nasemabdullaa
asked on
ASA routing or VPN
Hi
Please I have two ASA 5550 connect together by wireless connection from ASA1 to ASA2 on E0/2 on both side below the configuration of my network
ASA1 site1
E0/0 IP address X.X.X.X outside
E0/1 IP address 172.16.0.1 inside (network 172.16.0.0)
E0/2 IP address 200.200.200.1
ASA2 site2
E0/0 IP address X.X.X.X outside
E0/1 IP address 192.168.0.1 inside (network 192.168.0.0)
E0/2 IP address 200.200.200.2
ASA1 connect to ASA2 by wireless connection and I can ping from 200.200.200.1 to 200.200.200.2 (its work)
Please I need network 172.16.0.0 on ASA1 site to see and connect to network 192.168.0.0 on ASA2 site two
Please I need the configuration I try to made VPN but its not work also I try to add route but its not work please any suggestion
Please its urgent to me
Regards
Please I have two ASA 5550 connect together by wireless connection from ASA1 to ASA2 on E0/2 on both side below the configuration of my network
ASA1 site1
E0/0 IP address X.X.X.X outside
E0/1 IP address 172.16.0.1 inside (network 172.16.0.0)
E0/2 IP address 200.200.200.1
ASA2 site2
E0/0 IP address X.X.X.X outside
E0/1 IP address 192.168.0.1 inside (network 192.168.0.0)
E0/2 IP address 200.200.200.2
ASA1 connect to ASA2 by wireless connection and I can ping from 200.200.200.1 to 200.200.200.2 (its work)
Please I need network 172.16.0.0 on ASA1 site to see and connect to network 192.168.0.0 on ASA2 site two
Please I need the configuration I try to made VPN but its not work also I try to add route but its not work please any suggestion
Please its urgent to me
Regards
Normally, static routes on both sides should do the trick, on ASA1 the route with destination 192.168.0.0 and gateway 200.200.200.2, on ASA2 route to 172.16.0.0 and gateway 200.200.200.1. Depending on the security level, you will also need to add policies to allow the traffic through e2, as well as nat excemption ...
ASKER
Hello
Please below my ASA configuration for both side but its not working also show route
Please any help
Regards
Please below my ASA configuration for both side but its not working also show route
ASA Version 7.2(2)
!
hostname ciscoasa
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif LOOP
security-level 0
ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:a8426070394933a0ae74b57a1e4b125c
: end
ciscoasa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 82.205.240.145 to network 0.0.0.0
C 200.200.200.0 255.255.255.0 is directly connected, LOOP
S 172.16.0.0 255.255.255.0 [1/0] via 200.200.200.1, LOOP
C 82.205.240.128 255.255.255.224 is directly connected, outside
C 192.168.0.0 255.255.255.0 is directly connected, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 82.205.240.145, outside
ciscoasa#
interface Ethernet0/0ytes/sec)
nameif outside
security-level 0oasa# conf t
ip address 82.205.240.98 255.255.255.240P 192.168.0.0 255.255.255.0 200.200.200.1
!m
interface Ethernet0/1
mt
nameif inside
security-level 100
mtu LO
ip address 172.16.0.1 255.255.255.0500
icmp unreacha
!e
interface Ethernet0/2ze 1
nameif LOOP
security-level 0/a
!n
interface Management0/00.0.0
nameif management (inside,outside)
security-level 1006.0.4 netmask 255.2
ip address 192.168.1.1 255.255.255.0
management-onlyroup outside_in
!
passwd X.y0JGA9o6phmjQ6 encrypted
acces
ftp mode passivess_in in interfa
dns server-group DefaultDNS
ro
domain-name default.domain.invalid40.97 1
pager lines 24
timeout xla
logging asdm informational
timeout conn 1:00:00
mtu management 1500udp 0:02:00 icmp 0:
mtu outside 1500
mtu inside 1500
mtu LOOP 1500 sunrpc 0:10:
icmp unreachable rate-limit 1 burst-size 1gcp-pat
asdm image disk0:
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1ttp 172.16.0.0 255.255.255.0 inside
timeout xlate 3:00:00 snmp-server location
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
snmp-server enable traps snmp authentication linkup linkdown c
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00P_1_cryptomap
crypto map LO
timeout uauth 0:05:00 absolute
crypto map LOOP
http server enable.200.200.2
http 172.16.0.0 255.2
authentication pre-share
telnet 172.16.0.0 255.255.255.0 insideash sha
group 2
lif
telnet timeout 5
telnet
ssh timeout 55.255.255.0 i
console timeout 0
dhcpd dns 172.16.0.3 82.205.224.9
ssh timeout 5
!c
dhcpd address 192.168.1.2-192.168.1.254 management0.3 82.205.224.9
dhcpd enable management0.20-172.16.0.120 insid
!
dhcpd address 172.16.0.20-172.16.0.150 insidecpd enable inside
!
dhcpd
dhcpd enable inside-192.168.1.254 mana
!m
!t
class-map inspection_default
dhcpd
match default-inspection-traffic
!
!
class-map inspection
!e
!u
policy-map type inspect d
inspect rshreset_dns_map
inspect rtsp
inspect esmtp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:fb670a2282bcb4a41316ae27ab867b89
: end
ciscoasa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 82.205.240.97 to network 0.0.0.0
C 200.200.200.0 255.255.255.0 is directly connected, LOOP
C 172.16.0.0 255.255.255.0 is directly connected, inside
C 82.205.240.96 255.255.255.240 is directly connected, outside
S 192.168.0.0 255.255.255.0 [1/0] via 200.200.200.2, LOOP
S* 0.0.0.0 0.0.0.0 [1/0] via 82.205.240.97, outside
ciscoasa#
Please any help
Regards
I don't see any NAT exemption in the config for the communication via LOOP/e2, also with the loop p2p interface being security level 0, you will need the access list to allow the traffic through it ... on ASA1 allow traffic from the 192.168 to 172.16 via e2, and the opposite direction on ASA2 ...
ASKER
Hello
Please I change the security-level for LOOP interface to 100 in both side but its still not working
>>>also with the loop p2p interface being security level 0, you will need the access list to allow the traffic through it ... on ASA1 allow traffic from the 192.168 to 172.16 via e2, and the opposite direction on ASA2 ...
Please how I can do that
>>>NAT exemption in the config for the communication via LOOP/e2,
Please how I can do that
Regards
Please I change the security-level for LOOP interface to 100 in both side but its still not working
>>>also with the loop p2p interface being security level 0, you will need the access list to allow the traffic through it ... on ASA1 allow traffic from the 192.168 to 172.16 via e2, and the opposite direction on ASA2 ...
Please how I can do that
>>>NAT exemption in the config for the communication via LOOP/e2,
Please how I can do that
Regards
ciscoasa# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif LOOP
security-level 100
ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:a2ab56ba78fdbb6e15b7ce6f7af30e9f
: end
ciscoasa#
User Access Verification, Eg: 0, 100 etc. The re
Password:rity leve
Type help or '?' for a list of available commands.
ciscoasa> enterfaces det
Password: ************ptive Security
ciscoasa# sh run
: Saved
:
ASA Version 7.2(3) Al
!r
hostname ciscoasa lower security_l
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted outside relative to a higher level interf
namesd equ
!a
interface Ethernet0/0
nameif outside
security-level 0
ip address 82.205.240.98 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.0
!
interface Ethernet0/2
nameif LOOP
security-level 100
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 172.16.0.0 255.2
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 172.16.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 172.16.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 172.16.0.20-172.16.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect d
policy-map type inspect d
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:0d9231a96462f710e9afa335aeae4a81
: end
ciscoasa#
On ASDM, you can enable the "allow traffic through firewall without NAT" (not sure what the exact line is, but something to that meaning), that way you will not need the NAT exemption. Also, there should be a checkmark field where you can allow traffic through by default for equal security level ... It's been a while since I used a 7.x ASA and ASDM, so can't quite remember the specifics ...
ASKER
User Access Verification
Password:
Type help or '?' for a list of available commands.
ciscoasa> en
Password: *************
Invalid password
Password: ************
ciscoasa#
ciscoasa# sh run
: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 82.205.240.98 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.0
!
interface Ethernet0/2
nameif LOOP
security-level 100
ip address 200.200.200.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list LOOP_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu management 15
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group LOOP_access_in in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mg
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 172.16.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 172.16.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 172.16.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable manag
!
dhcpd address 172.16.0.20-172.16.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:9f52d3f79a1eedbd033374727113494d
: end
ciscoasa#
ciscoasa# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif LOOP
security-level 100
ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
access-list LOOP_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
access-group LOOP_access_in in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:2cf8ba42963730a464d1eac1d8545235
: end
ciscoasa#
Please I do that but its still not working
please any help
Regards
Did you try using the packet tracer tool in ASDM or on the command line to see where the packets are blocked?
ASKER
Hello
Please the packet deny by access list
Please what must I do
Regards
Please the packet deny by access list
Please what must I do
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello
Please in ASA1
User Access Verification55.255.0 LOOP
Password:
Type help or '?' for a list of available commands.
Subtype:
Result: ALLOW
ciscoasa> en:
Add
Password: ************
ciscoasa# conf tType: INSPECT
ciscoasa(config)# packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10nfig:
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.0.0 255.255.255.0 LOOP
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALL
Result: ALL
Additional Information:
Phase: 5
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 231, untranslate_hits = 0
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
ciscoasa(config)#
in ASA2
ciscoasa# conf t
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 LOOP
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 1, untranslate_hits = 0
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
ciscoasa(config)#
Please any help and thank you for all your help and support
Regards
Please in ASA1
User Access Verification55.255.0 LOOP
Password:
Type help or '?' for a list of available commands.
Subtype:
Result: ALLOW
ciscoasa> en:
Add
Password: ************
ciscoasa# conf tType: INSPECT
ciscoasa(config)# packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10nfig:
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.0.0 255.255.255.0 LOOP
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALL
Result: ALL
Additional Information:
Phase: 5
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 231, untranslate_hits = 0
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
ciscoasa(config)#
in ASA2
ciscoasa# conf t
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 LOOP
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 1, untranslate_hits = 0
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
ciscoasa(config)#
Please any help and thank you for all your help and support
Regards
OK, as expected, the feature for allowing un-nat-ed packets isn't active ...
Go to the firewall setting, NAT, and add a new nat exemption for packets between 192.168 and 172.16 ...
I'm currently out of the office, so slightly limited in what I can try/test, so off the top of my head here ...
access-list site_to_site_nat extended 172.16.0.0 255.255.255.0 192.168.0.0 255.255.255.0
(switch the IPs for the second ASA)
nat (inside) 0 access-list site_to_site_nat
This should exclude the site-to-site traffic from NAT, with a rule there, the forwarding should be allowed ...
If the pings don't work after that, re-try the packet tracer ...
Go to the firewall setting, NAT, and add a new nat exemption for packets between 192.168 and 172.16 ...
I'm currently out of the office, so slightly limited in what I can try/test, so off the top of my head here ...
access-list site_to_site_nat extended 172.16.0.0 255.255.255.0 192.168.0.0 255.255.255.0
(switch the IPs for the second ASA)
nat (inside) 0 access-list site_to_site_nat
This should exclude the site-to-site traffic from NAT, with a rule there, the forwarding should be allowed ...
If the pings don't work after that, re-try the packet tracer ...
ASKER
Please
for ASA 1 I add
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192.168.0.0 255.255.255.0
access-group site_to_site_nat in interface LOOP
nat (inside) 0 access-list site_to_site_nat
For ASA2
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0
access-group site_to_site_nat in interface LOOP
nat (inside) 0 access-list site_to_site_nat
But its still not working
Regards
for ASA 1 I add
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192.168.0.0 255.255.255.0
access-group site_to_site_nat in interface LOOP
nat (inside) 0 access-list site_to_site_nat
For ASA2
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0
access-group site_to_site_nat in interface LOOP
nat (inside) 0 access-list site_to_site_nat
But its still not working
Regards
what's the output from the packet tracer?
ASKER
Hello
Thank you for your reply
ASA1
User Access Verification
Password:
Type help or '?' for a list of available commands.
ciscoasa> en
Password: ************
ciscoasa# conf t
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 inside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
ciscoasa(config)#
ASA2
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 LOOP
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
match ip inside 192.168.0.0 255.255.255.0 LOOP 172.16.0.0 255.255.255.0
NAT exempt
translate_hits = 2, untranslate_hits = 0
Additional Information:
Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any management any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 70582, packet dispatched to next module
Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 2125
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa(config)#
Please any help
Regards
Thank you for your reply
ASA1
User Access Verification
Password:
Type help or '?' for a list of available commands.
ciscoasa> en
Password: ************
ciscoasa# conf t
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 inside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
ciscoasa(config)#
ASA2
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 LOOP
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
match ip inside 192.168.0.0 255.255.255.0 LOOP 172.16.0.0 255.255.255.0
NAT exempt
translate_hits = 2, untranslate_hits = 0
Additional Information:
Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any management any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 70582, packet dispatched to next module
Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 2125
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa(config)#
Please any help
Regards
ASKER
Hello EE
Please any help
Regards
Please any help
Regards
OK, one way is working, now the question is, what did you configure differently on ASA 1? From what I can see in the config a couple posts earlier, there's noting essential different as far as traffic from inside to loop is concerned ... could you go over the current config on asa 2 and compare it to what you posted earlier?
and while we're at it, try this on asa 1:
packet-tracer input loop icmp 192.16.0.20 8 0 172.16.0.10
as well as the opposite on the second ASA ...
packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10
This should show whether incoming pings from the opposite end of the p2p link would be allowed ...
packet-tracer input loop icmp 192.16.0.20 8 0 172.16.0.10
as well as the opposite on the second ASA ...
packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10
This should show whether incoming pings from the opposite end of the p2p link would be allowed ...
ASKER
Hello
Thank you for your reply
Plesae I check both configuration and its same and I attached the configuration for you I still can not ping from 172.16.0.1 to 192.168.0.1
Please any help
Regards
ASA1 200.200.200.1 (Local network 172.16.0.0, remote network 192.168.0.0)
interface Ethernet0/0
nameif outside
security-level 0
ip address 82.205.240.98 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.0
!
interface Ethernet0/2
nameif LOOP
security-level 100
ip address 200.200.200.1 255.255.255.0
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192
.0.0 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group site_to_site_nat in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1
dhcpd dns 172.16.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 172.16.0.20-172.16.0.150 inside
dhcpd enable inside
ASA1 (packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10)
User Access Verificationnat in interface LOOP
Password:
Type help or '?' for a list of available commands.at extended permit ip 172.16.0.0 255.255.255.0 192
ciscoasa> en
Password: ************
ciscoasa# conf t.0 255.255.255.0
ciscoasa(config)# packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Phase: 1nfig:
Type: ACCESS-LISTformation:
Subtype:
Result: ALLOW
Type: INS
Config:
Implicit Rule-inspect
Additional Information:LLOW
Confi
MAC Access listonal Informatio
Phase: 2
Type: FLOW-LOOKUP
Type: FLO
Subtype:N
Result: ALLOWubtype:
Config:t: ALLO
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Config:
access-group site_to_site_nat in interface LOOP
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192.168
.0.0 255.255.255.0
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 121912, packet dispatched to next module
Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.2 using egress ifc LOOP
adjacency Active
next-hop mac address 001a.6d7c.7c08 hits 3802
Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa(config)#
ASA1 200.200.200.2 (Local network 192.168.0.0, remote network 172.16.0.0)
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif LOOP
security-level 100
ip address 200.200.200.2 255.255.255.0
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16
.0.0 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
access-group site_to_site_nat in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
ASA2 (packet-tracer input loop icmp 192.168.0.20 8 0 172.16.0.10)
ciscoasa# packet-tracer input loop icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 LOOP
Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group site_to_site_nat in interface LOOP
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16
.0.0 255.255.255.0
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 114109, packet dispatched to next module
Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 2149
Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa#
OK, so at least the loop interfaces would permit the packets to come in ... I notice you say you can't ping "from 172.16.0.1 to 192.168.0.1" - those are the internal IPs of the firewalls - did you actually try to ping between two machines INSIDE the LAN networks instead of the firewall?
ASKER
Hello
Please I can not ping to any computer or printer from network A to network B
Plesae any idea
Regards
Please I can not ping to any computer or printer from network A to network B
Plesae any idea
Regards
ASKER
Please is there any other configuration I need to do it so it will work. Please its urgent to me any idea will help me
Regards
Regards
Unless you can find the difference between ASA1 and 2, using ASDM add a rule on ASA1 allowing packets on Interface inside from the 172.16 network to 192.168 ... judging from the tracer output, that's all that's blocking the communication at the moment ...
ASKER
Hello
Please I permit any to any IP in inside interface but its still not working. in each ASA
Plesae any idea
ASA (200.2)
ASA1 200.1
Please I permit any to any IP in inside interface but its still not working. in each ASA
Plesae any idea
ASA (200.2)
ciscoasa#
ciscoasa# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif LOOP
security-level 100
ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16
.0.0 255.255.255.0
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
access-group inside_access_in in interface inside
access-group site_to_site_nat in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f1096822f004ad8b38190e1e6793dfe0
: end
ciscoasa#
ASA1 200.1
User Access Verification
Password:
Type help or '?' for a list of available commands.
ciscoasa> en
Password: ************
ciscoasa# sh run
: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 82.205.240.98 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.0
!
interface Ethernet0/2
nameif LOOP
security-level 100
ip address 200.200.200.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192
.0.0 255.255.255.0
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group site_to_site_nat in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 172.16.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server cont
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 172.16.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 172.16.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 172.16.0.20-172.16.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:622c1dc0c954eab3efa7330bfe9786aa
: end
ciscoasa#
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello
Please I remove from both side and still not working. Plesae any Idea
ASA1
Regards
Please I remove from both side and still not working. Plesae any Idea
ASA1
Regards
User Access Verificationt (5/5), round-trip min/
Password:/1/1 ms
Type help or '?' for a list of available commands.
ciscoasa# ping 200.200.200.2
ciscoasa> en
Ty
Password: ************bort.
ciscoasa# sh run
: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 82.205.240.98 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.0
!
interface Ethernet0/2
nameif LOOP
security-level 100
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192
.0.0 255.255.255.0
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 172.16.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authenticati
telnet 172.16.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 172.16.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 172.16.0.20-172.16.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:f3ec8e535dce18d4310af9f58cd164ab
: end
ciscoasa#
Is the output from the previously failed packet tracer call still the same? Sorry, but it's a bit tiresome having to ask you to run the diagnostic tools again and again ...
ASKER
Hello
For ASA1
ASA2
For ASA1
User Access Verification
Password:
Type help or '?' for a list of available commands.
ciscoasa> en
Password: ************
ciscoasa# conf t
ciscoasa(config)# packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.0.0 255.255.255.0 LOOP
Phase: 4
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 175018, packet dispatched to next module
Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.2 using egress ifc LOOP
adjacency Active
next-hop mac address 001a.6d7c.7c08 hits 1030
Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa(config)#
ASA2
ciscoasa> en
Password: ************
ciscoasa# conf t
ciscoasa(config)# packet-tracer input loop icmp 192.16.0.20 8 0 172.16.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 LOOP
Phase: 4
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 63, packet dispatched to next module
Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 2448
Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa(config)#
ASKER
Plesae any help any idea can help me
Regards
Regards
I was talking about the tracer that failed, on the INSIDE interface ...
ASKER
Hello
Plesae can you explain
Regards
Plesae can you explain
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello
Thank you for your reply
ASA1 172.16.0.0 (packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10)
ASA1 192.168.0.0 (packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10)
Thank you for your reply
ASA1 172.16.0.0 (packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10)
User Access Verificationtranslate_hits = 1
Password:
Type help or '?' for a list of available commands.
ciscoasa> en
Password: ************
ciscoasa# conf t
ciscoasa(config)# packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.0.0 255.255.255.0 LOOP
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip any any
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
match ip inside 172.16.0.0 255.255.255.0 LOOP 192.168.0.0 255.255.255.0
NAT exempt
translate_hits = 7770, untranslate_hits = 9
Additional Information:
Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any management any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untr
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 175601, packet dispatched to next module
Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.2 using egress ifc LOOP
adjacency Active
next-hop mac address 001a.6d7c.7c08 hits 5145
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa(config)#
ASA1 192.168.0.0 (packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10)
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.255.0 LOOP
Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip any any
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
match ip inside 192.168.0.0 255.255.255.0 LOOP 172.16.0.0 255.255.255.0
NAT exempt
translate_hits = 10, untranslate_hits = 3
Additional Information:
Phase: 8
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any LOOP any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (82.205.240.146 [Interface PAT])
translate_hits = 297, untranslate_hits = 0
Additional Information:
Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 331, packet dispatched to next module
Phase: 11
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 8735
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow
ciscoasa(config)#
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello
ASA1
ASA2
ASA1
605: 21:49:29.934201 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
606: 21:49:29.934445 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
607: 21:49:29.935574 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
608: 21:49:29.980768 192.168.0.29.3684 > 172.16.0.45.1299: udp 32y
609: 21:49:29.980982 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
610: 21:49:29.982432 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
611: 21:49:30.027479 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
612: 21:49:30.027937 192.168.0.29.3684
619: 21:49:30.844057 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
620: 21:49:30.844270 192.168.0.29.3684
622: 21:49:30.933698 192.168.0.29.3684 > 172.16.0.45.1299: udp 37y
623: 21:49:30.933987 192.168.0.29.3684 > 172.16.0.45.1299: udp 34t
624: 21:49:30.937649 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
625: 21:49:31.084605 172.16.0.3 > 192.168.0.201: icmp: echo request
626: 21:49:31.086970 192.168.0.201 > 172.16.0.3: icmp: echo reply
627: 21:49:31.762640 192.168.0.29.3684 > 172.16.0.45.1299: udp 35t
628: 21:49:31.767843 172.16.0.45.1299 >1
630: 21:49:31.981241 192.168.0.29.3684 > 172.16.0.45.1299: udp 33y
631: 21:49:31.981409 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
632: 21:49:31.984705 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
633: 21:49:32.083415 172.16.0.3 > 192.168.0.201: icmp: echo request
634: 21:49:32.085810 192.168.0.201 > 172.16.0.3: icmp: echo reply
635: 21:49:32.317869 192.168.0.29.3684 > 172.16.0.45.1299: udp 32t5
636: 21:49:32.317991 192.168.0.29.3684 1
638: 21:49:32.793812 192.168.0.29.3684 > 172.16.0.45.1299: udp 355
639: 21:49:32.799351 172.16.0.45.1299 > 192.168.0.29.3684: udp 3436
640: 21:49:32.825091 192.168.0.29.3684 > 172.16.0.45.1299: udp 3134
641: 21:49:32.981135 192.168.0.29.3684 > 172.16.0.45.1299: udp 7632
642: 21:49:32.981257 192.168.0.29.3684 > 172.16.0.45.1299: udp 3434
643: 21:49:32.986780 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t4
644: 21:49:33.027845 192.168.0.29.3684 1
645: 21:49:33.029249 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
646: 21:49:33.033720 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
647: 21:49:33.074672 192.168.0.29.3684 > 172.16.0.45.1299: udp 32t
648: 21:49:33.074840 192.168.0.29.3684 > 172.16.0.45.1299: udp 34y
649: 21:49:33.080745 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
650: 21:49:33.081264 172.16.0.3 > 192.168.0.201: icmp: echo request
651: 21:49:33.085948 192.168.0.201 > 172.16.0.3: icmp: echo reply5
652: 21:49:33.825091 192.168.0.29.3684
654: 21:49:33.855790 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
655: 21:49:34.012969 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
656: 21:49:34.013442 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
657: 21:49:34.018218 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
658: 21:49:34.079997 172.16.0.3 > 192.168.0.201: icmp: echo request
659: 21:49:34.083034 192.168.0.201 > 172.16.0.3: icmp: echo reply
660: 21:49:34.840517 192.168.0.29.3684 1
662: 21:49:34.871582 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
663: 21:49:34.996759 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
664: 21:49:34.997339 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
665: 21:49:34.997491 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
666: 21:49:34.998788 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
667: 21:49:35.044934 192.168.0.29.3684 > 172.16.0.45.1299: udp 52t
668: 21:49:35.045194 192.168.0.29.3684 1
673: 21:49:35.872009 192.168.0.29.3684 > 172.16.0.45.1299: udp 35t
674: 21:49:35.873856 172.16.0.45.1299 > 192.168.0.29.3684: udp 341
675: 21:49:35.902861 192.168.0.29.3684 > 172.16.0.45.1299: udp 3235
676: 21:49:35.996759 192.168.0.29.3684
680: 21:49:36.044187 192.168.0.29.3684 > 172.16.0.45.1299: udp 43t
2: 21:48:3
681: 21:49:36.044614 192.168.0.29.3684 > 172.16.0.45.1299: udp 261
3: 21:48:3
41
682: 21:49:36.045163 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
4: 21:48:3
41
683: 21:49:36.049756 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
5: 21:48
42
684: 21:49:36.092463 172.16.0.3 > 192.
696: 21:49:37.092448 192.168.0.201 > 172.16.0.3: icmp: echo reply
697: 21:49:37.106394 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
698: 21:49:37.106973 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
699: 21:49:37.110422 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
700: 21:49:37.156287 192.168.0.29.3684 1
702: 21:49:37.163123 172.16.0.45.1299 > 192.168.0.29.3684: udp 34y
703: 21:49:37.919370 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
704: 21:49:37.924939 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
705: 21:49:37.950329 192.168.0.29.3684 > 172.16.0.45.1299: udp 31
706: 21:49:38.044019 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
707: 21:49:38.045148 192.168.0.29.3684 > 172.16.0.45.1299: udp 34t
708: 21:49:38.053952 172.16.0.45.1299 >1
715: 21:49:39.060147 192.168.0.29.3684 > 172.16.0.45.1299: udp 34t
716: 21:49:39.061993 172.16.0.45.1299 >1
718: 21:49:39.104517 192.168.0.201 > 172.16.0.3: icmp: echo reply
719: 21:49:39.739509 192.168.0.29.3684 > 172.16.0.45.1299: udp 32t
720: 21:49:39.740196 192.168.0.29.3684 > 172.16.0.45.1299: udp 34y
721: 21:49:39.741630 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
722: 21:49:39.966884 192.168.0.29.3684 > 172.16.0.45.1299: udp 35y
723: 21:49:39.970118 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
724: 21:49:39.997461 192.168.0.29.3684 1
Type help or '?' for a list of available commands.
726: 21:49:40.091944 192.168.0.29.3684 > 172.16.0.45.1299: udp 34trd: ************
ciscoasa# conf t
727: 21:49:40.093256 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t255.255.255.0 1$
728: 21:49:40.117822 172.16.0.3 > 192.168.0.201: icmp: echo requested permit ip 192.168.0.0 255.255.255.0 $
729: 21:49:40.120980 192.168.0.201 > 172.16.0.3: icmp: echo reply)# exit wr mem
730: 21:49:40.137901 192.168.0.29.3684 > 172.16.0.45.1299: udp 32yker.
ciscoasa(config
731: 21:49:40.139000 192.168.0.29.3684 > 172.16.0.45.1299: udp 34g configuration...
Cryptochecksum: 32a1634
732: 21:49:40.140114 172.16.0.45.1299 >
?????
Success rate is 0 percent (
736: 21:49:40.982569 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
ciscoasa(config)# capture TEST1 int inside buffer 128000 access-li
737: 21:49:40.983927 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
ciscoasa(config)# capture TEST2 int loop buffer 128000 acc
738: 21:49:41.013930 192.168.0.29.3684 > 172.16.0.45.1299: udp 31
ciscoasa(config)# show capture TEST1
739: 21:49:41.106958 192.168.0.29.3684 > 172.16.0.45.1299: udp 33t48:35.786168 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
740: 21:49:41.107095 192.168.0.29.3684 1
750: 21:49:42.130532 172.16.0.3 > 192.168.0.201: icmp: echo request
751: 21:49:42.132958 192.168.0.201 > 172.16.0.3: icmp: echo reply5
752: 21:49:42.169440 192.168.0.29.3684 > 172.16.0.45.1299: udp 3234
753: 21:49:42.169928 192.168.0.29.3684 > 172.16.0.45.1299: udp 3432
754: 21:49:42.171637 172.16.0.45.1299 > 192.168.0.29.3684: udp 3434
755: 21:49:42.216343 192.168.0.29.3684 > 172.16.0.45.1299: udp 3234
756: 21:49:42.216694 192.168.0.29.3684 4
758: 21:49:43.014006 192.168.0.29.3684 > 172.16.0.45.1299: udp 35y
759: 21:49:43.015517 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
760: 21:49:43.044385 192.168.0.29.3684 > 172.16.0.45.1299: udp 32y
761: 21:49:43.129067 172.16.0.3 > 192.168.0.201: icmp: echo request
762: 21:49:43.130577 192.168.0.201 > 172.16.0.3: icmp: echo reply
763: 21:49:43.138847 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
764: 21:49:43.139213 192.168.0.29.3684
773: 21:49:43.280533 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
774: 21:49:43.285065 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
775: 21:49:44.044995 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
776: 21:49:44.048871 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
777: 21:49:44.076457 192.168.0.29.3684 > 172.16.0.45.1299: udp 31
778: 21:49:44.143196 172.16.0.3 > 192.168.0.201: icmp: echo request
779: 21:49:44.144859 192.168.0.201 > 172.16.0.3: icmp: echo reply
780: 21:49:44.199406 192.168.0.29.3684
789: 21:49:45.141731 172.16.0.3 > 192.168.0.201: icmp: echo request
790: 21:49:45.142692 192.168.0.201 > 172.16.0.3: icmp: echo reply
791: 21:49:45.248812 192.168.0.29.3684 > 172.16.0.45.1299: udp 33yTEST2
886 packets captured
792: 21:49:45.249224 192.168.0.29.3684 > 172.16.0.45.1299: udp 350.45.1299: udp 32
793: 21:49:45.250215 172.16.0.45.1299 > 192.168.0.29.3684: udp 340.45.1299: udp 48
794: 21:49:45.680018 192.168.0.29.3684 > 172.16.0.45.1299: udp 32t.29.3684: udp 34
795: 21:49:45.680110 192.168.0.29.3684 > 172.16.0.45.1299: udp 34y.29.3684: udp 34
796: 21:49:45.683878 172.16.0.45.1299 >
806: 21:49:46.268311 172.16.0.3.53 > 192.168.0.29.54587: udp 2284
807: 21:49:46.295074 192.168.0.29.3684 > 172.16.0.45.1299: udp 3234t
808: 21:49:46.295898 192.168.0.29.3684 > 172.16.0.45.1299: udp 3432y
809: 21:49:46.299148 172.16.0.45.1299 > 192.168.0.29.3684: udp 3434
810: 21:49:46.343045 192.168.0.29.3684 > 172.16.0.45.1299: udp 3234
811: 21:49:46.343945 192.168.0.29.3684 > 172.16.0.45.1299: udp 34est
812: 21:49:46.346036 172.16.0.45.1299 > 1
813: 21:49:47.154426 172.16.0.3 > 192.168.0.201: icmp: echo request
814: 21:49:47.157279 192.168.0.201 > 172.16.0.3: icmp: echo reply
815: 21:49:47.163947 192.168.0.29.3684 > 172.16.0.45.1299: udp 34y
816: 21:49:47.166464 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
817: 21:49:47.186178 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
818: 21:49:47.282486 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
819: 21:49:47.282990 192.168.0.29.3684 > 172.16.0.45.1299: udp 35t
820: 21:49:47.289535 172.16.0.45.1299 >1
829: 21:49:49.167090 172.16.0.3 > 192.168.0.201: icmp: echo request
830: 21:49:49.168143 192.168.0.201 > 172.16.0.3: icmp: echo reply
831: 21:49:49.202305 192.168.0.29.3684 > 172.16.0.45.1299: udp 34t
832: 21:49:49.205952 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
833: 21:49:49.232791 192.168.0.29.3684 > 172.16.0.45.1299: udp 31y
834: 21:49:49.327207 192.168.0.29.3684 > 172.16.0.45.1299: udp 33t
835: 21:49:49.327818 192.168.0.29.3684 > 172.16.0.45.1299: udp 34y
836: 21:49:49.328886 172.16.0.45.1299 >
845: 21:49:50.264207 192.168.0.29.3684 > 172.16.0.45.1299: udp 31
846: 21:49:50.328977 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
847: 21:49:50.329084 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
848: 21:49:50.334867 172.16.0.45.1299 > 192.168.0.29.3684: udp 34t
849: 21:49:50.374812 192.168.0.29.3684 > 172.16.0.45.1299: udp 32y
850: 21:49:50.375255 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
851: 21:49:50.381724 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
852: 21:49:50.420663 192.168.0.29.3684
859: 21:49:51.280533 192.168.0.29.3684 > 172.16.0.45.1299: udp 31y
860: 21:49:51.373988 192.168.0.29.3684
862: 21:49:51.377955 172.16.0.45.1299 > 192.168.0.29.3684: udp 345
863: 21:49:52.178549 172.16.0.3 > 192.168.0.201: icmp: echo request6
865: 21:49:52.265184 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
866: 21:49:52.268723 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
867: 21:49:52.295654 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
868: 21:49:52.390009 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
869: 21:49:52.392054 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
870: 21:49:52.397638 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
871: 21:49:53.102228 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
872: 21:49:53.102457 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
873: 21:49:53.106760 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
874: 21:49:53.177145 172.16.0.3 > 192.168.0.201: icmp: echo request
875: 21:49:53.179357 192.168.0.201 > 172.16.0.3: icmp: echo reply
876: 21:49:53.295989 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
877: 21:49:53.300094 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
878: 21:49:53.327024 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
879: 21:49:54.175528 172.16.0.3 > 192.168.0.201: icmp: echo request
880: 21:49:54.179647 192.168.0.201 > 172.16.0.3: icmp: echo reply
881: 21:49:54.327406 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
882: 21:49:54.331480 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
883: 21:49:54.358456 192.168.0.29.3684 > 172.16.0.45.1299: udp 31
884: 21:49:54.360592 192.168.0.29.3684 > 172.16.0.45.1299: udp 70
885: 21:49:54.361400 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
886: 21:49:54.366680 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
886 packets shown
ciscoasa(config)#
ASA2
60: 05:13:32.863770 192.168.0.29.3684 > 172.16.0.45.1299: udp 58
61: 05:13:32.863846 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
62: 05:13:32.867386 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
63: 05:13:33.347851 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
64: 05:13:33.353802 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
65: 05:13:33.379115 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
66: 05:13:33.381785 172.16.0.3 > 192.168.0.201: icmp: echo request
67: 05:13:33.382167 192.168.0.201 > 172.16.0.3: icmp: echo reply
68: 05:13:33.847764 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
69: 05:13:33.847826 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
70: 05:13:33.851228 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
71: 05:13:33.894912 192.168.0.29.3684 > 172.16.0.45.1299: udp 82
72: 05:13:33.894957 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
73: 05:13:33.899382 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
74: 05:13:34.058697 192.168.0.29.3684 > 172.16.0.45.1299: udp 33
75: 05:13:34.058789 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
76: 05:13:34.062710 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
77: 05:13:34.379008 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
78: 05:13:34.379359 172.16.0.3 > 192.168.0.201: icmp: echo request
79: 05:13:34.379802 192.168.0.201 > 172.16.0.3: icmp: echo reply
80: 05:13:34.387293 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
81: 05:13:34.410272 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
82: 05:13:34.796162 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
83: 05:13:34.876144 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
84: 05:13:34.926572 192.168.0.29.3684 > 172.16.0.45.1299: udp 56
85: 05:13:34.926633 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
86: 05:13:34.931516 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
87: 05:13:34.987619 192.168.0.29.3684 > 172.16.0.45.1299: udp 68
88: 05:13:34.988474 192.168.0.29.3684 > 172.16.0.45.1299: udp 70
89: 05:13:34.988581 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
90: 05:13:34.995843 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
91: 05:13:35.165320 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
92: 05:13:35.253374 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
93: 05:13:35.253420 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
94: 05:13:35.259721 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
95: 05:13:35.316893 192.168.0.29.3684 > 172.16.0.45.1299: udp 66
96: 05:13:35.316939 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
97: 05:13:35.324903 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
98: 05:13:35.376781 172.16.0.3 > 192.168.0.201: icmp: echo request
99: 05:13:35.377238 192.168.0.201 > 172.16.0.3: icmp: echo reply
100: 05:13:35.394938 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
101: 05:13:35.400797 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
102: 05:13:35.426064 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
103: 05:13:35.452247 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
104: 05:13:35.560258 192.168.0.29.3684 > 172.16.0.45.1299: udp 43
105: 05:13:35.560319 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
106: 05:13:35.564591 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
107: 05:13:35.648312 192.168.0.29.3684 > 172.16.0.45.1299: udp 47
108: 05:13:35.648358 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
109: 05:13:35.653683 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
110: 05:13:35.700357 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
111: 05:13:35.804859 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
112: 05:13:35.848024 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
113: 05:13:35.848192 192.168.0.29.3684 > 172.16.0.45.1299: udp 80
114: 05:13:35.848466 192.168.0.29.3684 > 172.16.0.45.1299: udp 48
115: 05:13:35.848512 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
116: 05:13:35.857331 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
117: 05:13:35.925504 192.168.0.29.3684 > 172.16.0.45.1299: udp 46
118: 05:13:35.930036 192.168.0.29.3684 > 172.16.0.45.1299: udp 1112
119: 05:13:35.934262 192.168.0.29.3684 > 172.16.0.45.1299: udp 944
120: 05:13:35.936581 192.168.0.29.3684 > 172.16.0.45.1299: udp 562
121: 05:13:35.939724 192.168.0.29.3684 > 172.16.0.45.1299: udp 601
122: 05:13:35.946713 192.168.0.29.3684 > 172.16.0.45.1299: udp 1087
123: 05:13:35.952328 192.168.0.29.3684 > 172.16.0.45.1299: udp 979
124: 05:13:35.955181 172.16.0.45.1299 > 192.168.0.29.3684: udp 16
125: 05:13:35.955623 192.168.0.29.3684 > 172.16.0.45.1299: udp 608
126: 05:13:35.959117 192.168.0.29.3684 > 172.16.0.45.1299: udp 609
127: 05:13:35.959133 192.168.0.29.3684 > 172.16.0.45.1299: udp 40
128: 05:13:35.967570 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
129: 05:13:35.997583 192.168.0.29.3684 > 172.16.0.45.1299: udp 111
130: 05:13:36.004760 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
131: 05:13:36.066738 192.168.0.29.3684 > 172.16.0.45.1299: udp 52
132: 05:13:36.066784 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
133: 05:13:36.070476 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
134: 05:13:36.113778 192.168.0.29.3684 > 172.16.0.45.1299: udp 43
135: 05:13:36.113794 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
136: 05:13:36.124688 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
137: 05:13:36.391794 172.16.0.3 > 192.168.0.201: icmp: echo request
138: 05:13:36.392283 192.168.0.201 > 172.16.0.3: icmp: echo reply
139: 05:13:36.410608 192.168.0.29.3684 > 172.16.0.45.1299: udp 38
140: 05:13:36.416726 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
141: 05:13:36.441917 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
142: 05:13:36.676005 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
143: 05:13:36.737785 192.168.0.29.3684 > 172.16.0.45.1299: udp 42
144: 05:13:36.737876 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
145: 05:13:36.745032 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
146: 05:13:36.807499 192.168.0.29.3684 > 172.16.0.45.1299: udp 87
147: 05:13:36.814334 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
148: 05:13:36.868698 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
149: 05:13:36.987726 192.168.0.29.3684 > 172.16.0.45.1299: udp 73
150: 05:13:36.987894 192.168.0.29.3684 > 172.16.0.45.1299: udp 109
151: 05:13:36.987909 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
152: 05:13:36.997766 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
153: 05:13:37.064587 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
154: 05:13:37.190709 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
155: 05:13:37.190709 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
156: 05:13:37.193929 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
157: 05:13:37.254366 192.168.0.29.3684 > 172.16.0.45.1299: udp 43
158: 05:13:37.254381 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
159: 05:13:37.257890 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
160: 05:13:37.292663 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
161: 05:13:37.380168 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
162: 05:13:37.391077 172.16.0.3 > 192.168.0.201: icmp: echo request
163: 05:13:37.391688 192.168.0.201 > 172.16.0.3: icmp: echo reply
164: 05:13:37.426689 192.168.0.29.3684 > 172.16.0.45.1299: udp 60
165: 05:13:37.426705 192.168.0.29.3684 > 172.16.0.45.1299: udp 50
166: 05:13:37.433708 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
167: 05:13:37.434730 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
168: 05:13:37.473043 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
169: 05:13:37.485006 172.16.0.45.1299 > 192.168.0.29.3684: udp 31
170: 05:13:37.487889 192.168.0.29.3684 > 172.16.0.45.1299: udp 85
171: 05:13:37.497563 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
172: 05:13:37.501835 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
173: 05:13:37.665401 192.168.0.29.3684 > 172.16.0.45.1299: udp 41
174: 05:13:37.665416 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
175: 05:13:37.673976 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
176: 05:13:37.738868 192.168.0.29.3684 > 172.16.0.45.1299: udp 41
177: 05:13:37.738883 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
178: 05:13:37.745246 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
179: 05:13:37.817310 192.168.0.29.3684 > 172.16.0.45.1299: udp 133
180: 05:13:37.817371 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
181: 05:13:37.821917 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
182: 05:13:38.052731 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
183: 05:13:38.129311 192.168.0.29.3684 > 172.16.0.45.1299: udp 96
184: 05:13:38.131508 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
185: 05:13:38.157111 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
186: 05:13:38.209492 192.168.0.29.3684 > 172.16.0.45.1299: udp 65
187: 05:13:38.214481 192.168.0.29.3684 > 172.16.0.45.1299: udp 871
188: 05:13:38.219608 192.168.0.29.3684 > 172.16.0.45.1299: udp 924
189: 05:13:38.223438 192.168.0.29.3684 > 172.16.0.45.1299: udp 605
190: 05:13:38.226169 192.168.0.29.3684 > 172.16.0.45.1299: udp 570
191: 05:13:38.230075 192.168.0.29.3684 > 172.16.0.45.1299: udp 778
192: 05:13:38.236758 192.168.0.29.3684 > 172.16.0.45.1299: udp 878
193: 05:13:38.239764 172.16.0.45.1299 > 192.168.0.29.3684: udp 16
194: 05:13:38.240252 192.168.0.29.3684 > 172.16.0.45.1299: udp 625
195: 05:13:38.243273 192.168.0.29.3684 > 172.16.0.45.1299: udp 603
196: 05:13:38.243288 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
197: 05:13:38.248980 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
198: 05:13:38.295608 192.168.0.29.3684 > 172.16.0.45.1299: udp 72
199: 05:13:38.302077 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
200: 05:13:38.388377 172.16.0.3 > 192.168.0.201: icmp: echo request
201: 05:13:38.388773 192.168.0.201 > 172.16.0.3: icmp: echo reply
202: 05:13:38.457633 192.168.0.29.3684 > 172.16.0.45.1299: udp 38
203: 05:13:38.467016 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
204: 05:13:38.488896 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
205: 05:13:38.741233 172.16.0.45.1299 > 192.168.0.29.3684: udp 39
206: 05:13:38.779134 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
207: 05:13:38.823535 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
208: 05:13:38.823581 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
209: 05:13:38.823596 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
210: 05:13:38.828555 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
211: 05:13:38.869919 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
212: 05:13:38.916364 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
213: 05:13:38.951488 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
214: 05:13:39.000503 172.16.0.45.1299 > 192.168.0.29.3684: udp 39
215: 05:13:39.012069 192.168.0.29.3684 > 172.16.0.45.1299: udp 58
216: 05:13:39.012160 192.168.0.29.3684 > 172.16.0.45.1299: udp 90
217: 05:13:39.017958 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
218: 05:13:39.045575 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
219: 05:13:39.081019 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
220: 05:13:39.101221 192.168.0.29.3684 > 172.16.0.45.1299: udp 428
221: 05:13:39.101252 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
222: 05:13:39.105524 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
223: 05:13:39.356457 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
224: 05:13:39.403818 172.16.0.3 > 192.168.0.201: icmp: echo request
225: 05:13:39.404108 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
226: 05:13:39.404245 192.168.0.201 > 172.16.0.3: icmp: echo reply
227: 05:13:39.426003 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
228: 05:13:39.426018 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
229: 05:13:39.432289 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
230: 05:13:39.450645 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
231: 05:13:39.498417 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
232: 05:13:39.505024 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
233: 05:13:39.509678 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
234: 05:13:39.536028 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
235: 05:13:39.543444 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
236: 05:13:39.572800 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
237: 05:13:39.583832 192.168.0.29.3684 > 172.16.0.45.1299: udp 56
238: 05:13:39.583923 192.168.0.29.3684 > 172.16.0.45.1299: udp 99
239: 05:13:39.583984 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
240: 05:13:39.591232 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
241: 05:13:39.619856 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
242: 05:13:39.666484 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
243: 05:13:39.704721 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
244: 05:13:39.749015 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
245: 05:13:39.807285 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
246: 05:13:39.847261 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
247: 05:13:39.847368 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
248: 05:13:39.855027 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
249: 05:13:39.855393 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
250: 05:13:39.907469 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
251: 05:13:39.947903 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
252: 05:13:39.995859 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
253: 05:13:40.042508 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
254: 05:13:40.154243 192.168.0.29.3684 > 172.16.0.45.1299: udp 50
255: 05:13:40.187780 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
256: 05:13:40.187887 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
257: 05:13:40.188176 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
258: 05:13:40.188298 192.168.0.29.3684 > 172.16.0.45.1299: udp 1175
259: 05:13:40.202778 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
260: 05:13:40.228915 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
261: 05:13:40.249330 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
262: 05:13:40.295440 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
263: 05:13:40.327024 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
264: 05:13:40.400507 172.16.0.3 > 192.168.0.201: icmp: echo request
265: 05:13:40.401056 192.168.0.201 > 172.16.0.3: icmp: echo reply
266: 05:13:40.409723 192.168.0.29.3684 > 172.16.0.45.1299: udp 64
267: 05:13:40.412606 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
268: 05:13:40.535967 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
269: 05:13:40.544725 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
270: 05:13:40.567139 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
271: 05:13:41.098856 192.168.0.29.3684 > 172.16.0.45.1299: udp 84
272: 05:13:41.098917 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
273: 05:13:41.105219 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
274: 05:13:41.258928 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
275: 05:13:41.316344 192.168.0.29.3684 > 172.16.0.45.1299: udp 46
276: 05:13:41.322645 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
277: 05:13:41.414437 172.16.0.3 > 192.168.0.201: icmp: echo request
278: 05:13:41.414910 192.168.0.201 > 172.16.0.3: icmp: echo reply
279: 05:13:41.567445 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
280: 05:13:41.573029 172.16.0.45.1299 > 192.168.0.29.3684: udp 36
281: 05:13:41.598678 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
282: 05:13:41.654217 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
283: 05:13:41.654278 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
284: 05:13:41.660808 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
285: 05:13:41.911375 192.168.0.29.3684 > 172.16.0.45.1299: udp 54
286: 05:13:41.915480 192.168.0.29.3684 > 172.16.0.45.1299: udp 580
287: 05:13:41.915617 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
288: 05:13:41.920026 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
289: 05:13:41.958095 192.168.0.29.3684 > 172.16.0.45.1299: udp 41
290: 05:13:41.958232 192.168.0.29.3684 > 172.16.0.45.1299: udp 42
291: 05:13:41.958568 192.168.0.29.3684 > 172.16.0.45.1299: udp 72
292: 05:13:41.965648 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
293: 05:13:42.005080 192.168.0.29.3684 > 172.16.0.45.1299: udp 41
294: 05:13:42.005325 192.168.0.29.3684 > 172.16.0.45.1299: udp 38
295: 05:13:42.005386 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
296: 05:13:42.012618 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
297: 05:13:42.053509 192.168.0.29.3684 > 172.16.0.45.1299: udp 265
298: 05:13:42.053525 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
299: 05:13:42.059338 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
300: 05:13:42.101709 192.168.0.29.3684 > 172.16.0.45.1299: udp 368
301: 05:13:42.102106 192.168.0.29.3684 > 172.16.0.45.1299: udp 97
302: 05:13:42.102167 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
303: 05:13:42.106683 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
304: 05:13:42.154960 192.168.0.29.3684 > 172.16.0.45.1299: udp 727
305: 05:13:42.154975 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
306: 05:13:42.159308 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
307: 05:13:42.205464 192.168.0.29.3684 > 172.16.0.45.1299: udp 927
308: 05:13:42.205494 192.168.0.29.3684 > 172.16.0.45.1299: udp 49
309: 05:13:42.205494 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
310: 05:13:42.213337 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
311: 05:13:42.264894 192.168.0.29.3684 > 172.16.0.45.1299: udp 1217
312: 05:13:42.264909 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
313: 05:13:42.272202 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
314: 05:13:42.286423 192.168.0.29.3684 > 172.16.0.45.1299: udp 57
315: 05:13:42.287170 192.168.0.29.3684 > 172.16.0.45.1299: udp 747
316: 05:13:42.287186 192.168.0.29.3684 > 172.16.0.45.1299: udp 44
317: 05:13:42.287445 192.168.0.29.3684 > 172.16.0.45.1299: udp 199
318: 05:13:42.287552 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
319: 05:13:42.294738 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
320: 05:13:42.333234 192.168.0.29.3684 > 172.16.0.45.1299: udp 40
321: 05:13:42.333951 192.168.0.29.3684 > 172.16.0.45.1299: udp 353
322: 05:13:42.334028 192.168.0.29.3684 > 172.16.0.45.1299: udp 44
323: 05:13:42.334394 192.168.0.29.3684 > 172.16.0.45.1299: udp 193
324: 05:13:42.334485 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
325: 05:13:42.341031 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
326: 05:13:42.380168 192.168.0.29.3684 > 172.16.0.45.1299: udp 40
327: 05:13:42.381816 192.168.0.29.3684 > 172.16.0.45.1299: udp 659
328: 05:13:42.381831 192.168.0.29.3684 > 172.16.0.45.1299: udp 40
329: 05:13:42.382334 192.168.0.29.3684 > 172.16.0.45.1299: udp 178
330: 05:13:42.382472 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
331: 05:13:42.388255 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
332: 05:13:42.427071 192.168.0.29.3684 > 172.16.0.45.1299: udp 40
333: 05:13:42.427956 192.168.0.29.3684 > 172.16.0.45.1299: udp 249
334: 05:13:42.428704 172.16.0.3 > 192.168.0.201: icmp: echo request
335: 05:13:42.428749 192.168.0.29.3684 > 172.16.0.45.1299: udp 120
336: 05:13:42.429115 192.168.0.201 > 172.16.0.3: icmp: echo reply
337: 05:13:42.429360 192.168.0.29.3684 > 172.16.0.45.1299: udp 210
338: 05:13:42.429405 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
339: 05:13:42.440178 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
340: 05:13:42.474188 192.168.0.29.3684 > 172.16.0.45.1299: udp 41
341: 05:13:42.476461 192.168.0.29.3684 > 172.16.0.45.1299: udp 542
342: 05:13:42.477499 192.168.0.29.3684 > 172.16.0.45.1299: udp 121
343: 05:13:42.478399 192.168.0.29.3684 > 172.16.0.45.1299: udp 256
344: 05:13:42.478399 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
345: 05:13:42.487248 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
346: 05:13:42.538424 192.168.0.29.3684 > 172.16.0.45.1299: udp 1080
347: 05:13:42.538836 192.168.0.29.3684 > 172.16.0.45.1299: udp 102
348: 05:13:42.538882 192.168.0.29.3684 > 172.16.0.45.1299: udp 43
349: 05:13:42.540041 192.168.0.29.3684 > 172.16.0.45.1299: udp 231
350: 05:13:42.540056 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
351: 05:13:42.546968 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
352: 05:13:42.567780 192.168.0.29.3684 > 172.16.0.45.1299: udp 43
353: 05:13:42.568406 192.168.0.29.3684 > 172.16.0.45.1299: udp 151
354: 05:13:42.568574 192.168.0.29.3684 > 172.16.0.45.1299: udp 47
355: 05:13:42.569321 192.168.0.29.3684 > 172.16.0.45.1299: udp 167
356: 05:13:42.569855 192.168.0.29.3684 > 172.16.0.45.1299: udp 89
357: 05:13:42.569916 192.168.0.29.3684 > 172.16.0.45.1299: udp 43
358: 05:13:42.570725 192.168.0.29.3684 > 172.16.0.45.1299: udp 216
359: 05:13:42.570756 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
360: 05:13:42.572480 172.16.0.45.1299 > 192.168.0.29.3684: udp 16
361: 05:13:42.575333 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
362: 05:13:42.614943 192.168.0.29.3684 > 172.16.0.45.1299: udp 42
363: 05:13:42.615263 192.168.0.29.3684 > 172.16.0.45.1299: udp 114
364: 05:13:42.615370 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
365: 05:13:42.615614 192.168.0.29.3684 > 172.16.0.45.1299: udp 76
366: 05:13:42.615751 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
367: 05:13:42.616209 192.168.0.29.3684 > 172.16.0.45.1299: udp 187
368: 05:13:42.616255 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
369: 05:13:42.616423 192.168.0.29.3684 > 172.16.0.45.1299: udp 38
370: 05:13:42.619261 172.16.0.45.1299 > 192.168.0.29.3684: udp 16
371: 05:13:42.626371 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
372: 05:13:42.626493 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
373: 05:13:42.661327 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
374: 05:13:42.662212 192.168.0.29.3684 > 172.16.0.45.1299: udp 104
375: 05:13:42.662410 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
376: 05:13:42.662731 192.168.0.29.3684 > 172.16.0.45.1299: udp 77
377: 05:13:42.662792 192.168.0.29.3684 > 172.16.0.45.1299: udp 40
378: 05:13:42.663677 192.168.0.29.3684 > 172.16.0.45.1299: udp 176
379: 05:13:42.663707 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
380: 05:13:42.666057 172.16.0.45.1299 > 192.168.0.29.3684: udp 16
381: 05:13:42.668849 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
382: 05:13:42.708825 192.168.0.29.3684 > 172.16.0.45.1299: udp 88
383: 05:13:42.709466 192.168.0.29.3684 > 172.16.0.45.1299: udp 202
384: 05:13:42.709558 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
385: 05:13:42.715951 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
386: 05:13:42.755805 192.168.0.29.3684 > 172.16.0.45.1299: udp 103
387: 05:13:42.756308 192.168.0.29.3684 > 172.16.0.45.1299: udp 180
388: 05:13:42.756339 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
389: 05:13:42.764227 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
390: 05:13:42.802784 192.168.0.29.3684 > 172.16.0.45.1299: udp 88
391: 05:13:42.803486 192.168.0.29.3684 > 172.16.0.45.1299: udp 88
392: 05:13:42.803516 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
393: 05:13:42.812320 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
394: 05:13:42.848772 192.168.0.29.3684 > 172.16.0.45.1299: udp 39
395: 05:13:42.848939 192.168.0.29.3684 > 172.16.0.45.1299: udp 65
396: 05:13:42.848985 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
397: 05:13:42.857865 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
398: 05:13:42.895675 192.168.0.29.3684 > 172.16.0.45.1299: udp 38
399: 05:13:42.895965 192.168.0.29.3684 > 172.16.0.45.1299: udp 79
400: 05:13:42.896026 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
401: 05:13:42.906050 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
402: 05:13:42.974238 192.168.0.29.3684 > 172.16.0.45.1299: udp 61
403: 05:13:42.974284 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
404: 05:13:42.979334 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
405: 05:13:43.192967 192.168.0.29.3684 > 172.16.0.45.1299: udp 91
406: 05:13:43.192998 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
407: 05:13:43.201756 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
408: 05:13:43.446296 172.16.0.3 > 192.168.0.201: icmp: echo request
409: 05:13:43.446784 192.168.0.201 > 172.16.0.3: icmp: echo reply
410: 05:13:43.645947 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
411: 05:13:43.648632 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
412: 05:13:43.677241 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
413: 05:13:43.989603 192.168.0.29.3684 > 172.16.0.45.1299: udp 32
414: 05:13:43.989633 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
415: 05:13:43.995676 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
416: 05:13:44.193028 192.168.0.29.3684 > 172.16.0.45.1299: udp 83
417: 05:13:44.193044 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
418: 05:13:44.198567 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
419: 05:13:44.444389 172.16.0.3 > 192.168.0.201: icmp: echo request
420: 05:13:44.444801 192.168.0.201 > 172.16.0.3: icmp: echo reply
421: 05:13:44.520984 192.168.0.29.3684 > 172.16.0.45.1299: udp 42
422: 05:13:44.521091 192.168.0.29.3684 > 172.16.0.45.1299: udp 43
423: 05:13:44.521243 192.168.0.29.3684 > 172.16.0.45.1299: udp 34
424: 05:13:44.527087 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
425: 05:13:44.623563 192.168.0.29.3684 > 172.16.0.45.1299: udp 38
426: 05:13:44.655514 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
427: 05:13:44.655849 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
428: 05:13:44.656032 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
429: 05:13:44.656353 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
430: 05:13:44.656475 192.168.0.29.3684 > 172.16.0.45.1299: udp 551
431: 05:13:44.661373 192.168.0.29.3684 > 172.16.0.45.1299: udp 38
432: 05:13:44.662349 172.16.0.45.1299 > 192.168.0.29.3684: udp 16
433: 05:13:44.662715 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
434: 05:13:44.663051 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
435: 05:13:44.692713 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
436: 05:13:45.188405 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
437: 05:13:45.209049 192.168.0.29.3684 > 172.16.0.45.1299: udp 97
438: 05:13:45.209110 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
439: 05:13:45.214039 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
440: 05:13:45.254427 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
441: 05:13:45.288589 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
442: 05:13:45.288803 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
443: 05:13:45.288910 192.168.0.29.3684 > 172.16.0.45.1299: udp 93
444: 05:13:45.296585 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
445: 05:13:45.370082 192.168.0.29.3684 > 172.16.0.45.1299: udp 116
446: 05:13:45.372920 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
447: 05:13:45.373058 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
448: 05:13:45.373134 192.168.0.29.3684 > 172.16.0.45.1299: udp 121
449: 05:13:45.378291 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
450: 05:13:45.440742 172.16.0.3 > 192.168.0.201: icmp: echo request
451: 05:13:45.441154 192.168.0.201 > 172.16.0.3: icmp: echo reply
452: 05:13:45.458426 192.168.0.29.3684 > 172.16.0.45.1299: udp 87
453: 05:13:45.459036 192.168.0.29.3684 > 172.16.0.45.1299: udp 1159
454: 05:13:45.459067 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
455: 05:13:45.466284 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
456: 05:13:45.513157 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
457: 05:13:45.559968 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
458: 05:13:45.607161 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
459: 05:13:45.629011 192.168.0.29.3684 > 172.16.0.45.1299: udp 70
460: 05:13:45.629346 192.168.0.29.3684 > 172.16.0.45.1299: udp 281
461: 05:13:45.629438 192.168.0.29.3684 > 172.16.0.45.1299: udp 88
462: 05:13:45.629728 192.168.0.29.3684 > 172.16.0.45.1299: udp 406
463: 05:13:45.629743 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
464: 05:13:45.636487 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
465: 05:13:45.693048 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
466: 05:13:45.701654 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
467: 05:13:45.702234 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
468: 05:13:45.724327 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
469: 05:13:45.748694 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
470: 05:13:45.794224 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
471: 05:13:45.841631 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
472: 05:13:45.891723 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
473: 05:13:45.961879 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
474: 05:13:46.036344 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
475: 05:13:46.125008 192.168.0.29.3684 > 172.16.0.45.1299: udp 68
476: 05:13:46.128304 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
477: 05:13:46.181387 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
478: 05:13:46.219791 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
479: 05:13:46.245592 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
480: 05:13:46.245821 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
481: 05:13:46.246004 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
482: 05:13:46.246309 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
483: 05:13:46.246691 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
484: 05:13:46.247011 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
485: 05:13:46.247347 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
486: 05:13:46.247622 192.168.0.29.3684 > 172.16.0.45.1299: udp 1158
487: 05:13:46.252199 172.16.0.45.1299 > 192.168.0.29.3684: udp 16
488: 05:13:46.262803 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
489: 05:13:46.264604 172.16.0.45.1299 > 192.168.0.29.3684: udp 36
490: 05:13:46.310424 172.16.0.45.1299 > 192.168.0.29.3684: udp 39
491: 05:13:46.312544 192.168.0.29.3684 > 172.16.0.45.1299: udp 96
492: 05:13:46.312850 192.168.0.29.3684 > 172.16.0.45.1299: udp 560
493: 05:13:46.312865 192.168.0.29.3684 > 172.16.0.45.1299: udp 36
494: 05:13:46.315916 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
495: 05:13:46.358929 172.16.0.45.1299 > 192.168.0.29.3684: udp 36
496: 05:13:46.404565 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
497: 05:13:46.409768 192.168.0.29.3684 > 172.16.0.45.1299: udp 60
498: 05:13:46.410028 192.168.0.29.3684 > 172.16.0.45.1299: udp 447
499: 05:13:46.410058 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
500: 05:13:46.415719 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
501: 05:13:46.455039 172.16.0.3 > 192.168.0.201: icmp: echo request
502: 05:13:46.455451 192.168.0.201 > 172.16.0.3: icmp: echo reply
503: 05:13:46.490941 192.168.0.29.3684 > 172.16.0.45.1299: udp 55
504: 05:13:46.491292 192.168.0.29.3684 > 172.16.0.45.1299: udp 316
505: 05:13:46.491307 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
506: 05:13:46.497685 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
507: 05:13:46.597060 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
508: 05:13:46.638059 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
509: 05:13:46.687937 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
510: 05:13:46.732200 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
511: 05:13:46.772619 192.168.0.29.3684 > 172.16.0.45.1299: udp 202
512: 05:13:46.772649 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
513: 05:13:46.779103 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
514: 05:13:46.779256 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
515: 05:13:46.802998 192.168.0.29.3684 > 172.16.0.45.1299: udp 37
516: 05:13:46.829501 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
517: 05:13:46.865006 192.168.0.29.3684 > 172.16.0.45.1299: udp 119
518: 05:13:46.872437 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
519: 05:13:46.919798 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
520: 05:13:46.966395 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
521: 05:13:46.994928 192.168.0.29.3684 > 172.16.0.45.1299: udp 65
522: 05:13:46.994974 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
523: 05:13:47.001403 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
524: 05:13:47.017958 172.16.0.45.1299 > 192.168.0.29.3684: udp 38
525: 05:13:47.099405 192.168.0.29.3684 > 172.16.0.45.1299: udp 87
526: 05:13:47.099588 192.168.0.29.3684 > 172.16.0.45.1299: udp 202
527: 05:13:47.099619 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
528: 05:13:47.109872 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
529: 05:13:47.230365 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
530: 05:13:47.287781 172.16.0.45.1299 > 192.168.0.29.3684: udp 32
531: 05:13:47.303237 192.168.0.29.3684 > 172.16.0.45.1299: udp 98
532: 05:13:47.303313 192.168.0.29.3684 > 172.16.0.45.1299: udp 61
533: 05:13:47.303496 192.168.0.29.3684 > 172.16.0.45.1299: udp 189
534: 05:13:47.303512 192.168.0.29.3684 > 172.16.0.45.1299: udp 35
535: 05:13:47.308943 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
536: 05:13:47.329542 172.16.0.45.1299 > 192.168.0.29.3684: udp 35
537: 05:13:47.376185 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
538: 05:13:47.381907 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
539: 05:13:47.382136 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
540: 05:13:47.382273 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
541: 05:13:47.382609 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
542: 05:13:47.382640 192.168.0.29.3684 > 172.16.0.45.1299: udp 318
543: 05:13:47.390009 172.16.0.45.1299 > 192.168.0.29.3684: udp 34
544: 05:13:47.418450 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
545: 05:13:47.453147 172.16.0.3 > 192.168.0.201: icmp: echo request
546: 05:13:47.453574 192.168.0.201 > 172.16.0.3: icmp: echo reply
547: 05:13:47.464621 172.16.0.45.1299 > 192.168.0.29.3684: udp 37
548: 05:13:47.484517 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
549: 05:13:47.484792 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
550: 05:13:47.485112 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
551: 05:13:47.485433 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
552: 05:13:47.485753 192.168.0.29.3684 > 172.16.0.45.1299: udp 1270
553: 05:13:47.485814 192.168.0.29.3684 > 172.16.0.45.1299: udp 96
553 packets shown
ciscoasa(config)# $
Well, as far as I can see on them partial logs (there ought to be /two/ outputs from both ASAs) the pings are getting through and are answered ...
ASKER
Hello
Thank you so much for all your help and support and for your time you are great and amazing. you spend long time with me to solve this issue if I can give you more than 500 point I will do
Thanks again and have a nice day
Kindest Regards
Nasem
Thank you so much for all your help and support and for your time you are great and amazing. you spend long time with me to solve this issue if I can give you more than 500 point I will do
Thanks again and have a nice day
Kindest Regards
Nasem
ASKER
Thank you so much for your help
I would recommend you get some local service provider who has some decent knowledge of Cisco/ASA take a good look at you setup to ensure you're services and servers are actually protected from any threats ... it may be working for now, but there are no access rules etc. configured ... at the moment, the only thing working as far as protection goes is the NAT, keeping inbound connections from getting anywhere on the inside ...