Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Not Able to ping the Host from Inside Interface From PIX525

When iam tried to upgrading PIX525  6.3 to  7.0 , Not able to Ping the    host from the PIX 525 Inside interface  which is on the same subnet,  Also from the host to Inside Interface ,  Tried with Directly connected  laptop with Cross cable and using Straight cable via switch, But the  results end with fail.

2 REPLIES
Red

Not Able to ping the Host from Inside Interface From PIX525

Hi,

Do you have a show tech from the time you upraded the firewall to version 7.0??

Can you share that?

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Not Able to ping the Host from Inside Interface From PIX525

Hi Varun

I have attached the Sh tech-Support

sh tech support

Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee

FW-CORP up 3 hours 12 mins

Hardware:   PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 000f.34d8.3c18, irq 10

1: ethernet1: address is 000f.34d8.3c19, irq 11

2: ethernet2: address is 000d.88ee.1168, irq 11

3: ethernet3: address is 000d.88ee.1169, irq 10

4: ethernet4: address is 000d.88ee.116a, irq 9

5: ethernet5: address is 000d.88ee.116b, irq 5

Licensed Features:

Failover:                    Enabled

<--- More --->

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 8

Maximum Interfaces:          12

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                Unlimited

Throughput:                  Unlimited

IKE peers:                   Unlimited

This PIX has a Failover Only (FO) license.

Serial Number: 808092851 (0x302a84b3)

Running Activation Key: 0x51f05806 0x46615259 0xd47d04a4 0x6de07c80

Configuration last modified by enable_15 at 16:24:11.001 IST Tue Jan 24 2012

------------------ show clock ------------------

16:27:16.954 IST Tue Jan 24 2012

<--- More --->

------------------ show memory ------------------

Free memory:       205886928 bytes

Used memory:        62548528 bytes

-------------     ----------------

Total memory:      268435456 bytes

------------------ show conn count ------------------

0 in use, 0 most used

------------------ show xlate count ------------------

0 in use, 0 most used

------------------ show blocks ------------------

  SIZE    MAX    LOW    CNT

     4   1600   1600   1600

<--- More --->

    80    400    399    400

   256   1012   1008   1012

  1550   2469   1691   1700

------------------ show interface ------------------

interface ethernet0 "outside" is up, line protocol is down

  Hardware is i82559 ethernet, address is 000f.34d8.3c18

  IP address 210.212.241.66, subnet mask 255.255.255.224

  MTU 1500 bytes, BW 100000 Kbit full duplex

    0 packets input, 0 bytes, 0 no buffer

    Received 0 broadcasts, 0 runts, 0 giants

    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

    0 packets output, 0 bytes, 0 underruns

    0 output errors, 0 collisions, 0 interface resets

    0 babbles, 0 late collisions, 0 deferred

    0 lost carrier, 0 no carrier

    input queue (curr/max blocks): hardware (128/128) software (0/0)

    output queue (curr/max blocks): hardware (0/0) software (0/0)

interface ethernet1 "inside" is up, line protocol is down

<--- More --->

  Hardware is i82559 ethernet, address is 000f.34d8.3c19

  IP address 172.16.24.3, subnet mask 255.255.252.0

  MTU 1500 bytes, BW 100000 Kbit full duplex

    0 packets input, 0 bytes, 0 no buffer

    Received 0 broadcasts, 0 runts, 0 giants

    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

    480 packets output, 28800 bytes, 0 underruns

    0 output errors, 0 collisions, 0 interface resets

    0 babbles, 0 late collisions, 0 deferred

    0 lost carrier, 0 no carrier

    input queue (curr/max blocks): hardware (128/128) software (0/0)

    output queue (curr/max blocks): hardware (0/2) software (0/1)

interface ethernet2 "WAN" is up, line protocol is down

  Hardware is i82559 ethernet, address is 000d.88ee.1168

  IP address 172.16.9.1, subnet mask 255.255.255.0

  MTU 1500 bytes, BW 100000 Kbit full duplex

    0 packets input, 0 bytes, 0 no buffer

    Received 0 broadcasts, 0 runts, 0 giants

    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

    0 packets output, 0 bytes, 0 underruns

<--- More --->

    0 output errors, 0 collisions, 0 interface resets

    0 babbles, 0 late collisions, 0 deferred

    0 lost carrier, 0 no carrier

    input queue (curr/max blocks): hardware (128/128) software (0/0)

    output queue (curr/max blocks): hardware (0/0) software (0/0)

interface ethernet3 "DMZ" is up, line protocol is down

  Hardware is i82559 ethernet, address is 000d.88ee.1169

  IP address 172.16.8.1, subnet mask 255.255.255.0

  MTU 1500 bytes, BW 100000 Kbit full duplex

    0 packets input, 0 bytes, 0 no buffer

    Received 0 broadcasts, 0 runts, 0 giants

    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

    0 packets output, 0 bytes, 0 underruns

    0 output errors, 0 collisions, 0 interface resets

    0 babbles, 0 late collisions, 0 deferred

    0 lost carrier, 0 no carrier

    input queue (curr/max blocks): hardware (128/128) software (0/0)

    output queue (curr/max blocks): hardware (0/0) software (0/0)

interface ethernet4 "intf4" is administratively down, line protocol is down

  Hardware is i82559 ethernet, address is 000d.88ee.116a

<--- More --->

  MTU 1500 bytes, BW 10000 Kbit half duplex

    0 packets input, 0 bytes, 0 no buffer

    Received 0 broadcasts, 0 runts, 0 giants

    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

    0 packets output, 0 bytes, 0 underruns

    0 output errors, 0 collisions, 0 interface resets

    0 babbles, 0 late collisions, 0 deferred

    0 lost carrier, 0 no carrier

    input queue (curr/max blocks): hardware (128/128) software (0/0)

    output queue (curr/max blocks): hardware (0/0) software (0/0)

interface ethernet5 "intf5" is administratively down, line protocol is down

  Hardware is i82559 ethernet, address is 000d.88ee.116b

  MTU 1500 bytes, BW 10000 Kbit half duplex

    0 packets input, 0 bytes, 0 no buffer

    Received 0 broadcasts, 0 runts, 0 giants

    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

    0 packets output, 0 bytes, 0 underruns

    0 output errors, 0 collisions, 0 interface resets

    0 babbles, 0 late collisions, 0 deferred

    0 lost carrier, 0 no carrier

<--- More --->

    input queue (curr/max blocks): hardware (128/128) software (0/0)

    output queue (curr/max blocks): hardware (0/0) software (0/0)

------------------ show cpu usage ------------------

CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%

------------------ show process ------------------

    PC       SP       STATE       Runtime    SBASE     Stack Process

Hsi 001eaa09 00a6ee14 00555860          0 00a6de8c 3404/4096 arp_timer

Lsi 001effad 00b3203c 00555860          0 00b310c4 3928/4096 FragDBGC

Lwe 00119abf 00bb575c 00558fc0          0 00bb48f4 3688/4096 dbgtrace

Lwe 003e3f55 00bb78ec 0054e188          0 00bb59a4 6648/8192 Logger

Hwe 003e80d0 00bba9e4 0054e438          0 00bb8a6c 8024/8192 tcp_fast

Hwe 003e8049 00bbca94 0054e438          0 00bbab1c 8024/8192 tcp_slow

Lsi 003006f9 02a9cb84 00555860          0 02a9bbfc 3944/4096 xlate clean

Lsi 00300607 02a9dc24 00555860          0 02a9ccac 3444/4096 uxlate clean

Mwe 002f82d3 02f2a024 00555860          0 02f2808c 7908/8192 tcp_intercept_timer_process

<--- More --->

Lsi 0043a545 02fd48dc 00555860          0 02fd3954 3900/4096 route_process

Hsi 002e80f4 02fd596c 00555860         10 02fd4a04 3780/4096 PIX Garbage Collector

Hwe 00217101 02fdfa9c 00555860          0 02fdbb34 16048/16384 isakmp_time_keeper

Lsi 002e5e74 02ff905c 00555860          0 02ff80d4 3944/4096 perfmon

Mwe 0020e719 0302348c 00555860          0 03021514 7860/8192 IPsec timer handler

Hwe 0039a4db 03038054 00570980          0 0303610c 6880/8192 qos_metric_daemon

Mwe 00261395 03052b8c 00555860          0 0304ec24 15544/16384 IP Background

Lwe 002f8f4a 03105a1c 0056bc98          0 03104ba4 3704/4096 pix/trace

Lwe 002f9182 03106acc 0056c3c8          0 03105c54 3704/4096 pix/tconsole

H*  0011ee7e 0009ff2c 00555848        500 03115244 13148/16384 ci/console

Hwe 00433b3a 0311aa5c 005cac68         10 03119b24 3684/4096 lu_ctl

Csi 002f0fd3 0311bb2c 00555860          0 0311abd4 3432/4096 update_cpu_usage

Hwe 002dcba1 031bfac4 00534c00          0 031bbc3c 15884/16384 uauth_in

Hwe 003e6b5d 031c1bc4 00b69828          0 031bfcec 7896/8192 uauth_thread

Hwe 003fce0a 031c2d14 0054e788          0 031c1d9c 3960/4096 udp_timer

Hsi 001e2636 031c49d4 00555860          0 031c3a5c 3844/4096 557mcfix

Crd 001e25eb 031c5a94 00555cd8   10691530 031c4b0c 3728/4096 557poll

Lsi 001e26a5 031c6b34 00555860          0 031c5bbc 3716/4096 557timer

Cwe 001e4229 034c8c0c 007bfc58          0 034c6d14 7928/8192 pix/intf0

Mwe 003fcb7a 034c9d1c 00bb2450          0 034c8de4 3896/4096 riprx/0

<--- More --->

Msi 003a3999 034cae2c 00555860          0 034c9eb4 3888/4096 riptx/0

Cwe 001e4229 035ccfc4 0074a6e8          0 035cb0cc 7928/8192 pix/intf1

Mwe 003fcb7a 035ce0d4 00bb2408          0 035cd19c 3896/4096 riprx/1

Msi 003a3999 035cf1e4 00555860          0 035ce26c 3888/4096 riptx/1

Cwe 001e4229 036d137c 008351c8          0 036cf484 7928/8192 pix/intf2

Mwe 003fcb7a 036d248c 00bb23c0          0 036d1554 3896/4096 riprx/2

Msi 003a3999 036d359c 00555860          0 036d2624 3888/4096 riptx/2

Cwe 001e4229 037d5734 008aa738          0 037d383c 7928/8192 pix/intf3

Mwe 003fcb7a 037d6844 00bb2378          0 037d590c 3896/4096 riprx/3

Msi 003a3999 037d7954 00555860          0 037d69dc 3888/4096 riptx/3

Cwe 001eccfd 038d9b5c 00a0b360          0 038d7bf4 8040/8192 pix/intf4

Mwe 003fcb7a 038dabfc 00bb2330          0 038d9cc4 3896/4096 riprx/4

Msi 003a3999 038dbd0c 00555860          0 038dad94 3888/4096 riptx/4

Cwe 001eccfd 039ddf14 00a0b2b8          0 039dbfac 8040/8192 pix/intf5

Mwe 003fcb7a 039defb4 00bb22e8          0 039de07c 3896/4096 riprx/5

Msi 003a3999 039e00c4 00555860          0 039df14c 3888/4096 riptx/5

Hsi 00434921 039e22dc 00555860          0 039e1364 3800/4096 lu_xmit_timer

Hwe 00433665 039e337c 00551f38          0 039e2414 3900/4096 lu_rx

Hwe 001b0a3f 03acc48c 0055d4d8        450 03acb524 3292/4096 fover_thread

Hwe 0011f217 03acd1e4 00502c18          0 03acc53c 3204/4096 fover_rx

<--- More --->

Hwe 001b3791 03ace4cc 0055db5c          0 03acd554 3960/4096 fover_tx

Hwe 001b0c44 03acf4e4 0055db68          0 03ace56c 3960/4096 fover_rep

Lwe 001b0dfd 03ad050c 0055db70          0 03acf584 3976/4096 fover_lu_rep

Hwe 001b3d72 03ad4514 0055db78          0 03ad059c 16212/16384 fover_parse

Hwe 003e6df1 03b51e04 00b3ffb0          0 03b51b5c  284/1024 listen/http1

Hwe 003fcb7a 03b529b4 00bb2258          0 03b5200c 2356/4096 snmp

Hwe 003fcb7a 03b535d4 00bb22a0          0 03b5328c  840/1024 snmp_ex

Hwe 003e6df1 03b53a14 00b400a8          0 03b537cc  172/1024 listen/pfm

Hwe 003e6df1 03b542c4 00b401a0          0 03b53c7c 1196/2048 listen/telnet_1

Mwe 00370852 03b564a4 00555860          0 03b5452c 7640/8192 Crypto CA

------------------ show failover ------------------

Failover Off

Cable status: My side not connected

Reconnect timeout 0:00:00

Poll frequency 15 seconds

------------------ show traffic ------------------

<--- More --->

outside:

    received (in 11571.660 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

    transmitted (in 11571.660 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

inside:

    received (in 11571.660 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

    transmitted (in 11571.660 secs):

        480 packets    28800 bytes

        0 pkts/sec    2 bytes/sec

WAN:

    received (in 11571.660 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

    transmitted (in 11571.660 secs):

        0 packets    0 bytes

<--- More --->

        0 pkts/sec    0 bytes/sec

DMZ:

    received (in 11572.160 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

    transmitted (in 11572.160 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

intf4:

    received (in 11572.160 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

    transmitted (in 11572.160 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

intf5:

    received (in 11572.160 secs):

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

    transmitted (in 11572.160 secs):

<--- More --->

        0 packets    0 bytes

        0 pkts/sec    0 bytes/sec

------------------ show perfmon ------------------

PERFMON STATS:    Current      Average

Xlates               0/s          0/s

Connections          0/s          0/s

TCP Conns            0/s          0/s

UDP Conns            0/s          0/s

URL Access           0/s          0/s

URL Server Req       0/s          0/s

TCP Fixup            0/s          0/s

TCPIntercept         0/s          0/s

HTTP Fixup           0/s          0/s

FTP Fixup            0/s          0/s

AAA Authen           0/s          0/s

AAA Author           0/s          0/s

AAA Account          0/s          0/s

<--- More --->

------------------ show running-config ------------------

: Saved

:

PIX Version 6.3(3)

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 100full

interface ethernet3 100full

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 WAN security20

nameif ethernet3 DMZ security10

nameif ethernet4 intf4 security8

nameif ethernet5 intf5 security10

enable password ekYJs62QpGo3yhFR encrypted

passwd L3VazNrH9ZA721zj encrypted

<--- More --->

hostname FW-CORP

domain-name nlcindia.com

clock timezone IST 5 30

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 194.39.131.34 SAPinternational

name 194.117.106.129 SAPInter1

name 192.170.77.107 ISEE_server_GH

<--- More --->

name 59.145.145.85 srldc

name 202.71.156.134 accounts_site

name 202.71.128.85 icwai

name 164.100.194.13 ENVFOR.NIC.IN

name 61.246.52.130 srldc2

name 164.100.10.11 cisf_mail

name 220.227.184.157 NRYHRIDLYA

name 180.151.32.65 SRLDC

name 111.93.128.27 SRLDC2

name 111.93.128.28 SRLDC-3

name 212.95.126.13 OPENVASNVT

object-group service InetWebServerOutsidePorts tcp

  description Outside m/c can connect to these ports

  port-object eq 8080

  port-object eq 8085

  port-object eq www

  port-object eq https

object-group network WebServers

  network-object 172.16.164.68 255.255.255.255

  network-object 172.16.92.52 255.255.255.255

<--- More --->

  network-object 172.16.116.99 255.255.255.255

  network-object 172.16.24.75 255.255.255.255

  network-object 172.16.24.58 255.255.255.255

  network-object 172.16.28.51 255.255.255.255

  network-object 172.16.140.51 255.255.255.255

  network-object 172.16.49.50 255.255.255.255

  network-object 172.16.24.71 255.255.255.255

  network-object 172.16.24.80 255.255.255.255

object-group service Browsing-Download tcp

  description Protocols for Browsing & Downloading

  port-object eq www

  port-object eq ftp-data

  port-object eq ftp

  port-object eq https

  port-object range 9080 9080

object-group network netadmin

  network-object 172.16.26.1 255.255.255.255

  network-object 172.16.26.3 255.255.255.255

  network-object 172.16.24.134 255.255.255.255

object-group service InetWebServerRemoteMgmt tcp

<--- More --->

  description Services to remotely manage Internet Web Server

  group-object Browsing-Download

  port-object eq telnet

object-group network AMSDATA

  description To get AMS Data from WAN

  network-object 172.16.24.133 255.255.255.255

  network-object 172.16.24.129 255.255.255.255

object-group network WAN_ROUTERS

  description Routers in WAN

  network-object 172.16.232.1 255.255.255.255

  network-object 172.16.240.1 255.255.255.255

  network-object 172.16.9.21 255.255.255.255

  network-object 172.16.9.22 255.255.255.255

  network-object 172.16.248.1 255.255.255.255

  network-object 172.16.9.23 255.255.255.255

object-group network CR_WAN

  description Card Readers WAN

  network-object 172.16.233.13 255.255.255.255

  network-object 172.16.233.14 255.255.255.255

object-group service GH-TELE-PORTS tcp

<--- More --->

  description Ports needed for TeleMedicine

  port-object eq www

  port-object eq ftp-data

  port-object eq 1740

  port-object range 1715 1731

object-group network AMSPC_WAN

  network-object 172.16.233.1 255.255.255.255

  network-object 172.16.233.28 255.255.255.255

object-group service InetWebServerASRPorts tcp

  description Ports opened for ASR of SUN Server

  port-object eq 1691

  port-object eq 162

  port-object eq 6481

object-group network MMC_HOSTS

  description Servers in MMC

  network-object 172.16.104.65 255.255.255.255

  network-object 172.16.104.67 255.255.255.255

  network-object 172.16.104.89 255.255.255.255

access-list acl-in permit icmp any any

access-list acl-in permit tcp any host 172.16.8.51 eq www

<--- More --->

access-list acl-in permit tcp any host 172.16.8.51 eq 8080

access-list acl-in permit tcp any host 172.16.8.51 eq 8085

access-list acl-in permit tcp any host 172.16.8.51 eq https

access-list acl-in permit ip host 172.16.120.70 host ISEE_server_GH

access-list acl-in permit ip any host srldc

access-list acl-in permit ip host 172.16.104.66 host 172.16.8.51

access-list acl-in permit tcp host 172.16.24.56 any object-group Browsing-Download

access-list acl-in permit tcp host 172.16.24.56 host accounts_site eq 85

access-list acl-in permit tcp host 172.16.24.56 host icwai eq 85

access-list acl-in permit tcp host 172.16.24.56 host ENVFOR.NIC.IN eq 8080

access-list acl-in permit ip object-group netadmin any

access-list acl-in permit tcp host 172.16.24.80 host 172.16.8.51

access-list acl-in permit tcp host 172.16.24.56 any eq domain

access-list acl-in permit udp host 172.16.24.56 any eq domain

access-list acl-in permit tcp host 172.16.24.58 any eq domain

access-list acl-in permit udp host 172.16.24.58 any eq domain

access-list acl-in permit tcp host 172.16.26.4 host 172.16.8.51 object-group InetWebServerRemoteMgmt

access-list acl-in permit ip host 172.18.4.72 host 172.16.8.254

access-list acl-in permit ip any host 172.16.8.254

access-list acl-in permit tcp host 172.16.24.58 host 172.16.8.52 eq smtp

<--- More --->

access-list acl-in permit tcp host 172.16.24.58 host 172.16.8.52 eq 27

access-list acl-in permit tcp host 172.18.4.72 host SAPinternational eq 3299

access-list acl-in deny tcp host 172.18.4.72 eq 3200 host 172.16.8.254 eq 3200

access-list acl-in permit udp host 172.16.24.48 object-group WAN_ROUTERS eq snmp

access-list acl-in permit udp host 172.16.24.38 object-group WAN_ROUTERS eq snmp

access-list acl-in permit ip any host srldc2

access-list acl-in permit tcp any host cisf_mail eq 465

access-list acl-in permit tcp any host cisf_mail eq 995

access-list acl-in permit ip host 172.16.123.50 host NRYHRIDLYA

access-list acl-in permit ip any host SRLDC

access-list acl-in permit ip any host SRLDC2

access-list acl-in remark SRLDC-3

access-list acl-in permit ip any host SRLDC-3

access-list acl-in permit tcp host 172.16.24.48 host OPENVASNVT eq 873

access-list acl-in permit tcp object-group netadmin object-group CR_WAN eq www

access-list acl-in permit tcp host 172.16.34.106 object-group CR_WAN eq www

access-list acl-in permit tcp any host 172.16.8.52 eq 8080

access-list acl-in permit udp host 172.16.24.56 any eq snmp

access-list acl-in permit ip object-group AMSDATA host 172.16.241.1

access-list acl-in permit ip host 172.16.43.48 host 61.95.184.68

<--- More --->

access-list acl-in permit ip host 172.16.24.56 any

access-list acl-in permit ip host 172.16.43.38 host 121.246.243.230

access-list acl-in permit ip host 172.16.43.48 host 121.246.243.230

access-list acl-in permit ip host 172.16.43.48 host 124.124.238.154

access-list acl-in permit ip host 172.16.43.48 host 121.240.157.157

access-list acl-in permit ip host 172.16.24.122 host 172.16.8.52

access-list acl-in permit ip host 172.16.120.18 host 122.183.188.158

access-list acl-in permit ip host 172.16.26.1 host 172.16.242.8

access-list acl-in permit ip host 172.16.26.2 host 172.16.242.8

access-list acl-in permit ip host 172.16.106.107 host 172.16.8.72

access-list acl-in permit ip host 172.16.24.134 host 172.16.8.72

access-list acl-in permit ip host 172.16.106.107 host 172.16.8.71

access-list acl-in permit ip host 172.16.24.134 host 172.16.8.71

access-list acl-in permit ip host 172.16.24.123 host 172.16.8.71

access-list acl-in permit ip host 172.16.106.103 host 172.16.8.71

access-list acl-in permit ip host 172.16.106.103 host 172.16.8.72

access-list acl-in permit ip host 172.16.104.155 host 172.16.8.71

access-list acl-in permit ip host 172.16.104.155 host 172.16.8.72

access-list acl-in permit ip host 172.16.24.78 host 172.16.242.2

access-list acl-in permit ip host 172.16.106.107 host 172.16.8.51

<--- More --->

access-list acl-in permit ip host 172.16.28.142 host 67.215.240.250

access-list acl-in permit ip host 172.16.24.61 host 172.16.8.51

access-list acl-in permit ip host 172.16.24.61 host 172.16.8.71

access-list acl-in permit ip host 172.16.104.65 host 172.16.8.51

access-list acl-in permit ip host 172.16.120.18 host 122.183.217.16

access-list acl-in permit tcp object-group MMC_HOSTS host 172.16.8.51 object-group InetWebServerASRPorts

access-list acl-in permit tcp host 172.16.104.155 host 172.16.8.51 eq telnet

access-list acl-in permit tcp host 172.16.24.75 host 172.18.160.66 eq www

access-list acl-in permit tcp host 172.16.24.75 host 172.18.160.68 eq www

access-list acl-in deny ip any any log

access-list acl-out permit icmp any any

access-list acl-out permit tcp any host 210.212.241.68 object-group InetWebServerOutsidePorts

access-list acl-out permit tcp any host 210.212.241.70 eq 1194

access-list acl-out permit tcp any host 210.212.241.72 eq www

access-list acl-out permit ip host SAPinternational host 210.212.241.94

access-list acl-out permit ip host SAPInter1 host 210.212.241.94

access-list acl-out permit tcp any host 210.212.241.69 eq smtp

access-list acl-out deny tcp 41.0.0.0 255.0.0.0 host 210.212.241.70 eq www

access-list acl-out permit tcp any host 210.212.241.70 eq www

access-list acl-out permit tcp any host 210.212.241.89 object-group GH-TELE-PORTS

<--- More --->

access-list acl-out permit tcp any host 210.212.241.69 eq 8080

access-list acl-out deny ip any any log

access-list acl-WAN permit icmp any any

access-list acl-WAN permit tcp any host 172.16.24.91

access-list acl-WAN permit udp any host 172.16.24.56 eq domain

access-list acl-WAN permit tcp any host 172.16.24.56 eq 8080

access-list acl-WAN permit tcp any host 172.16.8.51 eq www

access-list acl-WAN permit tcp any host 172.16.24.74 eq www

access-list acl-WAN permit tcp any host 172.16.104.65 eq www

access-list acl-WAN permit tcp any host 172.16.104.65 eq 7779

access-list acl-WAN permit tcp any object-group WebServers eq www

access-list acl-WAN permit tcp any host 172.16.78.105 eq 9090

access-list acl-WAN permit tcp host 172.16.233.57 host 172.16.24.71 eq ftp

access-list acl-WAN permit tcp host 172.16.242.153 host 172.16.24.71 eq ftp

access-list acl-WAN permit tcp host 172.16.242.154 host 172.16.24.71 eq ftp

access-list acl-WAN permit ip host 172.16.241.1 host 172.16.24.73

access-list acl-WAN permit ip host 172.16.241.1 host 172.16.24.81

access-list acl-WAN permit tcp any host 172.16.24.37

access-list acl-WAN permit ip host 172.16.241.1 host 172.16.24.37

access-list acl-WAN permit tcp any host 172.16.24.42 eq 7778

<--- More --->

access-list acl-WAN permit tcp any host 172.16.24.42 eq www

access-list acl-WAN permit tcp any host 172.16.24.42 eq 8080

access-list acl-WAN permit tcp any host 172.16.24.43 eq 7778

access-list acl-WAN permit tcp any host 172.16.24.48 eq 8090

access-list acl-WAN permit ip host 172.16.233.1 host 172.16.24.129

access-list acl-WAN permit tcp any host 172.16.24.43 eq www

access-list acl-WAN permit tcp any host 172.16.24.43 eq 8080

access-list acl-WAN permit tcp any host 172.16.24.75 eq www

access-list acl-WAN permit tcp any host 172.16.24.76 eq www

access-list acl-WAN permit tcp any host 172.16.94.161 eq 8000

access-list acl-WAN permit tcp any host 172.18.4.75 eq 8000

access-list acl-WAN permit ip any host 172.16.241.244

access-list acl-WAN permit tcp any host 172.16.24.71 eq 8080

access-list acl-WAN permit ip host 172.16.250.108 host 172.16.24.48

access-list acl-WAN permit ip host 172.16.250.108 host 172.16.24.134

access-list acl-WAN permit ip 172.16.232.0 255.255.252.0 host 172.16.164.57

access-list acl-WAN permit ip host 172.16.9.22 host 172.16.24.59

access-list acl-WAN permit ip host 172.16.9.21 host 172.16.24.59

access-list acl-WAN permit ip any host 172.16.24.78

access-list acl-WAN permit tcp any host 172.16.24.56 eq domain log

<--- More --->

access-list acl-WAN permit ip host 172.16.9.21 host 172.16.24.211

access-list acl-WAN permit ip host 172.16.9.22 host 172.16.24.211

access-list acl-WAN permit tcp object-group CR_WAN host 172.16.24.47

access-list acl-WAN permit tcp object-group AMSPC_WAN host 172.16.24.47

access-list acl-WAN permit ip host 172.16.240.1 host 172.16.24.134

access-list acl-WAN permit ip host 172.16.9.22 host 172.16.24.134

access-list acl-WAN permit ip host 172.16.242.2 host 172.16.24.78

access-list acl-WAN permit tcp host 192.168.20.100 host 172.16.24.37 eq sqlnet

access-list acl-WAN permit tcp host 192.168.20.100 host 172.16.104.65 eq 1526

access-list acl-WAN deny ip any any log

access-list acl-DMZ permit icmp any any

access-list acl-DMZ permit tcp host 172.16.8.51 host 172.16.24.58 eq smtp

access-list acl-DMZ permit tcp host 172.16.8.51 host 172.16.24.51 eq 1500

access-list acl-DMZ permit tcp host 172.16.8.51 any eq 1581

access-list acl-DMZ permit ip host 172.16.8.51 host 172.16.24.80

access-list acl-DMZ permit tcp any host 172.16.24.56 eq domain

access-list acl-DMZ permit udp any host 172.16.24.56 eq domain

access-list acl-DMZ permit tcp host 172.16.8.52 host 172.16.24.58 eq smtp

access-list acl-DMZ permit tcp host 172.16.8.52 any object-group Browsing-Download

access-list acl-DMZ permit ip host 172.16.8.52 host 172.16.24.80

<--- More --->

access-list acl-DMZ permit ip host 172.16.8.254 host 172.18.4.72

access-list acl-DMZ permit ip host 172.16.8.254 host 172.18.4.75

access-list acl-DMZ permit ip host 172.16.8.254 host 172.16.94.161

access-list acl-DMZ permit ip host 172.16.8.254 host SAPinternational

access-list acl-DMZ permit ip host 172.16.8.254 host SAPInter1

access-list acl-DMZ permit ip host 172.16.8.52 host 172.16.24.78

access-list acl-DMZ permit tcp host 172.16.8.52 any eq smtp

access-list acl-DMZ permit tcp host 172.16.8.52 host 172.16.24.47 eq sqlnet

access-list acl-DMZ permit tcp host 172.16.8.51 host 198.232.168.156 object-group InetWebServerASRPorts

access-list acl-DMZ permit tcp host 172.16.8.51 host 198.232.168.156 eq https

access-list acl-DMZ deny ip any any log

pager lines 20

logging on

logging timestamp

logging standby

logging trap debugging

logging host inside 172.16.24.59

mtu outside 1500

mtu inside 1500

mtu WAN 1500

<--- More --->

mtu DMZ 1500

mtu intf4 1500

mtu intf5 1500

ip address outside 210.212.241.66 255.255.255.224

ip address inside 172.16.24.3 255.255.252.0

ip address WAN 172.16.9.1 255.255.255.0

ip address DMZ 172.16.8.1 255.255.255.0

no ip address intf4

no ip address intf5

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 210.212.241.67

failover ip address inside 172.16.24.4

failover ip address WAN 172.16.9.2

failover ip address DMZ 172.16.8.2

no failover ip address intf4

no failover ip address intf5

<--- More --->

pdm location 172.16.120.18 255.255.255.255 inside

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 210.212.241.71 172.16.24.18 netmask 255.255.255.255 0 0

static (DMZ,outside) 210.212.241.68 172.16.8.51 netmask 255.255.255.255 0 0

static (DMZ,outside) 210.212.241.69 172.16.8.52 netmask 255.255.255.255 0 0

static (DMZ,outside) 210.212.241.94 172.16.8.254 netmask 255.255.255.255 0 0

static (inside,outside) 210.212.241.70 172.16.24.58 netmask 255.255.255.255 0 0

static (inside,outside) 210.212.241.72 172.16.24.80 netmask 255.255.255.255 0 0

static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.240.0.0 0 0

static (inside,outside) 210.212.241.73 172.16.104.65 netmask 255.255.255.255 0 0

static (inside,WAN) 172.16.0.0 172.16.0.0 netmask 255.240.0.0 0 0

static (inside,outside) 210.212.241.89 172.16.120.18 netmask 255.255.255.255 0 0

access-group acl-out in interface outside

access-group acl-in in interface inside

access-group acl-WAN in interface WAN

access-group acl-DMZ in interface DMZ

route outside 0.0.0.0 0.0.0.0 210.212.241.65 1

<--- More --->

route inside 172.16.0.0 255.240.0.0 172.16.24.1 1

route WAN 172.16.232.0 255.255.252.0 172.16.9.21 1

route WAN 172.16.240.0 255.255.252.0 172.16.9.22 1

route WAN 172.16.248.0 255.255.252.0 172.16.9.23 1

route WAN 172.18.160.0 255.255.255.0 172.16.9.22 1

route WAN 192.168.20.0 255.255.255.0 172.16.9.22 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 172.16.24.134 255.255.255.255 inside

snmp-server host inside 172.16.24.48

no snmp-server location

no snmp-server contact

snmp-server community nlcwan

snmp-server enable traps

<--- More --->

floodguard enable

telnet 172.16.24.134 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:d5f1e5f299b82f169072858717c96f45

: end

FW-CORP#  

1127
Views
0
Helpful
2
Replies
CreatePlease to create content