Cisco PIX Firewall Version 6.3(4)120 Cisco PIX Device Manager Version 1.1(2) Compiled on Thu 07-Apr-05 21:39 by morlee hf-herningkom up 2 days 16 hours Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz Flash E28F128J3 @ 0x300, 16MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB 0: ethernet0: address is 000a.b79e.55a1, irq 10 1: ethernet1: address is 000a.b79e.55a2, irq 11 2: ethernet2: address is 0002.b3b3.d98f, irq 11 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Enabled Maximum Physical Interfaces: 3 Maximum Interfaces: 5 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited This PIX has a Restricted (R) license. Serial Number: 806344257 (0x300fd641) Running Activation Key: 0x58c901da 0x5cb80580 0xff208246 0x035a6ec5 Configuration last modified by enable_15 at 08:45:56.842 UTC Mon Jan 16 2006 ------------------ show clock ------------------ 08:55:31.741 UTC Mon Jan 16 2006 ------------------ show memory ------------------ Free memory: 15762336 bytes Used memory: 17792096 bytes ------------- ---------------- Total memory: 33554432 bytes ------------------ show conn count ------------------ 446 in use, 879 most used ------------------ show xlate count ------------------ 527 in use, 1079 most used ------------------ show blocks ------------------ SIZE MAX LOW CNT 4 1600 1598 1599 80 400 396 400 256 1012 956 1012 1550 1189 764 802 ------------------ show interface ------------------ interface ethernet0 "outside" is up, line protocol is up Hardware is i82559 ethernet, address is 000a.b79e.55a1 IP address 193.88.70.254, subnet mask 255.255.255.0 MTU 1500 bytes, BW 100000 Kbit full duplex 3338773 packets input, 1910624317 bytes, 0 no buffer Received 1771643 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 3004354 packets output, 453258116 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/15) output queue (curr/max blocks): hardware (0/56) software (0/1) interface ethernet1 "inside" is up, line protocol is up Hardware is i82559 ethernet, address is 000a.b79e.55a2 IP address 10.154.254.2, subnet mask 255.255.255.0 MTU 1500 bytes, BW 100000 Kbit full duplex 16 packets input, 960 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 17 packets output, 1020 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/1) output queue (curr/max blocks): hardware (0/1) software (0/1) interface ethernet2 "dmz" is up, line protocol is up Hardware is i82559 ethernet, address is 0002.b3b3.d98f IP address 10.124.254.2, subnet mask 255.255.255.0 MTU 1500 bytes, BW 100000 Kbit full duplex 1485586 packets input, 154869044 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1239259 packets output, 1103863746 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/21) output queue (curr/max blocks): hardware (0/15) software (0/1) ------------------ show cpu usage ------------------ CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0% ------------------ show process ------------------ PC SP STATE Runtime SBASE Stack Process Hsi 001ee461 0096a4dc 00569c78 0 00969554 3628/4096 arp_timer Lsi 001f3c0d 00a0d6d4 00569c78 0 00a0c75c 3832/4096 FragDBGC Lwe 00119be7 00a1987c 0056d3e0 0 00a18a14 3688/4096 dbgtrace Lwe 003f6715 00a1ba0c 005625b0 58530 00a19ac4 6464/8192 Logger Hsi 003fa865 00a1eb04 00569c78 0 00a1cb8c 8024/8192 tcp_fast Hsi 003fa705 00a20bb4 00569c78 0 00a1ec3c 7916/8192 tcp_slow Lsi 00310921 00b57334 00569c78 0 00b563ac 3916/4096 xlate clean Lsi 0031082f 00b583d4 00569c78 0 00b5745c 3548/4096 uxlate clean Mwe 00307fd7 00cf87d4 00569c78 0 00cf683c 7908/8192 tcp_intercept_timer_process Lsi 0044e16d 00da51ac 00569c78 0 00da4224 3900/4096 route_process Hsi 002f79a4 00da623c 00569c78 0 00da52d4 2508/4096 PIX Garbage Collector Hwe 0021c401 00db076c 00569c78 0 00dac804 16048/16384 isakmp_time_keeper Lsi 002f5544 00dca7f4 00569c78 0 00dc986c 3944/4096 perfmon Mwe 00212e31 00df4c24 00569c78 0 00df2cac 7860/8192 IPsec timer handler Mwe 0026964d 00e23ac4 00569c78 0 00e1fb5c 15592/16384 IP Background Lwe 00308c4e 00ed6414 00580290 0 00ed559c 3704/4096 pix/trace Lwe 00308e86 00ed74c4 005809c0 0 00ed664c 3704/4096 pix/tconsole Hwe 0011f41f 00ee339c 00516c00 90 00edf9b4 12988/16384 ci/console Csi 00300b17 00ee49bc 00569c78 0 00ee3a64 3432/4096 update_cpu_usage Hwe 002ebb61 00f95764 00549040 0 00f918dc 15884/16384 uauth_in Hwe 003f931d 00f97864 008e19a0 0 00f9598c 7896/8192 uauth_thread Hwe 004108d2 00f989b4 00562bb0 0 00f97a3c 3928/4096 udp_timer Hsi 001e5f06 00f9a67c 00569c78 0 00f99704 3928/4096 557mcfix Crd 001e5ebb 00f9b73c 0056a0f0 188572660 00f9a7b4 3584/4096 557poll Lsi 001e5f75 00f9c7dc 00569c78 0 00f9b864 3848/4096 557timer Cwe 001e7b61 00fb28b4 007c8f78 38620 00fb09bc 6172/8192 pix/intf0 Mwe 00410642 00fb39c4 0092bb90 0 00fb2a8c 3896/4096 riprx/0 Msi 003b5d69 00fb4ad4 00569c78 0 00fb3b5c 3888/4096 riptx/0 Cwe 001e7b61 00fbacdc 00751a00 0 00fb8de4 7804/8192 pix/intf1 Mwe 00410642 00fbbdec 0092bb48 0 00fbaeb4 3896/4096 riprx/1 Msi 003b5d69 00fbcefc 00569c78 0 00fbbf84 3888/4096 riptx/1 Cwe 001e7b61 00fc3104 008404f0 59570 00fc120c 5656/8192 pix/intf2 Mwe 00410642 00fc4214 0092bb00 0 00fc32dc 3896/4096 riprx/2 Msi 003b5d69 00fc5324 00569c78 0 00fc43ac 3888/4096 riptx/2 Mwe 00410642 0103b4b4 0092bab8 0 010396ac 7356/8192 radius_rcvauth Mwe 00410642 0103d684 0092ba70 0 0103b75c 7644/8192 radius_rcvacct Mwe 003ae29a 0103f784 0055c388 0 0103d80c 8056/8192 radius_snd Hwe 0025f4e5 0104b904 00569c78 0 0104a98c 3316/4096 ntp Hwe 00410642 0104cb04 0092ba28 0 0104bbdc 3548/4096 ntp0 Hwe 00410642 0104d634 0092b998 840 0104cc8c 848/4096 snmp Hwe 00410642 0104e244 0092b9e0 0 0104defc 840/1024 snmp_ex Hwe 003f95b1 0104eadc 008b8318 0 0104e494 1196/2048 listen/ssh_0 Mwe 00382906 0105142c 00569c78 0 0104f4b4 7960/8192 Crypto CA Mwe 003f3205 00fcb654 00569c78 0 00fc96dc 6424/8192 ssh/timer M* 003ec434 0009ff2c 00569cb0 50 010ce4cc 11812/16384 ssh ------------------ show failover ------------------ No license for Failover ------------------ show traffic ------------------ outside: received (in 231087.100 secs): 3338773 packets 1910874052 bytes 14 pkts/sec[5C8008 bytes/sec transmitted (in 231087.100 secs): 3004354 packets 453290296 bytes 13 pkts/sec[5C1013 bytes/sec inside: received (in 231087.260 secs): 16 packets[6C960 bytes 0 pkts/sec[6C0 bytes/sec transmitted (in 231087.260 secs): 17 packets[6C1020 bytes 0 pkts/sec[6C0 bytes/sec dmz: received (in 231087.260 secs): 1485586 packets 154890761 bytes 6 pkts/sec[6C1 bytes/sec transmitted (in 231087.260 secs): 1239259 packets 1104168248 bytes 5 pkts/sec[6C4016 bytes/sec ------------------ show perfmon ------------------ PERFMON STATS: Current Average Xlates 6/s 1/s Connections 8/s 2/s TCP Conns 6/s 0/s UDP Conns 2/s 1/s URL Access 4/s 0/s URL Server Req 0/s 0/s TCP Fixup 445/s 9/s TCPIntercept 0/s 0/s HTTP Fixup 197/s 4/s FTP Fixup 2/s 0/s AAA Authen 0/s 0/s AAA Author 0/s 0/s AAA Account 0/s 0/s ------------------ show running-config ------------------ : Saved :PIX Version 6.3(4)120 interface ethernet0 100full interface ethernet1 100full interface ethernet2 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 enable password 4YkUykB7PZP9e7SE encrypted passwd ZZ.8ftPP0nZGo3tk encrypted hostname hf-herningkom domain-name hlv.tdk.net fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list 121 remark ------------ access-list 121 remark DEFAULT DENY access-list 121 remark ------------ access-list 121 permit icmp any any access-list 121 deny ip any any access-list 121 remark . access-list 121 remark ------------ access-list 121 remark DEFAULT DENY access-list 121 remark ------------ access-list 121 remark access-list 122 permit ip any any access-list 122 permit icmp any any access-list 122 remark . access-list 123 permit ip any any access-list 123 permit icmp any any access-list 123 remark . access-list NONAT remark . access-list NONAT remark . NO NAT AT ALL! access-list NONAT deny ip any any access-list NONAT remark . pager lines 24 logging on logging timestamp logging console alerts logging buffered alerts logging trap informational logging facility 23 logging host outside priv.priv.priv mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside xxx.xxx.xxx.xxx 255.255.255.0 ip address inside 10.154.254.2 255.255.255.0 ip address dmz 10.124.254.2 255.255.255.0 ip verify reverse-path interface outside ip verify reverse-path interface inside ip verify reverse-path interface dmz ip audit info action alarm ip audit attack action alarm no pdm history enable arp timeout 14400 global (outside) 1 interface global (outside) 253 out.out.out.253 global (outside) 129 out.out.out.129 global (outside) 130 out.out.out.130 global (outside) 131 out.out.out.131 global (outside) 132 out.out.out.132 global (outside) 133 out.out.out.133 global (outside) 134 out.out.out.134 global (outside) 135 out.out.out.135 global (outside) 136 out.out.out.136 global (outside) 137 out.out.out.137 global (outside) 138 out.out.out.138 global (outside) 139 out.out.out.139 global (outside) 140 out.out.out.140 global (outside) 141 out.out.out.141 global (outside) 142 out.out.out.142 global (outside) 143 out.out.out.143 global (outside) 144 out.out.out.144 global (outside) 145 out.out.out.145 global (outside) 146 out.out.out.146 global (outside) 148 out.out.out.148 global (outside) 149 out.out.out.149 global (outside) 150 out.out.out.150 global (outside) 151 out.out.out.151 global (outside) 153 out.out.out.153 global (outside) 154 out.out.out.154 global (outside) 155 out.out.out.155 global (outside) 156 out.out.out.156 global (outside) 157 out.out.out.157 global (outside) 158 out.out.out.158 global (outside) 159 out.out.out.159 global (outside) 160 out.out.out.160 global (outside) 161 out.out.out.161 global (outside) 162 out.out.out.162 global (outside) 163 out.out.out.163 global (outside) 164 out.out.out.164 global (outside) 165 out.out.out.165 global (outside) 166 out.out.out.166 global (outside) 167 out.out.out.167 global (outside) 168 out.out.out.168 global (outside) 169 out.out.out.169 global (outside) 170 out.out.out.170 global (outside) 171 out.out.out.171 global (outside) 172 out.out.out.172 global (outside) 173 out.out.out.173 global (outside) 174 out.out.out.174 global (outside) 175 out.out.out.175 global (outside) 176 out.out.out.176 global (outside) 177 out.out.out.177 global (outside) 178 out.out.out.178 global (outside) 179 out.out.out.179 global (outside) 180 out.out.out.180 global (outside) 181 out.out.out.181 global (outside) 182 out.out.out.182 global (outside) 183 out.out.out.183 global (outside) 184 out.out.out.184 global (outside) 185 out.out.out.185 global (outside) 186 out.out.out.186 global (outside) 187 out.out.out.187 global (outside) 188 out.out.out.188 global (outside) 189 out.out.out.189 global (outside) 190 out.out.out.190 global (outside) 191 out.out.out.191 global (outside) 192 out.out.out.192 global (outside) 193 out.out.out.193 global (outside) 194 out.out.out.194 global (outside) 195 out.out.out.195 global (outside) 196 out.out.out.196 global (outside) 197 out.out.out.197 global (outside) 198 out.out.out.198 global (outside) 199 out.out.out.199 global (outside) 200 out.out.out.200 global (outside) 201 out.out.out.201 global (outside) 202 out.out.out.202 global (outside) 203 out.out.out.203 global (outside) 204 out.out.out.204 global (outside) 254 out.out.out.254 global (outside) 255 out.out.out.255 global (outside) 152 out.out.out.152 global (outside) 147 out.out.out.147 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 129 10.125.0.0 255.255.252.0 0 0 nat (dmz) 151 10.125.4.0 255.255.252.0 0 0 nat (dmz) 162 10.125.8.0 255.255.252.0 0 0 nat (dmz) 135 10.125.12.0 255.255.252.0 0 0 nat (dmz) 145 10.125.16.0 255.255.252.0 0 0 nat (dmz) 146 10.125.20.0 255.255.252.0 0 0 nat (dmz) 147 10.125.24.0 255.255.252.0 0 0 nat (dmz) 148 10.125.28.0 255.255.252.0 0 0 nat (dmz) 149 10.125.32.0 255.255.252.0 0 0 nat (dmz) 150 10.125.36.0 255.255.252.0 0 0 nat (dmz) 152 10.125.40.0 255.255.252.0 0 0 nat (dmz) 153 10.125.44.0 255.255.252.0 0 0 nat (dmz) 154 10.125.48.0 255.255.252.0 0 0 nat (dmz) 155 10.125.52.0 255.255.252.0 0 0 nat (dmz) 156 10.125.56.0 255.255.252.0 0 0 nat (dmz) 157 10.125.60.0 255.255.252.0 0 0 nat (dmz) 158 10.125.64.0 255.255.252.0 0 0 nat (dmz) 159 10.125.68.0 255.255.252.0 0 0 nat (dmz) 160 10.125.72.0 255.255.252.0 0 0 nat (dmz) 161 10.125.76.0 255.255.252.0 0 0 nat (dmz) 163 10.125.80.0 255.255.252.0 0 0 nat (dmz) 164 10.125.88.0 255.255.252.0 0 0 nat (dmz) 165 10.125.92.0 255.255.252.0 0 0 nat (dmz) 166 10.125.96.0 255.255.252.0 0 0 nat (dmz) 130 10.125.100.0 255.255.252.0 0 0 nat (dmz) 131 10.125.104.0 255.255.252.0 0 0 nat (dmz) 132 10.125.108.0 255.255.252.0 0 0 nat (dmz) 133 10.125.112.0 255.255.252.0 0 0 nat (dmz) 134 10.125.116.0 255.255.252.0 0 0 nat (dmz) 136 10.125.120.0 255.255.252.0 0 0 nat (dmz) 137 10.125.124.0 255.255.252.0 0 0 nat (dmz) 138 10.125.128.0 255.255.252.0 0 0 nat (dmz) 139 10.125.132.0 255.255.252.0 0 0 nat (dmz) 140 10.125.136.0 255.255.252.0 0 0 nat (dmz) 141 10.125.140.0 255.255.252.0 0 0 nat (dmz) 142 10.125.144.0 255.255.252.0 0 0 nat (dmz) 143 10.125.148.0 255.255.252.0 0 0 nat (dmz) 144 10.125.152.0 255.255.252.0 0 0 nat (dmz) 167 10.155.0.0 255.255.252.0 0 0 nat (dmz) 188 10.155.4.0 255.255.252.0 0 0 nat (dmz) 199 10.155.8.0 255.255.252.0 0 0 nat (dmz) 173 10.155.12.0 255.255.252.0 0 0 nat (dmz) 182 10.155.16.0 255.255.252.0 0 0 nat (dmz) 183 10.155.20.0 255.255.252.0 0 0 nat (dmz) 184 10.155.24.0 255.255.252.0 0 0 nat (dmz) 185 10.155.28.0 255.255.252.0 0 0 nat (dmz) 186 10.155.32.0 255.255.252.0 0 0 nat (dmz) 187 10.155.36.0 255.255.252.0 0 0 nat (dmz) 189 10.155.40.0 255.255.252.0 0 0 nat (dmz) 190 10.155.44.0 255.255.252.0 0 0 nat (dmz) 191 10.155.48.0 255.255.252.0 0 0 nat (dmz) 192 10.155.52.0 255.255.252.0 0 0 nat (dmz) 193 10.155.56.0 255.255.252.0 0 0 nat (dmz) 194 10.155.60.0 255.255.252.0 0 0 nat (dmz) 195 10.155.64.0 255.255.252.0 0 0 nat (dmz) 196 10.155.68.0 255.255.252.0 0 0 nat (dmz) 197 10.155.72.0 255.255.252.0 0 0 nat (dmz) 198 10.155.76.0 255.255.252.0 0 0 nat (dmz) 200 10.155.80.0 255.255.252.0 0 0 nat (dmz) 201 10.155.88.0 255.255.252.0 0 0 nat (dmz) 202 10.155.92.0 255.255.252.0 0 0 nat (dmz) 203 10.155.96.0 255.255.252.0 0 0 nat (dmz) 168 10.155.100.0 255.255.252.0 0 0 nat (dmz) 169 10.155.104.0 255.255.252.0 0 0 nat (dmz) 170 10.155.108.0 255.255.252.0 0 0 nat (dmz) 171 10.155.112.0 255.255.252.0 0 0 nat (dmz) 172 10.155.116.0 255.255.252.0 0 0 nat (dmz) 174 10.155.120.0 255.255.252.0 0 0 nat (dmz) 175 10.155.124.0 255.255.252.0 0 0 nat (dmz) 176 10.155.128.0 255.255.252.0 0 0 nat (dmz) 177 10.155.132.0 255.255.252.0 0 0 nat (dmz) 178 10.155.136.0 255.255.252.0 0 0 nat (dmz) 179 10.155.140.0 255.255.252.0 0 0 nat (dmz) 180 10.155.144.0 255.255.252.0 0 0 nat (dmz) 181 10.155.148.0 255.255.252.0 0 0 nat (dmz) 204 10.51.0.0 255.255.0.0 0 0 nat (dmz) 253 10.121.0.0 255.255.0.0 0 0 nat (dmz) 255 10.124.0.0 255.255.0.0 0 0 nat (dmz) 254 10.154.0.0 255.255.0.0 0 0 nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) out.out.out.205 10.25.13.250 netmask 255.255.255.255 0 0 static (inside,outside) out.out.out.206 10.25.23.250 netmask 255.255.255.255 0 0 access-group 121 in interface outside access-group 122 in interface inside access-group 123 in interface dmz route outside 0.0.0.0 0.0.0.0 193.88.70.1 1 route inside 10.51.0.0 255.255.0.0 10.154.254.1 1 route dmz 10.121.0.0 255.255.0.0 10.124.254.1 1 route dmz 10.124.0.0 255.252.0.0 10.124.254.1 1 route inside 10.154.0.0 255.255.255.0 10.154.254.1 1 route inside 10.155.0.0 255.255.255.0 10.154.254.1 1 route inside 10.156.0.0 255.255.255.0 10.154.254.1 1 route inside 10.157.0.0 255.255.255.0 10.154.254.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:30:00 absolute uauth 0:30:00 inactivity aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 5 aaa-server RADIUS deadtime 10 aaa-server RADIUS (inside) host 10.51.2.15 pwd timeout 10 aaa-server LOCAL protocol local aaa authentication include tcp/0 inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 RADIUS aaa authentication ssh console LOCAL ntp server 193.162.153.164 source outside tftp-server outside priv.priv.priv / floodguard enable telnet timeout 5 ssh priv.priv.priv 255.255.255.255 outside ssh timeout 15 console timeout 0 terminal width 120 : end