API tools faq
paste
Guest User

Untitled

a guest
Mar 25th, 2018
573
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.97 KB | None | 0 0
raw download clone embed print report
  1. : Saved
  2. :
  3. PIX Version 6.3(5)
  4. interface ethernet0 100full
  5. interface ethernet1 auto
  6. interface ethernet2 auto
  7. interface ethernet3 auto
  8. interface ethernet4 auto shutdown
  9. interface ethernet5 auto shutdown
  10. nameif ethernet0 outside security0
  11. nameif ethernet1 inside security100
  12. nameif ethernet2 dmz1 security50
  13. nameif ethernet3 dmz2 security49
  14. nameif ethernet4 intf4 security20
  15. nameif ethernet5 fail security20
  16. enable password REDACTED encrypted
  17. passwd REDACTED encrypted
  18. hostname PixFirewall
  19. domain-name example.com
  20. clock timezone EST -5
  21. clock summer-time EDT recurring
  22. fixup protocol dns maximum-length 512
  23. fixup protocol ftp 21
  24. fixup protocol h323 h225 1720
  25. fixup protocol h323 ras 1718-1719
  26. fixup protocol http 80
  27. fixup protocol ils 389
  28. fixup protocol rsh 514
  29. fixup protocol rtsp 554
  30. fixup protocol sip 5060
  31. fixup protocol sip udp 5060
  32. fixup protocol skinny 2000
  33. no fixup protocol smtp 25
  34. fixup protocol sqlnet 1521
  35. fixup protocol tftp 69
  36. names
  37. object-group network deny-known-bad-ips
  38. network-object host A.B.C.D
  39. network-object host E.F.G.H
  40. ...
  41. object-group network spam-filter
  42. network-object I.J.K.L 255.255.240.0
  43. network-object M.N.O.P 255.255.224.0
  44. ...
  45. object-group network ipsoft
  46. network-object 192.168.12.23 255.255.255.255
  47. network-object 192.168.12.24 255.255.255.255
  48. object-group network catCLE
  49. network-object 10.2.12.17 255.255.255.255
  50. network-object 10.2.12.18 255.255.255.255
  51. object-group network CLE
  52. network-object 10.2.0.0 255.255.0.0
  53. network-object 166.8.136.0 255.255.255.0
  54. network-object 166.8.138.0 255.255.255.0
  55. object-group network cloud_app
  56. network-object Q.R.S.T 255.255.255.224
  57. network-object U.V.W.X 255.255.255.240
  58. ...
  59. object-group network ftp-server-access
  60. description ACL group for allowing access to certain services on the FTP server
  61. network-object host a.b.c.d
  62. network-object host e.f.g.h
  63. object-group network vendor-access
  64. description Access group to allow vendor access remotely
  65. network-object host i.j.k.l
  66. network-object host m.n.o.p
  67. object-group network ssh-access
  68. description Access group to allow SSH Access
  69. network-object host q.r.s.t
  70. network-object host u.v.w.x
  71. object-group network newerFTP-web-access
  72. description Access group to allow web access to newer FTP server
  73. network-object host 1.2.3.4
  74. object-group network RDP-access
  75. description "Network Group to allow RDP access to IT people"
  76. network-object host 2.3.4.5
  77. network-object host 3.4.5.6
  78. access-list inside-to-out permit tcp any any
  79. access-list inside-to-out permit udp any any
  80. access-list inside-to-out permit icmp any any echo
  81. access-list inside-to-out permit icmp any any echo-reply
  82. access-list outside-to-in permit tcp any host F.S.T.45 eq https
  83. access-list outside-to-in permit tcp any host F.S.T.46 eq www
  84. access-list outside-to-in permit tcp any host F.S.T.46 eq https
  85. access-list outside-to-in permit tcp any host F.S.T.48 eq https
  86. access-list outside-to-in permit tcp any host F.S.T.48 eq www
  87. access-list outside-to-in permit tcp any host F.S.T.51 eq www
  88. access-list outside-to-in permit tcp any host F.S.T.51 eq https
  89. access-list outside-to-in permit tcp any host F.S.T.47 eq https
  90. access-list outside-to-in permit tcp any host F.S.T.47 eq www
  91. access-list outside-to-in permit tcp any host F.S.T.44 eq www
  92. access-list outside-to-in permit tcp any host F.S.T.44 eq https
  93. access-list outside-to-in permit udp any host F.S.T.41 eq isakmp
  94. access-list outside-to-in permit esp any host F.S.T.41
  95. access-list outside-to-in permit tcp any host F.S.T.37 eq domain
  96. access-list outside-to-in permit udp any host F.S.T.37 eq domain
  97. access-list outside-to-in permit tcp any host F.S.T.40 eq domain
  98. access-list outside-to-in permit udp any host F.S.T.40 eq domain
  99. access-list outside-to-in permit tcp object-group spam-filter host F.S.T.40 eq smtp
  100. access-list outside-to-in permit tcp any host F.S.T.53 eq www
  101. access-list outside-to-in permit tcp any host F.S.T.53 eq https
  102. access-list outside-to-in permit tcp any host F.S.T.54 eq www
  103. access-list outside-to-in permit tcp any host F.S.T.54 eq https
  104. access-list outside-to-in permit tcp any host F.S.T.45 eq www
  105. access-list outside-to-in permit tcp host 20.18.19.22 host F.S.T.49 eq 445
  106. access-list outside-to-in permit tcp any host F.S.T.46 eq ftp
  107. access-list outside-to-in permit tcp any host F.S.T.55 eq https
  108. access-list outside-to-in permit tcp any host F.S.T.55 eq www
  109. access-list outside-to-in permit tcp any host F.S.T.42 eq www
  110. access-list outside-to-in permit udp any host F.S.T.41 eq 4500
  111. access-list outside-to-in permit tcp any host F.S.T.57 eq www
  112. access-list outside-to-in permit tcp any host F.S.T.53 eq 2052
  113. access-list outside-to-in permit tcp object-group cloud_app host F.S.T.40 eq smtp
  114. access-list outside-to-in permit tcp any host F.S.T.45 eq pop3
  115. access-list outside-to-in permit tcp any host F.S.T.59 eq ftp
  116. access-list outside-to-in permit icmp any any echo-reply
  117. access-list outside-to-in permit icmp any any echo
  118. access-list outside-to-in permit tcp any host F.S.T.59 range 38700 39699
  119. access-list outside-to-in permit icmp any any unreachable
  120. access-list outside-to-in permit icmp any any time-exceeded
  121. access-list outside-to-in permit tcp any host F.S.T.42 eq 8080
  122. access-list outside-to-in permit tcp object-group ftp-server-access host F.S.T.59 eq www
  123. access-list outside-to-in permit tcp any host F.S.T.53 range 28000 30000
  124. access-list outside-to-in permit tcp any host F.S.T.60 eq ftp
  125. access-list outside-to-in permit tcp any host F.S.T.60 range 38700 39699
  126. access-list outside-to-in permit tcp object-group vendor-access host F.S.T.61 eq ssh
  127. access-list outside-to-in permit tcp object-group ssh-access host F.S.T.39 eq ssh
  128. access-list outside-to-in permit tcp object-group newerFTP-web-access host F.S.T.60 eq www
  129. access-list outside-to-in permit tcp object-group RDP-access host F.S.T.62 eq 3389
  130. access-list outside-to-in permit tcp object-group ssh-access host F.S.T.36 eq ssh
  131. access-list outside-to-in permit tcp any host F.S.T.36 eq smtp
  132. access-list outside-to-in permit tcp any host F.S.T.36 eq www
  133. access-list outside-to-in permit tcp any host F.S.T.36 eq pop3
  134. access-list outside-to-in permit tcp any host F.S.T.36 eq imap4
  135. access-list outside-to-in permit tcp any host F.S.T.36 eq https
  136. access-list outside-to-in permit tcp any host F.S.T.36 eq 587
  137. access-list outside-to-in permit tcp any host F.S.T.36 eq 993
  138. access-list outside-to-in permit tcp any host F.S.T.36 eq 995
  139. access-list outside-to-in permit tcp any host F.S.T.42 eq https
  140. access-list outside-to-in permit tcp object-group ssh-access host F.S.T.43 eq ssh
  141. access-list outside-to-in permit tcp any host F.S.T.43 eq https
  142. access-list outside-to-in permit tcp any host F.S.T.43 eq 6876
  143. access-list outside-to-in permit tcp object-group ftp-server-access host F.S.T.59 eq https
  144. access-list outside-to-in permit tcp any host F.S.T.43 eq www
  145. access-list outside-to-in permit tcp any host F.S.T.57 eq https
  146. access-list dmz1fltr permit tcp host 192.168.8.25 host 10.2.12.12 eq 8009
  147. access-list dmz1fltr permit udp host 192.168.8.11 host 10.2.0.3 eq domain
  148. access-list dmz1fltr permit udp host 192.168.8.12 host 10.2.0.3 eq domain
  149. access-list dmz1fltr permit tcp host 192.168.8.11 host 10.2.8.5 eq 1433
  150. access-list dmz1fltr permit tcp host 192.168.8.12 host 10.2.8.5 eq 1433
  151. access-list dmz1fltr permit tcp host 192.168.8.11 host 10.2.12.12 eq 8009
  152. access-list dmz1fltr permit tcp host 192.168.8.12 host 10.2.12.12 eq 8009
  153. access-list dmz1fltr permit tcp host 192.168.8.5 any eq domain
  154. access-list dmz1fltr permit udp host 192.168.8.5 any eq domain
  155. access-list dmz1fltr permit tcp host 192.168.8.5 any eq smtp
  156. access-list dmz1fltr deny ip host 192.168.8.6 host 10.2.12.12
  157. access-list dmz1fltr deny ip host 192.168.8.6 host 10.2.4.2
  158. access-list dmz1fltr deny ip host 192.168.8.6 host 10.2.0.3
  159. access-list dmz1fltr deny ip host 192.168.8.6 host 10.2.8.5
  160. access-list dmz1fltr permit tcp host 192.168.8.6 any eq smtp
  161. access-list dmz1fltr permit tcp host 192.168.8.6 any eq domain
  162. access-list dmz1fltr permit udp host 192.168.8.6 any eq domain
  163. access-list dmz1fltr deny ip host 192.168.8.8 host 10.2.12.12
  164. access-list dmz1fltr deny ip host 192.168.8.8 host 10.2.4.2
  165. access-list dmz1fltr deny ip host 192.168.8.8 host 10.2.0.3
  166. access-list dmz1fltr deny ip host 192.168.8.8 host 10.2.8.5
  167. access-list dmz1fltr permit esp host 192.168.8.8 any
  168. access-list dmz1fltr permit udp host 192.168.8.8 any eq isakmp
  169. access-list dmz1fltr permit udp host 192.168.8.8 any eq 4500
  170. access-list dmz1fltr permit tcp host 192.168.8.5 any eq ftp
  171. access-list dmz1fltr permit tcp host 192.168.8.5 host 10.2.8.81 eq ftp
  172. access-list dmz1fltr permit udp host 192.168.8.53 host 10.2.0.3 eq domain
  173. access-list dmz1fltr permit udp host 192.168.8.60 host 10.2.0.3 eq domain
  174. access-list dmz1fltr permit udp host 192.168.8.60 host 10.2.8.7 eq domain
  175. access-list dmz1fltr permit tcp host 192.168.8.60 any
  176. access-list dmz1fltr permit tcp host 192.168.8.53 host 10.2.24.5 eq 2737
  177. access-list dmz1fltr permit tcp host 192.168.8.53 host 10.2.24.5 eq 2051
  178. access-list dmz1fltr permit udp host 192.168.8.53 host 10.2.24.5 eq 20000
  179. access-list dmz1fltr permit tcp host 192.168.8.53 host 10.2.24.5 eq 20000
  180. access-list dmz1fltr permit tcp host 192.168.8.4 host 10.2.8.81 eq ftp
  181. access-list dmz1fltr permit icmp any any echo-reply
  182. access-list dmz1fltr permit icmp any any echo
  183. access-list dmz1fltr permit tcp host 192.168.8.4 any eq www
  184. access-list dmz1fltr permit tcp any host 192.168.8.4 eq www
  185. access-list dmz1fltr permit tcp host 192.168.8.4 any eq ftp-data
  186. access-list dmz1fltr permit tcp any host 192.168.8.4 eq ssh
  187. access-list dmz1fltr permit tcp host 192.168.8.4 any eq ssh
  188. access-list dmz1fltr permit tcp host 192.168.8.4 any eq domain
  189. access-list dmz1fltr permit udp host 192.168.8.4 any eq domain
  190. access-list dmz1fltr permit udp any host 192.168.8.4 eq domain
  191. access-list dmz1fltr permit tcp any host 192.168.8.4 eq domain
  192. access-list dmz1fltr permit tcp host 192.168.8.4 any eq ftp
  193. access-list dmz1fltr permit tcp host 192.168.8.4 any eq cmd
  194. access-list dmz1fltr permit tcp any host 192.168.8.4 eq cmd
  195. access-list dmz1fltr permit tcp any host 192.168.8.5 eq cmd
  196. access-list dmz1fltr permit tcp host 192.168.8.5 any eq cmd
  197. access-list dmz1fltr permit tcp host 192.168.8.4 any eq telnet
  198. access-list dmz2fltr permit tcp host 166.8.137.30 host 166.8.138.117 eq www
  199. access-list dmz2fltr permit tcp host 166.8.137.30 host 166.8.138.97 eq www
  200. access-list dmz2fltr permit tcp host 166.8.137.30 host 166.8.138.145 eq www
  201. access-list dmz2fltr permit tcp host 166.8.137.30 host 166.8.138.117 eq https
  202. access-list dmz2fltr permit tcp host 166.8.137.30 host 166.8.138.97 eq https
  203. access-list dmz2fltr permit tcp host 166.8.137.30 host 166.8.138.145 eq https
  204. access-list dmz2fltr permit tcp host 166.8.137.30 host 10.2.0.21 eq https
  205. access-list dmz2fltr deny ip any host 166.8.138.117
  206. access-list dmz2fltr deny ip any host 166.8.138.97
  207. access-list dmz2fltr deny ip any host 10.2.0.21
  208. access-list dmz2fltr deny ip host 166.8.137.5 host 166.8.138.117
  209. access-list dmz2fltr deny ip host 166.8.137.5 host 166.8.138.97
  210. access-list dmz2fltr deny ip host 166.8.137.5 host 166.8.138.145
  211. access-list dmz2fltr deny ip host 166.8.137.5 host 10.2.0.21
  212. access-list dmz2fltr permit tcp host 166.8.137.5 any eq smtp
  213. access-list dmz2fltr permit tcp host 166.8.137.5 host 10.2.0.19 eq smtp
  214. access-list dmz2fltr permit udp host 166.8.137.5 host 10.2.0.3 eq domain
  215. access-list dmz2fltr permit tcp host 166.8.137.30 host 10.2.0.28 eq https
  216. access-list dmz2fltr permit tcp host 166.8.137.30 host 10.2.0.28 eq www
  217. access-list dmz2fltr deny ip any host 10.2.0.28
  218. access-list dmz2fltr permit tcp host 166.8.137.31 any eq ftp
  219. access-list dmz2fltr permit tcp host 166.8.137.5 host 10.2.8.98 eq ssh
  220. access-list dmz2fltr permit tcp host 166.8.137.42 host 166.8.138.141 eq 1433
  221. access-list dmz2fltr permit udp host 166.8.137.42 host 10.2.0.3 eq domain
  222. access-list dmz2fltr deny ip any host 10.2.0.3
  223. access-list dmz2fltr deny ip any host 10.2.0.19
  224. access-list dmz2fltr deny ip any host 166.8.138.141
  225. access-list dmz2fltr permit tcp host 166.8.137.42 any eq www
  226. access-list dmz2fltr permit tcp host 166.8.137.42 any eq https
  227. access-list dmz2fltr permit tcp host 166.8.137.42 any eq ftp
  228. access-list dmz2fltr permit tcp host 166.8.137.5 host 10.2.0.28 eq smtp
  229. access-list dmz2fltr permit icmp any any echo
  230. access-list dmz2fltr permit icmp any any echo-reply
  231. access-list dmz2fltr permit tcp host 166.8.137.42 any eq 8080
  232. access-list nonat deny ip any 16.18.20.0 255.255.255.0
  233. access-list nonat deny ip any 10.255.1.0 255.255.255.0
  234. access-list nonat permit ip object-group catCLE object-group ipsoft
  235. access-list nonat permit ip object-group CLE host 166.8.137.31
  236. access-list vpn-cat permit ip object-group catCLE object-group ipsoft
  237. pager lines 24
  238. logging on
  239. logging monitor warnings
  240. logging buffered critical
  241. logging trap errors
  242. logging history emergencies
  243. logging host inside 10.2.8.100
  244. icmp permit any unreachable outside
  245. icmp permit any unreachable dmz1
  246. mtu outside 1500
  247. mtu inside 1500
  248. mtu dmz1 1500
  249. mtu dmz2 1500
  250. mtu intf4 1500
  251. mtu fail 1500
  252. ip address outside F.S.T.34 255.255.255.224
  253. ip address inside 192.168.14.2 255.255.255.0
  254. ip address dmz1 192.168.8.1 255.255.255.0
  255. ip address dmz2 166.8.137.1 255.255.255.0
  256. ip address intf4 172.16.1.1 255.255.255.0
  257. ip address fail 192.168.11.1 255.255.255.0
  258. ip audit info action alarm
  259. ip audit attack action alarm
  260. no failover
  261. failover timeout 0:00:00
  262. failover poll 15
  263. no failover ip address outside
  264. no failover ip address inside
  265. no failover ip address dmz1
  266. no failover ip address dmz2
  267. no failover ip address intf4
  268. no failover ip address fail
  269. pdm history enable
  270. arp timeout 14400
  271. global (outside) 1 F.S.T.35
  272. global (dmz1) 1 interface
  273. global (dmz2) 1 interface
  274. nat (inside) 0 access-list nonat
  275. nat (inside) 1 166.8.136.0 255.255.255.0 0 0
  276. nat (inside) 1 166.8.138.0 255.255.255.0 0 0
  277. nat (inside) 1 166.8.139.0 255.255.255.0 0 0
  278. nat (inside) 1 192.168.6.0 255.255.255.0 0 0
  279. nat (inside) 1 10.2.0.0 255.255.0.0 0 0
  280. alias (inside) F.S.T.44 166.8.137.10 255.255.255.255
  281. alias (inside) F.S.T.46 166.8.137.31 255.255.255.255
  282. static (inside,dmz2) 10.2.0.19 10.2.0.19 netmask 255.255.255.255 0 0
  283. static (inside,dmz2) 10.2.0.3 10.2.0.3 netmask 255.255.255.255 0 0
  284. static (inside,dmz1) 10.2.0.3 10.2.0.3 netmask 255.255.255.255 0 0
  285. static (inside,dmz1) 10.2.8.5 10.2.8.5 netmask 255.255.255.255 0 0
  286. static (inside,dmz2) 10.2.0.21 10.2.0.21 netmask 255.255.255.255 0 0
  287. static (inside,dmz2) 166.8.138.97 166.8.138.97 netmask 255.255.255.255 0 0
  288. static (inside,dmz2) 166.8.138.145 166.8.138.145 netmask 255.255.255.255 0 0
  289. static (inside,dmz2) 166.8.138.117 166.8.138.117 netmask 255.255.255.255 0 0
  290. static (inside,dmz1) 10.2.4.2 10.2.4.2 netmask 255.255.255.255 0 0
  291. static (inside,dmz1) 10.2.12.12 10.2.12.12 netmask 255.255.255.255 0 0
  292. static (dmz2,outside) F.S.T.45 166.8.137.30 netmask 255.255.255.255 0 0
  293. static (dmz2,outside) F.S.T.46 166.8.137.31 netmask 255.255.255.255 0 0
  294. static (dmz1,outside) F.S.T.51 192.168.8.25 netmask 255.255.255.255 0 0
  295. static (dmz2,outside) F.S.T.47 166.8.137.40 netmask 255.255.255.255 0 0
  296. static (dmz2,outside) F.S.T.44 166.8.137.10 netmask 255.255.255.255 0 0
  297. static (dmz1,outside) F.S.T.41 192.168.8.8 netmask 255.255.255.255 0 0
  298. static (dmz1,outside) F.S.T.37 192.168.8.2 netmask 255.255.255.255 0 0
  299. static (dmz2,outside) F.S.T.54 166.8.137.50 netmask 255.255.255.255 0 0
  300. static (inside,dmz2) 10.2.0.28 10.2.0.28 netmask 255.255.255.255 0 0
  301. static (inside,outside) F.S.T.48 166.8.138.145 netmask 255.255.255.255 0 0
  302. static (inside,outside) F.S.T.49 10.2.4.45 netmask 255.255.255.255 0 0
  303. static (dmz2,outside) F.S.T.40 166.8.137.5 netmask 255.255.255.255 0 0
  304. static (dmz2,outside) F.S.T.55 166.8.137.60 netmask 255.255.255.255 0 0
  305. static (dmz2,outside) F.S.T.42 166.8.137.42 netmask 255.255.255.255 0 0
  306. static (inside,dmz2) 166.8.138.141 166.8.138.141 netmask 255.255.255.255 0 0
  307. static (inside,dmz1) 10.2.8.81 10.2.8.81 netmask 255.255.255.255 0 0
  308. static (inside,dmz1) 10.2.4.35 10.2.4.35 netmask 255.255.255.255 0 0
  309. static (dmz1,outside) F.S.T.53 192.168.8.53 netmask 255.255.255.255 0 0
  310. static (inside,dmz1) 166.8.136.35 166.8.136.35 netmask 255.255.255.255 0 0
  311. static (inside,dmz1) 10.2.8.7 10.2.8.7 netmask 255.255.255.255 0 0
  312. static (dmz1,outside) F.S.T.58 192.168.8.60 netmask 255.255.255.255 0 0
  313. static (inside,dmz1) 10.2.24.5 10.2.24.5 netmask 255.255.255.255 0 0
  314. static (inside,dmz1) 10.2.4.45 10.2.4.45 netmask 255.255.255.255 0 0
  315. static (inside,dmz1) 10.2.5.67 10.2.5.67 netmask 255.255.255.255 0 0
  316. static (inside,outside) F.S.T.59 10.2.8.48 netmask 255.255.255.255 0 0
  317. static (inside,outside) F.S.T.39 10.2.9.86 netmask 255.255.255.255 0 0
  318. static (inside,outside) F.S.T.60 10.2.8.148 netmask 255.255.255.255 0 0
  319. static (inside,outside) F.S.T.61 10.2.8.44 netmask 255.255.255.255 0 0
  320. static (inside,outside) F.S.T.62 10.2.0.100 netmask 255.255.255.255 0 0
  321. static (inside,outside) F.S.T.36 10.2.8.250 netmask 255.255.255.255 0 0
  322. static (inside,outside) F.S.T.43 10.2.4.250 netmask 255.255.255.255 0 0
  323. static (inside,outside) F.S.T.57 10.2.8.88 netmask 255.255.255.255 0 0
  324. access-group outside-to-in in interface outside
  325. access-group inside-to-out in interface inside
  326. access-group dmz1fltr in interface dmz1
  327. access-group dmz2fltr in interface dmz2
  328. route outside 0.0.0.0 0.0.0.0 F.S.T.33 1
  329. route inside 10.2.0.0 255.255.0.0 192.168.14.1 1
  330. route inside 10.22.66.22 255.255.255.255 192.168.14.1 1
  331. route inside 10.22.66.23 255.255.255.255 192.168.14.1 1
  332. route inside 166.8.1.0 255.255.255.0 192.168.14.1 1
  333. route inside 166.8.65.38 255.255.255.255 192.168.14.1 1
  334. route inside 166.8.136.0 255.255.255.0 192.168.14.1 1
  335. route inside 166.8.138.0 255.255.255.0 192.168.14.1 1
  336. route inside 166.8.139.0 255.255.255.0 192.168.14.1 1
  337. route inside 192.168.6.0 255.255.255.0 192.168.14.1 1
  338. timeout xlate 1:00:00
  339. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  340. timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  341. timeout sip-disconnect 0:02:00 sip-invite 0:03:00
  342. timeout uauth 0:05:00 absolute
  343. aaa-server TACACS+ protocol tacacs+
  344. aaa-server TACACS+ max-failed-attempts 3
  345. aaa-server TACACS+ deadtime 10
  346. aaa-server RADIUS protocol radius
  347. aaa-server RADIUS max-failed-attempts 3
  348. aaa-server RADIUS deadtime 10
  349. aaa-server LOCAL protocol local
  350. ntp server 10.2.0.5 source inside
  351. http server enable
  352. http 10.2.0.123 255.255.255.255 inside
  353. snmp-server host inside 10.2.8.98
  354. no snmp-server location
  355. no snmp-server contact
  356. snmp-server community public
  357. snmp-server enable traps
  358. floodguard enable
  359. sysopt connection permit-ipsec
  360. crypto ipsec transform-set kristrong esp-3des esp-sha-hmac
  361. crypto ipsec security-association lifetime seconds 3600 kilobytes 10000
  362. crypto map kri 15 ipsec-isakmp
  363. crypto map kri 15 match address vpn-cat
  364. crypto map kri 15 set pfs group2
  365. crypto map kri 15 set peer 20.17.14.4
  366. crypto map kri 15 set transform-set kristrong
  367. crypto map kri interface outside
  368. isakmp enable outside
  369. isakmp key ******** address 20.17.14.4 netmask 255.255.255.255
  370. isakmp identity address
  371. isakmp policy 10 authentication pre-share
  372. isakmp policy 10 encryption 3des
  373. isakmp policy 10 hash sha
  374. isakmp policy 10 group 2
  375. isakmp policy 10 lifetime 3600
  376. telnet 10.2.8.100 255.255.255.255 inside
  377. telnet timeout 30
  378. ssh 10.2.8.100 255.255.255.255 inside
  379. ssh 10.229.66.228 255.255.255.255 inside
  380. ssh 10.2.0.0 255.255.252.0 inside
  381. ssh timeout 30
  382. console timeout 0
  383. terminal width 80
  384. Cryptochecksum:b80c9ac5e742040be7dc4f8d1f69f1c2
  385. : end
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!