sho run

: Saved

:

PIX Version 7.2(2) 

!

hostname pixfirewall

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Ethernet0

 nameif outside

 security-level 0

 ip address 10.1.1.2 255.255.255.0 

!

interface Ethernet1

 nameif inside

 security-level 100

 ip address 10.2.2.1 255.255.255.0 

!

interface Ethernet2

 no nameif

 no security-level

 no ip address

!

interface Ethernet3

 shutdown

<--- More --->
              
 no nameif

 no security-level

 no ip address

!

interface Ethernet4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet5

 shutdown

 no nameif

 no security-level

 no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list inside_nat0_outbound extended permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0 

access-list vpn extended permit ip 10.2.2.0 255.255.255.0 1.1.1.0 255.255.255.0 

access-list outside extended permit ip any host 10.2.2.2 

pager lines 24

mtu outside 1500

mtu inside 1500

<--- More --->
              
ip local pool ccie 192.168.1.10-192.168.1.20 mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 10.2.2.2 10.2.2.2 netmask 255.255.255.255 

access-group outside in interface outside

route outside 0.0.0.0 0.0.0.0 10.1.1.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

username ccie password mfIDmeWbPKQtCAwZ encrypted

no snmp-server location

no snmp-server contact

crypto ipsec transform-set ccie esp-des esp-md5-hmac 

crypto map ccie 10 match address vpn

crypto map ccie 10 set peer 10.1.1.254 

crypto map ccie 10 set transform-set ccie

crypto map ccie interface outside

<--- More --->
              
crypto ca trustpoint CA

 enrollment retry count 5

 enrollment url http://10.1.1.254:80

 serial-number

 crl configure

crypto ca certificate chain CA

 certificate 04

    3082023c 308201a5 a0030201 02020104 300d0609 2a864886 f70d0101 04050030 

    17311530 13060355 0403130c 43412e63 6973636f 2e636f6d 301e170d 30383034 

    32323230 34383038 5a170d30 39303432 32323034 3830385a 302e312c 30100603 

    55040513 09343035 33353234 37313018 06092a86 4886f70d 01090216 0b706978 

    66697265 77616c6c 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 

    89028181 00b3e016 31c21c6b 3fbffd91 0e23a30c 7f32fb3b 2fb1211b 082c3443 

    8747bfb6 2e0e5248 b7e38cf9 e84c839a 01bcb5ad c7ae88d3 9464e961 883b794a 

    ea52c34e 2254a331 90e0143e 7704dd62 4add5ba8 086c3e80 eac68765 c179da1c 

    f32cb5b8 805ee8f7 0a5b3b41 134693cd 9e47ce40 b4d78f7d 39843103 98032479 

    c36fbb52 ed020301 0001a381 80307e30 17060355 1d1f0410 300e300c a00aa008 

    8606666c 6173683a 30160603 551d1104 0f300d82 0b706978 66697265 77616c6c 

    300b0603 551d0f04 04030205 20301f06 03551d23 04183016 8014ae6e eeb940da 

    0ce99415 f73eaf4f a2f6be50 f12b301d 0603551d 0e041604 14674607 8f4a054a 

    4d0e3225 3fb50ea6 8c605ed5 3b300d06 092a8648 86f70d01 01040500 03818100 

    40c67ba6 8e83b15f 08325cd1 4b52b150 becfc9c8 3eac2bf3 5c329f47 0558a73c 

    ec605d2e 56f09724 3d18be65 3c7c87f6 87abe2cd 776df981 a0634584 d116c75e 

    b096d646 68c43c7b d9410b23 858469db 2aa6cf42 f443c1cf 5badb611 2d46ab18 

<--- More --->
              
    9af08067 f173c31b c84a846e de0e6fd6 aac4c041 d5202288 a201b6d6 460d25c6

  quit

 certificate 03

    3082023c 308201a5 a0030201 02020103 300d0609 2a864886 f70d0101 04050030 

    17311530 13060355 0403130c 43412e63 6973636f 2e636f6d 301e170d 30383034 

    32323230 34373537 5a170d30 39303432 32323034 3735375a 302e312c 30100603 

    55040513 09343035 33353234 37313018 06092a86 4886f70d 01090216 0b706978 

    66697265 77616c6c 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 

    89028181 00b6309f 7e776805 ce2d6a74 d6478fa9 116af122 87f7ef8b a92e4875 

    f9a28baf 58a618bb f03fb945 53fcba29 62d0ba9e bde1a6d3 629d1187 8dd81122 

    035bd2fd 0b2043f1 d08ac6a1 cf1205bf 6253803d 7fbfe600 b80bbca5 e523e47f 

    10bdfeeb 98f8ffbd 5224fc9e 9a09dbbd 0a98063c 8c4b2d08 015b79ab 82d611a5 

    02c17a6f 85020301 0001a381 80307e30 17060355 1d1f0410 300e300c a00aa008 

    8606666c 6173683a 30160603 551d1104 0f300d82 0b706978 66697265 77616c6c 

    300b0603 551d0f04 04030207 80301f06 03551d23 04183016 8014ae6e eeb940da 

    0ce99415 f73eaf4f a2f6be50 f12b301d 0603551d 0e041604 14fb6243 7bf691e0 

    589acb0d 6667b852 a657a671 7b300d06 092a8648 86f70d01 01040500 03818100 

    66286419 a8d1cba5 aaab5a79 3466da4d 660d101b dd179f0c a513ed35 43c2c756 

    d1f12c7b 37f405a4 b854e3cf 434da764 0fb5198b f532554d f85526c8 4c5ced71 

    f8bccb34 21955939 32037315 cd8dc10c 19c0c4ba a42399f0 72ed5c6d 4d1ac041 

    1bab8403 e1ff5b4b c8a05f16 c415045e ee4c83af 86586b7f 93762740 77088d86

  quit

 certificate ca 01

    30820207 30820170 a0030201 02020101 300d0609 2a864886 f70d0101 04050030 

<--- More --->
              
    17311530 13060355 0403130c 43412e63 6973636f 2e636f6d 301e170d 30383034 

    32323230 30333432 5a170d31 31303432 32323030 3334325a 30173115 30130603 

    55040313 0c43412e 63697363 6f2e636f 6d30819f 300d0609 2a864886 f70d0101 

    01050003 818d0030 81890281 8100ad41 95081ca9 d92a4b1a eea91cb1 bc8971d8 

    6d2f0c38 9550d32e 59941e9d 680b6d91 5e214a1e 2fd0beec b80da3d4 1ffa41c0 

    6bf0b5cc 41ede9f9 cc3d1b97 b855b934 70ec297c c7a1f153 c22461ef 1c3b9d40 

    7535a2b1 15d12166 1f404bb2 6a7ba839 6847d519 97cde1ce 3964da5d 989f383b 

    7aa70043 db23e1d0 83dd0e32 15870203 010001a3 63306130 0f060355 1d130101 

    ff040530 030101ff 300e0603 551d0f01 01ff0404 03020186 301f0603 551d2304 

    18301680 14ae6eee b940da0c e99415f7 3eaf4fa2 f6be50f1 2b301d06 03551d0e 

    04160414 ae6eeeb9 40da0ce9 9415f73e af4fa2f6 be50f12b 300d0609 2a864886 

    f70d0101 04050003 81810008 a1aed117 65eb9e35 8752c3c3 6ce84fe7 e08002bc 

    40ec5e59 9c23741b e63bc5dc 8316c48e 1a69cc8e f5ac4ebe 3969da52 5376f1c7 

    b6d65fb1 91b6f936 2cd96d6f 20101b43 98f976a1 3115cd99 61d68c66 0c18032f 

    26fdee86 6fdace6e 4bdbbaac 6efef84c 5bfeec11 93586f70 ad27d8d3 fff0fd52 

    048190e6 25e0043a 48a897

  quit

crypto isakmp identity address 

crypto isakmp enable outside

crypto isakmp policy 10

 authentication rsa-sig

 encryption des

 hash md5

 group 5

<--- More --->
              
 lifetime 86400

tunnel-group ccie type ipsec-ra

tunnel-group ccie general-attributes

 address-pool ccie

tunnel-group ccie ipsec-attributes

 pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns migrated_dns_map_1

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns migrated_dns_map_1 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect netbios 

<--- More --->
              
  inspect rsh 

  inspect rtsp 

  inspect skinny 

  inspect esmtp 

  inspect sqlnet 

  inspect sunrpc 

  inspect tftp 

  inspect sip 

  inspect xdmcp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:3cd91cc270e1d0b3478320bf323554aa

: end


pixfirewall(config)#  


pixfirewall(config)# 


pixfirewall(config)# 


pixfirewall(config)# 


pixfirewall(config)# 


pixfirewall(config)#