SHARE
TWEET

Untitled

a guest Jun 19th, 2017 335 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. this is the "home office" PIX, from it I can't ping 172.31.12.1 or .100
  2.  
  3. : Saved
  4. :
  5. PIX Version 8.0(4)
  6. !
  7. hostname as65002-pix
  8. enable password 8Ry2YjIyt7RRXU24 encrypted
  9. passwd 2KFQnbNIdI.2KYOU encrypted
  10. names
  11. !
  12. interface Ethernet0
  13.  nameif outside
  14.  security-level 0
  15.  ip address 192.168.48.245 255.255.255.240
  16.  ospf network point-to-point non-broadcast
  17. !
  18. interface Ethernet1
  19.  nameif inside
  20.  security-level 100
  21.  ip address 172.31.10.1 255.255.255.0
  22. !
  23. interface Ethernet2
  24.  shutdown
  25.  no nameif
  26.  no security-level
  27.  no ip address
  28. !            
  29. boot system flash:/pix804.bin
  30. ftp mode passive
  31. access-list in_outside extended permit icmp any any
  32. access-list in_outside extended permit ip any host 192.168.49.2
  33. access-list 100 extended permit ip 172.31.10.0 255.255.255.0 172.31.12.0 255.255.255.0
  34. access-list 100 extended permit ip any 172.31.12.0 255.255.255.0
  35. access-list 100 extended permit ospf interface outside host 10.119.0.50
  36. access-list 100 extended deny ip any any
  37. access-list nonat extended permit ip 172.31.10.0 255.255.255.0 172.31.12.0 255.255.255.0
  38. pager lines 24
  39. mtu outside 1500
  40. mtu inside 1500
  41. no failover
  42. icmp unreachable rate-limit 1 burst-size 1
  43. no asdm history enable
  44. arp timeout 14400
  45. global (outside) 1 192.168.49.10-192.168.49.15
  46. nat (inside) 0 access-list nonat
  47. nat (inside) 1 0.0.0.0 0.0.0.0
  48. static (inside,outside) 192.168.49.2 172.31.10.100 netmask 255.255.255.255
  49. access-group in_outside in interface outside
  50. !
  51. router ospf 65002
  52.  network 10.119.0.48 255.255.255.252 area 0
  53.  network 172.31.10.0 255.255.255.0 area 0
  54.  network 192.168.48.240 255.255.255.240 area 0
  55.  neighbor 10.119.0.50 interface outside
  56.  log-adj-changes
  57. !
  58. router ospf 6500
  59.  log-adj-changes
  60. !
  61. route outside 0.0.0.0 0.0.0.0 192.168.48.241 1
  62. timeout xlate 3:00:00
  63. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  64. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  65. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  66. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  67. dynamic-access-policy-record DfltAccessPolicy
  68. no snmp-server location
  69. no snmp-server contact
  70. snmp-server enable traps snmp authentication linkup linkdown coldstart
  71. crypto ipsec transform-set myset esp-3des esp-sha-hmac
  72. crypto ipsec security-association lifetime seconds 28800
  73. crypto ipsec security-association lifetime kilobytes 4608000
  74. crypto map branch1 20 match address 100
  75. crypto map branch1 20 set peer 10.119.0.50
  76. crypto map branch1 20 set transform-set myset
  77. crypto map branch1 20 set security-association lifetime seconds 28800
  78. crypto map branch1 20 set security-association lifetime kilobytes 4608000
  79. crypto map branch1 interface outside
  80. crypto isakmp enable outside
  81. crypto isakmp policy 10
  82.  authentication pre-share
  83.  encryption 3des
  84.  hash sha
  85.  group 2
  86.  lifetime 86400
  87. telnet timeout 5
  88. ssh timeout 5
  89. console timeout 0
  90. dhcpd address 172.31.10.100-172.31.10.200 inside
  91. dhcpd dns 172.25.254.253 interface inside
  92. dhcpd option 3 ip 172.31.10.1 interface inside
  93. dhcpd enable inside
  94. !
  95. threat-detection basic-threat
  96. threat-detection statistics access-list
  97. no threat-detection statistics tcp-intercept
  98. tunnel-group 10.119.0.50 type ipsec-l2l
  99. tunnel-group 10.119.0.50 ipsec-attributes
  100.  pre-shared-key *
  101. !
  102. class-map inspection_default
  103.  match default-inspection-traffic
  104. !
  105. !
  106. policy-map type inspect dns preset_dns_map
  107.  parameters
  108.   message-length maximum 512
  109. policy-map global_policy
  110.  class inspection_default
  111.   inspect dns preset_dns_map
  112.   inspect ftp
  113.   inspect h323 h225
  114.   inspect h323 ras
  115.   inspect netbios
  116.   inspect rsh
  117.   inspect rtsp
  118.   inspect skinny  
  119.   inspect esmtp
  120.   inspect sqlnet
  121.   inspect sunrpc
  122.   inspect tftp
  123.   inspect sip  
  124.   inspect xdmcp
  125. !
  126. service-policy global_policy global
  127. prompt hostname context
  128. Cryptochecksum:656525c49c453692012baf811daa4fb7
  129. : end
  130. as65002-pix#
RAW Paste Data
Top