MGAFASA5505(config)# sh run : Saved : ASA Version 7.2(4) ! hostname MGAFASA5505 names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.2.2 255.255.255.252 ! interface Vlan2 nameif outside security-level 0 ip address 192.168.103.1 255.255.255.0 ! interface Ethernet0/0 ! interface Ethernet0/1 switchport access vlan 2 shutdown ! interface Ethernet0/2 switchport access vlan 2 shutdown ! interface Ethernet0/3 switchport access vlan 2 shutdown ! interface Ethernet0/4 switchport access vlan 2 shutdown ! interface Ethernet0/5 switchport access vlan 2 shutdown ! interface Ethernet0/6 switchport access vlan 2 ! interface Ethernet0/7 switchport access vlan 2 ! banner motd begin your secure session. ftp mode passive clock timezone MST -7 dns server-group DefaultDNS pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 route inside 0.0.0.0 0.0.0.0 192.168.2.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute aaa-server AuthInbound protocol tacacs+ reactivation-mode depletion deadtime 20 max-failed-attempts 2 aaa-server AuthInbound (inside) host 192.168.100.21 key pvngs aaa-server AuthInbound (inside) host 192.168.101.21 key pvngs aaa authentication ssh console AuthInbound LOCAL aaa authentication enable console AuthInbound LOCAL http server enable http 192.168.110.0 255.255.255.0 inside http 192.168.101.0 255.255.255.0 inside http 192.168.100.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh 192.168.100.0 255.255.255.255 inside ssh 192.168.101.0 255.255.255.255 inside ssh 192.168.110.0 255.255.255.255 inside ssh timeout 30 console timeout 0 ! prompt hostname context Cryptochecksum:cec91b7033c6df035435715bc5cbf4a2 : end MGAFASA5505(config)# MGAFASA5505(config)# MGAFASA5505(config)# ping 192.168.1 2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: ????? Success rate is 0 percent (0/5) MGAFASA5505(config)# sh run : Saved : ASA Version 7.2(4) ! hostname MGAFASA5505 domain-name arinc.com enable password qzpr1.y3wPdNlcyH encrypted passwd qzpr1.y3wPdNlcyH encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.2.2 255.255.255.252 ! interface Vlan2 nameif outside security-level 0 ip address 192.168.103.1 255.255.255.0 ! interface Ethernet0/0 ! interface Ethernet0/1 switchport access vlan 2 shutdown ! MGAFASA5505(config)# MGAFASA5505(config)# sh run : Saved : ASA Version 7.2(4) ! hostname MGAFASA5505 domain-name arinc.com enable password qzpr1.y3wPdNlcyH encrypted passwd qzpr1.y3wPdNlcyH encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.2.2 255.255.255.252 ! interface Vlan2 nameif outside security-level 0 ip address 192.168.103.1 255.255.255.0 ! interface Ethernet0/0 ! interface Ethernet0/1 switchport access vlan 2 shutdown ! interface Ethernet0/2 switchport access vlan 2 shutdown ! interface Ethernet0/3 switchport access vlan 2 shutdown ! interface Ethernet0/4 switchport access vlan 2 shutdown ! interface Ethernet0/5 switchport access vlan 2 shutdown ! interface Ethernet0/6 switchport access vlan 2 ! interface Ethernet0/7 switchport access vlan 2 ! banner motd WARNING: This computer system may only be accessed by authorized users. banner motd Access and use of this computer system by anyone without the express banner motd authorization of Pinnacle West Capital Corporation or one of its banner motd subsidiaries is strictly prohibited. Use of this computer system is banner motd limited to those activities allowed by Pinnacle West. All infomration banner motd placed and stored on this system is owned by Pinnacle West and may be banner motd reviewed, copied and/or deleted at anytime. The use of this computer banner motd system is routinely monitored and recorded. Anyone accessing this system banner motd expressly consents to such monitoring and waives any right to persona banner motd privacy with respect to the information herein, including electronic mail. banner motd For further information, see Corporate Policy No. 54, entitled "Electronic banner motd Information Security Management" and No. 58, entitled "Internet Use." By banner motd continuing to use this computing system, the user acknowledges that he banner motd or she has read and understands the above information. Please sign in to banner motd begin your secure session. ftp mode passive clock timezone MST -7 dns server-group DefaultDNS domain-name arinc.com pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 route inside 0.0.0.0 0.0.0.0 192.168.2.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute aaa-server AuthInbound protocol tacacs+ reactivation-mode depletion deadtime 20 max-failed-attempts 2 aaa-server AuthInbound (inside) host 192.168.100.21 key pvngs aaa-server AuthInbound (inside) host 192.168.101.21 key pvngs aaa authentication ssh console AuthInbound LOCAL aaa authentication enable console AuthInbound LOCAL http server enable http 192.168.110.0 255.255.255.0 inside http 192.168.101.0 255.255.255.0 inside http 192.168.100.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh 192.168.100.0 255.255.255.255 inside ssh 192.168.101.0 255.255.255.255 inside ssh 192.168.110.0 255.255.255.255 inside ssh timeout 30 console timeout 0 username arinc password pnK.6xvcw5vT8ZcS encrypted privilege 15 ! ! prompt hostname context Cryptochecksum:cec91b7033c6df035435715bc5cbf4a2 : end MGAFASA5505(config)# sh run : Saved : ASA Version 7.2(4) ! hostname MGAFASA5505 domain-name arinc.com enable password qzpr1.y3wPdNlcyH encrypted passwd qzpr1.y3wPdNlcyH encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.2.2 255.255.255.252 ! interface Vlan2 nameif outside security-level 0 ip address 192.168.103.1 255.255.255.0 ! interface Ethernet0/0 ! interface Ethernet0/1 switchport access vlan 2 shutdown ! interface Ethernet0/2 switchport access vlan 2 shutdown ! interface Ethernet0/3 switchport access vlan 2 shutdown ! interface Ethernet0/4 switchport access vlan 2 shutdown ! interface Ethernet0/5 switchport access vlan 2 shutdown ! interface Ethernet0/6 switchport access vlan 2 ! interface Ethernet0/7 switchport access vlan 2 ! banner motd WARNING: This computer system may only be accessed by authorized users. banner motd Access and use of this computer system by anyone without the express banner motd authorization of Pinnacle West Capital Corporation or one of its banner motd subsidiaries is strictly prohibited. Use of this computer system is banner motd limited to those activities allowed by Pinnacle West. All infomration banner motd placed and stored on this system is owned by Pinnacle West and may be banner motd reviewed, copied and/or deleted at anytime. The use of this computer banner motd system is routinely monitored and recorded. Anyone accessing this system banner motd expressly consents to such monitoring and waives any right to persona banner motd privacy with respect to the information herein, including electronic mail. banner motd For further information, see Corporate Policy No. 54, entitled "Electronic banner motd Information Security Management" and No. 58, entitled "Internet Use." By banner motd continuing to use this computing system, the user acknowledges that he banner motd or she has read and understands the above information. Please sign in to banner motd begin your secure session. ftp mode passive clock timezone MST -7 dns server-group DefaultDNS domain-name arinc.com pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 route inside 0.0.0.0 0.0.0.0 192.168.2.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute aaa-server AuthInbound protocol tacacs+ reactivation-mode depletion deadtime 20 max-failed-attempts 2 aaa-server AuthInbound (inside) host 192.168.100.21 key pvngs aaa-server AuthInbound (inside) host 192.168.101.21 key pvngs aaa authentication ssh console AuthInbound LOCAL aaa authentication enable console AuthInbound LOCAL http server enable http 192.168.110.0 255.255.255.0 inside http 192.168.101.0 255.255.255.0 inside http 192.168.100.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh 192.168.100.0 255.255.255.255 inside ssh 192.168.101.0 255.255.255.255 inside ssh 192.168.110.0 255.255.255.255 inside ssh timeout 30 console timeout 0 username arinc password pnK.6xvcw5vT8ZcS encrypted privilege 15 ! ! prompt hostname context Cryptochecksum:cec91b7033c6df035435715bc5cbf4a2 : end MGAFASA5505(config)# route        sh run : Saved : ASA Version 7.2(4) ! hostname MGAFASA5505 domain-name arinc.com enable password qzpr1.y3wPdNlcyH encrypted passwd qzpr1.y3wPdNlcyH encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.2.2 255.255.255.252 ! interface Vlan2 nameif outside security-level 0 ip address 192.168.103.1 255.255.255.0 ! interface Ethernet0/0 ! interface Ethernet0/1 switchport access vlan 2 shutdown MGAFASA5505(config)# sh ri oute Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.2.1 to network 0.0.0.0 C 127.0.0.0 255.255.255.0 is directly connected, _internal_loopback C 192.168.103.0 255.255.255.0 is directly connected, outside C 192.168.2.0 255.255.255.252 is directly connected, inside S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.2.1, inside MGAFASA5505(config)# U2ASA5510(config)# sh run : Saved : ASA Version 8.0(4) ! hostname U2ASA5510 enable password qzpr1.y3wPdNlcyH encrypted passwd qzpr1.y3wPdNlcyH encrypted names ! interface Ethernet0/0 speed 100 duplex full nameif inside security-level 100 ip address 192.168.100.22 255.255.255.0 ! interface Ethernet0/1 shutdown no nameif no security-level no ip address ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.115 255.255.255.0 management-only ! interface GigabitEthernet1/0 nameif Bldg_F security-level 10 ip address 192.168.2.5 255.255.255.252 ! interface GigabitEthernet1/1 nameif Bldg_MGAF security-level 10 ip address 192.168.2.1 255.255.255.252 ! interface GigabitEthernet1/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! banner motd WARNING: This computer system may only be accessed by authorized users. banner motd Access and use of this computer system by anyone without the express banner motd authorization of Pinnacle West Capital Corporation or one of its banner motd subsidiaries is strictly prohibited. Use of this computer system is banner motd limited to those activities allowed by Pinnacle West. All infomration banner motd placed and stored on this system is owned by Pinnacle West and may be banner motd reviewed, copied and/or deleted at anytime. The use of this computer banner motd system is routinely monitored and recorded. Anyone accessing this system banner motd expressly consents to such monitoring and waives any right to persona banner motd privacy with respect to the information herein, including electronic mail. banner motd For further information, see Corporate Policy No. 54, entitled "Electronic banner motd Information Security Management" and No. 58, entitled "Internet Use." By banner motd continuing to use this computing system, the user acknowledges that he banner motd or she has read and understands the above information. Please sign in to banner motd begin your secure session. ftp mode passive clock timezone MST -7 pager lines 24 logging asdm informational mtu management 1500 mtu inside 1500 mtu Bldg_F 1500 mtu Bldg_MGAF 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-613.bin no asdm history enable arp timeout 14400 route inside 0.0.0.0 0.0.0.0 192.168.100.1 1 route Bldg_F 192.168.102.0 255.255.255.0 192.168.2.6 1 route Bldg_MGAF 192.168.103.0 255.255.255.0 192.168.2.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 U2ASA5510(config)# ping Q 192.168.2.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.6, timeout is 2 seconds: ????? Success rate is 0 percent (0/5) U2ASA5510(config)# BADGEASA5505# BADGEASA5505# BADGEASA5505# conf t  ERROR: % Incomplete command BADGEASA5505# conf t BADGEASA5505(config)# acces BADGEASA5505(config)# access-li BADGEASA5505(config)# access-list ANY ? configure mode commands/options: deny Specify packets to reject extended Configure access policy for IP traffic through the system line Use this to specify line number at which ACE should be entered permit Specify packets to forward remark Specify a comment (remark) for the access-list after this keyword standard Use this to configure policy having destination host or network only webtype Use this to configure WebVPN related policy BADGEASA5505(config)# access-list ANY perm BADGEASA5505(config)# access-list ANY permit any ant BADGEASA5505(config)# access-list ANY permit any ant  BADGEASA5505(config)# access-list ANY permit any an      ip an BADGEASA5505(config)# access-list ANY permit ip any an BADGEASA5505(config)# access-list ANY permit ip any any BADGEASA5505(config)# acc BADGEASA5505(config)# access-g BADGEASA5505(config)# access-group ANY BADGEASA5505(config)# access-group ANY i BADGEASA5505(config)# access-group ANY in ins BADGEASA5505(config)# access-group ANY in insi BADGEASA5505(config)# access-group ANY in insi    ? configure mode commands/options: interface Keyword to specify an interface BADGEASA5505(config)# access-group ANY in insi BADGEASA5505(config)# access-group ANY in inside ^ ERROR: % Invalid input detected at '^' marker. BADGEASA5505(config)# access-group ANY in inside    te BADGEASA5505(config)# access-group ANY in interface in BADGEASA5505(config)# access-group ANY in interface inside BADGEASA5505(config)# U2ASA5510(config)# U2ASA5510(config)# U2ASA5510(config)# ping 192.168.2.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.6, timeout is 2 seconds: ????? Success rate is 0 percent (0/5) U2ASA5510(config)# BADGEASA5505(config)# BADGEASA5505(config)# BADGEASA5505(config)# access-group ANY in interface inside naccess-group ANY in interface inside oaccess-group ANY in interface inside  access-group ANY in interface inside  BADGEASA5505(config)# no access-group ANY in interface inside access-group ANY in interface inside access-group ANY in inside access-group ANY in interface inside access-group ANY in inside access-list ANY permit ip any any naccess-list ANY permit ip any any oaccess-list ANY permit ip any any  access-list ANY permit ip any any  BADGEASA5505(config)# BADGEASA5505(config)# BADGEASA5505(config)# BADGEASA5505(config)# BADGEASA5505(config)# BADGEASA5505(config)# BADGEASA5505(config)#