Cisco ASA 5520 Problem

Discussion in 'Cisco' started by bhushan_kale, Aug 29, 2008.

  1. bhushan_kale

    bhushan_kale

    Joined:
    Aug 29, 2008
    Messages:
    1
    Hi frnds,

    I m having lots of pro in asa 5520 & cisco csc ssm -20.
    my i m having ftp, upload & download problem. i think my csc ssm block this traffic, i m not sure i think......

    so plzzzzz give me u r solution


    ASA Version 8.0(2)
    !
    hostname ciscoasa
    enable password lHbqXQo9jO5yr8c. encrypted
    names
    name 172.25.15.94 HT1
    name 172.25.15.96 HT2
    name 192.168.10.3 Ironport
    name 172.25.15.59 FTPSRVR
    !
    interface GigabitEthernet0/0
    description TTML
    nameif Outside
    security-level 0
    ip address 121.xxx.xxx.xxx 255.xxx.xxx.xxx
    !
    interface GigabitEthernet0/1
    nameif Inside
    security-level 100
    ip address 192.168.10.2 255.255.255.0
    !
    interface GigabitEthernet0/2
    nameif DMZ
    security-level 50
    ip address 172.25.17.2 255.255.255.0
    !
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    nameif VBL
    security-level 0
    ip address 121.xxx.xxx.xxx 255.xxx.xxx.xxx
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    clock timezone IST 5 30
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group service Inside_to_Outside_port tcp-udp
    port-object eq 1025
    port-object eq 135
    port-object eq 1755
    port-object eq 20
    port-object eq 21
    port-object eq 22
    port-object eq 25
    port-object eq 3101
    port-object eq 3389
    port-object eq 389
    port-object eq 443
    port-object eq 5005
    port-object eq 50389
    port-object eq 50636
    port-object eq 51
    port-object eq 554
    port-object eq 5900
    port-object eq 7777
    port-object eq 8000
    port-object eq 8001
    port-object eq 8008
    port-object eq 8023
    port-object eq 8080
    port-object eq 8100
    port-object eq 8443
    port-object eq 8554
    port-object eq 88
    port-object eq 8888
    port-object eq 9726
    port-object eq domain
    port-object eq www
    port-object eq 110
    port-object eq 143
    port-object eq 3268
    port-object eq 465
    port-object eq 585
    port-object eq 636
    port-object eq 993
    port-object eq 995
    object-group service Outside_to_Inside tcp-udp
    port-object eq 1723
    port-object eq 20
    port-object eq 21
    port-object eq 25
    port-object eq 443
    port-object eq 5004
    object-group service aMAP tcp-udp
    port-object eq 1723
    port-object eq 47
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    access-list Inside_access_in extended permit gre any host 203.xxx.xxx.xxx
    access-list Inside_access_in extended permit object-group TCPUDP any any object-group Inside_to_Outside_port
    access-list Inside_access_in extended permit object-group TCPUDP any host 203.200.227.131 object-group aMAP
    access-list Inside_access_in extended permit ip any 172.25.17.0 255.255.255.0
    access-list Inside_access_in extended permit icmp any any
    access-list Outside_access_in extended permit ip any any
    access-list Outside_access_in extended permit object-group TCPUDP any any object-group Outside_to_Inside
    access-list Outside_access_in extended permit icmp any any
    access-list DMZ_access_in extended permit ip 172.25.17.0 255.255.255.0 any
    access-list DMZ_nat0_outbound extended permit ip 172.25.17.0 255.255.255.0 any
    access-list DMZ_nat0_outbound extended permit ip 172.25.17.0 255.255.255.0 192.168.10.0 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip any 172.25.17.0 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip any 192.168.15.0 255.255.255.192
    access-list VBL_access_in extended permit ip any any
    access-list VBL_access_in extended permit object-group TCPUDP any any object-group Outside_to_Inside
    access-list Viacom18_splitTunnelAcl standard permit any
    access-list ironport extended permit tcp any any
    access-list www_trffic extended permit tcp any any
    access-list MSS extended permit tcp any any
    !
    tcp-map tcp_timestamp_clear
    tcp-options timestamp clear
    !
    pager lines 24
    logging enable
    logging asdm informational
    mtu Outside 1500
    mtu Inside 1500
    mtu DMZ 1500
    mtu VBL 1500
    ip local pool viacom18 192.168.15.1-192.168.15.50 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-611.bin
    no asdm history enable
    arp timeout 14400
    global (Outside) 1 interface
    global (VBL) 1 interface
    nat (Inside) 0 access-list Inside_nat0_outbound
    nat (Inside) 1 0.0.0.0 0.0.0.0 dns
    nat (DMZ) 0 access-list DMZ_nat0_outbound outside
    static (Inside,Outside) 121.xxx.xxx.xxx HT1 netmask 255.255.255.255 dns norandomseq
    static (Inside,Outside) 121.xxx.xxx.xxx HT2 netmask 255.255.255.255 dns norandomseq
    static (Inside,Outside) 121.xxx.xxx.xxx FTPSRVR netmask 255.255.255.255 dns
    static (Inside,Outside) 121.xxx.xxx.xxx Ironport netmask 255.255.255.255 dns
    static (Inside,VBL) 121.xxx.xxx.xxx HT1 netmask 255.255.255.255 dns
    static (Inside,VBL) 121.xxx.xxx.xxx HT2 netmask 255.255.255.255 dns
    access-group Outside_access_in in interface Outside
    access-group Inside_access_in in interface Inside
    access-group DMZ_access_in in interface DMZ
    access-group VBL_access_in in interface VBL
    !
    router rip
    version 2
    !
    route Outside 0.0.0.0 0.0.0.0 121.xxx.xxx.xxx 1
    route VBL 0.0.0.0 0.0.0.0 121.xxx.xxx.xxx 150
    route Inside 10.70.17.0 255.255.255.252 192.168.10.1 1
    route Inside 172.25.0.0 255.255.0.0 192.168.10.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    webvpn
    svc ask none default webvpn
    http server enable
    http 0.0.0.0 0.0.0.0 Inside
    http 192.168.1.0 255.255.255.0 VBL
    http 192.168.10.0 255.255.255.0 Inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map Outside_map interface Outside
    crypto isakmp enable Outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    no crypto isakmp nat-traversal
    telnet 192.168.10.0 255.255.255.0 Inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 Outside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    !
    class-map www_class
    match access-list www_trffic
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect sunrpc
    inspect sip
    inspect netbios
    inspect tftp
    inspect http
    inspect icmp
    inspect pptp
    class www_class
    set connection advanced-options tcp_timestamp_clear
    policy-map ironport-map1
    !
    service-policy global_policy global
    group-policy Viacom18 internal
    group-policy Viacom18 attributes
    dns-server value 202.54.29.5 202.54.10.2
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Viacom18_splitTunnelAcl
    default-domain value viacom18.com
    username swaroop password MWauOvI.JGd6E.9d encrypted
    username swaroop attributes
    service-type remote-access
    username experts password 4W2b2wZGEiyAaHhj encrypted privilege 0
    username experts attributes
    vpn-group-policy Viacom18
    username itteam password CklpAvFzxsxjfmk/ encrypted
    tunnel-group Viacom18 type remote-access
    tunnel-group Viacom18 general-attributes
    address-pool viacom18
    default-group-policy Viacom18
    tunnel-group Viacom18 ipsec-attributes
    pre-shared-key *
    prompt hostname context
    Cryptochecksum:42cf8b0b089f6d29afc1800c559532a2
    : end
    bhushan_kale, Aug 29, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nicolai
    Replies:
    3
    Views:
    1,027
    Nicolai
    Mar 2, 2006
  2. networksecurity
    Replies:
    3
    Views:
    4,877
    boris.artemyev@gmail.com
    Jun 14, 2006
  3. Bernd Nies
    Replies:
    5
    Views:
    8,877
    Bernd Nies
    Apr 17, 2007
  4. dmandell
    Replies:
    1
    Views:
    1,090
    dmandell
    Jun 26, 2007
  5. braydonsdad@gmail.com

    ASA-5520 with ASA-CSC-20

    braydonsdad@gmail.com, Feb 20, 2009, in forum: Cisco
    Replies:
    1
    Views:
    537
    rameshhx
    Feb 22, 2009
Loading...

Share This Page