

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 webdmz security20

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname SiteA-pix

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

name 200.200.0.0 SiteA_INT

name x.x.x.x SiteA_EXT

name 200.200.200.254 PIX_INT

name 10.10.10.0 SiteB_INT

name y.y.y.y SiteB_EXT

access-list inside_outbound_nat0_acl permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0 

access-list outside_cryptomap_20 permit ip SiteA_INT 255.255.0.0 SiteB_INT 255.255.255.0 

access-list acl_inside permit icmp any any 

access-list acl_inside permit ip any any 

access-list acl_outside permit ip any any 

access-list acl_outside permit icmp any any 

access-list 80 permit ip SiteA_INT 255.255.0.0 200.220.0.0 255.255.0.0 

pager lines 24

mtu outside 1500

mtu inside 1500

mtu webdmz 1500

ip address outside SiteA_EXT 255.255.255.128

ip address inside PIX_INT 255.255.0.0

no ip address webdmz

ip audit info action alarm

ip audit attack action alarm

ip local pool pix_inside 200.220.200.100-200.220.200.150

pdm history enable
              
arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+ 

aaa-server RADIUS protocol radius 

aaa-server RADIUS (inside) host 200.200.200.20 letmein timeout 10

aaa-server LOCAL protocol local 

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 

crypto ipsec transform-set myset esp-des esp-md5-hmac 

crypto dynamic-map dynmap 10 set transform-set myset

crypto map outside_map 10 ipsec-isakmp dynamic dynmap

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set peer SiteB_EXT

crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map client authentication RADIUS

crypto map outside_map interface outside

isakmp enable outside

isakmp key secret address SiteB_EXT netmask 255.255.255.255 no-xauth no-config-mode 

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup Remote address-pool pix_inside

vpngroup Remote dns-server 200.200.200.20

vpngroup Remote wins-server 200.200.200.20

vpngroup Remote default-domain mycorp.co.uk

vpngroup Remote idle-time 1800

vpngroup Remote password ********

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80