[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASA routing or VPN

Posted on 2011-10-19
38
Medium Priority
?
616 Views
Last Modified: 2012-05-12
Hi

Please I have two ASA 5550 connect together by wireless connection from ASA1 to ASA2 on E0/2 on both side below the configuration of my network

ASA1 site1
E0/0 IP address X.X.X.X  outside
E0/1 IP address 172.16.0.1 inside (network 172.16.0.0)
E0/2 IP address 200.200.200.1

ASA2 site2
E0/0 IP address X.X.X.X  outside
E0/1 IP address 192.168.0.1 inside (network 192.168.0.0)
E0/2 IP address 200.200.200.2

ASA1 connect to ASA2 by wireless connection and I can ping from 200.200.200.1 to 200.200.200.2 (its work)

Please I need network 172.16.0.0 on ASA1 site  to see and connect to network 192.168.0.0 on ASA2 site two

Please I need the configuration I try to made VPN but its not work also I try to add route but its not work please any suggestion

Please its urgent to me

Regards

0
Comment
Question by:nasemabdullaa
  • 20
  • 18
38 Comments
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36991716
Normally, static routes on both sides should do the trick, on ASA1 the route with destination 192.168.0.0 and gateway 200.200.200.2, on ASA2 route to 172.16.0.0 and gateway 200.200.200.1. Depending on the security level, you will also need to add policies to allow the traffic through e2, as well as nat excemption ...
0
 

Author Comment

by:nasemabdullaa
ID: 36991741
Hello

Please below my ASA configuration for both side but its not working  also show route
ASA Version 7.2(2)
!
hostname ciscoasa
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
 nameif LOOP
 security-level 0
 ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:a8426070394933a0ae74b57a1e4b125c
: end
ciscoasa# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 82.205.240.145 to network 0.0.0.0

C    200.200.200.0 255.255.255.0 is directly connected, LOOP
S    172.16.0.0 255.255.255.0 [1/0] via 200.200.200.1, LOOP
C    82.205.240.128 255.255.255.224 is directly connected, outside
C    192.168.0.0 255.255.255.0 is directly connected, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 82.205.240.145, outside
ciscoasa#

Open in new window

interface Ethernet0/0ytes/sec)            
 nameif outside               
 security-level 0oasa# conf t     
 ip address 82.205.240.98 255.255.255.240P 192.168.0.0 255.255.255.0 200.200.200.1
!m
interface Ethernet0/1                  
mt
 nameif inside              
 security-level 100            
mtu LO
 ip address 172.16.0.1 255.255.255.0500                   
icmp unreacha
!e
interface Ethernet0/2ze 1                 
 nameif LOOP            
 security-level 0/a               
!n
interface Management0/00.0.0                  
 nameif management (inside,outside) 
 security-level 1006.0.4 netmask 255.2
 ip address 192.168.1.1 255.255.255.0                                     
 management-onlyroup outside_in 
! 
passwd X.y0JGA9o6phmjQ6 encrypted                           
acces
ftp mode passivess_in in interfa
dns server-group DefaultDNS                        
ro
 domain-name default.domain.invalid40.97 1                            
pager lines 24  
timeout xla
logging asdm informational    
timeout conn 1:00:00 
mtu management 1500udp 0:02:00 icmp 0:
mtu outside 1500                
mtu inside 1500               
mtu LOOP 1500 sunrpc 0:10:
icmp unreachable rate-limit 1 burst-size 1gcp-pat                                   
asdm image disk0:               
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1ttp 172.16.0.0 255.255.255.0 inside                 
timeout xlate 3:00:00 snmp-server location
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02  
snmp-server enable traps snmp authentication linkup linkdown c
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac                   
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00P_1_cryptomap                                                    
crypto map LO
timeout uauth 0:05:00 absolute              
crypto map LOOP
http server enable.200.200.2        
http 172.16.0.0 255.2              
     
 authentication pre-share                    
telnet 172.16.0.0 255.255.255.0 insideash sha         
 group 2        
 lif
telnet timeout 5         
telnet
ssh timeout 55.255.255.0 i
console timeout 0                 
dhcpd dns 172.16.0.3 82.205.224.9       
ssh timeout 5            
!c
dhcpd address 192.168.1.2-192.168.1.254 management0.3 82.205.224.9                                 

dhcpd enable management0.20-172.16.0.120 insid
! 
dhcpd address 172.16.0.20-172.16.0.150 insidecpd enable inside                   
! 
dhcpd
dhcpd enable inside-192.168.1.254 mana
!m
!t
class-map inspection_default                     
dhcpd 
 match default-inspection-traffic      
! 
! 
class-map inspection
!e
!u
policy-map type inspect d    
                  
  inspect rshreset_dns_map
  inspect rtsp             

  inspect esmtp          
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:fb670a2282bcb4a41316ae27ab867b89
: end
ciscoasa# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 82.205.240.97 to network 0.0.0.0

C    200.200.200.0 255.255.255.0 is directly connected, LOOP
C    172.16.0.0 255.255.255.0 is directly connected, inside
C    82.205.240.96 255.255.255.240 is directly connected, outside
S    192.168.0.0 255.255.255.0 [1/0] via 200.200.200.2, LOOP
S*   0.0.0.0 0.0.0.0 [1/0] via 82.205.240.97, outside
ciscoasa#

Open in new window


Please any help

Regards
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36991787
I don't see any NAT exemption in the config for the communication via LOOP/e2, also with the loop p2p interface being security level 0, you will need the access list to allow the traffic through it ... on ASA1 allow traffic from the 192.168 to 172.16 via e2, and the opposite direction on ASA2 ...
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 

Author Comment

by:nasemabdullaa
ID: 36991857
Hello

Please I change the security-level  for LOOP interface to 100 in both side but its still not working

>>>also with the loop p2p interface being security level 0, you will need the access list to allow the traffic through it ... on ASA1 allow traffic from the 192.168 to 172.16 via e2, and the opposite direction on ASA2 ...

Please how I can do that

>>>NAT exemption in the config for the communication via LOOP/e2,

Please how I can do that

Regards



 
ciscoasa# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
 nameif LOOP
 security-level 100
 ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:a2ab56ba78fdbb6e15b7ce6f7af30e9f
: end
ciscoasa#

Open in new window

User Access Verification, Eg: 0, 100 etc. The re

Password:rity leve
Type help or '?' for a list of available commands.                                     
            
ciscoasa> enterfaces det
Password: ************ptive Security        
ciscoasa# sh run                
: Saved       
: 
ASA Version 7.2(3)                Al
!r
hostname ciscoasa lower security_l
domain-name default.domain.invalid                                  
enable password X.y0JGA9o6phmjQ6 encrypted outside relative to a higher level interf
namesd equ
!a
interface Ethernet0/0                     
 nameif outside               
 security-level 0                 
 ip address 82.205.240.98 255.255.255.240                                         
! 
interface Ethernet0/1                     
 nameif inside              
 security-level 100                   
 ip address 172.16.0.1 255.255.255.0                                    
! 
interface Ethernet0/2                     
 nameif LOOP            
 security-level 100                  
! 
interface Ethernet0/3                     
 shutdown         
 no nameif          
 no security-level                  
 no ip address              
! 
interface Management0/0                       
 nameif management                  
 security-level 100                   
 ip address 192.168.1.1 255.255.255.0                                     
 management-only                
! 
passwd X.y0JGA9o6phmjQ6 encrypted                                 
ftp mode passive                
dns server-group DefaultDNS                           
 domain-name default.domain.invalid                                   
pager lines 24              
logging asdm informational                          
mtu management 1500                   
mtu outside 1500                
mtu inside 1500               
mtu LOOP 1500             
icmp unreachable rate-limit 1 burst-size 1                                          
asdm image disk0:               
no asdm history enable                      
arp timeout 14400                 
global (outside) 1 interface                            
nat (inside) 1 0.0.0.0 0.0.0.0                              
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1                                             
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1                                                    
timeout xlate 3:00:00                     
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02                                                                 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00                                                                              
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00                                                                               
timeout uauth 0:05:00 absolute                              
http server enable                  
http 172.16.0.0 255.2                    
http 192.168.1.0 255.255.255.0 management                                         
no snmp-server location                       
no snmp-server contact                      
snmp-server enable traps snmp authentication linkup linkdown coldstart                                                                      
telnet 172.16.0.0 255.255.255.0 inside                                      
telnet timeout 5                
ssh timeout 5             
console timeout 0                 
dhcpd dns 172.16.0.3 82.205.224.9                                 
! 
dhcpd address 192.168.1.2-192.168.1.254 management                                                  
dhcpd enable management                       
! 
dhcpd address 172.16.0.20-172.16.0.150 inside                                             
dhcpd enable inside                   
! 
! 
class-map inspection_default                            
 match default-inspection-traffic                                 
! 
! 
policy-map type inspect d                       
policy-map type inspect d                       
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:0d9231a96462f710e9afa335aeae4a81
: end
ciscoasa#

Open in new window

0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36991891
On ASDM, you can enable the "allow traffic through firewall without NAT" (not sure what the exact line is, but something to that meaning), that way you will not need the NAT exemption. Also, there should be a checkmark field where you can allow traffic through by default for equal security level ... It's been a while since I used a 7.x ASA and ASDM, so can't quite remember the specifics ...
0
 

Author Comment

by:nasemabdullaa
ID: 36991935
User Access Verification                        

Password:         
Type help or '?' for a list of available commands.                                                  
ciscoasa> en            
Password: *************                       
Invalid password                
Password: ************                      
ciscoasa#         
ciscoasa# sh run                
: Saved       
: 
ASA Version 7.2(3)                  
! 
hostname ciscoasa                 
domain-name default.domain.invalid                                  
enable password X.y0JGA9o6phmjQ6 encrypted                                          
names     
! 
interface Ethernet0/0                     
 nameif outside               
 security-level 0                 
 ip address 82.205.240.98 255.255.255.240                                         
! 
interface Ethernet0/1                     
 nameif inside              
 security-level 100                   
 ip address 172.16.0.1 255.255.255.0                                    
! 
interface Ethernet0/2                     
 nameif LOOP            
 security-level 100                   
 ip address 200.200.200.1 255.255.255.0                                       
! 
interface Ethernet0/3                     
 shutdown         
 no nameif          
 no security-level                  
 no ip address              
! 
interface Management0/0                       
 nameif management                  
 security-level 100                   
 ip address 192.168.1.1 255.255.255.0                                     
 management-only                
! 
passwd X.y0JGA9o6phmjQ6 encrypted                                 
ftp mode passive                
dns server-group DefaultDNS                           
 domain-name default.domain.invalid                                   
access-list LOOP_access_in extended permit ip any any                                                     
pager lines 24              
logging asdm informational                          
mtu management 15                
mtu outside 1500                
mtu inside 1500               
mtu LOOP 1500             
icmp unreachable rate-limit 1 burst-size 1                                          
asdm image disk0:/asdm-523.bin                              
no asdm history enable                      
arp timeout 14400                 
global (outside) 1 interface                            
nat (inside) 1 0.0.0.0 0.0.0.0                              
access-group LOOP_access_in in interface LOOP                                             
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1                                             
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1                                                    
timeout xlate 3:00:00                     
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02                                                                 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mg                                                               
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00                                                                               
timeout uauth 0:05:00 absolute                              
http server enable                  
http 172.16.0.0 255.255.255.0 inside                                    
http 192.168.1.0 255.255.255.0 management                                         
no snmp-server location                       
no snmp-server contact                      
snmp-server enable traps snmp authentication linkup linkdown coldstart                                                                      
telnet 172.16.0.0 255.255.255.0 inside                                      
telnet timeout 5                
ssh timeout 5             
console timeout 0                 
dhcpd dns 172.16.0.3 82.205.224.9                                 
! 
dhcpd address 192.168.1.2-192.168.1.254 management                                                  
dhcpd enable manag                
! 
dhcpd address 172.16.0.20-172.16.0.150 inside                                             
dhcpd enable inside                   
! 
! 
class-map inspection_default                            
 match default-inspection-traffic                                 
! 
! 
policy-map type inspect dns preset_dns_map                                          
 parameters           
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:9f52d3f79a1eedbd033374727113494d
: end
ciscoasa#

Open in new window

ciscoasa# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
 nameif LOOP
 security-level 100
 ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
access-list LOOP_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
access-group LOOP_access_in in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:2cf8ba42963730a464d1eac1d8545235
: end
ciscoasa#

Open in new window


Please I do that but its still not working

please any help

Regards
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36992284
Did you try using the packet tracer tool in ASDM or on the command line to see where the packets are blocked?
0
 

Author Comment

by:nasemabdullaa
ID: 36992373
Hello

Please the packet deny by access list

Please what must I do

Regards
0
 
LVL 18

Accepted Solution

by:
Garry Glendown earned 2000 total points
ID: 36992458
OK, try something like this on ASA1:

packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10

as well as the opposite on the second ASA ...

packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10
0
 

Author Comment

by:nasemabdullaa
ID: 36992489
Hello

Please in ASA1



User Access Verification55.255.0   LOOP        

Password:        
Type help or '?' for a list of available commands.            
Subtype:        
Result: ALLOW      
ciscoasa> en:      
Add
Password: ************                    


ciscoasa# conf tType: INSPECT  
ciscoasa(config)# packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10nfig:      

                                                               

Phase: 1        
Type: FLOW-LOOKUP                
Subtype:        
Result: ALLOW            
Config:      
Additional Information:                      
Found no matching flow, creating a new flow                                          

Phase: 2        
Type: ROUTE-LOOKUP                  
Subtype: input              
Result: ALLOW            
Config:      
Additional Information:                      
in   192.168.0.0     255.255.255.0   LOOP                                        

Phase: 3        
Type: IP-OPTIONS                
Subtype:        
Result: ALL          
Result: ALL          
Additional Information:

Phase: 5
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
  match ip inside any LOOP any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 231, untranslate_hits = 0
Additional Information:

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

ciscoasa(config)#

in ASA2


ciscoasa# conf t
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   172.16.0.0      255.255.255.0   LOOP

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
  match ip inside any LOOP any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 1, untranslate_hits = 0
Additional Information:

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

ciscoasa(config)#

Please any help and thank you for all your help and support

Regards
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36992557
OK, as expected, the feature for allowing un-nat-ed packets isn't active ...

Go to the firewall setting, NAT, and add a new nat exemption for packets between 192.168 and 172.16 ...
I'm currently out of the office, so slightly limited in what I can try/test, so off the top of my head here ...

access-list site_to_site_nat extended 172.16.0.0 255.255.255.0 192.168.0.0 255.255.255.0
(switch the IPs for the second ASA)

nat (inside) 0 access-list site_to_site_nat

This should exclude the site-to-site traffic from NAT, with a rule there, the forwarding should be allowed ...

If the pings don't work after that, re-try the packet tracer ...
0
 

Author Comment

by:nasemabdullaa
ID: 36992685
Please
for ASA 1 I add
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192.168.0.0 255.255.255.0
access-group site_to_site_nat in interface LOOP
nat (inside) 0 access-list site_to_site_nat

For ASA2

access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0
access-group site_to_site_nat in interface LOOP
nat (inside) 0 access-list site_to_site_nat

But its still not working

Regards
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36992802
what's the output from the packet tracer?
0
 

Author Comment

by:nasemabdullaa
ID: 36994001
Hello
Thank you for your reply

ASA1



User Access Verification                        

Password:        
Type help or '?' for a list of available commands.                                                  
ciscoasa> en            
Password: ************                      
ciscoasa# conf t                
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10                                                                              

Phase: 1        
Type: FLOW-LOOKUP                
Subtype:        
Result: ALLOW            
Config:      
Additional Information:                      
Found no matching flow, creating a new flow                                          

Phase: 2        
Type: ROUTE-LOOKUP                  
Subtype: input              
Result: ALLOW
Config:
Additional Information:
in   172.16.0.0      255.255.255.0   inside

Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

ciscoasa(config)#

ASA2

                   ^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   172.16.0.0      255.255.255.0   LOOP

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
  match ip inside 192.168.0.0 255.255.255.0 LOOP 172.16.0.0 255.255.255.0
    NAT exempt
    translate_hits = 2, untranslate_hits = 0
Additional Information:

Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
  match ip inside any LOOP any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 14, untranslate_hits = 0
Additional Information:

Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
  match ip inside any management any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
Additional Information:

Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 70582, packet dispatched to next module

Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 2125

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow

ciscoasa(config)#


Please any help

Regards
0
 

Author Comment

by:nasemabdullaa
ID: 36997680
Hello EE

Please any help

Regards
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36998227
OK, one way is working, now the question is, what did you configure differently on ASA 1? From what I can see in the config a couple posts earlier, there's noting essential different as far as traffic from inside to loop is concerned ... could you go over the current config on asa 2 and compare it to what you posted earlier?
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36998235
and while we're at it, try this on asa 1:

packet-tracer input loop icmp 192.16.0.20 8 0 172.16.0.10

as well as the opposite on the second ASA ...

packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10

This should show whether incoming pings from the opposite end of the p2p link would be allowed ...
0
 

Author Comment

by:nasemabdullaa
ID: 36998338

Hello

Thank you for your reply
Plesae I check both configuration and its same and I attached the configuration for you I still can not ping from 172.16.0.1 to 192.168.0.1

Please any help
Regards

ASA1 200.200.200.1 (Local network 172.16.0.0, remote network 192.168.0.0)
 
interface Ethernet0/0                     
 nameif outside               
 security-level 0                 
 ip address 82.205.240.98 255.255.255.240                                         
! 
interface Ethernet0/1                     
 nameif inside              
 security-level 100                   
 ip address 172.16.0.1 255.255.255.0                                    
! 
interface Ethernet0/2                     
 nameif LOOP            
 security-level 100                  
 ip address 200.200.200.1 255.255.255.0                                       
                                  
same-security-traffic permit inter-interface                                            
same-security-traffic permit intra-interface                                            
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192                                                                           
.0.0 255.255.255.0                  
                
global (outside) 1 interface                            
nat (inside) 0 access-list site_to_site_nat                                           
nat (inside) 1 0.0.0.0 0.0.0.0                              
access-group site_to_site_nat in interface LOOP                                               
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1                                             
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1                                                    
                
dhcpd dns 172.16.0.3 82.205.224.9                                 
! 
dhcpd address 192.168.1.2-192.168.1.254 management                                                  
dhcpd enable management                       
! 
dhcpd address 172.16.0.20-172.16.0.150 inside                                             
dhcpd enable inside

Open in new window


ASA1 (packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10)
 
User Access Verificationnat in interface LOOP   

Password:         
Type help or '?' for a list of available commands.at extended permit ip 172.16.0.0 255.255.255.0 192
ciscoasa> en            
Password: ************                      
ciscoasa# conf t.0 255.255.255.0
ciscoasa(config)# packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10      
Type: IP-OPTIONS                
Subtype:        
Result: ALLOW      

Phase: 1nfig:   
Type: ACCESS-LISTformation:       
Subtype:       

Result: ALLOW   
Type: INS
Config:       
Implicit Rule-inspect     
Additional Information:LLOW             
Confi
MAC Access listonal Informatio

Phase: 2        
Type: FLOW-LOOKUP       
Type: FLO
Subtype:N       
Result: ALLOWubtype:      
Config:t: ALLO
Additional Information:                       
Found no matching flow, creating a new flow                                           

Phase: 3        
Type: ROUTE-LOOKUP                  
Subtype: input              
Result: ALLOW             
Config:       
Config:       
access-group site_to_site_nat in interface LOOP                                               
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192.168                                                                                
.0.0 255.255.255.0                  
Additional Information:                       

Phase: 5        
Type: IP-OPTIONS                
Subtype:        
Result: ALLOW             
Config:       
Additional Information:                       

Phase: 6        
Type: INSPECT             
Subtype: np-inspect                   
Result: ALLOW             
Config:       
Additional Information:                       

Phase: 7        
Type: FLOW-CREATION                   
Subtype:        
Result: ALLOW             
Config:
Additional Information:
New flow created with id 121912, packet dispatched to next module

Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.2 using egress ifc LOOP
adjacency Active
next-hop mac address 001a.6d7c.7c08 hits 3802

Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow

ciscoasa(config)#

Open in new window


ASA1 200.200.200.2 (Local network 192.168.0.0, remote network 172.16.0.0)

