Skip to content

Instantly share code, notes, and snippets.

@Phelms215

Phelms215/Cisco Config

Created December 9, 2014 16:30
Show Gist options
  • Save Phelms215/a88bc1cea3cf06209317 to your computer and use it in GitHub Desktop.
Save Phelms215/a88bc1cea3cf06209317 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Cisco Config
access-list INSIDE_OUT extended permit ip host 108.166.49.0 any
access-list L2L_Systems3000 extended permit ip host 24.104.40.242 host 108.166.49.0
crypto map OUTSIDE_map 10 match address L2L_Systems3000
crypto map OUTSIDE_map 10 set pfs
crypto map OUTSIDE_map 10 set peer 184.106.122.9
crypto map OUTSIDE_map 10 set ikev1 transform-set Systems3000
packet-tracer input INSIDE icmp 10.20.10.33 0 0 108.166.49.0 detailed
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 OUTSIDE
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group INSIDE_OUT in interface INSIDE
access-list INSIDE_OUT extended permit object-group DM_INLINE_SERVICE_4 any4 any4
object-group service DM_INLINE_SERVICE_4
service-object icmp
service-object icmp echo-reply
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffe56656b20, priority=13, domain=permit, deny=false
hits=286241, user_data=0x7ffe4d5e1240, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=0, dscp=0x0
input_ifc=INSIDE, output_ifc=any
Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
object network obj_any
nat (INSIDE,OUTSIDE) dynamic interface
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffe5662bc30, priority=6, domain=nat, deny=false
hits=309780402, user_data=0x7ffe56629cc0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=INSIDE, output_ifc=OUTSIDE
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffe55746b10, priority=0, domain=nat-per-session, deny=true
hits=79212388, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffe5649dc20, priority=0, domain=inspect-ip-options, deny=true
hits=314047134, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=INSIDE, output_ifc=any
Result:
input-interface: INSIDE
input-status: up
input-line-status: up
output-interface: OUTSIDE
output-status: up
output-line-status: up
Action: drop
Drop-reason: (nat-xlate-failed) NAT failed
packet-tracer input inSIDE tcp 10.20.10.33 3389 108.166.49.0 3389 detailed
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 OUTSIDE
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group INSIDE_OUT in interface INSIDE
access-list INSIDE_OUT extended permit ip any host 108.166.49.0
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffe5a684150, priority=13, domain=permit, deny=false
hits=7, user_data=0x7ffe4d5e2fc0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=108.166.49.0, mask=255.255.255.255, port=0, tag=0, dscp=0x0
input_ifc=INSIDE, output_ifc=any
Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
object network obj_any
nat (INSIDE,OUTSIDE) dynamic interface
Additional Information:
Dynamic translate 10.20.10.33/3389 to PRIMARY_OUTSIDE/3389
Forward Flow based lookup yields rule:
in id=0x7ffe5662bc30, priority=6, domain=nat, deny=false
hits=309784522, user_data=0x7ffe56629cc0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=INSIDE, output_ifc=OUTSIDE
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffe56049f60, priority=1, domain=nat-per-session, deny=true
hits=455313107, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffe5649dc20, priority=0, domain=inspect-ip-options, deny=true
hits=314051263, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=INSIDE, output_ifc=any
Phase: 6
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0x7ffe566924b0, priority=70, domain=encrypt, deny=false
hits=105, user_data=0x88320c, cs_id=0x7ffe579b70a0, reverse, flags=0x0, protocol=0
src ip/id=PRIMARY_OUTSIDE, mask=255.255.255.255, port=0, tag=0
dst ip/id=108.166.49.0, mask=255.255.255.255, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=OUTSIDE
Phase: 7
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0x7ffe59e4f9d0, priority=70, domain=ipsec-tunnel-flow, deny=false
hits=103, user_data=0x885804, cs_id=0x7ffe579b70a0, reverse, flags=0x0, protocol=0
src ip/id=108.166.49.0, mask=255.255.255.255, port=0, tag=0
dst ip/id=PRIMARY_OUTSIDE, mask=255.255.255.255, port=0, tag=0, dscp=0x0
input_ifc=OUTSIDE, output_ifc=any
Phase: 8
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0x7ffe56049f60, priority=1, domain=nat-per-session, deny=true
hits=455313109, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 9
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0x7ffe5640a960, priority=0, domain=inspect-ip-options, deny=true
hits=295605596, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=OUTSIDE, output_ifc=any
Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 289359265, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_encrypt
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_ipsec_tunnel_flow
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: INSIDE
input-status: up
input-line-status: up
output-interface: OUTSIDE
output-status: up
output-line-status: up
Action: allow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment