SHOW RUN : Saved : PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto shutdown interface ethernet3 auto shutdown interface ethernet4 auto shutdown interface ethernet5 auto nameif ethernet0 internet security1 nameif ethernet1 inside security100 nameif ethernet2 intf2 security4 nameif ethernet3 intf3 security6 nameif ethernet4 intf4 security8 nameif ethernet5 fover security5 enable password KDh2qMy7yuJuChYd encrypted passwd pZNkwrOWW4.UJh7Q encrypted hostname MY-DMZ-PIX515 domain-name my.ae fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 <--- More ---> fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list acl-inside-nat permit ip 10.10.2.0 255.255.255.0 any access-list acl-outside permit tcp host 10.50.1.8 host 10.10.2.10 eq domain access-list acl-outside permit tcp host 10.50.1.9 host 10.10.2.10 eq domain access-list acl-outside permit udp host 10.50.1.8 host 10.10.2.10 eq domain access-list acl-outside permit udp host 10.50.1.9 host 10.10.2.10 eq domain access-list acl-outside permit tcp host 10.50.1.8 host 10.10.2.18 eq domain access-list acl-outside permit tcp host 10.50.1.9 host 10.10.2.18 eq domain access-list acl-outside permit udp host 10.50.1.8 host 10.10.2.18 eq domain access-list acl-outside permit udp host 10.50.1.9 host 10.10.2.18 eq domain access-list acl-outside permit tcp host 10.50.1.8 host 10.10.2.19 eq domain access-list acl-outside permit tcp host 10.50.1.9 host 10.10.2.19 eq domain access-list acl-outside permit udp host 10.50.1.8 host 10.10.2.19 eq domain access-list acl-outside permit udp host 10.50.1.9 host 10.10.2.19 eq domain access-list acl-outside permit tcp host 10.50.1.51 host 10.10.2.10 eq www access-list acl-outside permit tcp host 10.50.1.51 host 10.10.2.10 eq https <--- More ---> access-list acl-outside permit tcp host 10.50.1.51 host 10.10.2.18 eq www access-list acl-outside permit tcp host 10.50.1.51 host 10.10.2.18 eq https access-list acl-outside permit tcp host 10.50.1.51 host 10.10.2.19 eq www access-list acl-outside permit tcp host 10.50.1.51 host 10.10.2.19 eq https access-list acl-outside permit tcp host 10.50.2.30 host 10.10.2.10 eq www access-list acl-outside permit tcp host 10.50.2.30 host 10.10.2.10 eq https access-list acl-outside permit tcp host 10.50.2.30 host 10.10.2.18 eq www access-list acl-outside permit tcp host 10.50.2.30 host 10.10.2.18 eq https access-list acl-outside permit tcp host 10.50.2.30 host 10.10.2.19 eq www access-list acl-outside permit tcp host 10.50.2.30 host 10.10.2.19 eq https access-list acl-outside permit tcp 10.50.5.0 255.255.255.0 10.10.2.0 255.255.255.0 eq ssh access-list acl-outside permit ip 172.16.0.0 255.255.255.0 any access-list acl-outside deny ip any any access-list acl-inside permit tcp 10.10.2.0 255.255.255.0 10.50.0.0 255.255.0.0 eq domain access-list acl-inside permit udp 10.10.2.0 255.255.255.0 10.50.0.0 255.255.0.0 eq domain access-list acl-inside permit tcp 10.10.2.0 255.255.255.0 10.50.0.0 255.255.0.0 eq www access-list acl-inside permit tcp 10.10.2.0 255.255.255.0 10.50.0.0 255.255.0.0 eq https access-list acl-inside permit tcp 10.10.2.0 255.255.255.0 10.50.5.0 255.255.255.0 eq ssh pager lines 24 mtu internet 1500 mtu inside 1500 mtu intf2 1500 mtu intf3 1500 mtu intf4 1500 <--- More ---> mtu fover 1500 ip address internet 192.168.4.3 255.255.255.0 ip address inside 10.10.2.254 255.255.255.0 no ip address intf2 no ip address intf3 no ip address intf4 ip address fover 172.16.1.1 255.255.255.252 ip audit info action alarm ip audit attack action alarm failover failover timeout 0:00:00 failover poll 15 failover ip address internet 192.168.4.4 failover ip address inside 10.10.2.253 no failover ip address intf2 no failover ip address intf3 no failover ip address intf4 failover ip address fover 172.16.1.2 failover link internet pdm history enable arp timeout 14400 nat (inside) 0 access-list acl-inside-nat access-group acl-outside in interface internet access-group acl-inside in interface inside <--- More ---> route internet 10.50.0.0 255.255.0.0 192.168.4.1 1 route internet 172.16.0.0 255.255.255.0 192.168.4.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 172.16.0.0 255.255.255.0 internet telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:953289951ed6b05d75f204d0258d779b : end MY-DMZ-PIX515# MY-DMZ-PIX515# MY-DMZ-PIX515# MY-DMZ-PIX515# MY-DMZ-PIX515# MY-DMZ-PIX515# MY-DMZ-PIX515# show nat nat (inside) 0 access-list acl-inside-nat MY-DMZ-PIX515# show route inside 10.10.2.0 255.255.255.0 10.10.2.254 1 CONNECT static internet 10.50.0.0 255.255.0.0 192.168.4.1 1 OTHER static internet 172.16.0.0 255.255.255.0 192.168.4.1 1 OTHER static fover 172.16.1.0 255.255.255.252 172.16.1.1 1 CONNECT static internet 192.168.4.0 255.255.255.0 192.168.4.3 1 CONNECT static MY-DMZ-PIX515#