: Saved : PIX Version 7.2(2) ! hostname DNR-INET-PIX enable password xxxxxxxxxxxx encrypted names dns-guard ! interface Ethernet0 nameif outside security-level 0 ip address 216.3.144.194 255.255.255.192 ! interface Ethernet1 nameif inside security-level 100 ip address 10.141.22.2 255.255.255.248 ! interface Ethernet2 description Interface for DNR Internet Web Servers nameif DMZ security-level 50 ip address 216.3.144.129 255.255.255.192 ! passwd 6aEnxsTv/PwGbR.F encrypted banner login ******************************************************************************* banner login WARNING: Access to this system is restricted to authorized users only and banner login limited to approved business purposes. By using this system, you expressly banner login consent to the monitoring of all activities. Any unauthorized access or use banner login of this system is prohibited and could be subject to criminal and civil banner login penalties. All records, reports, e-mail, software, and other data generated banner login by or residing upon this system are the property of State of Maryland and may banner login be used by the State of Maryland for any purpose. banner login ******************************************************************************* boot system flash:/pix722.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring access-list External extended permit icmp any any access-list External remark Rules for Outside traffic to inside and DMZ. access-list External remark http initiated from outside to web network access-list External extended permit tcp any 216.3.144.128 255.255.255.192 eq www log access-list External extended permit tcp any 216.3.144.128 255.255.255.192 eq https log access-list External extended permit tcp any 216.3.144.128 255.255.255.192 eq ftp log access-list External extended permit tcp any 216.3.144.128 255.255.255.192 eq 8080 access-list External extended permit tcp any 216.3.144.128 255.255.255.192 eq 4750 log access-list External extended permit tcp any host 216.3.144.20 eq www log access-list External extended permit tcp any host 216.3.144.20 eq https log access-list External remark ACLs for DNR-OWA access-list External extended permit tcp any host 216.3.144.6 eq www log access-list External extended permit tcp any host 216.3.144.6 eq 993 log access-list External extended permit tcp any host 216.3.144.20 eq imap4 log access-list External extended permit tcp any host 216.3.144.20 eq 993 log access-list External extended permit tcp any host 216.3.144.6 eq https log access-list External extended permit esp host 67.130.56.103 host 216.3.144.5 log access-list External extended permit tcp 64.18.0.0 255.255.0.0 host 216.3.144.9 eq smtp log access-list External remark DOConnell access to Bay Program access-list External extended permit gre host 208.255.155.10 host 216.3.144.7 log access-list External remark Testing RTSP to court of appeals access-list External extended permit tcp host 170.99.108.1 host 216.3.144.11 eq rtsp log access-list Web2Internal remark ACL for WebNetwork to get to Internal access-list Web2Internal extended permit ip any 10.141.0.0 255.255.0.0 access-list Web2Internal remark allow web servers to communicate with SSC. access-list Web2Internal remark WebNetwork to internet access-list Web2Internal extended permit ip any any log access-list Web2Internal extended permit icmp any any access-list DNR-Outbound remark Traffic from Internal to Web Network & Internet. access-list DNR-Outbound remark Block streaming from 98rock online. access-list DNR-Outbound extended deny ip 10.141.0.0 255.255.128.0 host 66.250.188.210 log access-list DNR-Outbound remark Block streaming from WPOC online. access-list DNR-Outbound extended deny ip 10.141.0.0 255.255.128.0 host 64.58.80.22 log access-list DNR-Outbound remark Block streaming from XM Radio online. access-list DNR-Outbound extended deny ip 10.141.0.0 255.255.128.0 209.170.113.0 255.255.255.192 log access-list DNR-Outbound remark Block streaming from Sirius Radio online. access-list DNR-Outbound extended deny ip 10.141.0.0 255.255.128.0 host 66.216.46.82 log access-list DNR-Outbound extended deny ip 10.141.0.0 255.255.128.0 host 66.216.46.72 log access-list DNR-Outbound remark Block streaming from Smooth Jazz 104.3 online. access-list DNR-Outbound extended deny ip 10.141.0.0 255.255.128.0 host 207.230.154.254 log access-list DNR-Outbound extended permit ip 10.141.0.0 255.255.128.0 any log access-list DNR-Outbound remark To allow COINDC access to the internet for delivering to SA. access-list DNR-Outbound extended permit ip host 10.141.200.163 any log access-list DNR-Outbound remark To allow COIN-SUS access to the internet for getting WSUS updates. access-list DNR-Outbound extended permit ip host 10.141.200.168 any log access-list DNR-Outbound extended permit icmp any any log no pager logging enable logging timestamp logging trap debugging logging asdm informational logging host inside 10.141.0.145 logging permit-hostdown mtu outside 1500 mtu inside 1500 mtu DMZ 1500 failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside icmp permit any inside asdm image flash:/asdm-522.bin asdm history enable arp timeout 14400 global (outside) 1 interface global (DMZ) 1 interface nat (inside) 1 10.141.0.0 255.255.0.0 static (inside,outside) 216.3.144.9 10.141.0.21 netmask 255.255.255.255 static (inside,outside) 216.3.144.10 10.141.0.20 netmask 255.255.255.255 static (inside,DMZ) 10.141.0.0 10.141.0.0 netmask 255.255.0.0 static (DMZ,outside) 216.3.144.128 216.3.144.128 netmask 255.255.255.192 static (inside,outside) 216.3.144.5 10.141.27.212 netmask 255.255.255.255 static (inside,outside) 216.3.144.7 10.141.7.93 netmask 255.255.255.255 static (inside,outside) 216.3.144.6 10.141.0.31 netmask 255.255.255.255 static (inside,outside) 216.3.144.20 10.141.0.28 netmask 255.255.255.255 static (inside,outside) 216.3.144.12 10.141.13.46 netmask 255.255.255.255 static (inside,outside) 216.3.144.11 10.141.0.183 netmask 255.255.255.255 static (inside,outside) 216.3.144.8 10.141.0.208 netmask 255.255.255.255 static (inside,outside) 216.3.144.13 10.141.0.142 netmask 255.255.255.255 access-group External in interface outside access-group DNR-Outbound in interface inside access-group Web2Internal in interface DMZ route outside 0.0.0.0 0.0.0.0 216.3.144.193 1 route inside 10.141.0.0 255.255.0.0 10.141.22.1 1 timeout xlate 3:00:00 timeout conn 5:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius username localad password xxxxxxxxxxxxxxxxxxx encrypted username netadmin password xxxxxxxxxxxxxxxxxxx encrypted http server enable http 10.141.0.0 255.255.0.0 inside no snmp-server location no snmp-server contact snmp-server community xxxxxxxxx snmp-server enable traps snmp authentication linkup linkdown coldstart no sysopt connection permit-vpn telnet 10.141.0.0 255.255.255.0 inside telnet timeout 100 ssh 10.141.0.0 255.255.0.0 inside ssh timeout 60 ssh version 1 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ils inspect ipsec-pass-thru inspect http inspect dns migrated_dns_map_1 ! service-policy global_policy global ntp server 10.141.0.39 source inside prefer prompt hostname context Cryptochecksum:5374888d4908ae0b29eaed2df0af249e : end DNR-INET-PIX(config)#