PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password tNugMU6IBIQYEKbS encrypted
passwd tNugMU6IBIQYEKbS encrypted
hostname pixfirewall
domain-name ciscopix.com
clock timezone BRST -3
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
access-list inside_outbound_nat0_acl permit ip 10.59.30.0 255.255.255.128 192.168.2.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 10.59.30.0 255.255.255.128 172.18.0.0 255.255.0.0
access-list inside_outbound_nat0_acl permit udp host 200.181.12.162 host 192.168.2.4 eq snmptrap
access-list inside_outbound_nat0_acl permit udp host 200.181.12.162 host 192.168.2.4 eq snmp
access-list outside_cryptomap_dyn_20 permit ip any 10.59.30.96 255.255.255.240
access-list acl_grp_bgp deny ip any host 208.65.153.251 log
access-list acl_grp_bgp deny ip any host 208.65.153.253 log
access-list acl_grp_bgp deny ip any host 208.65.153.238 log
access-list acl_grp_bgp deny ip any host 72.14.209.85 log
access-list acl_grp_bgp deny ip any host 72.14.209.86 log
access-list acl_grp_bgp deny ip any host 72.14.209.87 log
access-list acl_grp_bgp deny ip any host 72.14.209.94 log
access-list acl_grp_bgp deny ip any host 213.206.123.35 log
access-list acl_grp_bgp deny ip any host 213.206.123.36 log
access-list acl_grp_bgp deny ip any host 213.206.123.38 log
access-list acl_grp_bgp deny ip any host 200.192.176.161 log
access-list acl_grp_bgp deny ip any host 200.154.150.26 log
access-list acl_grp_bgp deny ip any host 200.221.8.118 log
access-list acl_grp_bgp deny ip any host 209.85.141.85 log
access-list acl_grp_bgp deny ip any host 209.85.141.87 log
access-list acl_grp_bgp deny ip any host 209.85.141.94 log
access-list acl_grp_bgp deny ip any host 209.85.193.85 log
access-list acl_grp_bgp deny ip any host 209.85.193.86 log
access-list acl_grp_bgp deny ip any host 209.85.193.87 log
access-list acl_grp_bgp deny ip any host 209.85.193.94 log
access-list acl_grp_bgp deny ip any host 208.101.22.100 log
access-list acl_grp_bgp deny ip any host 72.232.170.2 log
access-list acl_grp_bgp deny ip any host 201.7.178.53 log
access-list acl_grp_bgp deny ip any host 200.221.8.125 log
access-list acl_grp_bgp deny ip any host 64.123.43.73 log
access-list acl_grp_bgp deny ip any host 69.89.25.187 log
access-list acl_grp_bgp deny ip any host 74.222.1.20 log
access-list acl_grp_bgp deny ip any host 216.86.146.12 log
access-list acl_grp_bgp deny ip any host 66.98.218.24 log
access-list acl_grp_bgp deny tcp any any range 4661 4672 log
access-list acl_grp_bgp deny udp any any range 4661 4672 log
access-list acl_grp_bgp deny tcp any any eq 1214 log
access-list acl_grp_bgp deny udp any any eq 1214 log
access-list acl_grp_bgp deny tcp any any eq 6346 log
access-list acl_grp_bgp deny udp any any eq 6346 log
access-list acl_grp_bgp deny tcp any any eq 6257 log
access-list acl_grp_bgp deny udp any any eq 6257 log
access-list acl_grp_bgp deny udp any any eq 6699 log
access-list acl_grp_bgp deny tcp any any range 6881 6889 log
access-list acl_grp_bgp deny udp any any range 6881 6889 log
access-list acl_grp_bgp deny tcp any any eq 5555 log
access-list acl_grp_bgp deny tcp any any eq 4242 log
access-list acl_grp_bgp deny tcp any any eq 3306 log
access-list acl_grp_bgp deny tcp any any eq 2323 log
access-list acl_grp_bgp deny tcp any any eq 6667 log
access-list acl_grp_bgp deny tcp any any eq 7778 log
access-list acl_grp_bgp deny ip any host 65.54.239.212 log
access-list acl_grp_bgp deny ip any host 200.196.241.202 log
access-list acl_grp_bgp deny ip any host 208.70.190.120 log
access-list acl_grp_bgp deny ip any host 65.99.232.61 log
access-list acl_grp_bgp deny ip any 69.5.88.0 255.255.255.0 log
access-list acl_grp_bgp deny ip any host 195.122.131.250 log
access-list acl_grp_bgp deny ip any host 67.18.200.78 log
access-list acl_grp_bgp deny ip any host 65.118.195.131 log
access-list acl_grp_bgp permit ip any any log
access-list acl_grp_bgp permit icmp any any log
pager lines 24
logging on
logging host outside 200.102.214.240
mtu outside 1500
mtu intf2 1500
ip address outside 200.140.140.170 255.255.255.248
ip address inside 10.59.30.2 255.255.255.128
no ip address intf2
ip audit info action alarm
ip audit attack action alarm
ip local pool BSBpool 10.59.30.11-10.59.30.15
pdm location 10.59.30.0 255.255.255.0 inside
pdm location 10.0.0.0 255.0.0.0 inside
pdm location 200.181.0.0 255.255.255.0 outside
pdm location 200.140.0.0 255.255.0.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_grp_bgp in interface inside
route outside 0.0.0.0 0.0.0.0 200.140.140.169 1
route inside 10.0.0.0 255.0.0.0 10.59.30.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
http server enable
http 10.59.30.0 255.255.255.0 inside
snmp-server host outside 200.102.214.240
no snmp-server location
no snmp-server contact
snmp-server community l@tint3c
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 set peer 200.102.214.240
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 200.102.214.240 netmask 255.255.255.255
isakmp keepalive 20 10
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup BSB address-pool BSBpool
vpngroup BSB idle-time 72000
vpngroup BSB password ********
telnet 10.59.30.0 255.255.255.0 inside
telnet timeout 5
ssh 10.59.30.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
isakmp keepalive 20 10
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup BSB address-pool BSBpool
vpngroup BSB idle-time 72000
vpngroup BSB password ********
telnet 10.59.30.0 255.255.255.0 inside
telnet timeout 5
ssh 10.59.30.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
username eduardo password 3Ofyzu.WagYwuDp0 encrypted privilege 15
username bpbsb password NUGaoyOKxew24TM1 encrypted privilege 15
terminal width 80
Cryptochecksum:c93058e4b35c5c1ab4e24f0eabf89e8c
: end