Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

I want configure secondary WAN on ASA 5510

Hi,

I have 2 redundant ASA 5510  we had ISP1 configured on interface Ethernet 0/0  with interface name outside. We use this WAN ip to access portal in application server.

This WAN ip (ISP1) is sometimes not stable so we configured new ISP WAN on Ethernet 0/3 with the name BACKUP .

I am able to ping the new WAN IP and I can use VPN/ssh to connect local servers however I can't access the application URL over the new WAN IP.

Please help.

Below are the configuration:

:
ASA Version 8.0(2)
!
hostname ACTIVE-SITE1
enable password TBdKmmusfDZ7gglC encrypted
names
name 176.9.42.71 nl.2.pool.ntp.org
name 67.18.187.111 nl.0.pool.ntp.org
name 41.204.120.137 nl.mg.pool.ntp.orgame 41.216.193.18 nl.3.africa.pool.ntp.org
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 217.74.232.15 255.255.255.224
!
interface Ethernet0/1
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 vlan 1
 nameif DB
 security-level 100
 ip address 172.16.151.126 255.255.255.128
!
interface Ethernet0/1.2
 vlan 2
 nameif APP
 security-level 100
 ip address 172.16.152.126 255.255.255.128
!
interface Ethernet0/1.3
 vlan 3
 nameif WEB
 security-level 100
 ip address 172.16.153.126 255.255.255.128
!
interface Ethernet0/1.4
 vlan 4
 nameif ILO
 security-level 100
 ip address 172.16.154.126 255.255.255.128
!
interface Ethernet0/1.5
 vlan 5
 nameif Ops
 security-level 100
 ip address 172.16.155.126 255.255.255.128
!
interface Ethernet0/2
 description LAN/STATE Failover Interface
!
interface Ethernet0/3
 nameif BACKUP
 security-level 0
 ip address 154.66.244.71 255.255.255.192
!
interface Management0/0
 speed 10
 duplex half
 nameif DMZ
 security-level 100
 ip address 10.76.172.201 255.0.0.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone EAT 3
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.4.4
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Mmoney tcp
 port-object eq 8092
 port-object eq 8001
object-group service PG tcp
 port-object eq 8900
 port-object eq 8901
object-group service DM_INLINE_TCP_1 tcp
 group-object Mmoney
 port-object eq www
 port-object eq https
 group-object PG
object-group network DM_INLINE_NETWORK_1
 network-object 172.16.151.0 255.255.255.128
 network-object 172.16.152.0 255.255.255.128
 network-object 172.16.153.0 255.255.255.128
 network-object 172.16.154.0 255.255.255.128
 network-object 172.16.155.0 255.255.255.128
object-group network DM_INLINE_NETWORK_4
 network-object 172.16.151.0 255.255.255.128
 network-object 172.16.152.0 255.255.255.128
object-group network DM_INLINE_NETWORK_5
 network-object 172.16.161.0 255.255.255.128
 network-object 172.16.162.0 255.255.255.128
access-list nationlink_splitTunnelAcl standard permit 172.16.162.0 255.255.255.128
access-list nationlink_splitTunnelAcl_1 standard permit 172.16.152.0 255.255.255.128
access-list nationlink_splitTunnelAcl_4 standard permit 172.16.152.0 255.255.255.128
access-list nationlink_splitTunnelAcl_4 standard permit 10.0.0.0 255.0.0.0
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 10.0.0.0 255.255.255.192
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 10.76.172.0 255.255.255.0
access-list APP_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_5
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 40.40.40.0 255.255.255.192
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 70.70.70.0 255.255.255.128
access-list APP_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 40.40.40.0 255.255.255.192
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 40.40.40.0 255.255.255.0
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list APP_nat0_outbound extended permit ip 172.16.155.0 255.255.255.128 192.168.46.0 255.255.255.0
access-list nationlink_splitTunnelAcl_2 standard permit 172.16.152.0 255.255.255.128
access-list nationlink_splitTunnelAcl_2 standard permit 172.16.151.0 255.255.255.128
access-list nationlink_splitTunnelAcl_2 standard permit 172.16.153.0 255.255.255.128
access-list nationlink_splitTunnelAcl_3 standard permit 172.16.151.0 255.255.255.128
access-list emaal-ilouser_splitTunnelAcl standard permit 172.16.154.0 255.255.255.128
access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp any any eq 6666
access-list outside_access_in extended permit tcp any any eq 7891
access-list outside_access_in extended permit udp any any eq ntp
access-list ILO_nat0_outbound extended permit ip 172.16.154.0 255.255.255.128 10.10.10.0 255.255.255.192
access-list ILO_nat0_outbound extended permit ip 172.16.154.0 255.255.255.128 40.40.40.0 255.255.255.0
access-list ILO_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 40.40.40.0 255.255.255.192
access-list outside_1_cryptomap extended permit ip 172.16.152.0 255.255.255.128 10.76.172.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 172.16.152.0 255.255.255.128 172.16.162.0 255.255.255.128
access-list ILOVLAN4_splitTunnelAcl standard permit 172.16.154.0 255.255.255.128
access-list sanovi-site1_splitTunnelAcl standard permit host 172.16.151.4
access-list DB_nat0_outbound extended permit ip host 172.16.151.4 25.25.25.0 255.255.255.224
access-list P2P extended permit ip 172.16.151.0 255.255.255.128 25.25.25.0 255.255.255.224
access-list P2P extended permit ip 172.16.151.0 255.255.255.128 172.16.161.0 255.255.255.128
access-list P2p_access_in extended permit ip any any
access-list nationlink3_splitTunnelAcl standard permit 172.16.154.0 255.255.255.128
access-list nationlink3_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list cisco_splitTunnelAcl standard permit 172.16.152.0 255.255.255.128
access-list cisco_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list test_splitTunnelAcl standard permit 172.16.152.0 255.255.255.128
access-list nonat extended permit ip 10.76.0.0 255.255.0.0 40.40.40.0 255.255.255.0
access-list nonatDMZ extended permit ip 10.0.0.0 255.0.0.0 40.40.40.0 255.255.255.0
access-list cap extended permit ip host 40.40.40.3 host 10.76.172.63
access-list cap extended permit ip host 10.76.172.63 host 40.40.40.3
access-list cap3 extended permit ip host 172.16.152.4 host 10.76.172.201
access-list cap3 extended permit ip host 10.76.172.201 host 172.16.152.4
access-list cap3 extended permit ip host 10.0.0.2 host 10.76.172.30
access-list cap3 extended permit ip host 10.76.172.30 host 10.0.0.2
access-list cap2 extended permit ip host 172.16.152.4 host 40.40.40.4
access-list cap2 extended permit ip host 40.40.40.4 host 172.16.152.4
access-list test extended permit ip host 172.16.151.4 host 10.76.172.63
access-list test extended permit ip host 10.76.172.63 host 172.16.151.4
access-list test1 extended permit ip host 172.16.152.4 host 10.76.172.63
access-list test1 extended permit ip host 10.76.172.63 host 172.16.152.4
access-list test2 extended permit ip host 172.16.152.4 host 10.76.172.201
access-list test2 extended permit ip host 10.76.172.201 host 172.16.152.4
access-list test3 extended permit ip host 172.16.152.4 host 172.16.151.126
access-list test3 extended permit ip host 172.16.151.126 host 172.16.152.4
access-list Ops_nat0_outbound extended permit ip 172.16.155.0 255.255.255.128 192.168.46.0 255.255.255.0
access-list outside_3_cryptomap extended permit ip 172.16.155.0 255.255.255.128 192.168.46.0 255.255.255.0
access-list NTP extended permit icmp host 172.16.153.3 any
access-list NTP extended permit icmp host 172.16.153.2 any
access-list NTP extended permit icmp host 172.16.153.1 any
access-list NTP extended permit udp host 172.16.153.3 host nl.2.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.2.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.2.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.3 host nl.0.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.0.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.0.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.3 host nl.mg.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.mg.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.mg.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.3 host nl.3.africa.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.3.africa.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.3.africa.pool.ntp.org eq ntp
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu DB 1500
mtu APP 1500
mtu WEB 1500
mtu ILO 1500
mtu Ops 1500
mtu BACKUP 1500
mtu DMZ 1500
ip local pool VPN 10.0.0.2-10.0.0.50 mask 255.255.255.128
ip local pool ilo 10.10.10.2-10.10.10.50 mask 255.255.255.128
ip local pool vpnpool 40.40.40.1-40.40.40.40 mask 255.255.255.0
ip local pool sanovi 25.25.25.2-25.25.25.25 mask 255.255.255.128
ip local pool newVPN 70.70.70.1-70.70.70.70 mask 255.255.0.0
failover
failover lan unit primary
failover lan interface failover Ethernet0/2
failover key *****
failover link failover Ethernet0/2
failover interface ip failover 10.10.10.1 255.255.255.0 standby 10.10.10.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any APP
icmp permit any DMZ
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (BACKUP) 1 interface
nat (DB) 0 access-list P2P
nat (APP) 0 access-list APP_nat0_outbound
nat (WEB) 1 access-list NTP
nat (ILO) 0 access-list ILO_nat0_outbound
nat (DMZ) 0 access-list nonatDMZ
static (WEB,outside) tcp interface https 172.16.153.3 8001 netmask 255.255.255.255  norandomseq
static (APP,outside) tcp interface 8900 172.16.152.7 8900 netmask 255.255.255.255  norandomseq
static (APP,outside) tcp interface 8901 172.16.152.7 8901 netmask 255.255.255.255  norandomseq
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 217.74.232.1 1 track 1
route BACKUP 0.0.0.0 0.0.0.0 154.66.244.65 254
route DMZ 172.16.161.0 255.255.255.0 192.168.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable 444
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 BACKUP
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
 type echo protocol ipIcmpEcho 4.2.2.2 interface outside
 num-packets 3
 frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map mydynamic 10 set transform-set ESP-DES-SHA ESP-DES-MD5 ESP-AES-256-MD5 ESP-AES-256-SHA ESP-AES-192-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 217.74.232.3
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 84.233.182.218
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer 121.241.107.34
crypto map outside_map 3 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map mymap 2 match address outside_2_cryptomap
crypto map mymap 2 set pfs
crypto map mymap 2 set peer 84.233.182.218
crypto map mymap 2 set transform-set ESP-3DES-SHA
crypto map mymap 1000 ipsec-isakmp dynamic mydynamic
crypto map mymap interface BACKUP
crypto isakmp enable outside
crypto isakmp enable BACKUP
crypto isakmp policy 1
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 5
 lifetime 86400
crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
crypto isakmp ipsec-over-tcp port 10000
!
track 1 rtr 123 reachability
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 BACKUP
ssh timeout 60
console timeout 0
management-access DMZ
vpn load-balancing
 interface lbprivate WEB
threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
!
service-policy global_policy global
ntp server nl.2.pool.ntp.org
ntp server nl.mg.pool.ntp.org
ntp server nl.3.africa.pool.ntp.org
ntp server nl.0.pool.ntp.org
group-policy test internal
group-policy test attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value test_splitTunnelAcl
group-policy sanovi-site1 internal
group-policy sanovi-site1 attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value sanovi-site1_splitTunnelAcl
group-policy ILOVLAN4 internal
group-policy ILOVLAN4 attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ILOVLAN4_splitTunnelAcl
group-policy emaal-ilouser internal
group-policy emaal-ilouser attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value emaal-ilouser_splitTunnelAcl
group-policy cisco internal
group-policy cisco attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value cisco_splitTunnelAcl
group-policy nationlink3 internal
group-policy nationlink3 attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value nationlink3_splitTunnelAcl
group-policy nationlink internal
group-policy nationlink attributes
 vpn-simultaneous-logins 50
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value nationlink_splitTunnelAcl_4
username test password P4ttSyrm33SV8TYp encrypted privilege 0
username test attributes
 vpn-group-policy test
username sanovi password yVffc6q4JZU//5xU encrypted privilege 0
username sanovi attributes
 vpn-group-policy sanovi-site1
username admin password SWZ1kF7VOHAXyK10 encrypted privilege 15
username emaal-ilouser password XCE.CqS6nvttZYic encrypted privilege 0
username emaal-ilouser attributes
 vpn-group-policy emaal-ilouser
username cisco123 password ffIRPGpDSOJh9YLq encrypted privilege 0
username cisco123 attributes
 vpn-group-policy cisco
username cisco1 password i675yHjYh7DFdX7e encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username nationlink3 password Q3j4FV4cRow3qzQ6 encrypted privilege 0
username nationlink3 attributes
 vpn-group-policy nationlink3
username nationlinkilo password guj9QBhuRxkKppvA encrypted privilege 0
username nationlinkilo attributes
 vpn-group-policy ILOVLAN4
username nationlink password y/fB7FUObNv4Fjl2 encrypted privilege 0
username nationlink attributes
 vpn-group-policy nationlink
 vpn-access-hours none
 vpn-simultaneous-logins 50
 vpn-idle-timeout none
 vpn-session-timeout none
tunnel-group nationlink type remote-access
tunnel-group nationlink general-attributes
 address-pool VPN
 default-group-policy nationlink
tunnel-group nationlink ipsec-attributes
 pre-shared-key *
tunnel-group 217.74.232.3 type ipsec-l2l
tunnel-group 217.74.232.3 ipsec-attributes
 pre-shared-key *
tunnel-group emaal-ilouser type remote-access
tunnel-group emaal-ilouser general-attributes
 address-pool ilo
 default-group-policy emaal-ilouser
tunnel-group emaal-ilouser ipsec-attributes
 pre-shared-key *
tunnel-group 84.233.182.218 type ipsec-l2l
tunnel-group 84.233.182.218 ipsec-attributes
 pre-shared-key *
tunnel-group ILOVLAN4 type remote-access
tunnel-group ILOVLAN4 general-attributes
 address-pool ilo
 default-group-policy ILOVLAN4
tunnel-group ILOVLAN4 ipsec-attributes
 pre-shared-key *
tunnel-group sanovi-site1 type remote-access
tunnel-group sanovi-site1 general-attributes
 address-pool sanovi
 default-group-policy sanovi-site1
tunnel-group sanovi-site1 ipsec-attributes
 pre-shared-key *
tunnel-group nationlink3 type remote-access
tunnel-group nationlink3 general-attributes
 address-pool vpnpool
 default-group-policy nationlink3
tunnel-group nationlink3 ipsec-attributes
 pre-shared-key *
tunnel-group cisco type remote-access
tunnel-group cisco general-attributes
 address-pool vpnpool
 default-group-policy cisco
tunnel-group cisco ipsec-attributes
 pre-shared-key *
tunnel-group test type remote-access
tunnel-group test general-attributes
 address-pool newVPN
 default-group-policy test
tunnel-group test ipsec-attributes
 pre-shared-key *
tunnel-group 121.241.107.34 type ipsec-l2l
tunnel-group 121.241.107.34 ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:bef76609e6eb18222281f7dc65964ca3
: end

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Hi  , can you you open webex

Hi  ,

 can you you open webex session ?? 

 

Hi Abdul ,On remote session 

Hi Abdul ,

On remote session

  I have updated your NAT config for your Backup Interface , along with that i have applied ACL permitting https traffic  on your BACK up interface.

Here is summary of configuration 

static (WEB,BACKUP) tcp interface https 172.16.153.3 8001 netmask 255.255.255.255  norandomseq

access-group outside_access_in in interface BACKUP

 

HTH

Sandy 

Kindly rate for helpful post . 

 

13 REPLIES

Hi  Add below NATTo access

Hi 

 

Add below NAT

To access your NEW server via new WAN IP address . 

static (WEB,BACKUP) tcp interface https 172.16.153.3 8001 netmask 255.255.255.255  norandomseq

 

HTH

Sandy

New Member

Hi Sandy,Thanks for your time

Hi Sandy,

Thanks for your time.

I added below NAT:

static (WEB,BACKUP) tcp interface https 172.16.153.3 8001 netmask 255.255.255.255  norandomseq
static (APP,BACKUP) tcp interface 8900 172.16.152.7 8900 netmask 255.255.255.255  norandomseq
static (APP,BACKUP) tcp interface 8901 172.16.152.7 8901 netmask 255.255.255.255  norandomseq

 

but still I can access the URL with new WAN IP. here is the URL : https://154.66.244.71/mmoney-web/

Please let me know what to do next.

Below are the running config after changes:

: Saved
:
ASA Version 8.0(2)
!
hostname ACTIVE-SITE1
enable password TBdKmmusfDZ7gglC encrypted
names
name 176.9.42.71 nl.2.pool.ntp.org
name 67.18.187.111 nl.0.pool.ntp.org
name 41.204.120.137 nl.mg.pool.ntp.org
name 41.216.193.18 nl.3.africa.pool.ntp.org
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 217.74.232.15 255.255.255.224
!
interface Ethernet0/1
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.1
 vlan 1
 nameif DB
 security-level 100
 ip address 172.16.151.126 255.255.255.128
!
interface Ethernet0/1.2
 vlan 2
 nameif APP
 security-level 100
 ip address 172.16.152.126 255.255.255.128
!
interface Ethernet0/1.3
 vlan 3
 nameif WEB
 security-level 100
 ip address 172.16.153.126 255.255.255.128
!
interface Ethernet0/1.4
 vlan 4
 nameif ILO
 security-level 100
 ip address 172.16.154.126 255.255.255.128
!
interface Ethernet0/1.5
 vlan 5
 nameif Ops
 security-level 100
 ip address 172.16.155.126 255.255.255.128
!
interface Ethernet0/2
 description LAN/STATE Failover Interface
!
interface Ethernet0/3
 nameif BACKUP
 security-level 0
 ip address 154.66.244.71 255.255.255.192
!
interface Management0/0
 speed 10
 duplex half
 nameif DMZ
 security-level 100
 ip address 10.76.172.201 255.0.0.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone EAT 3
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.4.4
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Mmoney tcp
 port-object eq 8092
 port-object eq 8001
object-group service PG tcp
 port-object eq 8900
 port-object eq 8901
object-group service DM_INLINE_TCP_1 tcp
 group-object Mmoney
 port-object eq www
 port-object eq https
 group-object PG
object-group network DM_INLINE_NETWORK_1
 network-object 172.16.151.0 255.255.255.128
 network-object 172.16.152.0 255.255.255.128
 network-object 172.16.153.0 255.255.255.128
 network-object 172.16.154.0 255.255.255.128
 network-object 172.16.155.0 255.255.255.128
object-group network DM_INLINE_NETWORK_4
 network-object 172.16.151.0 255.255.255.128
 network-object 172.16.152.0 255.255.255.128
object-group network DM_INLINE_NETWORK_5
 network-object 172.16.161.0 255.255.255.128
 network-object 172.16.162.0 255.255.255.128
access-list nationlink_splitTunnelAcl standard permit 172.16.162.0 255.255.255.128
access-list nationlink_splitTunnelAcl_1 standard permit 172.16.152.0 255.255.255.128
access-list nationlink_splitTunnelAcl_4 standard permit 172.16.152.0 255.255.255.128
access-list nationlink_splitTunnelAcl_4 standard permit 10.0.0.0 255.0.0.0
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 10.0.0.0 255.255.255.192
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 10.76.172.0 255.255.255.0
access-list APP_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_5
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 40.40.40.0 255.255.255.192
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 70.70.70.0 255.255.255.128
access-list APP_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 40.40.40.0 255.255.255.192
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.128 40.40.40.0 255.255.255.0
access-list APP_nat0_outbound extended permit ip 172.16.152.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list APP_nat0_outbound extended permit ip 172.16.155.0 255.255.255.128 192.168.46.0 255.255.255.0
access-list nationlink_splitTunnelAcl_2 standard permit 172.16.152.0 255.255.255.128
access-list nationlink_splitTunnelAcl_2 standard permit 172.16.151.0 255.255.255.128
access-list nationlink_splitTunnelAcl_2 standard permit 172.16.153.0 255.255.255.128
access-list nationlink_splitTunnelAcl_3 standard permit 172.16.151.0 255.255.255.128
access-list emaal-ilouser_splitTunnelAcl standard permit 172.16.154.0 255.255.255.128
access-list outside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp any any eq 6666
access-list outside_access_in extended permit tcp any any eq 7891
access-list outside_access_in extended permit udp any any eq ntp
access-list ILO_nat0_outbound extended permit ip 172.16.154.0 255.255.255.128 10.10.10.0 255.255.255.192
access-list ILO_nat0_outbound extended permit ip 172.16.154.0 255.255.255.128 40.40.40.0 255.255.255.0
access-list ILO_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 40.40.40.0 255.255.255.192
access-list outside_1_cryptomap extended permit ip 172.16.152.0 255.255.255.128 10.76.172.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 172.16.152.0 255.255.255.128 172.16.162.0 255.255.255.128
access-list ILOVLAN4_splitTunnelAcl standard permit 172.16.154.0 255.255.255.128
access-list sanovi-site1_splitTunnelAcl standard permit host 172.16.151.4
access-list DB_nat0_outbound extended permit ip host 172.16.151.4 25.25.25.0 255.255.255.224
access-list P2P extended permit ip 172.16.151.0 255.255.255.128 25.25.25.0 255.255.255.224
access-list P2P extended permit ip 172.16.151.0 255.255.255.128 172.16.161.0 255.255.255.128
access-list P2p_access_in extended permit ip any any
access-list nationlink3_splitTunnelAcl standard permit 172.16.154.0 255.255.255.128
access-list nationlink3_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list cisco_splitTunnelAcl standard permit 172.16.152.0 255.255.255.128
access-list cisco_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list test_splitTunnelAcl standard permit 172.16.152.0 255.255.255.128
access-list nonat extended permit ip 10.76.0.0 255.255.0.0 40.40.40.0 255.255.255.0
access-list nonatDMZ extended permit ip 10.0.0.0 255.0.0.0 40.40.40.0 255.255.255.0
access-list cap extended permit ip host 40.40.40.3 host 10.76.172.63
access-list cap extended permit ip host 10.76.172.63 host 40.40.40.3
access-list cap3 extended permit ip host 172.16.152.4 host 10.76.172.201
access-list cap3 extended permit ip host 10.76.172.201 host 172.16.152.4
access-list cap3 extended permit ip host 10.0.0.2 host 10.76.172.30
access-list cap3 extended permit ip host 10.76.172.30 host 10.0.0.2
access-list cap2 extended permit ip host 172.16.152.4 host 40.40.40.4
access-list cap2 extended permit ip host 40.40.40.4 host 172.16.152.4
access-list test extended permit ip host 172.16.151.4 host 10.76.172.63
access-list test extended permit ip host 10.76.172.63 host 172.16.151.4
access-list test1 extended permit ip host 172.16.152.4 host 10.76.172.63
access-list test1 extended permit ip host 10.76.172.63 host 172.16.152.4
access-list test2 extended permit ip host 172.16.152.4 host 10.76.172.201
access-list test2 extended permit ip host 10.76.172.201 host 172.16.152.4
access-list test3 extended permit ip host 172.16.152.4 host 172.16.151.126
access-list test3 extended permit ip host 172.16.151.126 host 172.16.152.4
access-list Ops_nat0_outbound extended permit ip 172.16.155.0 255.255.255.128 192.168.46.0 255.255.255.0
access-list outside_3_cryptomap extended permit ip 172.16.155.0 255.255.255.128 192.168.46.0 255.255.255.0
access-list NTP extended permit icmp host 172.16.153.3 any
access-list NTP extended permit icmp host 172.16.153.2 any
access-list NTP extended permit icmp host 172.16.153.1 any
access-list NTP extended permit udp host 172.16.153.3 host nl.2.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.2.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.2.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.3 host nl.0.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.0.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.0.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.3 host nl.mg.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.mg.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.mg.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.3 host nl.3.africa.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.2 host nl.3.africa.pool.ntp.org eq ntp
