情况如下。一切正常,但我无法从 ESXI 服务器或其虚拟机获取数据流,我希望它们使用路由器后面的公共地址。
裸机 Proliant ml150 gen9 系统单元上的 Vmware ESXI 虚拟机管理程序。
NIC Static IP: 72.xxx.xxx.112
Gateway:72.xxx.xxx.1
Guest VM1 IP: 72.xxx.xxx.111
Guest VM2 IP: 72.xxx.xxx.110
Guest VM3 IP: 72.xxx.xxx.108
思科 ASA5506-X 路由器,接口 1 上有 1 个外部连接,该路由器为除此 esxi 服务器之外的所有设备提供服务。
Interface1: outside,DSL IP 72.xxx.xxx.109 SUB 255.255.255.128 GATE 72.xxx.xxx.1
Interface2: Inside, network - Cisco SG300-10 Managed Switch for Workstation, Printer, Soon w/ VOIP.
Interface3: wifi, bridge - Laptops, Tablets,Cell Browsers, TV, Echo / Alexa.
Interface4:Disabled
Interface5:Disabled
Interface6:Disabled
Interface7:server-dmz2 - The Secondary NIC on the ESXI Server - When Both enabled = Fault Tolerant, Outgoing Load Balanced.
Interface8:server-dmz - The Primary NIC on the ESXI Server -
以下是路由器的一些配置输出命令的结果:show interface
Interface GigabitEthernet1/1 "outside", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address xxxx.xxxx.xxxx, MTU 1500
IP address 72.xxx.xxx.109, subnet mask 255.255.255.128
42446874 packets input, 6101930958 bytes, 37825750 no buffer
Received 6026 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
2426487 packets output, 7652518715443 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (924/862)
output queue (blocks free curr/low): hardware (1023/948)
Traffic Statistics for "outside":
4621128 packets input, 6018070964 bytes
2426487 packets output, 224976920 bytes
23171 packets dropped
1 minute input rate 1 pkts/sec, 228 bytes/sec
1 minute output rate 1 pkts/sec, 459 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 4 pkts/sec, 1449 bytes/sec
5 minute output rate 4 pkts/sec, 686 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet1/2 "inside", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address xxxx.xxxx.xxxx, MTU 1500
IP address 10.10.10.3, subnet mask 255.255.255.0
4079498 packets input, 332114060 bytes, 1396 no buffer
Received 3470688 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
725392 packets output, 14586382412068 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (915/875)
output queue (blocks free curr/low): hardware (1023/977)
Traffic Statistics for "inside":
4077061 packets input, 256389121 bytes
725392 packets output, 610148343 bytes
108164 packets dropped
1 minute input rate 31 pkts/sec, 1601 bytes/sec
1 minute output rate 2 pkts/sec, 1464 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 35 pkts/sec, 2196 bytes/sec
5 minute output rate 9 pkts/sec, 3091 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet1/3 "wifi", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address xxxx.xxxx.xxxx, MTU 1500
IP address 10.10.11.2, subnet mask 255.255.255.0
2106732 packets input, 187046703 bytes, 8478 no buffer
Received 7287 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
4048977 packets output, 178622247365600 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (984/863)
output queue (blocks free curr/low): hardware (1023/984)
Traffic Statistics for "wifi":
2098209 packets input, 148734685 bytes
4048977 packets output, 5512267580 bytes
62873 packets dropped
1 minute input rate 1 pkts/sec, 380 bytes/sec
1 minute output rate 1 pkts/sec, 200 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 108 bytes/sec
5 minute output rate 0 pkts/sec, 70 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet1/4 "", is administratively down, line protocol is down
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address xxxx.xxxx.xxxx, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (1023/1023)
output queue (blocks free curr/low): hardware (1023/1023)
Interface GigabitEthernet1/5 "", is administratively down, line protocol is down
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address xxxx.xxxx.xxxx, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (1023/1023)
output queue (blocks free curr/low): hardware (1023/1023)
Interface GigabitEthernet1/6 "", is administratively down, line protocol is down
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address xxxx.xxxx.xxxx, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (1023/1023)
output queue (blocks free curr/low): hardware (1023/1023)
Interface GigabitEthernet1/7 "server-dmz-2", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address xxxx.xxxx.xxxx, MTU 1500
IP address 10.10.7.1, subnet mask 255.255.255.252
314 packets input, 6656 bytes, 210 no buffer
Received 103 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
1 packets output, 669248 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (919/919)
output queue (blocks free curr/low): hardware (1023/1022)
Traffic Statistics for "server-dmz-2":
103 packets input, 4732 bytes
1 packets output, 28 bytes
51 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet1/8 "server-dmz", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address xxxx.xxxx.xxxx, MTU 1500
IP address 10.10.12.1, subnet mask 255.255.255.248
521534 packets input, 85504 bytes, 520198 no buffer
Received 1321 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
1 packets output, 1732928 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (968/894)
output queue (blocks free curr/low): hardware (1023/1022)
Traffic Statistics for "server-dmz":
1319 packets input, 60596 bytes
1 packets output, 28 bytes
237 packets dropped
1 minute input rate 0 pkts/sec, 32 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 9 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Management1/1 "asa1manager", is up, line protocol is up
Hardware is en_vtun rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address xxxx.xxxx.xxxx, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
3471177 packets input, 208610041 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
48 packets output, 2558 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Traffic Statistics for "asa1manager":
3471177 packets input, 160013563 bytes
48 packets output, 1886 bytes
5968 packets dropped
1 minute input rate 28 pkts/sec, 1312 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 28 pkts/sec, 1304 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets
命令结果:“show xlate”
28 in use, 228 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net
NAT from inside:0.0.0.0/0 to outside:0.0.0.0/0
flags sIT idle 12:09:09 timeout 0:00:00
NAT from outside:10.10.13.0/24 to inside:10.10.13.0/24
flags sIT idle 12:09:09 timeout 0:00:00
NAT from inside:0.0.0.0/0 to inside:0.0.0.0/0
flags sIT idle 12:09:09 timeout 0:00:00
NAT from inside:10.10.13.0/24 to inside:10.10.13.0/24
flags sIT idle 12:09:09 timeout 0:00:00
NAT from outside:0.0.0.0/0 to any:0.0.0.0/0
flags sIT idle 11:00:25 timeout 0:00:00
UDP PAT from any:10.10.11.55/33479 to outside:72.xxx.xxx.109/33479 flags ri idle 0:01:23 timeout 0:00:30
UDP PAT from any:10.10.11.55/38950 to outside:72.xxx.xxx.109/38950 flags ri idle 0:01:28 timeout 0:00:30
TCP PAT from any:10.10.11.55/52200 to outside:72.xxx.xxx.109/52200 flags ri idle 1:12:38 timeout 0:00:30
UDP PAT from any:10.10.11.55/47619 to outside:72.xxx.xxx.109/47619 flags ri idle 17:39:20 timeout 0:00:30
TCP PAT from any:10.10.11.54/57218 to outside:72.xxx.xxx.109/57218 flags ri idle 17:39:28 timeout 0:00:30
TCP PAT from any:10.10.11.56/44146 to outside:72.xxx.xxx.109/44146 flags ri idle 0:00:15 timeout 0:00:30
TCP PAT from any:10.10.11.56/44145 to outside:72.xxx.xxx.109/44145 flags ri idle 0:00:15 timeout 0:00:30
TCP PAT from any:10.10.11.56/36256 to outside:72.xxx.xxx.109/36256 flags ri idle 0:03:05 timeout 0:00:30
