 Saved
:
PIX Version 8.0(3) 
!
hostname pix
domain-name teste
enable password encrypted
names
name 192.168.6.0 
name 192.168.5.0 
name 192.168.1.0 
name 90.0.0.0 
name 70.0.0.0 
name 10.0.0.112 
name 60.0.0.0 
name 192.168.1.64 
!
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute 
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.0.2 255.0.0.0 
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name teste
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service Messenger tcp
description Windows Live Messenger
port-object eq 1863
object-group service MessengerRTP tcp
description MSN Messenger RTP connection
port-object eq 5100
access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.0.0.0 networkA 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 networkA 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 networkB 255.255.255.0 
access-list inside_nat0_outbound extended permit ip any 10.0.0.240 255.255.255.240 
access-list outside_2_cryptomap extended permit ip 10.0.0.0 255.0.0.0 networkB 255.255.255.0 
access-list http-list2 extended permit tcp any any 
access-list teste_splitTunnelAcl standard permit any 
access-list inside_access_in extended permit udp host 10.0.0.243 any eq ntp 
access-list inside_access_in extended permit ip host 192.168.1.25 any 
access-list inside_access_in extended deny ip host 10.0.0.76 any 
access-list inside_access_in extended deny ip host 10.0.0.64 any 
access-list inside_access_in extended permit ip host 10.0.0.243 any 
access-list inside_access_in extended deny ip host 10.0.0.61 any 
access-list inside_access_in extended permit ip host 10.0.0.21 any 
access-list inside_access_in extended permit object-group TCPUDP host 10.0.0.21 any 
access-list inside_access_in extended permit ip host 10.0.0.9 any 
access-list inside_access_in extended permit tcp host 10.0.0.9 any 
access-list inside_access_in extended permit ip host 10.0.0.6 any 
access-list inside_access_in extended permit object-group TCPUDP host 10.0.0.6 any 
access-list inside_access_in extended permit ip host 10.0.0.11 any 
access-list inside_access_in extended permit object-group TCPUDP host 10.0.0.11 any 
access-list inside_access_in extended permit ip host 10.0.0.96 any 
access-list inside_access_in extended permit object-group TCPUDP host 10.0.0.96 any 
access-list inside_access_in extended permit ip host 10.0.0.51 any 
access-list inside_access_in extended permit object-group TCPUDP host 10.0.0.51 any 
access-list inside_access_in extended permit ip networkC 255.0.0.0 any 
access-list inside_access_in extended permit object-group TCPUDP any any eq www 
access-list inside_access_in extended permit tcp any any eq https 
access-list inside_access_in extended permit udp any any eq ntp 
access-list inside_access_in extended permit object-group TCPUDP any any eq domain 
access-list inside_access_in extended permit tcp any any eq ftp 
access-list inside_access_in extended permit tcp any any eq ftp-data 
access-list inside_access_in extended permit tcp any any eq imap4 
access-list inside_access_in extended permit tcp any any eq pop3 
access-list inside_access_in extended permit tcp any any eq ldap 
access-list inside_access_in extended permit tcp any any eq ldaps 
access-list inside_access_in extended permit tcp any any eq login 
access-list inside_access_in extended permit tcp any any eq smtp 
access-list inside_access_in extended permit tcp any any eq telnet 
access-list inside_access_in extended permit tcp any any object-group Messenger 
access-list gatedefender extended permit tcp any host 230.101.220.30 eq ssh 
access-list gatedefender extended permit udp any any eq ntp 
access-list gatedefender extended permit tcp host 70.87.32.131 any eq www 
!
tcp-map mss-map
exceed-mss allow
!
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool vpnpool 10.0.0.247-10.0.0.255 mask 255.0.0.0
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0 dns
static (inside,outside) tcp interface ssh 10.0.0.243 ssh netmask 255.255.255.255 dns 
static (outside,outside) tcp interface www 70.87.32.131 www netmask 255.255.255.255 dns 
access-group gatedefender in interface outside
access-group inside_access_in in interface inside
route inside networkC 255.0.0.0 10.0.0.54 1
route inside networkD 255.0.0.0 10.0.0.54 1
route inside networkE 255.0.0.0 10.0.0.54 1
route insidenetworkF 255.255.255.0 10.0.0.54 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server AuthentServer protocol radius
aaa-server AuthentServer host 10.0.0.3
timeout 5
key teste
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs 
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 210.105.250.4 
crypto map outside_map 1 set transform-set ESP-DES-MD5
crypto map outside_map 1 set phase1-mode aggressive group1
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs group1
crypto map outside_map 2 set peer 80.20.118.25 
crypto map outside_map 2 set transform-set ESP-DES-MD5
crypto map outside_map 2 set phase1-mode aggressive group1
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 10.0.0.21 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.0.0.3-89.0.1.2 inside
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
group-policy teste internal
group-policy teste attributes
wins-server value 10.0.0.3
dns-server value 10.0.0.3
vpn-tunnel-protocol IPSec 
split-tunnel-policy tunnelspecified
split-tunnel-network-list value teste_splitTunnelAcl
default-domain value teste
tunnel-group 210.105.250.4 type ipsec-l2l
tunnel-group 210.105.250.4 ipsec-attributes
pre-shared-key 
tunnel-group 80.20.118.25 type ipsec-l2l
tunnel-group 80.20.118.25 ipsec-attributes
pre-shared-key 
tunnel-group teste type remote-access
tunnel-group teste general-attributes
address-pool vpnpool
authentication-server-group AuthentServer
default-group-policy teste
tunnel-group teste ipsec-attributes
pre-shared-key 
!
class-map inspection_default
match default-inspection-traffic
class-map http-map1
match access-list http-list2
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp 
inspect h323 h225 
inspect h323 ras 
inspect rsh 
inspect rtsp 
inspect esmtp 
inspect sqlnet 
inspect skinny 
inspect sunrpc 
inspect xdmcp 
inspect sip 
inspect netbios 
inspect tftp 
inspect dns 
policy-map http-map1
class http-map1
set connection advanced-options mss-map
!
service-policy global_policy global
service-policy http-map1 interface outside
prompt hostname context 
Cryptochecksum:3779ad53cb8169d64c24cd48bbcfe307
: end
asdm image flash:/asdm-603.bin
no asdm history enable