ASA 5505

Perguntas não respondidas
abr 28th, 2017
User Badges:

Fala pessoal, 


Estou tendo dificuldades para configurar redirecionamento da porta 80 para meu servidor interno.

Tenho dois links com ips públicos configurado nas interfaces outside.

Se eu acessar a porta 80 pelo ip da interface 1 vai normal, mas quando acesso a porta 80 através do ip da interface 2, não funciona.

Revisei as regras de firewall e de direcionamento nas duas interfaces e estão ok.


Alguém tem ideia do que possa ser?


Obrigado. 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jorge Garcia qui, 05/25/2017 - 15:09
User Badges:
  • Cisco Employee,


Oi Weslley,


Obrigado por utilizar a Comunidade de Soporte da Cisco. Voce poderia compartilhar o seguintes comandos para e ver a configuração atual:


- show run nat

- show run access-group

- show access-list


Agora vamos fazer uma simulação no ASA de trafego que vem da Internet para seu ASA:


# packet-tracer input <nome_da_interfaz> tcp 8.8.8.8 34567 <IP_do ASA> 80 detail



Obrigado pela informação,

Atenciosamente,


Osvaldo García.

weslley.revnei seg, 05/29/2017 - 05:44
User Badges:

Olá Osvaldo,


Segue os resultados abaixo.


Result of the command: "show run nat"

nat (vLan-Rede-Ingenico-V4,vLan-Embratel) source static CenterCell-Rede-V4 CenterCell-Rede-V4 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup
nat (vLan-Rede-Local,vLan-Embratel) source static CenterCell-Rede-Local CenterCell-Rede-Local destination static W-HOME-REDE W-HOME-REDE no-proxy-arp route-lookup
!
object network Internet-Rede-Servidores-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Visitantes-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Test-Labs
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Achi-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Servidores-Algar
nat (any,vLan-Algar) dynamic interface
object network Internet-Rede-Visitantes-Algar
nat (any,vLan-Algar) dynamic interface
object network Internet-Rede-Achi-Algar
nat (any,vLan-Algar) dynamic interface
object network TS-Weslley-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 3389 3505
object network SQL-SERVER-INGENICO-STATE
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 64677 3768
object network CenterCell-Server-HTTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp www www
object network CenterCell-Server-FTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp ftp ftp
object network CenterCell-Server-FTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp ftp ftp
object network CenterCell-Server-HTTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp www www
object network SQL-SERVER-WSYSTEM
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 61496 37689
object network TS-Weslley-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp 3389 3505
object network NobreakAPC10KVA-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 8010 8010
object network TS-Clayton-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 3389 3392
object network TS-Clayton-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp 3389 3392
object network Internet-Rede-ControleAcesso
nat (any,vLan-Embratel) dynamic interface
object network TS-Remote-VM-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 3389 3590
object network TS-Remote-VM-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp 3389 3590
object network Internet-Rede-IpsLiberadosInternet
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Samsung-Npc-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Samsung-Npc-Algar
nat (any,vLan-Algar) dynamic interface
object network MicrosigaExternoProducao
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 10072 58070
object network MicrosigaExternoHomologacao
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 19970 58065



Result of the command: "show run access-group"

access-group vLan-Rede-Local_access_in in interface vLan-Rede-Local
access-group vLan-Rede-Ingenico-V4_access_in in interface vLan-Rede-Ingenico-V4
access-group vLan-Rede-Visitantes_access_in in interface vLan-Rede-Visitantes
access-group vLan-Rede-Samsung-Npc_access_in_1 in interface vLan-Rede-Samsung-Npc
access-group vLan-Rede-Achi_access_in in interface vLan-Rede-Achi
access-group vLan-Embratel_access_in in interface vLan-Embratel
access-group vLan-Algar_access_in in interface vLan-Algar
access-group vLan-Rede-ControleAcesso_access_in in interface vLan-Rede-ControleAcesso



Result of the command: "show access-list"

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
alert-interval 300
access-list vLan-Embratel_cryptomap_2; 4 elements; name hash: 0xb5612586
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_3 (hitcnt=0) 0xd857bfc0
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x2427ca8d
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0xc821a483
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0x5ff2e5ad
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0xe67a32a6
access-list vLan-Embratel_cryptomap_4; 4 elements; name hash: 0x150e6117
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_1 (hitcnt=0) 0xb39fa9c4
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x30cec426
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0x2f2cb78f
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0x92871b8b
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0xaabf31fc
access-list vLan-Rede-Visitantes_access_in; 13 elements; name hash: 0x804aa566
access-list vLan-Rede-Visitantes_access_in line 1 extended permit tcp object CenterCell-Rede-Visitantes any eq ftp time-range Comercial (hitcnt=1) 0x2cbcf1df
access-list vLan-Rede-Visitantes_access_in line 1 extended permit tcp 192.168.255.0 255.255.255.192 any eq ftp time-range Comercial (hitcnt=1) 0x2cbcf1df
access-list vLan-Rede-Visitantes_access_in line 2 extended permit tcp object CenterCell-Rede-Visitantes any eq https time-range Comercial (hitcnt=2408091) 0x82f3a307
access-list vLan-Rede-Visitantes_access_in line 2 extended permit tcp 192.168.255.0 255.255.255.192 any eq https time-range Comercial (hitcnt=2408091) 0x82f3a307
access-list vLan-Rede-Visitantes_access_in line 3 extended permit udp object CenterCell-Rede-Visitantes any eq ntp time-range Comercial (hitcnt=29384) 0x1d9fe87f
access-list vLan-Rede-Visitantes_access_in line 3 extended permit udp 192.168.255.0 255.255.255.192 any eq ntp time-range Comercial (hitcnt=29384) 0x1d9fe87f
access-list vLan-Rede-Visitantes_access_in line 4 extended permit udp object CenterCell-Rede-Visitantes any eq snmp time-range Comercial (hitcnt=42225) 0xa12eaa09
access-list vLan-Rede-Visitantes_access_in line 4 extended permit udp 192.168.255.0 255.255.255.192 any eq snmp time-range Comercial (hitcnt=42225) 0xa12eaa09
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp object CenterCell-Rede-Visitantes any object-group PORT-EMAIL time-range Comercial (hitcnt=63) 0xa2b3b63b
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 465 time-range Comercial (hitcnt=63) 0xfbbedd47
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 587 time-range Comercial (hitcnt=49) 0xff20b7f8
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 993 time-range Comercial (hitcnt=4776) 0x8f26c5fc
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 995 time-range Comercial (hitcnt=1294) 0xad041ecf
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq pop3 time-range Comercial (hitcnt=185) 0x817874a4
access-list vLan-Rede-Visitantes_access_in line 6 extended permit object-group DM_INLINE_SERVICE_1 object CenterCell-Rede-Visitantes any time-range Comercial (hitcnt=346) 0x4ad92f95
access-list vLan-Rede-Visitantes_access_in line 6 extended permit tcp 192.168.255.0 255.255.255.192 any eq domain time-range Comercial (hitcnt=346) 0x488785ae
access-list vLan-Rede-Visitantes_access_in line 6 extended permit udp 192.168.255.0 255.255.255.192 any eq domain time-range Comercial (hitcnt=2352308) 0xaf0c108a
access-list vLan-Rede-Visitantes_access_in line 7 extended permit tcp object CenterCell-Rede-Visitantes any eq www time-range Comercial (hitcnt=706366) 0x92ce6309
access-list vLan-Rede-Visitantes_access_in line 7 extended permit tcp 192.168.255.0 255.255.255.192 any eq www time-range Comercial (hitcnt=706366) 0x92ce6309
access-list vLan-Rede-Visitantes_access_in line 8 extended permit udp object CenterCell-Rede-Visitantes any time-range Comercial (hitcnt=1395620) 0x4a5c712b
access-list vLan-Rede-Visitantes_access_in line 8 extended permit udp 192.168.255.0 255.255.255.192 any time-range Comercial (hitcnt=1395620) 0x4a5c712b
access-list vLan-Rede-Ingenico-V4_access_in; 7 elements; name hash: 0x76deed0b
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit object-group PORT-INGENICO-V4 object CenterCell-Rede-V4 any (hitcnt=62731) 0x56b79ec0
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any eq 8080 (hitcnt=62731) 0x66731137
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any range 2290 2299 (hitcnt=0) 0x8f03a99d
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any range 9050 9059 (hitcnt=20427) 0x0d6299ea
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any eq 9040 (hitcnt=44) 0x245eaab8
access-list vLan-Rede-Ingenico-V4_access_in line 2 extended permit icmp object CenterCell-Rede-V4 any (hitcnt=317289) 0x77684cac
access-list vLan-Rede-Ingenico-V4_access_in line 2 extended permit icmp 172.16.0.0 255.255.255.192 any (hitcnt=317289) 0x77684cac
access-list vLan-Rede-Ingenico-V4_access_in line 3 extended permit tcp object CenterCell-Rede-V4 any eq www (hitcnt=87703) 0x748fa910
access-list vLan-Rede-Ingenico-V4_access_in line 3 extended permit tcp 172.16.0.0 255.255.255.192 any eq www (hitcnt=87703) 0x748fa910
access-list vLan-Rede-Ingenico-V4_access_in line 4 extended permit tcp object CenterCell-Rede-V4 eq telnet any eq telnet (hitcnt=0) 0x81f4cd44
access-list vLan-Rede-Ingenico-V4_access_in line 4 extended permit tcp 172.16.0.0 255.255.255.192 eq telnet any eq telnet (hitcnt=0) 0x81f4cd44
access-list vLan-Rede-Test-Labs_access_in; 6 elements; name hash: 0x2cdd04c9
access-list vLan-Rede-Test-Labs_access_in line 1 extended permit object-group DM_INLINE_SERVICE_2 object CenterCell-Rede-Lab-Teste any inactive (hitcnt=2) (inactive) 0xd9779cd6
access-list vLan-Rede-Test-Labs_access_in line 1 extended permit tcp 192.168.249.0 255.255.255.0 any eq domain inactive (hitcnt=2) (inactive) 0x2df7d0be
access-list vLan-Rede-Test-Labs_access_in line 1 extended permit udp 192.168.249.0 255.255.255.0 any eq domain inactive (hitcnt=269021) (inactive) 0xa728385a
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp object CenterCell-Rede-Lab-Teste object-group DM_INLINE_NETWORK_4 eq www inactive (hitcnt=0) (inactive) 0x987c1805
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 187.32.195.100 eq www inactive (hitcnt=0) (inactive) 0xf007a093
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 187.32.195.98 eq www inactive (hitcnt=858) (inactive) 0x3a5a9d03
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 200.211.35.35 eq www inactive (hitcnt=301) (inactive) 0x2aa72ff4
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 200.211.35.36 eq www inactive (hitcnt=0) (inactive) 0xcafc82ec
access-list vLan-Rede-Achi_access_in; 7 elements; name hash: 0xbf0938dc
access-list vLan-Rede-Achi_access_in line 1 extended permit tcp object CenterCell-Rede-Achi any eq https (hitcnt=704134) 0x63b0ff06
access-list vLan-Rede-Achi_access_in line 1 extended permit tcp 192.168.248.0 255.255.255.224 any eq https (hitcnt=704134) 0x63b0ff06
access-list vLan-Rede-Achi_access_in line 2 extended permit tcp object CenterCell-Rede-Achi any eq www (hitcnt=259951) 0xbb24210c
access-list vLan-Rede-Achi_access_in line 2 extended permit tcp 192.168.248.0 255.255.255.224 any eq www (hitcnt=259951) 0xbb24210c
access-list vLan-Rede-Achi_access_in line 3 extended permit object-group DM_INLINE_SERVICE_3 object CenterCell-Rede-Achi any (hitcnt=2095) 0x607fbb2e
access-list vLan-Rede-Achi_access_in line 3 extended permit tcp 192.168.248.0 255.255.255.224 any eq domain (hitcnt=2095) 0x967f632d
access-list vLan-Rede-Achi_access_in line 3 extended permit udp 192.168.248.0 255.255.255.224 any eq domain (hitcnt=838460) 0xb9865d10
access-list vLan-Rede-Achi_access_in line 4 extended permit udp object CenterCell-Rede-Achi any eq ntp (hitcnt=9969) 0x0e9f117b
access-list vLan-Rede-Achi_access_in line 4 extended permit udp 192.168.248.0 255.255.255.224 any eq ntp (hitcnt=9969) 0x0e9f117b
access-list vLan-Rede-Achi_access_in line 5 extended permit udp object CenterCell-Rede-Achi any eq snmp (hitcnt=211) 0x465c0eb1
access-list vLan-Rede-Achi_access_in line 5 extended permit udp 192.168.248.0 255.255.255.224 any eq snmp (hitcnt=211) 0x465c0eb1
access-list vLan-Rede-Achi_access_in line 6 extended permit tcp object CenterCell-Rede-Achi any eq 8080 (hitcnt=55) 0xa6b065ce
access-list vLan-Rede-Achi_access_in line 6 extended permit tcp 192.168.248.0 255.255.255.224 any eq 8080 (hitcnt=55) 0xa6b065ce
access-list vLan-Algar_access_in; 5 elements; name hash: 0xdf91854e
access-list vLan-Algar_access_in line 1 remark Acesso NobreakAPC 10KVA
access-list vLan-Algar_access_in line 2 extended permit tcp any any eq 8010 (hitcnt=0) 0xe3e0f98a
access-list vLan-Algar_access_in line 3 remark Acesso HTTP
access-list vLan-Algar_access_in line 4 extended permit tcp any any eq www (hitcnt=16417) 0xa3cb55ec
access-list vLan-Algar_access_in line 5 remark Acesso RDP Weslley-VM
access-list vLan-Algar_access_in line 6 extended permit object RDP any any (hitcnt=6389) 0xcd8ebea8
access-list vLan-Algar_access_in line 6 extended permit tcp any any eq 3389 (hitcnt=6389) 0xcd8ebea8
access-list vLan-Algar_access_in line 7 remark Acesso ICMP
access-list vLan-Algar_access_in line 8 extended permit icmp any any (hitcnt=317) 0xd6934108
access-list vLan-Algar_access_in line 9 remark Acesso FTP
access-list vLan-Algar_access_in line 10 extended permit tcp any any eq ftp (hitcnt=43) 0x57249677
access-list vLan-Embratel_access_in; 11 elements; name hash: 0xab104256
access-list vLan-Embratel_access_in line 1 remark Acesso FTP
access-list vLan-Embratel_access_in line 2 extended permit tcp any any eq ftp (hitcnt=760) 0xc974b599
access-list vLan-Embratel_access_in line 3 remark Acesso RDP Weslley-VM
access-list vLan-Embratel_access_in line 4 extended permit object RDP any any (hitcnt=173) 0xc485fc78
access-list vLan-Embratel_access_in line 4 extended permit tcp any any eq 3389 (hitcnt=173) 0xc485fc78
access-list vLan-Embratel_access_in line 5 remark Acesso SQL Server Wsystem
access-list vLan-Embratel_access_in line 6 extended permit tcp any any object-group PORT-SQL-SERVER-WSYSTEM (hitcnt=19) 0x92db9b9b
access-list vLan-Embratel_access_in line 6 extended permit tcp any any eq 61496 (hitcnt=19) 0xae75a050
access-list vLan-Embratel_access_in line 7 remark Acesso Microsiga Externo Homologação
access-list vLan-Embratel_access_in line 8 extended permit tcp any any object-group PORT-MICROSIGA-EXTERNO-HOMOLOGACAO (hitcnt=9) 0xb8ba6964
access-list vLan-Embratel_access_in line 8 extended permit tcp any any eq 19970 (hitcnt=9) 0x9ab92ef9
access-list vLan-Embratel_access_in line 9 remark Acesso Microsiga Externo Produção
access-list vLan-Embratel_access_in line 10 extended permit tcp any any object-group PORT-MICROSIGA-EXTERNO-PRODUCAO (hitcnt=14) 0xdd621a7a
access-list vLan-Embratel_access_in line 10 extended permit tcp any any eq 10072 (hitcnt=14) 0xa524f367
access-list vLan-Embratel_access_in line 11 remark Acesso SQL Server base produção Ingenico State
access-list vLan-Embratel_access_in line 12 extended permit tcp object Ingenico-Firewall-Sorocaba any object-group PORT-SQL-SERVER-INGENICO-STATE (hitcnt=2043) 0x1389f848
access-list vLan-Embratel_access_in line 12 extended permit tcp range 200.178.111.145 200.178.111.149 any eq 64677 (hitcnt=2043) 0x072da080
access-list vLan-Embratel_access_in line 13 remark Acesso HTTP
access-list vLan-Embratel_access_in line 14 extended permit tcp any any eq www (hitcnt=44571) 0x8cf665e6
access-list vLan-Embratel_access_in line 15 remark Acesso NobreakAPC 10KVA
access-list vLan-Embratel_access_in line 16 extended permit tcp any any eq 8010 (hitcnt=6) 0x6941039f
access-list vLan-Embratel_access_in line 17 remark Acesso ICMP
access-list vLan-Embratel_access_in line 18 extended permit icmp any any (hitcnt=30144) 0x46ba0758
access-list Vlan-Rede-Local_access_in; 2 elements; name hash: 0x258ee3db
access-list Vlan-Rede-Local_access_in line 1 extended deny tcp any any eq smtp (hitcnt=30394) 0xb0af163b
access-list Vlan-Rede-Local_access_in line 2 extended permit ip any any (hitcnt=2421934) 0x1d84df98
access-list vLan-Rede-ControleAcesso_access_in; 7 elements; name hash: 0xa6edce4b
access-list vLan-Rede-ControleAcesso_access_in line 1 extended deny tcp any any eq smtp (hitcnt=0) 0xb29a4aab
access-list vLan-Rede-ControleAcesso_access_in line 2 extended permit icmp object CenterCell-Rede-ControleAcesso any (hitcnt=2554) 0xb9aa6de5
access-list vLan-Rede-ControleAcesso_access_in line 2 extended permit icmp 192.168.250.0 255.255.255.192 any (hitcnt=2554) 0xb9aa6de5
access-list vLan-Rede-ControleAcesso_access_in line 3 extended permit tcp object CenterCell-Rede-ControleAcesso any object-group DM_INLINE_TCP_1 inactive (hitcnt=69) (inactive) 0x0147c10e
access-list vLan-Rede-ControleAcesso_access_in line 3 extended permit tcp 192.168.250.0 255.255.255.192 any eq www inactive (hitcnt=69) (inactive) 0x31b14cee
access-list vLan-Rede-ControleAcesso_access_in line 3 extended permit tcp 192.168.250.0 255.255.255.192 any eq https inactive (hitcnt=241) (inactive) 0x87745058
access-list vLan-Rede-ControleAcesso_access_in line 4 extended permit udp object CenterCell-Rede-ControleAcesso any eq ntp (hitcnt=0) 0x548838b8
access-list vLan-Rede-ControleAcesso_access_in line 4 extended permit udp 192.168.250.0 255.255.255.192 any eq ntp (hitcnt=0) 0x548838b8
access-list vLan-Rede-ControleAcesso_access_in line 5 extended permit object-group DM_INLINE_SERVICE_4 object CenterCell-Rede-ControleAcesso any (hitcnt=9) 0x22a6f1c3
access-list vLan-Rede-ControleAcesso_access_in line 5 extended permit tcp 192.168.250.0 255.255.255.192 any eq domain (hitcnt=9) 0xdd779579
access-list vLan-Rede-ControleAcesso_access_in line 5 extended permit udp 192.168.250.0 255.255.255.192 any eq domain (hitcnt=31231) 0x8963cd03
access-list vLan-Rede-Local_access_in; 20 elements; name hash: 0x428fe5b7
access-list vLan-Rede-Local_access_in line 1 extended deny tcp any any eq smtp (hitcnt=27105) 0xba047cfa
access-list vLan-Rede-Local_access_in line 2 extended permit ip object CenterCell-Rede-Servidores any (hitcnt=33015205) 0xfac74208
access-list vLan-Rede-Local_access_in line 2 extended permit ip range 192.168.0.1 192.168.0.200 any (hitcnt=33015205) 0xfac74208
access-list vLan-Rede-Local_access_in line 3 extended permit ip object CenterCell-Rede-IpsLiberadosInternet any (hitcnt=119931) 0xb1903567
access-list vLan-Rede-Local_access_in line 3 extended permit ip host 192.168.4.112 any (hitcnt=119931) 0xb1903567
access-list vLan-Rede-Local_access_in line 4 extended deny ip any object-group Bloqueio-Rede-Social inactive (hitcnt=0) (inactive) 0x8f635da6
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn youtube.com (unresolved) inactive (inactive) 0xaf02b15b
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn facebook.com (unresolved) inactive (inactive) 0xb680862b
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn instagram.com (unresolved) inactive (inactive) 0x88a689d6
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn twitter.com (unresolved) inactive (inactive) 0x7856cdd2
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn twitter.com.br (unresolved) inactive (inactive) 0x4335c3e7
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn pt-br.facebook.com (unresolved) inactive (inactive) 0x316d1c6d
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn msn.com (unresolved) inactive (inactive) 0x86a20b4c
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn www.msn.com (unresolved) inactive (inactive) 0x5b72dba3
access-list vLan-Embratel_cryptomap_1; 4 elements; name hash: 0x2555b818
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_5 (hitcnt=0) 0x78b09523
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x147e4864
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0x6b76ea27
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0xb43c00ad
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0x07933175
access-list vLan-Rede-Samsung-Npc_access_in; 5 elements; name hash: 0x57b8f907
access-list vLan-Rede-Samsung-Npc_access_in line 1 extended permit object-group TCPUDP object CenterCell-Rede-Samsung-Npc any eq domain (hitcnt=0) 0x1ba4a67f
access-list vLan-Rede-Samsung-Npc_access_in line 1 extended permit udp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=0) 0x4479a369
access-list vLan-Rede-Samsung-Npc_access_in line 1 extended permit tcp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=0) 0xef731cdc
access-list vLan-Rede-Samsung-Npc_access_in line 2 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq www (hitcnt=0) 0xca162c6b
access-list vLan-Rede-Samsung-Npc_access_in line 2 extended permit tcp 192.168.247.0 255.255.255.0 any eq www (hitcnt=0) 0xca162c6b
access-list vLan-Rede-Samsung-Npc_access_in line 3 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq https (hitcnt=0) 0x66ad56f5
