World of IP: Cisco PIX 515 v 7.21

: Written by enable_15 at 19:47:59.450 UTC Wed Dec 23 2009
!
PIX Version 7.2(1)
!
hostname PIX515
enable password 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0
speed 100
duplex half
nameif outside_E0
security-level 0
ip address 40.250.0.253 255.255.255.252
!
interface Ethernet1
speed 100
duplex half
nameif inside_E1
security-level 100
ip address 192.168.100.245 255.255.255.0
!
interface Ethernet2
speed 100
duplex full
shutdown
nameif dmzside_E2
security-level 10
ip address 40.250.0.126 255.255.255.192
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list inbound extended permit esp any host 40.250.0.2
access-list inbound extended permit udp any gt 1023 host 40.250.0.2 eq 10000
access-list inbound extended permit udp any host 40.250.0.2 eq isakmp
access-list inbound extended permit icmp any host 40.250.0.2 echo
access-list inbound extended permit esp any host 40.250.0.1
access-list inbound extended permit udp any gt 1023 host 40.250.0.1 eq 10000
access-list inbound extended permit udp any host 40.250.0.1 eq isakmp
access-list inbound extended permit tcp host 40.6.0.101 gt 1023 host 40.250.0.16 eq ftp
access-list inbound extended permit tcp host 40.6.0.101 gt 1023 host 40.250.0.16 eq ftp-data
access-list inbound extended permit tcp host 211.6.90.78 gt 1023 host 40.250.0.16 eq ftp
access-list inbound extended permit tcp host 211.6.90.78 gt 1023 host 40.250.0.16 eq ftp-data
access-list inbound extended permit udp host 137.132.19.118 any
access-list inbound extended permit icmp any any echo
access-list inbound extended permit icmp any any echo-reply
access-list inbound extended permit icmp any any time-exceeded
access-list inbound extended permit icmp any any unreachable
access-list inbound extended permit icmp any 40.250.0.0 255.255.255.0 echo-reply
access-list inbound extended permit icmp any 40.250.0.0 255.255.255.0 time-exceeded
access-list inbound extended permit icmp any host 40.250.0.1 echo
access-list inbound extended permit icmp any host 40.250.0.58 echo
access-list inbound extended permit icmp host 40.191.23.50 any echo-reply
access-list inbound extended permit icmp host 40.191.23.50 any time-exceeded
access-list inbound extended permit icmp host 40.191.23.50 any echo
access-list inbound extended permit udp host 40.250.0.254 gt 1023 40.0.0.0 255.0.0.0 gt 1023
access-list inbound extended permit udp host 40.250.0.254 gt 1023 40.0.0.0 255.0.0.0 eq tftp
access-list inbound extended permit udp host 40.250.0.254 gt 1023 40.0.0.0 255.0.0.0 gt snmptrap
access-list inbound extended permit udp host 40.250.0.254 host 40.33.1.1 eq ntp
access-list inbound extended permit udp host 40.250.0.254 host 40.191.33.38 eq tacacs
access-list inbound extended permit tcp host 40.250.0.254 host 40.191.33.38 eq tacacs
access-list inbound extended deny ip any any
access-list outbound extended permit tcp host 40.250.0.8 gt 1023 any
access-list outbound extended permit tcp host 40.250.0.9 gt 1023 any
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 62.200.87.109 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 203.127.221.98 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.191.23.50 gt 1023 host 141.161.237.109 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 62.200.87.109 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 203.127.221.98 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 141.161.237.109 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 62.200.87.109 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 203.127.221.98 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 gt 1023 host 141.161.237.109 eq ftp
access-list outbound extended permit tcp host 40.191.15.30 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.191.15.30 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.191.15.30 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp host 40.191.15.30 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.191.15.30 gt 1023 host 62.200.87.109 eq ftp
access-list outbound extended permit tcp host 40.191.15.30 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.191.15.30 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 62.200.87.109 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.191.15.31 gt 1023 host 40.6.0.101 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 62.200.87.109 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 gt 1023 host 40.6.0.101 eq ftp
access-list outbound extended permit tcp host 40.191.23.55 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.191.23.55 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.191.23.55 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp host 40.191.23.55 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.191.23.55 gt 1023 host 62.200.87.109 eq ftp
access-list outbound extended permit tcp host 40.191.23.55 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.191.23.55 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.250.0.58 gt 1023 host 130.14.29.30 eq ftp
access-list outbound extended permit tcp host 40.250.0.58 gt 1023 host 193.62.196.103 eq ftp
access-list outbound extended permit tcp host 40.250.0.58 gt 1023 host 129.43.52.53 eq ftp
access-list outbound extended permit tcp host 40.250.0.58 gt 1023 host 64.246.89.233 eq ftp
access-list outbound extended permit tcp host 40.250.0.58 gt 1023 host 133.103.100.173 eq ftp
access-list outbound extended permit tcp host 40.250.0.58 gt 1023 host 141.161.237.109 eq ftp
access-list outbound extended permit tcp host 40.250.0.58 gt 1023 host 137.132.19.118 eq ftp
access-list outbound extended permit tcp 40.0.0.0 255.0.0.0 gt 1023 40.0.0.0 255.0.0.0 eq tacacs
access-list outbound extended permit udp 40.0.0.0 255.0.0.0 gt 1023 40.0.0.0 255.0.0.0 eq tacacs
access-list outbound extended permit udp 40.250.0.0 255.255.255.0 any eq domain
access-list outbound extended permit esp host 40.250.0.1 any
access-list outbound extended permit udp host 40.250.0.1 any eq isakmp
access-list outbound extended permit esp host 40.250.0.2 any
access-list outbound extended permit udp host 40.250.0.2 any eq isakmp
access-list outbound extended permit icmp 40.250.0.0 255.255.255.0 any echo
access-list outbound extended permit icmp any host 40.191.23.50 echo-reply
access-list outbound extended permit icmp any host 40.191.23.50 time-exceeded
access-list outbound extended permit icmp any host 40.191.23.50 echo
access-list outbound extended permit icmp any any
access-list outbound extended permit tcp 40.0.0.0 255.0.0.0 gt 1023 40.250.0.0 255.255.255.0 eq telnet
access-list outbound extended permit tcp 40.0.0.0 255.0.0.0 gt 1023 40.250.0.0 255.255.255.0 eq www
access-list outbound extended permit udp 40.0.0.0 255.0.0.0 gt 1023 40.250.0.0 255.255.255.0 eq snmp
access-list outbound extended permit udp 40.0.0.0 255.0.0.0 gt 1023 40.250.0.0 255.255.255.0 eq tftp
access-list outbound extended permit udp 40.0.0.0 255.0.0.0 gt 1023 40.250.0.0 255.255.255.0 gt 1023
access-list outbound extended permit icmp 40.0.0.0 255.0.0.0 40.0.0.0 255.0.0.0
access-list outbound extended permit tcp host 40.250.0.11 gt 1023 any
access-list outbound extended permit ip host 40.250.0.57 any
access-list outbound extended permit tcp host 40.191.12.71 gt 1023 host 192.18.108.40 eq ftp
access-list outbound extended permit tcp host 40.191.12.71 gt 1023 host 171.65.76.47 eq ftp
access-list outbound extended permit tcp host 40.191.23.22 host 193.62.203.38 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 host 193.62.203.38 eq ftp
access-list outbound extended permit tcp host 40.191.23.12 host 193.62.203.38 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 192.18.108.40 eq ftp
access-list outbound extended permit tcp host 40.191.23.21 gt 1023 host 171.65.76.47 eq ftp
access-list outbound extended permit ip host 40.250.0.7 any
access-list outbound extended deny ip any any
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap debugging
logging facility 23
logging host inside_E1 40.1.131.20
logging host inside_E1 40.191.33.39
mtu outside_E0 1500
mtu inside_E1 1500
mtu dmzside_E2 1500
no failover
asdm history enable
arp timeout 14400
nat-control
global (outside_E0) 1 40.250.0.12
nat (inside_E1) 1 40.191.15.30 255.255.255.255
nat (inside_E1) 1 40.191.15.31 255.255.255.255
nat (inside_E1) 1 40.191.23.12 255.255.255.255
nat (inside_E1) 1 40.191.23.21 255.255.255.255
nat (inside_E1) 1 40.191.23.22 255.255.255.255
nat (inside_E1) 1 40.191.23.50 255.255.255.255
nat (inside_E1) 1 40.191.23.55 255.255.255.255
static (inside_E1,outside_E0) 40.250.0.12 40.191.23.50 netmask 255.255.255.255
static (inside_E1,outside_E0) 40.250.0.13 40.191.23.21 netmask 255.255.255.255
static (inside_E1,outside_E0) 40.250.0.14 40.191.23.12 netmask 255.255.255.255
static (inside_E1,outside_E0) 40.250.0.15 40.191.15.30 netmask 255.255.255.255
static (inside_E1,outside_E0) 40.250.0.16 40.191.23.22 netmask 255.255.255.255
static (inside_E1,outside_E0) 40.250.0.17 40.191.15.31 netmask 255.255.255.255
static (inside_E1,outside_E0) 40.250.0.18 40.191.23.55 netmask 255.255.255.255
static (inside_E1,outside_E0) 40.128.0.0 40.128.0.0 netmask 255.192.0.0
static (inside_E1,outside_E0) 40.192.0.0 40.192.0.0 netmask 255.224.0.0
static (inside_E1,outside_E0) 40.224.0.0 40.224.0.0 netmask 255.240.0.0
static (inside_E1,outside_E0) 40.240.0.0 40.240.0.0 netmask 255.248.0.0
static (inside_E1,outside_E0) 40.0.0.0 40.0.0.0 netmask 255.0.0.0
access-group inbound in interface outside_E0
access-group outbound in interface inside_E1
route outside_E0 66.167.18.3 255.255.255.255 40.250.0.254 1
route outside_E0 40.250.24.1 255.255.255.255 40.250.0.254 1
route outside_E0 40.6.0.101 255.255.255.255 40.250.0.254 1
route outside_E0 0.0.0.0 0.0.0.0 40.250.0.254 1
route inside_E1 40.0.0.0 255.0.0.0 40.250.0.62 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ host 40.191.33.38
key lillyras
aaa-server TACACS+ host 40.191.33.39
key lillyras
aaa-server RADIUS protocol radius
username onetime password GcrCndGID10LKfmj encrypted
snmp-server host inside_E1 40.1.130.184 community olympic
snmp-server host inside_E1 40.1.130.39 community olympic
snmp-server host inside_E1 40.191.33.1 community olympic
snmp-server host inside_E1 40.192.5.227 community olympic
snmp-server location RSC, Singapore
snmp-server contact "RSC Helpdesk Hotline +65 6776 9330"
snmp-server community olympic
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
no sysopt connection permit-vpn
telnet 40.0.0.0 255.0.0.0 inside_E1
telnet timeout 15
ssh 40.191.32.75 255.255.255.255 inside_E1
ssh 40.191.32.75 255.255.255.255 dmzside_E2
ssh timeout 5
ssh version 1
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
tftp-server inside_E1 40.1.140.0 config/fSGsrscA.txt
prompt hostname context
Cryptochecksum:ac411e4c0dd29da166835b4d9530dac4
: end

World of IP

Search This Blog

Wednesday, January 6, 2010

Cisco PIX 515 v 7.21

No comments:

Post a Comment

Blog Archive

Total Pageviews

Labels

Followers

About Me

Labels