BandaAncha.eu

Comunidad de usuarios
de fibra, móvil y ADSL

Problema de trafico ASA de Cisco

Mercury-24

hola soy nuevo en este foro, y nuevo en configuracion de ASA de Cisco tengo un problema necesito darle paso a una maquina de mi LAN para que pueda ver un IP publico, tengo configurado el ASA para que de accesso a internet por medio de un access-list, la cosa es que cuando le doy accesso a internet a esta maquina ve el ip publico bien da ping y todo pero cuando le quito el internet o el access-list no ve el ip publico. la maquina tiene el ip 192.168.10.5 y el ip publico es 201.225.228.x. como puedo hacer para que el ASA pueda ver el ip publico sin necesidad de darle accesso a internet. este es mi configuracion ayudenme porfavor ya estoy algo traumado....Gracias

******ADVERTENCIA******

User Access Verification

Username: xxxxxxxxxxx
Password: xxxxxxxxxxx
Type help or '?' for a list of available commands.
ASA-24> en
Password: xxxxxxxxxxx
ASA-24# show run
: Saved
:
ASA Version 8.0(3)
!
terminal width 100
hostname ASA-24
domain-name xxxxxxxxxx.com.ac.pa
enable password zkUtmJaXcAxDa.FP encrypted
names
name 172.17.1.0 RED-Interna-xxxxxxxMuerto
name 192.168.0.0 RED-Interna-xxxxxxxx
name 192.168.1.0 RED-Interna-xxxxxxxx
name 192.168.2.0 RED-Interna-xxxxxxx
name 192.168.13.0 RED-Interna-xxxxxxx
name 192.168.3.0 RED-Interna-xxxxxxx
name 192.169.8.0 RED-Interna-xxxxxxxx
name 192.168.17.0 RED-Interna-Pcruceros
name 192.168.16.0 RED-Interna-Emalek
name 192.168.11.0 RED-Interna-xxxxxxxx
name 192.168.12.0 RED-Interna-xxxxxxxx
name 192.168.4.0 RED-Interna-xxxxxxxx
name 192.168.5.0 RED-Interna-xxxxxxxx
name 192.168.14.0 RED-Interna-xxxxxxx
name 192.168.100.0 RED-Interna-xxxxxx
name 192.168.15.0 RED-Interna-xxxxxxx
!
interface Ethernet0/0
description ***ENLACE WAN HACIA TELECARRIER - SWITCH INTEGRADOR***
nameif OUTSIDE
security-level 0
ip address 200.46.xx.xx 255.255.255.192
ospf cost 10
!
interface Ethernet0/1
description +++++INETERFACE LAN+++++RED LIBRE+++++
nameif INSIDE
security-level 100
ip address 192.168.10.9 255.255.255.0
ospf cost 10
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ospf cost 10
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
regex urllist1 ".*\.([Cc][Oo][Mm]) HTTPS/1.[01]"
regex domainlist10 "\.rpctv\.com"
regex domainlist20 "\.fifa\.com"
regex domainlist11 "\.rojadirecta\.org"
regex domainlist21 "\.telemetro\.com"
regex domainlist12 "\.youtube\.com"
regex domainlist22 "\.justin\.tv"
regex domainlist13 "\.google\.com"
regex domainlist23 "\.facebook\.com"
regex domainlist14 "\.rojadirecta\.com"
regex domainlist15 "\.yahoo\.com"
regex domainlist16 "\.mercafutbol\.com"
regex domainlist17 "\.megavideo\.com"
regex domainlist18 "\.sport\.es"
regex domainlist19 "\.tvn-2\.com"
regex domainlist1 "\.messengerfx\.com"
regex domainlist2 "\.iloveim\.com"
regex domainlist3 "\.ebuddy\.com"
regex domainlist4 "\.hi5\.com"
regex domainlist5 "\.meebo\.com"
regex domainlist6 "\.sonico\.com"
regex domainlist7 "\.plena507\.com"
regex domainlist8 "\.reggae\.com"
regex domainlist9 "\.tvmax-9\.com"
banner login ******ADVERTENCIA******
banner motd #------------------------------------------------------------#
banner motd # SOLO PERSONAL AUTORIZADO #
banner motd # SERVICIO NACIONAL DE MIGRACION #
banner motd #----------------------------------------------------------- #
boot system disk0:/asa803-k8.bin
ftp mode passive
dns domain-lookup OUTSIDE
dns domain-lookup INSIDE
dns server-group 192.168.10.1
dns server-group DefaultDNS
domain-name migracion.com.ac.pa
dns server-group data
object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq www
port-object eq pop3
port-object eq smtp
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq www
port-object eq pop3
port-object eq smtp
object-group network Acceso-Intenet-Total
description Todos los equipos pueden navegar sin restricciones, todos los servicios estan permitidos
network-object host 172.17.1.107
network-object host 172.17.1.108
network-object host 172.17.1.110
network-object host 172.17.1.31
network-object host 172.17.1.33
network-object host 172.17.1.34
network-object host 172.17.1.35
network-object host 172.17.1.36
network-object host 172.17.1.38
network-object host 172.17.1.46
network-object host 172.17.1.47
network-object host 172.17.1.49
network-object host 172.17.1.51
network-object host 172.17.1.52
network-object host 172.17.1.54
network-object host 172.17.1.56
network-object host 172.17.1.58
network-object host 172.17.1.64
network-object host 172.17.1.71
network-object host 172.17.1.72
network-object host 172.17.1.79
network-object host 172.17.1.80
network-object host 172.17.1.82
network-object host 172.17.1.84
network-object host 172.17.1.85
network-object host 172.17.1.86
network-object host 172.17.1.89
network-object host 172.17.1.91
network-object host 172.17.1.92
network-object host 172.17.1.93
network-object host 172.17.1.94
network-object host 172.17.1.96
network-object host 172.17.1.97
network-object host 172.17.1.99
network-object host 192.168.0.113
network-object host 192.168.0.2
network-object host 192.168.0.42
network-object host 192.168.0.50
network-object host 192.168.0.58
network-object host 192.168.0.69
network-object host 192.168.0.76
network-object host 192.168.1.15
network-object host 192.168.1.61
network-object host 192.168.10.101
network-object host 192.168.10.104
network-object host 192.168.10.105
network-object host 192.168.10.106
network-object host 192.168.10.109
network-object host 192.168.10.10
network-object host 192.168.10.112
network-object host 192.168.10.114
network-object host 192.168.10.116
network-object host 192.168.10.117
network-object host 192.168.10.118
network-object host 192.168.10.11
network-object host 192.168.10.120
network-object host 192.168.10.121
network-object host 192.168.10.123
network-object host 192.168.10.125
network-object host 192.168.10.126
network-object host 192.168.10.131
network-object host 192.168.10.136
network-object host 192.168.10.137
network-object host 192.168.10.138
network-object host 192.168.10.139
network-object host 192.168.10.140
network-object host 192.168.10.142
network-object host 192.168.10.144
network-object host 192.168.10.14
network-object host 192.168.10.150
network-object host 192.168.10.151
network-object host 192.168.10.152
network-object host 192.168.10.153
network-object host 192.168.10.156
network-object host 192.168.10.162
network-object host 192.168.10.163
network-object host 192.168.10.166
network-object host 192.168.10.167
network-object host 192.168.10.168
network-object host 192.168.10.169
network-object host 192.168.10.16
network-object host 192.168.10.172
network-object host 192.168.10.173
network-object host 192.168.10.174
network-object host 192.168.10.178
network-object host 192.168.10.181
network-object host 192.168.10.182
network-object host 192.168.10.187
network-object host 192.168.10.188
network-object host 192.168.10.190
network-object host 192.168.10.191
network-object host 192.168.10.193
network-object host 192.168.10.196
network-object host 192.168.10.197
network-object host 192.168.10.198
network-object host 192.168.10.199
network-object host 192.168.10.1
network-object host 192.168.10.201
network-object host 192.168.10.203
network-object host 192.168.10.204
network-object host 192.168.10.206
network-object host 192.168.10.208
network-object host 192.168.10.209
network-object host 192.168.10.211
network-object host 192.168.10.212
network-object host 192.168.10.213
network-object host 192.168.10.214
network-object host 192.168.10.215
network-object host 192.168.10.216
network-object host 192.168.10.217
network-object host 192.168.10.222
network-object host 192.168.10.223
network-object host 192.168.10.225
network-object host 192.168.10.229
network-object host 192.168.10.22
network-object host 192.168.10.230
network-object host 192.168.10.231
network-object host 192.168.10.232
network-object host 192.168.10.236
network-object host 192.168.10.237
network-object host 192.168.10.238
network-object host 192.168.10.239
network-object host 192.168.10.240
network-object host 192.168.10.243
network-object host 192.168.10.244
network-object host 192.168.10.247
network-object host 192.168.10.249
network-object host 192.168.10.252
network-object host 192.168.10.28
network-object host 192.168.10.29
network-object host 192.168.10.2
network-object host 192.168.10.31
network-object host 192.168.10.33
network-object host 192.168.10.34
network-object host 192.168.10.36
network-object host 192.168.10.37
network-object host 192.168.10.40
network-object host 192.168.10.41
network-object host 192.168.10.42
network-object host 192.168.10.43
network-object host 192.168.10.44
network-object host 192.168.10.54
network-object host 192.168.10.57
network-object host 192.168.10.58
network-object host 192.168.10.59
network-object host 192.168.10.61
network-object host 192.168.10.62
network-object host 192.168.10.63
network-object host 192.168.10.64
network-object host 192.168.10.69
network-object host 192.168.10.70
network-object host 192.168.10.71
network-object host 192.168.10.72
network-object host 192.168.10.73
network-object host 192.168.10.75
network-object host 192.168.10.76
network-object host 192.168.10.77
network-object host 192.168.10.78
network-object host 192.168.10.7
network-object host 192.168.10.84
network-object host 192.168.10.85
network-object host 192.168.10.90
network-object host 192.168.10.92
network-object host 192.168.10.95
network-object host 192.168.10.96
network-object host 192.168.10.97
network-object host 192.168.10.98
network-object host 192.168.11.12
network-object host 192.168.11.32
network-object host 192.168.11.35
network-object host 192.168.13.2
network-object host 192.168.16.31
network-object host 192.168.17.31
network-object host 192.168.17.32
network-object host 192.168.17.33
network-object host 192.168.17.34
network-object host 192.168.2.51
network-object host 192.168.3.200
network-object host 192.168.3.32
network-object host 192.168.4.33
network-object host 192.168.5.114
network-object host 192.168.5.233
network-object host 192.168.5.31
network-object host 192.168.5.32
network-object host 192.169.8.31
network-object host 192.169.8.32
network-object host 192.169.8.33
network-object host 192.169.8.34
network-object host 192.168.10.245
network-object host 192.168.10.55
network-object host 192.168.10.23
network-object host 192.168.10.68
network-object host 192.168.10.119
network-object host 192.168.10.56
network-object host 192.168.10.148
network-object host 192.168.10.192
network-object host 172.17.1.66
network-object host 192.168.16.32
network-object host 192.168.100.19
network-object host 172.17.1.141
network-object host 192.168.10.4
network-object host 172.17.1.137
network-object host 192.168.14.5
network-object host 172.17.1.100
network-object host 172.17.1.127
network-object host 172.17.1.197
network-object host 172.17.1.151
network-object host 192.168.2.36
network-object host 192.168.10.122
network-object host 192.168.0.31
network-object host 192.168.2.38
network-object host 192.168.1.2
network-object host 192.168.10.87
network-object host 192.168.10.185
network-object host 172.17.1.132
network-object host 192.168.10.24
network-object host 192.168.2.44
network-object host 192.168.10.200
network-object host 192.168.10.103
network-object host 172.17.1.177
network-object host 172.17.1.140
network-object host 192.168.10.38
network-object host 172.17.1.55
network-object host 192.168.2.41
network-object host 172.17.1.157
network-object host 192.168.14.15
network-object host 192.168.10.127
network-object host 192.168.10.107
network-object host 192.168.10.99
network-object host 192.168.5.24
network-object host 192.168.100.140
network-object host 192.168.0.43
network-object host 192.168.0.44
network-object host 192.168.0.62
network-object host 192.168.0.74
network-object host 192.168.0.84
network-object host 192.168.0.81
network-object host 192.168.0.79
network-object host 192.168.0.85
network-object host 192.168.10.233
network-object host 172.17.1.114
network-object host 192.168.2.25
network-object host 172.17.1.249
network-object host 172.17.1.172
network-object host 192.168.2.37
network-object host 192.168.2.32
network-object host 192.168.2.33
network-object host 192.168.16.33
network-object host 192.168.2.30
network-object host 192.168.2.31
network-object host 192.168.10.128
network-object host 192.168.10.93
network-object host 192.168.10.254
network-object host 192.168.2.35
network-object host 192.168.2.34
network-object host 172.17.1.101
network-object host 192.168.10.180
network-object host 192.168.10.176
network-object host 192.168.10.81
network-object host 192.168.10.65
network-object host 192.168.10.3
network-object host 192.168.1.25
network-object host 192.168.1.33
network-object host 192.168.10.94
network-object host 192.168.10.5
network-object host 201.225.228.123
access-list INTERNET-OUT remark ***PERMITE SALIDA DE USUARIOS A INTERNET***
access-list INTERNET-OUT extended permit ip host 192.168.10.199 any
access-list INTERNET-OUT extended permit ip host 192.168.10.1 any
access-list INTERNET-OUT extended permit ip host 192.168.10.2 any
access-list INTERNET-OUT extended permit ip host 192.168.10.7 any
access-list INTERNET-OUT extended permit ip host 192.168.10.10 any
access-list INTERNET-OUT extended permit ip host 192.168.10.11 any
access-list INTERNET-OUT extended permit ip host 192.168.10.14 any
access-list INTERNET-OUT extended permit ip host 192.168.10.16 any
access-list INTERNET-OUT extended permit ip host 192.168.10.23 any
access-list INTERNET-OUT extended permit ip host 192.168.10.28 any
access-list INTERNET-OUT extended permit ip host 192.168.10.29 any
access-list INTERNET-OUT extended permit ip host 192.168.10.31 any
access-list INTERNET-OUT extended permit ip host 192.168.10.33 any
access-list INTERNET-OUT extended permit ip host 192.168.10.34 any
access-list INTERNET-OUT extended permit ip host 192.168.10.36 any
access-list INTERNET-OUT extended permit ip host 192.168.10.37 any
access-list INTERNET-OUT extended permit ip host 192.168.10.40 any
access-list INTERNET-OUT extended permit ip host 192.168.10.41 any
access-list INTERNET-OUT extended permit ip host 192.168.10.42 any
access-list INTERNET-OUT extended permit ip host 192.168.10.43 any
access-list INTERNET-OUT extended permit ip host 192.168.10.44 any
access-list INTERNET-OUT extended permit ip host 192.168.10.54 any
access-list INTERNET-OUT extended permit ip host 192.168.10.57 any
access-list INTERNET-OUT extended permit ip host 192.168.10.58 any
access-list INTERNET-OUT extended permit ip host 192.168.10.59 any
access-list INTERNET-OUT extended permit ip host 192.168.10.61 any
access-list INTERNET-OUT extended permit ip host 192.168.10.62 any
access-list INTERNET-OUT extended permit ip host 192.168.10.63 any
access-list INTERNET-OUT extended permit ip host 192.168.10.64 any
access-list INTERNET-OUT extended permit ip host 192.168.10.69 any
access-list INTERNET-OUT extended permit ip host 192.168.10.70 any
access-list INTERNET-OUT extended permit ip host 192.168.10.71 any
access-list INTERNET-OUT extended permit ip host 192.168.10.72 any
access-list INTERNET-OUT extended permit ip host 192.168.10.73 any
access-list INTERNET-OUT extended permit ip host 192.168.10.75 any
access-list INTERNET-OUT extended permit ip host 192.168.10.76 any
access-list INTERNET-OUT extended permit ip host 192.168.10.77 any
access-list INTERNET-OUT extended permit ip host 192.168.10.78 any
access-list INTERNET-OUT extended permit ip host 192.168.10.84 any
access-list INTERNET-OUT extended permit ip host 192.168.10.85 any
access-list INTERNET-OUT extended permit ip host 192.168.10.90 any
access-list INTERNET-OUT extended permit ip host 192.168.10.92 any
access-list INTERNET-OUT extended permit ip host 192.168.10.94 any
access-list INTERNET-OUT extended permit ip host 192.168.10.95 any
