cancelar
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
Comunicados
Bem-vindo à Comunidade de Suporte da Cisco, gostaríamos de ter seus comentários.
New Member

ASA 5505

Fala pessoal, 

Estou tendo dificuldades para configurar redirecionamento da porta 80 para meu servidor interno.

Tenho dois links com ips públicos configurado nas interfaces outside.

Se eu acessar a porta 80 pelo ip da interface 1 vai normal, mas quando acesso a porta 80 através do ip da interface 2, não funciona.

Revisei as regras de firewall e de direcionamento nas duas interfaces e estão ok.

Alguém tem ideia do que possa ser?

Obrigado. 

7 RESPOSTAS
Cisco Employee

Oi Weslley,

Oi Weslley,

Obrigado por utilizar a Comunidade de Soporte da Cisco. Voce poderia compartilhar o seguintes comandos para e ver a configuração atual:

- show run nat

- show run access-group

- show access-list

Agora vamos fazer uma simulação no ASA de trafego que vem da Internet para seu ASA:

# packet-tracer input <nome_da_interfaz> tcp 8.8.8.8 34567 <IP_do ASA> 80 detail

Obrigado pela informação,

Atenciosamente,

Osvaldo García.

New Member

Olá Osvaldo,

Olá Osvaldo,

Segue os resultados abaixo.

Result of the command: "show run nat"

nat (vLan-Rede-Ingenico-V4,vLan-Embratel) source static CenterCell-Rede-V4 CenterCell-Rede-V4 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup
nat (vLan-Rede-Local,vLan-Embratel) source static CenterCell-Rede-Local CenterCell-Rede-Local destination static W-HOME-REDE W-HOME-REDE no-proxy-arp route-lookup
!
object network Internet-Rede-Servidores-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Visitantes-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Test-Labs
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Achi-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Servidores-Algar
nat (any,vLan-Algar) dynamic interface
object network Internet-Rede-Visitantes-Algar
nat (any,vLan-Algar) dynamic interface
object network Internet-Rede-Achi-Algar
nat (any,vLan-Algar) dynamic interface
object network TS-Weslley-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 3389 3505
object network SQL-SERVER-INGENICO-STATE
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 64677 3768
object network CenterCell-Server-HTTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp www www
object network CenterCell-Server-FTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp ftp ftp
object network CenterCell-Server-FTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp ftp ftp
object network CenterCell-Server-HTTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp www www
object network SQL-SERVER-WSYSTEM
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 61496 37689
object network TS-Weslley-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp 3389 3505
object network NobreakAPC10KVA-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 8010 8010
object network TS-Clayton-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 3389 3392
object network TS-Clayton-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp 3389 3392
object network Internet-Rede-ControleAcesso
nat (any,vLan-Embratel) dynamic interface
object network TS-Remote-VM-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 3389 3590
object network TS-Remote-VM-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp 3389 3590
object network Internet-Rede-IpsLiberadosInternet
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Samsung-Npc-Embratel
nat (any,vLan-Embratel) dynamic interface
object network Internet-Rede-Samsung-Npc-Algar
nat (any,vLan-Algar) dynamic interface
object network MicrosigaExternoProducao
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 10072 58070
object network MicrosigaExternoHomologacao
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp 19970 58065

Result of the command: "show run access-group"

access-group vLan-Rede-Local_access_in in interface vLan-Rede-Local
access-group vLan-Rede-Ingenico-V4_access_in in interface vLan-Rede-Ingenico-V4
access-group vLan-Rede-Visitantes_access_in in interface vLan-Rede-Visitantes
access-group vLan-Rede-Samsung-Npc_access_in_1 in interface vLan-Rede-Samsung-Npc
access-group vLan-Rede-Achi_access_in in interface vLan-Rede-Achi
access-group vLan-Embratel_access_in in interface vLan-Embratel
access-group vLan-Algar_access_in in interface vLan-Algar
access-group vLan-Rede-ControleAcesso_access_in in interface vLan-Rede-ControleAcesso

Result of the command: "show access-list"

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
alert-interval 300
access-list vLan-Embratel_cryptomap_2; 4 elements; name hash: 0xb5612586
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_3 (hitcnt=0) 0xd857bfc0
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x2427ca8d
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0xc821a483
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0x5ff2e5ad
access-list vLan-Embratel_cryptomap_2 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0xe67a32a6
access-list vLan-Embratel_cryptomap_4; 4 elements; name hash: 0x150e6117
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_1 (hitcnt=0) 0xb39fa9c4
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x30cec426
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0x2f2cb78f
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0x92871b8b
access-list vLan-Embratel_cryptomap_4 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0xaabf31fc
access-list vLan-Rede-Visitantes_access_in; 13 elements; name hash: 0x804aa566
access-list vLan-Rede-Visitantes_access_in line 1 extended permit tcp object CenterCell-Rede-Visitantes any eq ftp time-range Comercial (hitcnt=1) 0x2cbcf1df
access-list vLan-Rede-Visitantes_access_in line 1 extended permit tcp 192.168.255.0 255.255.255.192 any eq ftp time-range Comercial (hitcnt=1) 0x2cbcf1df
access-list vLan-Rede-Visitantes_access_in line 2 extended permit tcp object CenterCell-Rede-Visitantes any eq https time-range Comercial (hitcnt=2408091) 0x82f3a307
access-list vLan-Rede-Visitantes_access_in line 2 extended permit tcp 192.168.255.0 255.255.255.192 any eq https time-range Comercial (hitcnt=2408091) 0x82f3a307
access-list vLan-Rede-Visitantes_access_in line 3 extended permit udp object CenterCell-Rede-Visitantes any eq ntp time-range Comercial (hitcnt=29384) 0x1d9fe87f
access-list vLan-Rede-Visitantes_access_in line 3 extended permit udp 192.168.255.0 255.255.255.192 any eq ntp time-range Comercial (hitcnt=29384) 0x1d9fe87f
access-list vLan-Rede-Visitantes_access_in line 4 extended permit udp object CenterCell-Rede-Visitantes any eq snmp time-range Comercial (hitcnt=42225) 0xa12eaa09
access-list vLan-Rede-Visitantes_access_in line 4 extended permit udp 192.168.255.0 255.255.255.192 any eq snmp time-range Comercial (hitcnt=42225) 0xa12eaa09
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp object CenterCell-Rede-Visitantes any object-group PORT-EMAIL time-range Comercial (hitcnt=63) 0xa2b3b63b
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 465 time-range Comercial (hitcnt=63) 0xfbbedd47
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 587 time-range Comercial (hitcnt=49) 0xff20b7f8
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 993 time-range Comercial (hitcnt=4776) 0x8f26c5fc
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq 995 time-range Comercial (hitcnt=1294) 0xad041ecf
access-list vLan-Rede-Visitantes_access_in line 5 extended permit tcp 192.168.255.0 255.255.255.192 any eq pop3 time-range Comercial (hitcnt=185) 0x817874a4
access-list vLan-Rede-Visitantes_access_in line 6 extended permit object-group DM_INLINE_SERVICE_1 object CenterCell-Rede-Visitantes any time-range Comercial (hitcnt=346) 0x4ad92f95
access-list vLan-Rede-Visitantes_access_in line 6 extended permit tcp 192.168.255.0 255.255.255.192 any eq domain time-range Comercial (hitcnt=346) 0x488785ae
access-list vLan-Rede-Visitantes_access_in line 6 extended permit udp 192.168.255.0 255.255.255.192 any eq domain time-range Comercial (hitcnt=2352308) 0xaf0c108a
access-list vLan-Rede-Visitantes_access_in line 7 extended permit tcp object CenterCell-Rede-Visitantes any eq www time-range Comercial (hitcnt=706366) 0x92ce6309
access-list vLan-Rede-Visitantes_access_in line 7 extended permit tcp 192.168.255.0 255.255.255.192 any eq www time-range Comercial (hitcnt=706366) 0x92ce6309
access-list vLan-Rede-Visitantes_access_in line 8 extended permit udp object CenterCell-Rede-Visitantes any time-range Comercial (hitcnt=1395620) 0x4a5c712b
access-list vLan-Rede-Visitantes_access_in line 8 extended permit udp 192.168.255.0 255.255.255.192 any time-range Comercial (hitcnt=1395620) 0x4a5c712b
access-list vLan-Rede-Ingenico-V4_access_in; 7 elements; name hash: 0x76deed0b
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit object-group PORT-INGENICO-V4 object CenterCell-Rede-V4 any (hitcnt=62731) 0x56b79ec0
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any eq 8080 (hitcnt=62731) 0x66731137
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any range 2290 2299 (hitcnt=0) 0x8f03a99d
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any range 9050 9059 (hitcnt=20427) 0x0d6299ea
access-list vLan-Rede-Ingenico-V4_access_in line 1 extended permit tcp 172.16.0.0 255.255.255.192 any eq 9040 (hitcnt=44) 0x245eaab8
access-list vLan-Rede-Ingenico-V4_access_in line 2 extended permit icmp object CenterCell-Rede-V4 any (hitcnt=317289) 0x77684cac
access-list vLan-Rede-Ingenico-V4_access_in line 2 extended permit icmp 172.16.0.0 255.255.255.192 any (hitcnt=317289) 0x77684cac
access-list vLan-Rede-Ingenico-V4_access_in line 3 extended permit tcp object CenterCell-Rede-V4 any eq www (hitcnt=87703) 0x748fa910
access-list vLan-Rede-Ingenico-V4_access_in line 3 extended permit tcp 172.16.0.0 255.255.255.192 any eq www (hitcnt=87703) 0x748fa910
access-list vLan-Rede-Ingenico-V4_access_in line 4 extended permit tcp object CenterCell-Rede-V4 eq telnet any eq telnet (hitcnt=0) 0x81f4cd44
access-list vLan-Rede-Ingenico-V4_access_in line 4 extended permit tcp 172.16.0.0 255.255.255.192 eq telnet any eq telnet (hitcnt=0) 0x81f4cd44
access-list vLan-Rede-Test-Labs_access_in; 6 elements; name hash: 0x2cdd04c9
access-list vLan-Rede-Test-Labs_access_in line 1 extended permit object-group DM_INLINE_SERVICE_2 object CenterCell-Rede-Lab-Teste any inactive (hitcnt=2) (inactive) 0xd9779cd6
access-list vLan-Rede-Test-Labs_access_in line 1 extended permit tcp 192.168.249.0 255.255.255.0 any eq domain inactive (hitcnt=2) (inactive) 0x2df7d0be
access-list vLan-Rede-Test-Labs_access_in line 1 extended permit udp 192.168.249.0 255.255.255.0 any eq domain inactive (hitcnt=269021) (inactive) 0xa728385a
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp object CenterCell-Rede-Lab-Teste object-group DM_INLINE_NETWORK_4 eq www inactive (hitcnt=0) (inactive) 0x987c1805
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 187.32.195.100 eq www inactive (hitcnt=0) (inactive) 0xf007a093
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 187.32.195.98 eq www inactive (hitcnt=858) (inactive) 0x3a5a9d03
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 200.211.35.35 eq www inactive (hitcnt=301) (inactive) 0x2aa72ff4
access-list vLan-Rede-Test-Labs_access_in line 2 extended permit tcp 192.168.249.0 255.255.255.0 host 200.211.35.36 eq www inactive (hitcnt=0) (inactive) 0xcafc82ec
access-list vLan-Rede-Achi_access_in; 7 elements; name hash: 0xbf0938dc
access-list vLan-Rede-Achi_access_in line 1 extended permit tcp object CenterCell-Rede-Achi any eq https (hitcnt=704134) 0x63b0ff06
access-list vLan-Rede-Achi_access_in line 1 extended permit tcp 192.168.248.0 255.255.255.224 any eq https (hitcnt=704134) 0x63b0ff06
access-list vLan-Rede-Achi_access_in line 2 extended permit tcp object CenterCell-Rede-Achi any eq www (hitcnt=259951) 0xbb24210c
access-list vLan-Rede-Achi_access_in line 2 extended permit tcp 192.168.248.0 255.255.255.224 any eq www (hitcnt=259951) 0xbb24210c
access-list vLan-Rede-Achi_access_in line 3 extended permit object-group DM_INLINE_SERVICE_3 object CenterCell-Rede-Achi any (hitcnt=2095) 0x607fbb2e
access-list vLan-Rede-Achi_access_in line 3 extended permit tcp 192.168.248.0 255.255.255.224 any eq domain (hitcnt=2095) 0x967f632d
access-list vLan-Rede-Achi_access_in line 3 extended permit udp 192.168.248.0 255.255.255.224 any eq domain (hitcnt=838460) 0xb9865d10
access-list vLan-Rede-Achi_access_in line 4 extended permit udp object CenterCell-Rede-Achi any eq ntp (hitcnt=9969) 0x0e9f117b
access-list vLan-Rede-Achi_access_in line 4 extended permit udp 192.168.248.0 255.255.255.224 any eq ntp (hitcnt=9969) 0x0e9f117b
access-list vLan-Rede-Achi_access_in line 5 extended permit udp object CenterCell-Rede-Achi any eq snmp (hitcnt=211) 0x465c0eb1
access-list vLan-Rede-Achi_access_in line 5 extended permit udp 192.168.248.0 255.255.255.224 any eq snmp (hitcnt=211) 0x465c0eb1
access-list vLan-Rede-Achi_access_in line 6 extended permit tcp object CenterCell-Rede-Achi any eq 8080 (hitcnt=55) 0xa6b065ce
access-list vLan-Rede-Achi_access_in line 6 extended permit tcp 192.168.248.0 255.255.255.224 any eq 8080 (hitcnt=55) 0xa6b065ce
access-list vLan-Algar_access_in; 5 elements; name hash: 0xdf91854e
access-list vLan-Algar_access_in line 1 remark Acesso NobreakAPC 10KVA
access-list vLan-Algar_access_in line 2 extended permit tcp any any eq 8010 (hitcnt=0) 0xe3e0f98a
access-list vLan-Algar_access_in line 3 remark Acesso HTTP
access-list vLan-Algar_access_in line 4 extended permit tcp any any eq www (hitcnt=16417) 0xa3cb55ec
access-list vLan-Algar_access_in line 5 remark Acesso RDP Weslley-VM
access-list vLan-Algar_access_in line 6 extended permit object RDP any any (hitcnt=6389) 0xcd8ebea8
access-list vLan-Algar_access_in line 6 extended permit tcp any any eq 3389 (hitcnt=6389) 0xcd8ebea8
access-list vLan-Algar_access_in line 7 remark Acesso ICMP
access-list vLan-Algar_access_in line 8 extended permit icmp any any (hitcnt=317) 0xd6934108
access-list vLan-Algar_access_in line 9 remark Acesso FTP
access-list vLan-Algar_access_in line 10 extended permit tcp any any eq ftp (hitcnt=43) 0x57249677
access-list vLan-Embratel_access_in; 11 elements; name hash: 0xab104256
access-list vLan-Embratel_access_in line 1 remark Acesso FTP
access-list vLan-Embratel_access_in line 2 extended permit tcp any any eq ftp (hitcnt=760) 0xc974b599
access-list vLan-Embratel_access_in line 3 remark Acesso RDP Weslley-VM
access-list vLan-Embratel_access_in line 4 extended permit object RDP any any (hitcnt=173) 0xc485fc78
access-list vLan-Embratel_access_in line 4 extended permit tcp any any eq 3389 (hitcnt=173) 0xc485fc78
access-list vLan-Embratel_access_in line 5 remark Acesso SQL Server Wsystem
access-list vLan-Embratel_access_in line 6 extended permit tcp any any object-group PORT-SQL-SERVER-WSYSTEM (hitcnt=19) 0x92db9b9b
access-list vLan-Embratel_access_in line 6 extended permit tcp any any eq 61496 (hitcnt=19) 0xae75a050
access-list vLan-Embratel_access_in line 7 remark Acesso Microsiga Externo Homologação
access-list vLan-Embratel_access_in line 8 extended permit tcp any any object-group PORT-MICROSIGA-EXTERNO-HOMOLOGACAO (hitcnt=9) 0xb8ba6964
access-list vLan-Embratel_access_in line 8 extended permit tcp any any eq 19970 (hitcnt=9) 0x9ab92ef9
access-list vLan-Embratel_access_in line 9 remark Acesso Microsiga Externo Produção
access-list vLan-Embratel_access_in line 10 extended permit tcp any any object-group PORT-MICROSIGA-EXTERNO-PRODUCAO (hitcnt=14) 0xdd621a7a
access-list vLan-Embratel_access_in line 10 extended permit tcp any any eq 10072 (hitcnt=14) 0xa524f367
access-list vLan-Embratel_access_in line 11 remark Acesso SQL Server base produção Ingenico State
access-list vLan-Embratel_access_in line 12 extended permit tcp object Ingenico-Firewall-Sorocaba any object-group PORT-SQL-SERVER-INGENICO-STATE (hitcnt=2043) 0x1389f848
access-list vLan-Embratel_access_in line 12 extended permit tcp range 200.178.111.145 200.178.111.149 any eq 64677 (hitcnt=2043) 0x072da080
access-list vLan-Embratel_access_in line 13 remark Acesso HTTP
access-list vLan-Embratel_access_in line 14 extended permit tcp any any eq www (hitcnt=44571) 0x8cf665e6
access-list vLan-Embratel_access_in line 15 remark Acesso NobreakAPC 10KVA
access-list vLan-Embratel_access_in line 16 extended permit tcp any any eq 8010 (hitcnt=6) 0x6941039f
access-list vLan-Embratel_access_in line 17 remark Acesso ICMP
access-list vLan-Embratel_access_in line 18 extended permit icmp any any (hitcnt=30144) 0x46ba0758
access-list Vlan-Rede-Local_access_in; 2 elements; name hash: 0x258ee3db
access-list Vlan-Rede-Local_access_in line 1 extended deny tcp any any eq smtp (hitcnt=30394) 0xb0af163b
access-list Vlan-Rede-Local_access_in line 2 extended permit ip any any (hitcnt=2421934) 0x1d84df98
access-list vLan-Rede-ControleAcesso_access_in; 7 elements; name hash: 0xa6edce4b
access-list vLan-Rede-ControleAcesso_access_in line 1 extended deny tcp any any eq smtp (hitcnt=0) 0xb29a4aab
access-list vLan-Rede-ControleAcesso_access_in line 2 extended permit icmp object CenterCell-Rede-ControleAcesso any (hitcnt=2554) 0xb9aa6de5
access-list vLan-Rede-ControleAcesso_access_in line 2 extended permit icmp 192.168.250.0 255.255.255.192 any (hitcnt=2554) 0xb9aa6de5
access-list vLan-Rede-ControleAcesso_access_in line 3 extended permit tcp object CenterCell-Rede-ControleAcesso any object-group DM_INLINE_TCP_1 inactive (hitcnt=69) (inactive) 0x0147c10e
access-list vLan-Rede-ControleAcesso_access_in line 3 extended permit tcp 192.168.250.0 255.255.255.192 any eq www inactive (hitcnt=69) (inactive) 0x31b14cee
access-list vLan-Rede-ControleAcesso_access_in line 3 extended permit tcp 192.168.250.0 255.255.255.192 any eq https inactive (hitcnt=241) (inactive) 0x87745058
access-list vLan-Rede-ControleAcesso_access_in line 4 extended permit udp object CenterCell-Rede-ControleAcesso any eq ntp (hitcnt=0) 0x548838b8
access-list vLan-Rede-ControleAcesso_access_in line 4 extended permit udp 192.168.250.0 255.255.255.192 any eq ntp (hitcnt=0) 0x548838b8
access-list vLan-Rede-ControleAcesso_access_in line 5 extended permit object-group DM_INLINE_SERVICE_4 object CenterCell-Rede-ControleAcesso any (hitcnt=9) 0x22a6f1c3
access-list vLan-Rede-ControleAcesso_access_in line 5 extended permit tcp 192.168.250.0 255.255.255.192 any eq domain (hitcnt=9) 0xdd779579
access-list vLan-Rede-ControleAcesso_access_in line 5 extended permit udp 192.168.250.0 255.255.255.192 any eq domain (hitcnt=31231) 0x8963cd03
access-list vLan-Rede-Local_access_in; 20 elements; name hash: 0x428fe5b7
access-list vLan-Rede-Local_access_in line 1 extended deny tcp any any eq smtp (hitcnt=27105) 0xba047cfa
access-list vLan-Rede-Local_access_in line 2 extended permit ip object CenterCell-Rede-Servidores any (hitcnt=33015205) 0xfac74208
access-list vLan-Rede-Local_access_in line 2 extended permit ip range 192.168.0.1 192.168.0.200 any (hitcnt=33015205) 0xfac74208
access-list vLan-Rede-Local_access_in line 3 extended permit ip object CenterCell-Rede-IpsLiberadosInternet any (hitcnt=119931) 0xb1903567
access-list vLan-Rede-Local_access_in line 3 extended permit ip host 192.168.4.112 any (hitcnt=119931) 0xb1903567
access-list vLan-Rede-Local_access_in line 4 extended deny ip any object-group Bloqueio-Rede-Social inactive (hitcnt=0) (inactive) 0x8f635da6
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn youtube.com (unresolved) inactive (inactive) 0xaf02b15b
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn facebook.com (unresolved) inactive (inactive) 0xb680862b
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn instagram.com (unresolved) inactive (inactive) 0x88a689d6
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn twitter.com (unresolved) inactive (inactive) 0x7856cdd2
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn twitter.com.br (unresolved) inactive (inactive) 0x4335c3e7
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn pt-br.facebook.com (unresolved) inactive (inactive) 0x316d1c6d
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn msn.com (unresolved) inactive (inactive) 0x86a20b4c
access-list vLan-Rede-Local_access_in line 4 extended deny ip any fqdn www.msn.com (unresolved) inactive (inactive) 0x5b72dba3
access-list vLan-Embratel_cryptomap_1; 4 elements; name hash: 0x2555b818
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_5 (hitcnt=0) 0x78b09523
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x147e4864
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0x6b76ea27
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0xb43c00ad
access-list vLan-Embratel_cryptomap_1 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0x07933175
access-list vLan-Rede-Samsung-Npc_access_in; 5 elements; name hash: 0x57b8f907
access-list vLan-Rede-Samsung-Npc_access_in line 1 extended permit object-group TCPUDP object CenterCell-Rede-Samsung-Npc any eq domain (hitcnt=0) 0x1ba4a67f
access-list vLan-Rede-Samsung-Npc_access_in line 1 extended permit udp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=0) 0x4479a369
access-list vLan-Rede-Samsung-Npc_access_in line 1 extended permit tcp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=0) 0xef731cdc
access-list vLan-Rede-Samsung-Npc_access_in line 2 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq www (hitcnt=0) 0xca162c6b
access-list vLan-Rede-Samsung-Npc_access_in line 2 extended permit tcp 192.168.247.0 255.255.255.0 any eq www (hitcnt=0) 0xca162c6b
access-list vLan-Rede-Samsung-Npc_access_in line 3 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq https (hitcnt=0) 0x66ad56f5
access-list vLan-Rede-Samsung-Npc_access_in line 3 extended permit tcp 192.168.247.0 255.255.255.0 any eq https (hitcnt=0) 0x66ad56f5
access-list vLan-Rede-Samsung-Npc_access_in line 4 extended deny ip object CenterCell-Rede-Samsung-Npc any (hitcnt=0) 0x579fcd04
access-list vLan-Rede-Samsung-Npc_access_in line 4 extended deny ip 192.168.247.0 255.255.255.0 any (hitcnt=0) 0x579fcd04
access-list vLan-Embratel_cryptomap; 4 elements; name hash: 0xb8a59dd2
access-list vLan-Embratel_cryptomap line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_5 (hitcnt=2473) 0xd3309f17
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=2473) 0x7d5a80a9
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0xe2fe31af
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0x0957fdd8
access-list vLan-Embratel_cryptomap line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=3038) 0x1288d83f
access-list vLan-Embratel_cryptomap_3; 4 elements; name hash: 0xd5fa343a
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_6 (hitcnt=0) 0x2d43eb0d
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=0) 0x4fbf36b1
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0x72a17e73
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0xc052d39e
access-list vLan-Embratel_cryptomap_3 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=0) 0xb97ca179
access-list vLan-Rede-Samsung-Npc_access_in_1; 70 elements; name hash: 0xfdf9c6f8
access-list vLan-Rede-Samsung-Npc_access_in_1 line 1 extended deny tcp any any eq smtp (hitcnt=0) 0xeb039216
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp object CenterCell-Rede-Samsung-Npc object-group Bloqueio-Rede-Social object-group DM_INLINE_TCP_2 inactive (hitcnt=0) (inactive) 0xb2ce9f02
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn youtube.com (unresolved) eq www inactive (inactive) 0xb96c5968
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn youtube.com (unresolved) eq https inactive (inactive) 0x010024fe
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn facebook.com (unresolved) eq www inactive (inactive) 0x59332486
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn facebook.com (unresolved) eq https inactive (inactive) 0x8dbba709
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn instagram.com (unresolved) eq www inactive (inactive) 0x53262283
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn instagram.com (unresolved) eq https inactive (inactive) 0xa71d8769
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com (unresolved) eq www inactive (inactive) 0xcd947afa
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com (unresolved) eq https inactive (inactive) 0xe91c3fa9
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com.br (unresolved) eq www inactive (inactive) 0xf87dd804
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn twitter.com.br (unresolved) eq https inactive (inactive) 0xa78917d2
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn pt-br.facebook.com (unresolved) eq www inactive (inactive) 0xcc939d2a
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn pt-br.facebook.com (unresolved) eq https inactive (inactive) 0x9b675651
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn msn.com (unresolved) eq www inactive (inactive) 0xca2c54c1
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn msn.com (unresolved) eq https inactive (inactive) 0x77fe1499
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn www.msn.com (unresolved) eq www inactive (inactive) 0x4399813d
access-list vLan-Rede-Samsung-Npc_access_in_1 line 2 extended deny tcp 192.168.247.0 255.255.255.0 fqdn www.msn.com (unresolved) eq https inactive (inactive) 0x96566e1c
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp object CenterCell-Rede-Samsung-Npc object-group Rede-Samsung-Npc-Sites-Liberados eq https (hitcnt=0) 0x70c0eca3
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn microsoft.com (resolved) eq https 0x94edafdb
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.microsoft.com (resolved) eq https 0x93d83807
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.windowsupdate.com (resolved) eq https 0xca252989
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn update.microsoft.com (resolved) eq https 0x18f5534f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 fqdn windowsupdate.com (unresolved) eq https (inactive) 0xbfdea36d
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 191.239.213.197 (microsoft.com) eq https (hitcnt=0) 0x25f5e6b5
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 104.40.211.35 (microsoft.com) eq https (hitcnt=0) 0x3035ecae
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 104.43.195.251 (microsoft.com) eq https (hitcnt=0) 0x85d36ddc
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 23.100.122.175 (microsoft.com) eq https (hitcnt=0) 0x9847eb71
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 23.96.52.53 (microsoft.com) eq https (hitcnt=0) 0x43fa8f62
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 23.216.194.33 (download.microsoft.com) eq https (hitcnt=0) 0xfed0a97e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 65.55.50.157 (update.microsoft.com) eq https (hitcnt=0) 0xf220d1f8
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 134.170.58.221 (update.microsoft.com) eq https (hitcnt=0) 0x84068396
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.120 (download.windowsupdate.com) eq https (hitcnt=0) 0x05de8b43
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x9dbcbf04
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x79ff1b20
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.120 (download.windowsupdate.com) eq https (hitcnt=0) 0xe2492298
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x3e2718ef
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.120 (download.windowsupdate.com) eq https (hitcnt=0) 0x8aff028b
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.121 (download.windowsupdate.com) eq https (hitcnt=0) 0x7390514d
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 157.55.240.94 (update.microsoft.com) eq https (hitcnt=0) 0x9c81da66
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.120 (download.windowsupdate.com) eq https (hitcnt=0) 0x7a919794
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.34 (download.windowsupdate.com) eq https (hitcnt=0) 0x65efb7ab
access-list vLan-Rede-Samsung-Npc_access_in_1 line 3 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.24 (download.windowsupdate.com) eq https (hitcnt=0) 0xfd714559
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp object CenterCell-Rede-Samsung-Npc object-group Rede-Samsung-Npc-Sites-Liberados eq www (hitcnt=6) 0x7c25de6b
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn microsoft.com (resolved) eq www 0xfcc96980
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.microsoft.com (resolved) eq www 0x10baec41
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn download.windowsupdate.com (resolved) eq www 0x7bfd4529
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn update.microsoft.com (resolved) eq www 0x886907a4
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 fqdn windowsupdate.com (unresolved) eq www (inactive) 0xf63a574e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 191.239.213.197 (microsoft.com) eq www (hitcnt=0) 0xe408fb43
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 104.40.211.35 (microsoft.com) eq www (hitcnt=0) 0xee736369
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 104.43.195.251 (microsoft.com) eq www (hitcnt=0) 0x13074a7e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 23.100.122.175 (microsoft.com) eq www (hitcnt=0) 0x36414159
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 23.96.52.53 (microsoft.com) eq www (hitcnt=0) 0x11c29f84
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 23.216.194.33 (download.microsoft.com) eq www (hitcnt=0) 0x94ffc551
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 65.55.50.157 (update.microsoft.com) eq www (hitcnt=0) 0x9f5cb3f9
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 134.170.58.221 (update.microsoft.com) eq www (hitcnt=0) 0xb21aa9c8
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.120 (download.windowsupdate.com) eq www (hitcnt=0) 0x3ba85356
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.251.121 (download.windowsupdate.com) eq www (hitcnt=0) 0x3b4feafc
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.121 (download.windowsupdate.com) eq www (hitcnt=0) 0xaca3f491
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.237.120 (download.windowsupdate.com) eq www (hitcnt=0) 0xf4de2ee0
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.121 (download.windowsupdate.com) eq www (hitcnt=3) 0x5a50105f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.120 (download.windowsupdate.com) eq www (hitcnt=0) 0xf9983476
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 192.221.253.121 (download.windowsupdate.com) eq www (hitcnt=0) 0x99c92254
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 157.55.240.94 (update.microsoft.com) eq www (hitcnt=0) 0x815d1d64
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 200.189.235.120 (download.windowsupdate.com) eq www (hitcnt=0) 0x9dd34b97
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.34 (download.windowsupdate.com) eq www (hitcnt=3) 0xfcd59014
access-list vLan-Rede-Samsung-Npc_access_in_1 line 4 extended permit tcp 192.168.247.0 255.255.255.0 host 201.30.251.24 (download.windowsupdate.com) eq www (hitcnt=0) 0x9614fe5e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 5 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq www (hitcnt=132413) 0x90e11e0f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 5 extended permit tcp 192.168.247.0 255.255.255.0 any eq www (hitcnt=132413) 0x90e11e0f
access-list vLan-Rede-Samsung-Npc_access_in_1 line 6 extended permit tcp object CenterCell-Rede-Samsung-Npc any eq https (hitcnt=326260) 0x542a0320
access-list vLan-Rede-Samsung-Npc_access_in_1 line 6 extended permit tcp 192.168.247.0 255.255.255.0 any eq https (hitcnt=326260) 0x542a0320
access-list vLan-Rede-Samsung-Npc_access_in_1 line 7 extended permit object-group TCPUDP object CenterCell-Rede-Samsung-Npc any eq domain (hitcnt=183105) 0x0ccfd831
access-list vLan-Rede-Samsung-Npc_access_in_1 line 7 extended permit udp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=183105) 0x00138e7e
access-list vLan-Rede-Samsung-Npc_access_in_1 line 7 extended permit tcp 192.168.247.0 255.255.255.0 any eq domain (hitcnt=1) 0x735fa5e0
access-list vLan-Rede-Samsung-Npc_access_in_1 line 8 extended permit ip object CenterCell-Rede-Samsung-Npc any (hitcnt=238306) 0xdd04eb58
access-list vLan-Rede-Samsung-Npc_access_in_1 line 8 extended permit ip 192.168.247.0 255.255.255.0 any (hitcnt=238306) 0xdd04eb58
access-list vLan-Embratel_cryptomap_5; 4 elements; name hash: 0x23abeffb
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip object CenterCell-Rede-V4 object-group DM_INLINE_NETWORK_2 (hitcnt=2759) 0x737f6f35
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.128 255.255.255.128 (hitcnt=2218) 0x53ef6cc8
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.32 255.255.255.224 (hitcnt=0) 0xfd640fb6
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.64 255.255.255.192 (hitcnt=0) 0xa43f02c6
access-list vLan-Embratel_cryptomap_5 line 1 extended permit ip 172.16.0.0 255.255.255.192 10.8.120.16 255.255.255.240 (hitcnt=817) 0x2f69c6d1
access-list vLan-Algar_mpc; 1 elements; name hash: 0x930f3b95
access-list vLan-Algar_mpc line 1 extended permit tcp any any eq www (hitcnt=0) 0x4e55b5db
access-list vLan-Algar_mpc_1; 1 elements; name hash: 0x793c4bca
access-list vLan-Algar_mpc_1 line 1 extended permit tcp any any eq www (hitcnt=0) 0xe083ba19

Result of the command: "packet-tracer input vLan-Embratel tcp 8.8.8.8 34567 200.211.35.36 80 detail"

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc46dcb0, priority=1, domain=permit, deny=false
hits=3653137805, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=vLan-Embratel, output_ifc=any

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp www www
Additional Information:
NAT divert to egress interface vLan-Rede-Local
Untranslate 200.211.35.36/80 to 192.168.0.19/80

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group vLan-Embratel_access_in in interface vLan-Embratel
access-list vLan-Embratel_access_in extended permit tcp any any eq www
access-list vLan-Embratel_access_in remark Acesso NobreakAPC 10KVA
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc90b0280, priority=13, domain=permit, deny=false
hits=44582, user_data=0xca2cd530, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37351847, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc473ab0, priority=0, domain=inspect-ip-options, deny=true
hits=60053651, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map global-class
match default-inspection-traffic
policy-map global-policy
class global-class
inspect http
service-policy global-policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcce10770, priority=70, domain=inspect-http, deny=false
hits=456919, user_data=0xcce0bc70, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 7
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xccd6fae0, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=1383991, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=any

Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Embratel
nat (vLan-Rede-Local,vLan-Embratel) static interface service tcp www www
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcd66ae78, priority=6, domain=nat-reverse, deny=false
hits=40012, user_data=0xcd0a2230, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=192.168.0.19, mask=255.255.255.255, port=80, tag=0, dscp=0x0
input_ifc=vLan-Embratel, output_ifc=vLan-Rede-Local

Phase: 9
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcbc1fe48, priority=0, domain=user-statistics, deny=false
hits=46630553, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Rede-Local

Phase: 10
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37351849, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 11
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xcd49c598, priority=0, domain=inspect-ip-options, deny=true
hits=49620135, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Rede-Local, output_ifc=any

Phase: 12
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0xcce1ba50, priority=0, domain=user-statistics, deny=false
hits=59289893, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Embratel

Phase: 13
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 67774758, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Result:
input-interface: vLan-Embratel
input-status: up
input-line-status: up
output-interface: vLan-Rede-Local
output-status: up
output-line-status: up
Action: allow

Obrigado pela ajuda.

Cisco Employee

Oi Weslley,

Oi Weslley,

Obrigado pela informação! Nos outputs que voce me enviou estou vendo que o aceso pela interfaz vLan-Embratel esta certinha e eu acho que essa e a interfaz 1 e esta funcionando corretamente, certo? Agora vou precisar o mesmo comando de "packet-tracer" que voce executo mais agora pela interfaz 2 que estou vendo que e a vLan-Algar, nao e isso? O comando ficaria da seguinte forma:

packet-tracer input vLan-Algar tcp 8.8.8.8 34567 <ip_address_of_Algars_interface> 80 detail

Fico no aguardo,

Atenciosamente,

Osvaldo G.

New Member

Olá Osvaldo,

Olá Osvaldo,

Isso mesmo, a interface vLan-Embratel funciona normalmente.

O problema é o acesso na vLan-Algar. 

Pode ser problema de rota? fiz um teste aqui. Se eu alterar a rota default para vLan-Algar, o acesso fica normal mas a vLan-Embratel fica sem acesso. e se voltar a rota default para vLan-Embratel. volta o acesso normal a vLan e a vLan-Algar fica fora 

Baixo o output do packet-tracer

Result of the command: "packet-tracer input vLan-Algar tcp 8.8.8.8 34567 187.32.195.100 80 detail"

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc4965b8, priority=1, domain=permit, deny=false
hits=135080998, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=vLan-Algar, output_ifc=any

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp www www
Additional Information:
NAT divert to egress interface vLan-Rede-Local
Untranslate 187.32.195.100/80 to 192.168.0.19/80

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group vLan-Algar_access_in in interface vLan-Algar
access-list vLan-Algar_access_in extended permit tcp any any eq www
access-list vLan-Algar_access_in remark Acesso RDP Weslley-VM
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcd1a48a8, priority=13, domain=permit, deny=false
hits=16469, user_data=0xca2cd670, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37958844, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcc49c4e0, priority=0, domain=inspect-ip-options, deny=true
hits=2249503, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map global-class
match default-inspection-traffic
policy-map global-policy
class global-class
inspect http
service-policy global-policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcce113f8, priority=70, domain=inspect-http, deny=false
hits=15860, user_data=0xcce0bc70, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 7
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xccd3a338, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=15224, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=any

Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
object network CenterCell-Server-HTTP-Algar
nat (vLan-Rede-Local,vLan-Algar) static interface service tcp www www
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcd1474f0, priority=6, domain=nat-reverse, deny=false
hits=676, user_data=0xcd25fc88, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=192.168.0.19, mask=255.255.255.255, port=80, tag=0, dscp=0x0
input_ifc=vLan-Algar, output_ifc=vLan-Rede-Local

Phase: 9
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcbc1fe48, priority=0, domain=user-statistics, deny=false
hits=47639726, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Rede-Local

Phase: 10
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xc83a0250, priority=1, domain=nat-per-session, deny=true
hits=37958846, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 11
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xcd49c598, priority=0, domain=inspect-ip-options, deny=true
hits=51018514, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=vLan-Rede-Local, output_ifc=any

Phase: 12
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0xcce1c4f8, priority=0, domain=user-statistics, deny=false
hits=2242392, user_data=0xcce01e60, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=vLan-Algar

Phase: 13
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 69634942, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_http
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Result:
input-interface: vLan-Algar
input-status: up
input-line-status: up
output-interface: vLan-Rede-Local
output-status: up
output-line-status: up
Action: allow

Obrigado.

Cisco Employee

Oi Weslley,

Oi Weslley,

Obrigado pela informação! Isso mesmo, amigo. O que acontece e o seguinte: 

1. Um usuario na Internet envía uma petição para o server utilizando o endereço do link secundario (vLan-Algar) 

2. O ASA recebe e envia para o server interno pela interfaz vLan-Rede-Local

3. O server responde a petição de volta para o ASA

4. Quando o ASA recebe, ele procesa, e procura onde fica o host de destino

5. Como é um usuario na Internet, ele nao vai ter uma entrada especifica para este host, então vai utilizar a rota de default, mas a rota de default é pelo link primario. 

6. O ASA envia o pacote utilizando com o source o endereço da interfaz vLan-Embratel

7. O pacote chega ate o usuario mas ele nao vai procesar porque ele nao envio o pacote com esse endereço, então o pacote é dropado pelo host.

Uma das coisas que voce podería fazer e utilizar a interfaz a vLan-Algar so como backup link para enviar o trafego se a interfaz vLan-Embratel falha:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/70559-pix-dual-isp.html

Tomara que esta informação seja de ajuda.

Atenciosamente,

Osvaldo G.

New Member

Olá Osvaldo,

Olá Osvaldo,

Entendi, trabalharia como link de redundância a vLan-Algar.

Você vê outra maneira dos dois links trabalharem como primário?

Minha preocupação de direcionar o fluxo somente pela vLan-Embratel, é se houver falhar do link, caso isso aconteça, meus servições de HTTP, FTP entre outros ficaram indisponível. 

O que você me recomenda?

Obrigado.

Re: Olá Osvaldo,

Correto, trabalharia como redundância.

Basta ter um rota secundária com IP Sla configurado, que no caso de queda do link primário o tráfego seria direcionado para o link backup, e assim os servidores continuariam funcionando (agora pelo link secundário).

46
Apresentações
5
Kudo
7
Respostas