Solved

Cannot Access 1 website

Posted on 2010-09-03
34
573 Views
Last Modified: 2013-11-12
I've tried everything I can think of and still cannot access www.hrci.org website from our
company network.  I can access the site from my iphone and broadband card with no problems.  

Steps I have tried:

Different browsers, uninstall anti-virus, called ISP, did nslookup and internal DNS
resolves the address, changed DNS to use ISP's still no luck,can ping the site. I did telnet into
the site but didn't get any html to display but could connect.  

Not sure what else to do?  Or how to continue to troubleshoot.  

0
Comment
Question by:jjreed
  • 19
  • 7
  • 6
  • +1
34 Comments
 
LVL 6

Expert Comment

by:rnicolaus
ID: 33597979
I've seen web servers block certain IPs or IP blocks.  Do you have a dynamic IP?  If so, maybe reset your public IP address and retry.  Won't help if a static address, in that case can you post the results of: " tracert www.hrci.org"  ?
0
 
LVL 3

Expert Comment

by:Neurom
ID: 33598008
Hello
The site seems to work fine from port 80 and I imagine that your company give the HTTP service.

Try typing IP directly in the browser

There is a Proxy Server in your company? If so, try to bypass
0
 

Author Comment

by:jjreed
ID: 33598028
No it's a static IP that the WWW see!  Here are the result of the tracert
racing route to hrci.org [69.18.196.76]

over a maximum of 30 hops:



  1    <1 ms    <1 ms    <1 ms  firewall.mttc.org [10.10.10.1]

  2     1 ms     2 ms     1 ms  nsc66.147.93-46.newsouth.net [66.147.93.46]

  3     4 ms     4 ms     4 ms  74.223.80.211.nw.nuvox.net [74.223.80.211]

  4     4 ms     4 ms     4 ms  ge7-27d3113.lsvlkyogla1.nw.nuvox.net [66.64.229.107]

  5   102 ms   102 ms   101 ms  ge-6-21.car2.Charlotte1.Level3.net [4.71.126.17]

  6   101 ms   101 ms   101 ms  ae-11-11.car1.charlotte1.level3.net [4.69.132.165]

  7   104 ms   111 ms   105 ms  ae-4-4.ebr1.atlanta2.level3.net [4.69.132.162]

  8   108 ms   101 ms   101 ms  ae-6-6.ebr1.washington12.level3.net [4.69.148.106]

  9   101 ms   101 ms   101 ms  ae-1-100.ebr2.washington12.level3.net [4.69.143.214]

0
 

Author Comment

by:jjreed
ID: 33598049
Tried IP directly and no proxy.  
0
 
LVL 6

Expert Comment

by:rnicolaus
ID: 33598089
I think your IP is in a group of addresses blocked by the site.  Have you tried contacting their site admins/host?
0
 

Author Comment

by:jjreed
ID: 33598110
Yes, I have but will try again.  Their support team stops at.... I can access the site so it must be your firewall.  
0
 
LVL 3

Expert Comment

by:Neurom
ID: 33598144
You can try to test on another pc in your company?
0
 

Author Comment

by:jjreed
ID: 33598173
I have tested other machines within the company.  
0
 
LVL 3

Expert Comment

by:Neurom
ID: 33598222
Your tracert stop on this step?

  9   101 ms   101 ms   101 ms  ae-1-100.ebr2.washington12.level3.net [4.69.143.214]

or go further?


I post my for example:

