PIX Version 7.0(5) ! hostname pixfirewall domain-name ciscopix.com enable password 2KFQnbNIdI.2KYOU encrypted names dns-guard ! interface Ethernet0 description To Perimeter speed 100 duplex full nameif outside security-level 0 ip address A.B.C.D 255.255.255.248 ! interface Ethernet1 description inside network nameif inside security-level 100 ip address 192.5.2.2 255.255.255.0 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive same-security-traffic permit inter-interface access-list inside_nat0_outbound extended permit ip any 192.5.2.160 255.255.255.224 access-list inside_nat0_outbound extended permit ip 192.5.2.0 255.255.255.0 192.5.2.160 255.255.255.224 access-list ooiss_splitTunnelAcl standard permit any access-list test_splitTunnelAcl standard permit any access-list abc_splitTunnelAcl standard permit 192.5.2.0 255.255.255.0 access-list inside_access_in extended permit icmp any any access-list 109 extended permit tcp any host p.q.r.s eq www access-list 110 extended permit ip any any access-list 110 extended permit tcp any any pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 ip local pool ooisspool 192.5.2.171-192.5.2.190 mask 255.255.255.0 icmp permit any inside asdm image flash:/asdm505.bin asdm history enable arp timeout 14400 global (outside) 10 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 10 0.0.0.0 0.0.0.0 static (inside,outside) p.q.r.s 192.5.2.5 netmask 255.255.255.255 access-group 109 in interface outside per-user-override access-group 110 in interface inside per-user-override route outside 0.0.0.0 0.0.0.0 x.x.x.x 10 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius group-policy ooiss_1 internal group-policy ooiss_1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value ooiss_splitTunnelAcl group-policy ooiss internal group-policy ooiss attributes dns-server value 192.5.2.5 split-tunnel-policy tunnelspecified split-tunnel-network-list value ooiss_splitTunnelAcl group-policy ooisstest internal group-policy ooisstest attributes dns-server value 192.5.2.5 group-policy test123 internal group-policy test123 attributes dns-server value 192.5.2.5 group-policy test internal group-policy test attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value test_splitTunnelAcl group-policy abc internal group-policy abc attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value abc_splitTunnelAcl username Gmani password ZeVbElR04HGkqloF encrypted privilege 0 username Gmani attributes vpn-group-policy ooiss username binoy password D4oX1wFOgCaoJMxT encrypted privilege 0 username binoy attributes vpn-group-policy test123 username binoystanly password pi9yYgk.9t2Ozsoc encrypted privilege 0 username binoystanly attributes vpn-group-policy ooisstest username madan password /C76Sd3HGX4dLkCE encrypted privilege 0 username madan attributes vpn-group-policy ooiss_1 http server enable http 0.0.0.0 0.0.0.0 outside http 192.168.1.0 255.255.255.0 inside http 192.5.2.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart no sysopt connection permit-ipsec crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-SHA crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-SHA crypto dynamic-map outside_dyn_map 80 set transform-set ESP-DES-SHA crypto dynamic-map outside_dyn_map 100 set transform-set ESP-DES-SHA crypto dynamic-map outside_dyn_map 120 set transform-set ESP-DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 tunnel-group ooiss type ipsec-ra tunnel-group ooiss general-attributes address-pool ooisspool default-group-policy ooiss_1 tunnel-group ooiss ipsec-attributes pre-shared-key * tunnel-group test type ipsec-ra tunnel-group test general-attributes address-pool ooisspool default-group-policy test tunnel-group test ipsec-attributes pre-shared-key * tunnel-group test123 type ipsec-ra tunnel-group test123 general-attributes address-pool ooisspool default-group-policy test123 tunnel-group test123 ipsec-attributes pre-shared-key * tunnel-group abc type ipsec-ra tunnel-group abc general-attributes address-pool ooisspool default-group-policy abc tunnel-group abc ipsec-attributes pre-shared-key * tunnel-group ooisstest type ipsec-ra tunnel-group ooisstest general-attributes address-pool ooisspool default-group-policy ooisstest tunnel-group ooisstest ipsec-attributes pre-shared-key * no vpn-addr-assign aaa telnet 0.0.0.0 0.0.0.0 outside telnet timeout 5 ssh timeout 5 ssh version 1 console timeout 0 dhcpd lease 3600 dhcpd ping_timeout 750 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global Cryptochecksum:fbb2e7c705a42a338257a1b823ecaa03 : end