pomiedzy klientami anyconnect to samo.
Kod: Zaznacz cały
TEMP-ASA-FW01# packet-tracer input outside tcp 172.16.0.45 9999 172.16.0.$
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static NO_NAT NO_NAT
Additional Information:
NAT divert to egress interface inside
Untranslate 172.16.0.41/3389 to 172.16.0.41/3389
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group OUTSIDE-ACL in interface outside
access-list OUTSIDE-ACL extended permit ip 172.16.0.0 255.255.255.0 172.16.0.0 255.255.255.0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xae82ed50, priority=13, domain=permit, deny=false
hits=3, user_data=0xaa869c80, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=172.16.0.0, mask=255.255.255.0, port=0
dst ip/id=172.16.0.0, mask=255.255.255.0, port=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad774058, priority=0, domain=inspect-ip-options, deny=true
hits=2298652, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 4
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source static any any destination static NO_NAT NO_NAT
Additional Information:
Forward Flow based lookup yields rule:
out id=0xad7e74c0, priority=6, domain=nat-reverse, deny=false
hits=702712, user_data=0xad1b6528, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=172.16.0.0, mask=255.255.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=outside, output_ifc=inside
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xad798c48, priority=0, domain=inspect-ip-options, deny=true
hits=1590411, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=inside, output_ifc=any
Phase: 6
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 2324802, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow