip
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_26
service-object ip
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_27
service-object ip
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
service-object icmp
service-object tcp destination eq www
object-group service DM_INLINE_SERVICE_28
service-object ip
service-object object ALGAR_RIDFAX
service-object tcp destination eq h323
object-group network DM_INLINE_NETWORK_6
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
network-object object FALCON-BO-NAT
network-object object RIONEGRO_NETWOK_BACKOFFICE
object-group service DM_INLINE_SERVICE_29
service-object ip
service-object tcp destination eq 587
service-object tcp destination eq https
object-group service GRUP_PORTS-OPENVPN
service-object object BPOSRV_OPENVPN2
service-object object BPOSRV_OPENVPN3
service-object object BPOSRV_OPENVPN
object-group service DM_INLINE_SERVICE_31
service-object ip
service-object gre
service-object object L2TP
service-object tcp destination eq pptp
service-object icmp
service-object object PORTA_BPOSRVZAB
service-object object SERVER_JAVA
service-object object BPOSRV_OPENVPN
group-object GRUP_PORTS-OPENVPN
service-object tcp destination eq https
service-object udp destination eq snmp
object-group network DM_INLINE_NETWORK_18
group-object REDES-EXTERNAS
group-object REDES-EXTERNAS-EBT
object-group service DM_INLINE_SERVICE_30
service-object ip
service-object object HTTP
service-object tcp destination eq 587
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_34
service-object ip
service-object gre
service-object object L2TP
service-object object Remote_Desktop
service-object tcp destination eq pptp
service-object icmp
service-object tcp destination eq www
object-group service DM_INLINE_SERVICE_35
service-object ip
service-object gre
service-object object L2TP
service-object object Remote_Desktop
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_36
service-object object HTTP
service-object object HTTP6
service-object icmp
service-object object SERVER_JAVA
object-group network DM_INLINE_NETWORK_7
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
object-group service DM_INLINE_SERVICE_37
service-object icmp
service-object object HTTP
service-object object HTTP6
service-object object SERVER_JAVA
object-group service DM_INLINE_SERVICE_38
service-object ip
service-object tcp destination eq h323
object-group service DM_INLINE_SERVICE_33
service-object ip
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_40
service-object ip
service-object tcp destination eq h323
service-object object ALGAR_RIDFAX
object-group service DM_INLINE_SERVICE_39
service-object ip
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_42
service-object ip
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_43
service-object ip
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_44
service-object ip
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_45
service-object ip
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_46
service-object ip
service-object icmp
service-object gre
service-object tcp destination eq pptp
object-group network DM_INLINE_NETWORK_8
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
network-object object RIONEGRO_NETWOK_BACKOFFICE
object-group network DM_INLINE_NETWORK_9
network-object 10.209.14.0 255.255.255.128
network-object 10.209.8.0 255.255.255.128
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_10
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
network-object object RIONEGRO_NETWOK_BACKOFFICE
object-group service DM_INLINE_SERVICE_59
service-object ip
service-object object HTTP
object-group network DM_INLINE_NETWORK_11
network-object 10.209.41.0 255.255.255.0
network-object object RIONEGRO_NETWOK_BACKOFFICE
object-group network DM_INLINE_NETWORK_12
network-object 10.209.41.0 255.255.255.0
network-object object RIONEGRO_NETWOK_BACKOFFICE
object-group network DM_INLINE_NETWORK_13
network-object 10.209.42.0 255.255.255.192
network-object host 10.209.42.19
network-object object HOST_BPOSRV_AD05_RN
object-group service DM_INLINE_SERVICE_47
service-object ip
group-object GRUP_PORTS-OPENVPN
object-group service DM_INLINE_SERVICE_48
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_50
service-object ip
group-object GRUP_PORTS-OPENVPN
service-object object BPOSRV_OPENVPN
object-group network DM_INLINE_NETWORK_15
network-object 10.209.40.0 255.255.255.0
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
object-group network DM_INLINE_NETWORK_16
network-object 10.209.40.0 255.255.255.0
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
object-group network DM_INLINE_NETWORK_17
network-object 10.209.40.0 255.255.255.0
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
object-group service DM_INLINE_SERVICE_49
service-object ip
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object object SMTP-587
service-object tcp destination eq www
service-object udp destination eq snmp
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_51
service-object ip
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object object SMTP-587
service-object tcp destination eq www
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_52
service-object object SMTP
service-object tcp destination eq 587
service-object ip
service-object tcp destination eq https
service-object object SMTP-587
service-object tcp destination eq www
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_53
service-object ip
service-object icmp
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object tcp destination eq www
object-group service DM_INLINE_SERVICE_54
service-object ip
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_55
service-object ip
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object object HTTP
service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_56
service-object object SMTP
service-object tcp destination eq https
service-object ip
object-group service DM_INLINE_SERVICE_57
service-object ip
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object object SMTP-587
object-group service DM_INLINE_SERVICE_58
service-object ip
service-object object SMTP
service-object tcp destination eq 587
service-object tcp destination eq https
service-object object SMTP-587
object-group service DM_INLINE_SERVICE_60
service-object ip
service-object tcp destination eq www
service-object icmp
service-object gre
service-object object FRONT_ALGAR
service-object object L2TP
service-object tcp destination eq h323
service-object tcp destination eq pptp
service-object tcp destination eq ssh
service-object object MYSQL
service-object object SERVIDOR_ATC
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_41
service-object ip
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_61
service-object ip
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_63
service-object ip
service-object object HTTP
object-group service DM_INLINE_SERVICE_64
service-object ip
service-object icmp
service-object gre
service-object object FRONT_ALGAR
service-object object L2TP
service-object object PORTA_BPOSRVZAB
service-object object SERVER_JAVA
service-object tcp destination eq h323
service-object tcp destination eq pptp
service-object tcp destination eq ssh
service-object udp destination eq snmp
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_65
service-object ip
service-object icmp
service-object gre
group-object GRUP_PORTS-OPENVPN
service-object object L2TP
service-object tcp destination eq pptp
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_32
service-object ip
service-object icmp
service-object gre
service-object object ALGAR_RIDFAX
service-object object FRONT_ALGAR
service-object object L2TP
service-object object PORTA_BPOSRVZAB
service-object object SERVER_JAVA
service-object tcp destination eq h323
service-object tcp destination eq pptp
service-object tcp destination eq ssh
service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_67
service-object ip
service-object tcp destination eq smtp
object-group network DM_INLINE_NETWORK_2
network-object object FALCON
network-object object FALCON-BO-NAT
object-group network DM_INLINE_NETWORK_3
network-object object FALCON
network-object object FALCON-BO-NAT
object-group service DM_INLINE_SERVICE_68
service-object ip
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_69
service-object ip
service-object tcp destination eq smtp
object-group network DM_INLINE_NETWORK_20
network-object object FALCON
network-object object FALCON-BO-NAT
object-group network DM_INLINE_NETWORK_21
network-object 10.209.14.0 255.255.255.128
network-object 10.209.42.0 255.255.255.192
network-object 10.209.8.0 255.255.255.128
object-group service DM_INLINE_SERVICE_70
service-object ip
service-object udp destination eq snmp
object-group network DM_INLINE_NETWORK_22
network-object 10.209.40.0 255.255.255.0
network-object 10.209.41.0 255.255.255.0
network-object 10.209.42.0 255.255.255.192
object-group service DM_INLINE_SERVICE_71
service-object ip
service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_72
service-object ip
service-object udp destination eq snmp
service-object udp destination eq snmptrap
object-group service DM_INLINE_SERVICE_73
service-object ip
service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_74
service-object ip
service-object udp destination eq snmp
object-group service DM_INLINE_SERVICE_75
service-object ip
service-object udp destination eq snmp
object-group network DM_INLINE_NETWORK_23
network-object 10.209.42.0 255.255.255.192
network-object 10.209.8.0 255.255.255.128
object-group service DM_INLINE_SERVICE_76
service-object ip
service-object udp destination eq isakmp
object-group network DM_INLINE_NETWORK_24
network-object 10.209.42.0 255.255.255.192
network-object 10.209.8.0 255.255.255.128
object-group service DM_INLINE_SERVICE_77
service-object ip
service-object object MYSQL
service-object tcp destination eq ssh
service-object udp destination eq 10000
service-object udp destination eq 4500
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_78
service-object ip
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_79
service-object ip
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_80
service-object ip
service-object udp destination eq isakmp
access-list INSIDE_access_in extended permit ip object SERVIDORES-LEVEL3 object RIONEGRO-BPOSRV_ZBX_NAT inactive
access-list INSIDE_access_in extended permit object-group DM_INLINE_SERVICE_43 object BPOSRV-ZBX02 any inactive
access-list INSIDE_access_in extended permit object-group DM_INLINE_SERVICE_45 object BPOSRV-ZBX02 object SONICWALL-FW inactive
access-list INSIDE_access_in extended permit ip object SONICWALL-FW object CONNECT-LAN inactive
access-list INSIDE_access_in extended permit ip host 172.16.102.10 object CONNECT-LAN inactive
access-list INSIDE_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object SONICWALL-FW object-group DM_INLINE_NETWORK_12 inactive
access-list INSIDE_access_in extended permit ip object-group DM_INLINE_NETWORK_11 any inactive
access-list INSIDE_access_in extended permit object-group GRUP_PORTS-OPENVPN object SONICWALL-FW object BPOSRV_OPNVPN inactive
access-list INSIDE_access_in extended permit object-group DM_INLINE_SERVICE_47 any object BPOSRV_OPNVPN inactive
access-list DMZ_access_in extended permit ip object DNS_EXTERNO_PRIMARIO any
access-list DMZ_access_in extended permit ip object DNS_EXTERNO_SECUNDARIO any
access-list capture extended permit udp any any eq domain
access-list MPLS_INTELIG_access_in extended permit ip object-group REDES-INTERNAS object FALCON-BO
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_5 object PABX_DATAMETRICA object-group AVAYA_EBT
access-list MPLS_INTELIG_access_in extended permit ip object DUMAS-NAT-INT any
access-list MPLS_INTELIG_access_in extended permit ip object CONNECT_LAN_INT object CONNECT_NAT_INT
access-list MPLS_INTELIG_access_in extended permit ip object ACTIVE_DIRECTORY_INT object SIPCS_NAT_INT
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_61 object FALCON object EXCHANGE
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_41 object EXCHANGE object FALCON
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_6 object INDRA-DUMAS object-group AVAYA_EBT
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_30 any object-group DM_INLINE_NETWORK_19
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_29 object-group DM_INLINE_NETWORK_6 any
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_24 object-group REDES-EXTERNAS object-group REDES-INTERNAS
access-list MPLS_INTELIG_access_in extended permit ip object DUMAS-LAN-INT any
access-list MPLS_INTELIG_access_in extended permit ip object ALGAR-TESTE object CLAN_AVAYA inactive
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_26 object RIONEGRO_NETWORK_NAT any
access-list MPLS_INTELIG_access_in extended permit object-group DM_INLINE_SERVICE_25 object RIONEGRO_NETWORK_TESTE any
access-list TESA_access_in extended permit object HTTP2 any object SERVER-BATIMENTO
access-list TESA_access_in extended permit tcp any object SERVIDOR_VPN eq pptp
access-list TESA_access_in extended permit object HTTP1 any object Redmine
access-list TESA_access_in extended permit tcp any object EXCHANGE object-group DM_INLINE_TCP_1
access-list TESA_access_in extended permit object-group DM_INLINE_SERVICE_1 any object DNS_EXTERNO_PRIMARIO
access-list TESA_access_in remark REGRA DE ACESSO PARA SERVIDOR NTP INTERNO CONSULTAR SERVIODRES NTP EXTERNOS
access-list TESA_access_in extended permit udp object-group SERVIDORES_NTP_EXTERNOS object SERVIDOR-NTP-INTERNO eq ntp inactive
access-list TESA_access_in extended permit object HTTP4 any object SERVIDOR_PRTG
access-list TESA_access_in extended permit tcp any object SERVIDOR-NTP-INTERNO object-group DM_INLINE_TCP_4
access-list TESA_access_in extended permit ip object DUMAS_NAT_EBT any
access-list TESA_access_in extended permit ip object DUMAS-NAT-INT any
access-list TESA_access_in extended permit object HTTP3 any object Redmine_Prev
access-list TESA_access_in remark REGRA DE ACESSO PARA SERVIDOR NTP INTERNO CONSULTAR SERVIODRES NTP EXTERNOS
access-list EBT_access_in extended permit object ALGAR_FRONTEND any object ALGAR2_FRONTEND inactive
access-list EBT_access_in extended permit object ALGAR_FRONTEND any object ALGAR1_FRONTEND inactive
access-list EBT_access_in extended permit object-group DM_INLINE_SERVICE_72 any host 10.209.8.33
access-list EBT_access_in extended permit object HTTP2 any object SERVER-BATIMENTO
access-list EBT_access_in extended permit object-group DM_INLINE_SERVICE_11 any object SERVIDOR_VPN
access-list EBT_access_in extended permit tcp any object SERVIDOR-NTP-INTERNO object-group DM_INLINE_TCP_3
access-list EBT_access_in extended permit object HTTP5 any object SERVIDOR-CACTI
access-list EBT_access_in extended permit object HTTP4 any object SERVIDOR_PRTG
access-list EBT_access_in extended permit object HTTP3 any object Redmine_Prev
access-list EBT_access_in extended permit object HTTP1 any object Redmine
access-list EBT_access_in extended permit object-group DM_INLINE_SERVICE_48 any object EXCHANGE
access-list EBT_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS_EXTERNO_PRIMARIO
access-list EBT_access_in remark REGRA DE ACESSO PARA SERVIDOR NTP INTERNO CONSULTAR SERVIODRES NTP EXTERNOS
access-list EBT_access_in extended permit udp object-group SERVIDORES_NTP_EXTERNOS object SERVIDOR-NTP-INTERNO eq ntp
access-list EBT_access_in extended permit ip object DUMAS_NAT_EBT any
access-list EBT_access_in extended permit ip object DUMAS-NAT-INT any
access-list EBT_access_in extended permit object-group DM_INLINE_SERVICE_9 any object DNS_EXTERNO_SECUNDARIO
access-list EBT_access_in remark REGRA DE ACESSO PARA SERVIDOR NTP INTERNO CONSULTAR SERVIODRES NTP EXTERNOS
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_15 object-group REDES-EXTERNAS-EBT object-group REDES-INTERNAS
access-list MPLS_EBT_access_in extended permit ip object-group REDES-INTERNAS object FALCON-BO
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_3 object PABX_DATAMETRICA object-group AVAYA_EBT
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_21 object-group DM_INLINE_NETWORK_5 any
access-list MPLS_EBT_access_in extended permit ip object CONNECT_LAN_EBT object CONNECT_NAT_EBT
access-list MPLS_EBT_access_in extended permit ip object ACTIVE_DIRECTORY_EBT object AD_MPLS_DC
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_4 object INDRA-DUMAS object-group AVAYA_EBT
access-list MPLS_EBT_access_in extended permit ip object ALGAR-TESTE object CLAN_AVAYA
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_14 host 10.209.35.25 any
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_38 object Right_Fax object VOIP_EXTERNO2
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_35 host 172.19.240.241 any
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_23 object LAN-MPLS-EMBRATEL any
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_22 object RIONEGRO_NETWORK_NAT any
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_40 object VOIP_EXTERNO2 object Right_Fax
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_74 10.209.8.0 255.255.255.128 object-group DM_INLINE_NETWORK_13
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_53 object SONICWALL-FW any
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_54 object-group DM_INLINE_NETWORK_10 any
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_55 any object-group DM_INLINE_NETWORK_17
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_75 any any
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_33 object FALCON object EXCHANGE
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_39 object EXCHANGE object FALCON
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_66 object-group DM_INLINE_NETWORK_1 object EXCHANGE
access-list MPLS_EBT_access_in extended permit object-group DM_INLINE_SERVICE_67 object EXCHANGE object-group DM_INLINE_NETWORK_20
access-list VPN_ACCCESS extended permit ip object DESKTOP-LEVEL3 any
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_27 object SONICWALL-FW object SERVIDORES-LEVEL3
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_34 object SONICWALL-FW object DESKTOP-LEVEL3
access-list SONICWALL_access_in extended permit object HTTP1 any object Redmine
access-list SONICWALL_access_in extended permit object HTTP2 any object SERVER-BATIMENTO
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_10 any object SERVIDOR_VPN
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_18 any object EXCHANGE
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_57 object EXCHANGE any
access-list SONICWALL_access_in extended permit object HTTP3 any object Redmine_Prev
access-list SONICWALL_access_in extended permit object HTTP4 any object SERVIDOR_PRTG
access-list SONICWALL_access_in extended permit tcp any object SERVIDOR-NTP-INTERNO object-group DM_INLINE_TCP_6
access-list SONICWALL_access_in extended permit ip any object DUMAS_NAT_EBT
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_36 any object Servidor_GIS
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_37 any object BPOSRV-GIS_ALPHAVILLE_NAT
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_42 object BPOSRV-ZBX02 any
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_44 any object BPOSRV-ZBX02
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_46 object SONICWALL-FW object-group DM_INLINE_NETWORK_8
access-list SONICWALL_access_in extended permit ip any object CONNECT-LAN
access-list SONICWALL_access_in extended permit ip host 172.16.102.10 any
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_50 any object BPOSRV_OPNVPN
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_56 object EXCHANGE object SONICWALL-FW
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_58 object EXCHANGE object SONICWALL-FW
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_60 any interface SONICWALL
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_59 any object KASEYA_B
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_63 object KASEYA any inactive
access-list SONICWALL_access_in extended permit ip any any
access-list SONICWALL_access_in extended permit object-group DM_INLINE_SERVICE_76 any any
access-list SONICWALL_access_in extended permit udp any 10.209.8.0 255.255.255.128 eq isakmp
access-list INDRAVPN_splitTunnelAcl standard permit any4
access-list DESENVOLVEDORES extended permit tcp any object-group DM_INLINE_NETWORK_4 eq www
access-list DESENVOLVEDORES extended permit object DNS_SERVICE_UDP any object ACTIVE-DIRECTORY-INSIDE
access-list DESENVOLVEDORES extended permit object-group DM_INLINE_SERVICE_20 any object SERVER-BATIMENTO
access-list DESENVOLVEDORES extended permit object-group DM_INLINE_SERVICE_77 any 10.209.8.0 255.255.255.128
access-list VPNCOC extended permit object-group DM_INLINE_SERVICE_16 any object FILE-SERVER
access-list VPNCOC extended permit object-group DM_INLINE_SERVICE_17 any object CONNECT-LAN
access-list VPNCOC extended permit object DNS_SERVICE_UDP any object ACTIVE-DIRECTORY-INSIDE
access-list Desenv_Batimento extended permit object-group DM_INLINE_SERVICE_19 any object SERVER-BATIMENTO
access-list MPLS_EBT_cryptomap extended permit object-group DM_INLINE_SERVICE_70 object-group DM_INLINE_NETWORK_9 object-group
DM_INLINE_NETWORK_15
access-list MPLS_EBT_cryptomap extended permit object-group DM_INLINE_SERVICE_71 object-group DM_INLINE_NETWORK_22 10.209.8.0 255.255.255.128
access-list MPLS_INTELIG_cryptomap extended permit ip 10.209.8.0 255.255.255.128 object-group DM_INLINE_NETWORK_16
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_52 any object SONICWALL-FW
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_51 object SONICWALL-FW any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_49 any any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_60 object SERVIDORES-LEVEL3 object-group REDES-INTERNAS-EBT
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_64 object SERVIDORES-LEVEL3 object-group REDES-EXTERNAS-EBT
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_65 object DESKTOP-LEVEL3 any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_31 object SERVIDORES-LEVEL3 any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_62 object LAN-MPLS-EMBRATEL any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_32 object-group REDES-INTERNAS object-group DM_INLINE_NETWORK_18
access-list inside_access_in extended permit ip object-group REDES-INTERNAS object 10.192.195.132
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 object DESKTOP-LEVEL3 object SONICWALL-FW
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_8 object ACTIVE-DIRECTORY-INSIDE object SONICWALL-FW
access-list inside_access_in extended permit ip 10.209.14.0 255.255.255.128 any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_73 10.209.14.0 255.255.255.128 10.209.42.0 255.255.255.192
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_12 object VOIP_EXTERNO2 object Right_Fax_NAT
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_28 object Right_Fax object VOIP_EXTERNO2
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_68 object EXCHANGE object-group DM_INLINE_NETWORK_2
nat (MPLS_EBT,LEVEL3) source dynamic DUMAS_NAT_EBT interface
nat (MPLS_EBT,TESA) source dynamic DUMAS_NAT_EBT interface
nat (MPLS_INTELIG,LEVEL3) source dynamic LAN-ROUTER-MPLS-INTELIG interface
nat (MPLS_INTELIG,LEVEL3) source dynamic DUMAS-NAT-INT interface
nat (TESA,inside) source static any any destination static interface Redmine_Prev service HTTP3 HTTP3
nat (MPLS_EBT,LEVEL3) source static any any destination static NETWORK_OBJ_10.209.12.0_25 NETWORK_OBJ_10.209.12.0_25 no-proxy-arp route-lookup
nat (maneger,SONICWALL) source static any any destination static NETWORK_OBJ_10.209.14.0_28 NETWORK_OBJ_10.209.14.0_28 no-proxy-arp route-lookup
nat (MPLS_EBT,SONICWALL) source static WIFI-DUMAS WIFI-DUMAS
nat (inside,SONICWALL) source static any any destination static NETWORK_OBJ_10.209.14.16_28 NETWORK_OBJ_10.209.14.16_28 no-proxy-arp route-lookup
nat (inside,SONICWALL) source static any any destination static NETWORK_OBJ_10.209.14.128_29 NETWORK_OBJ_10.209.14.128_29 no-proxy-arp route-
lookup
nat (inside,SONICWALL) source static any any destination static NETWORK_OBJ_10.209.14.136_29 NETWORK_OBJ_10.209.14.136_29 no-proxy-arp route-
lookup
nat (SONICWALL,SONICWALL) source static any any destination static NETWORK_OBJ_10.209.14.128_29 NETWORK_OBJ_10.209.14.128_29 no-proxy-arp route-
lookup
nat (SONICWALL,SONICWALL) source static any any destination static INTERNET_EBT INTERNET_EBT no-proxy-arp route-lookup
nat (inside,SONICWALL) source static EXCHANGE EXCHANGE destination static DESKTOP-LEVEL3 DESKTOP-LEVEL3 no-proxy-arp route-lookup
nat (MPLS_EBT,SONICWALL) source static RIONEGRO_NETWORK_NAT RIONEGRO_NETWORK_NAT
nat (inside,MPLS_EBT) source static ACTIVE-DIRECTORY-INSIDE ACTIVE-DIRECTORY-INSIDE destination static NETWORK_OBJ_10.209.42.14
NETWORK_OBJ_10.209.42.14 no-proxy-arp route-lookup
nat (MPLS_EBT,SONICWALL) source static RIONEGRO_NAT_EBT_TEMP RIONEGRO_NAT_EBT_TEMP
nat (MPLS_INTELIG,SONICWALL) source static RIONEGRO_NAT_INT_TEMP RIONEGRO_NAT_INT_TEMP
nat (MPLS_INTELIG,SONICWALL) source static RIONEGRO_NETWORK_NAT RIONEGRO_NETWORK_NAT
nat (SONICWALL,inside) source static any any destination static interface Servidor_GIS service HTTP6 HTTP6
nat (inside,MPLS_EBT) source static SERVIDORES-LEVEL3 SERVIDORES-LEVEL3 destination static NETWORK_OBJ_10.209.42.0 NETWORK_OBJ_10.209.42.0 no-
proxy-arp route-lookup
nat (inside,MPLS_INTELIG) source static SERVIDORES-LEVEL3 SERVIDORES-LEVEL3 destination static NETWORK_OBJ_10.209.42.0 NETWORK_OBJ_10.209.42.0
no-proxy-arp route-lookup
nat (inside,MPLS_INTELIG) source static NETWORK_OBJ_10.209.8.0_25 NETWORK_OBJ_10.209.8.0_25 no-proxy-arp route-lookup
nat (inside,MPLS_INTELIG) source static NETWORK_OBJ_10.209.8.0_25 NETWORK_OBJ_10.209.8.0_25 destination static NETWORK_OBJ_10.209.42.0_26
NETWORK_OBJ_10.209.42.0_26 no-proxy-arp route-lookup
nat (maneger,MPLS_EBT) source static NETWORK_OBJ_10.209.8.0_25 NETWORK_OBJ_10.209.8.0_25 destination static DM_INLINE_NETWORK_7
DM_INLINE_NETWORK_7 no-proxy-arp route-lookup
nat (SONICWALL,MPLS_EBT) source static SONICWALL-FW SONICWALL-FW destination static HOST_BPOSRV_AD05_RN HOST_BPOSRV_AD05_RN
nat (SONICWALL,maneger) source static SONICWALL-FW interface destination static HOST_BPOSRV_AD05_RN HOST_BPOSRV_AD05_RN
nat (inside,MPLS_EBT) source static BPOSRV-ZBX02 BPOSRV-ZBX02 destination static NETWORK_OBJ_10.209.42.14 NETWORK_OBJ_10.209.42.14 no-proxy-arp
nat (SONICWALL,maneger) source static SONICWALL-FW interface destination static HOST_RN_TEMP HOST_RN_TEMP
nat (inside,SONICWALL) source static any any destination static NETWORK_OBJ_10.209.14.8_29 NETWORK_OBJ_10.209.14.8_29 no-proxy-arp route-lookup
nat (inside,SONICWALL) source static SERVIDORES-LEVEL3 SERVIDORES-LEVEL3 destination static NETWORK_OBJ_10.209.14.8_29 NETWORK_OBJ_10.209.14.8_29
no-proxy-arp route-lookup
nat (inside,SONICWALL) source static DM_INLINE_NETWORK_21 DM_INLINE_NETWORK_21 destination static NETWORK_OBJ_10.209.14.8_29
NETWORK_OBJ_10.209.14.8_29 no-proxy-arp route-lookup
nat (inside,SONICWALL) source static DM_INLINE_NETWORK_23 DM_INLINE_NETWORK_23 destination static NETWORK_OBJ_10.209.14.8_29
NETWORK_OBJ_10.209.14.8_29 no-proxy-arp route-lookup
nat (inside,SONICWALL) source static NETWORK_OBJ_10.209.8.0_25 NETWORK_OBJ_10.209.8.0_25 destination static NETWORK_OBJ_10.209.14.8_29
NETWORK_OBJ_10.209.14.8_29 no-proxy-arp route-lookup
!
