- Cisco ASA 5585-X SSP40: Потери пакетов, NorN, 15:02 , 12-Мрт-15 (1)
Result of the command: "sh run": Saved : ASA Version 8.4(4)1 <context> ! hostname ctx2 ! interface GigabitEthernet0/0 nameif outside security-level 0 ip address 111.222.11.222 255.255.255.252 ! interface GigabitEthernet0/1 no nameif no security-level no ip address ! interface GigabitEthernet0/1.1 nameif NetKS security-level 40 ip address 10.2.2.20 255.255.255.0 ! interface GigabitEthernet0/2 nameif CertA security-level 50 ip address 192.168.7.1 255.255.255.252 ! interface GigabitEthernet0/3 nameif gorodtelecom security-level 1 ip address 133.24.95.16 255.255.255.240 ! interface GigabitEthernet0/4 nameif LAN2 security-level 99 ip address 10.10.1.10 255.255.248.0 ! interface GigabitEthernet0/5 nameif Temp__WIFI security-level 51 ip address 192.168.4.2 255.255.255.248 ! interface TenGigabitEthernet0/8 nameif E0.2 security-level 100 ip address 10.0.3.50 255.255.252.0 ! interface TenGigabitEthernet0/9 nameif E1.2 security-level 100 ip address 192.168.13.2 255.255.255.0 standby 192.168.13.1 ! regex SMTP_.com_Allow "emc\.com|cisco\.com|microsoft\.com|gmail\.com|eset\.com" regex google-deny-regular "gmail|mail\.google" regex SMTP_.com_Deny "\.name|\.lv|\.fr|\.it|\.tf|\.jp" regex SMTP_.com_Allow1 "nkmann\.com|region\.com|bftcom\.com|gorodtele\.com|micex\.com|zferma\.com" same-security-traffic permit intra-interface object network LAN subnet 10.0.0.0 255.255.252.0 object network ns1-in-ip host 10.10.1.255 object service DNS-TCP service tcp destination eq domain object network sp-paa host 10.10.6.2 object network ns1-ex-ip host 210.4.132.144 object network trans-ip host 10.0.3.111 object network sp-adm host 10.10.6.3 object network CA--LANIP host 192.168.7.2 object network ca-ex-ip host 210.4.132.145 object network ca-in-ip host 10.0.3.101 object network CA subnet 192.168.7.0 255.255.255.252 object network AKKO-ex-ip host 210.4.132.146 description External IP AKKO-Finansy object network AKKO-in-ip host 10.0.0.10 description AKKO Finansy Server object network Plan-ex-ip host 210.4.132.147 description External IP AKKO-Panirovanie object network Plan-in-ip host 10.0.3.98 description Internal IP AKKO-Panirovanie object service MMS service tcp destination eq rtsp object network AKKO1-ex-ip host 210.4.132.149 description External IP AKKO1-Finansy object network AKKO1-in-ip host 10.0.0.211 description AKKO1 Finansy Server object network SKIF-ex-ip host 210.4.132.150 description External IP SKIF object network SKIF-in-ip host 10.0.3.242 description Internal IP SKIF object network Exchange-ex-ip host 210.4.132.151 object network Exchange-in-ip host 10.0.3.222 object network WebPortalSKIF-ex-ip host 210.4.132.153 object network WebPortalSKIF-in-ip host 10.0.0.29 object network jabber-ex-ip host 210.4.132.152 object network jabber-in-ip host 10.0.3.200 object service Jabber service tcp destination eq 5222 object network MailServer-ex-ip host 210.4.132.154 object network PBS-ex-ip host 210.4.132.155 object network PBS-in-ip host 10.10.2.110 object network MailServer-in-ip host 10.0.0.6 object network ar-bvl host 10.10.6.5 object network ar-cdn host 10.10.6.4 object network ar-lkv host 10.0.0.31 object network Pshenicin host 10.0.3.1 object network SED-UFK host 10.0.3.115 object network Garant host 10.0.0.28 object service TEMP_AKKO service tcp source eq 2032 object service ContinentSED-UFK_1 service tcp destination eq 1100 object service ContinentSED-UFK_2 service tcp destination eq 2525 object network Pshenicin2 host 10.0.2.69 object network srveset host 10.10.2.100 description ESET Server object network Kostuk_temp-IP host 10.0.1.152 object service Continent4433 service udp destination eq 4433 object network ns2-in-ip host 10.10.3.200 object network outside-network subnet 111.222.11.220 255.255.255.252 object network ns2-ex-ip host 194.28.92.25 object network domen1-ns-in-ip host 10.10.2.1 object network domen2-ns-in-ip host 10.10.2.2 object network domen3-ns-in-ip host 10.10.2.3 object network domen_old-ns-in-ip host 10.0.3.235 object network domen_old1-ns-in-ip host 10.0.3.225 object network TempRouter host 10.0.3.233 object network AKKO2-ex-ip host 194.28.92.21 object service Nalog-EGRUL service tcp destination eq 8443 object service RDP3389 service tcp destination eq 3389 object service imapSec service tcp destination eq 993 object service pop3-sec service tcp destination eq 995 object network TempRouter2 range 10.0.3.240 10.0.3.250 object network MailServer1-in-ip host 10.0.3.241 object network TempTestIP host 10.10.3.6 description TempTestIP object network TempTestIPex host 210.4.132.156 object service RDP3333 service tcp destination eq 3333 object service ZSOTranslation service tcp destination eq 1935 object service Control service tcp destination eq 2010 object service Continent7500 service udp destination eq 7500 object service VipNet service udp destination eq 55777 object network gmail1 range 173.194.116.117 173.194.116.118 object network gmail5 range 173.194.32.181 173.194.32.182 object network gmail6 range 173.194.32.149 173.194.32.150 object network gmail7 range 173.194.32.21 173.194.32.22 object network gmail8 range 173.194.115.53 173.194.115.54 object network gmail9 range 173.194.112.117 173.194.112.118 object network gmail10 range 173.194.115.85 173.194.115.86 object network gmail11 range 173.194.32.53 173.194.32.54 object network gmail2 range 74.125.228.245 74.125.228.246 object network gmail12 range 74.125.227.149 74.125.227.150 object network gmail3 range 173.194.40.245 173.194.40.246 object network Analyz-ex-ip host 210.4.132.156 description External IP AKKO-Analyz object network Analyz-in-ip host 10.0.1.152 description AKKO-Analyz Server object network AKKO-Analyz-storage-ex-ip host 210.4.132.157 description External ip AKKO-Analyz-storage object network AKKO-Analyz-storage-in-ip host 10.0.1.138 description AKKO-Analyz-storage server object service AKKO-Analyz-storage service tcp destination eq 24554 object network ar-cme host 10.10.6.14 object network ks-kum host 10.10.5.195 object network ks-lmn host 10.10.5.36 object network ar-mob host 10.10.6.8 object network ar-shes host 10.10.6.9 object network ar-vsa host 10.10.6.10 object network NetKS-gw host 10.2.2.2 description NetKS Gateway object network ar-lkv1 host 10.10.6.1 object network NetKS-network subnet 10.0.0.0 255.0.0.0 description NetKS Network object network gmail13 range 64.233.162.17 64.233.162.83 object network gmail14 range 64.233.164.17 64.233.164.83 object network gmail4 range 173.194.71.17 173.194.71.83 object network gmail15 range 74.125.143.17 74.125.143.83 object network gmail16 range 64.233.165.17 64.233.165.83 object network gmail17 range 64.233.161.17 64.233.161.83 object network ESETServer host 10.10.2.100 object network gmail18 range 173.194.122.213 173.194.122.214 object network gmail19 range 173.194.122.245 173.194.122.246 object network APKH_Continent-ex-ip host 210.4.132.158 object network APKH_Continent-in-ip host 10.0.2.146 object network temp host 194.28.92.26 object service AKKO20015 service tcp destination eq 20015 object network gmail20 range 216.58.209.101 216.58.209.140 object network MailServer-ex-ip-NetKS host 91.224.154.4 object network NetKS_Services subnet 10.0.1.0 255.255.255.192 object network ar-kna host 10.10.6.7 object network ar-kti host 10.10.6.6 object network Monitoring-Mininform-ex-ip host 210.4.132.148 object network Monitoring-Mininform-in-ip host 10.10.1.20 object network ZSO_Video host 188.19.121.194 description ZSO Video Translation object-group protocol DM_INLINE_PROTOCOL_1 protocol-object udp protocol-object tcp object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_9 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_2 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_3 protocol-object udp protocol-object tcp object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq https port-object eq domain object-group protocol DM_INLINE_PROTOCOL_4 protocol-object udp protocol-object tcp object-group service DM_INLINE_TCP_2 tcp port-object eq www port-object eq https object-group protocol DM_INLINE_PROTOCOL_5 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_6 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_7 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_8 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_10 protocol-object udp protocol-object tcp object-group network DM_INLINE_NETWORK_1 network-object object ns1-in-ip network-object object MailServer1-in-ip object-group protocol DM_INLINE_PROTOCOL_11 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_12 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_13 protocol-object udp protocol-object tcp object-group service AKKO-Finansy tcp description AKKO Years Ports port-object range 2008 2015 object-group service AKKO-Planirovanie tcp description AKKO-Planirovanie Service port-object eq 20099 object-group service DM_INLINE_TCP_4 tcp port-object eq www port-object eq https object-group user DM_INLINE_USER_1 user DOMAIN1\akhtyamov user DOMAIN1\povyshev user DOMAIN1\levinskiy user DOMAIN1\bazhenov object-group network DM_INLINE_NETWORK_2 network-object object ns1-in-ip network-object object MailServer1-in-ip object-group network Blat_Users description Blatnie network-object object ar-lkv network-object object ks-lmn network-object object Pshenicin network-object object ar-bvl network-object object ar-mob network-object object ar-shes network-object object ar-vsa network-object object ks-kum object-group service Continent service-object object ContinentSED-UFK_1 service-object object ContinentSED-UFK_2 service-object object Continent4433 service-object object Continent7500 object-group service DM_INLINE_SERVICE_4 service-object tcp destination eq smtp service-object tcp-udp destination eq domain object-group service DM_INLINE_TCP_7 tcp port-object eq https port-object eq smtp port-object eq imap4 port-object eq pop3 object-group service DM_INLINE_SERVICE_6 service-object tcp-udp destination eq domain service-object tcp destination eq ftp service-object tcp destination eq www service-object tcp destination eq https object-group network DM_INLINE_NETWORK_3 network-object object sp-adm network-object object sp-paa object-group network DM_INLINE_NETWORK_4 network-object object ar-lkv network-object object Pshenicin network-object object Pshenicin2 network-object object Kostuk_temp-IP network-object object ar-cdn network-object object ar-bvl object-group service DM_INLINE_TCP_8 tcp port-object eq www port-object eq https object-group network DNS-Servers network-object object domen1-ns-in-ip network-object object domen2-ns-in-ip network-object object domen3-ns-in-ip network-object object domen_old-ns-in-ip network-object object domen_old1-ns-in-ip object-group service DM_INLINE_SERVICE_1 service-object icmp service-object tcp-udp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object object Nalog-EGRUL service-object tcp destination eq aol service-object tcp destination eq smtp service-object object RDP3333 service-object object ZSOTranslation service-object object Control group-object Continent service-object object VipNet object-group service DM_INLINE_SERVICE_3 service-object object imapSec service-object object pop3-sec service-object tcp destination eq imap4 service-object tcp destination eq pop3 service-object tcp destination eq smtp service-object tcp destination eq https object-group service DM_INLINE_SERVICE_7 service-object icmp service-object object Nalog-EGRUL service-object tcp-udp destination eq domain service-object tcp destination eq aol service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object tcp destination eq www service-object tcp destination eq https object-group protocol DM_INLINE_PROTOCOL_14 protocol-object icmp protocol-object icmp6 object-group protocol DM_INLINE_PROTOCOL_15 protocol-object udp protocol-object tcp object-group service DM_INLINE_SERVICE_9 service-object tcp-udp destination eq domain service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_TCP_5 tcp port-object eq www port-object eq https object-group service High_Level_Users description High Level Users group-object Continent service-object object Control service-object object Nalog-EGRUL service-object tcp destination eq www service-object tcp destination eq https service-object object RDP3333 service-object object RDP3389 service-object object ZSOTranslation service-object tcp destination eq ftp service-object tcp destination eq ftp-data object-group service DM_INLINE_TCP_6 tcp port-object eq www port-object eq https object-group service DM_INLINE_TCP_9 tcp port-object eq www port-object eq https object-group network gmail network-object object gmail1 network-object object gmail5 network-object object gmail6 network-object object gmail2 network-object object gmail3 network-object object gmail7 network-object object gmail8 network-object object gmail9 network-object object gmail10 network-object object gmail11 network-object object gmail12 network-object object gmail14 network-object object gmail4 network-object object gmail15 network-object object gmail13 network-object object gmail16 network-object object gmail17 network-object object gmail18 network-object object gmail19 network-object object gmail20 object-group service DM_INLINE_SERVICE_5 service-object object AKKO-Analyz-storage service-object tcp destination eq https object-group service DM_INLINE_TCP_11 tcp port-object eq www port-object eq https object-group network DM_INLINE_NETWORK_5 network-object object sp-adm network-object object sp-paa object-group service DM_INLINE_TCP_3 tcp port-object eq https port-object eq imap4 port-object eq pop3 port-object eq smtp object-group service DM_INLINE_TCP_10 tcp port-object eq www port-object eq https object-group network DM_INLINE_NETWORK_7 network-object object ar-bvl network-object object ar-cme network-object object ar-shes network-object object ar-vsa network-object object sp-adm network-object object sp-paa network-object object ar-cdn network-object object ar-lkv network-object object ar-lkv1 network-object object ar-mob network-object object ar-kna network-object object ar-kti access-list global_access remark From Any Allow ICMP access-list global_access extended permit icmp any any log warnings access-list global_access extended permit object-group DM_INLINE_PROTOCOL_14 any any access-list E0.2_access_in remark Disable Gmail access-list E0.2_access_in extended deny tcp any object-group gmail object-group DM_INLINE_TCP_11 log warnings access-list E0.2_access_in remark From MailServer to Inet access-list E0.2_access_in extended permit object-group DM_INLINE_SERVICE_3 object MailServer1-in-ip any log warnings inactive access-list E0.2_access_in remark from LAN to CertA access-list E0.2_access_in extended permit tcp 10.0.0.0 255.255.252.0 object CA--LANIP object-group DM_INLINE_TCP_4 log warnings access-list E0.2_access_in remark Inet For 523 kab. access-list E0.2_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_4 any log access-list E0.2_access_in remark From SED-UFK to Inet access-list E0.2_access_in extended permit object-group Continent object SED-UFK any log access-list E0.2_access_in remark From Garant to Inet access-list E0.2_access_in extended permit tcp object Garant any eq www log warnings access-list E0.2_access_in extended permit object-group DM_INLINE_SERVICE_1 object TempRouter any log warnings access-list E0.2_access_in extended permit object-group DM_INLINE_SERVICE_7 object TempRouter2 any log warnings access-list E0.2_access_in extended permit ip interface LAN2 any access-list E0.2_access_in extended permit ip any object APKH_Continent-in-ip inactive access-list outside_access_in remark From Inet to NS1 access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any object ns1-in-ip eq domain access-list outside_access_in remark From Inet to CertA access-list outside_access_in extended permit tcp any object CA--LANIP object-group DM_INLINE_TCP_1 access-list outside_access_in_1 remark From Inet to NS1 access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any object ns1-in-ip eq domain log access-list outside_access_in_1 remark From Inet to CA access-list outside_access_in_1 extended permit tcp any object CA--LANIP object-group DM_INLINE_TCP_2 log access-list outside_access_in_1 remark from Inet to AKKO-Finansy access-list outside_access_in_1 extended permit tcp any object AKKO-in-ip object-group AKKO-Finansy log access-list outside_access_in_1 remark from Inet to AKKO-Finansy access-list outside_access_in_1 extended permit object AKKO20015 any object AKKO-in-ip log inactive access-list outside_access_in_1 remark from Inet to AKKO-Planirovanie access-list outside_access_in_1 extended permit tcp any object Plan-in-ip object-group AKKO-Planirovanie log access-list outside_access_in_1 remark from Inet to SKIF access-list outside_access_in_1 extended permit tcp any object SKIF-in-ip object-group DM_INLINE_TCP_6 log access-list outside_access_in_1 remark from Inet to AKKO-Analyz access-list outside_access_in_1 extended permit object-group DM_INLINE_SERVICE_5 any object Analyz-in-ip log access-list outside_access_in_1 remark from Inet to WebPortalSKIF access-list outside_access_in_1 extended permit tcp any object WebPortalSKIF-in-ip eq www log access-list outside_access_in_1 remark from Inet to AKKO WEB access-list outside_access_in_1 extended permit tcp any object PBS-in-ip eq https log access-list outside_access_in_1 remark from Inet to MailServer access-list outside_access_in_1 extended permit tcp any object MailServer1-in-ip object-group DM_INLINE_TCP_7 log access-list outside_access_in_1 remark From Inet to APKH_Continent access-list outside_access_in_1 extended permit object-group Continent any object APKH_Continent-in-ip log access-list outside_access_in_1 remark from Inet to Monitoring-Mininform access-list outside_access_in_1 extended permit tcp any object Monitoring-Mininform-in-ip object-group DM_INLINE_TCP_10 log access-list CertA_access_in remark CA to MailServer access-list CertA_access_in extended permit object-group DM_INLINE_SERVICE_4 object CA--LANIP object-group DM_INLINE_NETWORK_1 log warnings access-list CertA_access_in remark CA to MailServer access-list CertA_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object CA--LANIP any log warnings inactive access-list CertA_access_in extended permit ip object CA--LANIP any inactive access-list NetKS_access_in remark from Inet to MailServer access-list NetKS_access_in extended permit tcp any object MailServer1-in-ip object-group DM_INLINE_TCP_3 log inactive access-list NetKS_access_in extended permit ip any any access-list NetKS_access_in extended permit ip object-group DM_INLINE_NETWORK_5 any access-list Temp__WIFI_access_in extended permit ip any any log warnings access-list outsideCTK_access_in remark From Inet to NS2 access-list outsideCTK_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any object ns2-in-ip eq domain log warnings access-list LAN2_access_in remark Disable Gmail access-list LAN2_access_in extended deny tcp any object-group gmail object-group DM_INLINE_TCP_9 log warnings access-list LAN2_access_in extended permit ip object-group DM_INLINE_NETWORK_7 any access-list LAN2_access_in extended permit ip object-group-user DM_INLINE_USER_1 any any log warnings access-list LAN2_access_in remark From NS1 to Inet access-list LAN2_access_in extended permit object-group DM_INLINE_SERVICE_9 object ns1-in-ip any log warnings access-list LAN2_access_in remark From LAN2 to CA access-list LAN2_access_in extended permit tcp 10.10.0.0 255.255.248.0 object CA object-group DM_INLINE_TCP_5 log warnings access-list LAN2_access_in remark High Level Users access-list LAN2_access_in extended permit ip object-group Blat_Users any log warnings access-list LAN2_access_in extended permit ip any interface E0.2 log warnings access-list LAN2_access_in remark From NS2 to Inet access-list LAN2_access_in extended permit ip object ns2-in-ip any log warnings access-list LAN2_access_in extended permit ip user DOMAIN1\trudneva.yu.i any object ZSO_Video access-list gorodtelecom_access_in remark From Inet to NS2 access-list gorodtelecom_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any object ns2-in-ip eq domain access-list gorodtelecom_access_in remark from Inet to AKKO-Finansy access-list gorodtelecom_access_in extended permit tcp any object AKKO1-in-ip eq https log pager lines 24 logging enable logging timestamp logging emblem logging asdm-buffer-size 256 logging monitor warnings logging buffered debugging logging trap debugging logging asdm debugging logging mail warnings logging queue 2048 logging device-id context-name logging host LAN2 10.10.3.4 6/1470 logging permit-hostdown mtu outside 1500 mtu NetKS 1500 mtu CertA 1500 mtu gorodtelecom 1500 mtu LAN2 1500 mtu Temp__WIFI 1500 mtu E0.2 1500 mtu E1.2 1500 icmp unreachable rate-limit 100 burst-size 10 asdm history enable arp timeout 14400 nat (outside,LAN2) source static any any destination static PBS-ex-ip PBS-in-ip description from Inet to AKKO WEB nat (E0.2,outside) source static TempRouter MailServer-ex-ip unidirectional description From MailServer to Any nat (E0.2,outside) source dynamic any interface description From LAN to outside nat (E0.2,NetKS) source dynamic any interface description From LAN to NetKS nat (LAN2,NetKS) source dynamic any interface description From LAN2 to NetKS nat (LAN2,outside) source dynamic any interface description From LAN2 to outside nat (LAN2,E0.2) source dynamic any interface description From LAN2 to E0.1 (From New Net to Old Net 10.0) nat (outside,CertA) source static any interface destination static ca-ex-ip CA--LANIP description From Inet to CA nat (Temp__WIFI,outside) source dynamic any interface description Wi-Fi nat (CertA,E0.2) source dynamic CA--LANIP interface destination static LAN DM_INLINE_NETWORK_2 description From CA to LAN nat (E0.2,CertA) source dynamic any interface description From LAN to CA nat (gorodtelecom,E0.2) source static any interface destination static temp PBS-in-ip description from Inet to AKKO-Finansy nat (outside,E0.2) source static any any destination static AKKO-ex-ip AKKO-in-ip description from Inet to AKKO-Finansy nat (outside,E0.2) source static any interface destination static AKKO1-ex-ip AKKO1-in-ip description from Inet to AKKO1-Finansy nat (outside,E0.2) source static any any destination static Plan-ex-ip Plan-in-ip description from Inet to AKKO-Planirovanie nat (outside,E0.2) source static any any destination static Analyz-ex-ip Analyz-in-ip description from Inet to Analyz nat (outside,E0.2) source static any any destination static AKKO-Analyz-storage-ex-ip AKKO-Analyz-storage-in-ip description from Inet to AKKO-Analyz-storage nat (outside,E0.2) source static any interface destination static SKIF-ex-ip SKIF-in-ip description from Inet to SKIF nat (outside,E0.2) source static any interface destination static Exchange-ex-ip Exchange-in-ip description from Inet to Exchange nat (outside,E0.2) source static any interface destination static WebPortalSKIF-ex-ip WebPortalSKIF-in-ip description from Inet to WebPortalSKIF nat (outside,E0.2) source static any any destination static MailServer-ex-ip MailServer1-in-ip description from Inet to MailServer nat (NetKS,E0.2) source static any any destination static MailServer-ex-ip-NetKS MailServer1-in-ip inactive description from NetKS Inet to MailServer nat (outside,LAN2) source static any any destination static ns1-ex-ip ns1-in-ip description from Inet to NS1 Server nat (gorodtelecom,LAN2) source static any any destination static ns2-ex-ip ns2-in-ip description from Inet to NS2 Server nat (outside,E0.2) source static any interface destination static APKH_Continent-ex-ip APKH_Continent-in-ip description from Inet to APKH_Continent Server nat (outside,LAN2) source static any any destination static Monitoring-Mininform-ex-ip Monitoring-Mininform-in-ip unidirectional description from Inet to Monitoring-Mininform access-group outside_access_in_1 in interface outside access-group NetKS_access_in in interface NetKS access-group CertA_access_in in interface CertA access-group gorodtelecom_access_in in interface gorodtelecom access-group LAN2_access_in in interface LAN2 access-group Temp__WIFI_access_in in interface Temp__WIFI access-group E0.2_access_in in interface E0.2 access-group global_access global route outside 0.0.0.0 0.0.0.0 111.222.11.221 6 route NetKS 0.0.0.0 0.0.0.0 10.2.2.2 7 route NetKS 10.0.1.0 255.255.255.192 10.2.2.2 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 aaa-server DOMAIN1_LDAP protocol ldap max-failed-attempts 2 aaa-server DOMAIN1_LDAP (LAN2) host 10.10.2.1 timeout 5 ldap-base-dn dc=DOMAIN1,dc=local ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn cn=cisco-asa-ldap,ou=cisco,ou=services,dc=DOMAIN1,dc=local server-type microsoft aaa-server DOMAIN1_LDAP (LAN2) host 10.10.2.2 timeout 5 ldap-base-dn dc=DOMAIN1,dc=local ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn cn=cisco-asa-ldap,ou=cisco,ou=services,dc=DOMAIN1,dc=local server-type microsoft aaa-server DOMAIN1_LDAP (LAN2) host 10.10.2.3 timeout 5 ldap-base-dn dc=DOMAIN1,dc=local ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn cn=cisco-asa-ldap,ou=cisco,ou=services,dc=DOMAIN1,dc=local server-type microsoft aaa-server ADAgent protocol radius ad-agent-mode reactivation-mode timed max-failed-attempts 5 aaa-server ADAgent (LAN2) host 10.10.2.255 retry-interval 5 key ***** acl-netmask-convert auto-detect user-identity domain DOMAIN1 aaa-server DOMAIN1_LDAP user-identity default-domain DOMAIN1 user-identity action netbios-response-fail remove-user-ip user-identity inactive-user-timer minutes 1440 user-identity logout-probe netbios local-system probe-time minutes 5 retry-interval seconds 10 retry-count 3 user-not-needed user-identity poll-import-user-group-timer hours 16 user-identity ad-agent active-user-database on-demand user-identity ad-agent aaa-server ADAgent no snmp-server location no snmp-server contact fragment size 400 outside fragment chain 64 outside fragment timeout 10 outside fragment size 400 E0.2 fragment chain 64 E0.2 fragment timeout 10 E0.2 sysopt connection timewait sysopt noproxyarp outside sysopt noproxyarp NetKS sysopt noproxyarp CertA sysopt noproxyarp gorodtelecom sysopt noproxyarp Temp__WIFI sysopt noproxyarp E1.2 telnet timeout 5 ssh timeout 5 ssh key-exchange group dh-group1-sha1 no threat-detection statistics tcp-intercept ! class-map type inspect http match-all gmail-deny match request uri regex google-deny-regular ! ! policy-map type inspect esmtp mail.DOMAIN1.ru parameters no mask-banner match MIME filename length gt 255 log match cmd line length gt 512 log match cmd RCPT count gt 100 log match body line length gt 998 log match sender-address regex SMTP_.com_Allow1 log match sender-address regex SMTP_.com_Allow log match sender-address length gt 320 log match sender-address regex SMTP_.com_Deny drop-connection log policy-map global-policy class class-default user-statistics accounting policy-map LAN2-policy policy-map type inspect http Google-deny-Map parameters body-match-maximum 255 protocol-violation action log match request uri regex google-deny-regular drop-connection log ! service-policy global-policy global Cryptochecksum:a221fd74f2b9668251690967d80f5a74 : end
- Cisco ASA 5585-X SSP40: Потери пакетов, anonymous, 15:51 , 12-Мрт-15 (2)
asdm -> Tools -> Packet Tracer
- Cisco ASA 5585-X SSP40: Потери пакетов, anonymous, 15:53 , 12-Мрт-15 (3)
А может быть всё банально, расхождение по скорости или дуплексу где-то в сети.
- Cisco ASA 5585-X SSP40: Потери пакетов, NorN, 15:55 , 12-Мрт-15 (4)
> asdm -> Tools -> Packet Tracer всё ок, Packet Tracer красиво пропускает. > А может быть всё банально, расхождение по скорости или дуплексу где-то в > сети. а разве дуплекс может быть причиной? все интерфейсы AUTO, и 1GB и более, их загрузка ничтожна мала.
- Cisco ASA 5585-X SSP40: Потери пакетов, anonymous, 16:01 , 12-Мрт-15 (5)
auto - просто параметр, не факт что везде 1гб фулл-дуплекс Советую проверить интерфейсы на ошибки и сверить скорость-дуплекс на сопряжённых устройствах
- Cisco ASA 5585-X SSP40: Потери пакетов, Денис, 19:08 , 12-Мрт-15 (6)
В подсети клиентов точно нет ещё одного 10.0.0.10 ? Проблема с 1 станцией ? Попробуйте задать статично ARP-запись шлюза на проблемном клиенте и запустите ping. L2-петель в сегменте клиентов нет ?
- Cisco ASA 5585-X SSP40: Потери пакетов, NorN, 07:12 , 07-Апр-15 (8)
> В подсети клиентов точно нет ещё одного 10.0.0.10 ? Проблема с 1 > станцией ? Попробуйте задать статично ARP-запись шлюза на проблемном клиенте и > запустите ping. L2-петель в сегменте клиентов нет ?Ещё одного хоста с 10.0.0.10 нет. Проблема потерь с несколькими однотипными серверами. Задать статично ARP-запись шлюза попробую, но очень сомневаюсь.
- Cisco ASA 5585-X SSP40: Потери пакетов, NorN, 07:11 , 07-Апр-15 (7)
> auto - просто параметр, не факт что везде 1гб фулл-дуплекс > Советую проверить интерфейсы на ошибки и сверить скорость-дуплекс на сопряжённых устройствах Я очень доверяю канальному уровню Cisco Nexus и Cisco ASA, проблема вряд ли в этом, но посмотрю.
- Cisco ASA 5585-X SSP40: Потери пакетов, Serb, 01:23 , 09-Апр-15 (9)
>> auto - просто параметр, не факт что везде 1гб фулл-дуплекс >> Советую проверить интерфейсы на ошибки и сверить скорость-дуплекс на сопряжённых устройствах > Я очень доверяю канальному уровню Cisco Nexus и Cisco ASA, проблема вряд > ли в этом, но посмотрю.Как ASA подключена к nexus ?
|