TCP PAT from any:10.10.11.56/48011 to outside:72.xxx.xxx.109/48011 flags ri idle 17:39:01 timeout 0:00:30
TCP PAT from any:10.10.11.51/45079 to outside:72.xxx.xxx.109/45079 flags ri idle 0:04:36 timeout 0:00:30
TCP PAT from any:10.10.11.51/37669 to outside:72.xxx.xxx.109/37669 flags ri idle 0:09:37 timeout 0:00:30
TCP PAT from any:10.10.11.52/57376 to outside:72.xxx.xxx.109/57376 flags ri idle 0:51:43 timeout 0:00:30
TCP PAT from any:10.10.11.52/58383 to outside:72.xxx.xxx.109/58383 flags ri idle 17:36:54 timeout 0:00:30
TCP PAT from any:10.10.10.51/8263 to outside:72.xxx.xxx.109/8263 flags ri idle 0:00:00 timeout 0:00:30
TCP PAT from any:10.10.10.51/8261 to outside:72.xxx.xxx.109/8261 flags ri idle 0:00:09 timeout 0:00:30
TCP PAT from any:10.10.10.51/8260 to outside:72.xxx.xxx.109/8260 flags ri idle 0:00:18 timeout 0:00:30
TCP PAT from any:10.10.10.51/8222 to outside:72.xxx.xxx.109/8222 flags ri idle 0:03:42 timeout 0:00:30
TCP PAT from any:10.10.10.51/8208 to outside:72.xxx.xxx.109/8208 flags ri idle 0:04:08 timeout 0:00:30
TCP PAT from any:10.10.10.51/8189 to outside:72.xxx.xxx.109/8189 flags ri idle 0:05:43 timeout 0:00:30
TCP PAT from any:10.10.10.51/7248 to outside:72.xxx.xxx.109/7248 flags ri idle 0:56:16 timeout 0:00:30
TCP PAT from any:10.10.10.51/7244 to outside:72.xxx.xxx.109/7244 flags ri idle 0:56:17 timeout 0:00:30
TCP PAT from any:10.10.10.51/7231 to outside:72.xxx.xxx.109/7231 flags ri idle 0:56:21 timeout 0:00:30
TCP PAT from any:10.10.10.51/7111 to outside:72.xxx.xxx.109/7111 flags ri idle 0:56:45 timeout 0:00:30
命令结果:show tech-support
Frame drop:
Invalid encapsulation (invalid-encap) 45
No route to host (no-route) 51
Reverse-path verify failed (rpf-violated) 2989
Flow is denied by configured rule (acl-drop) 52033
First TCP packet not SYN (tcp-not-syn) 2887
Bad TCP flags (bad-tcp-flags) 4
TCP failed 3 way handshake (tcp-3whs-failed) 14
TCP RST/FIN out of order (tcp-rstfin-ooo) 3533
TCP SYNACK on established conn (tcp-synack-ooo) 18
TCP packet SEQ past window (tcp-seq-past-win) 14
TCP RST/SYN in window (tcp-rst-syn-in-win) 1
TCP packet failed PAWS test (tcp-paws-fail) 2
Slowpath security checks failed (sp-security-failed) 9070
ICMP Inspect seq num not matched (inspect-icmp-seq-num-not-matched) 3
DNS Inspect invalid packet (inspect-dns-invalid-pak) 4
DNS Inspect invalid domain label (inspect-dns-invalid-domain-label) 4
DNS Inspect packet too long (inspect-dns-pak-too-long) 5
DNS Inspect id not matched (inspect-dns-id-not-matched) 615
FP L2 rule drop (l2_acl) 129502
Interface is down (interface-down) 27
Dropped pending packets in a closed socket (np-socket-closed) 87
NAT failed (nat-xlate-failed) 6
Last clearing: Never
Flow drop:
NAT reverse path failed (nat-rpf-failed) 144
Inspection failure (inspect-fail) 1350
SSL bad record detected (ssl-bad-record-detect) 2
SSL handshake failed (ssl-handshake-failed) 4
Last clearing: Never
------------------ show service-policy ------------------
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 37318, lock fail 0, drop 628, reset-drop 0, v6-fail-close 0
message-length maximum client auto, drop 0
message-length maximum 512, drop 0
dns-guard, count 17223
protocol-enforcement, drop 4
nat-rewrite, count 0
Inspect: ftp, packet 2, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: h323 h225 _default_h323_map, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
h245-tunnel-block drops 0 connection
Inspect: h323 ras _default_h323_map, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
h245-tunnel-block drops 0 connection
Inspect: rsh, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: rtsp, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: esmtp _default_esmtp_map, packet 1449, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
mask-banner, count 1
match cmd line length gt 512
drop-connection log, packet 0
match cmd RCPT count gt 100
drop-connection log, packet 0
match body line length gt 998
log, packet 0
match header line length gt 998
drop-connection log, packet 0
match sender-address length gt 320
drop-connection log, packet 0
match MIME filename length gt 255
drop-connection log, packet 0
match ehlo-reply-parameter others
mask, packet 0
Inspect: sqlnet, packet 7, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: skinny , packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: sunrpc, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: xdmcp, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: sip , packet 93, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
tcp-proxy: bytes in buffer 0, bytes dropped 0
Inspect: netbios, packet 8, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: tftp, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
Inspect: ip-options _default_ip_options_map, packet 0, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
Router Alert: allow 0, clear 0
Class-map: class-default
Default Queueing Packet recieved 0, sent 0, attack 0
SFR: card status Up, mode fail-open monitor-only
packet input 0, packet output 6947513, drop 0, reset-drop 0
Interface outside:
Service-policy: outside-policy-srb
Class-map: outside-class-srb1
SFR: card status Up, mode fail-open monitor-only
packet input 0, packet output 6639, drop 0, reset-drop 0
------------------ show capture ------------------
------------------ show history ------------------
------------------ show firewall ------------------
Firewall mode: Router
------------------ show running-config ------------------
: Saved
:
: Serial Number: JAD191100PJ
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.3(2)2
!
hostname asa1
enable password <removed>
names
dns-guard
ip local pool RHQSalesVPN 10.10.13.100-10.10.13.150 mask 255.255.255.0
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 72.xxx.xxx.109 255.255.255.128
!
interface GigabitEthernet1/2
nameif inside
security-level 95
ip address 10.10.10.3 255.255.255.0
!
interface GigabitEthernet1/3
nameif wifi
security-level 95
ip address 10.10.11.2 255.255.255.0
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
nameif server-dmz-2
security-level 95
ip address 10.10.7.1 255.255.255.252
!
interface GigabitEthernet1/8
nameif server-dmz
security-level 95
ip address 10.10.12.1 255.255.255.248
!
interface Management1/1
management-only
nameif asa1manager
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
clock timezone HST -10
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup server-dmz
dns domain-lookup asa1manager
dns server-group DefaultDNS
name-server 72.xxx.80.4
name-server 72.xxx.80.12
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network NETWORK_OBJ_10.10.13.0_24
subnet 10.10.13.0 255.255.255.0
object network IP-OBJ-72xxxxxx108
host 72.xxx.xxx.108
object network IP-OBJ-72xxxxxx110
host 72.xxx.xxx.110
object network IP-OBJ-72xxxxxx111
host 72.xxx.xxx.111
object network IP-OBJ-72xxxxxx112
host 72.xxx.xxx.112
object network IP-OBJ-72xxxxxx24
host 72.xxx.xxx.24
object network IP-OBJ-72xxxxxx25
host 72.xxx.xxx.25
object network IP-OBJ-72xxxxxx26
host 72.xxx.xxx.26
object network IP-OBJ-72xxxxxx27
host 72.xxx.xxx.27
object network IP-OBJ-72xxxxxx28
host 72.xxx.xxx.28
object network IP-OBJ-72xxxxxx29
host 72.xxx.xxx.29
object network IP-OBJ-72xxxxxx30
host 72.xxx.xxx.30
object network IP-OBJ-72xxxxxx31
host 72.xxx.xxx.31
object network server-interface-nat
host 10.10.12.1
object-group network DM_INLINE_NETWORK_1
object-group network inside-networks-group
network-object 10.10.10.0 255.255.255.0
network-object 10.10.11.0 255.255.255.0
network-object 10.10.12.0 255.255.255.0
network-object 10.10.7.0 255.255.255.248
object-group network IP-GROUP-HTEL
network-object object IP-OBJ-72xxxxxx108
network-object object IP-OBJ-72xxxxxx110
network-object object IP-OBJ-72xxxxxx111
network-object object IP-OBJ-72xxxxxx112
network-object object IP-OBJ-72xxxxxx24
network-object object IP-OBJ-72xxxxxx25
network-object object IP-OBJ-72xxxxxx26
network-object object IP-OBJ-72xxxxxx27
network-object object IP-OBJ-72xxxxxx28
network-object object IP-OBJ-72xxxxxx29
network-object object IP-OBJ-72xxxxxx30
network-object object IP-OBJ-72xxxxxx31
object-group network IP-SERVERS-GROUP
network-object object IP-OBJ-72xxxxxx108
network-object object IP-OBJ-72xxxxxx110
network-object object IP-OBJ-72xxxxxx111
network-object object IP-OBJ-72xxxxxx112
access-list outside_access_in extended permit ip any object-group IP-SERVERS-GROUP
access-list rainbowtunnel_splitTunnelAcl standard permit any4
access-list server-dmz_access_in extended permit ip any object-group IP-SERVERS-GROUP
access-list Server-NIC2_access_in extended permit ip interface outside interface inside
pager lines 24
logging enable
logging asdm warnings
no logging message 418001
no logging message 419002
mtu outside 1500
mtu inside 1500
mtu wifi 1500
mtu server-dmz 1500
mtu asa1manager 1500
mtu server-dmz-2 1500
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip verify reverse-path interface wifi
ip verify reverse-path interface server-dmz
ip verify reverse-path interface asa1manager
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.13.0_24 NETWORK_OBJ_10.10.13.0_24 no-proxy-arp route-lookup
nat (inside,inside) source static any any destination static NETWORK_OBJ_10.10.13.0_24 NETWORK_OBJ_10.10.13.0_24 no-proxy-arp route-lookup
nat (any,outside) source dynamic inside-networks-group interface
access-group outside_access_in in interface outside
access-group server-dmz_access_in in interface server-dmz
access-group Server-NIC2_access_in in interface server-dmz-2
route outside 0.0.0.0 0.0.0.0 72.xxx.xxx.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 192.168.1.0 255.255.255.0 asa1manager
http 0.0.0.0 0.0.0.0 wifi
no snmp-server location
no snmp-server contact
auth-prompt prompt Dare Enter??
auth-prompt accept Blessed
auth-prompt reject Cast Out
Message #309 :
INFO: Power-On Self-Test in process.
Message #310 : .Message #311 : .Message #312 : .Message #313 : .Message #314 : .Message #315 : .Message #316 : .Message #317 : .Message #318 : .Message #319 : .Message #320 : .Message #321 : .Message #322 : .Message #323 : .Message #324 : .Message #325 : .Message #326 : .Message #327 : .Message #328 : .Message #329 : .Message #330 : .Message #331 : .Message #332 : .Message #333 : .Message #334 : .Message #335 : .Message #336 : .Message #337 : .Message #338 : .Message #339 : .Message #340 : .Message #341 : .Message #342 : .Message #343 : .Message #344 : .Message #345 : .Message #346 : .Message #347 : .Message #348 : .Message #349 : .Message #350 : .Message #351 : .Message #352 : .Message #353 : .Message #354 : .Message #355 : .Message #356 : .Message #357 : .Message #358 : .Message #359 : .Message #360 : .Message #361 : .Message #362 : .Message #363 : .Message #364 : .Message #365 : .Message #366 : .Message #367 : .Message #368 : .Message #369 : .Message #370 : .Message #371 : .Message #372 : .Message #373 : .Message #374 : .Message #375 : .Message #376 : .Message #377 : .Message #378 : .Message #379 : .Message #380 : .Message #381 :
INFO: Power-On Self-Test complete.
Message #382 :
INFO: Starting HW-DRBG health test...Message #383 :
INFO: HW-DRBG health test passed.
Message #384 :
INFO: Starting SW-DRBG health test...Message #385 :
INFO: SW-DRBG health test passed.