PIX 501 config:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname

domain-name ...

clock timezone CST -6

clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol pptp 1723

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list nonat permit udp 10.200.218.0 255.255.255.0 10.0.0.0 255.0.0.0 range 16384 32767

access-list nonat permit ip 10.200.218.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list nonat permit ip 10.200.218.0 255.255.255.0 10.1.2.0 255.255.255.0

access-list nonat permit ip 10.200.218.0 255.255.255.0 10.1.100.0 255.255.255.0

access-list nonat permit ip 10.200.218.0 255.255.255.0 10.1.101.0 255.255.255.0

access-list nonat permit ip 10.200.218.0 255.255.255.0 10.4.5.0 255.255.255.0

access-list 101 permit udp 10.200.218.0 255.255.255.0 10.0.0.0 255.0.0.0 range 16384 32767

access-list 101 permit ip 10.200.218.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list 101 permit ip 10.200.218.0 255.255.255.0 10.1.2.0 255.255.255.0

access-list 101 permit ip 10.200.218.0 255.255.255.0 10.1.100.0 255.255.255.0

access-list 101 permit ip 10.200.218.0 255.255.255.0 10.1.101.0 255.255.255.0

access-list 101 permit ip 10.200.218.0 255.255.255.0 10.4.5.0 255.255.255.0

no pager

logging on

logging buffered warnings

icmp permit any outside

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 10.200.218.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

conduit permit icmp any any

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

snmp-server host inside 10.1.1.25 poll

no snmp-server location

no snmp-server contact

no snmp-server enable traps

no floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set tangoset esp-3des esp-md5-hmac

crypto map tangomap 10 ipsec-isakmp

crypto map tangomap 10 match address 101

crypto map tangomap 10 set peer <>

crypto map tangomap 10 set transform-set tangoset

crypto map tangomap interface outside

isakmp enable outside

isakmp key <..> address <..> netmask 255.255.255.0

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

telnet 10.0.0.0 255.255.255.0 inside

telnet timeout 5

ssh 10.0.0.0 255.0.0.0 inside

ssh timeout 5

management-access inside

console timeout 0

dhcpd address 10.200.218.101-10.200.218.111 inside

dhcpd dns 10.1.1.20 10.1.1.23

dhcpd lease 86400

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80