Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
2
Replies

vpn nat issue

dann.lo77
Level 1
Level 1

‎05-13-2011 03:44 PM

All,

Thanks in advance for your help, got a quick vpn nat issue.

When connected thru the VPN, I try to ping a resource on the private network and the respond is a public nat ip not the private IP. Any help would be appreciated.

Labels:
0 Helpful
2 Replies 2

Herbert Baerten
Cisco Employee
Cisco Employee

‎05-18-2011 07:47 AM

You need to configure nat exemption, i.e. configure the vpn device to *not* NAT the source address when sending over the tunnel.

If you need more help, let us know more details, i.e. is this on IOS or ASA? Maybe include part of the config (after removing any sensitive info).

hth

Herbert

0 Helpful

dann.lo77
Level 1
Level 1
In response to Herbert Baerten

‎05-19-2011 10:36 AM

Herbert,

The firewall is a Cisco 871 running IOS 12.4 (4)T3

Here is the commands I used on the firewall to setup the VPN:

Router(config)#aaa new-model
Router(config)#aaa authentication login userauth local-case
Router(config)#aaa authorization network groupauth local
Router(config)#username myusername password 0 mypassword
Router(config)#crypto isakmp policy 3
Router(config-isakmp)#encryption 3des
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#group 2
Router(config-isakmp)#exit
Router(config)#crypto isakmp client configuration group mygroupname
Router(config-isakmp-group)#key mygroupkey
Router(config-isakmp-group)#dns ---.---.---.---
Router(config-isakmp-group)#domain mydomain
Router(config-isakmp-group)#pool myvpnpool
Router(config-isakmp-group)#acl 101
Router(config-isakmp-group)#exit
Router(config)#crypto ipsec transform-set myset esp-3des esp-md5-hmac
Router(cfg-crypto-trans)#exit
Router(config)#crypto dynamic-map dynmap 10
Router(config-crypto-map)#set transform-set myset
Router(config-crypto-map)#reverse-route
Router(config-crypto-map)#exit
Router(config)#crypto map clientmap client authentication list userauth
Router(config)#crypto map clientmap isakmp authorization list groupauth
Router(config)#crypto map clientmap client configuration address respond
Router(config)#crypto map clientmap 10 ipsec-isakmp dynamic dynmap
Router(config)#int fa0/0
Router(config-if)#ip address  
Router(config-if)#no shut
Router(config-if)#ip nat outside
Router(config-if)#crypto map clientmap
Router(config-if)#exit
Router(config)#ip local pool myvpnpool ---.---.---.--- ---.---.---.---
Router(config)#ip nat inside source list 111 interface FastEthernet0/0 overload
Router(config)#access-list 111 deny ip   ---.---.---.--- ---.---.---.---
Router(config)#access-list 111 permit ip any any
Router(config)#access-list 101 permit ip   ---.---.---.--- ---.---.---.---

At one point the VPN connected and the servers were not NAT'd correctly, now when I set up the VPN the connection connects then drops right away.
Here is my running-config


sh
nexgen#show ru
nexgen#show running-config 
Building configuration...

Current configuration : 55869 bytes
!
! Last configuration change at 19:10:34 PCTime Thu Apr 28 2011 by flyon
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname nexgen
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 
!
aaa new-model
!
!
aaa group server radius sdm-vpn-server-group-1
 server  auth-port 1645 acct-port 1646
!
aaa group server radius sdm-vpn-server-group-2
 server  auth-port 1645 acct-port 1646
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authentication login sdm_vpn_xauth_ml_4 local
aaa authentication login sdm_vpn_xauth_ml_5 group sdm-vpn-server-group-1 local
aaa authentication login sdm_vpn_xauth_ml_6 group sdm-vpn-server-group-2 local
aaa authentication login nexgenremote group radius
aaa authorization exec local_author local 
aaa authorization network sdm_vpn_group_ml_1 local 
aaa authorization network sdm_vpn_group_ml_2 local 
aaa authorization network sdm_vpn_group_ml_3 local 
aaa authorization network NXvpn1 local 
aaa authorization network sdm_vpn_group_ml_4 local 
aaa authorization network sdm_vpn_group_ml_5 group sdm-vpn-server-group-1 
aaa authorization network sdm_vpn_group_ml_6 group sdm-vpn-server-group-2 
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip ftp username cisco
ip ftp password 7 121A0C041104
ip tcp synwait-time 10
no ip bootp server
ip domain name 
ip name-server 
ip name-server 
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-1861780053
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1861780053
 revocation-check none
 rsakeypair TP-self-signed-1861780053
!
!
crypto pki certificate chain TP-self-signed-1861780053
 certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31383631 37383030 3533301E 170D3032 30333031 30303036 
  35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38363137 
  38303035 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100E8D6 EA5DA90B 8E0834D6 80590525 0AE8EF88 2CCEA2BE 13B05289 7DDF1AC4 
  5C7C0B10 B97E98FE 7A0BF67D A2FD9C97 C41712B5 95FC2256 3545F7BD ADD83606 
  1D703A17 95190906 FD537ABD BC2997A6 CCFC33D6 2B71DAED FE02AEC5 C60A0E00 
  83CD50D3 600D6E6E 9CFE7150 2EEC6291 A512B26D 59838275 135E0A88 1EA02995 
  03890203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D1104 18301682 146E6578 67656E2E 6E657867 656E696E 632E636F 6D301F06 
  03551D23 04183016 8014C172 02BFC980 A5908E58 DC100CB9 A0C9C032 2B30301D 
  0603551D 0E041604 14C17202 BFC980A5 908E58DC 100CB9A0 C9C0322B 30300D06 
  092A8648 86F70D01 01040500 03818100 01C93A88 0EC9F0B7 3FF99F6F B216ECBC 
  6DFFFD9A DC1CE224 302DA836 F72E3ADD 82027FAF E6C13230 5966A614 B54A42B5 
  DC67CF29 B2E2D7E4 78058363 D9A08EDB 199DE24D B0B04895 8ECACCE1 C292956E 
  6BF2E222 A097AEED 3D3F3B42 AA3C356A E00BCE60 DB761960 A01113C0 AFDE7DE3 
  82356182 4B073B19 09009835 020BA2C7
  quit
!
no spanning-tree vlan 1
username nexadmin privilege 15 password 7 
username ktamton privilege 15 secret 5 
username flyon privilege 15 secret 5 
username celliott privilege 15 secret 5 
username nrafiq privilege 15 secret 5 
username dgreen privilege 14 secret 5 
username steves privilege 15 secret 5 
username us privilege 15 password 7 
!
! 
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 480
!
crypto isakmp policy 2
 group 2
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20
crypto isakmp client configuration address-pool local dyn-vpn-pool
!
crypto isakmp client configuration group nexgenremote
 key 
 dns 10.10.10.37
 domain nexgeninc.local
 banner ^CWelcome to the Nexgen VPN authorized users only!!  ^C
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn-transform-set-1 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac 
!
crypto map nexgenremote isakmp authorization list nexgenremote
crypto map nexgenremote client configuration address respond
!
!
!
interface Null0
 no ip unreachables
!
interface Loopback1
 no ip address
!
interface FastEthernet0
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$
 ip address ---.---.---.--- 255.255.255.224
 ip access-group sdm_fastethernet4_in in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address ---.---.---.--- 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
router rip
 network 10.0.0.0
 no auto-summary
!
ip local pool dyn-vpn-pool ---.---.---.--- 172.16.1.50
ip local pool nexgenvpnpool ---.---.---.--- 172.16.5.30
ip classless
ip route 0.0.0.0 0.0.0.0 64.207.50.33
ip flow-top-talkers
 top 20
 sort-by bytes
 cache-timeout 10000
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat translation dns-timeout 120
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static 10.10.10.35 64.207.50.35 route-map SDM_RMAP_7
ip nat inside source static 10.10.10.36 64.207.50.36 route-map SDM_RMAP_9
ip nat inside source static 10.10.10.37 64.207.50.37 route-map SDM_RMAP_6
ip nat inside source static 10.10.10.38 64.207.50.38 route-map SDM_RMAP_8
ip nat inside source static 10.10.10.39 64.207.50.39 route-map SDM_RMAP_5
ip nat inside source static 10.10.10.40 64.207.50.40 route-map SDM_RMAP_4
ip nat inside source static 10.10.10.41 64.207.50.41 route-map SDM_RMAP_11
ip nat inside source static 10.10.10.42 64.207.50.42 route-map SDM_RMAP_2
ip nat inside source static 10.10.10.48 64.207.50.48 route-map SDM_RMAP_10
!
ip access-list extended sdm_fastethernet4_in
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 192.43.244.18
 permit udp host 192.43.244.18 eq ntp host 64.207.50.34 eq ntp
 remark Auto generated by SDM for NTP (123) 128.138.140.44
 permit udp host 128.138.140.44 eq ntp host 64.207.50.34 eq ntp
 remark Auto generated by SDM for NTP (123) 132.163.4.101
 permit udp host 132.163.4.101 eq ntp host 64.207.50.34 eq ntp
 permit ahp any host 64.207.50.34
 permit esp any host 64.207.50.34
 permit udp any host 64.207.50.34 eq isakmp
 permit udp any host 64.207.50.34 eq non500-isakmp
 permit ip host 172.16.1.50 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.49 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.48 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.47 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.46 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.45 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.44 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.43 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.42 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.41 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.40 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.39 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.38 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.37 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.36 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.35 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.34 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.33 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.32 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.31 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.30 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.29 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.28 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.27 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.26 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.25 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.24 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.23 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.22 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.21 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.20 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.19 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.18 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.17 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.16 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.15 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.14 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.13 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.12 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.11 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.10 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.9 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.8 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.7 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.6 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.5 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.4 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.3 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.2 10.10.10.0 0.0.0.255
 permit ip host 172.16.1.1 10.10.10.0 0.0.0.255
 remark SBS 2008 SMTP
 permit tcp any host 64.207.50.37 eq smtp
 permit ip any any
ip access-list extended split-tunnel
 remark SDM_ACL Category=16
 permit ip 10.10.10.0 0.0.0.255 172.16.1.0 0.0.0.255
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark SDM_ACL Category=1
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 60 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 445
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq cmd
access-list 100 deny   tcp any host 10.10.10.1 eq telnet
access-list 100 deny   tcp any host 10.10.10.1 eq 22
access-list 100 deny   tcp any host 10.10.10.1 eq www
access-list 100 deny   tcp any host 10.10.10.1 eq 443
access-list 100 deny   tcp any host 10.10.10.1 eq cmd
access-list 100 deny   udp any host 10.10.10.1 eq snmp
access-list 100 deny   ip 64.207.50.32 0.0.0.31 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any echo
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any host 64.207.50.34 eq non500-isakmp
access-list 101 permit udp any host 64.207.50.34 eq isakmp
access-list 101 permit esp any host 64.207.50.34
access-list 101 permit ahp any host 64.207.50.34
access-list 101 deny   udp any host 64.207.50.34 eq snmp
access-list 101 remark Auto generated by SDM for NTP (123) 128.138.140.44
access-list 101 permit udp host 128.138.140.44 eq ntp host 64.207.50.34 eq ntp
access-list 101 remark Auto generated by SDM for NTP (123) 192.43.244.18
access-list 101 permit udp host 192.43.244.18 eq ntp host 64.207.50.34 eq ntp
access-list 101 remark Auto generated by SDM for NTP (123) 132.163.4.101
access-list 101 permit udp host 132.163.4.101 eq ntp host 64.207.50.34 eq ntp
access-list 101 deny   tcp any host 64.207.50.40 eq 445
access-list 101 deny   tcp any host 64.207.50.40 eq 139
access-list 101 permit udp any host 64.207.50.40
access-list 101 permit ip any host 64.207.50.40
access-list 101 permit tcp any host 64.207.50.40
access-list 101 permit tcp any eq www host 64.207.50.40
access-list 101 permit tcp any eq smtp host 64.207.50.40
access-list 101 permit tcp any eq pop3 host 64.207.50.40
access-list 101 permit tcp any eq domain host 64.207.50.40
access-list 101 permit udp any host 64.207.50.39
access-list 101 permit tcp any host 64.207.50.39
access-list 101 permit udp any host 64.207.50.38
access-list 101 permit tcp any host 64.207.50.38
access-list 101 permit udp any host 64.207.50.37
access-list 101 permit udp any host 64.207.50.36
access-list 101 permit tcp any host 64.207.50.36
access-list 101 permit udp any host 64.207.50.35
access-list 101 permit tcp any host 64.207.50.35
access-list 101 permit udp host 10.10.10.36 eq domain host 64.207.50.34
access-list 101 permit udp host 10.10.10.35 eq domain host 64.207.50.34
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 64.207.50.34 echo-reply
access-list 101 permit icmp any host 64.207.50.34 time-exceeded
access-list 101 permit icmp any host 64.207.50.34 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 permit icmp any 64.207.50.32 0.0.0.31
access-list 101 permit icmp any host 64.207.50.40 echo-reply
access-list 101 permit icmp any host 64.207.50.40 time-exceeded
access-list 101 permit icmp any host 64.207.50.40 unreachable
access-list 101 permit tcp any host 64.207.50.37
access-list 101 deny   ip any any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 permit ip host 216.150.216.18 any
access-list 103 permit ip 10.10.10.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 104 remark SDM_ACL Category=18
access-list 104 deny   ip host 10.10.10.48 any
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.1
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.2
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.3
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.4
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.5
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.6
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.7
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.8
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.9
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.10
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.11
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.12
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.13
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.14
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.15
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.16
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.17
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.18
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.19
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.20
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.21
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.22
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.23
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.24
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.25
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.26
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.27
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.28
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.29
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.30
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.31
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.32
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.33
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.34
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.35
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.36
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.37
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.38
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.39
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.40
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.41
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.42
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.43
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.44
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.45
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.46
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.47
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.48
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.49
access-list 104 deny   ip 10.10.10.0 0.0.0.255 host 172.16.1.50
access-list 104 deny   ip host 10.10.10.35 any
access-list 104 deny   ip host 10.10.10.36 any
access-list 104 deny   ip host 10.10.10.37 any
access-list 104 deny   ip host 10.10.10.38 any
access-list 104 deny   ip host 10.10.10.39 any
access-list 104 deny   ip host 10.10.10.40 any
access-list 104 deny   ip host 10.10.10.41 any
access-list 104 deny   ip host 10.10.10.42 any
access-list 104 deny   ip 10.10.10.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 104 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit udp any host 10.10.10.1 eq isakmp
access-list 105 permit esp any host 10.10.10.1
access-list 105 permit ahp any host 10.10.10.1
access-list 105 permit tcp 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255 eq smtp
access-list 105 permit tcp 10.10.10.0 0.0.0.255 eq domain 10.10.10.0 0.0.0.255 eq domain
access-list 105 deny   ip 64.207.50.32 0.0.0.31 any
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 permit ip any any
access-list 105 deny   udp any host 10.10.10.1 eq snmp
access-list 105 deny   tcp any host 10.10.10.1 eq 22
access-list 105 deny   tcp any host 10.10.10.1 eq www
access-list 105 deny   tcp any host 10.10.10.1 eq telnet
access-list 105 deny   tcp any host 10.10.10.1 eq 443
access-list 105 permit tcp 10.10.10.0 0.0.0.255 any eq www
access-list 105 permit tcp 10.10.10.0 0.0.0.255 any eq cmd
access-list 105 permit tcp 10.10.10.0 0.0.0.255 any eq 443
access-list 105 permit tcp 10.10.10.0 0.0.0.255 any eq 22
access-list 105 permit icmp any any
access-list 105 permit icmp any host 10.10.10.40 echo-reply
access-list 105 permit icmp any host 10.10.10.40 time-exceeded
access-list 105 permit icmp any host 10.10.10.40 unreachable
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit udp any host 10.10.10.1 eq non500-isakmp
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 permit tcp any host 64.207.50.34 eq smtp
access-list 106 permit udp any host 64.207.50.42
access-list 106 permit tcp any host 64.207.50.42
access-list 106 permit udp any host 64.207.50.41
access-list 106 permit tcp any host 64.207.50.41
access-list 106 permit udp any host 64.207.50.40
access-list 106 permit tcp any host 64.207.50.40
access-list 106 permit udp any host 64.207.50.39
access-list 106 permit tcp any host 64.207.50.39
access-list 106 permit udp any host 64.207.50.38
access-list 106 permit tcp any host 64.207.50.38
access-list 106 permit udp any host 64.207.50.37
access-list 106 permit tcp any host 64.207.50.37
access-list 106 permit udp any host 64.207.50.36
access-list 106 permit tcp any host 64.207.50.36
access-list 106 permit udp any host 64.207.50.35
access-list 106 permit tcp any host 64.207.50.35
access-list 106 remark Auto generated by SDM for NTP (123) 192.43.244.18
access-list 106 permit udp host 192.43.244.18 eq ntp host 64.207.50.34 eq ntp
access-list 106 remark Auto generated by SDM for NTP (123) 128.138.140.44
access-list 106 permit udp host 128.138.140.44 eq ntp host 64.207.50.34 eq ntp
access-list 106 remark Auto generated by SDM for NTP (123) 132.163.4.101
access-list 106 permit udp host 132.163.4.101 eq ntp host 64.207.50.34 eq ntp
access-list 106 permit udp any host 64.207.50.34 eq isakmp
access-list 106 permit esp any host 64.207.50.34
access-list 106 permit ahp any host 64.207.50.34
access-list 106 deny   ip 10.10.10.0 0.0.0.255 any
access-list 106 permit icmp any host 64.207.50.34 echo-reply
access-list 106 permit icmp any host 64.207.50.34 time-exceeded
access-list 106 permit icmp any host 64.207.50.34 unreachable
access-list 106 permit tcp any host 64.207.50.34 eq 443
access-list 106 permit tcp any host 64.207.50.34 eq 22
access-list 106 permit tcp any host 64.207.50.34 eq cmd
access-list 106 deny   ip 10.0.0.0 0.255.255.255 any
access-list 106 deny   ip 172.16.0.0 0.15.255.255 any
access-list 106 deny   ip 192.168.0.0 0.0.255.255 any
access-list 106 deny   ip 127.0.0.0 0.255.255.255 any
access-list 106 deny   ip host 255.255.255.255 any
access-list 106 deny   ip host 0.0.0.0 any
access-list 106 deny   ip any any log
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 remark Auto generated by SDM for NTP (123) 192.43.244.18
access-list 106 remark Auto generated by SDM for NTP (123) 128.138.140.44
access-list 106 remark Auto generated by SDM for NTP (123) 132.163.4.101
access-list 106 permit udp any host 64.207.50.34 eq non500-isakmp
access-list 107 permit ip host 10.10.10.42 any
access-list 107 remark SDM_ACL Category=2
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.50
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.49
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.48
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.47
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.46
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.45
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.44
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.43
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.42
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.41
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.40
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.39
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.38
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.37
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.36
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.35
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.34
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.33
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.32
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.31
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.30
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.29
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.28
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.27
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.26
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.25
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.24
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.23
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.22
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.21
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.20
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.19
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.18
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.17
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.16
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.15
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.14
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.13
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.12
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.11
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.10
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.9
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.8
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.7
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.6
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.5
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.4
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.3
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.2
access-list 107 deny   ip host 10.10.10.42 host 172.16.1.1
access-list 108 permit icmp any any echo
access-list 108 permit icmp any any echo-reply
access-list 109 permit ip host 10.10.10.41 any
access-list 109 remark SDM_ACL Category=2
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.50
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.49
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.48
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.47
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.46
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.45
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.44
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.43
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.42
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.41
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.40
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.39
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.38
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.37
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.36
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.35
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.34
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.33
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.32
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.31
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.30
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.29
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.28
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.27
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.26
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.25
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.24
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.23
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.22
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.21
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.20
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.19
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.18
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.17
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.16
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.15
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.14
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.13
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.12
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.11
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.10
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.9
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.8
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.7
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.6
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.5
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.4
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.3
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.2
access-list 109 deny   ip host 10.10.10.41 host 172.16.1.1
access-list 110 permit ip host 10.10.10.40 any
access-list 110 remark SDM_ACL Category=2
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.50
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.49
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.48
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.47
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.46
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.45
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.44
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.43
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.42
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.41
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.40
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.39
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.38
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.37
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.36
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.35
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.34
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.33
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.32
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.31
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.30
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.29
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.28
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.27
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.26
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.25
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.24
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.23
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.22
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.21
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.20
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.19
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.18
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.17
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.16
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.15
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.14
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.13
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.12
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.11
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.10
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.9
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.8
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.7
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.6
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.5
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.4
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.3
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.2
access-list 110 deny   ip host 10.10.10.40 host 172.16.1.1
access-list 111 permit ip host 10.10.10.39 any
access-list 111 remark SDM_ACL Category=2
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.50
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.49
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.48
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.47
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.46
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.45
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.44
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.43
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.42
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.41
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.40
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.39
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.38
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.37
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.36
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.35
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.34
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.33
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.32
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.31
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.30
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.29
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.28
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.27
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.26
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.25
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.24
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.23
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.22
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.21
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.20
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.19
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.18
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.17
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.16
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.15
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.14
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.13
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.12
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.11
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.10
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.9
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.8
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.7
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.6
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.5
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.4
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.3
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.2
access-list 111 deny   ip host 10.10.10.39 host 172.16.1.1
access-list 112 permit ip host 10.10.10.37 any
access-list 112 remark SDM_ACL Category=2
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.50
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.49
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.48
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.47
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.46
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.45
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.44
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.43
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.42
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.41
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.40
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.39
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.38
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.37
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.36
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.35
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.34
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.33
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.32
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.31
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.30
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.29
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.28
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.27
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.26
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.25
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.24
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.23
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.22
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.21
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.20
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.19
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.18
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.17
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.16
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.15
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.14
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.13
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.12
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.11
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.10
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.9
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.8
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.7
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.6
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.5
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.4
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.3
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.2
access-list 112 deny   ip host 10.10.10.37 host 172.16.1.1
access-list 113 permit ip host 10.10.10.35 any
access-list 113 remark SDM_ACL Category=2
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.50
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.49
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.48
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.47
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.46
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.45
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.44
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.43
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.42
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.41
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.40
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.39
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.38
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.37
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.36
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.35
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.34
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.33
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.32
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.31
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.30
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.29
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.28
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.27
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.26
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.25
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.24
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.23
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.22
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.21
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.20
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.19
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.18
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.17
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.16
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.15
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.14
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.13
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.12
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.11
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.10
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.9
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.8
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.7
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.6
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.5
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.4
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.3
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.2
access-list 113 deny   ip host 10.10.10.35 host 172.16.1.1
access-list 114 permit ip host 10.10.10.38 any
access-list 114 remark SDM_ACL Category=2
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.50
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.49
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.48
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.47
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.46
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.45
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.44
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.43
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.42
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.41
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.40
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.39
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.38
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.37
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.36
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.35
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.34
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.33
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.32
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.31
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.30
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.29
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.28
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.27
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.26
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.25
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.24
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.23
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.22
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.21
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.20
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.19
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.18
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.17
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.16
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.15
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.14
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.13
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.12
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.11
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.10
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.9
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.8
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.7
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.6
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.5
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.4
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.3
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.2
access-list 114 deny   ip host 10.10.10.38 host 172.16.1.1
access-list 115 permit ip host 10.10.10.36 any
access-list 115 remark SDM_ACL Category=2
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.50
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.49
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.48
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.47
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.46
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.45
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.44
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.43
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.42
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.41
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.40
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.39
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.38
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.37
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.36
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.35
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.34
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.33
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.32
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.31
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.30
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.29
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.28
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.27
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.26
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.25
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.24
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.23
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.22
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.21
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.20
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.19
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.18
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.17
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.16
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.15
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.14
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.13
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.12
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.11
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.10
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.9
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.8
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.7
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.6
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.5
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.4
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.3
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.2
access-list 115 deny   ip host 10.10.10.36 host 172.16.1.1
access-list 116 remark SDM_ACL Category=2
access-list 116 permit ip host 10.10.10.48 any
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.50
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.49
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.48
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.47
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.46
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.45
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.44
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.43
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.42
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.41
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.40
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.39
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.38
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.37
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.36
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.35
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.34
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.33
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.32
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.31
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.30
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.29
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.28
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.27
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.26
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.25
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.24
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.23
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.22
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.21
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.20
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.19
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.18
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.17
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.16
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.15
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.14
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.13
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.12
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.11
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.10
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.9
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.8
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.7
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.6
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.5
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.4
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.3
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.2
access-list 116 deny   ip host 10.10.10.48 host 172.16.1.1
access-list 117 remark VTY Access-class list
access-list 117 remark SDM_ACL Category=1
access-list 117 permit ip 10.10.10.0 0.0.0.255 any
access-list 117 deny   ip any any
access-list 118 remark SDM_ACL Category=2
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.50
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.49
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.48
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.47
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.46
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.45
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.44
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.43
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.42
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.41
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.40
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.39
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.38
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.37
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.36
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.35
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.34
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.33
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.32
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.31
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.30
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.29
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.28
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.27
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.26
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.25
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.24
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.23
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.22
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.21
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.20
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.19
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.18
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.17
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.16
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.15
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.14
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.13
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.12
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.11
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.10
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.9
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.8
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.7
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.6
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.5
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.4
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.3
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.2
access-list 118 deny   ip host 10.10.10.41 host 172.16.1.1
access-list 118 permit ip host 10.10.10.41 any
no cdp run
route-map SDM_RMAP_11 permit 1
 match ip address 118
!
route-map SDM_RMAP_10 permit 1
 match ip address 116
!
route-map SDM_RMAP_4 permit 1
 match ip address 110
!
route-map SDM_RMAP_5 permit 1
 match ip address 111
!
route-map SDM_RMAP_6 permit 1
 match ip address 112
!
route-map SDM_RMAP_7 permit 1
 match ip address 113
!
route-map SDM_RMAP_1 permit 1
 match ip address 104
!
route-map SDM_RMAP_2 permit 1
 match ip address 107
!
route-map SDM_RMAP_3 permit 1
 match ip address 109
!
route-map SDM_RMAP_8 permit 1
 match ip address 114
!
route-map SDM_RMAP_9 permit 1
 match ip address 115
!
radius-server host 10.10.10.37 auth-port 1645 acct-port 1646 key 7 0102175C03080E4C741E185C3956472B041F097B212625053866
!
control-plane
!
banner login ^CAuthorized access only!
 Only NexGen authorized Admins!
^C
!
line con 0
 login authentication local_authen
 no modem enable
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 117 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17175039
ntp server 128.138.140.44 source FastEthernet4 prefer
ntp server 132.163.4.101 source FastEthernet4
ntp server 192.43.244.18 source FastEthernet4
end

nexgen#

0 Helpful
Customers Also Viewed These Support Documents