interface FastEthernet0/0 description DMZ2 Interface ip address 192.168.2.1 255.255.255.240 ip nat inside ip inspect Default in no ip route-cache no ip mroute-cache duplex auto speed auto no cdp enable ! interface Serial0/0 description External interface ip address 169.207.1.3 255.255.255.252 ip access-group 120 in ip nat outside encapsulation frame-relay IETF no ip mroute-cache no fair-queue service-module t1 timeslots 1-24 frame-relay interface-dlci 617 frame-relay lmi-type ansi crypto map clientmap ! interface FastEthernet0/1 description DMZ1 Interface ip address 192.168.1.1 255.255.255.240 ip nat inside ip inspect Default in no ip route-cache no ip mroute-cache duplex auto speed auto no cdp enable ! ! ip inspect name Default tcp ip inspect name Default udp ip inspect name Default ftp ip inspect name Default h323 ip inspect name Default cuseeme ip inspect name Default vdolive ip inspect name Default tftp ip inspect name Default realaudio ip inspect name Default icmp ip audit notify log ip audit po max-events 100 ! ip local pool ippool 192.168.100.1 192.168.100.254 ip nat inside source list 100 interface Serial0/0 overload ip nat inside source static tcp 192.168.1.11 25 169.207.1.3 25 extendable ip nat inside source static tcp 192.168.1.12 443 169.207.1.3 443 extendable ip nat inside source static tcp 192.168.1.12 80 169.207.1.3 80 extendable ip nat inside source static tcp 10.10.1.8 143 169.207.1.3 143 extendable ip nat inside source static tcp 192.168.1.11 30000 169.207.1.3 30000 extendable no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 169.207.1.1 ip route 10.0.0.0 255.0.0.0 192.168.1.14 ! ! ! ip access-list extended timeout ! access-list 100 deny ip 192.168.2.0 0.0.0.15 192.168.100.0 0.0.0.255 access-list 100 deny ip 192.168.1.0 0.0.0.15 192.168.100.0 0.0.0.255 access-list 100 deny ip 10.0.0.0 0.255.255.255 192.168.100.0 0.0.0.255 access-list 100 permit ip 192.168.1.0 0.0.0.15 any access-list 100 permit ip 192.168.2.0 0.0.0.15 any access-list 100 permit ip 10.0.0.0 0.255.255.255 any access-list 120 permit udp any any eq isakmp access-list 120 permit udp any any eq non500-isakmp access-list 120 permit esp any any access-list 120 permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.15 access-list 120 permit tcp any host 169.207.1.3 eq smtp access-list 120 permit tcp any host 169.207.1.3 eq www access-list 120 permit tcp any host 169.207.1.3 eq 143 access-list 120 permit tcp any host 169.207.1.3 eq 443 access-list 120 permit tcp any host 169.207.1.3 eq 30000 access-list 120 permit ip 192.168.100.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 159 remark Allow access for nerconitdept access-list 159 permit ip 192.168.1.0 0.0.0.15 192.168.100.0 0.0.0.255 access-list 159 permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.15 access-list 159 permit ip 10.0.0.0 0.255.255.255 192.168.100.0 0.0.0.255 access-list 159 permit ip 192.168.100.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 160 remark Restrict remotemail to services for Exchange access access-list 160 permit ip host 10.10.1.8 192.168.100.0 0.0.0.255 access-list 160 permit ip 192.168.100.0 0.0.0.255 host 10.10.1.8 access-list 160 permit ip host 10.10.1.1 192.168.100.0 0.0.0.255 access-list 160 permit ip 192.168.100.0 0.0.0.255 host 10.10.1.1 access-list 170 remark Restrict remotesupport to DMZ computer access access-list 170 permit ip host 192.168.1.2 192.168.100.0 0.0.0.255 access-list 170 permit ip 192.168.100.0 0.0.0.255 host 192.168.1.2 no cdp run !