asa5512 V8.6 nat web server cannot access

Hi all

asa5512 V8.6 nat web server cannot access.

my home pc can access www.cisco.com, but external client cannot access my web server inside...

all of my config, I do not know what is wrong.

Thank youe help.

ciscoasa #.

See the ciscoasa # running

ciscoasa # show running-config

: Saved

ASA 1.0000 Version 2

ciscoasa hostname

activate 2KFQnbNIdI.2KYOU encrypted password

2KFQnbNIdI.2KYOU encrypted passwd

names of

interface GigabitEthernet0/0

nameif outside

security-level 0

address IP XXX1 255.255.255.240

interface GigabitEthernet0/1

Shutdown

No nameif

no level of security

no ip address

interface GigabitEthernet0/2

Shutdown

No nameif

no level of security

no ip address

interface GigabitEthernet0/3

Description link to 3560 G0/1

Speed 1000

full duplex

nameif inside

security-level 100

192.168.1.13 IP address 255.255.255.0

interface GigabitEthernet0/4

Shutdown

No nameif

no level of security

no ip address

interface GigabitEthernet0/5

Shutdown

No nameif

no level of security

no ip address

interface Management0/0

nameif management

security-level 100

IP 192.168.100.1 address 255.255.255.0

time-range k3used

absolute starting 08:00 January 1, 2008

daily periodical 0:00 to 23:59

periodical daily 09:00-18:00

passive FTP mode

clock timezone BeiJing 8

network object obj - 192.168.1.0

subnet 192.168.1.0 255.255.255.0

network object obj - 192.168.200.0

192.168.200.0 subnet 255.255.255.0

network object obj - 192.168.1.2

host 192.168.1.2

network object obj - 192.168.1.2 - 01

host 192.168.1.2

network object obj - 192.168.1.19

Home 192.168.1.19

network object obj - 192.168.1.20

host 192.168.1.20

network object obj - 192.168.1.88

Home 192.168.1.88

network object obj - 192.168.1.1

host 192.168.1.1

network object obj - 192.168.1.2 - 02

host 192.168.1.2

network object obj - 192.168.1.6

host 192.168.1.6

object obj - X.X.X.3 network

Home X.X.X.3

object obj-tcp-source-eq-25 service

tcp source eq smtp service

obj-tcp-source-eq-110 service object

tcp source eq Microsoft pop3 service

object obj - X.X.X.10 network

Home X.X.X.10

obj-tcp-source-eq-8086 service object

tcp source eq 8086 service

obj-tcp-source-eq-80 service object

tcp source eq www service

network object obj - 192.168.1.1 - 01

host 192.168.1.1

obj-tcp-source-eq-3389 service object

source eq 3389 tcp service

obj-tcp-source-eq-9877 service object

tcp source eq 9877 service

obj-tcp-source-eq-21 service object

tcp source eq ftp service

object obj-tcp-source-eq-20 service

tcp source eq ftp service - data

network object obj - 192.168.2.88

Home 192.168.2.88

network object obj - 192.168.2.88 - 01

Home 192.168.2.88

network object obj - 192.168.2.88 - 02

Home 192.168.2.88

network object obj - 192.168.1.19 - 01

Home 192.168.1.19

network object obj - 192.168.2.2

host 192.168.2.2

network object obj - 192.168.2.2 - 01

host 192.168.2.2

network object obj - 192.168.2.2 - 02

host 192.168.2.2

network object obj - 192.168.3.2

host 192.168.3.2

network object obj - 192.168.3.2 - 01

host 192.168.3.2

network object obj - 192.168.3.2 - 02

host 192.168.3.2

object obj - X.X.X.9 network

Home X.X.X.9

obj-tcp-source-eq-8087 service object

tcp source eq 8087 service

network object obj - 192.168.1.200

host 192.168.1.200

network object obj - 192.168.1.200 - 01

host 192.168.1.200

network object obj - 192.168.1.30

host 192.168.1.30

network object obj - 192.168.1.30 - 01

host 192.168.1.30

network object obj - 192.168.1.1 - 02

host 192.168.1.1

object obj - X.X.X.6 network

Home X.X.X.6

obj-tcp-source-eq-8088 service object

tcp source eq 8088 service

network object obj - 192.168.3.5

Home 192.168.3.5

network object obj - 192.168.3.5 - 01

Home 192.168.3.5

network object obj - 192.168.3.5 - 02

Home 192.168.3.5

network object obj - 192.168.3.5 - 03

Home 192.168.3.5

network object obj - 192.168.3.5 - 04

Home 192.168.3.5

network object obj - 192.168.2.0

Subnet 192.168.2.0 255.255.255.0

network object obj - 192.168.3.0

subnet 192.168.3.0 255.255.255.0

network object obj - 192.168.4.0

subnet 192.168.4.0 255.255.255.0

network object obj - 192.168.5.0

192.168.5.0 subnet 255.255.255.0

network object obj - 192.168.6.0

192.168.6.0 subnet 255.255.255.0

network object obj - 192.168.7.0

192.168.7.0 subnet 255.255.255.0

network object obj - 192.168.8.0

192.168.8.0 subnet 255.255.255.0

vpn_list to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.200.0 255.255.255.0

vpn_list to access extended list ip 192.168.200.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 extended deny ip any host 58.215.78.113

access-list 101 extended deny ip any host 61.139.126.81

access-list 101 extended deny ip any host 61.152.94.154

access-list 101 extended allow host ip 192.168.4.2 all

access-list 101 extended allow host ip 192.168.4.3 all

access-list 101 extended allow host ip 192.168.4.4 all

access-list 101 extended allow host ip 192.168.4.5 all

access-list 101 extended allow host ip 192.168.4.7 everything

access-list 101 extended permit ip host 192.168.4.8 all

access-list 101 extended permit ip host 192.168.4.9 all

access-list 101 extended permit ip host 192.168.4.10 all

access-list 101 extended allow host ip 192.168.4.11 all

access-list 101 extended allow host ip 192.168.4.12 all

access-list 101 extended allow host ip 192.168.4.13 all

access-list 101 extended allow host ip 192.168.4.14 all

access-list 101 extended allow host ip 192.168.4.15 all

access-list 101 extended allow host ip 192.168.4.16 all

access-list 101 extended allow host 192.168.4.18 ip everything

access-list 101 extended allow host ip 192.168.4.19 all

access-list 101 extended allow host ip 192.168.4.20 all

access-list 101 extended allow host ip 192.168.4.180 all

access-list 101 extended deny ip 192.168.4.0 255.255.255.0 any

access-list 101 extended allow host ip 192.168.2.176 all

access-list 101 extended allow icmp a whole

access-list 101 extended allow host ip 192.168.2.3 everything

access-list 101 extended allow host ip 192.168.2.164 all

access-list 101 extended allow host ip 192.168.2.171 all

access-list 101 extended allow host ip 192.168.2.142 all

access-list 101 extended allow host ip 192.168.2.180 all

access-list 101 extended allow host ip 192.168.2.149 all

access-list 101 extended allow host ip 192.168.2.201 all

access-list 101 extended allow host ip 192.168.2.170 all

access-list 101 extended allow host ip 192.168.2.168 all

access-list 101 extended allow host ip 192.168.2.103 everything

access-list 101 extended allow host ip 192.168.2.34 all

access-list 101 extended allow host ip 192.168.2.174 all

access-list 101 extended allow host ip 192.168.2.199 all

access-list 101 extended allow host ip 192.168.2.253 everything

access-list 101 extended allow host ip 192.168.2.236 all

access-list 101 extended allow host ip 192.168.2.214 all

access-list 101 extended allow host ip 192.168.2.110 everything

access-list 101 extended allow host ip 192.168.2.127 all

access-list 101 extended allow host ip 192.168.2.178 all

access-list 101 extended allow host ip 192.168.2.21 all

access-list 101 extended allow host ip 192.168.2.24 all

access-list 101 extended allow host ip 192.168.2.251 all

access-list 101 extended allow host ip 192.168.2.33 all

access-list 101 extended allow host ip 192.168.2.120 all

access-list 101 extended allow host ip 192.168.2.85 all

access-list 101 extended allow host ip 192.168.2.137 all

access-list 101 extended allow host ip 192.168.2.113 all

access-list 101 extended allow ip 192.168.2.20 host everything

access-list 101 extended allow host ip 192.168.2.101 everything

access-list 101 extended allow host ip 192.168.2.106 all

access-list 101 extended allow host ip 192.168.2.140 all

access-list 101 extended allow host ip 192.168.2.215 all

access-list 101 extended allow host ip 192.168.2.107 all

access-list 101 extended allow host ip 192.168.2.234 all

access-list 101 extended allow host ip 192.168.2.15 all

access-list 101 extended allow host ip 192.168.2.55 all

access-list 101 extended allow host ip 192.168.2.41 all

access-list 101 extended permit ip host 192.168.2.13 all

access-list 101 extended allow host ip 192.168.2.133 everything

access-list 101 extended allow host ip 192.168.2.73 all

access-list 101 extended allow host ip 192.168.2.172 all

access-list 101 extended allow host ip 192.168.2.175 all

access-list 101 extended allow host ip 192.168.2.88 all

access-list 101 extended allow host ip 192.168.2.188 all

access-list 101 extended allow host ip 192.168.2.136 all

access-list 101 extended allow host ip 192.168.2.74 all

access-list 101 extended allow host ip 192.168.2.12 everything

access-list 101 extended allow host ip 192.168.2.100 everything

access-list 101 extended allow host ip of 192.168.2.102 everything

access-list 101 extended allow host ip 192.168.2.152 all

access-list 101 extended allow ip 192.168.2.4 host everything

access-list 101 extended allow host ip 192.168.2.5 everything

access-list 101 extended allow host ip 192.168.2.6 everything

access-list 101 extended allow host ip 192.168.2.14 all

access-list 101 extended allow host ip 192.168.2.19 all

access-list 101 extended permit ip host 192.168.2.16 all

access-list 101 extended allow host ip 192.168.2.17 all

access-list 101 extended allow host ip 192.168.2.18 all

access-list 101 extended allow host ip 192.168.2.22 all

access-list 101 extended allow host ip 192.168.2.23 all

access-list 101 extended allow host ip 192.168.2.115 all

access-list 101 extended allow host ip 192.168.2.116 all

access-list 101 extended allow host ip 192.168.2.117 all

access-list 101 extended allow host ip 192.168.2.118 all

access-list 101 extended allow host ip 192.168.2.119 all

access-list 101 extended allow host ip 192.168.2.150 all

access-list 101 extended allow host ip 192.168.2.128 all

access-list 101 extended deny ip 192.168.2.0 255.255.255.0 any

access-list 101 extended allow ip 192.168.3.2 host everything

access-list 101 extended allow host ip 192.168.3.3 everything

access-list 101 extended permit ip host 192.168.3.4 everything

access-list 101 extended allow host ip 192.168.3.5 all

access-list 101 extended allow host ip 192.168.3.6 all

access-list 101 extended allow host ip 192.168.3.7 all

access-list 101 extended allow host ip 192.168.3.8 all

access-list 101 extended allow host ip 192.168.3.9 all

access-list 101 extended allow host ip 192.168.3.10 everything

access-list 101 extended allow host ip 192.168.3.11 all

access-list 101 extended allow host ip 192.168.3.12 all

access-list 101 extended allow host ip 192.168.3.13 all

access-list 101 extended allow host ip 192.168.3.14 all

access-list 101 extended allow host ip 192.168.3.15 everything

access-list 101 extended allow host ip 192.168.3.16 all

access-list 101 extended allow host ip 192.168.3.17 everything

access-list 101 extended allow host ip 192.168.3.18 all

access-list 101 extended allow host ip 192.168.3.19 all

access-list 101 extended allow host ip 192.168.3.20 everything

access-list 101 extended permit ip host 192.168.3.21 all

access-list 101 extended allow host ip 192.168.3.22 all

access-list 101 extended allow host ip 192.168.3.23 all

access-list 101 extended allow host ip 192.168.3.24 everything

access-list 101 extended allow host ip 192.168.3.25 all

access-list 101 extended allow host ip 192.168.3.26 all

access-list 101 extended allow host ip 192.168.3.27 all

access-list 101 extended allow host ip 192.168.3.28 all

access-list 101 extended allow host ip 192.168.3.29 all

access-list 101 extended allow host ip 192.168.3.30 all

access-list 101 extended allow host ip 192.168.3.31 all

access-list 101 extended allow host ip 192.168.3.32 all

access-list 101 extended allow host ip 192.168.3.33 all

access-list 101 extended allow host ip 192.168.3.34 all

access-list 101 extended allow host ip 192.168.3.35 all

access-list 101 extended allow host ip 192.168.3.36 all

access-list 101 extended allow host ip 192.168.3.37 all

access-list 101 extended allow host ip 192.168.3.38 all

access-list 101 extended allow host ip 192.168.3.39 all

access-list 101 extended allow host ip 192.168.3.40 all

access-list 101 extended allow host ip 192.168.3.41 all

access-list 101 extended allow host ip 192.168.3.42 all

access-list 101 extended allow host ip 192.168.3.43 all

access-list 101 extended allow host ip 192.168.3.86 all

access-list 101 extended allow host ip 192.168.3.88 all

access-list 101 extended allow host ip 192.168.3.89 all

access-list 101 extended allow host ip 192.168.3.56 all

access-list 101 extended allow host ip 192.168.3.55 all

access-list 101 extended allow host ip 192.168.3.96 all

access-list 101 extended allow host ip 192.168.3.97 all

access-list 101 extended allow host ip 192.168.3.98 all

access-list 101 extended allow host ip 192.168.3.116 all

access-list 101 extended allow host ip 192.168.3.111 all

access-list 101 extended allow host ip 192.168.3.175 all

access-list 101 extended allow host ip 192.168.3.176 all

access-list 101 extended allow host ip 192.168.3.201 all

access-list 101 extended allow host ip 192.168.3.202 all

access-list 101 extended allow host ip 192.168.3.203 all

access-list 101 extended allow host ip 192.168.3.204 all

access-list 101 extended allow host ip 192.168.3.205 all

access-list 101 extended allow host ip 192.168.3.206 all

access-list 101 extended allow host ip 192.168.3.207 all

access-list 101 extended allow host ip 192.168.3.208 all

access-list 101 extended allow host ip 192.168.3.209 all

access-list 101 extended allow host ip 192.168.3.210 all

access-list 101 extended allow host ip 192.168.3.213 all

access-list 101 extended allow host ip 192.168.3.214 all

access-list 101 extended allow host ip 192.168.3.215 all

access-list 101 extended allow host ip 192.168.3.101 all

access-list 101 extended allow host ip 192.168.3.102 all

access-list 101 extended allow host ip 192.168.3.103 all

access-list 101 extended allow host ip 192.168.3.106 all

access-list 101 extended allow host ip 192.168.3.107 all

access-list 101 extended allow host ip 192.168.3.152 all

access-list 101 extended allow host ip 192.168.3.151 all

access-list 101 extended allow host ip 192.168.3.153 all

access-list 101 extended allow host ip 192.168.3.195 all

access-list 101 extended allow host ip 192.168.3.45 all

access-list 101 extended allow host ip 192.168.3.46 all

access-list 101 extended allow host ip 192.168.3.199 all

access-list 101 extended allow host ip 192.168.3.157 all

access-list 101 extended refuse 192.168.3.0 ip 255.255.255.0 any

access-list 101 extended allow tcp a whole

access list 101 scope ip allow a whole

vpnclient_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0

2 extended access-list permit ip 192.168.2.0 255.255.255.0 any

3 extended access-list allow ip 192.168.3.0 255.255.255.0 any

4 extended access-list allow ip 192.168.4.0 255.255.255.0 any

access-list extended 500 k permit ip host XXX1 everything

access-list extended 500 k allow icmp host XXX1 everything

access-list 102 extended allow host ip 192.168.1.6 everything

access-list extended 100 permit tcp any host 192.168.1.1 eq www

access-list extended 100 permit tcp any host 192.168.1.1 eq 8080

access-list extended 100 permit tcp any host X.X.X.4

access-list extended 100 permit ip any host X.X.X.4

access-list extended 100 permit icmp any host X.X.X.4

access-list extended 100 permit tcp any host 192.168.1.6 eq smtp

access-list extended 100 permit tcp any host 192.168.1.6 eq pop3

access-list extended 100 permit tcp any host 192.168.1.6 eq www

access-list extended 100 permit tcp any host 192.168.1.6

access-list 100 scope ip allow any host 192.168.1.6

access-list extended 100 permit icmp any host 192.168.1.6

access-list extended 100 permit tcp any host 192.168.1.19 eq 3389

access-list extended 100 permit tcp any host 192.168.1.20 eq 3389

access-list extended 100 permit tcp any host 192.168.1.88 eq 3389

access-list extended 100 permit tcp any host X.X.X.12

access-list extended 100 permit ip any host X.X.X.12

access-list extended 100 permit icmp any host X.X.X.12

access-list extended 100 permit tcp any host 192.168.1.6 eq 8086

access-list extended 100 permit tcp any host 192.168.1.1 eq 3389

access-list extended 100 permit tcp any host 192.168.1.6 eq 3389

access-list extended 100 permit tcp any host 192.168.1.6 eq ftp

access-list extended 100 permit tcp any host 192.168.1.6 eq ftp - data

access-list extended 100 permit tcp any host 192.168.2.88 eq 3389

access-list extended 100 permit tcp any host 192.168.2.88 eq 12172

access-list extended 100 permit tcp any host 192.168.2.2 eq 3389

access-list extended 100 permit tcp any host 192.168.2.2 eq 9116

access-list extended 100 permit tcp any host 192.168.3.2 eq 25243

access-list extended 100 permit tcp any host 192.168.3.2 eq 3389

access-list extended 100 permit tcp any host 192.168.1.200 eq www

access-list extended 100 permit tcp any host 192.168.1.200 eq 12001

access-list extended 100 permit tcp any host 192.168.1.30 eq 3389

access-list extended 100 permit tcp any host 192.168.3.5 eq 4160

access-list extended 100 permit tcp any host 192.168.3.5 eq 11111

access-list extended 100 permit tcp any host 192.168.3.5 eq 3389

access-list extended 100 permit tcp any host X.X.X.10

access-list extended 100 permit udp any host 192.168.2.88 eq 12172

access-list extended 100 permit udp any host 192.168.2.2 eq 9116

access-list extended 100 permit udp any host 192.168.3.2 eq 25243

access-list extended 100 permit udp any host 192.168.3.5 eq 4170

access-list extended 100 permit udp any host 192.168.3.5 eq 11111

access-list extended 100 permit ip any host X.X.X.10

access-list extended 100 permit tcp any host 192.168.1.6 eq 8087

access-list extended 100 permit tcp any host X.X.X.9

access-list extended 100 permit ip any host X.X.X.9

access-list extended 100 permit tcp any host 192.168.1.30 eq www

access-list extended 100 permit tcp any host X.X.X.5

access-list extended 100 permit ip any host X.X.X.5

access-list extended 100 permit icmp a whole

access-list extended 100 permit tcp any host 192.168.1.6 eq 8088

access-list extended 100 permit ip any host X.X.X.6

access-list extended 100 permit tcp any host X.X.X.6

access list extended 100 permit tcp host 61.186.169.129 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 61.186.169.129 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 61.186.169.129 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 61.186.169.129 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 61.186.169.129 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 61.186.169.130 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 61.186.169.130 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 61.186.169.130 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 61.186.169.130 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 61.186.169.130 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 61.186.169.131 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 61.186.169.131 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 61.186.169.131 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 61.186.169.131 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 61.186.169.131 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 61.186.169.132 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 61.186.169.132 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 61.186.169.132 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 61.186.169.132 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 61.186.169.132 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 61.186.169.133 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 61.186.169.133 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 61.186.169.133 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 61.186.169.133 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 61.186.169.133 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 61.186.169.129 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 61.186.169.130 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 61.186.169.131 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 61.186.169.132 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 61.186.169.133 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 61.186.169.129 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 61.186.169.130 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 61.186.169.131 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 61.186.169.132 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 61.186.169.133 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 183.64.106.194 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 183.64.106.194 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 183.64.106.194 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 183.64.106.194 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 183.64.106.194 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 183.64.106.194 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 183.64.106.194 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 183.64.106.195 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 183.64.106.195 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 183.64.106.195 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 183.64.106.195 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 183.64.106.195 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 183.64.106.195 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 183.64.106.195 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 14.107.162.32 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 14.107.162.32 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 14.107.162.32 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 14.107.162.32 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 14.107.162.32 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 14.107.162.32 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 14.107.162.32 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 14.107.247.121 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 14.107.247.121 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 14.107.247.121 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 14.107.247.121 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 14.107.247.121 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 14.107.247.121 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 14.107.247.121 X.X.X.2 time-range k3used

access list extended 100 permit tcp host 61.128.208.106 host 192.168.1.2 eq 5872 times-range k3used

access list extended 100 permit tcp host 61.128.208.106 host 192.168.1.2 eq 8088 times-range k3used

access list extended 100 permit tcp host 61.128.208.106 host 192.168.1.2 eq 3389 times-range k3used

allowed extended access list 100 tcp host 61.128.208.106 host 192.168.1.19 eq www time-range k3used

access-list extended 100 permit tcp host 61.128.208.106 X.X.X.2 time-range k3used

access-list extended 100 permit ip host 61.128.208.106 X.X.X.2 time-range k3used

access-list extended 100 permit icmp host 61.128.208.106 X.X.X.2 time-range k3used

access-list 100 extended tcp refuse any host 192.168.1.2 eq 5872

access-list 100 extended tcp refuse any host 192.168.1.2 eq 8088

access-list 100 extended tcp refuse any host 192.168.1.2 eq 3389

access-list 100 extended tcp refuse any host 192.168.1.19 eq www

access-list 100 extended tcp refuse any host X.X.X.2

access-list extended 100 deny ip any host X.X.X.2

access-list extended 100 refuse icmp any host X.X.X.2

pager lines 24

Outside 1500 MTU

Within 1500 MTU

management of MTU 1500

IP local pool 192.168.200.1 - 192.168.200.20 mask 255.255.255.0 vpn_pool

ICMP unreachable rate-limit 1 burst-size 1

don't allow no asdm history

ARP timeout 14400

NAT (inside, all) source static obj - obj - 192.168.1.0 destination 192.168.1.0 static obj - 192.168.200.0 obj - 192.168.200.0 non-proxy-arp

NAT (inside, all) source static obj - 192.168.200.0 obj - 192.168.200.0 destination static obj - 192.168.1.0 obj - 192.168.1.0 non-proxy-arp

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.3 service obj-tcp-source-eq-25 obj-tcp-source-eq-25

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.3 service obj-tcp-source-eq-110 obj-tcp-source-eq-110

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-8086 obj-tcp-source-eq-80

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-3389 obj-tcp-source-eq-9877

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-21 obj-tcp-source-eq-21

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-20 obj-tcp-source-eq-20

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.9 service obj-tcp-source-eq-8087 obj-tcp-source-eq-80

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.6 service obj-tcp-source-eq-8088 obj-tcp-source-eq-80

NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.3 service obj-tcp-source-eq-80 obj-tcp-source-eq-80

NAT (inside, outside) source dynamic obj - 192.168.1.6 obj - X.X.X.3

network object obj - 192.168.1.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.200.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.1.2

NAT (inside, outside) Static X.X.X.2 5872 5872 tcp service

network object obj - 192.168.1.2 - 01

NAT (inside, outside) Static X.X.X.2 8088 8088 tcp service

network object obj - 192.168.1.19

NAT (inside, outside) Static X.X.X.12 tcp 3389 8001 service

network object obj - 192.168.1.20

NAT (inside, outside) Static X.X.X.12 tcp 3389 8002 service

network object obj - 192.168.1.88

NAT (inside, outside) Static X.X.X.12 tcp 3389 12345 service

network object obj - 192.168.1.1

NAT (inside, outside) Static X.X.X.4 tcp www www service

network object obj - 192.168.1.2 - 02

NAT (inside, outside) Static X.X.X.2 service tcp 3389 8005

network object obj - 192.168.1.1 - 01

NAT (inside, outside) Static X.X.X.10 tcp 3389 9876 service

network object obj - 192.168.2.88

NAT (inside, outside) Static X.X.X.10 tcp 3389 3129 service

network object obj - 192.168.2.88 - 01

NAT (inside, outside) Static X.X.X.10 12172 12172 tcp service

network object obj - 192.168.2.88 - 02

NAT (inside, outside) Static X.X.X.10 service udp 12172 12172

network object obj - 192.168.1.19 - 01

NAT (inside, outside) Static X.X.X.2 service tcp www 8056

network object obj - 192.168.2.2

NAT (inside, outside) Static X.X.X.10 3389 3128 tcp service

network object obj - 192.168.2.2 - 01

NAT (inside, outside) Static X.X.X.10 9116 9116 tcp service

network object obj - 192.168.2.2 - 02

NAT (inside, outside) Static X.X.X.10 service udp 9116 9116

network object obj - 192.168.3.2

NAT (inside, outside) Static X.X.X.10 25243 25243 tcp service

network object obj - 192.168.3.2 - 01

NAT (inside, outside) Static X.X.X.10 service udp 25243 25243

network object obj - 192.168.3.2 - 02

NAT (inside, outside) Static X.X.X.10 tcp 3389 3130 service

network object obj - 192.168.1.200

NAT (inside, outside) Static X.X.X.10 service tcp www 1114

network object obj - 192.168.1.200 - 01

NAT (inside, outside) Static X.X.X.10 12001 12001 tcp service

network object obj - 192.168.1.30

NAT (inside, outside) Static X.X.X.5 tcp www www service

network object obj - 192.168.1.30 - 01

NAT (inside, outside) Static X.X.X.10 tcp 3389 9878 service

network object obj - 192.168.1.1 - 02

NAT (inside, outside) Static X.X.X.4 8080 8080 tcp service

network object obj - 192.168.3.5

NAT (inside, outside) Static X.X.X.10 4160 4160 tcp service

network object obj - 192.168.3.5 - 01

NAT (inside, outside) Static X.X.X.10 service udp 4170 4170

network object obj - 192.168.3.5 - 02

NAT (inside, outside) Static X.X.X.10 11111 11111 tcp service

network object obj - 192.168.3.5 - 03

NAT (inside, outside) Static X.X.X.10 tcp 3389 3127 service

network object obj - 192.168.3.5 - 04

NAT (inside, outside) Static X.X.X.10 11111 11111 udp service

network object obj - 192.168.2.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.3.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.4.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.5.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.6.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.7.0

NAT dynamic interface (indoor, outdoor)

network object obj - 192.168.8.0

NAT dynamic interface (indoor, outdoor)

Access-group 100 in external interface

Access-group 101 in the interface inside

Route outside 0.0.0.0 0.0.0.0 X.X.X.14 1

Route inside 192.168.2.0 255.255.255.0 192.168.1.12 1

Route inside 192.168.3.0 255.255.255.0 192.168.1.12 1

Route inside 192.168.4.0 255.255.255.0 192.168.1.12 1

Route inside 192.168.5.0 255.255.255.0 192.168.1.12 1

Route inside 192.168.6.0 255.255.255.0 192.168.1.12 1

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

Floating conn timeout 0:00:00

dynamic-access-policy-registration DfltAccessPolicy

identity of the user by default-domain LOCAL

Enable http server

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

Crypto ipsec transform-set esp - esp-md5-hmac ikev1 vpn_set

Crypto-map dynamic vpn_map 10 set transform-set vpn_set ikev1

Crypto-map dynamic vpn_map 10 the value reverse-road

vpnmap 10 card crypto ipsec-isakmp dynamic vpn_map

vpnmap interface card crypto outside

Crypto ikev1 allow outside

IKEv1 crypto policy 1

preshared authentication

the Encryption

md5 hash

Group 2

life 86400

IKEv1 crypto policy 65535

preshared authentication

3des encryption

sha hash

Group 2

life 86400

Telnet 0.0.0.0 0.0.0.0 inside

Telnet 192.168.1.0 255.255.255.0 inside

Telnet timeout 5

SSH 0.0.0.0 0.0.0.0 outdoors

SSH timeout 30

SSH version 1

Console timeout 0

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

Server NTP 192.43.244.18

internal group vpnclient strategy

vpnclient group policy attributes

value of server DNS 61.128.128.68

Ikev1 VPN-tunnel-Protocol

Split-tunnel-policy tunnelspecified

value of Split-tunnel-network-list vpnclient_splitTunnelAcl

cisco 3USUcOPFUiMCO4Jk encrypted password username

type tunnel-group vpn_group remote access

tunnel-group vpn_group General-attributes

address vpn_pool pool

Group Policy - by default-vpnclient

vpn_group group of tunnel ipsec-attributes

IKEv1 pre-shared-key *.

class-map 500 k

matches the access list 500 k

class-map inspection_default

match default-inspection-traffic

class-map 2

matches the access list 2

PAM-class 3

matches the access list 3

class-map 4

corresponds to the list of access-4

type of policy-card inspect dns preset_dns_map

parameters

maximum message length automatic of customer

message-length maximum 512

Policy-map global_policy

class inspection_default

inspect the preset_dns_map dns

inspect the ftp

inspect h323 h225

inspect the h323 ras

Review the ip options

inspect the netbios

inspect the rsh

inspect the rtsp

inspect the skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect the tftp

inspect the sip

inspect xdmcp

Policy-map 500 k

500 k class

Policy-map 2

class 2

class 3

class 4

global service-policy global_policy

context of prompt hostname

remote anonymous reporting call invites 2

call-home

Profile of CiscoTAC-1

no active account

http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

email address of destination [email protected] / * /

destination-mode http transport

Subscribe to alert-group diagnosis

Subscribe to alert-group environment

Subscribe to alert-Group 13 monthly periodic inventory

Subscribe to alert-group configuration periodic monthly 13

daily periodic subscribe to alert-group telemetry

Cryptochecksum:ecead54d7c85807eb47c7cdaf7d7e82a

: end

ciscoasa# $

ciscoasa #.

Hello

You have changed the source IP address of the order I suggested?

There is no reason to use the 192.168.1.1 IP address as the source of this command "packet - trace" that the source will NEVER be this IP address, because it is a private IP not routable on the public Internet.

Then you can try with the order I suggested.

entry Packet-trace out tcp 1.1.1.1 12345 61.186.236.4 80

I guess that the above command / test failed because you were using the real server IP address as the IP source for the test.

-Jouni

Tags: Cisco Security

asa5512 V8.6 nat web server cannot access

Similar Questions

Maybe you are looking for