asdm image flash:/pdm no asdm history enable : Saved : PIX Version 7.2(1) ! hostname ******* domain-name ****** enable password ****** encrypted names ! interface Ethernet0 nameif Outside security-level 0 ip address ************ ! interface Ethernet1 nameif inside security-level 100 ip address ************* ! interface Ethernet2 nameif DMZ security-level 50 ip address ************************* ! passwd ********* encrypted banner login All unauthorized attempt to access are being sent to the FBI ftp mode passive dns server-group DefaultDNS domain-name csui.biz same-security-traffic permit inter-interface same-security-traffic permit intra-interface access-list mail extended permit tcp any host ******* eq smtp access-list mail extended permit tcp any host ******* eq https access-list mail extended permit tcp any host ******* eq www access-list mail extended permit tcp host ******** host ********* eq ftp access-list mail extended permit tcp host ********* host ******** eq ftp-data access-list mail extended permit tcp host ********* host ********* eq www access-list mail extended permit tcp host ********* host 7********eq ftp-data access-list mail extended permit tcp host ********* host ******** eq ftp access-list dmz_in extended permit tcp ******** ****** host ******* eq smtp access-list dmz_in extended permit tcp ************** host ******** eq 1433 access-list dmz_in extended permit udp ********************* host ******* eq 1434 access-list csfouru_splitTunnelAcl standard permit ************* access-list csfouru_splitTunnelAcl standard permit ****************** access-list inside_nat0_outbound extended permit ip ********************** access-list inside_nat0_outbound extended permit ip ****************************** access-list Outside_cryptomap extended permit ip any **************************** pager lines 24 logging enable logging trap **************** logging asdm ********************** logging host inside *********************** mtu inside 1500 mtu DMZ 1500 mtu Outside 1500 ip local pool **** ******* mask 255.255.255.240 ip verify reverse-path interface inside ip verify reverse-path interface DMZ icmp deny any DMZ icmp deny any Outside asdm image flash:/pdm asdm history enable arp timeout 14400 global (Outside) 101 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 101 0.0.0.0 0.0.0.0 nat (DMZ) 1 ********************* static (inside,Outside) *************** netmask 255.255.255.255 static (DMZ,Outside) ******************* netmask 255.255.255.255 static (inside,DMZ) ************** netmask 255.255.255.0 static (DMZ,Outside) ****************** netmask 255.255.255.255 static (DMZ,Outside) *****************netmask 255.255.255.255 access-group dmz_in in interface DMZ access-group mail in interface Outside route Outside 0.0.0.0 0.0.0.0 ***************** 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa-server ************ protocol radius aaa-server *********** host ********* group-policy ********* internal group-policy *********** attributes dns-server value ****************** vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value csfouru_splitTunnelAcl default-domain value csui.biz http server enable http *********** inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-DES-SHA crypto map Outside_map 20 ipsec-isakmp dynamic Outside_dyn_map crypto map Outside_map interface Outside crypto isakmp enable Outside crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400 tunnel-group ********type ipsec-ra tunnel-group ********* general-attributes address-pool *********** authentication-server-group *********** default-group-policy *********** tunnel-group csfouru ipsec-attributes pre-shared-key * telnet ****************** inside telnet timeout 5 ssh timeout 5 console timeout 0 management-access inside dhcpd address ****************** inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp