sh run
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password s1SOOiork0eKTHA2 encrypted
passwd s1SOOiork0eKTHA2 encrypted
hostname sitea-PIX
domain-name cisco.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service Servers tcp 
  port-object eq ftp 
  port-object eq echo 
  port-object eq telnet 
  port-object eq www 
  port-object eq https 
access-list acl-in permit ip any any 
access-list acl-in permit ip 192.168.32.0 255.255.255.0 10.50.50.0 255.255.255.0 
access-list acl-in permit ip 100.0.0.0 255.0.0.0 10.50.50.0 255.255.255.0 
access-list acl-in permit ip 192.168.32.0 255.255.255.0 192.168.40.0 255.255.255.0 
access-list 102 permit ip 192.168.32.0 255.255.255.0 10.50.50.0 255.255.255.0 
access-list 102 permit ip 100.0.0.0 255.0.0.0 10.50.50.0 255.255.255.0 
access-list 102 permit ip 192.168.32.0 255.255.255.0 192.168.40.0 255.255.255.0 
access-list 103 permit ip 192.168.32.0 255.255.255.0 10.50.50.0 255.255.255.0
access-list 103 permit ip 100.0.0.0 255.0.0.0 10.50.50.0 255.255.255.0
access-list 103 permit ip 192.168.32.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list 105 permit ip 192.168.32.0 255.255.255.0 192.168.40.0 255.255.255.0 
pager lines 24
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside x.x.100.98 255.255.255.248
ip address inside 192.168.32.1 255.255.255.0
no ip address intf2
ip audit info action alarm
ip audit attack action alarm
ip local pool abapool 10.50.50.1-10.50.50.254
pdm logging informational 100
no pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 103
nat (inside) 1 192.168.32.0 255.255.255.0 0 0
access-group acl-in in interface inside
conduit permit icmp any any 
conduit permit icmp any any echo 
route outside 0.0.0.0 0.0.0.0 x.x.100.97 1
route inside 100.0.0.0 255.0.0.0 192.168.32.254 1
route outside 192.168.40.0 255.255.255.0 x1x.100.97 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server TACACS+ max-failed-attempts 3 
aaa-server TACACS+ deadtime 10 
aaa-server RADIUS protocol radius 
aaa-server RADIUS max-failed-attempts 3 
aaa-server RADIUS deadtime 10 
aaa-server LOCAL protocol local 
http server enable
http 192.168.32.0 255.255.255.0 inside
http 100.0.0.0 255.0.0.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.32.2 255.255.255.0
floodguard enable
sysopt connection tcpmss 1350
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set strong-des esp-3des esp-sha-hmac 
crypto dynamic-map abacisco 4 set transform-set strong-des
crypto map siteamap 10 ipsec-isakmp
crypto map siteamap 10 match address 105
crypto map siteamap 10 set peer x.x.90.4
crypto map siteamap 10 set transform-set strong-des
crypto map siteamap 30 ipsec-isakmp dynamic abacisco
crypto map siteamap interface outside
isakmp enable outside
isakmp key ******** address x.x.90.4 netmask 255.255.255.255 
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 86400
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
vpngroup ServersGroup idle-time 1800
vpngroup siteagroup address-pool abapool
vpngroup siteagroup split-tunnel 102
vpngroup siteagroup idle-time 1000
vpngroup siteagroup password ********
telnet 0.0.0.0 0.0.0.0 outside
telnet 100.1.3.24 255.255.255.255 inside
telnet 100.0.0.0 255.0.0.0 inside
telnet 100.10.10.21 255.255.255.255 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet 100.1.3.25 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
management-access inside
console timeout 0
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 2
username cisco password EirCMnMpOvZ4ah8K encrypted privilege 2
terminal width 80
Cryptochecksum:81ff39054364b65330bfcb51d68e0c8c