object network SERVIDOR-SNMP
nat (MPLS_EBT,any) static SERVIDOR-SNMP-NAT-EBT
object network SERVIDOR-SNMP-INT
nat (MPLS_INTELIG,any) static SERVIDOR-SNMP-NAT-INT
object network VPN-CISCO
nat (any,any) static VPN-CISCO-NAT
access-group MPLS_INTELIG_access_in in interface MPLS_INTELIG
access-group MPLS_EBT_access_in in interface MPLS_EBT
access-group DMZ_access_in in interface DMZ
access-group SONICWALL_access_in in interface SONICWALL
access-group TESA_access_in in interface TESA
access-group EBT_access_in in interface LEVEL3
access-group inside_access_in in interface inside
!
router rip
!
router ospf 100
router-id 2.2.2.2
network 172.19.235.112 255.255.255.248 area 2
area 2 default-cost 20
log-adj-changes
!
router ospf 90
router-id 1.1.1.1
network 172.19.235.96 255.255.255.248 area 2
area 2 default-cost 10
log-adj-changes
!
route SONICWALL 0.0.0.0 0.0.0.0 10.209.8.254 10
route inside 10.209.8.0 255.255.255.128 10.209.14.3 1
route inside 10.209.8.14 255.255.255.255 10.209.14.3 1
route inside 10.209.8.128 255.255.255.192 10.209.14.3 1
route inside 10.209.8.192 255.255.255.192 10.209.14.3 1
route inside 10.209.9.0 255.255.255.0 10.209.14.3 1
route inside 10.209.10.0 255.255.255.0 10.209.14.3 1
route inside 10.209.12.0 255.255.255.128 10.209.14.3 1
route inside 10.209.13.0 255.255.255.0 10.209.14.3 1
route MPLS_EBT 10.209.40.0 255.255.255.0 172.19.235.102 1
route MPLS_EBT 10.209.41.0 255.255.255.0 172.19.235.102 1
route MPLS_EBT 10.209.42.0 255.255.255.192 172.19.235.102 1
route SONICWALL 192.168.80.0 255.255.255.0 10.209.8.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
webvpn
file-browsing enable
file-entry enable
http-proxy enable
url-entry enable
no user-identity enable
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 maneger
http 10.209.14.0 255.255.255.128 inside
http 172.19.232.0 255.255.248.0 MPLS_EBT
http 172.19.232.0 255.255.248.0 MPLS_INTELIG
http 172.19.240.0 255.255.248.0 MPLS_INTELIG
http 172.19.240.0 255.255.248.0 MPLS_EBT
http 10.209.8.0 255.255.255.128 inside
snmp-server group snmpindra v3 priv
snmp-server user snmpindra snmpindra v3 encrypted auth md5 01:c3:19:d0:c0:76:d8:ca:0a:40:72:37:57:91:6e:4c priv aes 128
87:e0:41:e6:57:21:26:ea:35:5b:b3:2c:df:41:e9:bc
snmp-server host maneger 10.209.8.11 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-
SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map EBT_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map EBT_map interface LEVEL3
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface maneger
crypto map SONICWALL_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map SONICWALL_map interface SONICWALL
crypto map MPLS_EBT_map 1 match address MPLS_EBT_cryptomap
crypto map MPLS_EBT_map 1 set peer 172.19.235.225
crypto map MPLS_EBT_map 1 set ikev1 transform-set ESP-DES-SHA ESP-DES-MD5
crypto map MPLS_EBT_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map MPLS_EBT_map interface MPLS_EBT
crypto map MPLS_INTELIG_map 1 match address MPLS_INTELIG_cryptomap
crypto map MPLS_INTELIG_map 1 set pfs
crypto map MPLS_INTELIG_map 1 set peer 172.19.235.225
crypto map MPLS_INTELIG_map 1 set ikev1 transform-set ESP-DES-SHA ESP-DES-MD5
crypto map MPLS_INTELIG_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map MPLS_INTELIG_map interface MPLS_INTELIG
crypto map inside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map0 interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=vpn.indrabrasilbpo.com
crl configure
crypto ca trustpoint Desenvolvimento_Contabil
enrollment self
subject-name CN=ASA-INDRA
crl configure
crypto ca trustpool policy
crypto ikev2 policy 1
encryption des
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 2
encryption des
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 3
encryption des
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 4
encryption des
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable MPLS_INTELIG
crypto ikev2 enable MPLS_EBT
crypto ikev2 enable SONICWALL
crypto ikev2 enable maneger
crypto ikev1 enable MPLS_INTELIG
crypto ikev1 enable MPLS_EBT
crypto ikev1 enable SONICWALL
crypto ikev1 enable maneger
crypto ikev1 enable inside
crypto ikev1 policy 1
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 2
authentication crack
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.19.240.0 255.255.248.0 MPLS_INTELIG
ssh 172.19.232.0 255.255.248.0 MPLS_EBT
ssh 10.209.8.0 255.255.255.128 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.209.8.23
tftp-server inside 10.209.8.60 asa911-k8.bin
webvpn
enable MPLS_INTELIG
enable MPLS_EBT
enable SONICWALL
enable inside
tunnel-group-list enable
group-policy Desenv_Contabil internal
group-policy Desenv_Contabil attributes
dns-server value 10.209.8.14
vpn-filter value INDRAVPN_splitTunnelAcl
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
split-tunnel-network-list value Desenv_Batimento
default-domain none
group-policy DfltGrpPolicy attributes
group-policy GroupPolicy_172.19.235.225 internal
group-policy GroupPolicy_172.19.235.225 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy VPN_RN internal
group-policy VPN_RN attributes
dns-server value 10.209.8.14
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_RN_splitTunnelAcl
default-domain value INDRA
group-policy VPN_TESTE internal
group-policy VPN_TESTE attributes
dns-server value 10.209.8.14
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
default-domain value INDRABRASILBPO
group-policy VPNTESTE internal
group-policy VPNTESTE attributes
dns-server value 10.209.8.14 8.8.8.8
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy VPN_DC_TESTE internal
group-policy VPN_DC_TESTE attributes
dns-server value 10.209.8.14 10.209.42.20
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
default-domain value indrabrasilbpo.local
group-policy INDRABPOPROD internal
group-policy INDRABPOPROD attributes
dns-server value 10.209.8.14
vpn-filter value inside_access_in
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
split-tunnel-policy tunnelall
default-domain value INDRABRASILBPO
webvpn
url-list none
group-policy INDRABPODES internal
group-policy INDRABPODES attributes
dns-server value 10.209.8.14
vpn-filter value DESENVOLVEDORES
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
split-tunnel-network-list value DESENVOLVEDORES
default-domain value INDRABRASILBPO
group-policy INDRABPOCOC internal
group-policy INDRABPOCOC attributes
dns-server value 10.209.8.14
vpn-filter value VPNCOC
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
split-tunnel-network-list value VPNCOC
default-domain value INDRABRASILBPO
group-policy INDRABPOBI internal
group-policy INDRABPOBI attributes
dns-server value 10.209.8.14
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
default-domain value indrabrasilbpo
group-policy cisco internal
group-policy cisco attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
address-pools value DESENVOLVEDORES
username aramosd password <removed> privilege 15
username aramosd attributes
service-type admin
username pdabsb password <removed>
username pdabsb attributes
group-lock value INDRABPODES
service-type remote-access
username eqpdesbat password <removed>
username eqpdesbat attributes
group-lock value Desenv_Contabil
service-type remote-access
username minutrade password <removed>
username minutrade attributes
service-type remote-access
username admin password <removed>
username fswindra password <removed>
username fswindra attributes
group-lock value INDRABPODES
service-type remote-access
username dbbueno password <removed> privilege 15
username wamatos password <removed>
username jpvieira password <removed>
username mantonios password <removed>
username mantonios attributes
group-lock value INDRABPODES
service-type admin
username alfferreira password <removed>
username jgomesg password <removed> privilege 0
username jgomesg attributes
vpn-group-policy INDRABPOBI
service-type remote-access
username alaham password <removed>
username alaham attributes
service-type admin
username rloliveirai password <removed>
username rloliveirai attributes
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
address-pool INSIDE_INDRA
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
tunnel-group INDRABPOPROD type remote-access
tunnel-group INDRABPOPROD general-attributes
address-pool INSIDE_INDRA
default-group-policy INDRABPOPROD
nat-assigned-to-public-ip inside
tunnel-group INDRABPOPROD ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group INDRABPOPROD ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
tunnel-group INDRABPODES type remote-access
tunnel-group INDRABPODES general-attributes
address-pool DESENVOLVEDORES
default-group-policy INDRABPODES
tunnel-group INDRABPODES ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group INDRABPOCOC type remote-access
tunnel-group INDRABPOCOC general-attributes
address-pool VPNCOC
default-group-policy INDRABPOCOC
tunnel-group INDRABPOCOC ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group INDRABPOBI type remote-access
tunnel-group INDRABPOBI general-attributes
address-pool VPNCOC
default-group-policy INDRABPOBI
tunnel-group INDRABPOBI ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 172.19.235.225 type ipsec-l2l
tunnel-group 172.19.235.225 general-attributes
default-group-policy GroupPolicy_172.19.235.225
tunnel-group 172.19.235.225 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group Desenv_Contabil type remote-access
tunnel-group Desenv_Contabil general-attributes
address-pool VPNCOC
default-group-policy Desenv_Contabil
tunnel-group Desenv_Contabil ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group VPN_TESTE type remote-access
tunnel-group VPN_TESTE general-attributes
address-pool INSIDE_INDRA
default-group-policy VPN_TESTE
tunnel-group VPN_TESTE ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group VPNTESTE type remote-access
tunnel-group VPNTESTE general-attributes
address-pool INSIDE_INDRA
default-group-policy VPNTESTE
tunnel-group VPNTESTE ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group VPN_DC_TESTE type remote-access
tunnel-group VPN_DC_TESTE general-attributes
address-pool INSIDE_INDRA
default-group-policy VPN_DC_TESTE
tunnel-group VPN_DC_TESTE ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group VPN_RN type remote-access
tunnel-group VPN_RN general-attributes
address-pool INSIDE_INDRA
default-group-policy VPN_RN
tunnel-group VPN_RN ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group cisco type remote-access
tunnel-group cisco general-attributes
address-pool INSIDE_INDRA
tunnel-group cisco ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group ciscoteste type remote-access
tunnel-group ciscoteste general-attributes
address-pool INSIDE_INDRA
tunnel-group ciscoteste ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group cisco1 type remote-access
tunnel-group cisco1 general-attributes
address-pool INSIDE_INDRA
default-group-policy INDRABPOPROD
tunnel-group cisco1 ipsec-attributes
ikev1 pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
class-map inspeciton_default
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect pptp
inspect icmp error
inspect snmp
!
