Need help using the access list blocking a single IP address

Basically, I'm being attacked by a massive spammer. I managed to deny him access to our mail server, however, his repeated attempts to connect to the same server is in our file of e-mail magazine. What I want to do is set up a block for its specific IP address in our 2621 router. I tried a few different combinations using access-list, but nothing helped. Can anyone suggest something? Thank you!

Joe

Joe,

If you know that the attack came from a particular ip address, you can create an extended access list and deny that IP.

access-list 101 deny ip host host of attacker_ip_address e-mail_server_ip

If the source ip address is random then you must put a sniffer or take a look in the syslog to see if there are any model ID as a string. You can then configure NBAR on the router to mark the package and then drop the packets.

Here is a link that explains the procedure:

http://www.Cisco.com/en/us/NetSol/ns110/ns170/ns171/ns128/networking_solutions_white_paper09186a008009c8ad.shtml

Thank you

Renault

Tags: Cisco Security

Similar Questions

New to pix, need help with "debug access list of all the" command

I have a pix 515 v6.3. I am tring to use then "debug access list of all the" command to see what traffic is stopped by my access list. However, I don't get any output. I turn execution of the command, but nothing happens. Other debug commands give the console. Perhaps, I do not understand what "debug to access list of all the" is used for. Any help that can be provided would be greatly appreciated.

Tim

Also try following the commands of logging

LOGG on

LOGG buff 7

term Lun

M.

I need help using the target path tool

Hi all
I realize that I need to keep all my code in the main storyline, so now I need serious help with targeting movieclips and buttons, when I use the target path tool (the viewfinder in the action script Panel) it allows me to navigate to the thing I want, but when I use his suggestion it very often does not work , and I find myself using trial and error to get by. ICAN get stuff to work, but I really have no idea why or how I do it, sorry to be a N00B, but I really think that if I can work that I get somwhere.
See you soon
void

subtlefly72 wrote:

Thanks kglad,.

OK, this is essentially what I did, but its been a bit hit and Miss, but maybe now, I can't see why, your last sentence

of course, all of these objects have which existed at the time your code runs.

So if I'm making refers to something within a mc and it does not exist on the first image, there will be an error?

exactly.

also, what is this. Object() and Object (parent)?

I have to be the use of these?

not when using the code on the main timeline. "This" refers to the current scope, which is for the code in the main storyline, the main timeline. What follows is the same:

This.MC and mc

This.var1 and var1

And again, I want to know why the target tool gives me a path that does not work?

I can't tell you much about the tool to the target. I never used it. but I tried to test this afternoon and it seems to work fine to target a nested movieclip. again, you must ensure that this object exists when your code runs so if you're targeting something on the frame 2 (or more) of a movieclip using the code on frame 1 of the main timeline, the reference may be correct, but the object does not exist when your code runs. There are a number of ways to handle this, if this is your main problem.

Need help using the tabs of the apex to the universal theme.

I tried using the enkitec boards to create tabs in page apex.
But I'm unsucessfull and I used the apex as the version 5.
The theme that I use is universal theme.
https://www.enkitec.com/Apex/f?p=15300:30310:0:
Also I'm tired the method too to create tabs below
Creation of a region of the tab within a page in the APEX
It's like
In the HTML header, I'll add the code below
```
<link rel="stylesheet" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/themes/redmond/jquery-ui.css" type="text/css" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"> </script> <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.js"> </script> <script type="text/javascript"> $(function() {    $("#tabs").tabs();    $x("tabs").appendChild( $x("tabs-1"));    $x("tabs").appendChild( $x("tabs-2")); }); </script>
```
Then I'll create 3 region.
Region 1 > > > create a HTML region (REGION MODEL = MODEL number) and add the code below in the SOURCE of the REGION
```
<div id="tabs"> <ul>    <li><a href="#tabs-1">Employee</a></li>    <li><a href="#tabs-2">Chart</a></li> </ul> </div>
```
Region 2 > > > create HTML region... Add two fields to the region now, edit the region
Add the code below in the header of the region to REGION 2
```
<div id="tabs-1">
```
Add the code below in the bottom of the region to REGION 2
```
</div>
```
Region 3 > > > create HTML region... Add two fields to the region now, edit the region
Add the code below in the header of the REGION 3 region
```
<div id="tabs-2">
```
Add the code below in the bottom of the REGION 3 region
```
</div>
```
Example: http://Apex.Oracle.com/pls/Apex/f?p=12060:7
I used exactly the same code... except that my region 2 contains a REPORT instead of two text field and region 3 GRAPHICS instead of text field.
Kind regards
Shijesh
-------
Please reward the answer if it was useful / correct

I used the enkitecs method to create tabs.
Tabs have been created, but the fields were visible inside.
Will soon be replicating the scenario of apex.oracle.com
Maybe someone can help.
At the same time if there is no easy way to create tabs in apex page please let me know.
Thank you
Paul

Hi pauljohny100,

pauljohny100 wrote:

I'd like to learn more about the region view selector

You have a good resource on it.

Selector display region is type of region, which shows the navigation links in the form of hyperlinks button for regions where the attributes of the region-> region selector display are set to Yes. Œuvres similar to jQuery tabs.

Reference: ApEx 4.0 region selector | iAdvise blog (it's blog when it was introduced first in APEX 4.0)

I have not found any Oracle Documentation on this, but it's taken APEX oracle supported the region type.

You will find that this implemented in various packaged for example P-Track applications.

Kind regards

Kiran

I need help with the updates listed below

I tried several times to install updates as follows: KB 2468871 KB 2533523 for my Vista SP2 program with a 32-bit and I get the error message 643 / I use Chrome most of the time, but I also have IE.

You're certainly not alone...

You can try to repair the .NET Framework 4 and if that doesn't work, download updates relevant manually and install the same.

To repair the .NET Framework 4 Client Profile or .NET Framework 4 extended etc. -.

·         Click on start/Orb and click on Control Panel.

·         Go to the program and features.

·         Locate the Microsoft.Net Framework 4 Client Profile or .NET Framework 4 extended, right-click.

·         You should have the choice to repair or uninstall/change, click it.

·         This will then give you the opportunity to fix it

·         Select the repair option.

Manual download of updates (just search for the most relevant to your problem)

1. http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27017 (KB2539636)
2. http://www.microsoft.com/download/en/details.aspx?id=3556 (KB2468871)
3. http://www.microsoft.com/download/en/details.aspx?id=27014 (KB2533523)

Make sure you download the one appropriate for your system.

http://support.Microsoft.com/kb/827218

Install as administrator.

Addition, it is rather a big discussion here:

http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7-windows_update/Windows-update-fails-to-install-updates-kb2539636/039d7c34-5e25-4cbe-bc47-e0620a6d5b7e

Need help, use the control Timer my application does not start

Hello guys

I have problems, follow the example signals and Slots, but when my application is running, it does not start.

If I delete all the code that deals with the Timer control, it's working again, my theory is that the CustomTimer library does not stunts

Can you help me?

Thank you very much

My guess is many people have followed this during the first startup, I certainly did and it worked for me.

It's probably something simple, missed, without seeing your code it's going to be difficult to diagnose.

My first advice is always to check the log and see if messages are coming that may be related.

Need help using the intersect tool (Adobe Illustrator CS5)

Currently, I'm learning to do a Fox in Adobe Illustrator CS5 a tutorial online, however the intersect tool in the area of pathfinder does not work the way I want. I have two pieces of the tail I'd like to set up to aid intersect, but it keeps cutting it incorrectly. Here's what it looks like before and after clicking on intersect:

After:

However, I tried to cut the end of the runway so that it looks like this:

Someone please help and explain what I am doing wrong, the answers will be greatly appreciated. I choose the tail and the end of the tail, but when I type intersect, the tail basically everything disappears.

There is always an effect applied to the tail. You must first expand appearance (in the menu object)

need help using the file .bin as floppy

Hi all
I have a file with the '.bin' extension, and I want to use it in the virtual floppy drive but not able to find the appropriate way to do it in vmware.
as vmware accepts .flp or .img format, how can I convert my file in .bin format into the format?
my host is windows without a floppy drive.
Please suggest some suitable loophole.
Thank you
Abhishek

progress
I develop the flp to the size set with this command fsz.exe redboot.flp 1474560

then I start the virtual machine, but it hangs as it did until I expanded the flp.
So I doubt that the flp size is important.

Then I looked... empty error message.
Then, I created a VM with guestOS = 'other '.
has no IDE vontrollers - this time, it starts and no longer crashes

I was even able to assign an IP address and ping the VM - do not know if she can do anything whatsoever for further testing?

Need help using the count on the service
I have the following query

Select student_id, OM, TP, TM (rownum) count on PS (order by desc OM) of
(select
ER.student_id, sum (er.obtained_marks) OM, sum (ds.max_marks) TM,
TO_CHAR(sum(er.obtained_marks)/sum(DS.max_marks)*100,'990.00') TP
Of
tbl_exam_results er, tbl_date_sheet ds
where
DS.date_sheet_id = er.date_sheet_id and ds.class_id = 77 and ds.exam_id = 3 and ds.session_id = 1 group er.student_id
)

results in

< div style = "width: 889px" > < div class = "fielddata" > < div > ""

< div > STUDENT_ID OM TM TP PS
1825 291 300 97.00 1
3717 290 300 96,67 2
2122 289 300 96.33 3
3396 287 300 95.67 {color: #ff6600} * 5 & lt;-* {color}
4554 287 300 95.67 {color: #ff6600} * 5 & lt;-* {color}
1847 281 300 93,67 6
1789 279 300 93,00 7
5254 277 300 92,33 8
1836 258 300 86,00 9
4867 250 260 96,15 10
1786-249-300 83.00 11
4659 245 300 81,67 12
1835 241 300 80.33 * {color: #ff6600} 15 & lt;--{couleur} *.
1172 241 270 89.26* {color: #ff6600} 15 & lt;--{couleur} *.
3696 241 300 80.33 * {color: #ff6600} 15 & lt;--{couleur} *.
3865 234 300 78,00 16
5912 215 300 71,67 17
5913 204 300 68.00 * {color: #ff6600} 19 & lt;--{couleur} *.
3591 204 300 68.00 * {color: #ff6600} 19 & lt;--{couleur} *.
1830 184 250 73,60 20
< / div >
< / div >
< / div >
< / div >
< div style = "width: 889px" > < div class = "fielddata" > < div > ""
But I want to like this

< div > STUDENT_ID OM TM TP PS
1825 291 300 97.00 1
3717 290 300 96,67 2
2122 289 300 96.33 3
3396 287 300 95.67 * {color: #ff6600} 4 & lt; = {color}
4554 287 300 95.67 * {color: #ff6600} 4 & lt; = {color}
1847 281 300 93,67 {color: #ff6600} 5 the following entry {color}
1789 279 300 93,00 6
5254 277 300 92,33 7
1836 258 300 86,00 8
4867 250 260 96,15 9
1786-249-300 83.00 10
4659 245 300 81,67 11
1835 241 300 80.33 {color: #ff6600} * 12 & lt; = * {color}
1172 241 270 89,26 {color: #ff6600} * 12 & lt; = * {color}
3696 241 300 80.33 {color: #ff6600} * 12 & lt; = * {color}
3865 234 300 78,00 {color: #ff6600} 13 the following entry {color}
5912 215 300 71,67 14
5913 204 300 68.00 * {color: #ff6600} 15 & lt; = {color}
3591 204 300 68.00 * {color: #ff6600} 15 & lt; = {color}
1830 184 250 73,60 {color: #ff6600} 16 {color} {color: #ff6600} the following entry {color}

< / div >
Thanks in advance for any help
< / div >
< / div >
< / div >
< div style = "width: 889px" > < / div >
Published by: sabir786 on January 14, 2009 04:13

Published by: sabir786 on January 14, 2009 04:17
As I said earlier, I think the OP is after dense_rank:
```
WITH t AS (SELECT 1 om FROM dual UNION ALL
           SELECT 2 FROM dual UNION ALL
           SELECT 3 FROM dual UNION ALL
           SELECT 4 FROM dual UNION ALL
           SELECT 4 FROM dual UNION ALL
           SELECT 5 FROM dual)
SELECT om, COUNT(rownum) OVER (ORDER BY om) ps, dense_rank() over (order by om) ps2
FROM t;

OM     PS     PS2
1     1     1
2     2     2
3     3     3
4     5     4
4     5     4
5     6     5
```

ThinkPad E530: Need help using the Windows 7 recovery partition

Nice day.

Everything I've read, so far, is that it is not possible to do something with the remnants of the recovery partition now that Windows 10 'touched' the system.

A way to return to your original OEM image would be to contact the applicant recovery DVD and Support (info below). There may be a cost of handling.

Kind regards.

Need help using the structure of the case

I was wondering how to control a structure case if the condition is false. I tried to define if the entered string matches perform multiplication, or else if the input string is not just matches to retain the previous value. Directly to say take no action if the input string does not match.

-lucky.

Thank you much for the local variable solved my problem...

-lucky

Need help using the Back button

Is there a way to make the BB built to the "back" button go to the index.html screen and not just the last. I remember well seen this somewhere, but I've searched and searched and cannot find anywhere.
Thank you.
```
blackberry.system.event.onHardwareKey(blackberry.system.event.KEY_BACK,
    function() {
   window.parent.location.href='index.html';
   return false;
});
```
and in the config.xml file:

Satellite Pro A300-15V, I need help in the Organization of my startup list

Hello everyone!

I need help in the Organization of my startup list:

(Why should Toshiba button support I this program if my laptop doesn't have multimedia keys? OR maybe this program for something else?)
ItSecMng (although I have disabled the Bluetooth Manager to run when starting from this point still remains in the startup)
Agent of filtering of Audio Conexant high definition (what is this program? Do I really need to start?)
TOSHIBA Power Saver
Toshiba Flash Cards
RAID event monitor

So, my friends. Could you give a valuable suggestion whether or not it is prudent to disable startup above entries? I want to speed up my laptop at the highest possible level.

Thanks a lot for your time!

Kind regards
Osman.

My laptop:

Toshiba Satellite Pro A300-15V (PSAJ5E) => NOT have multimedia keys except the FN keys.

> Toshiba Button support (why should I this program if my laptop doesn't have multimedia keys? OR maybe this program for something else?)
You can disable it. If your mobile phone does not support the multimedia buttons then this tool is useless.

> ItSecMng (although I have disabled the Bluetooth Manager to run when starting from this point still remains in the startup)
I don't know what would make this process, but you can disable this in msconfig-> tab start Mr. If it would take in the future, then you could turn it on again.

> Agent of filtering the Conexant high definition Audio (what is this program? Do I really need to start?)
I think that this is necessary. It could improve your audio

> Toshiba Power Saver
This is important. It s an additional saving of Toshiba option for Win 7

> Toshiba Flash Cards
This tool controls the FN keys.

> RAID Event Monitor
Hmm so you don t have two hard disks, then you can try to disable it too.

I used up to the allocation for the region 1 & 2 DVD for help. stuck on region 1 now. I need to use the two regions for my DVD. Help, please. Beryl

I used up to the allocation for the region 1 & 2 DVD for help. Stuck on region 1 now. I need to use the two regions for my DVD. Help, please. Beryl.

It isn't a MS solution, there are solutions to third parties not supported by MS

Need help with the configuration of the Site with crossed on Cisco ASA5510 8.2 IPSec VPN Client (1)

Need urgent help in the configuration of the Client VPN IPSec Site with crossed on Cisco ASA5510 - 8.2 (1).

Here is the presentation:

There are two leased lines for Internet access - a route 1.1.1.1 and 2.2.2.2, the latter being the default Standard, old East for backup.

I was able to configure the Client VPN IPSec Site

(1) with access to the outside so that the internal network (172.16.0.0/24) behind the asa

(2) with Split tunnel with simultaneous assess internal LAN and Internet on the outside.

But I was not able to make the tradiotional model Hairpinng to work in this scenario.

I followed every possible suggestions made on this subject in many topics of Discussion but still no luck. Can someone help me here please?

Here is the race-Conf with Normal Client to Site IPSec VPN configured with no access boarding:

LIMITATION: Cannot boot into any other image ios for unavoidable reasons, must use 8.2 (1)

race-conf - Site VPN Customer normal work without internet access/split tunnel
: ASA Version 8.2 (1) ! ciscoasa hostname domain cisco.campus.com enable the encrypted password xxxxxxxxxxxxxx XXXXXXXXXXXXXX encrypted passwd names of ! interface GigabitEthernet0/0 nameif outside internet1 security-level 0 IP 1.1.1.1 255.255.255.240 ! interface GigabitEthernet0/1 nameif outside internet2 security-level 0 IP address 2.2.2.2 255.255.255.224 ! interface GigabitEthernet0/2 nameif dmz interface security-level 0 IP 10.0.1.1 255.255.255.0 ! interface GigabitEthernet0/3 nameif campus-lan security-level 0 IP 172.16.0.1 255.255.0.0 ! interface Management0/0 nameif CSC-MGMT security-level 100 the IP 10.0.0.4 address 255.255.255.0 ! boot system Disk0: / asa821 - k8.bin boot system Disk0: / asa843 - k8.bin passive FTP mode DNS server-group DefaultDNS domain cisco.campus.com permit same-security-traffic inter-interface permit same-security-traffic intra-interface object-group network cmps-lan the object-group CSC - ip network object-group network www-Interior object-group network www-outside object-group service tcp-80 object-group service udp-53 object-group service https object-group service pop3 object-group service smtp object-group service tcp80 object-group service http-s object-group service pop3-110 object-group service smtp25 object-group service udp53 object-group service ssh object-group service tcp-port port udp-object-group service object-group service ftp object-group service ftp - data object-group network csc1-ip object-group service all-tcp-udp access list INTERNET1-IN extended permit ip host 1.2.2.2 2.2.2.3 access-list extended SCC-OUT permit ip host 10.0.0.5 everything list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq www list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any https eq list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq ssh list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 no matter what eq ftp list of access CAMPUS-LAN extended permitted udp 172.16.0.0 255.255.0.0 no matter what eq field list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq smtp list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq pop3 access CAMPUS-wide LAN ip allowed list a whole access-list CSC - acl note scan web and mail traffic access-list CSC - acl extended permit tcp any any eq smtp access-list CSC - acl extended permit tcp any any eq pop3 access-list CSC - acl note scan web and mail traffic access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 993 access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq imap4 access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 465

race-conf - Site VPN Customer normal work without internet access/split tunnel

ASA Version 8.2 (1)

ciscoasa hostname

domain cisco.campus.com

enable the encrypted password xxxxxxxxxxxxxx

XXXXXXXXXXXXXX encrypted passwd

names of

interface GigabitEthernet0/0

nameif outside internet1

security-level 0

IP 1.1.1.1 255.255.255.240

interface GigabitEthernet0/1

nameif outside internet2

security-level 0

IP address 2.2.2.2 255.255.255.224

interface GigabitEthernet0/2

nameif dmz interface

security-level 0

IP 10.0.1.1 255.255.255.0

interface GigabitEthernet0/3

nameif campus-lan

security-level 0

IP 172.16.0.1 255.255.0.0

interface Management0/0

nameif CSC-MGMT

security-level 100

the IP 10.0.0.4 address 255.255.255.0

boot system Disk0: / asa821 - k8.bin

boot system Disk0: / asa843 - k8.bin

passive FTP mode

DNS server-group DefaultDNS

domain cisco.campus.com

permit same-security-traffic inter-interface

permit same-security-traffic intra-interface

object-group network cmps-lan

the object-group CSC - ip network

object-group network www-Interior

object-group network www-outside

object-group service tcp-80

object-group service udp-53

object-group service https

object-group service pop3

object-group service smtp

object-group service tcp80

object-group service http-s

object-group service pop3-110

object-group service smtp25

object-group service udp53

object-group service ssh

object-group service tcp-port

port udp-object-group service

object-group service ftp

object-group service ftp - data

object-group network csc1-ip

object-group service all-tcp-udp

access list INTERNET1-IN extended permit ip host 1.2.2.2 2.2.2.3

access-list extended SCC-OUT permit ip host 10.0.0.5 everything

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq www

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any https eq

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq ssh

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 no matter what eq ftp

list of access CAMPUS-LAN extended permitted udp 172.16.0.0 255.255.0.0 no matter what eq field

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq smtp

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq pop3

access CAMPUS-wide LAN ip allowed list a whole

access-list CSC - acl note scan web and mail traffic

access-list CSC - acl extended permit tcp any any eq smtp

access-list CSC - acl extended permit tcp any any eq pop3

access-list CSC - acl note scan web and mail traffic

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 993

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq imap4

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 465

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq www

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq https

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq smtp

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq pop3

access-list extended INTERNET2-IN permit ip any host 1.1.1.2

access-list sheep extended ip 172.16.0.0 allow 255.255.0.0 172.16.0.0 255.255.0.0

access list DNS-inspect extended permit tcp any any eq field

access list DNS-inspect extended permit udp any any eq field

access-list extended capin permit ip host 172.16.1.234 all

access-list extended capin permit ip host 172.16.1.52 all

access-list extended capin permit ip any host 172.16.1.52

Capin list extended access permit ip host 172.16.0.82 172.16.0.61

Capin list extended access permit ip host 172.16.0.61 172.16.0.82

access-list extended capout permit ip host 2.2.2.2 everything

access-list extended capout permit ip any host 2.2.2.2

Access campus-lan_nat0_outbound extended ip 172.16.0.0 list allow 255.255.0.0 192.168.150.0 255.255.255.0

pager lines 24

Enable logging

debug logging in buffered memory

asdm of logging of information

Internet1-outside of MTU 1500

Internet2-outside of MTU 1500

interface-dmz MTU 1500

Campus-lan of MTU 1500

MTU 1500 CSC-MGMT

IP local pool 192.168.150.2 - 192.168.150.250 mask 255.255.255.0 vpnpool1

IP check path reverse interface internet2-outside

IP check path reverse interface interface-dmz

IP check path opposite campus-lan interface

IP check path reverse interface CSC-MGMT

no failover

ICMP unreachable rate-limit 1 burst-size 1

ASDM image disk0: / asdm - 621.bin

don't allow no asdm history

ARP timeout 14400

interface of global (internet1-outside) 1

interface of global (internet2-outside) 1

NAT (campus-lan) 0-campus-lan_nat0_outbound access list

NAT (campus-lan) 1 0.0.0.0 0.0.0.0

NAT (CSC-MGMT) 1 10.0.0.5 255.255.255.255

static (CSC-MGMT, internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255

Access-group INTERNET2-IN interface internet1-outside

group-access INTERNET1-IN interface internet2-outside

group-access CAMPUS-LAN in campus-lan interface

CSC-OUT access-group in SCC-MGMT interface

Internet2-outside route 0.0.0.0 0.0.0.0 2.2.2.5 1

Route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-registration DfltAccessPolicy

the ssh LOCAL console AAA authentication

AAA authentication enable LOCAL console

Enable http server

http 10.0.0.2 255.255.255.255 CSC-MGMT

http 10.0.0.8 255.255.255.255 CSC-MGMT

HTTP 1.2.2.2 255.255.255.255 internet2-outside

HTTP 1.2.2.2 255.255.255.255 internet1-outside

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

life crypto ipsec security association seconds 28800

Crypto ipsec kilobytes of life - safety 4608000 association

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs set group5

Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

Crypto map internet2-outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

crypto internet2-outside_map outside internet2 network interface card

Crypto ca trustpoint _SmartCallHome_ServerCA

Configure CRL

Crypto ca certificate chain _SmartCallHome_ServerCA

certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy

a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

a67a897as a67a897as a67a897as a67a897as a67a897as

quit smoking

ISAKMP crypto enable internet2-outside

crypto ISAKMP policy 10

preshared authentication

aes encryption

md5 hash

Group 2

life 86400

Telnet 10.0.0.2 255.255.255.255 CSC-MGMT

Telnet 10.0.0.8 255.255.255.255 CSC-MGMT

Telnet timeout 5

SSH 1.2.3.3 255.255.255.240 internet1-outside

SSH 1.2.2.2 255.255.255.255 internet1-outside

SSH 1.2.2.2 255.255.255.255 internet2-outside

SSH timeout 5

Console timeout 0

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

WebVPN

internal VPN_TG_1 group policy

VPN_TG_1 group policy attributes

Protocol-tunnel-VPN IPSec

username ssochelpdesk encrypted password privilege 15 xxxxxxxxxxxxxx

privilege of encrypted password username administrator 15 xxxxxxxxxxxxxx

username vpnuser1 encrypted password privilege 0 xxxxxxxxxxxxxx

username vpnuser1 attributes

VPN-group-policy VPN_TG_1

type tunnel-group VPN_TG_1 remote access

attributes global-tunnel-group VPN_TG_1

address vpnpool1 pool

Group Policy - by default-VPN_TG_1

IPSec-attributes tunnel-group VPN_TG_1

pre-shared-key *.

class-map cmap-DNS

matches the access list DNS-inspect

CCS-class class-map

corresponds to the CSC - acl access list

type of policy-card inspect dns preset_dns_map

parameters

message-length maximum 512

Policy-map global_policy

CCS category

CSC help

cmap-DNS class

inspect the preset_dns_map dns

global service-policy global_policy

context of prompt hostname

Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y

: end

Adding dynamic NAT for 192.168.150.0/24 on the external interface works, or works the sysopt connection permit VPN

Please tell what to do here, to pin all of the traffic Internet from VPN Clients.

That is, that I need clients connected via VPN tunnel, when connected to the internet, should have their addresses IP NAT'ted against the address of outside internet2 network 2.2.2.2 interface, as it happens for the customers of Campus (172.16.0.0/16)

I am well aware of all involved in here, so please be elaborative in your answers. Please let me know if you need more information about this configuration to respond to my request.

Thank you & best regards

MAXS

Hello

If possible, I'd like to see that a TCP connection attempt (e.g. http://www.google.com) in the ASDM logging of the VPN Client when you set up the dynamic NAT for the VPN Pool also.

I'll try also the command "packet - trace" on the SAA, while the VPN Client is connected to the ASA.

The command format is

packet-tracer intput tcp

That should tell what the SAA for this kind of package entering its "input" interface

Still can not see something wrong with the configuration (other than the statement of "nat" missing Dynamics PAT)

-Jouni

Need help using the access list blocking a single IP address

Similar Questions

Maybe you are looking for