access-list NTP extended permit udp host 172.16.153.1 host nl.3.africa.pool.ntp.org eq ntp
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu DB 1500
mtu APP 1500
mtu WEB 1500
mtu ILO 1500
mtu Ops 1500
mtu BACKUP 1500
mtu DMZ 1500
ip local pool VPN 10.0.0.2-10.0.0.50 mask 255.255.255.128
ip local pool ilo 10.10.10.2-10.10.10.50 mask 255.255.255.128
ip local pool vpnpool 40.40.40.1-40.40.40.40 mask 255.255.255.0
ip local pool sanovi 25.25.25.2-25.25.25.25 mask 255.255.255.128
ip local pool newVPN 70.70.70.1-70.70.70.70 mask 255.255.0.0
failover
failover lan unit primary
failover lan interface failover Ethernet0/2
failover key *****
failover link failover Ethernet0/2
failover interface ip failover 10.10.10.1 255.255.255.0 standby 10.10.10.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any APP
icmp permit any DMZ
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (BACKUP) 1 interface
nat (DB) 0 access-list P2P
nat (APP) 0 access-list APP_nat0_outbound
nat (WEB) 1 access-list NTP
nat (ILO) 0 access-list ILO_nat0_outbound
nat (DMZ) 0 access-list nonatDMZ
static (WEB,outside) tcp interface https 172.16.153.3 8001 netmask 255.255.255.255  norandomseq
static (APP,outside) tcp interface 8900 172.16.152.7 8900 netmask 255.255.255.255  norandomseq
static (APP,outside) tcp interface 8901 172.16.152.7 8901 netmask 255.255.255.255  norandomseq
static (WEB,BACKUP) tcp interface https 172.16.153.3 8001 netmask 255.255.255.255  norandomseq
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 217.74.232.1 1 track 1
route BACKUP 0.0.0.0 0.0.0.0 154.66.244.65 254
route DMZ 172.16.161.0 255.255.255.0 192.168.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 BACKUP
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
 type echo protocol ipIcmpEcho 4.2.2.2 interface outside
 num-packets 3
 frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map mydynamic 10 set transform-set ESP-DES-SHA ESP-DES-MD5 ESP-AES-256-MD5 ESP-AES-256-SHA ESP-AES-192-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 217.74.232.3
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 84.233.182.218
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer 121.241.107.34
crypto map outside_map 3 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map mymap 2 match address outside_2_cryptomap
crypto map mymap 2 set pfs
crypto map mymap 2 set peer 84.233.182.218
crypto map mymap 2 set transform-set ESP-3DES-SHA
crypto map mymap 1000 ipsec-isakmp dynamic mydynamic
crypto map mymap interface BACKUP
crypto isakmp enable outside
crypto isakmp enable BACKUP
crypto isakmp policy 1
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 5
 lifetime 86400
crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
crypto isakmp ipsec-over-tcp port 10000
!
track 1 rtr 123 reachability
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 BACKUP
ssh timeout 60
console timeout 0
management-access DMZ
vpn load-balancing
 interface lbprivate WEB
threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
!
service-policy global_policy global
ntp server nl.2.pool.ntp.org
ntp server nl.mg.pool.ntp.org
ntp server nl.3.africa.pool.ntp.org
ntp server nl.0.pool.ntp.org
group-policy test internal
group-policy test attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value test_splitTunnelAcl
group-policy sanovi-site1 internal
group-policy sanovi-site1 attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value sanovi-site1_splitTunnelAcl
group-policy ILOVLAN4 internal
group-policy ILOVLAN4 attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ILOVLAN4_splitTunnelAcl
group-policy emaal-ilouser internal
group-policy emaal-ilouser attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value emaal-ilouser_splitTunnelAcl
group-policy cisco internal
group-policy cisco attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value cisco_splitTunnelAcl
group-policy nationlink3 internal
group-policy nationlink3 attributes
 dns-server value 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value nationlink3_splitTunnelAcl
group-policy nationlink internal
group-policy nationlink attributes
 vpn-simultaneous-logins 50
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value nationlink_splitTunnelAcl_4
username test password P4ttSyrm33SV8TYp encrypted privilege 0
username test attributes
 vpn-group-policy test
username sanovi password yVffc6q4JZU//5xU encrypted privilege 0
username sanovi attributes
 vpn-group-policy sanovi-site1
username admin password SWZ1kF7VOHAXyK10 encrypted privilege 15
username emaal-ilouser password XCE.CqS6nvttZYic encrypted privilege 0
username emaal-ilouser attributes
 vpn-group-policy emaal-ilouser
username cisco123 password ffIRPGpDSOJh9YLq encrypted privilege 0
username cisco123 attributes
 vpn-group-policy cisco
username cisco1 password i675yHjYh7DFdX7e encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username nationlink3 password Q3j4FV4cRow3qzQ6 encrypted privilege 0
username nationlink3 attributes
 vpn-group-policy nationlink3
username nationlinkilo password guj9QBhuRxkKppvA encrypted privilege 0
username nationlinkilo attributes
 vpn-group-policy ILOVLAN4
username nationlink password y/fB7FUObNv4Fjl2 encrypted privilege 0
username nationlink attributes
 vpn-group-policy nationlink
 vpn-access-hours none
 vpn-simultaneous-logins 50
 vpn-idle-timeout none
 vpn-session-timeout none
tunnel-group nationlink type remote-access
tunnel-group nationlink general-attributes
 address-pool VPN
 default-group-policy nationlink
tunnel-group nationlink ipsec-attributes
 pre-shared-key *
tunnel-group 217.74.232.3 type ipsec-l2l
tunnel-group 217.74.232.3 ipsec-attributes
 pre-shared-key *
tunnel-group emaal-ilouser type remote-access
tunnel-group emaal-ilouser general-attributes
 address-pool ilo
 default-group-policy emaal-ilouser
tunnel-group emaal-ilouser ipsec-attributes
 pre-shared-key *
tunnel-group 84.233.182.218 type ipsec-l2l
tunnel-group 84.233.182.218 ipsec-attributes
 pre-shared-key *
tunnel-group ILOVLAN4 type remote-access
tunnel-group ILOVLAN4 general-attributes
 address-pool ilo
 default-group-policy ILOVLAN4
tunnel-group ILOVLAN4 ipsec-attributes
 pre-shared-key *
tunnel-group sanovi-site1 type remote-access
tunnel-group sanovi-site1 general-attributes
 address-pool sanovi
 default-group-policy sanovi-site1
tunnel-group sanovi-site1 ipsec-attributes
 pre-shared-key *
tunnel-group nationlink3 type remote-access
tunnel-group nationlink3 general-attributes
 address-pool vpnpool
 default-group-policy nationlink3
tunnel-group nationlink3 ipsec-attributes
 pre-shared-key *
tunnel-group cisco type remote-access
tunnel-group cisco general-attributes
 address-pool vpnpool
 default-group-policy cisco
tunnel-group cisco ipsec-attributes
 pre-shared-key *
tunnel-group test type remote-access
tunnel-group test general-attributes
 address-pool newVPN
 default-group-policy test
tunnel-group test ipsec-attributes
 pre-shared-key *
tunnel-group 121.241.107.34 type ipsec-l2l
tunnel-group 121.241.107.34 ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:bef76609e6eb18222281f7dc65964ca3
: end

 

 

 

 

 

Abdul

 

Hi , Look like you need to

Hi ,

 Look like you need to modify default route with equal metric . Since you have many VPN tunnel try this in off business hour . Possibility your VPN tunnel may get flapped during this route  modification .

 no route BACKUP 0.0.0.0 0.0.0.0 154.66.244.65 254

  route BACKUP 0.0.0.0 0.0.0.0 154.66.244.65 1 

Share me show nat output from your ASA 

 

HTH

Sandy 

New Member

Hi Sandy, I executed the

Hi Sandy,

 

I executed the commands, the first one remove the route entry but entering the second route command, I am getting  below error:

ACTIVE-SITE1(config)# route BACKUP 0.0.0.0 0.0.0.0 154.66.244.65 1
ERROR: Cannot add route entry, conflict with existing routes

 

Regards,

Abdul

Hi , Remove 1 from your below

Hi ,

 Remove 1 from your below command 

 route BACKUP 0.0.0.0 0.0.0.0 154.66.244.65 

 

HTH

Sandy

New Member

Hi Sandy,Still I am getting

Hi Sandy,

Still I am getting the same error:

ACTIVE-SITE1(config)# route BACKUP 0.0.0.0 0.0.0.0 154.66.244.65
ERROR: Cannot add route entry, conflict with existing routes
ACTIVE-SITE1(config)#

 

below is the show nat command output:

ACTIVE-SITE1# show nat

NAT policies on Interface DB:
  match ip DB 172.16.151.0 255.255.255.128 outside 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 1, untranslate_hits = 2
  match ip DB 172.16.151.0 255.255.255.128 outside 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 DB 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 DB 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 APP 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 APP 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 WEB 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 WEB 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 ILO 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 ILO 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 Ops 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 Ops 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 BACKUP 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 BACKUP 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 DMZ 25.25.25.0 255.255.255.224
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DB 172.16.151.0 255.255.255.128 DMZ 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 94768, untranslate_hits = 0

NAT policies on Interface APP:
  match ip APP 172.16.152.0 255.255.255.128 outside 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 938, untranslate_hits = 467472
  match ip APP 172.16.152.0 255.255.255.128 outside 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 263, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 outside 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 outside 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 outside 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 outside 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 2263506, untranslate_hits = 19378
  match ip APP 172.16.152.0 255.255.255.128 outside 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 outside 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 outside 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 outside 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 outside 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 68, untranslate_hits = 26011
  match ip APP 172.16.155.0 255.255.255.128 outside 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DB 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DB 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 DB 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 DB 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DB 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DB 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DB 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DB 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 DB 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DB 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 DB 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.155.0 255.255.255.128 DB 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 APP 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 APP 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 APP 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 APP 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 APP 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 APP 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 APP 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 APP 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 APP 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 APP 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 APP 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.155.0 255.255.255.128 APP 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 WEB 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 WEB 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 WEB 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 WEB 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 WEB 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 WEB 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 WEB 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 WEB 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 WEB 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 WEB 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 WEB 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.155.0 255.255.255.128 WEB 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 ILO 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 ILO 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 ILO 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 ILO 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 ILO 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 ILO 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 ILO 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 ILO 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 ILO 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 ILO 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 ILO 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.155.0 255.255.255.128 ILO 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 Ops 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 Ops 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 Ops 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 Ops 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 Ops 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 Ops 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 Ops 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 Ops 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 Ops 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 Ops 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 Ops 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.155.0 255.255.255.128 Ops 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 BACKUP 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 48, untranslate_hits = 438
  match ip APP 172.16.152.0 255.255.255.128 BACKUP 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 BACKUP 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 BACKUP 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 BACKUP 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 BACKUP 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 21818, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 BACKUP 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 BACKUP 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 BACKUP 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 BACKUP 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 BACKUP 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.155.0 255.255.255.128 BACKUP 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DMZ 10.0.0.0 255.255.255.192
    NAT exempt
    translate_hits = 20981, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DMZ 10.76.172.0 255.255.255.0
    NAT exempt
    translate_hits = 4521402, untranslate_hits = 659606
  match ip APP 172.16.151.0 255.255.255.128 DMZ 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.151.0 255.255.255.128 DMZ 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DMZ 172.16.161.0 255.255.255.128
    NAT exempt
    translate_hits = 422, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DMZ 172.16.162.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DMZ 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DMZ 70.70.70.0 255.255.255.128
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 10.0.0.0 255.0.0.0 DMZ 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.128 DMZ 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip APP 172.16.152.0 255.255.255.0 DMZ 10.0.0.0 255.0.0.0
    NAT exempt
    translate_hits = 8, untranslate_hits = 0
  match ip APP 172.16.155.0 255.255.255.128 DMZ 192.168.46.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match tcp APP host 172.16.152.7 eq 8900 outside any
    static translation to 217.74.232.15/8900
    translate_hits = 72, untranslate_hits = 8119
  match tcp APP host 172.16.152.7 eq 8901 outside any
    static translation to 217.74.232.15/8901
    translate_hits = 9, untranslate_hits = 810
  match tcp APP host 172.16.152.7 eq 8900 BACKUP any
    static translation to 154.66.244.71/8900
    translate_hits = 0, untranslate_hits = 0
  match tcp APP host 172.16.152.7 eq 8901 BACKUP any
    static translation to 154.66.244.71/8901
    translate_hits = 0, untranslate_hits = 0

NAT policies on Interface WEB:
  match tcp WEB host 172.16.153.3 eq 8001 outside any
    static translation to 217.74.232.15/443
    translate_hits = 1963, untranslate_hits = 104996
  match tcp WEB host 172.16.153.3 eq 8001 BACKUP any
    static translation to 154.66.244.71/443
    translate_hits = 3, untranslate_hits = 223
  match icmp WEB host 172.16.153.3 outside any
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 outside any
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 13, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 outside any
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 182, untranslate_hits = 1
  match udp WEB host 172.16.153.3 outside host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 outside host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 31, untranslate_hits = 0
  match udp WEB host 172.16.153.1 outside host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 36, untranslate_hits = 0
  match udp WEB host 172.16.153.3 outside host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 outside host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 30, untranslate_hits = 0
  match udp WEB host 172.16.153.1 outside host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 34, untranslate_hits = 0
  match udp WEB host 172.16.153.3 outside host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 outside host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 59040, untranslate_hits = 7918
  match udp WEB host 172.16.153.1 outside host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 52538, untranslate_hits = 2443
  match udp WEB host 172.16.153.3 outside host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 outside host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 42024, untranslate_hits = 5802
  match udp WEB host 172.16.153.1 outside host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (217.74.232.15 [Interface PAT])
    translate_hits = 42288, untranslate_hits = 11283
  match icmp WEB host 172.16.153.3 DB any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 DB any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 DB any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DB host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DB host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DB host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DB host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DB host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DB host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DB host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DB host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DB host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DB host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DB host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DB host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.3 APP any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 APP any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 APP any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 APP host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 APP host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 APP host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 APP host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 APP host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 APP host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 APP host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 APP host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 APP host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 APP host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 APP host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 APP host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.3 WEB any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 WEB any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 WEB any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 WEB host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 WEB host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 WEB host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 WEB host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 WEB host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 WEB host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 WEB host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 WEB host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 WEB host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 WEB host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 WEB host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 WEB host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.3 ILO any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 ILO any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 ILO any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 ILO host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 ILO host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 ILO host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 ILO host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 ILO host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 ILO host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 ILO host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 ILO host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 ILO host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 ILO host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 ILO host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 ILO host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.3 Ops any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 Ops any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 Ops any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 762, untranslate_hits = 0
  match udp WEB host 172.16.153.3 Ops host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 Ops host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 Ops host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 Ops host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 Ops host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 Ops host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 Ops host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 Ops host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 Ops host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 Ops host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 Ops host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 Ops host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.3 BACKUP any
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 BACKUP any
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 BACKUP any
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 BACKUP host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 BACKUP host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 BACKUP host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 BACKUP host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 BACKUP host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 BACKUP host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 BACKUP host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 BACKUP host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 542, untranslate_hits = 0
  match udp WEB host 172.16.153.1 BACKUP host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 530, untranslate_hits = 0
  match udp WEB host 172.16.153.3 BACKUP host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 BACKUP host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 548, untranslate_hits = 428
  match udp WEB host 172.16.153.1 BACKUP host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (154.66.244.71 [Interface PAT])
    translate_hits = 531, untranslate_hits = 423
  match icmp WEB host 172.16.153.3 DMZ any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.2 DMZ any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match icmp WEB host 172.16.153.1 DMZ any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DMZ host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DMZ host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DMZ host nl.2.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DMZ host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DMZ host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DMZ host nl.0.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DMZ host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DMZ host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DMZ host nl.mg.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.3 DMZ host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.2 DMZ host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match udp WEB host 172.16.153.1 DMZ host nl.3.africa.pool.ntp.org eq 123
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0

NAT policies on Interface ILO:
  match ip ILO 172.16.154.0 255.255.255.128 outside 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 outside 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 outside 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 DB 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 DB 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 DB 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 APP 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 APP 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 APP 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 WEB 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 WEB 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 WEB 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 ILO 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 ILO 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 ILO 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 Ops 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 Ops 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 Ops 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 BACKUP 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 BACKUP 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 BACKUP 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 DMZ 10.10.10.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 172.16.154.0 255.255.255.128 DMZ 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip ILO 10.0.0.0 255.0.0.0 DMZ 40.40.40.0 255.255.255.192
    NAT exempt
    translate_hits = 0, untranslate_hits = 0

NAT policies on Interface DMZ:
  match ip DMZ 10.0.0.0 255.0.0.0 outside 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 10.0.0.0 255.0.0.0 DB 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 10.0.0.0 255.0.0.0 APP 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 10.0.0.0 255.0.0.0 WEB 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 10.0.0.0 255.0.0.0 ILO 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 10.0.0.0 255.0.0.0 Ops 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 10.0.0.0 255.0.0.0 BACKUP 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 10.0.0.0 255.0.0.0 DMZ 40.40.40.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 0
ACTIVE-SITE1# $

 

 

Regards,

 

Abdul

Hi  Share me show running

Hi 

 Share me show running route from your ASA firewall . 

 

HTH

Sandy

New Member

Hi, Below is the output of

Hi,

 

Below is the output of show running route:

 

ACTIVE-SITE1# show running route
route outside 0.0.0.0 0.0.0.0 217.74.232.1 1 track 1
route DMZ 172.16.161.0 255.255.255.0 192.168.1.2 1

 

Regards,

 

Abdul

Hi  , can you you open webex

Hi  ,

 can you you open webex session ?? 

 

New Member

 Hi, Webex is ready and I

 

Hi,

 

Webex is ready and I sent invitation, alternatively you can use this url:

https://meetings.webex.com/collabs/meetings/join?uuid=M4MZ9EENPEELH99BWGMJTB34LU-LQR3

 

 

New Member

Hi Sandy, I am online on the

Hi Sandy,

 

I am online on the skype pls ping me.

I need your help to solve the issue.

Thanks,

 

Abdul

Hi Abdul ,On remote session 

Hi Abdul ,

On remote session

  I have updated your NAT config for your Backup Interface , along with that i have applied ACL permitting https traffic  on your BACK up interface.

Here is summary of configuration 

static (WEB,BACKUP) tcp interface https 172.16.153.3 8001 netmask 255.255.255.255  norandomseq

access-group outside_access_in in interface BACKUP

 

HTH

Sandy 

Kindly rate for helpful post . 

 

New Member

Hi Sandy,Thank you very much

Hi Sandy,

Thank you very much for the support.

The issue is resolved and now we can access the URL with the secondary ISP, so I really appreciated the time you spent with me.

 

Cheers,

 

Abdul

167
Views
20
Helpful
13
Replies