 
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
 nameif LOOP
 security-level 100
 ip address 200.200.200.2 255.255.255.0

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16
.0.0 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
access-group site_to_site_nat in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1

dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside

Open in new window


ASA2 (packet-tracer input loop icmp 192.168.0.20 8 0 172.16.0.10)

 
ciscoasa# packet-tracer input loop icmp 192.168.0.20 8 0 172.16.0.10

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   172.16.0.0      255.255.255.0   LOOP

Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group site_to_site_nat in interface LOOP
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16
.0.0 255.255.255.0
Additional Information:

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 114109, packet dispatched to next module

Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 2149

Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow

ciscoasa#

Open in new window

0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36998944
OK, so at least the loop interfaces would permit the packets to come in ... I notice you say you can't ping "from 172.16.0.1 to 192.168.0.1" - those are the internal IPs of the firewalls - did you actually try to ping between two machines INSIDE the LAN networks instead of the firewall?
0
 

Author Comment

by:nasemabdullaa
ID: 36999024
Hello

Please I can not ping to any computer or printer from network A to network B

Plesae any idea

Regards
0
 

Author Comment

by:nasemabdullaa
ID: 36999038
Please is there any other configuration I need to do it so it will work. Please its urgent to me any idea will help me

Regards
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36999148
Unless you can find the difference between ASA1 and 2, using ASDM add a rule on ASA1 allowing packets on Interface inside from the 172.16 network to 192.168 ...  judging from the tracer output, that's all that's blocking the communication at the moment ...
0
 

Author Comment

by:nasemabdullaa
ID: 36999738
Hello

Please I permit any to any IP in inside interface but its still not working. in each ASA

Plesae any idea

ASA (200.2)

 
ciscoasa#
ciscoasa# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password X.y0JGA9o6phmjQ6 encrypted
names
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 82.205.240.146 255.255.255.224
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
 nameif LOOP
 security-level 100
 ip address 200.200.200.2 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd X.y0JGA9o6phmjQ6 encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_in extended permit tcp any host 82.205.240.148 eq 1433
access-list site_to_site_nat extended permit ip 192.168.0.0 255.255.255.0 172.16
.0.0 255.255.255.0
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu LOOP 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 82.205.240.148 192.168.0.201 netmask 255.255.255.255
access-group outside_in in interface outside
access-group inside_access_in in interface inside
access-group site_to_site_nat in interface LOOP
route outside 0.0.0.0 0.0.0.0 82.205.240.145 1
route LOOP 172.16.0.0 255.255.255.0 200.200.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.3 82.205.224.9
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
dhcpd address 192.168.0.20-192.168.0.150 inside
dhcpd enable inside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f1096822f004ad8b38190e1e6793dfe0
: end
ciscoasa#

Open in new window


ASA1 200.1

 
User Access Verification                        

Password:         
Type help or '?' for a list of available commands.                                                  
ciscoasa> en            
Password: ************                      
ciscoasa# sh run                
: Saved       
: 
ASA Version 7.2(3)                  
! 
hostname ciscoasa                 
domain-name default.domain.invalid                                  
enable password X.y0JGA9o6phmjQ6 encrypted                                          
names     
! 
interface Ethernet0/0                     
 nameif outside               
 security-level 0                 
 ip address 82.205.240.98 255.255.255.240                                         
! 
interface Ethernet0/1                     
 nameif inside              
 security-level 100                   
 ip address 172.16.0.1 255.255.255.0                                    
! 
interface Ethernet0/2                     
 nameif LOOP            
 security-level 100                  
 ip address 200.200.200.1 255.255.255.0                                       
! 
interface Ethernet0/3                     
 shutdown         
 no nameif          
 no security-level                  
 no ip address              
! 
interface Management0/0                       
 nameif management                  
 security-level 100                   
 ip address 192.168.1.1 255.255.255.0                                     
 management-only                
! 
passwd X.y0JGA9o6phmjQ6 encrypted                                 
ftp mode passive                
dns server-group DefaultDNS                           
 domain-name default.domain.invalid                                   
same-security-traffic permit inter-interface                                            
same-security-traffic permit intra-interface                                            
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192                                                                           
.0.0 255.255.255.0                  
access-list inside_access_in extended permit ip any any                                                       
pager lines 24              
logging asdm informational                          
mtu management 1500                   
mtu outside 1500                
mtu inside 1500               
mtu LOOP 1500             
icmp unreachable rate-limit 1 burst-size 1                                          
asdm image disk0:/asdm-523.bin                              
no asdm history enable                      
arp timeout 14400                 
global (outside) 1 interface                            
nat (inside) 0 access-list site_to_site_nat                                           
nat (inside) 1 0.0.0.0 0.0.0.0                              
access-group inside_access_in in interface inside                                                 
access-group site_to_site_nat in interface LOOP                                               
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1                                             
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1                                                    
timeout xlate 3:00:00                     
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02                                                                 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00                                                                              
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00                                                                               
timeout uauth 0:05:00 absolute                              
http server enable                  
http 172.16.0.0 255.255.255.0 inside                                    
http 192.168.1.0 255.255.255.0 management                                         
no snmp-server location                       
no snmp-server cont                 
snmp-server enable traps snmp authentication linkup linkdown coldstart                                                                      
telnet 172.16.0.0 255.255.255.0 inside                                      
telnet timeout 5                
ssh timeout 5             
console timeout 0                 
dhcpd dns 172.16.0.3 82.205.224.9                                 
! 
dhcpd address 192.168.1.2-192.168.1.254 management                                                  
dhcpd enable management                       
! 
dhcpd address 172.16.0.20-172.16.0.150 inside                                             
dhcpd enable inside                   
! 
! 
class-map inspection_default                            
 match default-inspection-traffic                                 
! 
! 
policy-map type inspect dns preset_dns_map                                          
 parameters           
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:622c1dc0c954eab3efa7330bfe9786aa
: end
ciscoasa#

Open in new window

0
 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 2000 total points
ID: 36999851
Just noticed, why did you add these lines on both boxes:

access-group site_to_site_nat in interface LOOP

Remove them and see what happens ... once you have an access group/list defined and assigned to an interface, any traffic that does not match any rule is implicitly denied ...
0
 

Author Comment

by:nasemabdullaa
ID: 37000313
Hello

Please I remove from both side and still not working. Plesae any Idea

ASA1


Regards
User Access Verificationt (5/5), round-trip min/

Password:/1/1 ms  
Type help or '?' for a list of available commands.               
ciscoasa# ping 200.200.200.2      
ciscoasa> en         
Ty
Password: ************bort.                 
ciscoasa# sh run                
: Saved       
: 
ASA Version 7.2(3)                  
! 
hostname ciscoasa                 
domain-name default.domain.invalid                                  
enable password X.y0JGA9o6phmjQ6 encrypted                                          
names     
! 
interface Ethernet0/0                     
 nameif outside               
 security-level 0                 
 ip address 82.205.240.98 255.255.255.240                                         
! 
interface Ethernet0/1                     
 nameif inside              
 security-level 100                   
 ip address 172.16.0.1 255.255.255.0                                    
! 
interface Ethernet0/2                     
 nameif LOOP            
 security-level 100                  
interface Ethernet0/3                     
 shutdown         
 no nameif          
 no security-level                  
 no ip address              
! 
interface Management0/0                       
 nameif management                  
 security-level 100                   
 ip address 192.168.1.1 255.255.255.0                                     
 management-only                
! 
passwd X.y0JGA9o6phmjQ6 encrypted                                 
ftp mode passive                
dns server-group DefaultDNS                           
 domain-name default.domain.invalid                                   
same-security-traffic permit inter-interface                                            
same-security-traffic permit intra-interface                                            
access-list site_to_site_nat extended permit ip 172.16.0.0 255.255.255.0 192                                                                           
.0.0 255.255.255.0                  
access-list inside_access_in extended permit ip any any                                                       
pager lines 24              
logging asdm informational                          
mtu management 1500                   
mtu outside 1500                
mtu inside 1500               
mtu LOOP 1500             
icmp unreachable rate-limit 1 burst-size 1                                          
asdm image disk0:/asdm-523.bin                              
no asdm history enable                      
arp timeout 14400                 
global (outside) 1 interface                            
nat (inside) 0 access-list site_to_site_nat                                           
nat (inside) 1 0.0.0.0 0.0.0.0                              
access-group inside_access_in in interface inside                                                 
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1                                             
route LOOP 192.168.0.0 255.255.255.0 200.200.200.2 1                                                    
timeout xlate 3:00:00                     
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02                                                                 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00                                                                              
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00                                                                               
timeout uauth 0:05:00 absolute                              
http server enable                  
http 172.16.0.0 255.255.255.0 inside                                    
http 192.168.1.0 255.255.255.0 management                                         
no snmp-server location                       
no snmp-server contact                      
snmp-server enable traps snmp authenticati                                        
telnet 172.16.0.0 255.255.255.0 inside                                      
telnet timeout 5                
ssh timeout 5             
console timeout 0                 
dhcpd dns 172.16.0.3 82.205.224.9                                 
! 
dhcpd address 192.168.1.2-192.168.1.254 management                                                  
dhcpd enable management                       
! 
dhcpd address 172.16.0.20-172.16.0.150 inside                                             
dhcpd enable inside                   
! 
! 
class-map inspection_default                            
 match default-inspection-traffic                                 
! 
! 
policy-map type inspect dns preset_dns_map                                          
 parameters           
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
username admin password iVNFW4yy7AEuRtxE encrypted privilege 15
prompt hostname context
Cryptochecksum:f3ec8e535dce18d4310af9f58cd164ab
: end
ciscoasa#

Open in new window

0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37000352
Is the output from the previously failed packet tracer call still the same? Sorry, but it's a bit tiresome having to ask you to run the diagnostic tools again and again ...
0
 

Author Comment

by:nasemabdullaa
ID: 37000403
Hello

For ASA1
 
User Access Verification                        

Password:         
Type help or '?' for a list of available commands.                                                  
ciscoasa> en            
Password: ************                      
ciscoasa# conf t                
ciscoasa(config)# packet-tracer input loop icmp 172.16.0.20 8 0 192.168.0.10                                                                            

Phase: 1        
Type: ACCESS-LIST                 
Subtype:        
Result: ALLOW             
Config:       
Implicit Rule             
Additional Information:                       
MAC Access list               

Phase: 2        
Type: FLOW-LOOKUP                 
Subtype:        
Result: ALLOW             
Config:       
Additional Information:                       
Found no matching flow, creating a new flow                                           

Phase: 3        
Type: ROUTE-LOOKUP                  
Subtype: input              
Result: ALLOW             
Config:       
Additional Information:                       
in   192.168.0.0     255.255.255.0   LOOP                                         

Phase: 4        
Type: ACCESS-LIST                 
Subtype:        
Result: ALLOW             
Config:       
Implicit Rule             
Additional Information:                       

Phase: 5        
Type: IP-OPTIONS                
Subtype:        
Result: ALLOW             
Config:       
Additional Information:                       

Phase: 6        
Type: INSPECT             
Subtype: np-inspect                   
Result: ALLOW             
Config:       
Additional Information:                       

Phase: 7        
Type: FLOW-CREATION                   
Subtype:        
Result: ALLOW             
Config:
Additional Information:
New flow created with id 175018, packet dispatched to next module

Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.2 using egress ifc LOOP
adjacency Active
next-hop mac address 001a.6d7c.7c08 hits 1030

Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow

ciscoasa(config)#

Open in new window


ASA2


 
ciscoasa> en
Password: ************
ciscoasa# conf t
ciscoasa(config)# packet-tracer input loop icmp 192.16.0.20 8 0 172.16.0.10

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   172.16.0.0      255.255.255.0   LOOP

Phase: 4
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 63, packet dispatched to next module

Phase: 8
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 2448

Result:
input-interface: LOOP
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow

ciscoasa(config)#

Open in new window

0
 

Author Comment

by:nasemabdullaa
ID: 37000444
Plesae any help any idea can help me

Regards
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37000483
I was talking about the tracer that failed, on the INSIDE interface ...
0
 

Author Comment

by:nasemabdullaa
ID: 37000498
Hello

Plesae can you explain

Regards
0
 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 2000 total points
ID: 37000543
This one:

packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10

on the ASA with the 192.168 on its inside net
0
 

Author Comment

by:nasemabdullaa
ID: 37000618
Hello

Thank you for your reply

ASA1 172.16.0.0  (packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10)
 
User Access Verificationtranslate_hits = 1      

Password:         
Type help or '?' for a list of available commands.                                                  
ciscoasa> en            
Password: ************                      
ciscoasa# conf t                
ciscoasa(config)# packet-tracer input inside icmp 172.16.0.20 8 0 192.168.0.10                                                                              

Phase: 1        
Type: FLOW-LOOKUP                 
Subtype:        
Result: ALLOW             
Config:       
Additional Information:                       
Found no matching flow, creating a new flow                                           

Phase: 2        
Type: ROUTE-LOOKUP                  
Subtype: input              
Result: ALLOW             
Config:       
Additional Information:                       
in   192.168.0.0     255.255.255.0   LOOP                                         

Phase: 3        
Type: ACCESS-LIST                 
Subtype: log            
Result: ALLOW             
Config:       
access-group inside_access_in in interface inside                                                 
access-list inside_access_in extended permit ip any any                                                       
Additional Information:                       

Phase: 4        
Type: IP-OPTIONS                
Subtype:        
Result: ALLOW             
Config:       
Additional Information:                       

Phase: 5        
Type: INSPECT             
Subtype: np-inspect                   
Result: ALLOW             
Config:       
Additional Information:                       

Phase: 6        
Type: NAT-EXEMPT                
Subtype:        
Result: ALLOW             
Config:       
nat (inside) 0 access-list site_to_site_nat                                           
  match ip inside 172.16.0.0 255.255.255.0 LOOP 192.168.0.0 255.255.255.0                                                                         
    NAT exempt              
    translate_hits = 7770, untranslate_hits = 9                                               
Additional Information:                       

Phase: 7        
Type: NAT         
Subtype:        
Result: ALLOW             
Config:       
nat (inside) 1 0.0.0.0 0.0.0.0                              
  match ip inside any LOOP any                              
    dynamic translation to pool 1 (No matching global)                                                      
    translate_hits = 0, untranslate_hits = 0                                            
Additional Information:                       

Phase: 8        
Type: NAT         
Subtype: host-limits                    
Result: ALLOW             
Config:       
nat (inside) 1 0.0.0.0 0.0.0.0                              
  match ip inside any management any                                    
    dynamic translation to pool 1 (No matching global)                                                      
    translate_hits = 0, untr                           
Additional Information:                       

Phase: 9        
Type: FLOW-CREATION                   
Subtype:        
Result: ALLOW             
Config:
Additional Information:
New flow created with id 175601, packet dispatched to next module

Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.2 using egress ifc LOOP
adjacency Active
next-hop mac address 001a.6d7c.7c08 hits 5145

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow

ciscoasa(config)#

Open in new window


ASA1 192.168.0.0  (packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10)

 
ciscoasa(config)# packet-tracer input inside icmp 192.168.0.20 8 0 172.16.0.10

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   172.16.0.0      255.255.255.0   LOOP

Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip any any
Additional Information:

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 7
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
  match ip inside 192.168.0.0 255.255.255.0 LOOP 172.16.0.0 255.255.255.0
    NAT exempt
    translate_hits = 10, untranslate_hits = 3
Additional Information:

Phase: 8
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
  match ip inside any LOOP any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
Additional Information:

Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 0 access-list site_to_site_nat
nat (inside) 1 0.0.0.0 0.0.0.0
  match ip inside any outside any
    dynamic translation to pool 1 (82.205.240.146 [Interface PAT])
    translate_hits = 297, untranslate_hits = 0
Additional Information:

Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 331, packet dispatched to next module

Phase: 11
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 200.200.200.1 using egress ifc LOOP
adjacency Active
next-hop mac address 001f.ca7e.1290 hits 8735

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: LOOP
output-status: up
output-line-status: up
Action: allow

ciscoasa(config)#

Open in new window

0
 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 2000 total points
ID: 37000700
This actually does look pretty good ... so from the packet tracer's POV, packets ought to get through both incoming on the LAN, and coming from the other firewall ...

put these lines into both ASAs:

access-list 99 extended permit ip 172.16.0.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 99 extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0

and start a packet capture on both boxes:

capture TEST1 int inside buffer 128000 access-list 99
capture TEST2 int loop buffer 128000 access-list 99

Then do some pings from machines connected to one lan to machines connected to the lan on the other side ...

Get the output with

show capture TEST1
show capture TEST2

on both boxes.

To remove the capture, do "no capture TEST1" and "no capture TEST2"
0
 

Author Comment

by:nasemabdullaa
ID: 37000943
Hello

ASA1


 
605: 21:49:29.934201 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33                                                                 
 
 606: 21:49:29.934445 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                 
 
 607: 21:49:29.935574 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                
 
 608: 21:49:29.980768 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32y                                                                
 
 609: 21:49:29.980982 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                 
 
 610: 21:49:29.982432 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                                 
 
 611: 21:49:30.027479 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                 
 
 612: 21:49:30.027937 192.168.0.29.3684                                       
 619: 21:49:30.844057 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                   
 620: 21:49:30.844270 192.168.0.29.3684                                       
 622: 21:49:30.933698 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37y                                                                  
 623: 21:49:30.933987 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34t                                                                  
 624: 21:49:30.937649 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 625: 21:49:31.084605 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                  
 
 626: 21:49:31.086970 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                  
 627: 21:49:31.762640 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35t                                                                  
 628: 21:49:31.767843 172.16.0.45.1299 >1                                     
 630: 21:49:31.981241 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33y                                                                  
 631: 21:49:31.981409 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35                                                                   
 632: 21:49:31.984705 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 633: 21:49:32.083415 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                  
 
 634: 21:49:32.085810 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                  
 635: 21:49:32.317869 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32t5                                                                 
 636: 21:49:32.317991 192.168.0.29.3684 1                                     
 638: 21:49:32.793812 192.168.0.29.3684 > 172.16.0.45.1299:  udp 355                                                                  
 639: 21:49:32.799351 172.16.0.45.1299 > 192.168.0.29.3684:  udp 3436                                                                 
 640: 21:49:32.825091 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3134                                                                 
 641: 21:49:32.981135 192.168.0.29.3684 > 172.16.0.45.1299:  udp 7632                                                                 
 642: 21:49:32.981257 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3434                                                                 
 643: 21:49:32.986780 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t4                                                                 
 644: 21:49:33.027845 192.168.0.29.3684 1                                     
 645: 21:49:33.029249 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                   
 646: 21:49:33.033720 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 647: 21:49:33.074672 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32t                                                                  
 648: 21:49:33.074840 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34y                                                                  
 649: 21:49:33.080745 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 650: 21:49:33.081264 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                  
 
 651: 21:49:33.085948 192.168.0.201 > 172.16.0.3: icmp: echo reply5                                                                 
 652: 21:49:33.825091 192.168.0.29.3684                                       
 654: 21:49:33.855790 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                   
 655: 21:49:34.012969 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33                                                                   
 656: 21:49:34.013442 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                   
 657: 21:49:34.018218 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 658: 21:49:34.079997 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                  
 
 659: 21:49:34.083034 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                  
 660: 21:49:34.840517 192.168.0.29.3684 1                                     
 
 662: 21:49:34.871582 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                 
 
 663: 21:49:34.996759 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                 
 
 664: 21:49:34.997339 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33                                                                 
 
 665: 21:49:34.997491 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                 
 
 666: 21:49:34.998788 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                                 
 
 667: 21:49:35.044934 192.168.0.29.3684 > 172.16.0.45.1299:  udp 52t                                                                
 
 668: 21:49:35.045194 192.168.0.29.3684 1                                     
 
 673: 21:49:35.872009 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35t                                                                
 
 674: 21:49:35.873856 172.16.0.45.1299 > 192.168.0.29.3684:  udp 341                                                                
 
 675: 21:49:35.902861 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3235                                                               
 
 676: 21:49:35.996759 192.168.0.29.3684                                       
 680: 21:49:36.044187 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43t                                                  
   2: 21:48:3
 
 681: 21:49:36.044614 192.168.0.29.3684 > 172.16.0.45.1299:  udp 261                                                  
   3: 21:48:3
 41
 682: 21:49:36.045163 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35                                                 
   4: 21:48:3
 41
 683: 21:49:36.049756 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                   
   5: 21:48
 42
 684: 21:49:36.092463 172.16.0.3 > 192.                                     
 696: 21:49:37.092448 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                  
 697: 21:49:37.106394 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                   
 698: 21:49:37.106973 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                   
 699: 21:49:37.110422 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 700: 21:49:37.156287 192.168.0.29.3684 1                                     
 
 702: 21:49:37.163123 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34y                                                                
 
 703: 21:49:37.919370 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                 
 
 704: 21:49:37.924939 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                                 
 
 705: 21:49:37.950329 192.168.0.29.3684 > 172.16.0.45.1299:  udp 31                                                                 
 
 706: 21:49:38.044019 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                 
 
 707: 21:49:38.045148 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34t                                                                
 
 708: 21:49:38.053952 172.16.0.45.1299 >1                                     
 715: 21:49:39.060147 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34t                                                                  
 716: 21:49:39.061993 172.16.0.45.1299 >1                                     
 
 718: 21:49:39.104517 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                  
 719: 21:49:39.739509 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32t                                                                  
 720: 21:49:39.740196 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34y                                                                  
 721: 21:49:39.741630 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 722: 21:49:39.966884 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35y                                                                  
 723: 21:49:39.970118 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                  
 724: 21:49:39.997461 192.168.0.29.3684 1                                     
Type help or '?' for a list of available commands.             
 726: 21:49:40.091944 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34trd: ************                      
ciscoasa# conf t           
 727: 21:49:40.093256 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t255.255.255.0 1$                                                  
 728: 21:49:40.117822 172.16.0.3 > 192.168.0.201: icmp: echo requested permit ip 192.168.0.0 255.255.255.0 $                          
 
 729: 21:49:40.120980 192.168.0.201 > 172.16.0.3: icmp: echo reply)# exit wr mem                             
                      
 730: 21:49:40.137901 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32yker.                                              
ciscoasa(config
 731: 21:49:40.139000 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34g configuration...                         
Cryptochecksum: 32a1634
 732: 21:49:40.140114 172.16.0.45.1299 >                                      
?????     
Success rate is 0 percent (
 736: 21:49:40.982569 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
ciscoasa(config)# capture TEST1 int inside buffer 128000 access-li
 737: 21:49:40.983927 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34        
ciscoasa(config)# capture TEST2 int loop buffer 128000 acc
 738: 21:49:41.013930 192.168.0.29.3684 > 172.16.0.45.1299:  udp 31            
ciscoasa(config)# show capture TEST1                  
 739: 21:49:41.106958 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33t48:35.786168 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33        
 740: 21:49:41.107095 192.168.0.29.3684 1                 
                   
 750: 21:49:42.130532 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                  
 
 751: 21:49:42.132958 192.168.0.201 > 172.16.0.3: icmp: echo reply5                                                                 
 752: 21:49:42.169440 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3234                                                                 
 753: 21:49:42.169928 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3432                                                                 
 754: 21:49:42.171637 172.16.0.45.1299 > 192.168.0.29.3684:  udp 3434                                                                 
 755: 21:49:42.216343 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3234                                                                 
 756: 21:49:42.216694 192.168.0.29.3684 4                                     
 
 758: 21:49:43.014006 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35y                                                                
 
 759: 21:49:43.015517 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                
 
 760: 21:49:43.044385 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32y                                                                
 
 761: 21:49:43.129067 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                
 
 
 762: 21:49:43.130577 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                
 
 763: 21:49:43.138847 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33                                                                 
 
 764: 21:49:43.139213 192.168.0.29.3684                                       
 773: 21:49:43.280533 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                 
 
 774: 21:49:43.285065 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                                 
 
 775: 21:49:44.044995 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36                                                                 
 
 776: 21:49:44.048871 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                                 
 
 777: 21:49:44.076457 192.168.0.29.3684 > 172.16.0.45.1299:  udp 31                                                                 
 
 778: 21:49:44.143196 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                
 
 
 779: 21:49:44.144859 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                
 
 780: 21:49:44.199406 192.168.0.29.3684                                       
 789: 21:49:45.141731 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                
 
 
 790: 21:49:45.142692 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                
 
 791: 21:49:45.248812 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33yTEST2                                      
886 packets captured
 
 792: 21:49:45.249224 192.168.0.29.3684 > 172.16.0.45.1299:  udp 350.45.1299:  udp 32                                               
 
 793: 21:49:45.250215 172.16.0.45.1299 > 192.168.0.29.3684:  udp 340.45.1299:  udp 48                                               
 
 794: 21:49:45.680018 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32t.29.3684:  udp 34                                               
 
 795: 21:49:45.680110 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34y.29.3684:  udp 34                                               
 
 796: 21:49:45.683878 172.16.0.45.1299 >                                      
 806: 21:49:46.268311 172.16.0.3.53 > 192.168.0.29.54587:  udp 2284                                                                 
 807: 21:49:46.295074 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3234t                                                                
 808: 21:49:46.295898 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3432y                                                                
 809: 21:49:46.299148 172.16.0.45.1299 > 192.168.0.29.3684:  udp 3434                                                                 
 810: 21:49:46.343045 192.168.0.29.3684 > 172.16.0.45.1299:  udp 3234                                                                 
 811: 21:49:46.343945 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34est                                                                
 812: 21:49:46.346036 172.16.0.45.1299 >  1                                     
 813: 21:49:47.154426 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                
 
 
 814: 21:49:47.157279 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                
 
 815: 21:49:47.163947 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34y                                                                
 
 816: 21:49:47.166464 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                                 
 
 817: 21:49:47.186178 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                 
 
 818: 21:49:47.282486 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32                                                                 
 
 819: 21:49:47.282990 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35t                                                                
 
 820: 21:49:47.289535 172.16.0.45.1299 >1                                     
 829: 21:49:49.167090 172.16.0.3 > 192.168.0.201: icmp: echo request                                                                
 
 
 830: 21:49:49.168143 192.168.0.201 > 172.16.0.3: icmp: echo reply                                                                
 
 831: 21:49:49.202305 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34t                                                                
 
 832: 21:49:49.205952 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                
 
 833: 21:49:49.232791 192.168.0.29.3684 > 172.16.0.45.1299:  udp 31y                                                                
 
 834: 21:49:49.327207 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33t                                                                
 
 835: 21:49:49.327818 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34y                                                                
 
 836: 21:49:49.328886 172.16.0.45.1299 >                                      
 845: 21:49:50.264207 192.168.0.29.3684 > 172.16.0.45.1299:  udp 31                                                                 
 
 846: 21:49:50.328977 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33                                                                 
 
 847: 21:49:50.329084 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                 
 
 848: 21:49:50.334867 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34t                                                                
 
 849: 21:49:50.374812 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32y                                                                
 
 850: 21:49:50.375255 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34                                                                 
 
 851: 21:49:50.381724 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34                                                                 
 
 852: 21:49:50.420663 192.168.0.29.3684                                       
 859: 21:49:51.280533 192.168.0.29.3684 > 172.16.0.45.1299:  udp 31y                                                                  
 860: 21:49:51.373988 192.168.0.29.3684                                       
 862: 21:49:51.377955 172.16.0.45.1299 > 192.168.0.29.3684:  udp 345                                                                  
 863: 21:49:52.178549 172.16.0.3 > 192.168.0.201: icmp: echo request6                                                                 
 
 865: 21:49:52.265184 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 866: 21:49:52.268723 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 867: 21:49:52.295654 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 868: 21:49:52.390009 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33
 869: 21:49:52.392054 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 870: 21:49:52.397638 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 871: 21:49:53.102228 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 872: 21:49:53.102457 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 873: 21:49:53.106760 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 874: 21:49:53.177145 172.16.0.3 > 192.168.0.201: icmp: echo request
 875: 21:49:53.179357 192.168.0.201 > 172.16.0.3: icmp: echo reply
 876: 21:49:53.295989 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 877: 21:49:53.300094 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 878: 21:49:53.327024 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 879: 21:49:54.175528 172.16.0.3 > 192.168.0.201: icmp: echo request
 880: 21:49:54.179647 192.168.0.201 > 172.16.0.3: icmp: echo reply
 881: 21:49:54.327406 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 882: 21:49:54.331480 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 883: 21:49:54.358456 192.168.0.29.3684 > 172.16.0.45.1299:  udp 31
 884: 21:49:54.360592 192.168.0.29.3684 > 172.16.0.45.1299:  udp 70
 885: 21:49:54.361400 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 886: 21:49:54.366680 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
886 packets shown
ciscoasa(config)#

Open in new window


ASA2
 
60: 05:13:32.863770 192.168.0.29.3684 > 172.16.0.45.1299:  udp 58
  61: 05:13:32.863846 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
  62: 05:13:32.867386 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  63: 05:13:33.347851 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
  64: 05:13:33.353802 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  65: 05:13:33.379115 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
  66: 05:13:33.381785 172.16.0.3 > 192.168.0.201: icmp: echo request
  67: 05:13:33.382167 192.168.0.201 > 172.16.0.3: icmp: echo reply
  68: 05:13:33.847764 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
  69: 05:13:33.847826 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
  70: 05:13:33.851228 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  71: 05:13:33.894912 192.168.0.29.3684 > 172.16.0.45.1299:  udp 82
  72: 05:13:33.894957 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
  73: 05:13:33.899382 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  74: 05:13:34.058697 192.168.0.29.3684 > 172.16.0.45.1299:  udp 33
  75: 05:13:34.058789 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
  76: 05:13:34.062710 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  77: 05:13:34.379008 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
  78: 05:13:34.379359 172.16.0.3 > 192.168.0.201: icmp: echo request
  79: 05:13:34.379802 192.168.0.201 > 172.16.0.3: icmp: echo reply
  80: 05:13:34.387293 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  81: 05:13:34.410272 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
  82: 05:13:34.796162 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
  83: 05:13:34.876144 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  84: 05:13:34.926572 192.168.0.29.3684 > 172.16.0.45.1299:  udp 56
  85: 05:13:34.926633 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
  86: 05:13:34.931516 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  87: 05:13:34.987619 192.168.0.29.3684 > 172.16.0.45.1299:  udp 68
  88: 05:13:34.988474 192.168.0.29.3684 > 172.16.0.45.1299:  udp 70
  89: 05:13:34.988581 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
  90: 05:13:34.995843 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  91: 05:13:35.165320 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  92: 05:13:35.253374 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
  93: 05:13:35.253420 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
  94: 05:13:35.259721 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  95: 05:13:35.316893 192.168.0.29.3684 > 172.16.0.45.1299:  udp 66
  96: 05:13:35.316939 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
  97: 05:13:35.324903 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
  98: 05:13:35.376781 172.16.0.3 > 192.168.0.201: icmp: echo request
  99: 05:13:35.377238 192.168.0.201 > 172.16.0.3: icmp: echo reply
 100: 05:13:35.394938 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 101: 05:13:35.400797 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 102: 05:13:35.426064 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 103: 05:13:35.452247 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 104: 05:13:35.560258 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43
 105: 05:13:35.560319 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 106: 05:13:35.564591 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 107: 05:13:35.648312 192.168.0.29.3684 > 172.16.0.45.1299:  udp 47
 108: 05:13:35.648358 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 109: 05:13:35.653683 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 110: 05:13:35.700357 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 111: 05:13:35.804859 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 112: 05:13:35.848024 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
 113: 05:13:35.848192 192.168.0.29.3684 > 172.16.0.45.1299:  udp 80
 114: 05:13:35.848466 192.168.0.29.3684 > 172.16.0.45.1299:  udp 48
 115: 05:13:35.848512 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 116: 05:13:35.857331 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 117: 05:13:35.925504 192.168.0.29.3684 > 172.16.0.45.1299:  udp 46
 118: 05:13:35.930036 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1112
 119: 05:13:35.934262 192.168.0.29.3684 > 172.16.0.45.1299:  udp 944
 120: 05:13:35.936581 192.168.0.29.3684 > 172.16.0.45.1299:  udp 562
 121: 05:13:35.939724 192.168.0.29.3684 > 172.16.0.45.1299:  udp 601
 122: 05:13:35.946713 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1087
 123: 05:13:35.952328 192.168.0.29.3684 > 172.16.0.45.1299:  udp 979
 124: 05:13:35.955181 172.16.0.45.1299 > 192.168.0.29.3684:  udp 16
 125: 05:13:35.955623 192.168.0.29.3684 > 172.16.0.45.1299:  udp 608
 126: 05:13:35.959117 192.168.0.29.3684 > 172.16.0.45.1299:  udp 609
 127: 05:13:35.959133 192.168.0.29.3684 > 172.16.0.45.1299:  udp 40
 128: 05:13:35.967570 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 129: 05:13:35.997583 192.168.0.29.3684 > 172.16.0.45.1299:  udp 111
 130: 05:13:36.004760 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 131: 05:13:36.066738 192.168.0.29.3684 > 172.16.0.45.1299:  udp 52
 132: 05:13:36.066784 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 133: 05:13:36.070476 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 134: 05:13:36.113778 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43
 135: 05:13:36.113794 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 136: 05:13:36.124688 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 137: 05:13:36.391794 172.16.0.3 > 192.168.0.201: icmp: echo request
 138: 05:13:36.392283 192.168.0.201 > 172.16.0.3: icmp: echo reply
 139: 05:13:36.410608 192.168.0.29.3684 > 172.16.0.45.1299:  udp 38
 140: 05:13:36.416726 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 141: 05:13:36.441917 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 142: 05:13:36.676005 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 143: 05:13:36.737785 192.168.0.29.3684 > 172.16.0.45.1299:  udp 42
 144: 05:13:36.737876 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 145: 05:13:36.745032 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 146: 05:13:36.807499 192.168.0.29.3684 > 172.16.0.45.1299:  udp 87
 147: 05:13:36.814334 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 148: 05:13:36.868698 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 149: 05:13:36.987726 192.168.0.29.3684 > 172.16.0.45.1299:  udp 73
 150: 05:13:36.987894 192.168.0.29.3684 > 172.16.0.45.1299:  udp 109
 151: 05:13:36.987909 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 152: 05:13:36.997766 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 153: 05:13:37.064587 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 154: 05:13:37.190709 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
 155: 05:13:37.190709 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 156: 05:13:37.193929 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 157: 05:13:37.254366 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43
 158: 05:13:37.254381 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 159: 05:13:37.257890 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 160: 05:13:37.292663 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 161: 05:13:37.380168 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 162: 05:13:37.391077 172.16.0.3 > 192.168.0.201: icmp: echo request
 163: 05:13:37.391688 192.168.0.201 > 172.16.0.3: icmp: echo reply
 164: 05:13:37.426689 192.168.0.29.3684 > 172.16.0.45.1299:  udp 60
 165: 05:13:37.426705 192.168.0.29.3684 > 172.16.0.45.1299:  udp 50
 166: 05:13:37.433708 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 167: 05:13:37.434730 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 168: 05:13:37.473043 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 169: 05:13:37.485006 172.16.0.45.1299 > 192.168.0.29.3684:  udp 31
 170: 05:13:37.487889 192.168.0.29.3684 > 172.16.0.45.1299:  udp 85
 171: 05:13:37.497563 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 172: 05:13:37.501835 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 173: 05:13:37.665401 192.168.0.29.3684 > 172.16.0.45.1299:  udp 41
 174: 05:13:37.665416 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 175: 05:13:37.673976 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 176: 05:13:37.738868 192.168.0.29.3684 > 172.16.0.45.1299:  udp 41
 177: 05:13:37.738883 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 178: 05:13:37.745246 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 179: 05:13:37.817310 192.168.0.29.3684 > 172.16.0.45.1299:  udp 133
 180: 05:13:37.817371 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 181: 05:13:37.821917 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 182: 05:13:38.052731 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 183: 05:13:38.129311 192.168.0.29.3684 > 172.16.0.45.1299:  udp 96
 184: 05:13:38.131508 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 185: 05:13:38.157111 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 186: 05:13:38.209492 192.168.0.29.3684 > 172.16.0.45.1299:  udp 65
 187: 05:13:38.214481 192.168.0.29.3684 > 172.16.0.45.1299:  udp 871
 188: 05:13:38.219608 192.168.0.29.3684 > 172.16.0.45.1299:  udp 924
 189: 05:13:38.223438 192.168.0.29.3684 > 172.16.0.45.1299:  udp 605
 190: 05:13:38.226169 192.168.0.29.3684 > 172.16.0.45.1299:  udp 570
 191: 05:13:38.230075 192.168.0.29.3684 > 172.16.0.45.1299:  udp 778
 192: 05:13:38.236758 192.168.0.29.3684 > 172.16.0.45.1299:  udp 878
 193: 05:13:38.239764 172.16.0.45.1299 > 192.168.0.29.3684:  udp 16
 194: 05:13:38.240252 192.168.0.29.3684 > 172.16.0.45.1299:  udp 625
 195: 05:13:38.243273 192.168.0.29.3684 > 172.16.0.45.1299:  udp 603
 196: 05:13:38.243288 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
 197: 05:13:38.248980 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 198: 05:13:38.295608 192.168.0.29.3684 > 172.16.0.45.1299:  udp 72
 199: 05:13:38.302077 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 200: 05:13:38.388377 172.16.0.3 > 192.168.0.201: icmp: echo request
 201: 05:13:38.388773 192.168.0.201 > 172.16.0.3: icmp: echo reply
 202: 05:13:38.457633 192.168.0.29.3684 > 172.16.0.45.1299:  udp 38
 203: 05:13:38.467016 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 204: 05:13:38.488896 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 205: 05:13:38.741233 172.16.0.45.1299 > 192.168.0.29.3684:  udp 39
 206: 05:13:38.779134 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 207: 05:13:38.823535 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 208: 05:13:38.823581 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 209: 05:13:38.823596 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 210: 05:13:38.828555 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 211: 05:13:38.869919 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 212: 05:13:38.916364 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 213: 05:13:38.951488 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 214: 05:13:39.000503 172.16.0.45.1299 > 192.168.0.29.3684:  udp 39
 215: 05:13:39.012069 192.168.0.29.3684 > 172.16.0.45.1299:  udp 58
 216: 05:13:39.012160 192.168.0.29.3684 > 172.16.0.45.1299:  udp 90
 217: 05:13:39.017958 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 218: 05:13:39.045575 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 219: 05:13:39.081019 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 220: 05:13:39.101221 192.168.0.29.3684 > 172.16.0.45.1299:  udp 428
 221: 05:13:39.101252 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 222: 05:13:39.105524 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 223: 05:13:39.356457 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 224: 05:13:39.403818 172.16.0.3 > 192.168.0.201: icmp: echo request
 225: 05:13:39.404108 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 226: 05:13:39.404245 192.168.0.201 > 172.16.0.3: icmp: echo reply
 227: 05:13:39.426003 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 228: 05:13:39.426018 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 229: 05:13:39.432289 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 230: 05:13:39.450645 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 231: 05:13:39.498417 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 232: 05:13:39.505024 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 233: 05:13:39.509678 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 234: 05:13:39.536028 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 235: 05:13:39.543444 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 236: 05:13:39.572800 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 237: 05:13:39.583832 192.168.0.29.3684 > 172.16.0.45.1299:  udp 56
 238: 05:13:39.583923 192.168.0.29.3684 > 172.16.0.45.1299:  udp 99
 239: 05:13:39.583984 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 240: 05:13:39.591232 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 241: 05:13:39.619856 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 242: 05:13:39.666484 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 243: 05:13:39.704721 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 244: 05:13:39.749015 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 245: 05:13:39.807285 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 246: 05:13:39.847261 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 247: 05:13:39.847368 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 248: 05:13:39.855027 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 249: 05:13:39.855393 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 250: 05:13:39.907469 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 251: 05:13:39.947903 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 252: 05:13:39.995859 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 253: 05:13:40.042508 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 254: 05:13:40.154243 192.168.0.29.3684 > 172.16.0.45.1299:  udp 50
 255: 05:13:40.187780 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 256: 05:13:40.187887 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 257: 05:13:40.188176 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 258: 05:13:40.188298 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1175
 259: 05:13:40.202778 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 260: 05:13:40.228915 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 261: 05:13:40.249330 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 262: 05:13:40.295440 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 263: 05:13:40.327024 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 264: 05:13:40.400507 172.16.0.3 > 192.168.0.201: icmp: echo request
 265: 05:13:40.401056 192.168.0.201 > 172.16.0.3: icmp: echo reply
 266: 05:13:40.409723 192.168.0.29.3684 > 172.16.0.45.1299:  udp 64
 267: 05:13:40.412606 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 268: 05:13:40.535967 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 269: 05:13:40.544725 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 270: 05:13:40.567139 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 271: 05:13:41.098856 192.168.0.29.3684 > 172.16.0.45.1299:  udp 84
 272: 05:13:41.098917 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 273: 05:13:41.105219 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 274: 05:13:41.258928 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 275: 05:13:41.316344 192.168.0.29.3684 > 172.16.0.45.1299:  udp 46
 276: 05:13:41.322645 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 277: 05:13:41.414437 172.16.0.3 > 192.168.0.201: icmp: echo request
 278: 05:13:41.414910 192.168.0.201 > 172.16.0.3: icmp: echo reply
 279: 05:13:41.567445 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 280: 05:13:41.573029 172.16.0.45.1299 > 192.168.0.29.3684:  udp 36
 281: 05:13:41.598678 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 282: 05:13:41.654217 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 283: 05:13:41.654278 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 284: 05:13:41.660808 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 285: 05:13:41.911375 192.168.0.29.3684 > 172.16.0.45.1299:  udp 54
 286: 05:13:41.915480 192.168.0.29.3684 > 172.16.0.45.1299:  udp 580
 287: 05:13:41.915617 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 288: 05:13:41.920026 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 289: 05:13:41.958095 192.168.0.29.3684 > 172.16.0.45.1299:  udp 41
 290: 05:13:41.958232 192.168.0.29.3684 > 172.16.0.45.1299:  udp 42
 291: 05:13:41.958568 192.168.0.29.3684 > 172.16.0.45.1299:  udp 72
 292: 05:13:41.965648 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 293: 05:13:42.005080 192.168.0.29.3684 > 172.16.0.45.1299:  udp 41
 294: 05:13:42.005325 192.168.0.29.3684 > 172.16.0.45.1299:  udp 38
 295: 05:13:42.005386 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 296: 05:13:42.012618 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 297: 05:13:42.053509 192.168.0.29.3684 > 172.16.0.45.1299:  udp 265
 298: 05:13:42.053525 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 299: 05:13:42.059338 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 300: 05:13:42.101709 192.168.0.29.3684 > 172.16.0.45.1299:  udp 368
 301: 05:13:42.102106 192.168.0.29.3684 > 172.16.0.45.1299:  udp 97
 302: 05:13:42.102167 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 303: 05:13:42.106683 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 304: 05:13:42.154960 192.168.0.29.3684 > 172.16.0.45.1299:  udp 727
 305: 05:13:42.154975 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 306: 05:13:42.159308 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 307: 05:13:42.205464 192.168.0.29.3684 > 172.16.0.45.1299:  udp 927
 308: 05:13:42.205494 192.168.0.29.3684 > 172.16.0.45.1299:  udp 49
 309: 05:13:42.205494 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 310: 05:13:42.213337 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 311: 05:13:42.264894 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1217
 312: 05:13:42.264909 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 313: 05:13:42.272202 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 314: 05:13:42.286423 192.168.0.29.3684 > 172.16.0.45.1299:  udp 57
 315: 05:13:42.287170 192.168.0.29.3684 > 172.16.0.45.1299:  udp 747
 316: 05:13:42.287186 192.168.0.29.3684 > 172.16.0.45.1299:  udp 44
 317: 05:13:42.287445 192.168.0.29.3684 > 172.16.0.45.1299:  udp 199
 318: 05:13:42.287552 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 319: 05:13:42.294738 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 320: 05:13:42.333234 192.168.0.29.3684 > 172.16.0.45.1299:  udp 40
 321: 05:13:42.333951 192.168.0.29.3684 > 172.16.0.45.1299:  udp 353
 322: 05:13:42.334028 192.168.0.29.3684 > 172.16.0.45.1299:  udp 44
 323: 05:13:42.334394 192.168.0.29.3684 > 172.16.0.45.1299:  udp 193
 324: 05:13:42.334485 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 325: 05:13:42.341031 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 326: 05:13:42.380168 192.168.0.29.3684 > 172.16.0.45.1299:  udp 40
 327: 05:13:42.381816 192.168.0.29.3684 > 172.16.0.45.1299:  udp 659
 328: 05:13:42.381831 192.168.0.29.3684 > 172.16.0.45.1299:  udp 40
 329: 05:13:42.382334 192.168.0.29.3684 > 172.16.0.45.1299:  udp 178
 330: 05:13:42.382472 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 331: 05:13:42.388255 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 332: 05:13:42.427071 192.168.0.29.3684 > 172.16.0.45.1299:  udp 40
 333: 05:13:42.427956 192.168.0.29.3684 > 172.16.0.45.1299:  udp 249
 334: 05:13:42.428704 172.16.0.3 > 192.168.0.201: icmp: echo request
 335: 05:13:42.428749 192.168.0.29.3684 > 172.16.0.45.1299:  udp 120
 336: 05:13:42.429115 192.168.0.201 > 172.16.0.3: icmp: echo reply
 337: 05:13:42.429360 192.168.0.29.3684 > 172.16.0.45.1299:  udp 210
 338: 05:13:42.429405 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 339: 05:13:42.440178 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 340: 05:13:42.474188 192.168.0.29.3684 > 172.16.0.45.1299:  udp 41
 341: 05:13:42.476461 192.168.0.29.3684 > 172.16.0.45.1299:  udp 542
 342: 05:13:42.477499 192.168.0.29.3684 > 172.16.0.45.1299:  udp 121
 343: 05:13:42.478399 192.168.0.29.3684 > 172.16.0.45.1299:  udp 256
 344: 05:13:42.478399 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 345: 05:13:42.487248 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 346: 05:13:42.538424 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1080
 347: 05:13:42.538836 192.168.0.29.3684 > 172.16.0.45.1299:  udp 102
 348: 05:13:42.538882 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43
 349: 05:13:42.540041 192.168.0.29.3684 > 172.16.0.45.1299:  udp 231
 350: 05:13:42.540056 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 351: 05:13:42.546968 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 352: 05:13:42.567780 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43
 353: 05:13:42.568406 192.168.0.29.3684 > 172.16.0.45.1299:  udp 151
 354: 05:13:42.568574 192.168.0.29.3684 > 172.16.0.45.1299:  udp 47
 355: 05:13:42.569321 192.168.0.29.3684 > 172.16.0.45.1299:  udp 167
 356: 05:13:42.569855 192.168.0.29.3684 > 172.16.0.45.1299:  udp 89
 357: 05:13:42.569916 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43
 358: 05:13:42.570725 192.168.0.29.3684 > 172.16.0.45.1299:  udp 216
 359: 05:13:42.570756 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 360: 05:13:42.572480 172.16.0.45.1299 > 192.168.0.29.3684:  udp 16
 361: 05:13:42.575333 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 362: 05:13:42.614943 192.168.0.29.3684 > 172.16.0.45.1299:  udp 42
 363: 05:13:42.615263 192.168.0.29.3684 > 172.16.0.45.1299:  udp 114
 364: 05:13:42.615370 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
 365: 05:13:42.615614 192.168.0.29.3684 > 172.16.0.45.1299:  udp 76
 366: 05:13:42.615751 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
 367: 05:13:42.616209 192.168.0.29.3684 > 172.16.0.45.1299:  udp 187
 368: 05:13:42.616255 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 369: 05:13:42.616423 192.168.0.29.3684 > 172.16.0.45.1299:  udp 38
 370: 05:13:42.619261 172.16.0.45.1299 > 192.168.0.29.3684:  udp 16
 371: 05:13:42.626371 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 372: 05:13:42.626493 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 373: 05:13:42.661327 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 374: 05:13:42.662212 192.168.0.29.3684 > 172.16.0.45.1299:  udp 104
 375: 05:13:42.662410 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
 376: 05:13:42.662731 192.168.0.29.3684 > 172.16.0.45.1299:  udp 77
 377: 05:13:42.662792 192.168.0.29.3684 > 172.16.0.45.1299:  udp 40
 378: 05:13:42.663677 192.168.0.29.3684 > 172.16.0.45.1299:  udp 176
 379: 05:13:42.663707 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 380: 05:13:42.666057 172.16.0.45.1299 > 192.168.0.29.3684:  udp 16
 381: 05:13:42.668849 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 382: 05:13:42.708825 192.168.0.29.3684 > 172.16.0.45.1299:  udp 88
 383: 05:13:42.709466 192.168.0.29.3684 > 172.16.0.45.1299:  udp 202
 384: 05:13:42.709558 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 385: 05:13:42.715951 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 386: 05:13:42.755805 192.168.0.29.3684 > 172.16.0.45.1299:  udp 103
 387: 05:13:42.756308 192.168.0.29.3684 > 172.16.0.45.1299:  udp 180
 388: 05:13:42.756339 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 389: 05:13:42.764227 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 390: 05:13:42.802784 192.168.0.29.3684 > 172.16.0.45.1299:  udp 88
 391: 05:13:42.803486 192.168.0.29.3684 > 172.16.0.45.1299:  udp 88
 392: 05:13:42.803516 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 393: 05:13:42.812320 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 394: 05:13:42.848772 192.168.0.29.3684 > 172.16.0.45.1299:  udp 39
 395: 05:13:42.848939 192.168.0.29.3684 > 172.16.0.45.1299:  udp 65
 396: 05:13:42.848985 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 397: 05:13:42.857865 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 398: 05:13:42.895675 192.168.0.29.3684 > 172.16.0.45.1299:  udp 38
 399: 05:13:42.895965 192.168.0.29.3684 > 172.16.0.45.1299:  udp 79
 400: 05:13:42.896026 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 401: 05:13:42.906050 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 402: 05:13:42.974238 192.168.0.29.3684 > 172.16.0.45.1299:  udp 61
 403: 05:13:42.974284 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 404: 05:13:42.979334 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 405: 05:13:43.192967 192.168.0.29.3684 > 172.16.0.45.1299:  udp 91
 406: 05:13:43.192998 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 407: 05:13:43.201756 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 408: 05:13:43.446296 172.16.0.3 > 192.168.0.201: icmp: echo request
 409: 05:13:43.446784 192.168.0.201 > 172.16.0.3: icmp: echo reply
 410: 05:13:43.645947 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 411: 05:13:43.648632 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 412: 05:13:43.677241 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 413: 05:13:43.989603 192.168.0.29.3684 > 172.16.0.45.1299:  udp 32
 414: 05:13:43.989633 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 415: 05:13:43.995676 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 416: 05:13:44.193028 192.168.0.29.3684 > 172.16.0.45.1299:  udp 83
 417: 05:13:44.193044 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 418: 05:13:44.198567 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 419: 05:13:44.444389 172.16.0.3 > 192.168.0.201: icmp: echo request
 420: 05:13:44.444801 192.168.0.201 > 172.16.0.3: icmp: echo reply
 421: 05:13:44.520984 192.168.0.29.3684 > 172.16.0.45.1299:  udp 42
 422: 05:13:44.521091 192.168.0.29.3684 > 172.16.0.45.1299:  udp 43
 423: 05:13:44.521243 192.168.0.29.3684 > 172.16.0.45.1299:  udp 34
 424: 05:13:44.527087 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 425: 05:13:44.623563 192.168.0.29.3684 > 172.16.0.45.1299:  udp 38
 426: 05:13:44.655514 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 427: 05:13:44.655849 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 428: 05:13:44.656032 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 429: 05:13:44.656353 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 430: 05:13:44.656475 192.168.0.29.3684 > 172.16.0.45.1299:  udp 551
 431: 05:13:44.661373 192.168.0.29.3684 > 172.16.0.45.1299:  udp 38
 432: 05:13:44.662349 172.16.0.45.1299 > 192.168.0.29.3684:  udp 16
 433: 05:13:44.662715 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 434: 05:13:44.663051 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 435: 05:13:44.692713 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 436: 05:13:45.188405 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 437: 05:13:45.209049 192.168.0.29.3684 > 172.16.0.45.1299:  udp 97
 438: 05:13:45.209110 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 439: 05:13:45.214039 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 440: 05:13:45.254427 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 441: 05:13:45.288589 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 442: 05:13:45.288803 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 443: 05:13:45.288910 192.168.0.29.3684 > 172.16.0.45.1299:  udp 93
 444: 05:13:45.296585 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 445: 05:13:45.370082 192.168.0.29.3684 > 172.16.0.45.1299:  udp 116
 446: 05:13:45.372920 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 447: 05:13:45.373058 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 448: 05:13:45.373134 192.168.0.29.3684 > 172.16.0.45.1299:  udp 121
 449: 05:13:45.378291 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 450: 05:13:45.440742 172.16.0.3 > 192.168.0.201: icmp: echo request
 451: 05:13:45.441154 192.168.0.201 > 172.16.0.3: icmp: echo reply
 452: 05:13:45.458426 192.168.0.29.3684 > 172.16.0.45.1299:  udp 87
 453: 05:13:45.459036 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1159
 454: 05:13:45.459067 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 455: 05:13:45.466284 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 456: 05:13:45.513157 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 457: 05:13:45.559968 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 458: 05:13:45.607161 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 459: 05:13:45.629011 192.168.0.29.3684 > 172.16.0.45.1299:  udp 70
 460: 05:13:45.629346 192.168.0.29.3684 > 172.16.0.45.1299:  udp 281
 461: 05:13:45.629438 192.168.0.29.3684 > 172.16.0.45.1299:  udp 88
 462: 05:13:45.629728 192.168.0.29.3684 > 172.16.0.45.1299:  udp 406
 463: 05:13:45.629743 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 464: 05:13:45.636487 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 465: 05:13:45.693048 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 466: 05:13:45.701654 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 467: 05:13:45.702234 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 468: 05:13:45.724327 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 469: 05:13:45.748694 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 470: 05:13:45.794224 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 471: 05:13:45.841631 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 472: 05:13:45.891723 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 473: 05:13:45.961879 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 474: 05:13:46.036344 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 475: 05:13:46.125008 192.168.0.29.3684 > 172.16.0.45.1299:  udp 68
 476: 05:13:46.128304 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 477: 05:13:46.181387 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 478: 05:13:46.219791 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 479: 05:13:46.245592 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 480: 05:13:46.245821 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 481: 05:13:46.246004 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 482: 05:13:46.246309 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 483: 05:13:46.246691 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 484: 05:13:46.247011 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 485: 05:13:46.247347 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 486: 05:13:46.247622 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1158
 487: 05:13:46.252199 172.16.0.45.1299 > 192.168.0.29.3684:  udp 16
 488: 05:13:46.262803 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 489: 05:13:46.264604 172.16.0.45.1299 > 192.168.0.29.3684:  udp 36
 490: 05:13:46.310424 172.16.0.45.1299 > 192.168.0.29.3684:  udp 39
 491: 05:13:46.312544 192.168.0.29.3684 > 172.16.0.45.1299:  udp 96
 492: 05:13:46.312850 192.168.0.29.3684 > 172.16.0.45.1299:  udp 560
 493: 05:13:46.312865 192.168.0.29.3684 > 172.16.0.45.1299:  udp 36
 494: 05:13:46.315916 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 495: 05:13:46.358929 172.16.0.45.1299 > 192.168.0.29.3684:  udp 36
 496: 05:13:46.404565 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 497: 05:13:46.409768 192.168.0.29.3684 > 172.16.0.45.1299:  udp 60
 498: 05:13:46.410028 192.168.0.29.3684 > 172.16.0.45.1299:  udp 447
 499: 05:13:46.410058 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 500: 05:13:46.415719 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 501: 05:13:46.455039 172.16.0.3 > 192.168.0.201: icmp: echo request
 502: 05:13:46.455451 192.168.0.201 > 172.16.0.3: icmp: echo reply
 503: 05:13:46.490941 192.168.0.29.3684 > 172.16.0.45.1299:  udp 55
 504: 05:13:46.491292 192.168.0.29.3684 > 172.16.0.45.1299:  udp 316
 505: 05:13:46.491307 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 506: 05:13:46.497685 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 507: 05:13:46.597060 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 508: 05:13:46.638059 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 509: 05:13:46.687937 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 510: 05:13:46.732200 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 511: 05:13:46.772619 192.168.0.29.3684 > 172.16.0.45.1299:  udp 202
 512: 05:13:46.772649 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 513: 05:13:46.779103 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 514: 05:13:46.779256 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 515: 05:13:46.802998 192.168.0.29.3684 > 172.16.0.45.1299:  udp 37
 516: 05:13:46.829501 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 517: 05:13:46.865006 192.168.0.29.3684 > 172.16.0.45.1299:  udp 119
 518: 05:13:46.872437 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 519: 05:13:46.919798 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 520: 05:13:46.966395 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 521: 05:13:46.994928 192.168.0.29.3684 > 172.16.0.45.1299:  udp 65
 522: 05:13:46.994974 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 523: 05:13:47.001403 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 524: 05:13:47.017958 172.16.0.45.1299 > 192.168.0.29.3684:  udp 38
 525: 05:13:47.099405 192.168.0.29.3684 > 172.16.0.45.1299:  udp 87
 526: 05:13:47.099588 192.168.0.29.3684 > 172.16.0.45.1299:  udp 202
 527: 05:13:47.099619 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 528: 05:13:47.109872 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 529: 05:13:47.230365 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 530: 05:13:47.287781 172.16.0.45.1299 > 192.168.0.29.3684:  udp 32
 531: 05:13:47.303237 192.168.0.29.3684 > 172.16.0.45.1299:  udp 98
 532: 05:13:47.303313 192.168.0.29.3684 > 172.16.0.45.1299:  udp 61
 533: 05:13:47.303496 192.168.0.29.3684 > 172.16.0.45.1299:  udp 189
 534: 05:13:47.303512 192.168.0.29.3684 > 172.16.0.45.1299:  udp 35
 535: 05:13:47.308943 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 536: 05:13:47.329542 172.16.0.45.1299 > 192.168.0.29.3684:  udp 35
 537: 05:13:47.376185 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 538: 05:13:47.381907 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 539: 05:13:47.382136 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 540: 05:13:47.382273 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 541: 05:13:47.382609 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 542: 05:13:47.382640 192.168.0.29.3684 > 172.16.0.45.1299:  udp 318
 543: 05:13:47.390009 172.16.0.45.1299 > 192.168.0.29.3684:  udp 34
 544: 05:13:47.418450 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 545: 05:13:47.453147 172.16.0.3 > 192.168.0.201: icmp: echo request
 546: 05:13:47.453574 192.168.0.201 > 172.16.0.3: icmp: echo reply
 547: 05:13:47.464621 172.16.0.45.1299 > 192.168.0.29.3684:  udp 37
 548: 05:13:47.484517 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 549: 05:13:47.484792 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 550: 05:13:47.485112 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 551: 05:13:47.485433 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 552: 05:13:47.485753 192.168.0.29.3684 > 172.16.0.45.1299:  udp 1270
 553: 05:13:47.485814 192.168.0.29.3684 > 172.16.0.45.1299:  udp 96
553 packets shown
ciscoasa(config)# $

Open in new window

0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37001038
Well, as far as I can see on them partial logs (there ought to be /two/ outputs from both ASAs) the pings are getting through and are answered ...
0
 

Author Comment

by:nasemabdullaa
ID: 37001108
Hello

Thank you so much for all your help and support and for your time you are great and amazing. you spend long time with me to solve this issue if I can give you more than 500 point I will do

Thanks again and have a nice day

Kindest Regards
Nasem


0
 

Author Closing Comment

by:nasemabdullaa
ID: 37001125
Thank you so much for your help
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37001169
I would recommend you get some local service provider who has some decent knowledge of Cisco/ASA take a good look at you setup to ensure you're services and servers are actually protected from any threats ... it may be working for now, but there are no access rules etc. configured ... at the moment, the only thing working as far as protection goes is the NAT, keeping inbound connections from getting anywhere on the inside ...
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month18 days, 12 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question