  6     3 ms     4 ms     3 ms  ge-6-19.car2.Milan1.Level3.net [213.242.65.17]
  7     6 ms     6 ms     8 ms  ae-14-14.ebr1.Frankfurt1.Level3.net [4.69.142.194]
  8     7 ms     8 ms     9 ms  ae-91-91.csw4.Frankfurt1.Level3.net [4.69.140.14]
  9     6 ms    17 ms     5 ms  ae-92-92.ebr2.Frankfurt1.Level3.net [4.69.140.29]
 10    31 ms    30 ms    42 ms  ae-44-44.ebr2.Washington1.Level3.net [4.69.137.62]
 11    32 ms    30 ms    97 ms  ae-5-5.ebr2.Washington12.Level3.net [4.69.143.222]
 12    50 ms    32 ms    31 ms  ae-10-10.ebr1.NewYork1.Level3.net [4.69.148.49]
 13    33 ms     *      104 ms  ae-91-91.csw4.NewYork1.Level3.net [4.69.134.78]
 14    42 ms    42 ms    56 ms  ae-44-99.car4.NewYork1.Level3.net [4.68.16.198]
 15    46 ms    78 ms    59 ms  OPEN-ACCESS.car4.NewYork1.Level3.net [4.53.93.106]
 16    50 ms    83 ms    41 ms  v101.inv008.hsrp.invision.net [69.18.129.38]
 17    32 ms    37 ms    98 ms  v104.inv009.hsrp.invision.net [69.18.129.83]
 18    30 ms    48 ms    87 ms  hrci.org [69.18.196.76]

The destination it's important.
0
 

Author Comment

by:jjreed
ID: 33598257
No it goes to the destination:

Tracing route to hrci.org [69.18.196.76]

over a maximum of 30 hops:



  1    <1 ms    <1 ms    <1 ms  helpme.mttc.org [10.10.20.1]

  2     1 ms     1 ms     1 ms  nsc66.147.93-46.newsouth.net [66.147.93.46]

  3     4 ms     4 ms     4 ms  74.223.80.211.nw.nuvox.net [74.223.80.211]

  4    17 ms    55 ms    39 ms  ge7-27d3113.lsvlkyogla1.nw.nuvox.net [66.64.229.107]

  5   102 ms   101 ms   102 ms  ge-6-21.car2.Charlotte1.Level3.net [4.71.126.17]

  6   102 ms   101 ms   101 ms  ae-11-11.car1.charlotte1.level3.net [4.69.132.165]

  7   108 ms   109 ms   109 ms  ae-4-4.ebr1.atlanta2.level3.net [4.69.132.162]

  8   101 ms   103 ms   101 ms  ae-6-6.ebr1.washington12.level3.net [4.69.148.106]

  9   101 ms   100 ms   100 ms  ae-1-100.ebr2.washington12.level3.net [4.69.143.214]

 10   106 ms   105 ms   106 ms  ae-10-10.ebr1.newyork1.level3.net [4.69.148.49]

 11   109 ms   108 ms   107 ms  ae-61-61.csw1.newyork1.level3.net [4.69.134.66]

 12   105 ms   105 ms   105 ms  ae-14-69.car4.NewYork1.Level3.net [4.68.16.6]

 13   109 ms   107 ms   107 ms  OPEN-ACCESS.car4.NewYork1.Level3.net [4.53.93.106]

 14   108 ms   107 ms   108 ms  v103.inv009.hsrp.invision.net [69.18.129.69]

 15   109 ms   107 ms   113 ms  hrci.org [69.18.196.76]



Trace complete.
0
 
LVL 3

Expert Comment

by:Neurom
ID: 33598378
When you telnet HRCI Site on HTTP Port (telnet www.hrci.org 80) and hit enter 2 or 3 times, you are shown this?


HTTP/1.1 501 Invalid Request
Date: Fri, 03 Sep 2010 16:43:56 GMT
Connection: close
Content-Length: 87
Content-Type: text/html

<html><head><title>501 Invalid Request</title></head><body>Invalid Request: ??</body>

Open in new window

0
 

Author Comment

by:jjreed
ID: 33598450
Yes, that;s what I got and I test other sites as well and got the same message so I disregarded it.  
0
 
LVL 3

Expert Comment

by:Neurom
ID: 33598520
See other sites correctly in your browser?

The telnet banner means that you can safely reach and download HTML pages from the site, therefore excluding a network problem, the problem is in software. What system do you use? What browser do you use?
0
 

Author Comment

by:jjreed
ID: 33598576
Yes all other sites worked in the browser.  Also I've tried different browsers.. IE 8, IE 7 and FireFox with no luck.  We have XP Pro machines.  I don't believe it is software.  I can unplug my laptop from the company network and use my broadband card and the site comes up just fine.  
0
 
LVL 3

Expert Comment

by:Neurom
ID: 33598670
Ok. It is not the software, but even the network and can not be a software installed on your laptop as outside the corporate network join the site.
Now I ask you if you have IPS or IDS device on your network or some filter?

What router you have? could be done by filter?
0
 

Author Comment

by:jjreed
ID: 33598791
No IPS or IDS or any type of web filtering.  We have a Cisco 2821 Router/Firewall.
0
 
LVL 2

Expert Comment

by:cmonteith
ID: 33600130
Maybe this is caused by an MTU issue.  I've seen where you can have access to some sites, but others die and won't load due to incorrect MTU settings.  What kind of Internet feed to you have?  Is it a DSL line using PPPoE by chance?


You can try adjusting this at the router with the following command:  (this is assuming gi0/1 is the interface facing your ISP...adjust accordingly if it is something else)

interface GigabitEthernet0/1
ip tcp adjust-mss 1425
exit

You can change the value of the 1425 to match whatever internet feed you have (1300 is a good round number I've used for trouble shooting when I'm not certain.)  The default for most connections is 1500, but if yur provider is running PPPoE they add a few bytes to the packet and can cause headaches if you don't shrink the max size of packet.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:jjreed
ID: 33681597
OK - More information for this issue for problems with internet surfing.    In August we had our T-1 lines bonded making a 4.5MB line.  Since this time issues started coming up with problems of websites not loading or slow to load, file downloads are impossible, windows updates dowloads are bad, streaming video is horrible and overall interent life just sticks.  The first week after the installation everything was working fine and slowly has gotten worse over the last few weeks.  Could there be a problem on the ISP side as far as how they are routing traffic or their configurations?  Or what is the best way to start troubleshooting an issue like this?  Any help is appreciated.
0
 
LVL 2

Expert Comment

by:cmonteith
ID: 33682967
It *could* be an ISP issue....what form of bonding did you/they use?  MLPPP or simple per-packet load balancing across the T1 lines?

Did you ever try the MTU setting I posted earlier?  If you don't want to make an MTU change on the router you can instead test it using a single PC as your test.  You can change the MTU settings on the NIC of your PC easiest by downloading a program called Dr TCP  (http://www.dslreports.com/drtcp)  

If you've not tried, download this on a test workstation that is having trouble, adjust MTU down to something like 1300 for the test.  Reboot and then try and access the site.

You can also use a windows ping test that may help indicate if this is an MTU related issue.  Try doing the following from any workstation on the network:

ping -f -l 1450 www.hrci.org

If you don't get a reply, try lowering the number from 1450 down to 1350 and try again.  Keep going down another 100 until you get a reply...or if you don't ever get anything post back here so we can all scratch our heads some more :)
0
 

Author Comment

by:jjreed
ID: 33685066
No I didn't change the MTU setting on the router but I did do the test you suggested above:

Dowloaded - DR TCP and changed the MTU to 1300, 1350, 1400, 1450, 1500 on my NIC and NO CHANGE WITH ALL.  www.hrci.org site will not load.  www.saltsmartonline.com - link for videos on you tube from page will not buffer.  www.mnsbc.com - videos come up blank but if I hit refresh 3 or 4 time the videos will populate within the page and work.   Nissan web site will not load unless I hit refresh 2 or 3 times and the QuickBook website is a wreck.  

I also did the ping -f -l 1450 www.hrci.org

Pinging hrci.org [69.18.196.76] with 1450 bytes of data:

Reply from 69.18.196.76: bytes=1450 time=126ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=125ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=126ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=125ms TTL=51
Ping statistics for 69.18.196.76:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 125ms, Maximum = 126ms, Average = 125ms

And I am checking on the type of bonding.
0
 
LVL 2

Expert Comment

by:cmonteith
ID: 33685251
ok,  that effectively rules out it being an MTU issue.  If you're seeing all sorts of problems with other sites as well you'll defiantly want to engage your ISP.  If this all started right about the time you moved to a bonded service my guess is that is a large part of what could be causing your problems.

You mentioned you were not having this problem before....did you have a signle T1 line before, and then simply added two additional T1 lines to your connection, or did you actually migrate to the use of this router and this connection (and this ISP) all at the same time?  I'm just trying to get an idea on all things that have changed on your network in the time from when this site was working until it stopped.

If you want to post the config of your 2800 router that would tell me what form of bonding your using as well as if there are other potential issues that could be causing your problems.
0
 

Author Comment

by:jjreed
ID: 33685595
They had 3 T1's already in place, One of the T1's was dedicated to a PRI and 2 were data T1's but the data lines were not bonded.  With the change we bonded the 3 T1's all with the same ISP and equipment.  These issues all started shortly after the change.  We had bandwidth issues before but we were maxing out to a 100% utilization .   I'm out of time today but will post the 2800 router configurations tomorrow for you.
0
 

Author Comment

by:jjreed
ID: 33694023
Here is the config of 2821.   The ISP said there is no load balancing on the T1's .


This is the running config of the router: xxxxxxx
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx-FW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnuserauth group radius local
aaa authorization exec default local
aaa authorization network vpngroupauth local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
ip cef
ip inspect name IOSFW udp
ip inspect name IOSFW tcp
ip inspect name IOSFW http
!
!
ip domain name mttc.org
ip name-server 64.89.70.2
ip urlfilter allow-mode on
ip urlfilter server vendor websense 1xx.1xx.1x0.x timeout 3
!
!
!
!

!
!
ip telnet source-interface GigabitEthernet0/1.2
!
class-map match-all Tadem
 match access-group 110
!
!
policy-map RestrictTadem
 class Tadem
  bandwidth percent 20
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 20
 encr 3des
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key mttc.0rg address 218.26.165.75 no-xauth
!
crypto isakmp client configuration group xxxxxx
 key xxxxxxxx
 dns 1x.1x.1x.x 1x.1x.1x.x
 domain mttc.org
 pool VPN-POOL
 acl VPN-ACL
!
!
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto dynamic-map DYN-MAP 10
 set transform-set 3DESMD5
!
!
crypto map CRYPTO-MAP client authentication list vpnuserauth
crypto map CRYPTO-MAP isakmp authorization list vpngroupauth
crypto map CRYPTO-MAP client configuration address respond
crypto map CRYPTO-MAP 10 ipsec-isakmp
 set peer 216.26.175.75
 set transform-set 3DESSHA
 match address VPN-TO-PEAK10
crypto map CRYPTO-MAP 65535 ipsec-isakmp dynamic DYN-MAP
!
!
!
interface GigabitEthernet0/0
 description To_Outside$FW_OUTSIDE$$ETH-LAN$
 bandwidth 3072
 ip address 66.143.93.48 255.255.255.248
 ip access-group 101 in
 ip verify unicast reverse-path
 ip inspect IOSFW out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map CRYPTO-MAP
 service-policy output RestrictTadem
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description To_Inside$FW_INSIDE$$ETH-LAN$
 encapsulation dot1Q 1 native
 ip address 1x.1x.1x.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet0/1.2
 description Tandem Network
 encapsulation dot1Q 2
 ip address 1x.1x.2x.1 255.255.255.0
 ip access-group sdm_gigabitethernet0/1.2_in in
 ip nat inside
 ip virtual-reassembly
0
 
LVL 2

Expert Comment

by:cmonteith
ID: 33696205
OK,  so you don't have the T1 lines coming into your hardware.  I would assume your provider has the T1 lines going into a hardware device of their own, which in turn gives you an Ethernet hand-off you have plugged into GigabitEthernet0/0 correct?

It looks like most of the routing details where cut off in the config you posted, I can't see anything after your sub-interface Gi0/1.2...there should be a good amount more configuration in there (nat statements, routing statements and the like)

It looks like your ISP is also giving you a block of IP addresses based on your configuration.

If you haven't already, it might not be a bad idea to simply connect a laptop to your ISP's hardware in place of your router, configure it with the same static IP information and see if the problems your seeing on the inside network are also happening when you try from the outside.

If you can reproduce the problem using the same internet connection and IP address settings your router is currently using, then it is time to engage your ISP, as they likely have an issue.

If with those same settings you can access that site, and all other sites render just fine, then you have a local issue that will required further investigation.

0
 

Author Comment

by:jjreed
ID: 33696835
Yes that is correct about the internet connection.  I have scheduled downtime tomorrow morning to bypass the router and I will post my results then. I didn't copy all of the configurations because it was 8 pages.
0
 

Author Comment

by:jjreed
ID: 33700287
Ok, I bypassed our router and everything worked like a charm.  So looking over the router configurations again to see what could cause this.  
0
 
LVL 2

Expert Comment

by:cmonteith
ID: 33700329
ok, well that rules out anything on your ISP's end, and also rules out any kind of firewall issues on the web hosts side (like them blocking your IP address)  

In the part of the config your posted it looks like you're also using Websenese?  You might try disabling that feature and see if the problem continues.
0
 

Author Comment

by:jjreed
ID: 33700447
We havn't used Websense in over a year but I was looking at that this morning.  Did show ip urlfilter config and the results are:
Websense URL Filtering is DISABLED
Primary Websense server configurations
Websense server IP address Or Host Name: 100.100.100.9
Websense server port: 15868
Websense retrasmission time out: 3 <in seconds>
Websense number of retransmission: 2

Secondary Websense server configurations
Other configurations
Allow Mode: ON
System Alert: ENABLED
Audit Trail: DISABLED
Log message on Websense server: DISABLED
Maximun number of cache entries: 5000
Maximun number of packet buffers: 200
Maxium outstanding requests: 1000

Anything there need changed?
0
 
LVL 2

Expert Comment

by:cmonteith
ID: 33700626
doesn't look like it....I'm not a WS expert, but since the router is reporting URL filtering disabled I wouldn't expect that to be the cause.

Might also want to rule out the simple stuff:  

If you do a "show int gi0/0" verify your speed and duplex settings.  You're currently set to auto neg for that interface.  I have seen many times when an ISP gives an Ethernet hand-off you can get a duplex miss-match that can cause all sorts of network related issues.  If that interface is showing 100M half duplex that could be a strong indicator of a problem.  I would recommend hard coding both your interface and the ISP hardware to 100/full (your ISP will likely need to do this on their end unless they gave you access to the hardware.)

0
 

Author Comment

by:jjreed
ID: 33700737
GigabitEthernet0/0 is up, line protocol is up
  Hardware is MV96340 Ethernet, address is 001c.f685.6dd8 (bia 001c.f685.6dd8)
  Description: To_Outside$FW_OUTSIDE$$ETH-LAN$
  Internet address is 66.156.82.45/29
  MTU 1500 bytes, BW 3072 Kbit, DLY 100 usec,
     reliability 255/255, txload 22/255, rxload 14/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is T
  output flow-control is XON, input flow-control is XON
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/16/0 (size/max/drops/flushes); Total output drops: 5
  Queueing strategy: Class-based queueing
  Output queue: 0/1000/64/5 (size/max total/threshold/drops)
     Conversations  0/6/256 (active/max active/max total)
     Reserved Conversations 1/1 (allocated/max allocated)
     Available Bandwidth 1690 kilobits/sec
  5 minute input rate 169000 bits/sec, 30 packets/sec
  5 minute output rate 268000 bits/sec, 39 packets/sec
     1179554066 packets input, 1818835791 bytes, 5 no buffer
     Received 622452 broadcasts, 0 runts, 0 giants, 1 throttles
     4 input errors, 0 CRC, 2 frame, 0 overrun, 2 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     996786407 packets output, 638532254 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 2 pause output
     0 output buffer failures, 0 output buffers swapped out
0
 
LVL 2

Accepted Solution

by:
cmonteith earned 500 total points
ID: 33700952
That looks pretty clean....so I don't think that is the issue do you post the rest of your router configuration (routing,Nat,route-map, acl entries) so we can examine?
0
 

Author Comment

by:jjreed
ID: 33701673
Here it is!


version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec

!
hostname XXXX-FW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnuserauth group radius local
aaa authorization exec default local
aaa authorization network vpngroupauth local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
ip cef
ip inspect name IOSFW udp
ip inspect name IOSFW tcp
ip inspect name IOSFW http
!
!
ip domain name mttc.org
ip name-server 64.89.70.2
ip urlfilter allow-mode on
ip urlfilter server vendor websense x.x.x.x timeout 3
!
!
!
!

!
!
ip telnet source-interface GigabitEthernet0/1.2
!
class-map match-all Tadem
 match access-group 110
!
!
policy-map RestrictTadem
 class Tadem
  bandwidth percent 20
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 20
 encr 3des
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key mttc.0rg address 216.26.175.75 no-xauth
!
crypto isakmp client configuration group IPIVPN
 key xxxxxx
 dns x.x.x.x  x.x.x.x
 domain mttc.org
 pool VPN-POOL
 acl VPN-ACL
!
!
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto dynamic-map DYN-MAP 10
 set transform-set 3DESMD5
!
!
crypto map CRYPTO-MAP client authentication list vpnuserauth
crypto map CRYPTO-MAP isakmp authorization list vpngroupauth
crypto map CRYPTO-MAP client configuration address respond
crypto map CRYPTO-MAP 10 ipsec-isakmp
 set peer 216.26.175.75
 set transform-set 3DESSHA
 match address VPN-TO-PEAK10
crypto map CRYPTO-MAP 65535 ipsec-isakmp dynamic DYN-MAP
!
!
!
interface GigabitEthernet0/0
 description To_Outside$FW_OUTSIDE$$ETH-LAN$
 bandwidth 3072
 ip address 66.152.93.54 255.255.255.248
 ip access-group 101 in
 ip verify unicast reverse-path
 ip inspect IOSFW out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map CRYPTO-MAP
 service-policy output RestrictTadem
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description To_Inside$FW_INSIDE$$ETH-LAN$
 encapsulation dot1Q 1 native
 ip address x.x.x.x 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet0/1.2
 description Tandem Network
 encapsulation dot1Q 2
 ip address x.x.x.x 255.255.255.0
 ip access-group sdm_gigabitethernet0/1.2_in in
 ip nat inside
 ip virtual-reassembly
!
ip local pool VPN-POOL 10.10.15.10 10.10.15.50
ip route 0.0.0.0 0.0.0.0 66.147.93.46
ip route 10.10.11.0 255.255.255.0 10.10.10.254
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 109 interface GigabitEthernet0/0 overload
ip nat inside source route-map NO-NAT interface GigabitEthernet0/0 overload
ip nat inside source static 10.10.10.35 66.147.93.41 route-map SDM_RMAP_1
ip nat inside source static 10.10.10.24 66.147.93.42 route-map SDM_RMAP_2
ip nat inside source static 10.10.10.34 70.43.64.113 route-map SDM_RMAP_3
ip nat inside source static 10.10.10.2 70.43.64.114 route-map SDM_RMAP_4
ip nat inside source static 10.10.20.10 70.43.64.115 route-map SDM_RMAP_6
ip nat inside source static 10.10.10.27 70.43.64.116
ip nat inside source static 10.10.10.17 70.43.64.117
ip nat inside source static 10.10.10.9 70.43.64.118
!
ip access-list extended NO-NAT-ACS
 remark SDM_ACL Category=18
 deny   ip host 10.10.10.23 any
 deny   ip host 10.10.20.10 any
 deny   ip host 10.10.10.35 any
 deny   ip host 10.10.10.24 any
 deny   ip host 10.10.10.27 any
 deny   ip host 10.10.10.34 any
 deny   ip host 10.10.10.2 any
 deny   ip 10.10.10.0 0.0.0.255 10.10.15.0 0.0.0.255
 deny   ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
 deny   ip 10.10.11.0 0.0.0.255 10.10.15.0 0.0.0.255
 permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended VPN-ACL
 permit ip 10.10.10.0 0.0.0.255 10.10.15.0 0.0.0.255
 permit ip 10.10.11.0 0.0.0.255 10.10.15.0 0.0.0.255
ip access-list extended VPN-TO-PEAK10
 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
ip access-list extended sdm_gigabitethernet0/1.2_in
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 192.43.244.18
 permit udp host 192.43.244.18 eq ntp host 10.10.20.1 eq ntp
 permit tcp any eq smtp any
 deny   ip any 10.10.15.0 0.0.0.255
 deny   ip any 10.10.11.0 0.0.0.255
 deny   ip any 10.10.10.0 0.0.0.255
 permit ip any any
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   udp host 10.10.10.8 eq 15868 host 10.10.10.1
access-list 100 deny   ip 66.147.93.40 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ahp host 216.26.175.75 host 66.147.93.45
access-list 101 permit ahp any host 66.147.93.45
access-list 101 permit esp host 216.26.175.75 host 66.147.93.45
access-list 101 permit udp host 216.26.175.75 host 66.147.93.45 eq isakmp
access-list 101 permit udp host 216.26.175.75 host 66.147.93.45 eq non500-isakmp
access-list 101 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq smtp
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq 443
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq www
access-list 101 deny   tcp any host 66.147.93.41 eq smtp
access-list 101 permit tcp any host 66.147.93.41 eq 443
access-list 101 deny   tcp any host 66.147.93.41 eq 993
access-list 101 permit tcp any host 66.147.93.41 eq www
access-list 101 remark nstcqa-test
access-list 101 permit tcp any host 66.147.93.42 eq www
access-list 101 remark nstcqa-test
access-list 101 permit tcp any host 66.147.93.42 eq 3389
access-list 101 remark deltek time ipi.mttc.org
access-list 101 permit tcp any host 70.43.64.113 eq www
access-list 101 remark Web-Hosting
access-list 101 permit tcp any host 70.43.64.116 eq www
access-list 101 remark Flextraining
access-list 101 permit tcp any host 70.43.64.117 eq www
access-list 101 remark SharePoint
access-list 101 permit tcp any host 70.43.64.118 eq www
access-list 101 permit tcp any host 66.147.93.45 eq 22
access-list 101 permit esp any host 66.147.93.45
access-list 101 permit udp any eq isakmp host 66.147.93.45
access-list 101 permit udp any host 66.147.93.45 eq isakmp
access-list 101 permit udp any host 66.147.93.45 eq non500-isakmp
access-list 101 remark Tandem-Rule
access-list 101 permit ip any host 70.43.64.115
access-list 101 permit ip host 10.10.15.50 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.49 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.48 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.47 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.46 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.45 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.44 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.43 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.42 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.41 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.40 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.39 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.38 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.37 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.36 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.35 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.34 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.33 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.32 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.31 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.30 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.29 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.28 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.27 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.26 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.25 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.24 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.23 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.22 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.21 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.20 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.19 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.18 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.17 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.16 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.15 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.14 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.13 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.12 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.11 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.10 10.10.10.0 0.0.0.255
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 66.147.93.45 echo-reply
access-list 101 permit icmp any host 66.147.93.45 time-exceeded
access-list 101 permit icmp any host 66.147.93.45 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark SDM_ACL Category=2
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.50
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.49
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.48
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.47
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.46
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.45
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.44
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.43
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.42
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.41
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.40
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.39
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.38
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.37
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.36
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.35
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.34
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.33
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.32
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.31
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.30
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.29
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.28
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.27
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.26
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.25
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.24
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.23
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.22
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.21
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.20
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.19
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.18
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.17
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.16
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.15
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.14
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.13
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.12
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.11
access-list 102 deny   ip host 10.10.10.35 host 10.10.15.10
access-list 102 permit ip host 10.10.10.35 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.50
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.49
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.48
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.47
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.46
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.45
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.44
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.43
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.42
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.41
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.40
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.39
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.38
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.37
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.36
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.35
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.34
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.33
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.32
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.31
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.30
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.29
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.28
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.27
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.26
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.25
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.24
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.23
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.22
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.21
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.20
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.19
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.18
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.17
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.16
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.15
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.14
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.13
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.12
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.11
access-list 103 deny   ip host 10.10.10.24 host 10.10.15.10
access-list 103 permit ip host 10.10.10.24 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.50
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.49
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.48
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.47
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.46
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.45
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.44
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.43
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.42
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.41
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.40
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.39
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.38
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.37
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.36
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.35
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.34
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.33
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.32
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.31
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.30
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.29
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.28
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.27
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.26
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.25
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.24
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.23
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.22
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.21
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.20
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.19
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.18
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.17
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.16
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.15
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.14
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.13
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.12
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.11
access-list 104 deny   ip host 10.10.10.34 host 10.10.15.10
access-list 104 permit ip host 10.10.10.34 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.50
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.49
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.48
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.47
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.46
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.45
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.44
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.43
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.42
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.41
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.40
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.39
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.38
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.37
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.36
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.35
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.34
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.33
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.32
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.31
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.30
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.29
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.28
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.27
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.26
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.25
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.24
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.23
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.22
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.21
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.20
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.19
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.18
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.17
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.16
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.15
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.14
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.13
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.12
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.11
access-list 105 deny   ip host 10.10.10.2 host 10.10.15.10
access-list 105 permit ip host 10.10.10.2 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.50
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.49
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.48
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.47
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.46
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.45
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.44
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.43
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.42
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.41
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.40
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.39
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.38
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.37
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.36
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.35
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.34
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.33
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.32
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.31
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.30
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.29
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.28
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.27
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.26
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.25
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.24
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.23
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.22
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.21
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.20
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.19
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.18
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.17
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.16
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.15
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.14
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.13
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.12
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.11
access-list 106 deny   ip host 10.10.10.27 host 10.10.15.10
access-list 106 permit ip host 10.10.10.27 any
access-list 107 remark SDM_ACL Category=2
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.50
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.49
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.48
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.47
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.46
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.45
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.44
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.43
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.42
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.41
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.40
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.39
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.38
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.37
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.36
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.35
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.34
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.33
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.32
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.31
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.30
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.29
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.28
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.27
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.26
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.25
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.24
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.23
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.22
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.21
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.20
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.19
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.18
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.17
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.16
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.15
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.14
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.13
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.12
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.11
access-list 107 deny   ip host 10.10.20.10 host 10.10.15.10
access-list 107 permit ip host 10.10.20.10 any
access-list 108 remark SDM_ACL Category=2
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.50
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.49
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.48
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.47
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.46
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.45
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.44
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.43
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.42
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.41
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.40
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.39
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.38
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.37
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.36
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.35
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.34
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.33
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.32
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.31
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.30
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.29
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.28
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.27
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.26
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.25
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.24
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.23
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.22
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.21
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.20
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.19
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.18
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.17
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.16
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.15
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.14
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.13
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.12
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.11
access-list 108 deny   ip host 10.10.10.23 host 10.10.15.10
access-list 108 permit ip host 10.10.10.23 any
access-list 109 deny   ip host 10.10.20.10 any
access-list 109 permit ip 10.10.20.0 0.0.0.63 any
access-list 110 permit ip 10.10.20.0 0.0.0.63 any
route-map SDM_RMAP_4 permit 1
 match ip address 105
!
route-map SDM_RMAP_5 permit 1
 match ip address 106
!
route-map SDM_RMAP_6 permit 1
 match ip address 107
!
route-map SDM_RMAP_7 permit 1
 match ip address 108
!
route-map SDM_RMAP_1 permit 1
 match ip address 102
!
route-map SDM_RMAP_2 permit 1
 match ip address 103
!
route-map SDM_RMAP_3 permit 1
 match ip address 104
!
route-map NO-NAT permit 10
 match ip address NO-NAT-ACS
!
!
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key xxxxxx
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
line vty 5 15
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp authentication-key 54487 md5 130C071B020817392E2A3B3C272C0717 7
ntp authenticate
ntp source GigabitEthernet0/1
ntp master
ntp server 192.43.244.18
!
end


0
 

Author Comment

by:jjreed
ID: 33929092
It was an issue with the firewall.  We removed the inspect http traffic and all issues cleared up.
0
 

Author Closing Comment

by:jjreed
ID: 33929150
wasn't the solution but helped me out the most!  Thanks
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now