ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
rameshpillai
New Member
Posts:
1
Joined:
Wed Jun 29, 2005 8:22 am

traffic not going through pix 506e

Wed Jun 29, 2005 8:31 am

Hi

i have two subnet one off 10.x.x.x series and other small just two host of 192.168.100.0 series.

everything from my 10.x.x.x network is working fine.
But noting from 192.168.100.0 series.
I have gone through the xlate its happening and the syslog show that the connection getting created and teardown after that immediately syslog ids 302015 and 302016
___________________________________
pls find my config below

PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100

clock timezone IST 5 30
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
name 10.2.1.1 Layer-III
name 192.168.100.2 ArvindV
access-list acl_in permit esp any any
access-list acl_in permit ah any any
access-list acl_in permit udp any any eq isakmp
access-list acl_in permit icmp any any
access-list acl_in permit gre any any
access-list acl_in permit tcp any any eq pptp
access-list acl_in permit tcp any host X.X.X.7 eq www
access-list acl_in permit tcp any host X.X.X.7 eq smtp
access-list acl_in permit tcp any host X.X.X.7 eq pop3
access-list acl_in permit tcp any host X.X.X.7 eq https
access-list acl_in permit tcp any host X.X.X.7 eq ldap
access-list acl_in permit tcp any host X.X.X.19 eq www
access-list acl_in permit tcp any host X.X.X.6 eq www
access-list acl_in permit tcp any host X.X.X.8 eq www
access-list acl_in permit tcp any host X.X.X.9 eq www
access-list acl_in permit tcp any host X.X.X.9 eq 8080
access-list acl_in permit tcp any host X.X.X.10 eq www
access-list acl_in permit tcp any host X.X.X.14 eq 8080
access-list acl_in permit tcp any host X.X.X.14 eq 9080
access-list acl_in permit ip any host X.X.X.11
access-list acl_in permit tcp any host X.X.X.18 eq www
access-list acl_in permit tcp any host X.X.X.18 eq 81
access-list acl_in permit ip any host X.X.X.96
access-list acl_in permit tcp any host X.X.X.15 eq ftp
access-list acl_in permit tcp any host X.X.X.6 eq 5800
access-list acl_in permit tcp any host X.X.X.6 eq 5900
access-list acl_in permit tcp any host X.X.X.125 eq 9080
access-list acl_in permit tcp any host X.X.X.94 eq 9080
access-list acl_in permit tcp any host X.X.X.12 eq www
access-list acl_in permit tcp any host X.X.X.92 eq www
access-list acl_in permit tcp any host X.X.X.124 eq 7080
access-list acl_in permit tcp any host X.X.X.124 eq telnet
access-list acl_in permit tcp any host X.X.X.9 eq 5800
access-list acl_in permit tcp any host X.X.X.9 eq 5900
access-list acl_in permit tcp any host X.X.X.15 eq www
access-list acl_in permit tcp any host X.X.X.60 eq 9080
access-list acl_in permit tcp any host X.X.X.60 eq 9081
access-list inside_outbound_nat0_acl permit ip host 10.2.1.2 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.3 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.208 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.9 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.23 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.7 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.3.71 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.250 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.60 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host Layer-III 10.2.20.0 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.2.1.98 10.2.20.0 255.255.255.248
access-list outside_cryptomap_dyn_20 permit ip any 10.2.20.0 255.255.255.248
pager lines 24
logging on
logging trap debugging
logging host inside 10.2.1.21
mtu outside 1500
mtu inside 1500
ip address outside X.X.X.2 255.255.255.224
ip address inside 10.2.1.179 255.255.0.0
ip audit info action alarm
ip audit attack action alarm
ip local pool QuinnoxPool 10.2.20.1-10.2.20.5
pdm location 10.2.1.2 255.255.255.255 inside
pdm location 10.2.1.3 255.255.255.255 inside
pdm location 10.2.1.7 255.255.255.255 inside
pdm location 10.2.1.9 255.255.255.255 inside
pdm location 10.2.1.21 255.255.255.255 inside
pdm location 10.2.1.60 255.255.255.255 inside
pdm location 10.2.1.98 255.255.255.255 inside
pdm location 10.2.1.99 255.255.255.255 inside
pdm location 10.2.1.122 255.255.255.255 inside
pdm location 10.2.1.144 255.255.255.255 inside
pdm location 10.2.1.152 255.255.255.255 inside
pdm location 10.2.1.246 255.255.255.255 inside
pdm location 10.2.3.71 255.255.255.255 inside
pdm location 10.2.5.0 255.255.255.0 inside
pdm location 10.2.6.0 255.255.255.0 inside
pdm location 10.2.7.0 255.255.255.0 inside
pdm location 10.2.9.0 255.255.255.0 inside
pdm location 10.2.10.0 255.255.255.0 inside
pdm location 10.2.12.0 255.255.255.0 inside
pdm location 10.2.13.100 255.255.255.255 inside
pdm location 10.2.13.101 255.255.255.255 inside
pdm location 10.2.13.102 255.255.255.255 inside
pdm location 10.2.13.103 255.255.255.255 inside
pdm location 10.2.13.104 255.255.255.255 inside
pdm location 10.2.13.105 255.255.255.255 inside
pdm location 10.2.13.106 255.255.255.255 inside
pdm location 10.2.13.107 255.255.255.255 inside
pdm location 10.2.13.108 255.255.255.255 inside
pdm location 10.2.13.109 255.255.255.255 inside
pdm location 10.2.13.110 255.255.255.255 inside
pdm location 10.2.1.90 255.255.255.255 inside
pdm location 10.2.1.91 255.255.255.255 inside
pdm location 10.2.1.151 255.255.255.255 inside
pdm location 10.2.2.100 255.255.255.255 inside
pdm location 10.2.3.166 255.255.255.255 inside
pdm location 10.2.10.26 255.255.255.255 inside
pdm location 10.2.10.31 255.255.255.255 inside
pdm location 10.2.10.34 255.255.255.255 inside
pdm location 10.2.10.37 255.255.255.255 inside
pdm location 10.2.15.25 255.255.255.255 inside
pdm location 10.2.15.40 255.255.255.255 inside
pdm location 10.2.17.14 255.255.255.255 inside
pdm location 10.4.4.226 255.255.255.255 inside
pdm location 10.4.4.227 255.255.255.255 inside
pdm location 10.4.4.228 255.255.255.255 inside
pdm location 10.4.4.229 255.255.255.255 inside
pdm location 10.4.4.230 255.255.255.255 inside
pdm location 10.4.4.231 255.255.255.255 inside
pdm location 10.4.4.232 255.255.255.255 inside
pdm location 10.4.4.233 255.255.255.255 inside
pdm location 10.4.4.234 255.255.255.255 inside
pdm location 10.4.4.235 255.255.255.255 inside
pdm location 10.4.4.236 255.255.255.255 inside
pdm location 10.4.5.4 255.255.255.255 inside
pdm location 10.4.5.5 255.255.255.255 inside
pdm location 10.4.5.7 255.255.255.255 inside
pdm location 10.4.5.8 255.255.255.255 inside
pdm location 10.4.5.9 255.255.255.255 inside
pdm location 10.4.5.10 255.255.255.255 inside
pdm location 10.4.5.11 255.255.255.255 inside
pdm location 10.4.5.12 255.255.255.255 inside
pdm location 10.4.5.13 255.255.255.255 inside
pdm location 10.4.5.30 255.255.255.255 inside
pdm location 10.4.7.0 255.255.255.192 inside
pdm location 10.4.7.69 255.255.255.255 inside
pdm location 10.4.7.64 255.255.255.192 inside
pdm location 10.4.10.64 255.255.255.192 inside
pdm location 10.4.0.0 255.255.0.0 inside
pdm location C1.C1.C1.2 255.255.255.255 outside
pdm location C2.C2.C2.126 255.255.255.255 outside
pdm location C3.C3.C3.200 255.255.255.255 outside
pdm location 10.2.20.0 255.255.255.248 outside
pdm location 10.2.21.0 255.255.255.0 inside
pdm location 10.2.1.8 255.255.255.255 inside
pdm location 10.2.1.23 255.255.255.255 inside
pdm location 10.2.1.208 255.255.255.255 inside
pdm location 10.2.1.250 255.255.255.255 inside
pdm location Layer-III 255.255.255.255 inside
pdm location 10.2.1.86 255.255.255.255 inside
pdm location 10.2.1.87 255.255.255.255 inside
pdm location 10.2.1.88 255.255.255.255 inside
pdm location 10.2.1.111 255.255.255.255 inside
pdm location 10.2.1.200 255.255.255.255 inside
pdm location 192.168.100.0 255.255.255.0 inside
pdm location ArvindV 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 24 X.X.X.67
global (outside) 100 X.X.X.113
global (outside) 75 X.X.X.66
global (outside) 26 X.X.X.68
global (outside) 27 X.X.X.69
global (outside) 28 X.X.X.70
global (outside) 25 X.X.X.65
global (outside) 31 X.X.X.123
global (outside) 5 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 24 10.4.7.0 255.255.255.192 0 0
nat (inside) 27 10.4.7.64 255.255.255.192 0 0
nat (inside) 25 10.4.10.64 255.255.255.192 0 0
nat (inside) 24 10.2.5.0 255.255.255.0 0 0
nat (inside) 26 10.2.6.0 255.255.255.0 0 0
nat (inside) 25 10.2.7.0 255.255.255.0 0 0
nat (inside) 27 10.2.9.0 255.255.255.0 0 0
nat (inside) 28 10.2.10.0 255.255.255.0 0 0
nat (inside) 75 10.2.12.0 255.255.255.0 0 0
nat (inside) 31 10.2.21.0 255.255.255.0 0 0
nat (inside) 100 0.0.0.0 0.0.0.0 0 0
static (inside,outside) X.X.X.76 10.2.13.101 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.77 10.2.13.102 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.78 10.2.13.103 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.79 10.2.13.104 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.80 10.2.13.105 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.81 10.2.13.106 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.82 10.2.13.107 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.83 10.2.13.108 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.85 10.2.13.110 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.90 10.2.13.109 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.7 10.2.1.2 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.19 10.2.1.99 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.6 10.2.1.98 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.8 10.2.1.7 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.9 10.2.1.3 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.10 10.2.1.122 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.14 10.2.1.246 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.11 10.2.1.152 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.93 10.2.10.31 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.95 10.2.17.14 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.15 10.2.1.9 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.97 10.2.10.37 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.98 10.2.15.40 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.99 10.4.5.4 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.96 10.2.2.100 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.100 10.4.4.226 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.101 10.4.4.227 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.103 10.4.4.229 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.104 10.4.4.230 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.105 10.4.4.231 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.106 10.4.4.232 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.107 10.4.4.233 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.108 10.4.4.234 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.109 10.4.4.235 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.110 10.4.4.236 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.102 10.4.4.228 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.111 10.4.5.5 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.112 10.4.5.4 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.114 10.4.5.7 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.115 10.4.5.8 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.116 10.4.5.9 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.117 10.4.5.10 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.118 10.4.5.11 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.119 10.4.5.12 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.120 10.4.5.13 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.91 10.2.10.26 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.121 10.4.5.30 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.75 10.2.13.100 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.94 10.2.15.25 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.125 10.4.7.69 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.12 10.2.1.151 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.92 10.2.1.90 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.122 10.2.10.34 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.124 10.2.1.91 netmask 255.255.255.255 0 0
static (inside,outside) 10.2.1.208 10.2.1.208 netmask 255.255.255.255 0 0
static (inside,outside) 10.2.1.23 10.2.1.23 netmask 255.255.255.255 0 0
static (inside,outside) 10.2.1.8 10.2.1.8 netmask 255.255.255.255 0 0
static (inside,outside) 10.2.1.250 10.2.1.250 netmask 255.255.255.255 0 0
static (inside,outside) Layer-III Layer-III netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.55 10.2.1.86 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.56 10.2.1.87 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.57 10.2.1.88 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.60 10.2.1.111 netmask 255.255.255.255 0 0
access-group acl_in in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.X.1 1
route inside 10.4.0.0 255.255.0.0 Layer-III 1
route inside 192.168.100.0 255.255.255.0 Layer-III 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 10.2.3.71 255.255.255.255 inside
http 10.2.1.60 255.255.255.255 inside
http 10.2.1.200 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec



cheers
Ramp

User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Wed Jun 29, 2005 9:46 am

I don't see any outbound ACL statements or NAT pool statements for the 192.168.100.0 network.

'

Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 24 guests