SHARE
TWEET

Untitled

a guest Jun 19th, 2017 382 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. This is the "branch", which can't ping anything on 172.31.10.0/24
  2.  
  3. 10Mbranch-pix# sh run
  4. : Saved
  5. :
  6. PIX Version 8.0(4)
  7. !
  8. hostname 10Mbranch-pix
  9. enable password 8Ry2YjIyt7RRXU24 encrypted
  10. passwd 2KFQnbNIdI.2KYOU encrypted
  11. names
  12. !
  13. interface Ethernet0
  14.  nameif outside
  15.  security-level 0
  16.  ip address 10.119.0.50 255.255.255.252
  17.  ospf network point-to-point non-broadcast
  18. !
  19. interface Ethernet1
  20.  nameif inside
  21.  security-level 100
  22.  ip address 172.31.12.1 255.255.255.0
  23. !
  24. interface Ethernet2
  25.  shutdown
  26.  no nameif
  27.  no security-level
  28.  no ip address
  29. !            
  30. interface Redundant1
  31.  no nameif
  32.  no security-level
  33.  no ip address
  34. !
  35. ftp mode passive
  36. dns domain-lookup outside
  37. dns domain-lookup inside
  38. dns server-group DefaultDNS
  39.  name-server 172.25.254.253
  40. access-list 100 extended permit ip 172.31.12.0 255.255.255.0 172.31.10.0 255.255.255.0
  41. access-list 100 extended permit ip any 172.31.10.0 255.255.255.0
  42. access-list 100 extended permit ospf interface outside host 192.168.48.245
  43. access-list nonat extended permit ip 172.31.12.0 255.255.255.0 172.31.10.0 255.255.255.0
  44. access-list in_outside extended permit icmp any any
  45. pager lines 24
  46. mtu outside 1500
  47. mtu inside 1500
  48. no failover
  49. icmp unreachable rate-limit 1 burst-size 1
  50. no asdm history enable
  51. arp timeout 14400
  52. global (outside) 1 192.168.134.206-192.168.134.207
  53. nat (inside) 0 access-list nonat
  54. nat (inside) 1 0.0.0.0 0.0.0.0
  55. access-group in_outside in interface outside
  56. !
  57. router ospf 65002
  58.  network 10.119.0.48 255.255.255.252 area 0
  59.  network 172.31.12.0 255.255.255.0 area 0
  60.  network 192.168.48.240 255.255.255.240 area 0
  61.  neighbor 192.168.48.245 interface outside
  62.  log-adj-changes
  63. !
  64. route outside 0.0.0.0 0.0.0.0 10.119.0.49 1
  65. timeout xlate 3:00:00
  66. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  67. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  68. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  69. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  70. dynamic-access-policy-record DfltAccessPolicy
  71. no snmp-server location
  72. no snmp-server contact
  73. snmp-server enable traps snmp authentication linkup linkdown coldstart
  74. crypto ipsec transform-set myset esp-3des esp-sha-hmac
  75. crypto ipsec security-association lifetime seconds 28800
  76. crypto ipsec security-association lifetime kilobytes 4608000
  77. crypto map corp 20 match address 100
  78. crypto map corp 20 set peer 192.168.48.245
  79. crypto map corp 20 set transform-set myset
  80. crypto map corp 20 set security-association lifetime seconds 28800
  81. crypto map corp 20 set security-association lifetime kilobytes 4608000
  82. crypto map corp interface outside
  83. crypto isakmp enable outside
  84. crypto isakmp policy 10
  85.  authentication pre-share
  86.  encryption 3des
  87.  hash sha
  88.  group 2
  89.  lifetime 86400
  90. telnet timeout 5
  91. ssh timeout 5
  92. console timeout 0
  93. dhcpd address 172.31.12.100-172.31.12.200 inside
  94. dhcpd dns 172.25.254.253 interface inside
  95. dhcpd option 3 ip 172.31.12.1 interface inside
  96. dhcpd enable inside
  97. !
  98. threat-detection basic-threat
  99. threat-detection statistics access-list
  100. no threat-detection statistics tcp-intercept
  101. tunnel-group 192.168.48.245 type ipsec-l2l
  102. tunnel-group 192.168.48.245 ipsec-attributes
  103.  pre-shared-key *
  104. !
  105. class-map inspection_default
  106.  match default-inspection-traffic
  107. !
  108. !
  109. policy-map type inspect dns preset_dns_map
  110.  parameters
  111.   message-length maximum 512
  112. policy-map global_policy
  113.  class inspection_default
  114.   inspect dns preset_dns_map
  115.   inspect ftp
  116.   inspect h323 h225
  117.   inspect h323 ras
  118.   inspect netbios
  119.   inspect rsh
  120.   inspect rtsp
  121.   inspect skinny  
  122.   inspect esmtp
  123.   inspect sqlnet
  124.   inspect sunrpc
  125.   inspect tftp
  126.   inspect sip  
  127.   inspect xdmcp
  128. !
  129. service-policy global_policy global
  130. prompt hostname context
  131. Cryptochecksum:240bf8492c71cdd555d13469189fa450
  132. : end
  133. 10Mbranch-pix#
RAW Paste Data
Top