PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname novfw3 domain-name nov.test fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 79-81 fixup protocol http 80 fixup protocol http 7979 fixup protocol http 8080 fixup protocol http 8100 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 no names object-group service MQ_series tcp port-object eq 1414 port-object eq 1415 object-group service TWS_series tcp port-object eq 31111 port-object eq 31112 port-object eq 402 object-group service Patchlink tcp port-object eq https object-group service WebProxy tcp port-object eq 8080 object-group service SameTime tcp port-object eq 1533 port-object eq 8081 port-object eq 8082 object-group service Printing tcp port-object eq lpd port-object eq 8100 port-object eq 9100 object-group service NetwareCoreProtocol tcp port-object eq 524 port-object eq 631 object-group service SAP-port-RANGE tcp port-object range 3200 3499 port-object range 8100 8699 port-object range 3600 3699 object-group service rdpTerminalServices tcp port-object eq 3389 object-group service vncVirtualNetworkComputing tcp port-object eq 5800 port-object eq 5801 port-object eq 5900 port-object eq 5901 object-group service Netmeeting tcp port-object eq 522 port-object eq ldap port-object eq 1503 port-object eq h323 port-object eq 1731 object-group service Anti-Virus udp port-object eq 38293 port-object eq 2967 object-group service Anti-Virus_tcp tcp port-object eq 2967 object-group network multicast description The multicast addresses network-object 224.0.0.0 255.0.0.0 network-object 239.0.0.0 255.0.0.0 object-group service Bootstrap udp port-object range bootps bootpc object-group service Oracle-LDAP tcp port-object eq 3060 object-group service AD-logon-tcp tcp port-object eq domain port-object eq www port-object eq 135 port-object eq ldap port-object eq 445 port-object eq 3268 port-object eq 3269 port-object eq ldaps port-object eq netbios-ssn port-object eq 138 port-object eq 88 port-object eq 1512 port-object eq 42 port-object eq 50000 port-object eq 50001 port-object eq 50002 port-object eq 17988 object-group service AD-logon-udp udp port-object eq domain port-object eq 88 port-object eq ntp port-object eq 389 port-object eq 135 port-object eq netbios-ns port-object eq netbios-dgm port-object eq 445 port-object eq 1512 port-object eq nameserver object-group service Cardax tcp port-object eq 1072 object-group service MS-SQL tcp port-object eq 1433 object-group service Oracle-SQL tcp port-object eq 150 object-group network Oracle-Directory-Servers description iswvl05 mtolx105 aplx004 network-object 10.1.26.50 255.255.255.255 network-object 10.64.23.35 255.255.255.255 network-object 10.132.4.186 255.255.255.255 object-group network SAP_servers description The commonest ISX SAP servers network-object 10.120.16.0 255.255.255.0 network-object 10.64.0.0 255.255.0.0 network-object 10.65.0.0 255.255.0.0 object-group network SameTime_servers description ISWSN71 MTOSN71 APSN6 network-object 10.1.24.35 255.255.255.255 network-object 10.64.22.101 255.255.255.255 network-object 10.132.4.43 255.255.255.255 object-group network Patchlink_servers network-object 10.64.9.183 255.255.255.255 network-object 10.64.9.95 255.255.255.255 object-group network Scanners network-object 10.132.5.103 255.255.255.255 network-object 10.120.11.148 255.255.255.255 network-object 10.120.11.149 255.255.255.255 network-object 10.120.9.59 255.255.255.255 network-object 10.120.9.60 255.255.255.255 network-object 10.120.9.61 255.255.255.255 network-object 10.120.9.29 255.255.255.255 network-object 10.65.28.227 255.255.255.255 network-object 10.64.23.146 255.255.255.255 network-object 10.120.104.66 255.255.255.255 network-object 10.120.104.67 255.255.255.255 network-object 10.132.5.23 255.255.255.255 network-object 10.132.5.24 255.255.255.255 network-object 10.132.5.25 255.255.255.255 network-object 10.132.5.81 255.255.255.255 object-group service ZAM tcp port-object eq 7460 port-object eq 7461 object-group service Citrix tcp port-object eq citrix-ica port-object eq 2598 port-object eq 27000 port-object eq 27001 access-list in_Office permit icmp any any access-list in_Office permit tcp any any eq domain access-list in_Office permit udp any any eq domain access-list in_Office permit tcp any any eq ftp access-list in_Office permit tcp any any eq telnet access-list in_Office permit tcp any any eq www access-list in_Office permit tcp any any eq https access-list in_Office permit udp any any eq ntp access-list in_Office permit udp any any eq snmp access-list in_Office permit udp any any eq snmptrap access-list in_Office permit tcp any any object-group MS-SQL access-list in_Office permit tcp any any object-group Cardax access-list in_Office permit tcp any any object-group MQ_series access-list in_Office permit tcp any any object-group rdpTerminalServices access-list in_Office permit tcp any any object-group Netmeeting access-list in_Office permit tcp any any object-group Printing access-list in_Office permit tcp any any object-group vncVirtualNetworkComputing access-list in_Office permit udp any any object-group Anti-Virus access-list in_Office permit tcp any any object-group Anti-Virus_tcp access-list in_Office permit udp any any object-group Bootstrap access-list in_Office permit tcp any any object-group AD-logon-tcp access-list in_Office permit udp any any object-group AD-logon-udp access-list in_Office permit ip object-group Scanners any access-list in_Office permit ip any object-group multicast access-list in_Office permit tcp any any object-group TWS_series access-list in_Office permit tcp 10.32.0.0 255.255.0.0 host 10.34.12.100 eq 9013 access-list in_Office permit tcp 10.32.0.0 255.255.0.0 host 10.34.12.100 eq 9012 access-list in_Office permit tcp 10.34.0.0 255.255.0.0 host 10.34.12.100 eq 9012 access-list in_Office permit tcp 10.34.0.0 255.255.0.0 host 10.34.12.100 eq 9013 access-list in_Office permit tcp 10.34.0.0 255.255.0.0 host 10.34.12.150 eq 9012 access-list in_Office permit tcp 10.34.0.0 255.255.0.0 host 10.34.12.150 eq 9013 access-list in_Office permit tcp any any object-group ZAM access-list in_Office permit tcp any any object-group Citrix access-list in_Office deny ip any any log access-list in_Factory permit icmp any any access-list in_Factory permit tcp any any eq domain access-list in_Factory permit udp any any eq domain access-list in_Factory permit tcp any any eq ftp access-list in_Factory permit tcp any any eq telnet access-list in_Factory permit tcp any any eq www access-list in_Factory permit tcp any any eq https access-list in_Factory permit udp any any eq ntp access-list in_Factory permit udp any any eq snmp access-list in_Factory permit udp any any eq snmptrap access-list in_Factory permit tcp any any eq smtp access-list in_Factory permit tcp any any object-group Oracle-SQL access-list in_Factory permit tcp any any object-group MS-SQL access-list in_Factory permit tcp any any object-group Cardax access-list in_Factory permit tcp any any object-group MQ_series access-list in_Factory permit tcp any any object-group WebProxy access-list in_Factory permit tcp any object-group SameTime_servers object-group SameTime access-list in_Factory permit tcp any any object-group Printing access-list in_Factory permit tcp any any object-group NetwareCoreProtocol access-list in_Factory permit tcp any any eq lotusnotes access-list in_Factory permit udp any any eq syslog access-list in_Factory permit tcp any object-group SAP_servers object-group SAP-port-RANGE access-list in_Factory permit tcp any any object-group rdpTerminalServices access-list in_Factory permit tcp any any object-group Netmeeting access-list in_Factory permit tcp any any object-group vncVirtualNetworkComputing access-list in_Factory permit udp any any object-group Anti-Virus access-list in_Factory permit tcp any any object-group Anti-Virus_tcp access-list in_Factory permit tcp any any eq citrix-ica access-list in_Factory permit ip any object-group multicast access-list in_Factory permit udp any any object-group Bootstrap access-list in_Factory permit tcp any object-group Oracle-Directory-Servers object-group Oracle-LDAP access-list in_Factory permit tcp any any object-group AD-logon-tcp access-list in_Factory permit udp any any object-group AD-logon-udp access-list in_Factory permit tcp any object-group Patchlink_servers object-group Patchlink access-list in_Factory permit tcp any any object-group TWS_series access-list in_Factory permit tcp 10.32.0.0 255.255.0.0 host 10.34.12.100 eq 9012 access-list in_Factory permit tcp 10.32.0.0 255.255.0.0 host 10.34.12.100 eq 9013 access-list in_Factory permit tcp 10.32.0.0 255.255.0.0 host 10.34.12.150 eq 9012 access-list in_Factory permit tcp 10.32.0.0 255.255.0.0 host 10.34.12.150 eq 9013 access-list in_Factory permit tcp any any object-group ZAM access-list in_Factory permit tcp any any object-group Citrix access-list in_Factory deny ip any any log access-list cardax permit tcp any any eq 9012 access-list cardax permit tcp any any eq 9013 access-list outside_access_in permit ip 10.34.12.0 255.255.255.0 10.34.3.0 255.255.255.0 access-list outside_access_in permit ip 10.34.12.0 255.255.255.0 10.0.0.0 255.0.0.0 access-list inside_access_out permit ip 10.34.3.0 255.255.255.0 10.34.12.0 255.255.255.0 access-list inside_access_out permit ip 10.0.0.0 255.0.0.0 10.34.12.0 255.255.255.0 no pager logging on logging timestamp logging monitor debugging logging buffered debugging logging trap debugging logging history debugging logging queue 0 logging host inside 10.120.9.106 no logging message 710005 logging message 315011 level critical logging message 313001 level critical logging message 211003 level critical logging message 308001 level critical logging message 106023 level critical logging message 199001 level critical logging message 199002 level critical logging message 199005 level critical logging message 501101 level critical logging message 305006 level critical logging message 305005 level critical logging message 710003 level critical logging message 611103 level critical logging message 605005 level critical logging message 605004 level critical logging message 502101 level critical logging message 502103 level critical logging message 502102 level critical logging message 610101 level critical logging message 111009 level critical logging message 111008 level critical logging message 110001 level critical logging message 111003 level critical logging message 111002 level critical logging message 111005 level critical logging message 111004 level critical logging message 111007 level critical mtu outside 1500 mtu inside 1500 ip address outside 10.34.12.1 255.255.255.0 ip address inside 10.34.3.17 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 nat (outside) 0 access-list outside_access_in outside nat (inside) 0 access-list inside_access_out access-group in_Factory in interface outside access-group in_Office in interface inside route inside 0.0.0.0 0.0.0.0 10.34.3.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ (inside) host 10.64.8.25 timeout 10 aaa-server TACACS+ (inside) host 10.120.9.34 timeout 10 aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa authentication ssh console TACACS+ ntp server 10.1.24.74 source inside prefer ntp server 10.132.4.30 source inside ntp server 10.64.9.245 source inside snmp-server host inside 10.64.11.194 snmp-server host inside 10.64.22.123 snmp-server host inside 10.64.9.68 snmp-server location snmp-server contact snmp-server community no snmp-server enable traps floodguard enable telnet 10.0.0.0 255.0.0.0 inside telnet timeout 5 ssh 10.0.0.0 255.0.0.0 inside ssh timeout 5 console timeout 0 terminal width 80 ######################################################## sh sysopt no sysopt connection timewait sysopt connection tcpmss 1380 sysopt connection tcpmss minimum 0 no sysopt nodnsalias inbound no sysopt nodnsalias outbound no sysopt radius ignore-secret no sysopt uauth allow-http-cache no sysopt connection permit-ipsec no sysopt connection permit-pptp no sysopt connection permit-l2tp no sysopt ipsec pl-compatible