jjreed
asked on
Cannot Access 1 website
I've tried everything I can think of and still cannot access www.hrci.org website from our
company network. I can access the site from my iphone and broadband card with no problems.
Steps I have tried:
Different browsers, uninstall anti-virus, called ISP, did nslookup and internal DNS
resolves the address, changed DNS to use ISP's still no luck,can ping the site. I did telnet into
the site but didn't get any html to display but could connect.
Not sure what else to do? Or how to continue to troubleshoot.
company network. I can access the site from my iphone and broadband card with no problems.
Steps I have tried:
Different browsers, uninstall anti-virus, called ISP, did nslookup and internal DNS
resolves the address, changed DNS to use ISP's still no luck,can ping the site. I did telnet into
the site but didn't get any html to display but could connect.
Not sure what else to do? Or how to continue to troubleshoot.
I've seen web servers block certain IPs or IP blocks. Do you have a dynamic IP? If so, maybe reset your public IP address and retry. Won't help if a static address, in that case can you post the results of: " tracert www.hrci.org" ?
Hello
The site seems to work fine from port 80 and I imagine that your company give the HTTP service.
Try typing IP directly in the browser
There is a Proxy Server in your company? If so, try to bypass
The site seems to work fine from port 80 and I imagine that your company give the HTTP service.
Try typing IP directly in the browser
There is a Proxy Server in your company? If so, try to bypass
ASKER
No it's a static IP that the WWW see! Here are the result of the tracert
racing route to hrci.org [69.18.196.76]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms firewall.mttc.org [10.10.10.1]
2 1 ms 2 ms 1 ms nsc66.147.93-46.newsouth.n et [66.147.93.46]
3 4 ms 4 ms 4 ms 74.223.80.211.nw.nuvox.net [74.223.80.211]
4 4 ms 4 ms 4 ms ge7-27d3113.lsvlkyogla1.nw .nuvox.net [66.64.229.107]
5 102 ms 102 ms 101 ms ge-6-21.car2.Charlotte1.Le vel3.net [4.71.126.17]
6 101 ms 101 ms 101 ms ae-11-11.car1.charlotte1.l evel3.net [4.69.132.165]
7 104 ms 111 ms 105 ms ae-4-4.ebr1.atlanta2.level 3.net [4.69.132.162]
8 108 ms 101 ms 101 ms ae-6-6.ebr1.washington12.l evel3.net [4.69.148.106]
9 101 ms 101 ms 101 ms ae-1-100.ebr2.washington12 .level3.ne t [4.69.143.214]
racing route to hrci.org [69.18.196.76]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms firewall.mttc.org [10.10.10.1]
2 1 ms 2 ms 1 ms nsc66.147.93-46.newsouth.n
3 4 ms 4 ms 4 ms 74.223.80.211.nw.nuvox.net
4 4 ms 4 ms 4 ms ge7-27d3113.lsvlkyogla1.nw
5 102 ms 102 ms 101 ms ge-6-21.car2.Charlotte1.Le
6 101 ms 101 ms 101 ms ae-11-11.car1.charlotte1.l
7 104 ms 111 ms 105 ms ae-4-4.ebr1.atlanta2.level
8 108 ms 101 ms 101 ms ae-6-6.ebr1.washington12.l
9 101 ms 101 ms 101 ms ae-1-100.ebr2.washington12
ASKER
Tried IP directly and no proxy.
I think your IP is in a group of addresses blocked by the site. Have you tried contacting their site admins/host?
ASKER
Yes, I have but will try again. Their support team stops at.... I can access the site so it must be your firewall.
You can try to test on another pc in your company?
ASKER
I have tested other machines within the company.
Your tracert stop on this step?
9 101 ms 101 ms 101 ms ae-1-100.ebr2.washington12 .level3.ne t [4.69.143.214]
or go further?
I post my for example:
6 3 ms 4 ms 3 ms ge-6-19.car2.Milan1.Level3 .net [213.242.65.17]
7 6 ms 6 ms 8 ms ae-14-14.ebr1.Frankfurt1.L evel3.net [4.69.142.194]
8 7 ms 8 ms 9 ms ae-91-91.csw4.Frankfurt1.L evel3.net [4.69.140.14]
9 6 ms 17 ms 5 ms ae-92-92.ebr2.Frankfurt1.L evel3.net [4.69.140.29]
10 31 ms 30 ms 42 ms ae-44-44.ebr2.Washington1. Level3.net [4.69.137.62]
11 32 ms 30 ms 97 ms ae-5-5.ebr2.Washington12.L evel3.net [4.69.143.222]
12 50 ms 32 ms 31 ms ae-10-10.ebr1.NewYork1.Lev el3.net [4.69.148.49]
13 33 ms * 104 ms ae-91-91.csw4.NewYork1.Lev el3.net [4.69.134.78]
14 42 ms 42 ms 56 ms ae-44-99.car4.NewYork1.Lev el3.net [4.68.16.198]
15 46 ms 78 ms 59 ms OPEN-ACCESS.car4.NewYork1. Level3.net [4.53.93.106]
16 50 ms 83 ms 41 ms v101.inv008.hsrp.invision. net [69.18.129.38]
17 32 ms 37 ms 98 ms v104.inv009.hsrp.invision. net [69.18.129.83]
18 30 ms 48 ms 87 ms hrci.org [69.18.196.76]
The destination it's important.
9 101 ms 101 ms 101 ms ae-1-100.ebr2.washington12
or go further?
I post my for example:
6 3 ms 4 ms 3 ms ge-6-19.car2.Milan1.Level3
7 6 ms 6 ms 8 ms ae-14-14.ebr1.Frankfurt1.L
8 7 ms 8 ms 9 ms ae-91-91.csw4.Frankfurt1.L
9 6 ms 17 ms 5 ms ae-92-92.ebr2.Frankfurt1.L
10 31 ms 30 ms 42 ms ae-44-44.ebr2.Washington1.
11 32 ms 30 ms 97 ms ae-5-5.ebr2.Washington12.L
12 50 ms 32 ms 31 ms ae-10-10.ebr1.NewYork1.Lev
13 33 ms * 104 ms ae-91-91.csw4.NewYork1.Lev
14 42 ms 42 ms 56 ms ae-44-99.car4.NewYork1.Lev
15 46 ms 78 ms 59 ms OPEN-ACCESS.car4.NewYork1.
16 50 ms 83 ms 41 ms v101.inv008.hsrp.invision.
17 32 ms 37 ms 98 ms v104.inv009.hsrp.invision.
18 30 ms 48 ms 87 ms hrci.org [69.18.196.76]
The destination it's important.
ASKER
No it goes to the destination:
Tracing route to hrci.org [69.18.196.76]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms helpme.mttc.org [10.10.20.1]
2 1 ms 1 ms 1 ms nsc66.147.93-46.newsouth.n et [66.147.93.46]
3 4 ms 4 ms 4 ms 74.223.80.211.nw.nuvox.net [74.223.80.211]
4 17 ms 55 ms 39 ms ge7-27d3113.lsvlkyogla1.nw .nuvox.net [66.64.229.107]
5 102 ms 101 ms 102 ms ge-6-21.car2.Charlotte1.Le vel3.net [4.71.126.17]
6 102 ms 101 ms 101 ms ae-11-11.car1.charlotte1.l evel3.net [4.69.132.165]
7 108 ms 109 ms 109 ms ae-4-4.ebr1.atlanta2.level 3.net [4.69.132.162]
8 101 ms 103 ms 101 ms ae-6-6.ebr1.washington12.l evel3.net [4.69.148.106]
9 101 ms 100 ms 100 ms ae-1-100.ebr2.washington12 .level3.ne t [4.69.143.214]
10 106 ms 105 ms 106 ms ae-10-10.ebr1.newyork1.lev el3.net [4.69.148.49]
11 109 ms 108 ms 107 ms ae-61-61.csw1.newyork1.lev el3.net [4.69.134.66]
12 105 ms 105 ms 105 ms ae-14-69.car4.NewYork1.Lev el3.net [4.68.16.6]
13 109 ms 107 ms 107 ms OPEN-ACCESS.car4.NewYork1. Level3.net [4.53.93.106]
14 108 ms 107 ms 108 ms v103.inv009.hsrp.invision. net [69.18.129.69]
15 109 ms 107 ms 113 ms hrci.org [69.18.196.76]
Trace complete.
Tracing route to hrci.org [69.18.196.76]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms helpme.mttc.org [10.10.20.1]
2 1 ms 1 ms 1 ms nsc66.147.93-46.newsouth.n
3 4 ms 4 ms 4 ms 74.223.80.211.nw.nuvox.net
4 17 ms 55 ms 39 ms ge7-27d3113.lsvlkyogla1.nw
5 102 ms 101 ms 102 ms ge-6-21.car2.Charlotte1.Le
6 102 ms 101 ms 101 ms ae-11-11.car1.charlotte1.l
7 108 ms 109 ms 109 ms ae-4-4.ebr1.atlanta2.level
8 101 ms 103 ms 101 ms ae-6-6.ebr1.washington12.l
9 101 ms 100 ms 100 ms ae-1-100.ebr2.washington12
10 106 ms 105 ms 106 ms ae-10-10.ebr1.newyork1.lev
11 109 ms 108 ms 107 ms ae-61-61.csw1.newyork1.lev
12 105 ms 105 ms 105 ms ae-14-69.car4.NewYork1.Lev
13 109 ms 107 ms 107 ms OPEN-ACCESS.car4.NewYork1.
14 108 ms 107 ms 108 ms v103.inv009.hsrp.invision.
15 109 ms 107 ms 113 ms hrci.org [69.18.196.76]
Trace complete.
When you telnet HRCI Site on HTTP Port (telnet www.hrci.org 80) and hit enter 2 or 3 times, you are shown this?
HTTP/1.1 501 Invalid Request
Date: Fri, 03 Sep 2010 16:43:56 GMT
Connection: close
Content-Length: 87
Content-Type: text/html
<html><head><title>501 Invalid Request</title></head><body>Invalid Request: ??</body>
ASKER
Yes, that;s what I got and I test other sites as well and got the same message so I disregarded it.
See other sites correctly in your browser?
The telnet banner means that you can safely reach and download HTML pages from the site, therefore excluding a network problem, the problem is in software. What system do you use? What browser do you use?
The telnet banner means that you can safely reach and download HTML pages from the site, therefore excluding a network problem, the problem is in software. What system do you use? What browser do you use?
ASKER
Yes all other sites worked in the browser. Also I've tried different browsers.. IE 8, IE 7 and FireFox with no luck. We have XP Pro machines. I don't believe it is software. I can unplug my laptop from the company network and use my broadband card and the site comes up just fine.
Ok. It is not the software, but even the network and can not be a software installed on your laptop as outside the corporate network join the site.
Now I ask you if you have IPS or IDS device on your network or some filter?
What router you have? could be done by filter?
Now I ask you if you have IPS or IDS device on your network or some filter?
