1. Home
  2. Cisco Systems
  3. traffic not following through pix

traffic not following through pix

Hi

i have two subnet one off 10.x.x.x series and other small just two host of 192.168.100.0 series.

everything from my 10.x.x.x network is working fine. But noting from 192.168.100.0 series. I have gone through the xlate its happening and the syslog show that the connection getting created and teardown after that immediately syslog ids 302015 and 302016 ___________________________________ pls find my config below

PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100

clock timezone IST 5 30 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 name 10.2.1.1 Layer-III name 192.168.100.2 ArvindV access-list acl_in permit esp any any access-list acl_in permit ah any any access-list acl_in permit udp any any eq isakmp access-list acl_in permit icmp any any access-list acl_in permit gre any any access-list acl_in permit tcp any any eq pptp access-list acl_in permit tcp any host X.X.X.7 eq www access-list acl_in permit tcp any host X.X.X.7 eq smtp access-list acl_in permit tcp any host X.X.X.7 eq pop3 access-list acl_in permit tcp any host X.X.X.7 eq https access-list acl_in permit tcp any host X.X.X.7 eq ldap access-list acl_in permit tcp any host X.X.X.19 eq www access-list acl_in permit tcp any host X.X.X.6 eq www access-list acl_in permit tcp any host X.X.X.8 eq www access-list acl_in permit tcp any host X.X.X.9 eq www access-list acl_in permit tcp any host X.X.X.9 eq 8080 access-list acl_in permit tcp any host X.X.X.10 eq www access-list acl_in permit tcp any host X.X.X.14 eq 8080 access-list acl_in permit tcp any host X.X.X.14 eq 9080 access-list acl_in permit ip any host X.X.X.11 access-list acl_in permit tcp any host X.X.X.18 eq www access-list acl_in permit tcp any host X.X.X.18 eq 81 access-list acl_in permit ip any host X.X.X.96 access-list acl_in permit tcp any host X.X.X.15 eq ftp access-list acl_in permit tcp any host X.X.X.6 eq 5800 access-list acl_in permit tcp any host X.X.X.6 eq 5900 access-list acl_in permit tcp any host X.X.X.125 eq 9080 access-list acl_in permit tcp any host X.X.X.94 eq 9080 access-list acl_in permit tcp any host X.X.X.12 eq www access-list acl_in permit tcp any host X.X.X.92 eq www access-list acl_in permit tcp any host X.X.X.124 eq 7080 access-list acl_in permit tcp any host X.X.X.124 eq telnet access-list acl_in permit tcp any host X.X.X.9 eq 5800 access-list acl_in permit tcp any host X.X.X.9 eq 5900 access-list acl_in permit tcp any host X.X.X.15 eq www access-list acl_in permit tcp any host X.X.X.60 eq 9080 access-list acl_in permit tcp any host X.X.X.60 eq 9081 access-list inside_outbound_nat0_acl permit ip host 10.2.1.2 10.2.20.0

255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.3 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.208 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.9 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.23 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.7 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.3.71 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.250 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.60 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host Layer-III 10.2.20.0 255.255.255.248 access-list inside_outbound_nat0_acl permit ip host 10.2.1.98 10.2.20.0 255.255.255.248 access-list outside_cryptomap_dyn_20 permit ip any 10.2.20.0 255.255.255.248 pager lines 24 logging on logging trap debugging logging host inside 10.2.1.21 mtu outside 1500 mtu inside 1500 ip address outside X.X.X.2 255.255.255.224 ip address inside 10.2.1.179 255.255.0.0 ip audit info action alarm ip audit attack action alarm ip local pool QuinnoxPool 10.2.20.1-10.2.20.5 pdm location 10.2.1.2 255.255.255.255 inside pdm location 10.2.1.3 255.255.255.255 inside pdm location 10.2.1.7 255.255.255.255 inside pdm location 10.2.1.9 255.255.255.255 inside pdm location 10.2.1.21 255.255.255.255 inside pdm location 10.2.1.60 255.255.255.255 inside pdm location 10.2.1.98 255.255.255.255 inside pdm location 10.2.1.99 255.255.255.255 inside pdm location 10.2.1.122 255.255.255.255 inside pdm location 10.2.1.144 255.255.255.255 inside pdm location 10.2.1.152 255.255.255.255 inside pdm location 10.2.1.246 255.255.255.255 inside pdm location 10.2.3.71 255.255.255.255 inside pdm location 10.2.5.0 255.255.255.0 inside pdm location 10.2.6.0 255.255.255.0 inside pdm location 10.2.7.0 255.255.255.0 inside pdm location 10.2.9.0 255.255.255.0 inside pdm location 10.2.10.0 255.255.255.0 inside pdm location 10.2.12.0 255.255.255.0 inside pdm location 10.2.13.100 255.255.255.255 inside pdm location 10.2.13.101 255.255.255.255 inside pdm location 10.2.13.102 255.255.255.255 inside pdm location 10.2.13.103 255.255.255.255 inside pdm location 10.2.13.104 255.255.255.255 inside pdm location 10.2.13.105 255.255.255.255 inside pdm location 10.2.13.106 255.255.255.255 inside pdm location 10.2.13.107 255.255.255.255 inside pdm location 10.2.13.108 255.255.255.255 inside pdm location 10.2.13.109 255.255.255.255 inside pdm location 10.2.13.110 255.255.255.255 inside pdm location 10.2.1.90 255.255.255.255 inside pdm location 10.2.1.91 255.255.255.255 inside pdm location 10.2.1.151 255.255.255.255 inside pdm location 10.2.2.100 255.255.255.255 inside pdm location 10.2.3.166 255.255.255.255 inside pdm location 10.2.10.26 255.255.255.255 inside pdm location 10.2.10.31 255.255.255.255 inside pdm location 10.2.10.34 255.255.255.255 inside pdm location 10.2.10.37 255.255.255.255 inside pdm location 10.2.15.25 255.255.255.255 inside pdm location 10.2.15.40 255.255.255.255 inside pdm location 10.2.17.14 255.255.255.255 inside pdm location 10.4.4.226 255.255.255.255 inside pdm location 10.4.4.227 255.255.255.255 inside pdm location 10.4.4.228 255.255.255.255 inside pdm location 10.4.4.229 255.255.255.255 inside pdm location 10.4.4.230 255.255.255.255 inside pdm location 10.4.4.231 255.255.255.255 inside pdm location 10.4.4.232 255.255.255.255 inside pdm location 10.4.4.233 255.255.255.255 inside pdm location 10.4.4.234 255.255.255.255 inside pdm location 10.4.4.235 255.255.255.255 inside pdm location 10.4.4.236 255.255.255.255 inside pdm location 10.4.5.4 255.255.255.255 inside pdm location 10.4.5.5 255.255.255.255 inside pdm location 10.4.5.7 255.255.255.255 inside pdm location 10.4.5.8 255.255.255.255 inside pdm location 10.4.5.9 255.255.255.255 inside pdm location 10.4.5.10 255.255.255.255 inside pdm location 10.4.5.11 255.255.255.255 inside pdm location 10.4.5.12 255.255.255.255 inside pdm location 10.4.5.13 255.255.255.255 inside pdm location 10.4.5.30 255.255.255.255 inside pdm location 10.4.7.0 255.255.255.192 inside pdm location 10.4.7.69 255.255.255.255 inside pdm location 10.4.7.64 255.255.255.192 inside pdm location 10.4.10.64 255.255.255.192 inside pdm location 10.4.0.0 255.255.0.0 inside pdm location C1.C1.C1.2 255.255.255.255 outside pdm location C2.C2.C2.126 255.255.255.255 outside pdm location C3.C3.C3.200 255.255.255.255 outside pdm location 10.2.20.0 255.255.255.248 outside pdm location 10.2.21.0 255.255.255.0 inside pdm location 10.2.1.8 255.255.255.255 inside pdm location 10.2.1.23 255.255.255.255 inside pdm location 10.2.1.208 255.255.255.255 inside pdm location 10.2.1.250 255.255.255.255 inside pdm location Layer-III 255.255.255.255 inside pdm location 10.2.1.86 255.255.255.255 inside pdm location 10.2.1.87 255.255.255.255 inside pdm location 10.2.1.88 255.255.255.255 inside pdm location 10.2.1.111 255.255.255.255 inside pdm location 10.2.1.200 255.255.255.255 inside pdm location 192.168.100.0 255.255.255.0 inside pdm location ArvindV 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 24 X.X.X.67 global (outside) 100 X.X.X.113 global (outside) 75 X.X.X.66 global (outside) 26 X.X.X.68 global (outside) 27 X.X.X.69 global (outside) 28 X.X.X.70 global (outside) 25 X.X.X.65 global (outside) 31 X.X.X.123 global (outside) 5 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 