access-list vLan-Rede-Samsung-Npc_access_in line 3 extended permit tcp 192.168.247.0 255.255.255.0 any eq https (hitcnt=0) 0x66ad56f5
access-list vLan-Rede-Samsung-Npc_access_in line 4 extended deny ip object CenterCell-Rede-Samsung-Npc any (hitcnt=0) 0x579fcd04
access-list vLan-Rede-Samsung-Npc_access_in line 4 extended deny ip 192.168.247.0 255.255.255.0 any (hitcnt=0) 0x579fcd04
access-list vLan-Embratel_cryptomap; 4 elements; name hash: 0xb8a59dd2
access-list vLan-Embratel_cryptomap line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_5 (hitcnt=2473) 0xd3309f17
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=2473) 0x7d5a80a9
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0xe2fe31af
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0x0957fdd8
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=3038) 0x1288d83f
access-list vLan-Embratel_cryptomap_3; 4 elements; name hash: 0xd5fa343a
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_6 (hitcnt=0) 0x2d43eb0d
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x4fbf36b1
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0x72a17e73
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0xc052d39e
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0xb97ca179
access-list vLan-Rede-Samsung-Npc_access_in_1; 70 elements; name hash: 0xfdf9c6f8
access-list vLan-Rede-Samsung-Npc_access_in_1 line 1 extended deny tcp any any eq smtp (hitcnt=0) 0xeb039216
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp object CenterCell-Rede-Samsung-Npc object-group Bloqueio-Rede-Social object-group DM_INLINE_TCP_2 inactive (hitcnt=0) (inactive) 0xb2ce9f02
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn youtube.com (unresolved) eq www inactive (inactive) 0xb96c5968
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn youtube.com (unresolved) eq https inactive (inactive) 0x010024fe
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn facebook.com (unresolved) eq www inactive (inactive) 0x59332486
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn facebook.com (unresolved) eq https inactive (inactive) 0x8dbba709
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn instagram.com (unresolved) eq www inactive (inactive) 0x53262283
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn instagram.com (unresolved) eq https inactive (inactive) 0xa71d8769
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com (unresolved) eq www inactive (inactive) 0xcd947afa
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com (unresolved) eq https inactive (inactive) 0xe91c3fa9
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com.br (unresolved) eq www inactive (inactive) 0xf87dd804
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com.br (unresolved) eq https inactive (inactive) 0xa78917d2
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn pt-br.facebook.com (unresolved) eq www inactive (inactive) 0xcc939d2a
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn pt-br.facebook.com (unresolved) eq https inactive (inactive) 0x9b675651
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn msn.com (unresolved) eq www inactive (inactive) 0xca2c54c1
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn msn.com (unresolved) eq https inactive (inactive) 0x77fe1499
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn www.msn.com (unresolved) eq www inactive (inactive) 0x4399813d
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn www.msn.com (unresolved) eq https inactive (inactive) 0x96566e1c
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp object CenterCell-Rede-Samsung-Npc object-group Rede-Samsung-Npc-Sites-Liberados eq https (hitcnt=0) 0x70c0eca3
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn microsoft.com (resolved) eq https 0x94edafdb
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.microsoft.com (resolved) eq https 0x93d83807
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.windowsupdate.com (resolved) eq https 0xca252989
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn update.microsoft.com (resolved) eq https 0x18f5534f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn windowsupdate.com (unresolved) eq https (inactive) 0xbfdea36d
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 191.239.213.197 (microsoft.com) eq https (hitcnt=0) 0x25f5e6b5
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 104.40.211.35 (microsoft.com) eq https (hitcnt=0) 0x3035ecae
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 104.43.195.251 (microsoft.com) eq https (hitcnt=0) 0x85d36ddc
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 23.100.122.175 (microsoft.com) eq https (hitcnt=0) 0x9847eb71
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 23.96.52.53 (microsoft.com) eq https (hitcnt=0) 0x43fa8f62
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 23.216.194.33 (download.microsoft.com) eq https (hitcnt=0) 0xfed0a97e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 65.55.50.157 (update.microsoft.com) eq https (hitcnt=0) 0xf220d1f8
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 134.170.58.221 (update.microsoft.com) eq https (hitcnt=0) 0x84068396
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.120 (download.windowsupdate.com) eq https (hitcnt=0) 0x05de8b43
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x9dbcbf04
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x79ff1b20
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.120 (download.windowsupdate.com) eq https (hitcnt=0) 0xe2492298
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x3e2718ef
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.120 (download.windowsupdate.com) eq https (hitcnt=0) 0x8aff028b
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x7390514d
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 157.55.240.94 (update.microsoft.com) eq https (hitcnt=0) 0x9c81da66
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.120 (download.windowsupdate.com) eq https (hitcnt=0) 0x7a919794
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.34 (download.windowsupdate.com) eq https (hitcnt=0) 0x65efb7ab
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.24 (download.windowsupdate.com) eq https (hitcnt=0) 0xfd714559
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp object CenterCell-Rede-Samsung-Npc object-group Rede-Samsung-Npc-Sites-Liberados eq www (hitcnt=6) 0x7c25de6b
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn microsoft.com (resolved) eq www 0xfcc96980
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.microsoft.com (resolved) eq www 0x10baec41
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.windowsupdate.com (resolved) eq www 0x7bfd4529
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn update.microsoft.com (resolved) eq www 0x886907a4
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn windowsupdate.com (unresolved) eq www (inactive) 0xf63a574e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 191.239.213.197 (microsoft.com) eq www (hitcnt=0) 0xe408fb43
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 104.40.211.35 (microsoft.com) eq www (hitcnt=0) 0xee736369
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 104.43.195.251 (microsoft.com) eq www (hitcnt=0) 0x13074a7e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 23.100.122.175 (microsoft.com) eq www (hitcnt=0) 0x36414159
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 23.96.52.53 (microsoft.com) eq www (hitcnt=0) 0x11c29f84
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 23.216.194.33 (download.microsoft.com) eq www (hitcnt=0) 0x94ffc551
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 65.55.50.157 (update.microsoft.com) eq www (hitcnt=0) 0x9f5cb3f9
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 134.170.58.221 (update.microsoft.com) eq www (hitcnt=0) 0xb21aa9c8
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.120 (download.windowsupdate.com) eq www (hitcnt=0) 0x3ba85356
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.121 (download.windowsupdate.com) eq www (hitcnt=0) 0x3b4feafc
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.121 (download.windowsupdate.com) eq www (hitcnt=0) 0xaca3f491
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.120 (download.windowsupdate.com) eq www (hitcnt=0) 0xf4de2ee0
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.121 (download.windowsupdate.com) eq www (hitcnt=3) 0x5a50105f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.120 (download.windowsupdate.com) eq www (hitcnt=0) 0xf9983476
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.121 (download.windowsupdate.com) eq www (hitcnt=0) 0x99c92254
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 157.55.240.94 (update.microsoft.com) eq www (hitcnt=0) 0x815d1d64
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.120 (download.windowsupdate.com) eq www (hitcnt=0) 0x9dd34b97
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.34 (download.windowsupdate.com) eq www (hitcnt=3) 0xfcd59014
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.24 (download.windowsupdate.com) eq www (hitcnt=0) 0x9614fe5e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 5 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq www (hitcnt=132413) 0x90e11e0f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 5 extended permit tcp 192.168.247.0 255.255.255.0 any eq www (hitcnt=132413) 0x90e11e0f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 6 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq https (hitcnt=326260) 0x542a0320
access-list vLan-Rede-Samsung-Npc_access_in_1 line 6 extended permit tcp 192.168.247.0 255.255.255.0 any eq https (hitcnt=326260) 0x542a0320
access-list vLan-Rede-Samsung-Npc_access_in_1 line 7 extended permit object-group TCPUDP object CenterCell-Rede-Samsung-Npc any eq domain (hitcnt=183105) 0x0ccfd831
access-list vLan-Rede-Samsung-Npc_access_in_1 line 7 extended permit udp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=183105) 0x00138e7e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 7 extended permit tcp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=1) 0x735fa5e0
access-list vLan-Rede-Samsung-Npc_access_in_1 line 8 extended permit ip object CenterCell-Rede-Samsung-Npc any (hitcnt=238306) 0xdd04eb58
access-list vLan-Rede-Samsung-Npc_access_in_1 line 8 extended permit ip 192.168.247.0 255.255.255.0 any (hitcnt=238306) 0xdd04eb58
access-list vLan-Embratel_cryptomap_5; 4 elements; name hash: 0x23abeffb
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_2 (hitcnt=2759) 0x737f6f35
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=2218) 0x53ef6cc8
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0xfd640fb6
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0xa43f02c6
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=817) 0x2f69c6d1
access-list vLan-Algar_mpc; 1 elements; name hash: 0x930f3b95
access-list vLan-Algar_mpc line 1 extended permit tcp any any eq www (hitcnt=0) 0x4e55b5db
access-list vLan-Algar_mpc_1; 1 elements; name hash: 0x793c4bca
access-list vLan-Algar_mpc_1 line 1 extended permit tcp any any eq www (hitcnt=0) 0xe083ba19



Result of the command: "packet-tracer input vLan-Embratel tcp 8.8.8.8 34567 200.211.35.36 80 detail"

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc46dcb0, priority=1, domain=permit, deny=false
hits=3653137805, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=vLan-Embratel, output_ifc=any

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp www www
Additional Information:
NAT divert to egress interface vLan-Rede-Local
Untranslate 200.211.35.36/80 to 192.168.0.19/80

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group vLan-Embratel_access_in in interface vLan-Embratel
access-list vLan-Embratel_access_in extended permit tcp any any eq www
access-list vLan-Embratel_access_in remark Acesso NobreakAPC 10KVA
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc90b0280, priority=13, domain=permit, deny=false
hits=44582, user_data=0xca2cd530, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37351847, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc473ab0, priority=0, domain=inspect-ip-options, deny=true
hits=60053651, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map global-class
match default-inspection-traffic
policy-map global-policy
class global-class
inspect http
service-policy global-policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcce10770, priority=70, domain=inspect-http, deny=false
hits=456919, user_data=0xcce0bc70, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 7
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xccd6fae0, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=1383991, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp www www
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcd66ae78, priority=6, domain=nat-reverse, deny=false
hits=40012, user_data=0xcd0a2230, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=192.168.0.19, mask=255.255.255.255, port=80, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=vLan-Rede-Local

Phase: 9
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcbc1fe48, priority=0, domain=user-statistics, deny=false
hits=46630553, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Rede-Local

Phase: 10
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37351849, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 11
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xcd49c598, priority=0, domain=inspect-ip-options, deny=true
hits=49620135, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Rede-Local, output_ifc=any

Phase: 12
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0xcce1ba50, priority=0, domain=user-statistics, deny=false
hits=59289893, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Embratel

Phase: 13
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 67774758, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Result:
input-interface: vLan-Embratel
input-status: up
input-line-status: up
output-interface: vLan-Rede-Local
output-status: up
output-line-status: up
Action: allow



Obrigado pela ajuda.

Jorge Garcia qua, 05/31/2017 - 13:26
User Badges:
  • Cisco Employee,

Oi Weslley,


Obrigado pela informação! Nos outputs que voce me enviou estou vendo que o aceso pela interfaz vLan-Embratel esta certinha e eu acho que essa e a interfaz 1 e esta funcionando corretamente, certo? Agora vou precisar o mesmo comando de "packet-tracer" que voce executo mais agora pela interfaz 2 que estou vendo que e a vLan-Algar, nao e isso? O comando ficaria da seguinte forma:


packet-tracer input vLan-Algar tcp 8.8.8.8 34567 <ip_address_of_Algars_interface> 80 detail



Fico no aguardo,

Atenciosamente,


Osvaldo G.

weslley.revnei qui, 06/01/2017 - 03:57
User Badges:

Olá Osvaldo,


Isso mesmo, a interface vLan-Embratel funciona normalmente.

O problema é o acesso na vLan-Algar. 

Pode ser problema de rota? fiz um teste aqui. Se eu alterar a rota default para vLan-Algar, o acesso fica normal mas a vLan-Embratel fica sem acesso. e se voltar a rota default para vLan-Embratel. volta o acesso normal a vLan e a vLan-Algar fica fora 



Baixo o output do packet-tracer

Result of the command: "packet-tracer input vLan-Algar tcp 8.8.8.8 34567 187.32.195.100 80 detail"

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc4965b8, priority=1, domain=permit, deny=false
hits=135080998, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=vLan-Algar, output_ifc=any

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp www www
Additional Information:
NAT divert to egress interface vLan-Rede-Local
Untranslate 187.32.195.100/80 to 192.168.0.19/80

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group vLan-Algar_access_in in interface vLan-Algar
access-list vLan-Algar_access_in extended permit tcp any any eq www
access-list vLan-Algar_access_in remark Acesso RDP Weslley-VM
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcd1a48a8, priority=13, domain=permit, deny=false
hits=16469, user_data=0xca2cd670, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37958844, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc49c4e0, priority=0, domain=inspect-ip-options, deny=true
hits=2249503, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map global-class
match default-inspection-traffic
policy-map global-policy
class global-class
inspect http
service-policy global-policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcce113f8, priority=70, domain=inspect-http, deny=false
hits=15860, user_data=0xcce0bc70, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 7
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xccd3a338, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=15224, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp www www
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcd1474f0, priority=6, domain=nat-reverse, deny=false
hits=676, user_data=0xcd25fc88, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=192.168.0.19, mask=255.255.255.255, port=80, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=vLan-Rede-Local

Phase: 9
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcbc1fe48, priority=0, domain=user-statistics, deny=false
hits=47639726, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Rede-Local

Phase: 10
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37958846, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 11
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xcd49c598, priority=0, domain=inspect-ip-options, deny=true
hits=51018514, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Rede-Local, output_ifc=any

Phase: 12
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0xcce1c4f8, priority=0, domain=user-statistics, deny=false
hits=2242392, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Algar

Phase: 13
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 69634942, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Result:
input-interface: vLan-Algar
input-status: up
input-line-status: up
output-interface: vLan-Rede-Local
output-status: up
output-line-status: up
Action: allow


Obrigado.

Jorge Garcia qui, 06/01/2017 - 07:40
User Badges:
  • Cisco Employee,

Oi Weslley,


Obrigado pela informação! Isso mesmo, amigo. O que acontece e o seguinte: 


1. Um usuario na Internet envía uma petição para o server utilizando o endereço do link secundario (vLan-Algar) 


2. O ASA recebe e envia para o server interno pela interfaz vLan-Rede-Local


3. O server responde a petição de volta para o ASA


4. Quando o ASA recebe, ele procesa, e procura onde fica o host de destino


5. Como é um usuario na Internet, ele nao vai ter uma entrada especifica para este host, então vai utilizar a rota de default, mas a rota de default é pelo link primario. 


6. O ASA envia o pacote utilizando com o source o endereço da interfaz vLan-Embratel


7. O pacote chega ate o usuario mas ele nao vai procesar porque ele nao envio o pacote com esse endereço, então o pacote é dropado pelo host.




Uma das coisas que voce podería fazer e utilizar a interfaz a vLan-Algar so como backup link para enviar o trafego se a interfaz vLan-Embratel falha:


http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-securi...




Tomara que esta informação seja de ajuda.

Atenciosamente,


Osvaldo G.

weslley.revnei dom, 06/04/2017 - 10:20
User Badges:

Olá Osvaldo,

Entendi, trabalharia como link de redundância a vLan-Algar.

Você vê outra maneira dos dois links trabalharem como primário?

Minha preocupação de direcionar o fluxo somente pela vLan-Embratel, é se houver falhar do link, caso isso aconteça, meus servições de HTTP, FTP entre outros ficaram indisponível. 

O que você me recomenda?


Obrigado.

Ações

This Discussion