access-list INTERNET-OUT extended permit ip host 192.168.10.96 any
access-list INTERNET-OUT extended permit ip host 192.168.10.98 any
access-list INTERNET-OUT extended permit ip host 192.168.10.101 any
access-list INTERNET-OUT extended permit ip host 192.168.10.104 any
access-list INTERNET-OUT extended permit ip host 192.168.10.105 any
access-list INTERNET-OUT extended permit ip host 192.168.10.106 any
access-list INTERNET-OUT extended permit ip host 192.168.10.109 any
access-list INTERNET-OUT extended permit ip host 192.168.10.112 any
access-list INTERNET-OUT extended permit ip host 192.168.10.114 any
access-list INTERNET-OUT extended permit ip host 192.168.10.116 any
access-list INTERNET-OUT extended permit ip host 192.168.10.117 any
access-list INTERNET-OUT extended permit ip host 192.168.10.118 any
access-list INTERNET-OUT extended permit ip host 192.168.10.120 any
access-list INTERNET-OUT extended permit ip host 192.168.10.121 any
access-list INTERNET-OUT extended permit ip host 192.168.10.122 any
access-list INTERNET-OUT extended permit ip host 192.168.10.123 any
access-list INTERNET-OUT extended permit ip host 192.168.10.125 any
access-list INTERNET-OUT extended permit ip host 192.168.10.126 any
access-list INTERNET-OUT extended permit ip host 192.168.10.131 any
access-list INTERNET-OUT extended permit ip host 192.168.10.136 any
access-list INTERNET-OUT extended permit ip host 192.168.10.137 any
access-list INTERNET-OUT extended permit ip host 192.168.10.138 any
access-list INTERNET-OUT extended permit ip host 192.168.10.139 any
access-list INTERNET-OUT extended permit ip host 192.168.10.140 any
access-list INTERNET-OUT extended permit ip host 192.168.10.142 any
access-list INTERNET-OUT extended permit ip host 192.168.10.144 any
access-list INTERNET-OUT extended permit ip host 192.168.10.150 any
access-list INTERNET-OUT extended permit ip host 192.168.10.152 any
access-list INTERNET-OUT extended permit ip host 192.168.10.153 any
access-list INTERNET-OUT extended permit ip host 192.168.10.156 any
access-list INTERNET-OUT extended permit ip host 192.168.10.162 any
access-list INTERNET-OUT extended permit ip host 192.168.10.163 any
access-list INTERNET-OUT extended permit ip host 192.168.10.166 any
access-list INTERNET-OUT extended permit ip host 192.168.10.167 any
access-list INTERNET-OUT extended permit ip host 192.168.10.168 any
access-list INTERNET-OUT extended permit ip host 192.168.10.169 any
access-list INTERNET-OUT extended permit ip host 192.168.10.172 any
access-list INTERNET-OUT extended permit ip host 192.168.10.173 any
access-list INTERNET-OUT extended permit ip host 192.168.10.174 any
access-list INTERNET-OUT extended permit ip host 192.168.10.178 any
access-list INTERNET-OUT extended permit ip host 192.168.10.181 any
access-list INTERNET-OUT extended permit ip host 192.168.10.182 any
access-list INTERNET-OUT extended permit ip host 192.168.10.187 any
access-list INTERNET-OUT extended permit ip host 192.168.10.188 any
access-list INTERNET-OUT extended permit ip host 192.168.10.190 any
access-list INTERNET-OUT extended permit ip host 192.168.10.191 any
access-list INTERNET-OUT extended permit ip host 192.168.10.193 any
access-list INTERNET-OUT extended permit ip host 192.168.10.196 any
access-list INTERNET-OUT extended permit ip host 192.168.10.197 any
access-list INTERNET-OUT extended permit ip host 192.168.10.198 any
access-list INTERNET-OUT extended permit ip host 192.168.10.201 any
access-list INTERNET-OUT extended permit ip host 192.168.10.203 any
access-list INTERNET-OUT extended permit ip host 192.168.10.204 any
access-list INTERNET-OUT extended permit ip host 192.168.10.206 any
access-list INTERNET-OUT extended permit ip host 192.168.10.208 any
access-list INTERNET-OUT extended permit ip host 192.168.10.209 any
access-list INTERNET-OUT extended permit ip host 192.168.10.211 any
access-list INTERNET-OUT extended permit ip host 192.168.10.212 any
access-list INTERNET-OUT extended permit ip host 192.168.10.213 any
access-list INTERNET-OUT extended permit ip host 192.168.10.214 any
access-list INTERNET-OUT extended permit ip host 192.168.10.215 any
access-list INTERNET-OUT extended permit ip host 192.168.10.216 any
access-list INTERNET-OUT extended permit ip host 192.168.10.217 any
access-list INTERNET-OUT extended permit ip host 192.168.10.222 any
access-list INTERNET-OUT extended permit ip host 192.168.10.223 any
access-list INTERNET-OUT extended permit ip host 192.168.10.225 any
access-list INTERNET-OUT extended permit ip host 192.168.10.229 any
access-list INTERNET-OUT extended permit ip host 192.168.10.22 any
access-list INTERNET-OUT extended permit ip host 192.168.10.230 any
access-list INTERNET-OUT extended permit ip host 192.168.10.231 any
access-list INTERNET-OUT extended permit ip host 192.168.10.232 any
access-list INTERNET-OUT extended permit ip host 192.168.10.236 any
access-list INTERNET-OUT extended permit ip host 192.168.10.237 any
access-list INTERNET-OUT extended permit ip host 192.168.10.238 any
access-list INTERNET-OUT extended permit ip host 192.168.10.239 any
access-list INTERNET-OUT extended permit ip host 192.168.10.240 any
access-list INTERNET-OUT extended permit ip host 192.168.10.243 any
access-list INTERNET-OUT extended permit ip host 192.168.10.244 any
access-list INTERNET-OUT extended permit ip host 192.168.10.247 any
access-list INTERNET-OUT extended permit ip host 192.168.10.249 any
access-list INTERNET-OUT extended permit ip host 192.168.10.252 any
access-list INTERNET-OUT extended permit ip host 192.168.10.245 any
access-list INTERNET-OUT extended permit ip host 192.168.10.55 any
access-list INTERNET-OUT extended permit ip host 192.168.10.68 any
access-list INTERNET-OUT extended permit ip host 192.168.10.119 any
access-list INTERNET-OUT extended permit ip host 192.168.10.56 any
access-list INTERNET-OUT extended permit ip host 192.168.10.148 any
access-list INTERNET-OUT extended permit ip host 192.168.10.192 any
access-list INTERNET-OUT extended permit ip host 192.168.10.233 any
access-list INTERNET-OUT extended permit ip host 192.168.10.80 any
access-list INTERNET-OUT extended permit ip host 192.168.10.60 any
access-list INTERNET-OUT extended permit ip host 192.168.10.194 any
access-list INTERNET-OUT extended permit ip host 192.168.10.87 any
access-list INTERNET-OUT extended permit ip host 192.168.10.185 any
access-list INTERNET-OUT extended permit ip host 192.168.10.24 any
access-list INTERNET-OUT extended permit ip host 192.168.10.200 any
access-list INTERNET-OUT extended permit ip host 192.168.10.103 any
access-list INTERNET-OUT extended permit ip host 192.168.10.38 any
access-list INTERNET-OUT extended permit ip host 192.168.10.127 any
access-list INTERNET-OUT extended permit ip host 192.168.10.107 any
access-list INTERNET-OUT extended permit ip host 192.168.10.99 any
access-list INTERNET-OUT extended permit ip host 192.168.10.128 any
access-list INTERNET-OUT extended permit ip host 192.168.10.93 any
access-list INTERNET-OUT extended permit ip host 192.168.10.254 any
access-list INTERNET-OUT extended permit ip host 192.168.10.180 any
access-list INTERNET-OUT extended permit ip host 192.168.10.176 any
access-list INTERNET-OUT extended permit ip host 192.168.10.81 any
access-list INTERNET-OUT extended permit ip host 192.168.10.65 any
access-list TRAFICO_MONITOREADO extended permit tcp any any eq ftp
access-list TRAFICO_MONITOREADO extended permit tcp any any eq smtp
access-list TRAFICO_MONITOREADO extended permit tcp any any eq www
access-list TRAFICO_MONITOREADO extended permit tcp any any eq pop3
access-list PERMITE-TODO extended permit ip any any log
access-list OUTSIDE_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
access-list global_mpc extended permit tcp any any object-group DM_INLINE_TCP_2
access-list REDES-ACCESO-VPN standard permit 192.168.10.0 255.255.255.0
access-list MIGRACION-01_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list INSIDE_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list INSIDE_nat0_outbound remark VPN Inbound
access-list INSIDE_nat0_outbound extended permit ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
access-list INSIDE_access_in extended permit ip object-group Acceso-Intenet-Total any
access-list OUTSIDE_access_in remark 192.168.10.55
access-list OUTSIDE_access_in extended permit ip any any
access-list INSIDE_access_out extended permit ip any any
pager lines 24
logging enable
logging buffer-size 50000
logging console emergencies
logging buffered notifications
logging history errors
logging asdm warnings
mtu OUTSIDE 2500
mtu INSIDE 2500
mtu management 1500
ip local pool VPNaddressPool 10.10.10.1-10.10.10.20 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 1 access-list INTERNET-OUT
nat (INSIDE) 1 RED-Interna-xxxxxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
nat (INSIDE) 1 RED-Interna-Dial_UP 255.255.255.0
nat (INSIDE) 1 RED-Interna-xxxxxxx 255.255.255.0
access-group PERMITE-TODO in interface management
access-group PERMITE-TODO out interface management
route OUTSIDE 0.0.0.0 0.0.0.0 200.46.78.65 1
route INSIDE 10.0.0.0 255.0.0.0 192.168.10.8 1
route INSIDE 172.16.8.0 255.255.255.240 192.168.10.8 1
route INSIDE 172.16.17.0 255.255.255.252 192.168.10.13 1
route INSIDE RED-Interna-xxxxxxxxxxx 255.255.255.0 192.168.10.13 1
route INSIDE RED-Interna-xxxxxxxxxxx 255.255.255.0 192.168.10.8 1
route INSIDE RED-Interna-xxxxxxxxxxx 255.255.255.0 192.168.10.8 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.8 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.8 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.13 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.13 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.13 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.13 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.11 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.11 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.8 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.11 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.168.10.11 1
route INSIDE RED-Interna-Dial_UP 255.255.255.0 192.168.10.8 1
route INSIDE RED-Interna-xxxxxxx 255.255.255.0 192.169.7.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http RED-Interna-xxxxxxxxx 255.255.255.255 INSIDE
http 192.168.10.0 255.255.255.0 INSIDE
http RED-Interna-PasoCanoas 255.255.255.0 management
http 0.0.0.0 0.0.0.0 OUTSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map MIGRA 65535 set transform-set ESP-DES-SHA DES-MD5 DES-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic MIGRA
crypto map OUTSIDE_MAP interface OUTSIDE
crypto map INSIDE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map INSIDE_map interface INSIDE
crypto isakmp enable OUTSIDE
crypto isakmp enable INSIDE
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp policy 2
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 5
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
crypto isakmp ipsec-over-tcp port 777
telnet 0.0.0.0 0.0.0.0 INSIDE
telnet RED-Interna-xxxxxxxxxxx 255.255.255.255 INSIDE
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh 0.0.0.0 0.0.0.0 INSIDE
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
webvpn
port 446
enable OUTSIDE
enable INSIDE
dtls port 446
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol l2tp-ipsec
group-policy xxxxxxxxxxx-01 internal
group-policy xxxxxxxxxxx-01 attributes
banner value USTED ESTA TRATANDO DE ENTRAR A UNA ZONA RESTRINGIDA POR EL
banner value Y PUEDE SER PENADO POR LA LEY
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxxxxxxxxxxx-01_splitTunnelAcl
group-policy xxxxxxxxxxxx-ACP-01 internal
group-policy xxxxxxxxxxxx-ACP-01 attributes
banner value ATENCION !!! USTED SE ESTA CONECTANDO A LA RED DE USO PRIVADO DEL
banner value . EL ACCESO NO AUTORIZADO A ESTA
banner value SERA PENALIZADO DE ACUERDO AL REGLAMENTO INTERNO DEL SNM Y A
banner value LAS LEYES VIGENTES EN LA REPUBLICA DE PANAMA.
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value MIGRACION-01_splitTunnelAcl
group-policy xxxxxxxxxxx internal
group-policy xxxxxxxxxxx attributes
vpn-simultaneous-logins 100
vpn-idle-timeout 30
vpn-session-timeout 1440
vpn-tunnel-protocol l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value REDES-ACCESO-VPN
username scigarruista password noQbzD7LW9HFkZZ8 encrypted
username scigarruista attributes
vpn-group-policy xxxxxxxxxxx-ACP-01
service-type remote-access
username ccedeno password BnulKmBL9bHOxGWh encrypted
username ccedeno attributes
vpn-group-policy xxxxxxxxxxx-ACP-01
service-type remote-access
username xxxxxxxxx password eLvfkw.dlLhXSvj6 encrypted privilege 15
username xxxx password QktNXADU5IZ5mEjh encrypted privilege 15
username xxxx attributes
vpn-group-policy xxxxxxxxxxx-01
username xxxxxxxx password qkjDAJhr.BbqwbPm encrypted privilege 15
username xxxxxxxx attributes
vpn-group-policy xxxxxxxxxxx-01
username xxxxxxxxx password Kwwq6zPV8JTZ7Wx2 encrypted privilege 15
username xxxxxxxxx attributes
vpn-group-policy MIGRACION-01
username xxxxxxxxx password hmB.eXPAjywwkYK. encrypted
username xxxxxxxxx attributes
vpn-group-policy xxxxxxxxxx-ACP-01
service-type remote-access
username ydeleon password 8a6/6bAmGuNHD.jP encrypted privilege 15
username ydeleon attributes
vpn-group-policy xxxxxxxxx-ACP-01
service-type admin
username mproll password Wif98Smoq04gC610 encrypted privilege 15
username mproll attributes
vpn-group-policy MIGRACION-ACP-01
service-type admin
username jurriola password o1g9F4tAQS/eajPP encrypted privilege 15
username jurriola attributes
vpn-group-policy xxxxxxxxxxx-01
username mrios password 91Gc4QgjOwtiuuPg encrypted
username mrios attributes
vpn-group-policy xxxxxxxxxxx-ACP-01
service-type remote-access
tunnel-group xxxxxxxxxxx type remote-access
tunnel-group xxxxxxxxxxx general-attributes
address-pool VPNaddressPool
default-group-policy xxxxxxxxxxx
tunnel-group xxxxxxxxxxxxx ipsec-attributes
pre-shared-key *
tunnel-group xxxxxxxxx-01 type remote-access
tunnel-group xxxxxxxxx-01 general-attributes
address-pool VPNaddressPool
default-group-policy xxxxxxxxxxx-ACP-01
tunnel-group xxxxxxxxx-01 ipsec-attributes
pre-shared-key *
tunnel-group xxxxxxxxxxxx-ACP-01 type remote-access
tunnel-group xxxxxxxxxxxx-ACP-01 general-attributes
address-pool VPNaddressPool
default-group-policy xxxxxxxxxx-ACP-01
tunnel-group xxxxxxxxxxx-ACP-01 ipsec-attributes
pre-shared-key *
!
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
match regex domainlist4
match regex domainlist5
match regex domainlist6
match regex domainlist7
match regex domainlist8
match regex domainlist9
match regex domainlist10
match regex domainlist11
match regex domainlist14
match regex domainlist16
match regex domainlist17
match regex domainlist18
match regex domainlist21
match regex domainlist22
match regex domainlist13
match regex domainlist19
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map OUTSIDE-class
match access-list OUTSIDE_mpc
class-map TRAFICO_MONITOREADO
match access-list TRAFICO_MONITOREADO
class-map type regex match-any URLBlockList
match regex urllist1
class-map inspection_default
match default-inspection-traffic
class-map imblock
match any
class-map httptraffic
match access-list inside_mpc
class-map type inspect http match-all BlockURLsClass
match request uri regex class URLBlockList
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect im impolicy
parameters
match protocol msn-im yahoo-im
drop-connection
policy-map type inspect http http_inspection_policy
parameters
match request method connect
drop-connection log
class BlockDomainsClass
reset log
class BlockURLsClass
reset log
policy-map imdrop
class imblock
inspect im impolicy
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
!
service-policy global_policy global
service-policy imdrop interface OUTSIDE
service-policy inside-policy interface INSIDE
prompt hostname context
Cryptochecksum:e184fa614e4f0d09fed2835e590ba03b
: end
ASA-24#

👁 1K2