What router you have? could be done by filter?
ASKER
No IPS or IDS or any type of web filtering. We have a Cisco 2821 Router/Firewall.
Maybe this is caused by an MTU issue. I've seen where you can have access to some sites, but others die and won't load due to incorrect MTU settings. What kind of Internet feed to you have? Is it a DSL line using PPPoE by chance?
You can try adjusting this at the router with the following command: (this is assuming gi0/1 is the interface facing your ISP...adjust accordingly if it is something else)
interface GigabitEthernet0/1
ip tcp adjust-mss 1425
exit
You can change the value of the 1425 to match whatever internet feed you have (1300 is a good round number I've used for trouble shooting when I'm not certain.) The default for most connections is 1500, but if yur provider is running PPPoE they add a few bytes to the packet and can cause headaches if you don't shrink the max size of packet.
You can try adjusting this at the router with the following command: (this is assuming gi0/1 is the interface facing your ISP...adjust accordingly if it is something else)
interface GigabitEthernet0/1
ip tcp adjust-mss 1425
exit
You can change the value of the 1425 to match whatever internet feed you have (1300 is a good round number I've used for trouble shooting when I'm not certain.) The default for most connections is 1500, but if yur provider is running PPPoE they add a few bytes to the packet and can cause headaches if you don't shrink the max size of packet.
ASKER
OK - More information for this issue for problems with internet surfing. In August we had our T-1 lines bonded making a 4.5MB line. Since this time issues started coming up with problems of websites not loading or slow to load, file downloads are impossible, windows updates dowloads are bad, streaming video is horrible and overall interent life just sticks. The first week after the installation everything was working fine and slowly has gotten worse over the last few weeks. Could there be a problem on the ISP side as far as how they are routing traffic or their configurations? Or what is the best way to start troubleshooting an issue like this? Any help is appreciated.
It *could* be an ISP issue....what form of bonding did you/they use? MLPPP or simple per-packet load balancing across the T1 lines?
Did you ever try the MTU setting I posted earlier? If you don't want to make an MTU change on the router you can instead test it using a single PC as your test. You can change the MTU settings on the NIC of your PC easiest by downloading a program called Dr TCP (http://www.dslreports.com/drtcp)
If you've not tried, download this on a test workstation that is having trouble, adjust MTU down to something like 1300 for the test. Reboot and then try and access the site.
You can also use a windows ping test that may help indicate if this is an MTU related issue. Try doing the following from any workstation on the network:
ping -f -l 1450 www.hrci.org
If you don't get a reply, try lowering the number from 1450 down to 1350 and try again. Keep going down another 100 until you get a reply...or if you don't ever get anything post back here so we can all scratch our heads some more :)
Did you ever try the MTU setting I posted earlier? If you don't want to make an MTU change on the router you can instead test it using a single PC as your test. You can change the MTU settings on the NIC of your PC easiest by downloading a program called Dr TCP (http://www.dslreports.com/drtcp)
If you've not tried, download this on a test workstation that is having trouble, adjust MTU down to something like 1300 for the test. Reboot and then try and access the site.
You can also use a windows ping test that may help indicate if this is an MTU related issue. Try doing the following from any workstation on the network:
ping -f -l 1450 www.hrci.org
If you don't get a reply, try lowering the number from 1450 down to 1350 and try again. Keep going down another 100 until you get a reply...or if you don't ever get anything post back here so we can all scratch our heads some more :)
ASKER
No I didn't change the MTU setting on the router but I did do the test you suggested above:
Dowloaded - DR TCP and changed the MTU to 1300, 1350, 1400, 1450, 1500 on my NIC and NO CHANGE WITH ALL. www.hrci.org site will not load. www.saltsmartonline.com - link for videos on you tube from page will not buffer. www.mnsbc.com - videos come up blank but if I hit refresh 3 or 4 time the videos will populate within the page and work. Nissan web site will not load unless I hit refresh 2 or 3 times and the QuickBook website is a wreck.
I also did the ping -f -l 1450 www.hrci.org
Pinging hrci.org [69.18.196.76] with 1450 bytes of data:
Reply from 69.18.196.76: bytes=1450 time=126ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=125ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=126ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=125ms TTL=51
Ping statistics for 69.18.196.76:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 126ms, Average = 125ms
And I am checking on the type of bonding.
Dowloaded - DR TCP and changed the MTU to 1300, 1350, 1400, 1450, 1500 on my NIC and NO CHANGE WITH ALL. www.hrci.org site will not load. www.saltsmartonline.com - link for videos on you tube from page will not buffer. www.mnsbc.com - videos come up blank but if I hit refresh 3 or 4 time the videos will populate within the page and work. Nissan web site will not load unless I hit refresh 2 or 3 times and the QuickBook website is a wreck.
I also did the ping -f -l 1450 www.hrci.org
Pinging hrci.org [69.18.196.76] with 1450 bytes of data:
Reply from 69.18.196.76: bytes=1450 time=126ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=125ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=126ms TTL=51
Reply from 69.18.196.76: bytes=1450 time=125ms TTL=51
Ping statistics for 69.18.196.76:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 126ms, Average = 125ms
And I am checking on the type of bonding.
ok, that effectively rules out it being an MTU issue. If you're seeing all sorts of problems with other sites as well you'll defiantly want to engage your ISP. If this all started right about the time you moved to a bonded service my guess is that is a large part of what could be causing your problems.
You mentioned you were not having this problem before....did you have a signle T1 line before, and then simply added two additional T1 lines to your connection, or did you actually migrate to the use of this router and this connection (and this ISP) all at the same time? I'm just trying to get an idea on all things that have changed on your network in the time from when this site was working until it stopped.
If you want to post the config of your 2800 router that would tell me what form of bonding your using as well as if there are other potential issues that could be causing your problems.
You mentioned you were not having this problem before....did you have a signle T1 line before, and then simply added two additional T1 lines to your connection, or did you actually migrate to the use of this router and this connection (and this ISP) all at the same time? I'm just trying to get an idea on all things that have changed on your network in the time from when this site was working until it stopped.
If you want to post the config of your 2800 router that would tell me what form of bonding your using as well as if there are other potential issues that could be causing your problems.
ASKER
They had 3 T1's already in place, One of the T1's was dedicated to a PRI and 2 were data T1's but the data lines were not bonded. With the change we bonded the 3 T1's all with the same ISP and equipment. These issues all started shortly after the change. We had bandwidth issues before but we were maxing out to a 100% utilization . I'm out of time today but will post the 2800 router configurations tomorrow for you.
ASKER
Here is the config of 2821. The ISP said there is no load balancing on the T1's .
This is the running config of the router: xxxxxxx
!------------------------- ---------- ---------- ---------- ---------- ---------- -
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx-FW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnuserauth group radius local
aaa authorization exec default local
aaa authorization network vpngroupauth local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
ip cef
ip inspect name IOSFW udp
ip inspect name IOSFW tcp
ip inspect name IOSFW http
!
!
ip domain name mttc.org
ip name-server 64.89.70.2
ip urlfilter allow-mode on
ip urlfilter server vendor websense 1xx.1xx.1x0.x timeout 3
!
!
!
!
!
!
ip telnet source-interface GigabitEthernet0/1.2
!
class-map match-all Tadem
match access-group 110
!
!
policy-map RestrictTadem
class Tadem
bandwidth percent 20
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key mttc.0rg address 218.26.165.75 no-xauth
!
crypto isakmp client configuration group xxxxxx
key xxxxxxxx
dns 1x.1x.1x.x 1x.1x.1x.x
domain mttc.org
pool VPN-POOL
acl VPN-ACL
!
!
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto dynamic-map DYN-MAP 10
set transform-set 3DESMD5
!
!
crypto map CRYPTO-MAP client authentication list vpnuserauth
crypto map CRYPTO-MAP isakmp authorization list vpngroupauth
crypto map CRYPTO-MAP client configuration address respond
crypto map CRYPTO-MAP 10 ipsec-isakmp
set peer 216.26.175.75
set transform-set 3DESSHA
match address VPN-TO-PEAK10
crypto map CRYPTO-MAP 65535 ipsec-isakmp dynamic DYN-MAP
!
!
!
interface GigabitEthernet0/0
description To_Outside$FW_OUTSIDE$$ETH -LAN$
bandwidth 3072
ip address 66.143.93.48 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip inspect IOSFW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CRYPTO-MAP
service-policy output RestrictTadem
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description To_Inside$FW_INSIDE$$ETH-L AN$
encapsulation dot1Q 1 native
ip address 1x.1x.1x.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.2
description Tandem Network
encapsulation dot1Q 2
ip address 1x.1x.2x.1 255.255.255.0
ip access-group sdm_gigabitethernet0/1.2_i n in
ip nat inside
ip virtual-reassembly
This is the running config of the router: xxxxxxx
!-------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx-FW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnuserauth group radius local
aaa authorization exec default local
aaa authorization network vpngroupauth local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
ip cef
ip inspect name IOSFW udp
ip inspect name IOSFW tcp
ip inspect name IOSFW http
!
!
ip domain name mttc.org
ip name-server 64.89.70.2
ip urlfilter allow-mode on
ip urlfilter server vendor websense 1xx.1xx.1x0.x timeout 3
!
!
!
!
!
!
ip telnet source-interface GigabitEthernet0/1.2
!
class-map match-all Tadem
match access-group 110
!
!
policy-map RestrictTadem
class Tadem
bandwidth percent 20
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key mttc.0rg address 218.26.165.75 no-xauth
!
crypto isakmp client configuration group xxxxxx
key xxxxxxxx
dns 1x.1x.1x.x 1x.1x.1x.x
domain mttc.org
pool VPN-POOL
acl VPN-ACL
!
!
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto dynamic-map DYN-MAP 10
set transform-set 3DESMD5
!
!
crypto map CRYPTO-MAP client authentication list vpnuserauth
crypto map CRYPTO-MAP isakmp authorization list vpngroupauth
crypto map CRYPTO-MAP client configuration address respond
crypto map CRYPTO-MAP 10 ipsec-isakmp
set peer 216.26.175.75
set transform-set 3DESSHA
match address VPN-TO-PEAK10
crypto map CRYPTO-MAP 65535 ipsec-isakmp dynamic DYN-MAP
!
!
!
interface GigabitEthernet0/0
description To_Outside$FW_OUTSIDE$$ETH
bandwidth 3072
ip address 66.143.93.48 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip inspect IOSFW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CRYPTO-MAP
service-policy output RestrictTadem
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description To_Inside$FW_INSIDE$$ETH-L
encapsulation dot1Q 1 native
ip address 1x.1x.1x.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.2
description Tandem Network
encapsulation dot1Q 2
ip address 1x.1x.2x.1 255.255.255.0
ip access-group sdm_gigabitethernet0/1.2_i
ip nat inside
ip virtual-reassembly
OK, so you don't have the T1 lines coming into your hardware. I would assume your provider has the T1 lines going into a hardware device of their own, which in turn gives you an Ethernet hand-off you have plugged into GigabitEthernet0/0 correct?
It looks like most of the routing details where cut off in the config you posted, I can't see anything after your sub-interface Gi0/1.2...there should be a good amount more configuration in there (nat statements, routing statements and the like)
It looks like your ISP is also giving you a block of IP addresses based on your configuration.
If you haven't already, it might not be a bad idea to simply connect a laptop to your ISP's hardware in place of your router, configure it with the same static IP information and see if the problems your seeing on the inside network are also happening when you try from the outside.
If you can reproduce the problem using the same internet connection and IP address settings your router is currently using, then it is time to engage your ISP, as they likely have an issue.
If with those same settings you can access that site, and all other sites render just fine, then you have a local issue that will required further investigation.
It looks like most of the routing details where cut off in the config you posted, I can't see anything after your sub-interface Gi0/1.2...there should be a good amount more configuration in there (nat statements, routing statements and the like)
It looks like your ISP is also giving you a block of IP addresses based on your configuration.
If you haven't already, it might not be a bad idea to simply connect a laptop to your ISP's hardware in place of your router, configure it with the same static IP information and see if the problems your seeing on the inside network are also happening when you try from the outside.
If you can reproduce the problem using the same internet connection and IP address settings your router is currently using, then it is time to engage your ISP, as they likely have an issue.
If with those same settings you can access that site, and all other sites render just fine, then you have a local issue that will required further investigation.
ASKER
Yes that is correct about the internet connection. I have scheduled downtime tomorrow morning to bypass the router and I will post my results then. I didn't copy all of the configurations because it was 8 pages.
ASKER
Ok, I bypassed our router and everything worked like a charm. So looking over the router configurations again to see what could cause this.
ok, well that rules out anything on your ISP's end, and also rules out any kind of firewall issues on the web hosts side (like them blocking your IP address)
In the part of the config your posted it looks like you're also using Websenese? You might try disabling that feature and see if the problem continues.
In the part of the config your posted it looks like you're also using Websenese? You might try disabling that feature and see if the problem continues.
ASKER
We havn't used Websense in over a year but I was looking at that this morning. Did show ip urlfilter config and the results are:
Websense URL Filtering is DISABLED
Primary Websense server configurations
Websense server IP address Or Host Name: 100.100.100.9
Websense server port: 15868
Websense retrasmission time out: 3 <in seconds>
Websense number of retransmission: 2
Secondary Websense server configurations
Other configurations
Allow Mode: ON
System Alert: ENABLED
Audit Trail: DISABLED
Log message on Websense server: DISABLED
Maximun number of cache entries: 5000
Maximun number of packet buffers: 200
Maxium outstanding requests: 1000
Anything there need changed?
Websense URL Filtering is DISABLED
Primary Websense server configurations
Websense server IP address Or Host Name: 100.100.100.9
Websense server port: 15868
Websense retrasmission time out: 3 <in seconds>
Websense number of retransmission: 2
Secondary Websense server configurations
Other configurations
Allow Mode: ON
System Alert: ENABLED
Audit Trail: DISABLED
Log message on Websense server: DISABLED
Maximun number of cache entries: 5000
Maximun number of packet buffers: 200
Maxium outstanding requests: 1000
Anything there need changed?
doesn't look like it....I'm not a WS expert, but since the router is reporting URL filtering disabled I wouldn't expect that to be the cause.
Might also want to rule out the simple stuff:
If you do a "show int gi0/0" verify your speed and duplex settings. You're currently set to auto neg for that interface. I have seen many times when an ISP gives an Ethernet hand-off you can get a duplex miss-match that can cause all sorts of network related issues. If that interface is showing 100M half duplex that could be a strong indicator of a problem. I would recommend hard coding both your interface and the ISP hardware to 100/full (your ISP will likely need to do this on their end unless they gave you access to the hardware.)
Might also want to rule out the simple stuff:
If you do a "show int gi0/0" verify your speed and duplex settings. You're currently set to auto neg for that interface. I have seen many times when an ISP gives an Ethernet hand-off you can get a duplex miss-match that can cause all sorts of network related issues. If that interface is showing 100M half duplex that could be a strong indicator of a problem. I would recommend hard coding both your interface and the ISP hardware to 100/full (your ISP will likely need to do this on their end unless they gave you access to the hardware.)
ASKER
GigabitEthernet0/0 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 001c.f685.6dd8 (bia 001c.f685.6dd8)
Description: To_Outside$FW_OUTSIDE$$ETH -LAN$
Internet address is 66.156.82.45/29
MTU 1500 bytes, BW 3072 Kbit, DLY 100 usec,
reliability 255/255, txload 22/255, rxload 14/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is T
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/16/0 (size/max/drops/flushes); Total output drops: 5
Queueing strategy: Class-based queueing
Output queue: 0/1000/64/5 (size/max total/threshold/drops)
Conversations 0/6/256 (active/max active/max total)
Reserved Conversations 1/1 (allocated/max allocated)
Available Bandwidth 1690 kilobits/sec
5 minute input rate 169000 bits/sec, 30 packets/sec
5 minute output rate 268000 bits/sec, 39 packets/sec
1179554066 packets input, 1818835791 bytes, 5 no buffer
Received 622452 broadcasts, 0 runts, 0 giants, 1 throttles
4 input errors, 0 CRC, 2 frame, 0 overrun, 2 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
996786407 packets output, 638532254 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 2 pause output
0 output buffer failures, 0 output buffers swapped out
Hardware is MV96340 Ethernet, address is 001c.f685.6dd8 (bia 001c.f685.6dd8)
Description: To_Outside$FW_OUTSIDE$$ETH
Internet address is 66.156.82.45/29
MTU 1500 bytes, BW 3072 Kbit, DLY 100 usec,
reliability 255/255, txload 22/255, rxload 14/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is T
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/16/0 (size/max/drops/flushes); Total output drops: 5
Queueing strategy: Class-based queueing
Output queue: 0/1000/64/5 (size/max total/threshold/drops)
Conversations 0/6/256 (active/max active/max total)
Reserved Conversations 1/1 (allocated/max allocated)
Available Bandwidth 1690 kilobits/sec
5 minute input rate 169000 bits/sec, 30 packets/sec
5 minute output rate 268000 bits/sec, 39 packets/sec
1179554066 packets input, 1818835791 bytes, 5 no buffer
Received 622452 broadcasts, 0 runts, 0 giants, 1 throttles
4 input errors, 0 CRC, 2 frame, 0 overrun, 2 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
996786407 packets output, 638532254 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 2 pause output
0 output buffer failures, 0 output buffers swapped out
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here it is!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname XXXX-FW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnuserauth group radius local
aaa authorization exec default local
aaa authorization network vpngroupauth local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
ip cef
ip inspect name IOSFW udp
ip inspect name IOSFW tcp
ip inspect name IOSFW http
!
!
ip domain name mttc.org
ip name-server 64.89.70.2
ip urlfilter allow-mode on
ip urlfilter server vendor websense x.x.x.x timeout 3
!
!
!
!
!
!
ip telnet source-interface GigabitEthernet0/1.2
!
class-map match-all Tadem
match access-group 110
!
!
policy-map RestrictTadem
class Tadem
bandwidth percent 20
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key mttc.0rg address 216.26.175.75 no-xauth
!
crypto isakmp client configuration group IPIVPN
key xxxxxx
dns x.x.x.x x.x.x.x
domain mttc.org
pool VPN-POOL
acl VPN-ACL
!
!
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto dynamic-map DYN-MAP 10
set transform-set 3DESMD5
!
!
crypto map CRYPTO-MAP client authentication list vpnuserauth
crypto map CRYPTO-MAP isakmp authorization list vpngroupauth
crypto map CRYPTO-MAP client configuration address respond
crypto map CRYPTO-MAP 10 ipsec-isakmp
set peer 216.26.175.75
set transform-set 3DESSHA
match address VPN-TO-PEAK10
crypto map CRYPTO-MAP 65535 ipsec-isakmp dynamic DYN-MAP
!
!
!
interface GigabitEthernet0/0
description To_Outside$FW_OUTSIDE$$ETH -LAN$
bandwidth 3072
ip address 66.152.93.54 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip inspect IOSFW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CRYPTO-MAP
service-policy output RestrictTadem
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description To_Inside$FW_INSIDE$$ETH-L AN$
encapsulation dot1Q 1 native
ip address x.x.x.x 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.2
description Tandem Network
encapsulation dot1Q 2
ip address x.x.x.x 255.255.255.0
ip access-group sdm_gigabitethernet0/1.2_i n in
ip nat inside
ip virtual-reassembly
!
ip local pool VPN-POOL 10.10.15.10 10.10.15.50
ip route 0.0.0.0 0.0.0.0 66.147.93.46
ip route 10.10.11.0 255.255.255.0 10.10.10.254
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 109 interface GigabitEthernet0/0 overload
ip nat inside source route-map NO-NAT interface GigabitEthernet0/0 overload
ip nat inside source static 10.10.10.35 66.147.93.41 route-map SDM_RMAP_1
ip nat inside source static 10.10.10.24 66.147.93.42 route-map SDM_RMAP_2
ip nat inside source static 10.10.10.34 70.43.64.113 route-map SDM_RMAP_3
ip nat inside source static 10.10.10.2 70.43.64.114 route-map SDM_RMAP_4
ip nat inside source static 10.10.20.10 70.43.64.115 route-map SDM_RMAP_6
ip nat inside source static 10.10.10.27 70.43.64.116
ip nat inside source static 10.10.10.17 70.43.64.117
ip nat inside source static 10.10.10.9 70.43.64.118
!
ip access-list extended NO-NAT-ACS
remark SDM_ACL Category=18
deny ip host 10.10.10.23 any
deny ip host 10.10.20.10 any
deny ip host 10.10.10.35 any
deny ip host 10.10.10.24 any
deny ip host 10.10.10.27 any
deny ip host 10.10.10.34 any
deny ip host 10.10.10.2 any
deny ip 10.10.10.0 0.0.0.255 10.10.15.0 0.0.0.255
deny ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
deny ip 10.10.11.0 0.0.0.255 10.10.15.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended VPN-ACL
permit ip 10.10.10.0 0.0.0.255 10.10.15.0 0.0.0.255
permit ip 10.10.11.0 0.0.0.255 10.10.15.0 0.0.0.255
ip access-list extended VPN-TO-PEAK10
permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
ip access-list extended sdm_gigabitethernet0/1.2_i n
remark SDM_ACL Category=1
remark Auto generated by SDM for NTP (123) 192.43.244.18
permit udp host 192.43.244.18 eq ntp host 10.10.20.1 eq ntp
permit tcp any eq smtp any
deny ip any 10.10.15.0 0.0.0.255
deny ip any 10.10.11.0 0.0.0.255
deny ip any 10.10.10.0 0.0.0.255
permit ip any any
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny udp host 10.10.10.8 eq 15868 host 10.10.10.1
access-list 100 deny ip 66.147.93.40 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ahp host 216.26.175.75 host 66.147.93.45
access-list 101 permit ahp any host 66.147.93.45
access-list 101 permit esp host 216.26.175.75 host 66.147.93.45
access-list 101 permit udp host 216.26.175.75 host 66.147.93.45 eq isakmp
access-list 101 permit udp host 216.26.175.75 host 66.147.93.45 eq non500-isakmp
access-list 101 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq smtp
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq 443
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq www
access-list 101 deny tcp any host 66.147.93.41 eq smtp
access-list 101 permit tcp any host 66.147.93.41 eq 443
access-list 101 deny tcp any host 66.147.93.41 eq 993
access-list 101 permit tcp any host 66.147.93.41 eq www
access-list 101 remark nstcqa-test
access-list 101 permit tcp any host 66.147.93.42 eq www
access-list 101 remark nstcqa-test
access-list 101 permit tcp any host 66.147.93.42 eq 3389
access-list 101 remark deltek time ipi.mttc.org
access-list 101 permit tcp any host 70.43.64.113 eq www
access-list 101 remark Web-Hosting
access-list 101 permit tcp any host 70.43.64.116 eq www
access-list 101 remark Flextraining
access-list 101 permit tcp any host 70.43.64.117 eq www
access-list 101 remark SharePoint
access-list 101 permit tcp any host 70.43.64.118 eq www
access-list 101 permit tcp any host 66.147.93.45 eq 22
access-list 101 permit esp any host 66.147.93.45
access-list 101 permit udp any eq isakmp host 66.147.93.45
access-list 101 permit udp any host 66.147.93.45 eq isakmp
access-list 101 permit udp any host 66.147.93.45 eq non500-isakmp
access-list 101 remark Tandem-Rule
access-list 101 permit ip any host 70.43.64.115
access-list 101 permit ip host 10.10.15.50 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.49 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.48 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.47 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.46 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.45 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.44 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.43 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.42 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.41 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.40 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.39 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.38 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.37 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.36 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.35 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.34 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.33 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.32 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.31 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.30 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.29 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.28 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.27 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.26 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.25 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.24 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.23 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.22 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.21 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.20 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.19 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.18 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.17 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.16 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.15 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.14 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.13 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.12 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.11 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.10 10.10.10.0 0.0.0.255
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 66.147.93.45 echo-reply
access-list 101 permit icmp any host 66.147.93.45 time-exceeded
access-list 101 permit icmp any host 66.147.93.45 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip host 10.10.10.35 host 10.10.15.50
access-list 102 deny ip host 10.10.10.35 host 10.10.15.49
access-list 102 deny ip host 10.10.10.35 host 10.10.15.48
access-list 102 deny ip host 10.10.10.35 host 10.10.15.47
access-list 102 deny ip host 10.10.10.35 host 10.10.15.46
access-list 102 deny ip host 10.10.10.35 host 10.10.15.45
access-list 102 deny ip host 10.10.10.35 host 10.10.15.44
access-list 102 deny ip host 10.10.10.35 host 10.10.15.43
access-list 102 deny ip host 10.10.10.35 host 10.10.15.42
access-list 102 deny ip host 10.10.10.35 host 10.10.15.41
access-list 102 deny ip host 10.10.10.35 host 10.10.15.40
access-list 102 deny ip host 10.10.10.35 host 10.10.15.39
access-list 102 deny ip host 10.10.10.35 host 10.10.15.38
access-list 102 deny ip host 10.10.10.35 host 10.10.15.37
access-list 102 deny ip host 10.10.10.35 host 10.10.15.36
access-list 102 deny ip host 10.10.10.35 host 10.10.15.35
access-list 102 deny ip host 10.10.10.35 host 10.10.15.34
access-list 102 deny ip host 10.10.10.35 host 10.10.15.33
access-list 102 deny ip host 10.10.10.35 host 10.10.15.32
access-list 102 deny ip host 10.10.10.35 host 10.10.15.31
access-list 102 deny ip host 10.10.10.35 host 10.10.15.30
access-list 102 deny ip host 10.10.10.35 host 10.10.15.29
access-list 102 deny ip host 10.10.10.35 host 10.10.15.28
access-list 102 deny ip host 10.10.10.35 host 10.10.15.27
access-list 102 deny ip host 10.10.10.35 host 10.10.15.26
access-list 102 deny ip host 10.10.10.35 host 10.10.15.25
access-list 102 deny ip host 10.10.10.35 host 10.10.15.24
access-list 102 deny ip host 10.10.10.35 host 10.10.15.23
access-list 102 deny ip host 10.10.10.35 host 10.10.15.22
access-list 102 deny ip host 10.10.10.35 host 10.10.15.21
access-list 102 deny ip host 10.10.10.35 host 10.10.15.20
access-list 102 deny ip host 10.10.10.35 host 10.10.15.19
access-list 102 deny ip host 10.10.10.35 host 10.10.15.18
access-list 102 deny ip host 10.10.10.35 host 10.10.15.17
access-list 102 deny ip host 10.10.10.35 host 10.10.15.16
access-list 102 deny ip host 10.10.10.35 host 10.10.15.15
access-list 102 deny ip host 10.10.10.35 host 10.10.15.14
access-list 102 deny ip host 10.10.10.35 host 10.10.15.13
access-list 102 deny ip host 10.10.10.35 host 10.10.15.12
access-list 102 deny ip host 10.10.10.35 host 10.10.15.11
access-list 102 deny ip host 10.10.10.35 host 10.10.15.10
access-list 102 permit ip host 10.10.10.35 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip host 10.10.10.24 host 10.10.15.50
access-list 103 deny ip host 10.10.10.24 host 10.10.15.49
access-list 103 deny ip host 10.10.10.24 host 10.10.15.48
access-list 103 deny ip host 10.10.10.24 host 10.10.15.47
access-list 103 deny ip host 10.10.10.24 host 10.10.15.46
access-list 103 deny ip host 10.10.10.24 host 10.10.15.45
access-list 103 deny ip host 10.10.10.24 host 10.10.15.44
access-list 103 deny ip host 10.10.10.24 host 10.10.15.43
access-list 103 deny ip host 10.10.10.24 host 10.10.15.42
access-list 103 deny ip host 10.10.10.24 host 10.10.15.41
access-list 103 deny ip host 10.10.10.24 host 10.10.15.40
access-list 103 deny ip host 10.10.10.24 host 10.10.15.39
access-list 103 deny ip host 10.10.10.24 host 10.10.15.38
access-list 103 deny ip host 10.10.10.24 host 10.10.15.37
access-list 103 deny ip host 10.10.10.24 host 10.10.15.36
access-list 103 deny ip host 10.10.10.24 host 10.10.15.35
access-list 103 deny ip host 10.10.10.24 host 10.10.15.34
access-list 103 deny ip host 10.10.10.24 host 10.10.15.33
access-list 103 deny ip host 10.10.10.24 host 10.10.15.32
access-list 103 deny ip host 10.10.10.24 host 10.10.15.31
access-list 103 deny ip host 10.10.10.24 host 10.10.15.30
access-list 103 deny ip host 10.10.10.24 host 10.10.15.29
access-list 103 deny ip host 10.10.10.24 host 10.10.15.28
access-list 103 deny ip host 10.10.10.24 host 10.10.15.27
access-list 103 deny ip host 10.10.10.24 host 10.10.15.26
access-list 103 deny ip host 10.10.10.24 host 10.10.15.25
access-list 103 deny ip host 10.10.10.24 host 10.10.15.24
access-list 103 deny ip host 10.10.10.24 host 10.10.15.23
access-list 103 deny ip host 10.10.10.24 host 10.10.15.22
access-list 103 deny ip host 10.10.10.24 host 10.10.15.21
access-list 103 deny ip host 10.10.10.24 host 10.10.15.20
access-list 103 deny ip host 10.10.10.24 host 10.10.15.19
access-list 103 deny ip host 10.10.10.24 host 10.10.15.18
access-list 103 deny ip host 10.10.10.24 host 10.10.15.17
access-list 103 deny ip host 10.10.10.24 host 10.10.15.16
access-list 103 deny ip host 10.10.10.24 host 10.10.15.15
access-list 103 deny ip host 10.10.10.24 host 10.10.15.14
access-list 103 deny ip host 10.10.10.24 host 10.10.15.13
access-list 103 deny ip host 10.10.10.24 host 10.10.15.12
access-list 103 deny ip host 10.10.10.24 host 10.10.15.11
access-list 103 deny ip host 10.10.10.24 host 10.10.15.10
access-list 103 permit ip host 10.10.10.24 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 10.10.10.34 host 10.10.15.50
access-list 104 deny ip host 10.10.10.34 host 10.10.15.49
access-list 104 deny ip host 10.10.10.34 host 10.10.15.48
access-list 104 deny ip host 10.10.10.34 host 10.10.15.47
access-list 104 deny ip host 10.10.10.34 host 10.10.15.46
access-list 104 deny ip host 10.10.10.34 host 10.10.15.45
access-list 104 deny ip host 10.10.10.34 host 10.10.15.44
access-list 104 deny ip host 10.10.10.34 host 10.10.15.43
access-list 104 deny ip host 10.10.10.34 host 10.10.15.42
access-list 104 deny ip host 10.10.10.34 host 10.10.15.41
access-list 104 deny ip host 10.10.10.34 host 10.10.15.40
access-list 104 deny ip host 10.10.10.34 host 10.10.15.39
access-list 104 deny ip host 10.10.10.34 host 10.10.15.38
access-list 104 deny ip host 10.10.10.34 host 10.10.15.37
access-list 104 deny ip host 10.10.10.34 host 10.10.15.36
access-list 104 deny ip host 10.10.10.34 host 10.10.15.35
access-list 104 deny ip host 10.10.10.34 host 10.10.15.34
access-list 104 deny ip host 10.10.10.34 host 10.10.15.33
access-list 104 deny ip host 10.10.10.34 host 10.10.15.32
access-list 104 deny ip host 10.10.10.34 host 10.10.15.31
access-list 104 deny ip host 10.10.10.34 host 10.10.15.30
access-list 104 deny ip host 10.10.10.34 host 10.10.15.29
access-list 104 deny ip host 10.10.10.34 host 10.10.15.28
access-list 104 deny ip host 10.10.10.34 host 10.10.15.27
access-list 104 deny ip host 10.10.10.34 host 10.10.15.26
access-list 104 deny ip host 10.10.10.34 host 10.10.15.25
access-list 104 deny ip host 10.10.10.34 host 10.10.15.24
access-list 104 deny ip host 10.10.10.34 host 10.10.15.23
access-list 104 deny ip host 10.10.10.34 host 10.10.15.22
access-list 104 deny ip host 10.10.10.34 host 10.10.15.21
access-list 104 deny ip host 10.10.10.34 host 10.10.15.20
access-list 104 deny ip host 10.10.10.34 host 10.10.15.19
access-list 104 deny ip host 10.10.10.34 host 10.10.15.18
access-list 104 deny ip host 10.10.10.34 host 10.10.15.17
access-list 104 deny ip host 10.10.10.34 host 10.10.15.16
access-list 104 deny ip host 10.10.10.34 host 10.10.15.15
access-list 104 deny ip host 10.10.10.34 host 10.10.15.14
access-list 104 deny ip host 10.10.10.34 host 10.10.15.13
access-list 104 deny ip host 10.10.10.34 host 10.10.15.12
access-list 104 deny ip host 10.10.10.34 host 10.10.15.11
access-list 104 deny ip host 10.10.10.34 host 10.10.15.10
access-list 104 permit ip host 10.10.10.34 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 10.10.10.2 host 10.10.15.50
access-list 105 deny ip host 10.10.10.2 host 10.10.15.49
access-list 105 deny ip host 10.10.10.2 host 10.10.15.48
access-list 105 deny ip host 10.10.10.2 host 10.10.15.47
access-list 105 deny ip host 10.10.10.2 host 10.10.15.46
access-list 105 deny ip host 10.10.10.2 host 10.10.15.45
access-list 105 deny ip host 10.10.10.2 host 10.10.15.44
access-list 105 deny ip host 10.10.10.2 host 10.10.15.43
access-list 105 deny ip host 10.10.10.2 host 10.10.15.42
access-list 105 deny ip host 10.10.10.2 host 10.10.15.41
access-list 105 deny ip host 10.10.10.2 host 10.10.15.40
access-list 105 deny ip host 10.10.10.2 host 10.10.15.39
access-list 105 deny ip host 10.10.10.2 host 10.10.15.38
access-list 105 deny ip host 10.10.10.2 host 10.10.15.37
access-list 105 deny ip host 10.10.10.2 host 10.10.15.36
access-list 105 deny ip host 10.10.10.2 host 10.10.15.35
access-list 105 deny ip host 10.10.10.2 host 10.10.15.34
access-list 105 deny ip host 10.10.10.2 host 10.10.15.33
access-list 105 deny ip host 10.10.10.2 host 10.10.15.32
access-list 105 deny ip host 10.10.10.2 host 10.10.15.31
access-list 105 deny ip host 10.10.10.2 host 10.10.15.30
access-list 105 deny ip host 10.10.10.2 host 10.10.15.29
access-list 105 deny ip host 10.10.10.2 host 10.10.15.28
access-list 105 deny ip host 10.10.10.2 host 10.10.15.27
access-list 105 deny ip host 10.10.10.2 host 10.10.15.26
access-list 105 deny ip host 10.10.10.2 host 10.10.15.25
access-list 105 deny ip host 10.10.10.2 host 10.10.15.24
access-list 105 deny ip host 10.10.10.2 host 10.10.15.23
access-list 105 deny ip host 10.10.10.2 host 10.10.15.22
access-list 105 deny ip host 10.10.10.2 host 10.10.15.21
access-list 105 deny ip host 10.10.10.2 host 10.10.15.20
access-list 105 deny ip host 10.10.10.2 host 10.10.15.19
access-list 105 deny ip host 10.10.10.2 host 10.10.15.18
access-list 105 deny ip host 10.10.10.2 host 10.10.15.17
access-list 105 deny ip host 10.10.10.2 host 10.10.15.16
access-list 105 deny ip host 10.10.10.2 host 10.10.15.15
access-list 105 deny ip host 10.10.10.2 host 10.10.15.14
access-list 105 deny ip host 10.10.10.2 host 10.10.15.13
access-list 105 deny ip host 10.10.10.2 host 10.10.15.12
access-list 105 deny ip host 10.10.10.2 host 10.10.15.11
access-list 105 deny ip host 10.10.10.2 host 10.10.15.10
access-list 105 permit ip host 10.10.10.2 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 10.10.10.27 host 10.10.15.50
access-list 106 deny ip host 10.10.10.27 host 10.10.15.49
access-list 106 deny ip host 10.10.10.27 host 10.10.15.48
access-list 106 deny ip host 10.10.10.27 host 10.10.15.47
access-list 106 deny ip host 10.10.10.27 host 10.10.15.46
access-list 106 deny ip host 10.10.10.27 host 10.10.15.45
access-list 106 deny ip host 10.10.10.27 host 10.10.15.44
access-list 106 deny ip host 10.10.10.27 host 10.10.15.43
access-list 106 deny ip host 10.10.10.27 host 10.10.15.42
access-list 106 deny ip host 10.10.10.27 host 10.10.15.41
access-list 106 deny ip host 10.10.10.27 host 10.10.15.40
access-list 106 deny ip host 10.10.10.27 host 10.10.15.39
access-list 106 deny ip host 10.10.10.27 host 10.10.15.38
access-list 106 deny ip host 10.10.10.27 host 10.10.15.37
access-list 106 deny ip host 10.10.10.27 host 10.10.15.36
access-list 106 deny ip host 10.10.10.27 host 10.10.15.35
access-list 106 deny ip host 10.10.10.27 host 10.10.15.34
access-list 106 deny ip host 10.10.10.27 host 10.10.15.33
access-list 106 deny ip host 10.10.10.27 host 10.10.15.32
access-list 106 deny ip host 10.10.10.27 host 10.10.15.31
access-list 106 deny ip host 10.10.10.27 host 10.10.15.30
access-list 106 deny ip host 10.10.10.27 host 10.10.15.29
access-list 106 deny ip host 10.10.10.27 host 10.10.15.28
access-list 106 deny ip host 10.10.10.27 host 10.10.15.27
access-list 106 deny ip host 10.10.10.27 host 10.10.15.26
access-list 106 deny ip host 10.10.10.27 host 10.10.15.25
access-list 106 deny ip host 10.10.10.27 host 10.10.15.24
access-list 106 deny ip host 10.10.10.27 host 10.10.15.23
access-list 106 deny ip host 10.10.10.27 host 10.10.15.22
access-list 106 deny ip host 10.10.10.27 host 10.10.15.21
access-list 106 deny ip host 10.10.10.27 host 10.10.15.20
access-list 106 deny ip host 10.10.10.27 host 10.10.15.19
access-list 106 deny ip host 10.10.10.27 host 10.10.15.18
access-list 106 deny ip host 10.10.10.27 host 10.10.15.17
access-list 106 deny ip host 10.10.10.27 host 10.10.15.16
access-list 106 deny ip host 10.10.10.27 host 10.10.15.15
access-list 106 deny ip host 10.10.10.27 host 10.10.15.14
access-list 106 deny ip host 10.10.10.27 host 10.10.15.13
access-list 106 deny ip host 10.10.10.27 host 10.10.15.12
access-list 106 deny ip host 10.10.10.27 host 10.10.15.11
access-list 106 deny ip host 10.10.10.27 host 10.10.15.10
access-list 106 permit ip host 10.10.10.27 any
access-list 107 remark SDM_ACL Category=2
access-list 107 deny ip host 10.10.20.10 host 10.10.15.50
access-list 107 deny ip host 10.10.20.10 host 10.10.15.49
access-list 107 deny ip host 10.10.20.10 host 10.10.15.48
access-list 107 deny ip host 10.10.20.10 host 10.10.15.47
access-list 107 deny ip host 10.10.20.10 host 10.10.15.46
access-list 107 deny ip host 10.10.20.10 host 10.10.15.45
access-list 107 deny ip host 10.10.20.10 host 10.10.15.44
access-list 107 deny ip host 10.10.20.10 host 10.10.15.43
access-list 107 deny ip host 10.10.20.10 host 10.10.15.42
access-list 107 deny ip host 10.10.20.10 host 10.10.15.41
access-list 107 deny ip host 10.10.20.10 host 10.10.15.40
access-list 107 deny ip host 10.10.20.10 host 10.10.15.39
access-list 107 deny ip host 10.10.20.10 host 10.10.15.38
access-list 107 deny ip host 10.10.20.10 host 10.10.15.37
access-list 107 deny ip host 10.10.20.10 host 10.10.15.36
access-list 107 deny ip host 10.10.20.10 host 10.10.15.35
access-list 107 deny ip host 10.10.20.10 host 10.10.15.34
access-list 107 deny ip host 10.10.20.10 host 10.10.15.33
access-list 107 deny ip host 10.10.20.10 host 10.10.15.32
access-list 107 deny ip host 10.10.20.10 host 10.10.15.31
access-list 107 deny ip host 10.10.20.10 host 10.10.15.30
access-list 107 deny ip host 10.10.20.10 host 10.10.15.29
access-list 107 deny ip host 10.10.20.10 host 10.10.15.28
access-list 107 deny ip host 10.10.20.10 host 10.10.15.27
access-list 107 deny ip host 10.10.20.10 host 10.10.15.26
access-list 107 deny ip host 10.10.20.10 host 10.10.15.25
access-list 107 deny ip host 10.10.20.10 host 10.10.15.24
access-list 107 deny ip host 10.10.20.10 host 10.10.15.23
access-list 107 deny ip host 10.10.20.10 host 10.10.15.22
access-list 107 deny ip host 10.10.20.10 host 10.10.15.21
access-list 107 deny ip host 10.10.20.10 host 10.10.15.20
access-list 107 deny ip host 10.10.20.10 host 10.10.15.19
access-list 107 deny ip host 10.10.20.10 host 10.10.15.18
access-list 107 deny ip host 10.10.20.10 host 10.10.15.17
access-list 107 deny ip host 10.10.20.10 host 10.10.15.16
access-list 107 deny ip host 10.10.20.10 host 10.10.15.15
access-list 107 deny ip host 10.10.20.10 host 10.10.15.14
access-list 107 deny ip host 10.10.20.10 host 10.10.15.13
access-list 107 deny ip host 10.10.20.10 host 10.10.15.12
access-list 107 deny ip host 10.10.20.10 host 10.10.15.11
access-list 107 deny ip host 10.10.20.10 host 10.10.15.10
access-list 107 permit ip host 10.10.20.10 any
access-list 108 remark SDM_ACL Category=2
access-list 108 deny ip host 10.10.10.23 host 10.10.15.50
access-list 108 deny ip host 10.10.10.23 host 10.10.15.49
access-list 108 deny ip host 10.10.10.23 host 10.10.15.48
access-list 108 deny ip host 10.10.10.23 host 10.10.15.47
access-list 108 deny ip host 10.10.10.23 host 10.10.15.46
access-list 108 deny ip host 10.10.10.23 host 10.10.15.45
access-list 108 deny ip host 10.10.10.23 host 10.10.15.44
access-list 108 deny ip host 10.10.10.23 host 10.10.15.43
access-list 108 deny ip host 10.10.10.23 host 10.10.15.42
access-list 108 deny ip host 10.10.10.23 host 10.10.15.41
access-list 108 deny ip host 10.10.10.23 host 10.10.15.40
access-list 108 deny ip host 10.10.10.23 host 10.10.15.39
access-list 108 deny ip host 10.10.10.23 host 10.10.15.38
access-list 108 deny ip host 10.10.10.23 host 10.10.15.37
access-list 108 deny ip host 10.10.10.23 host 10.10.15.36
access-list 108 deny ip host 10.10.10.23 host 10.10.15.35
access-list 108 deny ip host 10.10.10.23 host 10.10.15.34
access-list 108 deny ip host 10.10.10.23 host 10.10.15.33
access-list 108 deny ip host 10.10.10.23 host 10.10.15.32
access-list 108 deny ip host 10.10.10.23 host 10.10.15.31
access-list 108 deny ip host 10.10.10.23 host 10.10.15.30
access-list 108 deny ip host 10.10.10.23 host 10.10.15.29
access-list 108 deny ip host 10.10.10.23 host 10.10.15.28
access-list 108 deny ip host 10.10.10.23 host 10.10.15.27
access-list 108 deny ip host 10.10.10.23 host 10.10.15.26
access-list 108 deny ip host 10.10.10.23 host 10.10.15.25
access-list 108 deny ip host 10.10.10.23 host 10.10.15.24
access-list 108 deny ip host 10.10.10.23 host 10.10.15.23
access-list 108 deny ip host 10.10.10.23 host 10.10.15.22
access-list 108 deny ip host 10.10.10.23 host 10.10.15.21
access-list 108 deny ip host 10.10.10.23 host 10.10.15.20
access-list 108 deny ip host 10.10.10.23 host 10.10.15.19
access-list 108 deny ip host 10.10.10.23 host 10.10.15.18
access-list 108 deny ip host 10.10.10.23 host 10.10.15.17
access-list 108 deny ip host 10.10.10.23 host 10.10.15.16
access-list 108 deny ip host 10.10.10.23 host 10.10.15.15
access-list 108 deny ip host 10.10.10.23 host 10.10.15.14
access-list 108 deny ip host 10.10.10.23 host 10.10.15.13
access-list 108 deny ip host 10.10.10.23 host 10.10.15.12
access-list 108 deny ip host 10.10.10.23 host 10.10.15.11
access-list 108 deny ip host 10.10.10.23 host 10.10.15.10
access-list 108 permit ip host 10.10.10.23 any
access-list 109 deny ip host 10.10.20.10 any
access-list 109 permit ip 10.10.20.0 0.0.0.63 any
access-list 110 permit ip 10.10.20.0 0.0.0.63 any
route-map SDM_RMAP_4 permit 1
match ip address 105
!
route-map SDM_RMAP_5 permit 1
match ip address 106
!
route-map SDM_RMAP_6 permit 1
match ip address 107
!
route-map SDM_RMAP_7 permit 1
match ip address 108
!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
route-map SDM_RMAP_2 permit 1
match ip address 103
!
route-map SDM_RMAP_3 permit 1
match ip address 104
!
route-map NO-NAT permit 10
match ip address NO-NAT-ACS
!
!
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key xxxxxx
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp authentication-key 54487 md5 130C071B020817392E2A3B3C27 2C0717 7
ntp authenticate
ntp source GigabitEthernet0/1
ntp master
ntp server 192.43.244.18
!
end
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname XXXX-FW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnuserauth group radius local
aaa authorization exec default local
aaa authorization network vpngroupauth local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
ip cef
ip inspect name IOSFW udp
ip inspect name IOSFW tcp
ip inspect name IOSFW http
!
!
ip domain name mttc.org
ip name-server 64.89.70.2
ip urlfilter allow-mode on
ip urlfilter server vendor websense x.x.x.x timeout 3
!
!
!
!
!
!
ip telnet source-interface GigabitEthernet0/1.2
!
class-map match-all Tadem
match access-group 110
!
!
policy-map RestrictTadem
class Tadem
bandwidth percent 20
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key mttc.0rg address 216.26.175.75 no-xauth
!
crypto isakmp client configuration group IPIVPN
key xxxxxx
dns x.x.x.x x.x.x.x
domain mttc.org
pool VPN-POOL
acl VPN-ACL
!
!
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto dynamic-map DYN-MAP 10
set transform-set 3DESMD5
!
!
crypto map CRYPTO-MAP client authentication list vpnuserauth
crypto map CRYPTO-MAP isakmp authorization list vpngroupauth
crypto map CRYPTO-MAP client configuration address respond
crypto map CRYPTO-MAP 10 ipsec-isakmp
set peer 216.26.175.75
set transform-set 3DESSHA
match address VPN-TO-PEAK10
crypto map CRYPTO-MAP 65535 ipsec-isakmp dynamic DYN-MAP
!
!
!
interface GigabitEthernet0/0
description To_Outside$FW_OUTSIDE$$ETH
bandwidth 3072
ip address 66.152.93.54 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip inspect IOSFW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CRYPTO-MAP
service-policy output RestrictTadem
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description To_Inside$FW_INSIDE$$ETH-L
encapsulation dot1Q 1 native
ip address x.x.x.x 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.2
description Tandem Network
encapsulation dot1Q 2
ip address x.x.x.x 255.255.255.0
ip access-group sdm_gigabitethernet0/1.2_i
ip nat inside
ip virtual-reassembly
!
ip local pool VPN-POOL 10.10.15.10 10.10.15.50
ip route 0.0.0.0 0.0.0.0 66.147.93.46
ip route 10.10.11.0 255.255.255.0 10.10.10.254
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 109 interface GigabitEthernet0/0 overload
ip nat inside source route-map NO-NAT interface GigabitEthernet0/0 overload
ip nat inside source static 10.10.10.35 66.147.93.41 route-map SDM_RMAP_1
ip nat inside source static 10.10.10.24 66.147.93.42 route-map SDM_RMAP_2
ip nat inside source static 10.10.10.34 70.43.64.113 route-map SDM_RMAP_3
ip nat inside source static 10.10.10.2 70.43.64.114 route-map SDM_RMAP_4
ip nat inside source static 10.10.20.10 70.43.64.115 route-map SDM_RMAP_6
ip nat inside source static 10.10.10.27 70.43.64.116
ip nat inside source static 10.10.10.17 70.43.64.117
ip nat inside source static 10.10.10.9 70.43.64.118
!
ip access-list extended NO-NAT-ACS
remark SDM_ACL Category=18
deny ip host 10.10.10.23 any
deny ip host 10.10.20.10 any
deny ip host 10.10.10.35 any
deny ip host 10.10.10.24 any
deny ip host 10.10.10.27 any
deny ip host 10.10.10.34 any
deny ip host 10.10.10.2 any
deny ip 10.10.10.0 0.0.0.255 10.10.15.0 0.0.0.255
deny ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
deny ip 10.10.11.0 0.0.0.255 10.10.15.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended VPN-ACL
permit ip 10.10.10.0 0.0.0.255 10.10.15.0 0.0.0.255
permit ip 10.10.11.0 0.0.0.255 10.10.15.0 0.0.0.255
ip access-list extended VPN-TO-PEAK10
permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
ip access-list extended sdm_gigabitethernet0/1.2_i
remark SDM_ACL Category=1
remark Auto generated by SDM for NTP (123) 192.43.244.18
permit udp host 192.43.244.18 eq ntp host 10.10.20.1 eq ntp
permit tcp any eq smtp any
deny ip any 10.10.15.0 0.0.0.255
deny ip any 10.10.11.0 0.0.0.255
deny ip any 10.10.10.0 0.0.0.255
permit ip any any
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny udp host 10.10.10.8 eq 15868 host 10.10.10.1
access-list 100 deny ip 66.147.93.40 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ahp host 216.26.175.75 host 66.147.93.45
access-list 101 permit ahp any host 66.147.93.45
access-list 101 permit esp host 216.26.175.75 host 66.147.93.45
access-list 101 permit udp host 216.26.175.75 host 66.147.93.45 eq isakmp
access-list 101 permit udp host 216.26.175.75 host 66.147.93.45 eq non500-isakmp
access-list 101 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq smtp
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq 443
access-list 101 remark barracuda
access-list 101 permit tcp any host 70.43.64.114 eq www
access-list 101 deny tcp any host 66.147.93.41 eq smtp
access-list 101 permit tcp any host 66.147.93.41 eq 443
access-list 101 deny tcp any host 66.147.93.41 eq 993
access-list 101 permit tcp any host 66.147.93.41 eq www
access-list 101 remark nstcqa-test
access-list 101 permit tcp any host 66.147.93.42 eq www
access-list 101 remark nstcqa-test
access-list 101 permit tcp any host 66.147.93.42 eq 3389
access-list 101 remark deltek time ipi.mttc.org
access-list 101 permit tcp any host 70.43.64.113 eq www
access-list 101 remark Web-Hosting
access-list 101 permit tcp any host 70.43.64.116 eq www
access-list 101 remark Flextraining
access-list 101 permit tcp any host 70.43.64.117 eq www
access-list 101 remark SharePoint
access-list 101 permit tcp any host 70.43.64.118 eq www
access-list 101 permit tcp any host 66.147.93.45 eq 22
access-list 101 permit esp any host 66.147.93.45
access-list 101 permit udp any eq isakmp host 66.147.93.45
access-list 101 permit udp any host 66.147.93.45 eq isakmp
access-list 101 permit udp any host 66.147.93.45 eq non500-isakmp
access-list 101 remark Tandem-Rule
access-list 101 permit ip any host 70.43.64.115
access-list 101 permit ip host 10.10.15.50 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.49 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.48 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.47 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.46 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.45 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.44 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.43 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.42 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.41 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.40 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.39 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.38 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.37 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.36 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.35 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.34 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.33 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.32 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.31 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.30 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.29 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.28 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.27 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.26 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.25 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.24 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.23 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.22 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.21 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.20 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.19 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.18 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.17 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.16 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.15 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.14 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.13 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.12 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.11 10.10.10.0 0.0.0.255
access-list 101 permit ip host 10.10.15.10 10.10.10.0 0.0.0.255
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 66.147.93.45 echo-reply
access-list 101 permit icmp any host 66.147.93.45 time-exceeded
access-list 101 permit icmp any host 66.147.93.45 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip host 10.10.10.35 host 10.10.15.50
access-list 102 deny ip host 10.10.10.35 host 10.10.15.49
access-list 102 deny ip host 10.10.10.35 host 10.10.15.48
access-list 102 deny ip host 10.10.10.35 host 10.10.15.47
access-list 102 deny ip host 10.10.10.35 host 10.10.15.46
access-list 102 deny ip host 10.10.10.35 host 10.10.15.45
access-list 102 deny ip host 10.10.10.35 host 10.10.15.44
access-list 102 deny ip host 10.10.10.35 host 10.10.15.43
access-list 102 deny ip host 10.10.10.35 host 10.10.15.42
access-list 102 deny ip host 10.10.10.35 host 10.10.15.41
access-list 102 deny ip host 10.10.10.35 host 10.10.15.40
access-list 102 deny ip host 10.10.10.35 host 10.10.15.39
access-list 102 deny ip host 10.10.10.35 host 10.10.15.38
access-list 102 deny ip host 10.10.10.35 host 10.10.15.37
access-list 102 deny ip host 10.10.10.35 host 10.10.15.36
access-list 102 deny ip host 10.10.10.35 host 10.10.15.35
access-list 102 deny ip host 10.10.10.35 host 10.10.15.34
access-list 102 deny ip host 10.10.10.35 host 10.10.15.33
access-list 102 deny ip host 10.10.10.35 host 10.10.15.32
access-list 102 deny ip host 10.10.10.35 host 10.10.15.31
access-list 102 deny ip host 10.10.10.35 host 10.10.15.30
access-list 102 deny ip host 10.10.10.35 host 10.10.15.29
access-list 102 deny ip host 10.10.10.35 host 10.10.15.28
access-list 102 deny ip host 10.10.10.35 host 10.10.15.27
access-list 102 deny ip host 10.10.10.35 host 10.10.15.26
access-list 102 deny ip host 10.10.10.35 host 10.10.15.25
access-list 102 deny ip host 10.10.10.35 host 10.10.15.24
access-list 102 deny ip host 10.10.10.35 host 10.10.15.23
access-list 102 deny ip host 10.10.10.35 host 10.10.15.22
access-list 102 deny ip host 10.10.10.35 host 10.10.15.21
access-list 102 deny ip host 10.10.10.35 host 10.10.15.20
access-list 102 deny ip host 10.10.10.35 host 10.10.15.19
access-list 102 deny ip host 10.10.10.35 host 10.10.15.18
access-list 102 deny ip host 10.10.10.35 host 10.10.15.17
access-list 102 deny ip host 10.10.10.35 host 10.10.15.16
access-list 102 deny ip host 10.10.10.35 host 10.10.15.15
access-list 102 deny ip host 10.10.10.35 host 10.10.15.14
access-list 102 deny ip host 10.10.10.35 host 10.10.15.13
access-list 102 deny ip host 10.10.10.35 host 10.10.15.12
access-list 102 deny ip host 10.10.10.35 host 10.10.15.11
access-list 102 deny ip host 10.10.10.35 host 10.10.15.10
access-list 102 permit ip host 10.10.10.35 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip host 10.10.10.24 host 10.10.15.50
access-list 103 deny ip host 10.10.10.24 host 10.10.15.49
access-list 103 deny ip host 10.10.10.24 host 10.10.15.48
access-list 103 deny ip host 10.10.10.24 host 10.10.15.47
access-list 103 deny ip host 10.10.10.24 host 10.10.15.46
access-list 103 deny ip host 10.10.10.24 host 10.10.15.45
access-list 103 deny ip host 10.10.10.24 host 10.10.15.44
access-list 103 deny ip host 10.10.10.24 host 10.10.15.43
access-list 103 deny ip host 10.10.10.24 host 10.10.15.42
access-list 103 deny ip host 10.10.10.24 host 10.10.15.41
access-list 103 deny ip host 10.10.10.24 host 10.10.15.40
access-list 103 deny ip host 10.10.10.24 host 10.10.15.39
access-list 103 deny ip host 10.10.10.24 host 10.10.15.38
access-list 103 deny ip host 10.10.10.24 host 10.10.15.37
access-list 103 deny ip host 10.10.10.24 host 10.10.15.36
access-list 103 deny ip host 10.10.10.24 host 10.10.15.35
access-list 103 deny ip host 10.10.10.24 host 10.10.15.34
access-list 103 deny ip host 10.10.10.24 host 10.10.15.33
access-list 103 deny ip host 10.10.10.24 host 10.10.15.32
access-list 103 deny ip host 10.10.10.24 host 10.10.15.31
access-list 103 deny ip host 10.10.10.24 host 10.10.15.30
access-list 103 deny ip host 10.10.10.24 host 10.10.15.29
access-list 103 deny ip host 10.10.10.24 host 10.10.15.28
access-list 103 deny ip host 10.10.10.24 host 10.10.15.27
access-list 103 deny ip host 10.10.10.24 host 10.10.15.26
access-list 103 deny ip host 10.10.10.24 host 10.10.15.25
access-list 103 deny ip host 10.10.10.24 host 10.10.15.24
access-list 103 deny ip host 10.10.10.24 host 10.10.15.23
access-list 103 deny ip host 10.10.10.24 host 10.10.15.22
access-list 103 deny ip host 10.10.10.24 host 10.10.15.21
access-list 103 deny ip host 10.10.10.24 host 10.10.15.20
access-list 103 deny ip host 10.10.10.24 host 10.10.15.19
access-list 103 deny ip host 10.10.10.24 host 10.10.15.18
access-list 103 deny ip host 10.10.10.24 host 10.10.15.17
access-list 103 deny ip host 10.10.10.24 host 10.10.15.16
access-list 103 deny ip host 10.10.10.24 host 10.10.15.15
access-list 103 deny ip host 10.10.10.24 host 10.10.15.14
access-list 103 deny ip host 10.10.10.24 host 10.10.15.13
access-list 103 deny ip host 10.10.10.24 host 10.10.15.12
access-list 103 deny ip host 10.10.10.24 host 10.10.15.11
access-list 103 deny ip host 10.10.10.24 host 10.10.15.10
access-list 103 permit ip host 10.10.10.24 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 10.10.10.34 host 10.10.15.50
access-list 104 deny ip host 10.10.10.34 host 10.10.15.49
access-list 104 deny ip host 10.10.10.34 host 10.10.15.48
access-list 104 deny ip host 10.10.10.34 host 10.10.15.47
access-list 104 deny ip host 10.10.10.34 host 10.10.15.46
access-list 104 deny ip host 10.10.10.34 host 10.10.15.45
access-list 104 deny ip host 10.10.10.34 host 10.10.15.44
access-list 104 deny ip host 10.10.10.34 host 10.10.15.43
access-list 104 deny ip host 10.10.10.34 host 10.10.15.42
access-list 104 deny ip host 10.10.10.34 host 10.10.15.41
access-list 104 deny ip host 10.10.10.34 host 10.10.15.40
access-list 104 deny ip host 10.10.10.34 host 10.10.15.39
access-list 104 deny ip host 10.10.10.34 host 10.10.15.38
access-list 104 deny ip host 10.10.10.34 host 10.10.15.37
access-list 104 deny ip host 10.10.10.34 host 10.10.15.36
access-list 104 deny ip host 10.10.10.34 host 10.10.15.35
access-list 104 deny ip host 10.10.10.34 host 10.10.15.34
access-list 104 deny ip host 10.10.10.34 host 10.10.15.33
access-list 104 deny ip host 10.10.10.34 host 10.10.15.32
access-list 104 deny ip host 10.10.10.34 host 10.10.15.31
access-list 104 deny ip host 10.10.10.34 host 10.10.15.30
access-list 104 deny ip host 10.10.10.34 host 10.10.15.29
access-list 104 deny ip host 10.10.10.34 host 10.10.15.28
access-list 104 deny ip host 10.10.10.34 host 10.10.15.27
access-list 104 deny ip host 10.10.10.34 host 10.10.15.26
access-list 104 deny ip host 10.10.10.34 host 10.10.15.25
access-list 104 deny ip host 10.10.10.34 host 10.10.15.24
access-list 104 deny ip host 10.10.10.34 host 10.10.15.23
access-list 104 deny ip host 10.10.10.34 host 10.10.15.22
access-list 104 deny ip host 10.10.10.34 host 10.10.15.21
access-list 104 deny ip host 10.10.10.34 host 10.10.15.20
access-list 104 deny ip host 10.10.10.34 host 10.10.15.19
access-list 104 deny ip host 10.10.10.34 host 10.10.15.18
access-list 104 deny ip host 10.10.10.34 host 10.10.15.17
access-list 104 deny ip host 10.10.10.34 host 10.10.15.16
access-list 104 deny ip host 10.10.10.34 host 10.10.15.15
access-list 104 deny ip host 10.10.10.34 host 10.10.15.14
access-list 104 deny ip host 10.10.10.34 host 10.10.15.13
access-list 104 deny ip host 10.10.10.34 host 10.10.15.12
access-list 104 deny ip host 10.10.10.34 host 10.10.15.11
access-list 104 deny ip host 10.10.10.34 host 10.10.15.10
access-list 104 permit ip host 10.10.10.34 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 10.10.10.2 host 10.10.15.50
access-list 105 deny ip host 10.10.10.2 host 10.10.15.49
access-list 105 deny ip host 10.10.10.2 host 10.10.15.48
access-list 105 deny ip host 10.10.10.2 host 10.10.15.47
access-list 105 deny ip host 10.10.10.2 host 10.10.15.46
access-list 105 deny ip host 10.10.10.2 host 10.10.15.45
access-list 105 deny ip host 10.10.10.2 host 10.10.15.44
access-list 105 deny ip host 10.10.10.2 host 10.10.15.43
access-list 105 deny ip host 10.10.10.2 host 10.10.15.42
access-list 105 deny ip host 10.10.10.2 host 10.10.15.41
access-list 105 deny ip host 10.10.10.2 host 10.10.15.40
access-list 105 deny ip host 10.10.10.2 host 10.10.15.39
access-list 105 deny ip host 10.10.10.2 host 10.10.15.38
access-list 105 deny ip host 10.10.10.2 host 10.10.15.37
access-list 105 deny ip host 10.10.10.2 host 10.10.15.36
access-list 105 deny ip host 10.10.10.2 host 10.10.15.35
access-list 105 deny ip host 10.10.10.2 host 10.10.15.34
access-list 105 deny ip host 10.10.10.2 host 10.10.15.33
access-list 105 deny ip host 10.10.10.2 host 10.10.15.32
access-list 105 deny ip host 10.10.10.2 host 10.10.15.31
access-list 105 deny ip host 10.10.10.2 host 10.10.15.30
access-list 105 deny ip host 10.10.10.2 host 10.10.15.29
access-list 105 deny ip host 10.10.10.2 host 10.10.15.28
access-list 105 deny ip host 10.10.10.2 host 10.10.15.27
access-list 105 deny ip host 10.10.10.2 host 10.10.15.26
access-list 105 deny ip host 10.10.10.2 host 10.10.15.25
access-list 105 deny ip host 10.10.10.2 host 10.10.15.24
access-list 105 deny ip host 10.10.10.2 host 10.10.15.23
access-list 105 deny ip host 10.10.10.2 host 10.10.15.22
access-list 105 deny ip host 10.10.10.2 host 10.10.15.21
access-list 105 deny ip host 10.10.10.2 host 10.10.15.20
access-list 105 deny ip host 10.10.10.2 host 10.10.15.19
access-list 105 deny ip host 10.10.10.2 host 10.10.15.18
access-list 105 deny ip host 10.10.10.2 host 10.10.15.17
access-list 105 deny ip host 10.10.10.2 host 10.10.15.16
access-list 105 deny ip host 10.10.10.2 host 10.10.15.15
access-list 105 deny ip host 10.10.10.2 host 10.10.15.14
access-list 105 deny ip host 10.10.10.2 host 10.10.15.13
access-list 105 deny ip host 10.10.10.2 host 10.10.15.12
access-list 105 deny ip host 10.10.10.2 host 10.10.15.11
access-list 105 deny ip host 10.10.10.2 host 10.10.15.10
access-list 105 permit ip host 10.10.10.2 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 10.10.10.27 host 10.10.15.50
access-list 106 deny ip host 10.10.10.27 host 10.10.15.49
access-list 106 deny ip host 10.10.10.27 host 10.10.15.48
access-list 106 deny ip host 10.10.10.27 host 10.10.15.47
access-list 106 deny ip host 10.10.10.27 host 10.10.15.46
access-list 106 deny ip host 10.10.10.27 host 10.10.15.45
access-list 106 deny ip host 10.10.10.27 host 10.10.15.44
access-list 106 deny ip host 10.10.10.27 host 10.10.15.43
access-list 106 deny ip host 10.10.10.27 host 10.10.15.42
access-list 106 deny ip host 10.10.10.27 host 10.10.15.41
access-list 106 deny ip host 10.10.10.27 host 10.10.15.40
access-list 106 deny ip host 10.10.10.27 host 10.10.15.39
access-list 106 deny ip host 10.10.10.27 host 10.10.15.38
access-list 106 deny ip host 10.10.10.27 host 10.10.15.37
access-list 106 deny ip host 10.10.10.27 host 10.10.15.36
access-list 106 deny ip host 10.10.10.27 host 10.10.15.35
access-list 106 deny ip host 10.10.10.27 host 10.10.15.34
access-list 106 deny ip host 10.10.10.27 host 10.10.15.33
access-list 106 deny ip host 10.10.10.27 host 10.10.15.32
access-list 106 deny ip host 10.10.10.27 host 10.10.15.31
access-list 106 deny ip host 10.10.10.27 host 10.10.15.30
access-list 106 deny ip host 10.10.10.27 host 10.10.15.29
access-list 106 deny ip host 10.10.10.27 host 10.10.15.28
access-list 106 deny ip host 10.10.10.27 host 10.10.15.27
access-list 106 deny ip host 10.10.10.27 host 10.10.15.26
access-list 106 deny ip host 10.10.10.27 host 10.10.15.25
access-list 106 deny ip host 10.10.10.27 host 10.10.15.24
access-list 106 deny ip host 10.10.10.27 host 10.10.15.23
access-list 106 deny ip host 10.10.10.27 host 10.10.15.22
access-list 106 deny ip host 10.10.10.27 host 10.10.15.21
access-list 106 deny ip host 10.10.10.27 host 10.10.15.20
access-list 106 deny ip host 10.10.10.27 host 10.10.15.19
access-list 106 deny ip host 10.10.10.27 host 10.10.15.18
access-list 106 deny ip host 10.10.10.27 host 10.10.15.17
access-list 106 deny ip host 10.10.10.27 host 10.10.15.16
access-list 106 deny ip host 10.10.10.27 host 10.10.15.15
access-list 106 deny ip host 10.10.10.27 host 10.10.15.14
access-list 106 deny ip host 10.10.10.27 host 10.10.15.13
access-list 106 deny ip host 10.10.10.27 host 10.10.15.12
access-list 106 deny ip host 10.10.10.27 host 10.10.15.11
access-list 106 deny ip host 10.10.10.27 host 10.10.15.10
access-list 106 permit ip host 10.10.10.27 any
access-list 107 remark SDM_ACL Category=2
access-list 107 deny ip host 10.10.20.10 host 10.10.15.50
access-list 107 deny ip host 10.10.20.10 host 10.10.15.49
access-list 107 deny ip host 10.10.20.10 host 10.10.15.48
access-list 107 deny ip host 10.10.20.10 host 10.10.15.47
access-list 107 deny ip host 10.10.20.10 host 10.10.15.46
access-list 107 deny ip host 10.10.20.10 host 10.10.15.45
access-list 107 deny ip host 10.10.20.10 host 10.10.15.44
access-list 107 deny ip host 10.10.20.10 host 10.10.15.43
access-list 107 deny ip host 10.10.20.10 host 10.10.15.42
access-list 107 deny ip host 10.10.20.10 host 10.10.15.41
access-list 107 deny ip host 10.10.20.10 host 10.10.15.40
access-list 107 deny ip host 10.10.20.10 host 10.10.15.39
access-list 107 deny ip host 10.10.20.10 host 10.10.15.38
access-list 107 deny ip host 10.10.20.10 host 10.10.15.37
access-list 107 deny ip host 10.10.20.10 host 10.10.15.36
access-list 107 deny ip host 10.10.20.10 host 10.10.15.35
access-list 107 deny ip host 10.10.20.10 host 10.10.15.34
access-list 107 deny ip host 10.10.20.10 host 10.10.15.33
access-list 107 deny ip host 10.10.20.10 host 10.10.15.32
access-list 107 deny ip host 10.10.20.10 host 10.10.15.31
access-list 107 deny ip host 10.10.20.10 host 10.10.15.30
access-list 107 deny ip host 10.10.20.10 host 10.10.15.29
access-list 107 deny ip host 10.10.20.10 host 10.10.15.28
access-list 107 deny ip host 10.10.20.10 host 10.10.15.27
access-list 107 deny ip host 10.10.20.10 host 10.10.15.26
access-list 107 deny ip host 10.10.20.10 host 10.10.15.25
access-list 107 deny ip host 10.10.20.10 host 10.10.15.24
access-list 107 deny ip host 10.10.20.10 host 10.10.15.23
access-list 107 deny ip host 10.10.20.10 host 10.10.15.22
access-list 107 deny ip host 10.10.20.10 host 10.10.15.21
access-list 107 deny ip host 10.10.20.10 host 10.10.15.20
access-list 107 deny ip host 10.10.20.10 host 10.10.15.19
access-list 107 deny ip host 10.10.20.10 host 10.10.15.18
access-list 107 deny ip host 10.10.20.10 host 10.10.15.17
access-list 107 deny ip host 10.10.20.10 host 10.10.15.16
access-list 107 deny ip host 10.10.20.10 host 10.10.15.15
access-list 107 deny ip host 10.10.20.10 host 10.10.15.14
access-list 107 deny ip host 10.10.20.10 host 10.10.15.13
access-list 107 deny ip host 10.10.20.10 host 10.10.15.12
access-list 107 deny ip host 10.10.20.10 host 10.10.15.11
access-list 107 deny ip host 10.10.20.10 host 10.10.15.10
access-list 107 permit ip host 10.10.20.10 any
access-list 108 remark SDM_ACL Category=2
access-list 108 deny ip host 10.10.10.23 host 10.10.15.50
access-list 108 deny ip host 10.10.10.23 host 10.10.15.49
access-list 108 deny ip host 10.10.10.23 host 10.10.15.48
access-list 108 deny ip host 10.10.10.23 host 10.10.15.47
access-list 108 deny ip host 10.10.10.23 host 10.10.15.46
access-list 108 deny ip host 10.10.10.23 host 10.10.15.45
access-list 108 deny ip host 10.10.10.23 host 10.10.15.44
access-list 108 deny ip host 10.10.10.23 host 10.10.15.43
access-list 108 deny ip host 10.10.10.23 host 10.10.15.42
access-list 108 deny ip host 10.10.10.23 host 10.10.15.41
access-list 108 deny ip host 10.10.10.23 host 10.10.15.40
access-list 108 deny ip host 10.10.10.23 host 10.10.15.39
access-list 108 deny ip host 10.10.10.23 host 10.10.15.38
access-list 108 deny ip host 10.10.10.23 host 10.10.15.37
access-list 108 deny ip host 10.10.10.23 host 10.10.15.36
access-list 108 deny ip host 10.10.10.23 host 10.10.15.35
access-list 108 deny ip host 10.10.10.23 host 10.10.15.34
access-list 108 deny ip host 10.10.10.23 host 10.10.15.33
access-list 108 deny ip host 10.10.10.23 host 10.10.15.32
access-list 108 deny ip host 10.10.10.23 host 10.10.15.31
access-list 108 deny ip host 10.10.10.23 host 10.10.15.30
access-list 108 deny ip host 10.10.10.23 host 10.10.15.29
access-list 108 deny ip host 10.10.10.23 host 10.10.15.28
access-list 108 deny ip host 10.10.10.23 host 10.10.15.27
access-list 108 deny ip host 10.10.10.23 host 10.10.15.26
access-list 108 deny ip host 10.10.10.23 host 10.10.15.25
access-list 108 deny ip host 10.10.10.23 host 10.10.15.24
access-list 108 deny ip host 10.10.10.23 host 10.10.15.23
access-list 108 deny ip host 10.10.10.23 host 10.10.15.22
access-list 108 deny ip host 10.10.10.23 host 10.10.15.21
access-list 108 deny ip host 10.10.10.23 host 10.10.15.20
access-list 108 deny ip host 10.10.10.23 host 10.10.15.19
access-list 108 deny ip host 10.10.10.23 host 10.10.15.18
access-list 108 deny ip host 10.10.10.23 host 10.10.15.17
access-list 108 deny ip host 10.10.10.23 host 10.10.15.16
access-list 108 deny ip host 10.10.10.23 host 10.10.15.15
access-list 108 deny ip host 10.10.10.23 host 10.10.15.14
access-list 108 deny ip host 10.10.10.23 host 10.10.15.13
access-list 108 deny ip host 10.10.10.23 host 10.10.15.12
access-list 108 deny ip host 10.10.10.23 host 10.10.15.11
access-list 108 deny ip host 10.10.10.23 host 10.10.15.10
access-list 108 permit ip host 10.10.10.23 any
access-list 109 deny ip host 10.10.20.10 any
access-list 109 permit ip 10.10.20.0 0.0.0.63 any
access-list 110 permit ip 10.10.20.0 0.0.0.63 any
route-map SDM_RMAP_4 permit 1
match ip address 105
!
route-map SDM_RMAP_5 permit 1
match ip address 106
!
route-map SDM_RMAP_6 permit 1
match ip address 107
!
route-map SDM_RMAP_7 permit 1
match ip address 108
!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
route-map SDM_RMAP_2 permit 1
match ip address 103
!
route-map SDM_RMAP_3 permit 1
match ip address 104
!
route-map NO-NAT permit 10
match ip address NO-NAT-ACS
!
!
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key xxxxxx
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp authentication-key 54487 md5 130C071B020817392E2A3B3C27
ntp authenticate
ntp source GigabitEthernet0/1
ntp master
ntp server 192.43.244.18
!
end
ASKER
It was an issue with the firewall. We removed the inspect http traffic and all issues cleared up.
ASKER
wasn't the solution but helped me out the most! Thanks