API tools faq
paste
Advertisement
Guest User

Cisco internet pix

a guest
Aug 2nd, 2011
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.34 KB | None | 0 0
raw download clone embed print report
  1. :
  2. PIX Version 6.3(4)
  3. interface ethernet0 auto
  4. interface ethernet1 auto
  5. interface ethernet2 auto shutdown
  6. nameif ethernet0 outside security0
  7. nameif ethernet1 inside security100
  8. nameif ethernet2 intf2 security4
  9. enable password XXXXXXXXXXXXXXXXXXXX encrypted
  10. passwd XXXXXXXXXXXXXXXXXXX encrypted
  11. hostname WebbHousePix
  12. domain-name observerstd.com
  13. clock timezone BST 1
  14. fixup protocol dns maximum-length 512
  15. fixup protocol ftp 21
  16. no fixup protocol h323 h225 1720
  17. no fixup protocol h323 ras 1718-1719
  18. no fixup protocol http 80
  19. no fixup protocol rsh 514
  20. no fixup protocol rtsp 554
  21. no fixup protocol sip 5060
  22. no fixup protocol sip udp 5060
  23. no fixup protocol skinny 2000
  24. no fixup protocol sqlnet 1521
  25. no fixup protocol tftp 69
  26. names
  27. name 10.0.0.0 Internal_network
  28. name 10.0.0.121 Exchanger_Svr
  29. name 10.0.4.0 Stratford
  30. name 10.0.2.0 Bromsgrove
  31. name 10.0.1.0 Leamington
  32. object-group service Outbound_Internet tcp
  33. port-object eq www
  34. port-object eq ftp-data
  35. port-object eq domain
  36. port-object eq https
  37. port-object eq ftp
  38. port-object eq smtp
  39. port-object eq pop3
  40. object-group service DNS udp
  41. port-object eq domain
  42. object-group network Internal
  43. network-object Internal_network 255.255.255.0
  44. network-object Leamington 255.255.255.0
  45. network-object Bromsgrove 255.255.255.0
  46. network-object Stratford 255.255.255.0
  47. access-list inside_access_in permit icmp any any echo-reply
  48. access-list inside_access_in remark Allow outbound pings
  49. access-list inside_access_in remark Allow outbound DNS queries
  50. access-list inside_access_in permit ip Internal_network 255.255.255.0 any log
  51. access-list inside_access_in permit ip Leamington 255.255.255.0 any log
  52. access-list outside_access_in remark Allow ping response
  53. access-list outside_access_in permit icmp any any echo-reply
  54. access-list outside_access_in remark Allow traceroute response
  55. access-list outside_access_in permit icmp any any traceroute
  56. access-list outside_access_in permit ip 172.16.1.0 255.255.255.0 Internal_network 255.255.255.0
  57. access-list outside_access_in deny tcp interface outside eq pptp Internal_network 255.255.255.0
  58. access-list inside_outbound_nat0_acl permit ip Internal_network 255.255.255.0 172.16.1.0 255.255.255.0
  59. access-list inside_outbound_nat0_acl permit ip Internal_network 255.255.255.0 217.37.173.80 255.255.255.248
  60. pager lines 24
  61. logging on
  62. logging timestamp
  63. logging monitor debugging
  64. logging buffered debugging
  65. logging trap informational
  66. mtu outside 1500
  67. mtu inside 1500
  68. mtu intf2 1500
  69. ip address outside dhcp setroute retry 4
  70. ip address inside 10.0.0.6 255.255.255.0
  71. no ip address intf2
  72. ip verify reverse-path interface outside
  73. ip verify reverse-path interface inside
  74. ip audit info action alarm
  75. ip audit attack action alarm drop
  76. ip local pool pool1 172.16.1.1-172.16.1.254
  77. ip local pool pool2 192.168.55.1-192.168.55.2 mask 255.255.255.0
  78. pdm location Internal_network 255.255.255.0 outside
  79. pdm location Stratford 255.255.255.0 inside
  80. pdm location 82.47.103.xxx 255.255.255.255 outside
  81. pdm location Exchanger_Svr 255.255.255.255 inside
  82. pdm location 10.0.0.91 255.255.255.255 inside
  83. pdm location 172.16.1.0 255.255.255.0 outside
  84. pdm location 217.37.173.80 255.255.255.248 outside
  85. pdm location Bromsgrove 255.255.255.0 inside
  86. pdm location Leamington 255.255.255.0 inside
  87. pdm group Internal inside
  88. pdm logging debugging 100
  89. arp timeout 14400
  90. global (outside) 10 interface
  91. nat (inside) 0 access-list inside_outbound_nat0_acl
  92. nat (inside) 10 Internal_network 255.255.255.0 0 0
  93. nat (inside) 0 Leamington 255.255.255.0 0 0
  94. static (inside,outside) 80.194.82.63 Exchanger_Svr netmask 255.255.255.255 0 0
  95. access-group outside_access_in in interface outside
  96. access-group inside_access_in in interface inside
  97. route outside 0.0.0.0 0.0.0.0 82.47.103.209 1
  98. route inside Leamington 255.255.255.0 10.0.0.220 1
  99. route inside Bromsgrove 255.255.255.0 10.0.0.150 1
  100. route inside Stratford 255.255.255.0 10.0.0.150 1
  101. timeout xlate 3:00:00
  102. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  103. timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  104. timeout uauth 0:05:00 absolute
  105. aaa-server TACACS+ protocol tacacs+
  106. aaa-server TACACS+ max-failed-attempts 3
  107. aaa-server TACACS+ deadtime 10
  108. aaa-server RADIUS protocol radius
  109. aaa-server RADIUS max-failed-attempts 3
  110. aaa-server RADIUS deadtime 10
  111. aaa-server LOCAL protocol local
  112. aaa authentication serial console LOCAL
  113. aaa authentication ssh console LOCAL
  114. aaa authentication telnet console LOCAL
  115. aaa authorization command LOCAL
  116. ntp server 204.34.198.40 source outside
  117. http server enable
  118. http Internal_network 255.255.255.0 inside
  119. snmp-server host inside 10.0.0.91
  120. snmp-server location Webb House
  121. no snmp-server contact
  122. snmp-server community public
  123. snmp-server enable traps
  124. floodguard enable
  125. sysopt connection permit-ipsec
  126. crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  127. crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  128. crypto map outside_map 1 ipsec-isakmp
  129. crypto map outside_map 1 set pfs group5
  130. crypto map outside_map 1 set peer 217.34.251.222
  131. crypto map outside_map 1 set transform-set ESP-3DES-MD5
  132. ! Incomplete
  133. crypto map outside_map interface outside
  134. isakmp enable outside
  135. onfig-mode
  136. isakmp key ******** address 217.37.173.xxx netmask 255.255.255.255 no-xauth no-config-mode
  137. isakmp key ******** address 217.46.159.xxx netmask 255.255.255.255 no-xauth no-config-mode
  138. isakmp key ******** address 217.46.159.xxx netmask 255.255.255.255 no-xauth no-config-mode
  139. isakmp key ******** address 217.37.221.xxx netmask 255.255.255.255 no-xauth no-config-mode
  140. isakmp key ******** address 81.149.219.xxx netmask 255.255.255.255 no-xauth no-config-mode
  141. isakmp identity address
  142. isakmp nat-traversal 3600
  143. isakmp policy 40 authentication pre-share
  144. isakmp policy 40 encryption 3des
  145. isakmp policy 40 hash md5
  146. isakmp policy 40 group 5
  147. isakmp policy 40 lifetime 86400
  148. vpngroup Hometest address-pool pool1
  149. vpngroup Hometest dns-server 10.0.0.253
  150. vpngroup Hometest default-domain osndom.local
  151. vpngroup Hometest idle-time 1800
  152. vpngroup Hometest password ********
  153. vpngroup Home_Access dns-server 10.0.0.253
  154. vpngroup Home_Access default-domain osndom.local
  155. vpngroup Home_Access idle-time 1800
  156. vpngroup Home_Access password ********
  157. telnet Internal_network 255.255.255.0 inside
  158. telnet timeout 5
  159. ssh timeout 5
  160. management-access inside
  161. console timeout 0
  162. vpdn username brendan password *********
  163. dhcpd lease 3600
  164. dhcpd ping_timeout 750
  165. dhcpd auto_config outside
  166. ---REMOVED FOR SECURITY------
  167. privilege show level 0 command version
  168. privilege show level 0 command curpriv
  169. privilege show level 3 command pdm
  170. privilege show level 3 command blocks
  171. privilege show level 3 command ssh
  172. privilege configure level 3 command who
  173. privilege show level 3 command isakmp
  174. privilege show level 3 command ipsec
  175. privilege show level 3 command vpdn
  176. privilege show level 3 command local-host
  177. privilege show level 3 command interface
  178. privilege show level 3 command ip
  179. privilege configure level 3 command ping
  180. privilege show level 3 command uauth
  181. privilege configure level 5 mode enable command configure
  182. privilege show level 5 command running-config
  183. privilege show level 5 command privilege
  184. privilege show level 5 command clock
  185. privilege show level 5 command ntp
  186. privilege show level 5 mode configure command logging
  187. privilege show level 5 command fragment
  188. terminal width 80
  189. Cryptochecksum:XXXXXXXXXXXXXXXXXXX
  190. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!