PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
interface ethernet3 100full
interface ethernet3 vlan4 physical
interface ethernet3 vlan5 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security20
nameif ethernet3 F5Internal security12
nameif vlan5 F5External security8
enable password hBqAs1sUaHDs7hm/ encrypted
passwd yNVh/aJimudOh0xl encrypted

clock timezone PST -8
clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol ftp 8080
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
access-list acl_out deny ip host 203.x.x.x host 63.x.x.x
access-list acl_out deny ip host 203.x.x.x host 63.x.x.
access-list acl_out permit tcp any object-group G_WEBSERVERS_ref_1 object-group G_HTTP_HTTPS
access-list acl_out permit tcp host 209.x.x.x host 63.x.x.x object-group G_DOMAIN
access-list acl_out permit tcp any host 63.x.x.x object-group G_Mail_Services
access-list acl_out permit tcp any object-group G_Mail_Services host 63.x.x.x
access-list acl_out permit udp any host 63.x.x.x eq domain
access-list acl_out permit tcp host 65.x.x.x 63.x.x.x 255.255.255.192 object-group G_FTP
access-list acl_out permit tcp any host 66.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 66.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 66.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 66.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit icmp any host 63.x.x.x
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x eq www
access-list acl_out permit tcp any host 63.x.x.x eq 81
access-list acl_out permit tcp any host 63.x.x.x eq 82
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 66.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 66.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x object-group G_FTP
access-list acl_out permit tcp any host 63.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 66.x.x.x object-group G_HTTP_HTTPS
access-list acl_out permit tcp any host 63.x.x.x eq www
access-list acl_out permit tcp any host 66.x.x.x eq www
access-list acl_out permit tcp any host 66.x.x.x eq 88
access-list inside_outbound_nat0_acl permit ip any 192.168.0.0 255.255.255.0 63.x.x.x 255.255.255.192
access-list inside_outbound_nat0_acl permit ip any 172.16.3.0 255.255.255.0 
access-list dmz_acl permit ip any any
access-list 100 permit ip 63.x.x.x 255.255.255.192 192.168.0.0 255.255.255.0
access-list 100 permit ip 172.16.0.0 255.255.0.0 192.168.0.0 255.255.255.0
access-list acl_F5Ext_to_F5Int permit tcp 172.16.5.0 255.255.255.0 172.16.4.0 255.255.255.0 eq www
access-list acl_F5Ext_to_F5Int permit tcp 172.16.5.0 255.255.255.0 172.16.4.0 255.255.255.0 eq https
access-list acl_F5Ext_to_F5Int permit tcp 172.16.5.0 255.255.255.0 172.16.3.0 255.255.255.0 eq www
access-list acl_F5Ext_to_F5Int permit tcp 172.16.5.0 255.255.255.0 172.16.3.0 255.255.255.0 eq https
access-list acl_f5internal permit ip any any
access-list dmz_outbound_nat0_acl permit ip any 192.168.0.0 255.255.255.0
access-list dmz_outbound_nat0_acl permit ip any 172.16.4.0 255.255.255.0
access-list dmz_outbound_nat0_acl permit ip any 172.16.5.0 255.255.255.0
access-list dmz_outbound_nat0_acl permit ip any 63.x.x.x 255.255.255.192
access-list F5Internal_outbound_nat0_acl permit ip 63.x.x.x 255.255.255.192 192.168.0.0 255.255.255.0
access-list F5Internal_outbound_nat0_acl permit ip 63.x.x.x 255.255.255.192 172.16.5.0 255.255.255.0
access-list F5External_outbound_nat0_acl permit ip any 192.168.0.0 255.255.255.0
access-list F5External_outbound_nat0_acl permit ip any 172.16.4.0 255.255.255.0
access-list F5External_outbound_nat0_acl permit ip any 63.x.x.x 255.255.255.192
access-list F5External_outbound_nat0_acl permit ip any 172.16.3.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging monitor warnings
logging buffered errors
logging trap errors
logging history errors
logging host outside 63.x.x.x
icmp permit any outside
icmp permit any echo-reply outside
icmp permit any echo-reply inside
icmp permit host 63.x.x.x inside
icmp permit any inside
icmp permit any F5Internal
icmp permit any echo-reply F5Internal
icmp permit any F5External
icmp permit any echo-reply F5External
mtu outside 1500
mtu inside 1500
mtu publicdmz 1500
mtu dmz 1500
mtu F5Internal 1500
mtu intf5 1500
ip address outside 208.x.x.x 255.255.255.240
ip address inside 172.16.4.1 255.255.255.0
ip address dmz 172.16.3.1 255.255.255.0
ip address F5Internal 63.x.x.x 255.255.255.192
ip address F5External 172.16.5.1 255.255.255.0 
ip audit info action alarm
ip audit attack action alarm
failover
failover timeout 0:00:00
failover poll 15
failover replication http
failover ip address outside 208.x.x.x
failover ip address inside  172.16.4.2
failover ip address dmz 172.16.3.2
failover ip address F5Internal 63.x.x.x
failover ip address F5External 172.16.5.2
failover link intf5
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 172.16.4.0 255.255.255.0 0 0
nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (dmz) 1 172.16.3.0 255.255.255.0 0 0
nat (F5Internal) 0 access-list F5Internal_outbound_nat0_acl
nat (F5Internal) 0 63.x.x.x 255.255.255.224 0 0
nat (intf5) 0 access-list intf5_outbound_nat0_acl
nat (F5External) 0 access-list F5External_outbound_nat0_acl
nat (F5External) 1 172.16.5.0 255.255.255.0 0 0
static (F5Internal,outside) 63.x.x.x.27 63.x.x.x.27 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.26 63.x.x.x.26 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.29 63.x.x.x.29 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.30 63.x.x.x.30 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.24 63.x.x.x.24 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.5 63.x.x.x.5 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.10 63.x.x.x.10 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.9 63.x.x.x.9 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.23 63.x.x.x.23 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.21 63.x.x.x.21 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.20 63.x.x.x.20 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.19 63.x.x.x.19 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.2 63.x.x.x.2 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.3 63.x.x.x.3 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.11 63.x.x.x.11 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.12 63.x.x.x.12 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.13 63.x.x.x.13 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.31 63.x.x.x.31 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.15 63.x.x.x.15 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.32 63.x.x.x.32 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.33 63.x.x.x.33 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.59 63.x.x.x.59 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.14 63.x.x.x.14 netmask 255.255.255.255 0 0
static (F5Internal,dmz) 63.x.x.x.0 63.x.x.x.0 netmask 255.255.255.192 0 0
static (F5Internal,F5External) 63.x.x.x 63.x.x.x netmask 255.255.255.0 0 0
static (F5External,outside) 66.x.x.x 172.16.5.5 netmask 255.255.255.255 0 0
static (F5External,outside) 66.x.x.x 172.16.5.6 netmask 255.255.255.255 0 0
static (dmz,F5External) 172.16.3.0 172.16.3.0 netmask 255.255.255.0 0 0
static (F5Internal,F5External) 63.x.x.x.0 63.x.x.x.0 netmask 255.255.255.192 0 0
static (F5Internal,inside) 63.x.x.x.0 63.x.x.x.0 netmask 255.255.255.192 0 0
static (F5External,outside) 66.x.x.x 172.16.5.9 netmask 255.255.255.255 0 0
static (F5External,outside) 66.x.x.x 172.16.5.11 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.7 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.8 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.10 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.12 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.35 63.x.x.x.35 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.13 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.14 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.15 netmask 255.255.255.255 0 0
static (F5Internal,outside) 63.x.x.x.16 63.x.x.x.16 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.16 netmask 255.255.255.255 0 0
static (F5External,outside) 66.x.x.x 172.16.5.17 netmask 255.255.255.255 0 0
static (F5External,outside) 66.x.x.x 172.16.5.18 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.19 netmask 255.255.255.255 0 0
static (F5External,outside) 66.x.x.x 172.16.5.20 netmask 255.255.255.255 0 0
static (F5External,outside) 63.x.x.x 172.16.5.21 netmask 255.255.255.255 0 0
static (F5External,outside) 66.x.x.x 172.16.5.22 netmask 255.255.255.255 0 0
static (dmz,outside) 66.x.x.x 172.16.3.4 netmask 255.255.255.255 0 0
static (dmz,inside) 66.x.x.x 172.16.3.4 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group dmz_acl in interface dmz
access-group acl_f5internal in interface F5Internal
access-group acl_F5Ext_to_F5Int in interface F5External
route outside 0.0.0.0 0.0.0.0 208.x.x.x 1
timeout xlate 3:00:00
timeout conn 2:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
ntp server 132.x.x.x source outside
http server enable
http 172.16.4.15 255.255.255.255 inside
http 192.168.0.0 255.255.255.0 dmz
tftp-server outside 64.x.x.x /
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
crypto ipsec transform-set secureset esp-3des esp-sha-hmac
crypto map toCorporate 10 ipsec-isakmp
crypto map toCorporate 10 match address 100
crypto map toCorporate 10 set peer 64.x.x.x
crypto map toCorporate 10 set transform-set vpn1
crypto map toCorporate interface outside
isakmp enable outside
isakmp key ******** address 64.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption aes
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 28800
telnet timeout 5
ssh 192.168.0.66 255.255.255.255 inside
ssh timeout 60
management-access inside
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration dns 63.x.x.x
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username tdoan password *********
vpdn username kho password *********
username admin password kvz4gOQjDwhJfGHt encrypted privilege 15
terminal width 80
Cryptochecksum:cbe018c2469c85d80d09998ba29b0f7e
: end
friend-pix1#