Question

Locked

pix 525 dmz probleme

By saumair ·
dear Guys

help

we are having pix525 with inside ,outside,dmz

question is that i cant access my dmz from inside zone and i cant ping.i cant acces any server

detail expanation of secnario


inside

we are having 6509 switch old switch old network with subnet 10.80.0.0 and 2 6509 new switch with network 10.8.0.0 and there is connection betweeh this switches my pix firewall is connected to old coreswitch with inside ip address 10.80.56.254 255.255.252.0 and from inside new network i can ping inside of firewall interafce and can telnet the firewall but i cant ping dmz zone and neither i can access the dmz zone from old and new both


dmz

dmz ip address 10.80.64.254 255.255.252.0
which is connected to switch 2950 and where server are connected i can ping dmz server from
pix but i cant ping dmz or inside interface from dmz server.


running configuration


RUMANP1# sh run
: Saved
:
PIX Version 7.1(1)
!
hostname xx.xx
domain-name xx.xx.xxxxxxxxxxxxx
enable password T2jllZzcJwZt2Xi5 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 212.x.x.131 255.255.255.240 standby 212.x.x.132
!
interface Ethernet1
nameif dmz
security-level 70
ip address 10.80.64.254 255.255.252.0 standby 10.80.64.253
!
interface Ethernet2
shutdown
nameif intf3
security-level 6
ip address xx.xx.1.1 255.255.255.0
!
interface Ethernet3
description dmztesting
speed 100
duplex full
shutdown
nameif dmz11
security-level 11
ip address xx.xx.168.1.1 255.255.0.0
!
interface Ethernet4
description xx.xx TEST
speed 100
duplex full
nameif dmz4
security-level 60
ip address 10.16.20.254 255.255.255.0
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0
nameif inside
security-level 100
ip address 10.80.56.254 255.255.252.0 standby 10.80.56.253
!
passwd xx.xx encrypted
boot system flash:/image.bin
ftp mode passive
dns server-group DefaultDNS
domain-name xx.xx.xxxxxxxxxxxxx
access-list out extended permit ip host xx.xx.18.1.1 host xx.xx.18.1.2
access-list out extended permit ip host xx.xx.18.1.1 10.80.0.0 255.255.0.0
access-list out extended permit ip host xx.xx.18.1.1 10.96.0.0 255.255.0.0
access-list out extended permit ip host xx.xx.18.1.1 10.80.56.0 255.255.252.0
access-list out extended permit ip host xx.xx.18.1.1 xx.xx.16.2.0 255.255.255.252
access-list out extended permit gre host xx.xx.18.1.1 host xx.xx.18.1.2
access-list out extended permit tcp any host 212.x.x.130 eq pptp
access-list out extended permit gre any host 212.x.x.130
access-list out extended permit tcp 212.1x.x.40 255.255.255.248 host 212.x.x.130 eq 1433
access-list out extended permit icmp host 10.80.16.44 any
access-list out extended permit tcp any host 212.x.x.130 eq 8888
access-list out extended permit udp any host 212.x.x.130 eq 3101
access-list out extended permit tcp any host 212.x.x.136 eq ftp
access-list out extended permit tcp any host 212.x.x.136 eq www
access-list out extended permit tcp any host 212.x.x.136 eq https
access-list out extended permit tcp any host 212.x.x.130 eq 9000
access-list out extended permit tcp any host 212.x.x.141 eq www
access-list out extended permit tcp any host 212.x.x.141 eq 1433
access-list out extended permit tcp any host 212.x.x.141 eq 599
access-list out extended permit tcp any host 212.x.x.141 eq 5900
access-list out extended permit tcp any host 212.x.x.136 eq sqlnet
access-list out extended permit ip host 212.116.209.119 host 212.100.208.138
access-list out extended permit ip any host 212.100.208.138
access-list out remark xx.xx Tunnel to xxxxxxxxxxxxx
access-list out extended permit ip 141.xx.xx.0 255.255.254.0 10.80.68.0 255.255.255.0
access-list out remark xx.xx Tunnel toxxxxxxxxxxxxx
access-list out extended permit ip 141.xx.xx.0 255.255.254.0 10.96.68.0 255.255.255.0
access-list out extended permit tcp any host 212.x.x.130 eq 7777
access-list out extended permit tcp any host 212.x.x.209 eq 7777
access-list out extended permit tcp any host 212.x.x.209 eq 9000
access-list out extended permit tcp any host 212.x.x.209 eq 8888
access-list out extended permit tcp any host 212.x.x.209 eq www
access-list out extended permit tcp 212.1x.x.40 255.255.255.248 host 212.x.x.209 eq 1433
access-list out extended permit gre any host 212.x.x.209
access-list out extended permit tcp any host 212.x.x.209 eq pptp
access-list out extended permit tcp any host 212.x.x.210 eq citrix-ica
access-list out extended permit tcp any host 212.x.x.210 eq https
access-list out extended permit tcp any host 212.x.x.210 eq www
access-list out extended permit tcp any host 212.x.x.210 eq 8080
access-list out extended permit tcp any host 212.x.x.210 eq 2598
access-list out extended permit tcp any host 212.x.x.130 eq https
access-list out remark xx.xx Tunnel toxxxxxxxxxxxxx
access-list out extended permit icmp 141.xx.xx.0 255.255.254.0 10.96.68.0 255.255.255.0
access-list out remark xx.xx Tunnel to xxxxxxxxxxxxx
access-list out extended permit icmp 141.xx.xx.0 255.255.254.0 10.80.68.0 255.255.255.0
access-list out remark xx.xx Tunnel to xx.xx
access-list out extended permit ip 141.xx.xx.0 255.255.254.0 10.112.68.0 255.255.255.0
access-list out remark xx.xx Tunnel to xx.xx
access-list out extended permit icmp 141.xx.xx.0 255.255.254.0 10.112.68.0 255.255.255.0
access-list out extended permit tcp any host 212.x.x.209 eq 8080
access-list out extended permit tcp any host 212.x.x.130 eq www
access-list out extended permit tcp any host 212.x.x.130 eq 8080
access-list out extended permit tcp any host 212.x.x.130 eq www
access-list out extended permit tcp any 10.80.64.0 255.255.252.0 eq 8080
access-list out remark xx.xx COMPANY
access-list out extended permit tcp host 213.xx.xx.139 host 10.80.16.43
access-list out remark xx.xx COMPANY
access-list out extended permit tcp xx.xx.77.0 255.255.255.248 host 10.80.16.43
access-list out remark xx.xx TUNNEL
access-list out extended permit tcp xx.xx.221.0 255.255.255.0 any inactive
access-list out extended permit tcp any host 212.x.x.213 eq www
access-list out extended permit tcp any host 212.x.x.213 eq 8080
access-list out extended permit tcp any host 212.x.x.213 eq https
access-list out extended permit tcp any host 212.x.x.213 eq 7777
access-list out extended permit tcp any host 212.x.x.213 eq 9000
access-list out extended permit tcp any host 212.x.x.213 eq 8888
access-list out extended permit tcp any host 212.x.x.214 eq www
access-list out extended permit tcp any host 212.x.x.214 eq 8080
access-list out extended permit tcp any host 212.x.x.214 eq https
access-list out extended permit tcp any host 212.x.x.214 eq 7777
access-list out extended permit tcp any host 212.x.x.214 eq 9000
access-list out extended permit tcp any host 212.x.x.214
access-list out extended permit tcp any host 212.x.x.213
access-list out extended permit tcp any host 212.x.x.215
access-list out extended permit udp any host 212.x.x.215
access-list out remark xx.xx SERVER
access-list out extended permit ip 204.x.x.16 255.255.255.240 10.80.64.120 255.255.255.248
access-list out extended permit tcp any host 212.x.x.139
access-list out remark x.x-xx.xx SERVER
access-list out extended permit ip 204.x.x.16 255.255.255.240 host 10.80.64.53
access-list out extended permit ip any host 212.x.x.219
access-list out extended permit tcp any host 212.x.x.133 eq smtp
access-list out extended permit tcp any host 212.x.x.133 eq www
access-list out extended permit tcp any host 212.x.x.133 eq https
access-list out extended permit tcp any host 212.x.x.133 eq pop3
access-list out extended permit tcp host 193.109.81.33 any
access-list out extended permit tcp any host 212.x.x.216 eq 8080
access-list out extended permit tcp any host 212.x.x.216 eq https
access-list out extended permit tcp any host 212.x.x.216 eq www
access-list out extended permit tcp any host 212.x.x.135 eq https
access-list out extended permit tcp any host 212.x.x.135 eq www
access-list out extended permit tcp any host 212.x.x.133 eq domain
access-list out extended permit tcp any host 212.x.x.220 eq 1433
access-list out extended permit tcp any host 212.x.x.220 eq 599
access-list out extended permit tcp host 212.1x.x.42 host 212.x.x.220
access-list out extended permit ip host 212.1x.x.42 host 212.x.x.220
access-list out extended permit tcp host 212.1x.x.43 host 212.x.x.221
access-list out extended permit ip host 212.1x.x.43 host 212.x.x.221
access-list out extended permit tcp host 212.1x.x.42 host 212.x.x.221
access-list out extended permit ip host 212.1x.x.42 host 212.x.x.221
access-list out extended permit tcp host 212.1x.x.43 host 212.x.x.220
access-list out extended permit ip host 212.1x.x.43 host 212.x.x.220
access-list out extended permit tcp any host 212.x.x.217 eq 8080
access-list out extended permit udp any host 212.x.x.133 eq dnsix
access-list out extended permit udp any host 212.x.x.133 eq domain
access-list out extended deny ip host 82.xx.xx.74 host 212.x.x.213 log
access-list out extended deny ip host 82.xx.xx.88 host 212.x.x.213 log
access-list out extended deny ip host 82.xx.xx.176 host 212.x.x.213 log
access-list out extended permit tcp host 212.x.x.133 any eq domain
access-list out extended permit udp host 212.x.x.133 any eq domain
access-list out extended permit tcp host 212.x.x.133 any eq ftp
access-list out extended permit tcp host 212.x.x.133 any eq ftp-data
access-list out extended permit udp host 212.x.x.133 any eq 21
access-list out extended permit udp host 212.x.x.133 any eq 20
access-list out extended permit ip host 212.x.x.133 any log
access-list out extended permit icmp any any
access-list out extended permit ip host 212.x.x.217 any
access-list out extended permit tcp any host 212.x.x.217 eq 3389
access-list out extended permit tcp 212.1x.x.40 255.255.255.248 host 212.x.x.213 eq 1433
access-list out remark xx.xx Tunnel to xxxxxxxxxxxxx
access-list out extended permit ip 10.16.17.0 255.255.255.128 10.16.20.0 255.255.255.0
access-list out remark xx.xx Tunnel to xxxxxxxxxxxxx
access-list out extended permit tcp 10.16.17.0 255.255.255.128 10.16.20.0 255.255.255.0
access-list out remark xx.xx Tunnel to xxxxxxxxxxxxx
access-list out extended permit icmp 10.16.17.0 255.255.255.128 10.16.20.0 255.255.255.0
access-list out extended permit ip xx.xx.77.0 255.255.255.0 10.0.30.0 255.255.255.192
access-list dmz extended permit ip host 10.80.56.217 any
access-list dmz extended permit ip host 10.80.64.217 any
access-list dmz extended permit ip host 10.8.33.217 any
access-list dmz extended permit tcp any host 10.80.64.217 eq 8080
access-list inside_nat0_outbound extended permit ip 10.80.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list inside_nat0_outbound extended permit ip 10.96.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list inside_nat0_outbound extended permit ip 10.112.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list inside_nat0_outbound extended permit ip host 10.80.16.43 xx.xx.77.0 255.255.255.248
access-list inside_nat0_outbound extended permit ip 10.80.0.0 255.255.224.0 xx.xx.221.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 10.80.16.43 xx.xx.77.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 10.8.1.11 host 10.16.17.17
access-list inside_nat0_outbound extended permit ip host 10.16.20.113 host 10.16.17.17
access-list inside_nat0_outbound extended permit ip host 10.16.20.113 10.16.17.0 255.255.255.128
access-list inside_nat0_outbound extended permit ip 10.0.30.192 255.255.255.192 xx.xx.77.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.30.0 255.255.255.192 xx.xx.77.0 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 10.80.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list outside_cryptomap_20 extended permit ip 10.96.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list outside_cryptomap_20 extended permit ip 10.112.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list inside_access_in remark xx.xx Tunnel to xxxxxxxxxxxxx
access-list inside_access_in extended permit tcp 10.80.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list inside_access_in extended permit tcp 10.96.68.0 255.255.255.0 141.xx.xx.0 255.255.254.0
access-list icmppermit extended permit icmp any any
access-list icmppermit extended permit ip any any
access-list outside_cryptomap_dyn_40 extended permit ip host 10.80.16.43 xx.xx.77.0 255.255.255.0
access-list outside_cryptomap_40 extended permit tcp 10.80.0.0 255.255.224.0 xx.xx.221.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip 10.80.64.0 255.255.255.0 any
access-list dmz_nat0_outbound extended permit ip 10.80.64.120 255.255.255.248 204.x.x.16 255.255.255.240
access-list dmz_nat0_outbound extended permit ip host 10.80.64.53 204.x.x.16 255.255.255.240
access-list outside_cryptomap_60 extended permit ip 10.80.64.120 255.255.255.248 204.x.x.16 255.255.255.240
access-list outside_cryptomap_60 extended permit ip host 10.80.64.53 204.x.x.16 255.255.255.240
access-list outside_access_out extended permit icmp any any
access-list outside_access_out extended permit ip any any
access-list outside_access_out extended permit tcp any any
access-list outside_access_out extended permit udp any any
access-list outside_access_out_V1 extended permit icmp any any
access-list acl_inside extended permit tcp any any eq 8080
access-list dmz4_nat0_outbound extended permit ip 10.16.20.0 255.255.255.0 10.16.17.0 255.255.255.128
access-list dmz4 extended permit icmp any any echo-reply
access-list dmz4 extended permit icmp any any echo
access-list outside_cryptomap_80_1 extended permit ip 10.16.20.0 255.255.255.0 10.16.17.0 255.255.255.128
access-list dmz10 extended permit icmp any any
access-list dmz10 extended permit icmp any any echo
access-list dmz10 extended permit icmp any any echo-reply
access-list dmz10 extended permit ip any host 10.8.64.164
access-list dmz10 extended permit tcp any host 10.8.64.164 eq www
access-list dmz10 extended permit tcp any host 10.8.64.164 eq 8080
access-list dmz11 extended permit icmp any any echo
access-list dmz11 extended permit icmp any any echo-reply
access-list dmz11 extended permit ip host xx.xx.168.1.20 any
access-list dmz11 extended permit tcp any host xx.xx.168.1.20 eq www
access-list dmz11 extended permit tcp any host xx.xx.168.1.20 eq https
access-list xx.xx_splitTunnelAcl standard permit 10.0.30.0 255.255.255.192
access-list outside_cryptomap_dyn_60 extended permit ip 10.0.30.0 255.255.255.192 xx.xx.77.0 255.255.255.0
no pager
logging timestamp
logging asdm-buffer-size 500
logging console debugging
logging buffered informational
logging trap informational
logging asdm debugging
logging device-id ipaddress dmz
mtu outside 1500
mtu dmz 1500
mtu intf3 1500
mtu dmz11 1500
mtu dmz4 1500
mtu inside 1500
ip local pool xx.xx xx.xx.77.1-xx.xx.77.253 mask 255.255.255.0
failover
failover polltime unit 5 holdtime 15
icmp permit any dmz
icmp permit any inside
asdm image flash:/asdm-511.bin
asdm history enable
arp timeout 14400
nat-control
global (dmz11) 11 interface
global (dmz4) 3 interface
nat (dmz4) 0 access-list dmz4_nat0_outbound
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 11 0.0.0.0 0.0.0.0
static (dmz,outside) tcp 212.x.x.133 smtp 10.80.64.28 smtp netmask 255.255.255.255
static (dmz,outside) tcp 212.x.x.133 ftp 10.80.64.28 ftp netmask 255.255.255.255
static (dmz,outside) tcp 212.x.x.133 https 10.80.64.228 https netmask 255.255.255.255
static (dmz,outside) tcp 212.x.x.133 www 10.80.64.228 www netmask 255.255.255.255
static (dmz,outside) tcp 212.x.x.133 pop3 10.80.64.228 pop3 netmask 255.255.255.255
static (dmz,outside) tcp 212.x.x.133 pop2 10.80.64.228 pop2 netmask 255.255.255.255
static (dmz,outside) udp 212.x.x.133 domain 10.80.64.28 domain netmask 255.255.255.255
static (dmz,outside) tcp 212.x.x.133 domain 10.80.64.28 domain netmask 255.255.255.255
static (inside,outside) xx.xx.18.1.2 xx.xx.18.1.2 netmask 255.255.255.255
static (inside,outside) 10.80.56.0 10.80.56.0 netmask 255.255.252.0
static (inside,outside) 10.80.0.0 10.80.0.0 netmask 255.255.252.0
static (inside,outside) xx.xx.16.2.0 xx.xx.16.2.0 netmask 255.255.255.252
static (inside,outside) 10.96.0.0 10.96.0.0 netmask 255.255.252.0
static (inside,dmz) 10.80.16.0 10.80.16.0 netmask 255.255.252.0
static (dmz,outside) 212.x.x.136 10.80.64.136 netmask 255.255.255.255
static (dmz,outside) 212.x.x.130 10.80.64.51 netmask 255.255.255.255
static (dmz,outside) 212.x.x.134 10.80.64.11 netmask 255.255.255.255
static (inside,outside) 212.x.x.138 10.80.0.240 netmask 255.255.255.255
static (dmz,outside) 212.x.x.141 10.80.64.141 netmask 255.255.255.255
static (dmz,outside) 212.x.x.209 10.80.64.41 netmask 255.255.255.255
static (inside,outside) 10.112.0.0 10.112.0.0 netmask 255.255.252.0
static (dmz,outside) 212.x.x.211 10.80.64.** netmask 255.255.255.255
static (dmz,outside) 212.x.x.210 10.80.64.210 netmask 255.255.255.255
static (dmz,outside) 212.x.x.212 10.80.64.92 netmask 255.255.255.255
static (dmz,inside) 10.80.64.213 10.80.64.213 netmask 255.255.255.255
static (dmz,inside) 10.80.64.214 10.80.64.214 netmask 255.255.255.255
static (dmz,outside) 212.x.x.213 10.80.64.213 netmask 255.255.255.255
static (dmz,outside) 212.x.x.214 10.80.64.214 netmask 255.255.255.255
static (dmz,outside) 212.x.x.215 10.80.64.215 netmask 255.255.255.255
static (inside,outside) xx.xx.221.1 10.80.19.166 netmask 255.255.255.255
static (dmz,outside) 212.x.x.139 10.80.64.139 netmask 255.255.255.255
static (dmz,outside) 212.x.x.219 10.80.64.219 netmask 255.255.255.255
static (dmz,outside) 212.x.x.216 10.80.64.216 netmask 255.255.255.255
static (dmz,outside) 212.x.x.135 10.80.64.135 netmask 255.255.255.255
static (dmz,outside) 212.x.x.220 10.80.64.102 netmask 255.255.255.255
static (dmz,outside) 212.x.x.218 10.80.64.228 netmask 255.255.255.255
static (inside,dmz) 10.8.1.0 10.8.1.0 netmask 255.255.255.0
static (inside,dmz) 10.80.64.217 10.80.64.217 netmask 255.255.255.255
static (dmz4,outside) 212.x.x.217 10.8.64.200 netmask 255.255.255.255
static (dmz4,outside) 10.16.20.0 10.16.20.0 netmask 255.255.255.0
static (inside,dmz) 10.8.0.0 10.8.0.0 netmask 255.255.255.255
static (inside,dmz) 10.80.0.0 10.80.0.0 netmask 255.255.255.255
static (inside,dmz11) xx.xx.168.0.0 xx.xx.168.0.0 netmask 255.255.0.0
access-group out in interface outside
access-group dmz11 in interface dmz11
access-group dmz4 in interface dmz4
route outside xx.xx.18.1.1 255.255.255.255 212.x.x.129 1
route outside 0.0.0.0 0.0.0.0 212.x.x.129 1
route outside xx.xx.221.0 255.255.255.0 212.x.x.129 1
route inside 10.0.30.0 255.255.255.192 10.80.56.1 1
route inside 10.80.19.166 255.255.255.255 10.80.56.1 1
route inside 10.8.0.0 255.255.0.0 10.80.56.1 1
route inside 10.10.15.0 255.255.255.0 10.80.56.1 1
route inside 10.112.0.0 255.255.252.0 10.80.56.1 1
route inside 10.112.0.0 255.255.0.0 10.80.56.1 1
route inside 10.112.68.0 255.255.255.0 10.80.56.1 1
route inside 10.96.0.0 255.255.0.0 10.80.56.1 1
route inside xx.xx.18.1.2 255.255.255.255 10.80.56.1 1
route inside xx.xx.16.2.0 255.255.255.252 10.80.56.1 1
route inside 10.96.0.0 255.255.252.0 10.80.56.1 1
route inside 10.80.48.0 255.255.252.0 10.80.56.1 1
route inside 10.80.40.0 255.255.252.0 10.80.56.1 1
route inside 10.80.36.0 255.255.252.0 10.80.56.1 1
route inside 10.80.32.0 255.255.252.0 10.80.56.1 1
route inside 10.80.24.0 255.255.252.0 10.80.56.1 1
route inside 10.80.16.0 255.255.252.0 10.80.56.1 1
route inside 10.80.8.0 255.255.252.0 10.80.56.1 1
route inside 10.80.0.0 255.255.252.0 10.80.56.1 1
route inside 10.80.68.0 255.255.255.0 10.80.56.1 1
route inside 10.96.68.0 255.255.255.0 10.80.56.1 1
route inside 10.80.96.0 255.255.255.0 10.80.56.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp enable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
group-policy xx.xx internal
group-policy xx.xx attributes
dns-server value 10.8.1.2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xx.xx_splitTunnelAcl
group-policy xx.xx internal
username password encrypted privilege 0
username attributes
vpn-group-policy xx.xx
username password encrypted privilege 0
username attributes
vpn-group-policy xx.xx
http server enable
http 10.80.1.250 255.255.255.255 inside
http 10.80.19.192 255.255.255.255 inside
http 10.8.33.9 255.255.255.255 inside
http 10.8.33.2 255.255.255.255 inside
http 10.8.33.5 255.255.255.255 inside
http 10.8.33.35 255.255.255.255 inside
http 10.8.33.27 255.255.255.255 inside
http 10.8.33.42 255.255.255.255 inside
http 10.8.33.14 255.255.255.255 inside
http 10.8.33.12 255.255.255.255 inside
http 10.8.33.25 255.255.255.255 inside
http 10.8.33.40 255.255.255.255 inside
http 10.8.33.133 255.255.255.255 inside
http 10.8.1.199 255.255.255.255 inside
http 10.8.33.57 255.255.255.255 inside
http 10.8.33.69 255.255.255.255 inside
http 10.8.33.38 255.255.255.255 inside
http 10.8.37.37 255.255.255.255 inside
http 10.8.37.17 255.255.255.255 inside
snmp-server location DataCenter
snmp-server contact xx.xx
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set peer 213.xx.xx.139
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-MD5
crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set peer 212.x.x.210
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 213.xx.xx.10
crypto map outside_map 20 set transform-set ESP-AES-256-MD5
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set peer 213.xx.xx.101
crypto map outside_map 40 set transform-set ESP-DES-MD5
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer 212.xx.xx.243
crypto map outside_map 60 set transform-set ESP-3DES-MD5
crypto map outside_map 80 match address outside_cryptomap_80_1
crypto map outside_map 80 set peer 81.xx.xx.122
crypto map outside_map 80 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 xx.xx
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30xx.xx
isakmp policy 30 xx.xx
isakmp policy 30 xx.xx
isakmp policy 30 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 xx.xx
isakmp policy 50 xx.xx
isakmp policy 50 xx.xx
isakmp policy 50 lifetime 86400
isakmp policy 70 authentication pre-share
isakmp policy 7xx.xx
isakmp policy 70 xx.xx
isakmp policy 70 group 1
isakmp policy 70 lifetime 86400
isakmp policy 90 authentication pre-share
isakmp policy 90 xx.xx
isakmp policy 90 hash sha
isakmp policy 90 xx.xx
isakmp policy 90 lifetime 86400
isakmp ipsec-over-tcp port 10000
tunnel-xx.xx13.xx.xx.10 type ipsec-l2l
tunnel-xx.xx13.xx.xx.10 ipsec-attributes
pre-shared-key *
tunnel-group """ type ipsec-ra
tunnel-group """"general-attributes
address-pool (inside) xx.xx
address-pool xx.xx
default-group-policy xx.xx
tunnel-group xx.xx ipsec-attributes
pre-shared-key *
tunnel-group xx.xx type ipsec-l2l
tunnel-group xx.xx ipsec-attributes
pre-shared-key *
tunnel-xx.xx12.xx.xx.243 type ipsec-l2l
tunnel-xx.xx12.xx.xx.243 ipsec-attributes
pre-shared-key *
tunnel-group xx.xx type ipsec-l2l
tunnel-group xx.xx ipsec-attributes
pre-shared-key *
tunnel-group 81.xx.xx.122 type ipsec-l2l
tunnel-group 81.xx.xx.122 ipsec-attributes
pre-shared-key *
tunnel-group xx.xx type ipsec-ra
tunnel-group xx.xx general-attributes
address-pool xx.xx
default-group-policy xx.xx
tunnel-group xx.xx ipsec-attributes
pre-shared-key *
peer-id-validate nocheck
no vpn-addr-assign aaa
telnet 10.80.1.250 255.255.255.255 dmz
telnet 10.80.1.250 255.255.255.255 dmz11
telnet 10.80.1.250 255.255.255.255 inside
telnet 10.80.19.192 255.255.255.255 inside
telnet 10.80.16.0 255.255.255.0 inside
telnet 10.80.0.0 255.255.0.0 inside
telnet 10.0.0.0 255.128.0.0 inside
telnet 10.8.0.0 255.255.0.0 inside
telnet 10.8.33.0 255.255.255.0 inside
telnet timeout 5
ssh 10.80.19.192 255.255.255.255 inside
ssh 10.80.0.0 255.255.0.0 inside
ssh 10.8.33.9 255.255.255.255 inside
ssh 10.8.33.2 255.255.255.255 inside
ssh 10.8.33.5 255.255.255.255 inside
ssh 10.8.33.35 255.255.255.255 inside
ssh 10.8.33.27 255.255.255.255 inside
ssh 10.8.33.42 255.255.255.255 inside
ssh 10.8.33.14 255.255.255.255 inside
ssh 10.8.33.12 255.255.255.255 inside
ssh 10.8.33.25 255.255.255.255 inside
ssh 10.8.33.40 255.255.255.255 inside
ssh 10.8.37.17 255.255.255.255 inside
ssh timeout 5
ssh version 1
console timeout 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect netbios
inspect pptp
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:1230b1d2c7c49ce65cba6416f7e9f7b4
: end

icmp trace debug

ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP echo request (len 32 id 512 seq 17543) 10.8.37.200 > 10.80.64.213
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP echo request (len 32 id 512 seq 34183) 10.8.37.200 > 10.80.64.53
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP echo request (len 33 id 512 seq 60809) 219.76.126.211 >

212.116.208.133
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP echo request (len 33 id 512 seq 51850) 219.x.x.211 >

212.x.x.133
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP echo request (len 33 id 512 seq 8337) 219.x.x.211 >

212.x.x.219
ICMP echo reply (len 33 id 512 seq 8337) 10.80.64.219 > 219.76.126.211
ICMP echo request (len 33 id 512 seq 22417) 219.76.126.211 >

212.x.x.219
ICMP echo reply (len 33 id 512 seq 22417) 10.80.64.219 > 219.x.x.211
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP echo request (len 32 id 512 seq 21114) 10.8.37.17 > 10.80.64.254
ICMP echo request (len 32 id 512 seq 21370) 10.8.37.17 > 10.80.64.254
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP echo request (len 32 id 512 seq 21626) 10.8.37.17 > 10.80.64.254
ICMP echo request (len 32 id 512 seq 21882) 10.8.37.17 > 10.80.64.254
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1
ICMP type 11 (code 0) 10.80.0.240 > 172.18.1.1
ICMP type 11 (code 0) 10.80.1.1 > 172.18.1.1

when i ping from dmz switch to inside

ICMP echo request (len 72 id 4781 seq 6**7) 10.80.1.96 > 10.80.56.254
ICMP echo reply (len 72 id 4781 seq 6**7) 10.80.56.254 > 10.80.1.96
ICMP echo request (len 72 id 4782 seq 6**7) 10.80.1.96 > 10.80.56.254
ICMP echo reply (len 72 id 4782 seq 6**7) 10.80.56.254 > 10.80.1.96
ICMP echo request (len 72 id 4783 seq 6**7) 10.80.1.96 > 10.80.56.254
ICMP echo reply (len 72 id 4783 seq 6**7) 10.80.56.254 > 10.80.1.96
ICMP echo request (len 72 id 4784 seq 6**7) 10.80.1.96 > 10.80.56.254
ICMP echo reply (len 72 id 4784 seq 6**7) 10.80.56.254 > 10.80.1.96
ICMP echo request (len 72 id 4785 seq 6**7) 10.80.1.96 > 10.80.56.254
ICMP echo reply (len 72 id 4785 seq 6**7) 10.80.56.254 > 10.80.1.96

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums