PIX525A# sh conf : Saved : Written by enable_15 at 13:09:14.487 UTC Fri Oct 12 2007 ! PIX Version 7.0(4) ! hostname PIX525A domain-name odigo.com enable password qpO639LFmIJOAHFv encrypted names name 209.185.172.228 pix_outside name 209.67.31.129 pix_inside name 209.185.172.229 fo_pix_outside name 209.67.31.130 fo_pix_inside name 209.67.16.145 pcn_inside name 209.67.16.146 fo_pcn_inside name 192.168.14.4 pix_vzw_dmz name 192.168.14.5 fo_pix_vzw_dmz name 192.168.12.4 pix_cust_mz name 192.168.12.5 fo_pix_cust_mz name 172.16.204.198 pix_manage name 172.16.204.200 fo_pix_manage ! interface Ethernet0 speed 100 duplex full nameif outside security-level 0 ip address pix_outside 255.255.255.248 standby fo_pix_outside ! interface Ethernet1 speed 100 duplex full nameif inside security-level 100 ip address pix_inside 255.255.255.224 standby fo_pix_inside ! interface Ethernet2 speed 10 duplex full nameif manage security-level 80 ip address pix_manage 255.255.255.224 standby fo_pix_manage ! interface Ethernet3 speed 100 duplex full nameif vzw-dmz security-level 10 ip address pix_vzw_dmz 255.255.255.0 standby fo_pix_vzw_dmz ! interface Ethernet4 speed 100 duplex full nameif pcn security-level 40 ip address pcn_inside 255.255.255.240 standby fo_pcn_inside ! interface Ethernet5 speed 100 duplex full nameif customer-mz security-level 90 ip address pix_cust_mz 255.255.255.0 standby fo_pix_cust_mz ! passwd iVt2XAxMfJYvOYum encrypted ftp mode passive access-list acl_out extended permit tcp any 209.67.31.128 255.255.255.224 eq www access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq www access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 2562 access-list acl_out extended permit udp any 216.33.42.64 255.255.255.224 eq 2562 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq https access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 11319 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 11111 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 22222 access-list acl_out extended permit tcp any 209.67.31.128 255.255.255.224 eq 2562 access-list acl_out extended permit udp any 209.67.31.128 255.255.255.224 eq 2562 access-list acl_out extended permit tcp any 209.67.31.128 255.255.255.224 eq https access-list acl_out extended permit tcp any 209.67.31.128 255.255.255.224 eq 11319 access-list acl_out extended permit tcp any 209.67.31.128 255.255.255.224 eq 11111 access-list acl_out extended permit tcp any 209.67.31.128 255.255.255.224 eq 22222 access-list acl_out extended permit tcp any 209.67.31.128 255.255.255.224 eq ssh access-list acl_out extended permit tcp any host 216.33.42.70 eq www access-list acl_out extended permit tcp any host 216.33.42.70 eq pop3 access-list acl_out extended permit tcp any host 216.33.42.70 eq smtp access-list acl_out extended permit tcp any host 216.33.42.70 eq domain access-list acl_out extended permit udp any host 216.33.42.70 eq domain access-list acl_out extended permit tcp any host 216.33.42.70 eq ssh access-list acl_out extended permit tcp any host 216.33.42.70 eq https access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 6667 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8005 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8000 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 5721 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8003 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8081 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8888 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8091 access-list acl_out extended permit udp any 216.33.42.64 255.255.255.224 eq 8091 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 3132 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8741 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8205 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8203 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 8080 access-list acl_out extended permit tcp any 216.33.42.64 255.255.255.224 eq 9003 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq www access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq 2562 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq 8000 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq 8070 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq 11319 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq 8003 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq 8005 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq 8030 access-list acl_out extended permit udp any 209.67.16.144 255.255.255.240 eq 8031 access-list acl_out extended permit udp any 209.67.16.144 255.255.255.240 eq 8033 access-list acl_out extended permit udp any 209.67.16.144 255.255.255.240 eq 8038 access-list acl_out extended permit udp any 209.67.16.144 255.255.255.240 eq 8040 access-list acl_out extended permit udp any 209.67.16.144 255.255.255.240 eq 8050 access-list acl_out extended permit udp any 209.67.16.144 255.255.255.240 eq 8091 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq ssh access-list acl_out extended permit udp any host 216.33.42.79 eq 5050 access-list acl_out extended permit tcp any host 209.67.16.136 eq ssh access-list acl_out extended permit tcp any host 209.67.16.133 eq ssh access-list acl_out extended permit tcp any host 209.67.16.137 eq ssh access-list acl_out extended permit tcp any host 209.67.16.134 eq 51874 access-list acl_out extended permit tcp any host 216.33.42.83 eq 51000 access-list acl_out extended permit tcp any host 209.67.16.135 eq 51000 access-list acl_out extended permit tcp any host 209.67.16.135 eq 51001 access-list acl_out extended permit tcp any 209.67.16.144 255.255.255.240 eq https access-list acl_out extended permit tcp any host 209.67.16.133 eq https access-list acl_out extended permit tcp any host 209.67.16.133 eq 2562 access-list acl_out extended permit tcp any host 209.67.16.134 eq 51875 access-list acl_out extended permit tcp any host 209.67.16.135 eq 8081 access-list acl_out extended permit tcp any host 209.67.16.135 eq 37777 access-list acl_out extended permit tcp any host 209.67.16.135 eq 37778 access-list acl_out extended permit tcp any host 209.67.16.136 eq sqlnet access-list acl_out extended permit tcp any host 209.67.16.137 eq sqlnet access-list acl_out extended permit tcp any host 209.67.16.135 eq https access-list acl_out extended permit tcp any host 209.67.16.135 eq 37001 access-list acl_out extended permit tcp any host 209.67.39.240 eq 51000 access-list acl_out extended permit tcp any host 209.67.39.240 eq 51001 access-list acl_out extended permit tcp any host 209.67.39.246 eq 51874 access-list acl_out extended permit tcp any host 209.67.39.246 eq 51875 access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 host 192.168.12.110 eq cifs access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 host 192.168.12.11 eq sqlnet access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 any eq 1863 access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 any eq https access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 any eq 6006 access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 any eq 5432 access-list acl_vzw_dmz extended permit icmp 192.168.13.0 255.255.255.0 192.168.12.0 255.255.255.0 echo access-list acl_vzw_dmz extended permit icmp 192.168.13.0 255.255.255.0 192.168.12.0 255.255.255.0 unreachable access-list acl_vzw_dmz extended permit icmp 192.168.13.0 255.255.255.0 192.168.12.0 255.255.255.0 echo-reply access-list acl_vzw_dmz extended permit udp 192.168.13.0 255.255.255.0 host 209.1.222.244 eq domain access-list acl_vzw_dmz extended permit udp 192.168.13.0 255.255.255.0 host 209.1.222.247 eq domain access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 host 192.168.12.115 eq 7070 access-list acl_vzw_dmz extended permit udp 192.168.13.0 255.255.255.0 host 192.168.12.10 eq syslog access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 host 192.168.12.10 eq 37 access-list acl_vzw_dmz extended permit tcp 192.168.13.0 255.255.255.0 any eq www access-list acl_pcn extended permit tcp host 209.67.16.157 216.33.42.64 255.255.255.224 access-list acl_pcn extended permit tcp host 209.67.16.156 216.33.42.64 255.255.255.224 access-list pcn_http extended permit tcp any host 209.67.16.154 eq www access-list pcn_http extended permit tcp host 209.67.16.154 eq www any access-list vzw_vpn_nat extended permit ip host 209.67.16.131 host 66.174.75.11 access-list vzw_vpn_prod extended permit ip host 209.67.16.130 host 66.174.3.11 access-list nat_inside extended permit ip 216.33.42.64 255.255.255.224 any access-list nat_inside extended permit ip 209.67.31.128 255.255.255.224 any access-list nat_pcn extended permit ip 209.67.16.144 255.255.255.240 any access-list vzw-smsc-capt extended permit tcp any host 209.67.16.131 access-list vzw-smsc-capt extended permit tcp host 209.67.16.131 any access-list vzw-smsc-capt extended permit tcp host 66.174.75.11 any access-list vzw-smsc-capt extended permit tcp any host 66.174.75.11 access-list yaron-debug extended permit tcp any host 209.67.16.135 access-list yaron-debug extended permit tcp host 209.67.16.135 any access-list vzw-aim-pap-debug extended permit tcp any 205.188.253.0 255.255.255.0 access-list vzw-aim-pap-debug extended permit tcp 205.188.253.0 255.255.255.0 any access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 192.168.13.0 255.255.255.0 eq 1040 access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 192.168.13.0 255.255.255.0 eq ssh access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 host 66.174.3.11 eq 8702 access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 192.168.13.0 255.255.255.0 echo access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 192.168.13.0 255.255.255.0 unreachable access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 192.168.13.0 255.255.255.0 echo-reply access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 192.168.4.0 255.255.255.0 eq ssh access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 192.168.4.0 255.255.255.0 echo access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 192.168.4.0 255.255.255.0 unreachable access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 192.168.4.0 255.255.255.0 echo-reply access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 host pix_cust_mz eq telnet access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 192.168.13.0 255.255.255.0 eq 40079 access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 192.168.4.0 255.255.255.0 eq ftp access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 host 66.174.3.11 echo access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 host 66.174.3.11 unreachable access-list acl_vzw_mz extended permit icmp 192.168.12.0 255.255.255.0 host 66.174.3.11 echo-reply access-list acl_vzw_mz extended permit tcp 192.168.12.0 255.255.255.0 192.168.4.0 255.255.255.0 eq www access-list uni_maange extended permit ip 172.16.204.192 255.255.255.192 any pager lines 25 logging enable logging timestamp logging console critical logging monitor debugging logging buffered errors logging trap errors logging history errors logging host customer-mz 192.168.12.10 no logging message 111005 mtu outside 1500 mtu inside 1500 mtu manage 1500 mtu vzw-dmz 1500 mtu pcn 1500 mtu customer-mz 1500 failover failover polltime unit 7 holdtime 21 failover link inside asdm history enable arp timeout 14400 nat-control global (outside) 2 209.67.16.131 global (outside) 3 209.67.16.130 global (outside) 1 209.67.16.132 nat (inside) 0 access-list nat_inside nat (manage) 2 192.168.4.0 255.255.255.0 nat (vzw-dmz) 1 192.168.13.0 255.255.255.0 nat (pcn) 0 access-list nat_pcn nat (customer-mz) 3 192.168.12.0 255.255.255.0 static (manage,outside) tcp 209.67.16.135 8081 192.168.4.120 8081 netmask 255.255.255.255 static (manage,outside) tcp 209.67.16.135 37777 192.168.4.110 37777 netmask 255.255.255.255 static (manage,outside) tcp 209.67.16.135 37778 192.168.4.148 37778 netmask 255.255.255.255 static (manage,outside) tcp 209.67.16.135 51000 192.168.4.110 51000 netmask 255.255.255.255 static (manage,outside) tcp 209.67.16.135 51001 192.168.4.110 51875 netmask 255.255.255.255 static (customer-mz,outside) tcp 209.67.16.135 https 192.168.12.95 https netmask 255.255.255.255 static (manage,outside) tcp 209.67.16.135 37001 192.168.4.130 37001 netmask 255.255.255.255 static (manage,outside) tcp 209.67.39.240 51000 192.168.4.111 51000 netmask 255.255.255.255 static (manage,outside) tcp 209.67.39.240 51001 192.168.4.111 51875 netmask 255.255.255.255 static (manage,outside) tcp 209.67.39.246 51875 192.168.14.30 51875 netmask 255.255.255.255 static (inside,outside) 216.33.42.64 216.33.42.64 netmask 255.255.255.224 static (inside,outside) 209.67.31.128 209.67.31.128 netmask 255.255.255.224 static (pcn,outside) 209.67.16.144 209.67.16.144 netmask 255.255.255.240 static (inside,pcn) 216.33.42.64 216.33.42.64 netmask 255.255.255.224 static (inside,vzw-dmz) 216.33.42.64 216.33.42.64 netmask 255.255.255.224 static (vzw-dmz,outside) 209.67.16.134 192.168.14.20 netmask 255.255.255.255 static (customer-mz,vzw-dmz) 192.168.12.0 192.168.12.0 netmask 255.255.255.0 static (customer-mz,outside) 209.67.16.133 192.168.12.10 netmask 255.255.255.255 static (customer-mz,manage) 192.168.12.0 192.168.12.0 netmask 255.255.255.0 static (customer-mz,outside) 209.67.16.136 192.168.12.7 netmask 255.255.255.255 static (customer-mz,outside) 209.67.16.137 192.168.12.8 netmask 255.255.255.255 static (vzw-dmz,outside) 209.67.39.246 192.168.14.30 netmask 255.255.255.255 access-group acl_out in interface outside access-group acl_vzw_dmz in interface vzw-dmz access-group acl_vzw_mz in interface customer-mz route outside 0.0.0.0 0.0.0.0 209.185.172.227 1 route inside 216.33.42.64 255.255.255.224 209.67.31.131 1 route manage 172.16.205.0 255.255.255.192 172.16.204.193 1 route vzw-dmz 192.168.13.0 255.255.255.0 192.168.14.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http 192.168.1.1 255.255.255.255 manage snmp-server host customer-mz 192.168.12.10 community public snmp-server location JC_ICD_PIX-A no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart snmp-server enable traps syslog crypto ipsec transform-set VzWTS esp-3des esp-md5-hmac crypto ipsec transform-set VzWTSprod esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 3600 crypto map VPNconn 11 match address vzw_vpn_prod crypto map VPNconn 11 set peer 66.174.2.27 crypto map VPNconn 11 set transform-set VzWTSprod crypto map VPNconn 11 set security-association lifetime seconds 28800 crypto map VPNconn interface outside isakmp enable outside tunnel-group 66.174.2.27 type ipsec-l2l tunnel-group 66.174.2.27 ipsec-attributes pre-shared-key * tunnel-group 66.174.74.30 type ipsec-l2l tunnel-group 66.174.74.30 ipsec-attributes pre-shared-key * telnet 192.168.1.0 255.255.255.0 manage telnet 192.168.12.10 255.255.255.255 customer-mz telnet timeout 5 ssh timeout 60 ssh version 1 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect ils inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global Cryptochecksum:294b78aaef7c21551476b5eb1540199b PIX525A#