PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security10 clock timezone CST -6 clock summer-time CDT recurring fixup protocol dns maximum-length 606 fixup protocol ftp 20 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 no fixup protocol rsh 514 no fixup protocol rtsp 554 no fixup protocol sip 5060 fixup protocol sip udp 5060 no fixup protocol skinny 2000 no fixup protocol smtp 25 no fixup protocol sqlnet 1521 no fixup protocol tftp 69 no names object-group network iChat_Users network-object 192.168.10.239 255.255.255.255 network-object 192.168.10.240 255.255.255.255 network-object 192.168.10.241 255.255.255.255 network-object 192.168.10.242 255.255.255.255 network-object 192.168.10.243 255.255.255.255 network-object 192.168.10.244 255.255.255.255 network-object 192.168.10.245 255.255.255.255 network-object 192.168.10.246 255.255.255.255 object-group service BitTorrent tcp-udp description The BitTorrent Protocol port-object range 6881 6999 object-group service iChat tcp-udp port-object eq 5060 port-object eq 5190 port-object range 5297 5298 port-object eq 5353 port-object eq 5678 port-object range 16384 16403 object-group service polycom tcp-udp description iChat access port-object range 3230 3235 port-object range 15328 15333 access-list compiled access-list inbound remark Fish Portal access-list inbound permit tcp any host 67.154.11.204 eq 8084 access-list inbound remark *** BEGIN ACCESS RULE DEFINITION *** access-list inbound deny tcp 211.158.68.0 255.255.255.0 host 63.87.109.132 access-list inbound deny udp 211.158.68.0 255.255.255.0 host 63.87.109.132 access-list inbound deny ip 211.158.68.0 255.255.255.0 host 63.87.109.132 access-list inbound deny icmp 211.158.68.0 255.255.255.0 host 63.87.109.132 access-list inbound remark DENY The DoS from wanadoo.fr access-list inbound deny tcp 82.120.116.0 255.255.255.0 any access-list inbound deny udp 82.120.116.0 255.255.255.0 any access-list inbound deny icmp 82.120.116.0 255.255.255.0 any access-list inbound deny ip 82.120.116.0 255.255.255.0 any access-list inbound remark TIME.WINDOWS.COM access-list inbound permit udp host 207.46.130.100 eq ntp any access-list inbound remark Port 8080 to remote admin the San Antonio Router access-list inbound permit tcp host 66.239.97.226 any eq 8080 access-list inbound permit tcp any host 63.87.109.134 eq www access-list inbound remark Allow access to Exchange Server access-list inbound permit tcp any host 63.87.109.132 eq www access-list inbound permit tcp any host 63.87.109.132 eq smtp access-list inbound permit tcp any host 63.87.109.132 eq pop3 access-list inbound remark Allow HTTP TO APC Masterswitch access-list inbound permit tcp any host 63.87.109.143 eq www log access-list inbound remark Allow Access to FTP Server access-list inbound permit tcp any host 63.87.109.135 eq ftp access-list inbound permit tcp any host 63.87.109.135 eq ftp-data access-list inbound permit tcp any host 63.87.109.135 eq www access-list inbound remark Allow CITRIX/ICA Traffic to Citrix Servers access-list inbound permit tcp any host 63.87.109.142 eq citrix-ica access-list inbound permit tcp any host 63.87.109.142 eq 2598 access-list inbound permit tcp any host 63.87.109.142 eq www access-list inbound remark Allow H323 Traffic to both VideoConferencing Units access-list inbound permit tcp any host 63.87.109.139 eq h323 access-list inbound permit tcp any host 63.87.109.140 eq h323 access-list inbound permit tcp any 63.87.109.128 255.255.255.192 object-group BitTorrent log access-list inbound remark Allow PROXY to CSHEEHAN access-list inbound permit udp any host 63.87.109.158 eq 1505 access-list inbound permit tcp any host 63.87.109.158 eq 1505 access-list inbound remark Allow Custom Port Signatures for PolyCom VideoConferencing Unit access-list inbound remark Yahoo IM - WebCam Service access-list inbound permit tcp any any eq 5100 access-list inbound permit tcp any any eq 5050 access-list inbound remark AOL iChat access-list inbound remark ICMP for i2Eye VideoConferencing Unit access-list inbound permit icmp any host 63.87.109.139 log access-list inbound permit tcp host 69.25.34.144 any eq whois access-list inbound remark Cyber-Techs inbound access-list inbound permit tcp host 69.15.150.25 range 3389 3389 any access-list inbound remark __Allow Ping to Mail and PIX only, block all others access-list inbound permit icmp any host 63.87.109.132 access-list inbound permit icmp any host 63.87.109.137 access-list inbound remark Deny All other inbound traffic access-list inbound permit tcp any host 63.87.109.136 eq 8080 access-list inbound permit tcp any host 63.87.109.136 eq 3389 access-list inbound permit tcp any host 63.87.109.140 object-group polycom access-list inbound permit tcp any host 63.87.109.139 object-group polycom access-list inbound remark AOL iChat access-list inbound permit udp any any object-group iChat access-list inbound remark AOL iChat access-list inbound permit tcp any any object-group iChat access-list inbound permit tcp any host 63.87.109.142 eq 3389 access-list outbound permit icmp any any access-list outbound permit ip any any access-list outbound permit udp any any access-list outbound permit tcp any any no access-list outbound compiled access-list dmz_access_in remark Allow CITRIX/ICA Traffic to Citrix Servers access-list dmz_access_in permit tcp any host 46.18.106.163 eq citrix-ica access-list dmz_access_in permit tcp any host 46.18.106.163 eq 2598 access-list dmz_access_in permit tcp any host 46.18.106.163 eq www access-list dmz_access_in permit icmp any any logging on logging timestamp logging buffered debugging logging trap notifications logging history critical logging facility 22 logging queue 0 logging host inside 192.168.10.1 no logging message 405001 no logging message 304006 icmp permit any outside icmp permit any inside mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside 63.87.109.137 255.255.255.192 ip address inside 192.168.10.254 255.255.255.0 ip address dmz 46.18.106.162 255.255.255.224 ip verify reverse-path interface outside ip verify reverse-path interface inside ip audit name Default_Attack attack action alarm ip audit name Default_Info info action alarm ip audit interface outside Default_Info ip audit interface outside Default_Attack ip audit interface inside Default_Info ip audit interface inside Default_Attack ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 63.87.109.149-63.87.109.159 netmask 255.255.255.224 global (outside) 1 63.87.109.138 global (outside) 1 63.87.109.144 global (outside) 1 63.87.109.145 global (outside) 1 63.87.109.146 global (outside) 1 63.87.109.147 global (outside) 1 63.87.109.148 global (dmz) 2 46.18.106.163 nat (inside) 2 192.168.10.5 255.255.255.255 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 63.87.109.143 192.168.10.6 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.139 192.168.10.33 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.140 192.168.10.34 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.158 192.168.10.29 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.135 192.168.10.23 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.133 192.168.10.170 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.134 192.168.10.161 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.132 192.168.10.3 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.136 192.168.10.8 netmask 255.255.255.255 0 0 static (inside,dmz) 46.18.106.163 192.168.10.5 netmask 255.255.255.255 0 0 static (inside,outside) 63.87.109.142 192.168.10.5 netmask 255.255.255.255 0 0 access-group inbound in interface outside access-group dmz_access_in in interface dmz route outside 0.0.0.0 0.0.0.0 63.87.109.129 1 route dmz 0.0.0.0 0.0.0.0 46.18.106.161 2 route dmz 66.160.222.239 255.255.255.255 46.18.106.161 1 no snmp-server location snmp-server contact KNS snmp-server community tradegroup snmp-server enable traps floodguard enable sysopt connection permit-pptp crypto ipsec transform-set TRANS_ESP_AES-256_MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set TRANS_ESP_AES-256_MD5 mode transport isakmp enable outside url-block url-mempool 2 url-block url-size 2 url-block block 4 terminal width 180 Cryptochecksum:469a27ac2e67aa23ae85c8a242e55a69 : end