pix525primary# show run
: Saved
:
PIX Version 7.0(4)
!
hostname pix525primary
enable password xPW/qGFHSfgmVz2s encrypted
names
!
interface Ethernet0
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 168.2.2.254 255.255.255.0 standby 168.2.2.253
!
interface Ethernet1
 speed 100
 duplex full
 nameif ssn
 security-level 90
 ip address 168.2.33.254 255.255.255.0 standby 168.2.33.253
!
interface Ethernet2
 speed 100
 duplex full
 nameif outside10
 security-level 0
 ip address 172.16.254.254 255.255.255.0 standby 172.16.254.253
!
interface Ethernet3
 speed 100
 duplex full
 nameif reuter
 security-level 10
 ip address 192.168.1.254 255.255.255.0 standby 192.168.1.253
!
interface Ethernet4
 description STATE Failover Interface
 speed 100
 duplex full
!
interface Ethernet5
 shutdown
 nameif intf5
 security-level 10
 no ip address
!
passwd /K/yl9XqD3ZJ8WIZ encrypted
boot system flash:/image.bin
ftp mode passive
clock timezone beijin 8
access-list whjy1 extended permit ip 168.2.2.0 255.255.255.0 200.31.60.0 255.25
access-list outside_in extended permit icmp any any
access-list inside_in extended permit icmp any any
access-list inside_in extended permit tcp host 168.1.6.44 host 168.2.2.236 eq 8
access-list inside_in extended deny tcp any host 168.2.2.236 eq 8919
access-list inside_in extended permit tcp 168.2.2.0 255.255.255.0 host 168.1.12
access-list inside_in extended permit tcp 168.2.2.0 255.255.255.0 host 168.1.12
access-list inside_in extended permit tcp 168.2.2.0 255.255.255.0 host 168.1.12
access-list inside_in extended deny ip 168.2.2.0 255.255.255.0 168.0.12.0 255.0
access-list inside_in extended permit ip any any
access-list whjy2 extended permit icmp 168.2.2.0 255.255.255.0 host 200.31.50.1
access-list whjy2 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.50.18
access-list whjy2 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.50.18
access-list whjy2 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.50.32
access-list whjy2 extended permit icmp any any
access-list whjy3 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.52.18
access-list whjy3 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.52.16
access-list whjy3 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.52.20
access-list whjy3 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.52.18
access-list whjy3 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.52.16
access-list whjy3 extended permit tcp 168.2.2.0 255.255.255.0 host 200.31.52.20
access-list whjy3 extended permit icmp any any
access-list zygz extended permit ip host 168.2.2.30 168.1.1.0 255.255.255.0
access-list zygz extended permit ip host 168.2.2.156 168.1.1.0 255.255.255.0
access-list hjjy1 extended permit ip host 168.2.2.21 200.31.25.0 255.255.255.0
access-list hjjy2 extended permit ip host 168.2.2.82 200.31.25.0 255.255.255.0
access-list reuter_in extended permit icmp any any
access-list ssn_in extended permit icmp any any
access-list reuterjy extended permit ip 168.2.2.0 255.255.255.0 155.195.0.0 255
access-list reuterjy extended permit ip host 168.2.2.84 host 155.195.79.123
access-list reuterjy extended permit icmp host 168.2.0.111 168.2.2.0 255.255.25
access-list reuterjy extended permit ip host 168.2.0.111 168.2.2.0 255.255.255.
access-list reuterjy extended permit ip 168.0.0.0 255.0.0.0 168.2.2.0 255.255.2
access-list reuterjy extended permit ip host 168.2.2.84 155.195.0.0 255.255.0.0
access-list tofuzhou extended permit tcp 168.2.2.0 255.255.255.0 host 168.1.12.
access-list tofuzhou extended permit tcp 168.2.2.0 255.255.255.0 host 168.1.12.
pager lines 24
logging enable
logging timestamp
logging standby
logging buffered warnings
logging trap warnings
logging host inside 168.2.6.62
mtu inside 1500
mtu ssn 1500
mtu outside10 1500
mtu reuter 1500
mtu intf5 1500
ip verify reverse-path interface ssn
ip verify reverse-path interface outside10
ip verify reverse-path interface reuter
failover
failover polltime unit 10 holdtime 30
failover link statefull Ethernet4
failover interface ip statefull 177.177.177.254 255.255.255.0 standby 177.177.13
icmp permit any echo inside
icmp permit any echo-reply inside
asdm history enable
arp timeout 14400
nat-control
global (ssn) 6 168.2.33.250 netmask 255.255.255.0
global (outside10) 5 203.31.18.50-203.31.18.100 netmask 255.255.255.0
global (outside10) 2 193.2.3.254
global (outside10) 3 203.31.18.101 netmask 255.255.255.0
global (outside10) 4 203.31.18.8 netmask 255.255.255.0
global (reuter) 1 192.168.1.100-192.168.1.200 netmask 255.255.255.0
nat (inside) 2 access-list zygz
nat (inside) 6 access-list tofuzhou
nat (inside) 3 access-list whjy1
nat (inside) 4 access-list whjy2
nat (inside) 5 access-list whjy3
nat (inside) 1 access-list reuterjy
static (reuter,inside) 168.2.2.238 192.168.1.12 netmask 255.255.255.255
static (reuter,inside) 168.2.2.236 192.168.1.13 netmask 255.255.255.255
static (reuter,inside) 168.2.2.235 192.168.1.11 netmask 255.255.255.255
static (reuter,inside) 168.2.2.247 192.168.1.3 netmask 255.255.255.255
static (inside,outside10) 204.31.7.61  access-list hjjy1
static (inside,outside10) 204.31.7.71  access-list hjjy2
static (inside,ssn) 168.2.33.158 168.2.2.158 netmask 255.255.255.255
static (inside,ssn) 168.2.33.160 168.2.2.160 netmask 255.255.255.255
static (inside,ssn) 168.2.33.162 168.2.2.162 netmask 255.255.255.255
static (inside,ssn) 168.2.33.163 168.2.2.153 netmask 255.255.255.255
static (inside,ssn) 168.2.33.155 168.2.2.159 netmask 255.255.255.255
static (reuter,inside) 168.2.2.239 192.168.1.14 netmask 255.255.255.255
static (reuter,inside) 168.2.2.246 192.168.1.2 netmask 255.255.255.255
access-group inside_in in interface inside
access-group ssn_in in interface ssn
access-group outside_in in interface outside10
access-group reuter_in in interface reuter
route inside 168.0.0.0 255.0.0.0 168.2.2.1 1
route ssn 168.1.12.148 255.255.255.255 168.2.33.1 1
route ssn 168.1.12.156 255.255.255.255 168.2.33.1 1
route ssn 168.1.12.53 255.255.255.255 168.2.33.1 1
route outside10 200.31.0.0 255.255.0.0 172.16.254.252 1
route outside10 168.1.1.0 255.255.255.240 172.16.254.252 1
route reuter 155.195.0.0 255.255.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 1:00:00 udp 1:00:00 icmp 0:00:02
timeout sunrpc 1:00:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
snmp-server host inside 168.2.6.14 community ShangHaiZx021
no snmp-server location
no snmp-server contact
snmp-server community ShangHaiZx021
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps remote-access session-threshold-exceeded
no sysopt connection permit-ipsec
telnet 168.2.0.0 255.255.0.0 inside
telnet timeout 60
ssh timeout 5
ssh version 1
console timeout 5
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect http
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
tftp-server inside 168.2.0.111 /pix525zijincenter
Cryptochecksum:bd0dea7f0b9bd5e5006f0b28136b03ce
: end