24 10.4.7.0 255.255.255.192 0 0 nat (inside) 27 10.4.7.64 255.255.255.192 0 0 nat (inside) 25 10.4.10.64 255.255.255.192 0 0 nat (inside) 24 10.2.5.0 255.255.255.0 0 0 nat (inside) 26 10.2.6.0 255.255.255.0 0 0 nat (inside) 25 10.2.7.0 255.255.255.0 0 0 nat (inside) 27 10.2.9.0 255.255.255.0 0 0 nat (inside) 28 10.2.10.0 255.255.255.0 0 0 nat (inside) 75 10.2.12.0 255.255.255.0 0 0 nat (inside) 31 10.2.21.0 255.255.255.0 0 0 nat (inside) 100 0.0.0.0 0.0.0.0 0 0 static (inside,outside) X.X.X.76 10.2.13.101 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.77 10.2.13.102 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.78 10.2.13.103 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.79 10.2.13.104 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.80 10.2.13.105 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.81 10.2.13.106 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.82 10.2.13.107 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.83 10.2.13.108 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.85 10.2.13.110 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.90 10.2.13.109 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.7 10.2.1.2 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.19 10.2.1.99 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.6 10.2.1.98 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.8 10.2.1.7 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.9 10.2.1.3 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.10 10.2.1.122 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.14 10.2.1.246 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.11 10.2.1.152 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.93 10.2.10.31 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.95 10.2.17.14 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.15 10.2.1.9 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.97 10.2.10.37 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.98 10.2.15.40 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.99 10.4.5.4 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.96 10.2.2.100 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.100 10.4.4.226 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.101 10.4.4.227 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.103 10.4.4.229 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.104 10.4.4.230 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.105 10.4.4.231 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.106 10.4.4.232 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.107 10.4.4.233 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.108 10.4.4.234 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.109 10.4.4.235 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.110 10.4.4.236 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.102 10.4.4.228 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.111 10.4.5.5 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.112 10.4.5.4 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.114 10.4.5.7 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.115 10.4.5.8 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.116 10.4.5.9 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.117 10.4.5.10 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.118 10.4.5.11 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.119 10.4.5.12 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.120 10.4.5.13 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.91 10.2.10.26 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.121 10.4.5.30 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.75 10.2.13.100 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.94 10.2.15.25 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.125 10.4.7.69 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.12 10.2.1.151 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.92 10.2.1.90 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.122 10.2.10.34 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.124 10.2.1.91 netmask 255.255.255.255 0 0 static (inside,outside) 10.2.1.208 10.2.1.208 netmask 255.255.255.255 0 0 static (inside,outside) 10.2.1.23 10.2.1.23 netmask 255.255.255.255 0 0 static (inside,outside) 10.2.1.8 10.2.1.8 netmask 255.255.255.255 0 0 static (inside,outside) 10.2.1.250 10.2.1.250 netmask 255.255.255.255 0 0 static (inside,outside) Layer-III Layer-III netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.55 10.2.1.86 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.56 10.2.1.87 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.57 10.2.1.88 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.60 10.2.1.111 netmask 255.255.255.255 0 0 access-group acl_in in interface outside route outside 0.0.0.0 0.0.0.0 X.X.X.1 1 route inside 10.4.0.0 255.255.0.0 Layer-III 1 route inside 192.168.100.0 255.255.255.0 Layer-III 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 10.2.3.71 255.255.255.255 inside http 10.2.1.60 255.255.255.255 inside http 10.2.1.200 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec

cheers Ramp

Reply to
rkspillai
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.