ix-Hyd#
Pix-Hyd# sh run
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password uWDPPUNIJzplcN8S encrypted
passwd b23sJsfNbf8NleR8 encrypted
hostname Pix-Hyd
domain-name cibernet.com
clock timezone IST 5 30
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69

access-list no-nat permit ip 10.91.40.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list no-nat permit ip 10.91.40.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list no-nat permit ip any 59.163.119.0 255.255.255.240
access-list no-nat permit ip 10.91.40.0 255.255.255.0 10.1.240.0 255.255.255.0
access-list no-nat permit ip 10.91.40.0 255.255.255.0 10.1.201.0 255.255.255.0
access-list no-nat permit ip 10.91.40.0 255.255.255.0 host 209.67.242.210
access-list no-nat permit ip host 10.91.40.15 host 192.168.131.13
access-list no-nat permit ip 10.91.40.0 255.255.255.0 host 59.163.119.126
access-list no-nat permit ip any 10.91.30.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 10.1.240.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 10.1.201.0 255.255.255.0
access-list no-nat permit ip any 59.163.119.0 255.255.255.240
access-list no-nat permit ip 10.91.40.0 255.255.255.0 10.1.240.0 255.255.255.0
access-list no-nat permit ip 10.91.40.0 255.255.255.0 10.1.201.0 255.255.255.0
access-list no-nat permit ip 10.91.40.0 255.255.255.0 host 209.67.242.210
access-list no-nat permit ip host 10.91.40.15 host 192.168.131.13
access-list no-nat permit ip 10.91.40.0 255.255.255.0 host 59.163.119.126
access-list no-nat permit ip any 10.91.30.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 10.1.240.0 255.255.255.0
access-list no-nat permit ip 10.91.30.0 255.255.255.0 10.1.201.0 255.255.255.0
access-list 101 permit ip 59.163.119.0 255.255.255.240 any
access-list 102 permit ip 10.91.40.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 103 permit ip 10.91.40.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list 104 permit ip 10.91.40.0 255.255.255.0 10.1.240.0 255.255.255.0
access-list 105 permit ip 10.91.40.0 255.255.255.0 10.1.201.0 255.255.255.0
access-list 106 permit ip 10.91.40.0 255.255.255.0 host 209.67.242.210
access-list 107 permit ip host 10.91.40.15 host 192.168.131.13
access-list 112 permit udp any host 10.91.30.0 eq 4500
pager lines 24
logging on
logging buffered errors
logging trap notifications
logging host inside 10.91.40.57
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 59.163.119.113 255.255.255.240
ip address inside 10.91.40.100 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool remotevpn 10.91.30.1-10.91.30.254 mask 255.255.255.0
pdm location 10.91.40.2 255.255.255.255 inside
pdm location 10.91.40.5 255.255.255.255 inside
pdm location 10.91.40.10 255.255.255.255 inside
pdm location 10.91.40.15 255.255.255.255 inside
pdm location 10.91.40.24 255.255.255.255 inside
pdm location 10.91.40.25 255.255.255.255 inside
pdm location 10.91.40.30 255.255.255.255 inside
pdm location 10.91.40.35 255.255.255.255 inside
pdm location 10.91.40.57 255.255.255.255 inside
pdm location 10.91.40.138 255.255.255.255 inside
pdm location 10.1.201.0 255.255.255.0 outside
pdm location 10.1.240.0 255.255.255.0 outside
pdm location 10.10.10.0 255.255.255.0 outside
pdm location 59.163.119.0 255.255.255.240 outside
pdm location 192.168.1.0 255.255.255.0 outside
pdm location 192.168.131.13 255.255.255.255 outside
pdm location 209.67.242.210 255.255.255.255 outside
pdm location 210.210.1.73 255.255.255.255 outside
pdm location 212.113.6.66 255.255.255.255 outside
pdm location 212.113.16.122 255.255.255.255 outside
pdm location 212.113.16.124 255.255.255.255 outside
pdm location 10.91.40.4 255.255.255.255 inside
pdm location 10.91.40.58 255.255.255.255 inside
pdm location 10.91.40.62 255.255.255.255 inside
pdm location 10.91.30.0 255.255.255.0 outside
pdm location 59.163.119.126 255.255.255.255 outside
pdm location 10.91.30.0 255.255.255.0 inside
no pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list no-nat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 59.163.119.120 10.91.40.5 netmask 255.255.255.255 0 0
static (inside,outside) 59.163.119.119 10.91.40.2 netmask 255.255.255.255 0 0
static (inside,outside) 59.163.119.116 10.91.40.24 netmask 255.255.255.255 0 0
static (inside,outside) 59.163.119.117 10.91.40.25 netmask 255.255.255.255 0 0
static (inside,outside) 59.163.119.121 10.91.40.30 netmask 255.255.255.255 0 0
static (inside,outside) 59.163.119.114 10.91.40.138 netmask 255.255.255.255 0 0
static (inside,outside) 59.163.119.123 10.91.40.15 netmask 255.255.255.255 0 0
static (inside,outside) 59.163.119.118 10.91.40.35 netmask 255.255.255.255 0 0
conduit permit icmp any any
conduit permit tcp host 59.163.119.120 eq smtp any
conduit permit tcp host 59.163.119.120 eq pop3 any
conduit permit tcp host 59.163.119.120 eq www any
conduit permit tcp host 59.163.119.120 eq https any
conduit permit tcp host 59.163.119.119 eq www any
conduit permit tcp host 59.163.119.116 eq smtp any
conduit permit tcp host 59.163.119.116 eq www any
conduit permit tcp host 59.163.119.116 eq https any
conduit permit tcp host 59.163.119.116 eq 5222 any
conduit permit tcp host 59.163.119.116 eq 5269 any
conduit permit tcp host 59.163.119.116 eq 5280 any
conduit permit tcp host 59.163.119.117 eq smtp any
conduit permit tcp host 59.163.119.117 eq www any
conduit permit tcp host 59.163.119.117 eq https any
conduit permit tcp host 59.163.119.117 eq 5222 any
conduit permit tcp host 59.163.119.117 eq 5269 any
conduit permit tcp host 59.163.119.117 eq 5280 any
conduit permit tcp host 59.163.119.116 eq 5223 any
conduit permit tcp host 59.163.119.117 eq 5223 any
conduit permit tcp host 59.163.119.121 eq domain any
conduit permit udp host 59.163.119.121 eq domain any
conduit permit tcp host 59.163.119.114 eq smtp any
conduit permit tcp host 59.163.119.114 eq www any
conduit permit tcp host 59.163.119.114 eq https any
conduit permit tcp host 59.163.119.114 eq 5222 any
conduit permit tcp host 59.163.119.114 eq 5269 any
conduit permit tcp host 59.163.119.114 eq 5280 any
conduit permit tcp host 59.163.119.114 eq 5223 any
conduit permit tcp host 59.163.119.123 eq 1433 host 212.113.16.124
conduit permit tcp host 59.163.119.123 eq 1433 host 212.113.6.66
conduit permit tcp host 59.163.119.121 eq smtp any
conduit permit tcp host 59.163.119.121 eq pop3 any
conduit permit tcp host 59.163.119.121 eq www any
conduit permit tcp host 59.163.119.121 eq https any
conduit permit tcp host 59.163.119.121 eq imap4 any
conduit permit tcp host 59.163.119.123 eq 1433 host 212.113.16.122
conduit permit tcp host 59.163.119.118 eq www any
conduit permit tcp host 59.163.119.123 eq 1433 host 210.210.1.73
conduit permit tcp host 59.163.119.121 eq ssh host 210.210.1.73
conduit permit tcp host 59.163.119.123 eq 1433 host 212.113.16.123
route outside 0.0.0.0 0.0.0.0 59.163.119.115 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 10.91.40.57 255.255.255.255 inside
http 10.91.40.138 255.255.255.255 inside
http 10.91.40.4 255.255.255.255 inside
http 10.91.40.62 255.255.255.255 inside
http 10.91.40.58 255.255.255.255 inside
snmp-server host inside 10.91.40.2 poll
snmp-server host inside 10.91.40.57
snmp-server location Hyderabad
snmp-server contact Rama Krishna
snmp-server community test
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt noproxyarp inside
crypto ipsec transform-set sify-chennai esp-3des esp-md5-hmac
crypto ipsec transform-set uk1 esp-3des esp-sha-hmac
crypto ipsec transform-set new-jersy esp-3des esp-sha-hmac
crypto ipsec transform-set my-land esp-3des esp-sha-hmac
crypto ipsec transform-set enpocket esp-3des esp-md5-hmac
crypto ipsec transform-set roma esp-3des esp-md5-hmac
crypto map transam 10 ipsec-isakmp
crypto map transam 10 match address 102
crypto map transam 10 set peer 193.195.87.250
crypto map transam 10 set transform-set uk1
crypto map transam 20 ipsec-isakmp
crypto map transam 20 match address 104
crypto map transam 20 set peer 69.17.68.194
crypto map transam 20 set transform-set my-land
crypto map transam 30 ipsec-isakmp
crypto map transam 30 match address 103
crypto map transam 30 set peer 210.210.1.58
crypto map transam 30 set transform-set sify-chennai
crypto map transam 40 ipsec-isakmp
crypto map transam 40 match address 105
crypto map transam 40 set peer 66.155.166.179
crypto map transam 40 set transform-set new-jersy
crypto map transam 50 ipsec-isakmp
crypto map transam 50 match address 106
crypto map transam 50 set peer 209.67.242.194
crypto map transam 50 set transform-set enpocket
crypto map transam 60 ipsec-isakmp
crypto map transam 60 match address 107
crypto map transam 60 set peer 193.230.247.197
crypto map transam 60 set transform-set roma
crypto map transam 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map transam interface outside
crypto map vpnset 70 ipsec-isakmp
! Incomplete
isakmp enable outside
isakmp key ******** address 193.195.87.250 netmask 255.255.255.255
isakmp key ******** address 210.210.1.58 netmask 255.255.255.255
isakmp key ******** address 66.155.166.179 netmask 255.255.255.255
isakmp key ******** address 69.17.68.194 netmask 255.255.255.255
isakmp key ******** address 209.67.242.194 netmask 255.255.255.255
isakmp key ******** address 193.230.247.197 netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 3600
isakmp policy 3 authentication pre-share
isakmp policy 3 encryption 3des
isakmp policy 3 hash sha
isakmp policy 3 group 5
isakmp policy 3 lifetime 86400
vpngroup associate idle-time 1800
vpngroup split-tunnel idle-time 1800
vpngroup ipsecgroup address-pool remotevpn
vpngroup ipsecgroup idle-time 1800
vpngroup ipsecgroup password ********
telnet 10.91.40.10 255.255.255.255 inside
telnet 10.91.40.0 255.255.255.0 inside
telnet timeout 5
ssh 10.91.40.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:2e7099177324a8b82dc38c24d6715273
: end
Pix-Hyd#
Pix-Hyd#
Pix-Hyd#
Pix-Hyd#
Pix-Hyd#
Pix-Hyd#