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 5 mode exec command dir
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege cmd level 5 mode exec command export
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d3b6c1c25f8f481a4a9ebd97c4a3d00e
: end
Cannot open disk0:/csco_config/97/bookmarks/index.ini
------------------ more disk0:/sdesktop/data.xml ------------------
<?xml version="1.0" encoding="UTF-8"?>
<data version="3.2.1">
<multilocation>
<sequence>
<start>
<location name="Default" />
</start>
</sequence>
</multilocation>
<location name="Default">
<field type="checkbox" name="cAutomaticSwitch" value="ON" />
<field type="checkbox" name="cLocationCacheCleaner" value="ON" />
<field type="checkbox" name="cWindowsCleanerShowSuccess" value="OFF" />
<field type="checkbox" name="cWindowsCleanerLaunchTimeout" value="ON" />
<field type="checkbox" name="cWindowsCleanerLaunchClose" value="ON" />
<field type="checkbox" name="cWindowsCleanerDisableCancel" value="ON" />
<field type="text" name="tWindowsCleanerLogoutTitle" value="(SSL VPN Logout)" />
<field type="checkbox" name="cWindowsCleanerLogoutTitle" value="ON" />
<field type="dropdown" name="dWindowsCleanerTimeout" value="5" />
<field type="dropdown" name="dCleanerSecureDeletePass" value="3" />
<field type="checkbox" name="cBackForward" value="ON" />
<field type="checkbox" name="cTimeout" value="ON" />
<field type="dropdown" name="dTimeout" value="5" />
<field type="dropdown" name="cTimeoutBeep" value="ON" />
<field type="dropdown" name="dSDSecureDeletePass" value="3" />
<field type="text" name="tInternetExplorerHomePage" value="about:blank" />
<favorite type="folder" value="Favorites" />
</location>
<hostscan />
</data>
------------------ more disk0:/dap.xml ------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<dapRecordList>
</dapRecordList>
------------------ show startup-config errors ------------------
Reading from flash...
!!!!!!!!!!!!!!WARNING: BOOT variable added, but unable to find disk0:/asdm-645.bin
*** Output from config line 90, "boot system disk0:/asdm-..."
WARNING: All traffic destined to the IP address of the inside interface is being redirected.
WARNING: Users may not be able to access any service enabled on the inside interface.
*** Output from config line 1311, "nat (SONICWALL,inside) s..."
WARNING: All traffic destined to the IP address of the inside interface is being redirected.
WARNING: Users may not be able to access any service enabled on the inside interface.
*** Output from config line 1313, "nat (SONICWALL,inside) s..."
ERROR: Configuration request for SNMP group snmpindra failed.
User snmpindra references group intended for removal.
ERROR: Configuration request for SNMP group snmpindra failed.
User snmpindra references group intended for removal.
ERROR: Configuration request for SNMP group snmpindra failed.
User snmpindra references group intended for removal.
ERROR: Configuration request for SNMP group snmpindra failed.
User snmpindra references group intended for removal.
*** Output from config line 1385, "snmp-server community sn..."
------------------ console logs ------------------
Message #1 : Message #2 :
Total SSMs found: 0
Message #3 :
Total NICs found: 7
Message #4 : mcwa Message #5 : i82557 Ethernet at irq 11Message #6 : MAC: 5475.d026.e0e8
Message #7 : mcwa Message #8 : i82557 Ethernet at irq 5Message #9 : MAC: 0000.0001.0001
Message #10 : i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05Message #11 : MAC: 0000.0001.0002
Message #12 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 03Message #13 : MAC: 5475.d026.e0e7
Message #14 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 02Message #15 : MAC: 5475.d026.e0e6
Message #16 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 01Message #17 : MAC: 5475.d026.e0e5
Message #18 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 00Message #19 : MAC: 5475.d026.e0e4
Message #20 : Verify the activation-key, it might take a while...
Message #21 : Running Permanent Message #22 : Activation Key: Message #23 : 0xf8204668 Message #24 : 0xe81efec9 Message #25 : 0x08e16dc4 Message
#26 : 0xbe58fc04 Message #27 : 0xcd24d191 Message #28 :
Message #29 :
Licensed Message #30 : features for this platform:
Message #31 : Maximum Physical Interfaces : Unlimited perpetual
Message #32 : Maximum VLANs : 200 perpetual
Message #33 : Inside Hosts : Unlimited perpetual
Message #34 : Failover : Active/Active perpetual
Message #35 : Encryption-DES : Enabled perpetual
Message #36 : Encryption-3DES-AES : Enabled perpetual
Message #37 : Security Contexts : 2 perpetual
Message #38 : GTP/GPRS : Disabled perpetual
Message #39 : AnyConnect Premium Peers : 2 perpetual
Message #40 : AnyConnect Essentials : Disabled perpetual
Message #41 : Other VPN Peers : 5000 perpetual
Message #42 : Total VPN Peers : 5000 perpetual
Message #43 : Shared License : Disabled perpetual
Message #44 : AnyConnect for Mobile : Disabled perpetual
Message #45 : AnyConnect for Cisco VPN Phone : Disabled perpetual
Message #46 : Advanced Endpoint Assessment : Disabled perpetual
Message #47 : UC Phone Proxy Sessions : 2 perpetual
Message #48 : Total UC Proxy Sessions : 2 perpetual
Message #49 : Botnet Traffic Filter : Disabled perpetual
Message #50 : Intercompany Media Engine : Disabled perpetual
Message #51 : Cluster : Enabled perpetual
Message #52 :
This platform has an ASA 5540 VPN Premium license.
Message #53 :
Message #54 : Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Message #55 : Boot microcode : CN1000-MC-BOOT-2.00
Message #56 : SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
Message #57 : IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Message #58 :
Cisco Adaptive Security Appliance Software Version 9.1(1)
Message #59 :
Message #60 : ****************************** Warning *******************************
Message #61 : This product contains cryptographic features and is
Message #62 : subject to United States and local country laws
Message #63 : governing, import, export, transfer, and use.
Message #64 : Delivery of Cisco cryptographic products does not
Message #65 : imply third-party authority to import, export,
Message #66 : distribute, or use encryption. Importers, exporters,
Message #67 : distributors and users are responsible for compliance
Message #68 : with U.S. and local country laws. By using this
Message #69 : product you agree to comply with applicable laws and
Message #70 : regulations. If you are unable to comply with U.S.
Message #71 : and local laws, return the enclosed items immediately.
Message #72 :
Message #73 : A summary of U.S. laws governing Cisco cryptographic
Message #74 : products may be found at:
Message #75 : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Message #76 :
Message #77 : If you require further assistance please contact us by
Message #78 : sending email to export@cisco.com.
Message #79 : ******************************* Warning *******************************
Message #80 :
Message #81 : This product includes software developed by the OpenSSL Project
Message #82 : for use in the OpenSSL Toolkit (http://www.openssl.org/)
Message #83 : Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
Message #84 : All rights reserved.
Message #85 : Copyright (c) 1998-2011 The OpenSSL Project.
Message #86 : All rights reserved.
Message #87 : This product includes software developed at the University of
Message #88 : California, Irvine for use in the DAV Explorer project
Message #89 : (http://www.ics.uci.edu/~webdav/)
Message #90 : Copyright (c) 1999-2005 Regents of the University of California.
Message #91 : All rights reserved.
Message #92 : Busybox, version 1.16.1, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #93 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #94 : Busybox comes with ABSOLUTELY NO WARRANTY.
Message #95 : This is free software, and you are welcome to redistribute it under the General
Message #96 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #97 : See User Manual (''Licensing'') for details.
Message #98 : DOSFSTOOLS, version 2.11, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #99 : 59 Temple Place, Suite 330, Boston, MA 02111-1307
Message #100 : 675 Mass Ave, Cambridge, MA 02139
Message #101 : DOSFSTOOLS comes with ABSOLUTELY NO WARRANTY.
Message #102 : This is free software, and you are welcome to redistribute it under the General
Message #103 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #104 : See User Manual (''Licensing'') for details.
Message #105 : grub, version 0.94, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #106 : 59 Temple Place, Suite 330, Boston, MA 02111-1307
Message #107 : grub comes with ABSOLUTELY NO WARRANTY.
Message #108 : This is free software, and you are welcome to redistribute it under the General
Message #109 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #110 : See User Manual (''Licensing'') for details.
Message #111 : libgcc, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
Message #112 : libgcc comes with ABSOLUTELY NO WARRANTY.
Message #113 : This is free software, and you are welcome to redistribute it under the General
Message #114 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #115 : See User Manual (''Licensing'') for details.
Message #116 : libstdc++, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
Message #117 : libstdc++ comes with ABSOLUTELY NO WARRANTY.
Message #118 : This is free software, and you are welcome to redistribute it under the General
Message #119 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #120 : See User Manual (''Licensing'') for details.
Message #121 : Linux kernel, version 2.6.29.6, Copyright (C) 1989, 1991 Free Software
Message #122 : Foundation, Inc.
Message #123 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #124 : Linux kernel comes with ABSOLUTELY NO WARRANTY.
Message #125 : This is free software, and you are welcome to redistribute it under the General
Message #126 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #127 : See User Manual (''Licensing'') for details.
Message #128 : module-init-tools, version 3.10, Copyright (C) 1989, 1991 Free Software
Message #129 : Foundation, Inc.
Message #130 : 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Message #131 : module-init-tools comes with ABSOLUTELY NO WARRANTY.
Message #132 : This is free software, and you are welcome to redistribute it under the General
Message #133 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #134 : See User Manual (''Licensing'') for details.
Message #135 : numactl, version 2.0.3, Copyright (C) 2008 SGI.
Message #136 : Author: Andi Kleen, SUSE Labs
Message #137 : Version 2.0.0 by Cliff Wickman, Chritopher Lameter and Lee Schermerhorn
Message #138 : numactl comes with ABSOLUTELY NO WARRANTY.
Message #139 : This is free software, and you are welcome to redistribute it under the General
Message #140 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #141 : See User Manual (''Licensing'') for details.
Message #142 : pciutils, version 3.1.4, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #143 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #144 : pciutils comes with ABSOLUTELY NO WARRANTY.
Message #145 : This is free software, and you are welcome to redistribute it under the General
Message #146 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #147 : See User Manual (''Licensing'') for details.
Message #148 : readline, version 5.2, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #149 : 59 Temple Place, Suite 330, Boston, MA 02111 USA
Message #150 : readline comes with ABSOLUTELY NO WARRANTY.
Message #151 : This is free software, and you are welcome to redistribute it under the General
Message #152 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #153 : See User Manual (''Licensing'') for details.
Message #154 : udev, version 146, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Message #155 : 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Message #156 : udev comes with ABSOLUTELY NO WARRANTY.
Message #157 : This is free software, and you are welcome to redistribute it under the General
Message #158 : Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
Message #159 : See User Manual (''Licensing'') for details.
Message #160 : Cisco Adapative Security Appliance Software, version 9.1,
Message #161 : Copyright (c) 1996-2012 by Cisco Systems, Inc.
Message #162 : Certain components of Cisco ASA Software, Version 9.1 are licensed under the GNU
Message #163 : Lesser Public License (LGPL) Version 2.1. The software code licensed under LGPL
Message #164 : Version 2.1 is free software that comes with ABSOLUTELY NO WARRANTY. You can
Message #165 : redistribute and/or modify such LGPL code under the terms of LGPL Version 2.1
Message #166 : (http://www.gnu.org/licenses/lgpl-2.1.html). See User Manual for licensing
Message #167 : details.
Message #168 : Restricted Rights Legend
Message #169 : Use, duplication, or disclosure by the Government is
Message #170 : subject to restrictions as set forth in subparagraph
Message #171 : (c) of the Commercial Computer Software - Restricted
Message #172 : Rights clause at FAR sec. 52.227-19 and subparagraph
Message #173 : (c) (1) (ii) of the Rights in Technical Data and Computer
Message #174 : Software clause at DFARS sec. 252.227-7013.
Message #175 : Cisco Systems, Inc.
Message #176 : 170 West Tasman Drive
Message #177 : San Jose, California 95134-1706
Message #178 : snmp_write(): error generating IPSec Flow Start trap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2015 12:02 PM
Hi,
I have this configuration:
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map SONICWALL_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map SONICWALL_map interface SONICWALL
crypto ikev1 policy 1
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 2
authentication crack
encryption des
hash sha
group 2
lifetime 86400
There are many group policies, and tunnel groups, though since you are not able to connect, and there is not a prompt for username and password. The ASA seems to teardown the connection even when there is a sysopt command applied.
Could you please show me, what you are configuring, on the end user?
Remember:
- Connection entry: A name for the connection
- Host: Public IP address of the sonicwall interface
- Name: Tunnel group name
- Password: Pre-share key
-------------------------------------------------------------------------------------------------------------------
- If there is a sonicwall device attached to the interface and it is forwarding the UDP 500 requests from the client to the server, it might be tampering those packets therefore the ASA would drop those. Try to use an interface that has a direct connection to the internet.
- Or use TCP to established the connection by issuing this command:
crypto ikev1 ipsec over tcp port 10000
On the client, click on transport and check the TCP option, does that work?
------------------------------------------------------------------------------------------------------------
If not go ahead and set up this capture to see if the packets from the client are getting to the ASA, and see if the ASA responds to it:
Capture CAP interface <sonicwall> match ip host <public IP address> host <Public IP address of the computer on the outside>
Also run debugs:
- debug crypto ikev1 250
- debug crypto ipsec 250
Attach those..
Also follow these 2 documents for troubleshooting purposes:
- IPsec Troubleshooting: Understanding and Using debug Commands
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html
- Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html
Please rate if this has been helpful for you!
David Castro,
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide