Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- this is the "home office" PIX, from it I can't ping 172.31.12.1 or .100
- : Saved
- :
- PIX Version 8.0(4)
- !
- hostname as65002-pix
- enable password 8Ry2YjIyt7RRXU24 encrypted
- passwd 2KFQnbNIdI.2KYOU encrypted
- names
- !
- interface Ethernet0
- nameif outside
- security-level 0
- ip address 192.168.48.245 255.255.255.240
- ospf network point-to-point non-broadcast
- !
- interface Ethernet1
- nameif inside
- security-level 100
- ip address 172.31.10.1 255.255.255.0
- !
- interface Ethernet2
- shutdown
- no nameif
- no security-level
- no ip address
- !
- boot system flash:/pix804.bin
- ftp mode passive
- access-list in_outside extended permit icmp any any
- access-list in_outside extended permit ip any host 192.168.49.2
- access-list 100 extended permit ip 172.31.10.0 255.255.255.0 172.31.12.0 255.255.255.0
- access-list 100 extended permit ip any 172.31.12.0 255.255.255.0
- access-list 100 extended permit ospf interface outside host 10.119.0.50
- access-list 100 extended deny ip any any
- access-list nonat extended permit ip 172.31.10.0 255.255.255.0 172.31.12.0 255.255.255.0
- pager lines 24
- mtu outside 1500
- mtu inside 1500
- no failover
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- global (outside) 1 192.168.49.10-192.168.49.15
- nat (inside) 0 access-list nonat
- nat (inside) 1 0.0.0.0 0.0.0.0
- static (inside,outside) 192.168.49.2 172.31.10.100 netmask 255.255.255.255
- access-group in_outside in interface outside
- !
- router ospf 65002
- network 10.119.0.48 255.255.255.252 area 0
- network 172.31.10.0 255.255.255.0 area 0
- network 192.168.48.240 255.255.255.240 area 0
- neighbor 10.119.0.50 interface outside
- log-adj-changes
- !
- router ospf 6500
- log-adj-changes
- !
- route outside 0.0.0.0 0.0.0.0 192.168.48.241 1
- timeout xlate 3:00:00
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- dynamic-access-policy-record DfltAccessPolicy
- no snmp-server location
- no snmp-server contact
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- crypto ipsec transform-set myset esp-3des esp-sha-hmac
- crypto ipsec security-association lifetime seconds 28800
- crypto ipsec security-association lifetime kilobytes 4608000
- crypto map branch1 20 match address 100
- crypto map branch1 20 set peer 10.119.0.50
- crypto map branch1 20 set transform-set myset
- crypto map branch1 20 set security-association lifetime seconds 28800
- crypto map branch1 20 set security-association lifetime kilobytes 4608000
- crypto map branch1 interface outside
- crypto isakmp enable outside
- crypto isakmp policy 10
- authentication pre-share
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- telnet timeout 5
- ssh timeout 5
- console timeout 0
- dhcpd address 172.31.10.100-172.31.10.200 inside
- dhcpd dns 172.25.254.253 interface inside
- dhcpd option 3 ip 172.31.10.1 interface inside
- dhcpd enable inside
- !
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- tunnel-group 10.119.0.50 type ipsec-l2l
- tunnel-group 10.119.0.50 ipsec-attributes
- pre-shared-key *
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect netbios
- inspect rsh
- inspect rtsp
- inspect skinny
- inspect esmtp
- inspect sqlnet
- inspect sunrpc
- inspect tftp
- inspect sip
- inspect xdmcp
- !
- service-policy global_policy global
- prompt hostname context
- Cryptochecksum:656525c49c453692012baf811daa4fb7
- : end
- as65002-pix#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement