PIX Version 6.3(3)
interface ethernet0 10full
interface ethernet1 100full
interface ethernet2 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security4
enable password  encrypted
passwd encrypted
hostname xxxxx
domain-name xxxx.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list traffic_from_dmz permit tcp dmz-net 255.255.255.0 any eq www
access-list traffic_from_dmz permit udp dmz-net 255.255.255.0 any eq ntp
access-list traffic_from_dmz permit udp dmz-net 255.255.255.0 inside-net 255.255.252.0 eq domain
access-list traffic_from_dmz permit tcp dmz-net 255.255.255.0 inside-net 255.255.252.0 eq ftp
access-list traffic_from_dmz permit tcp dmz-net 255.255.255.0 host xxxrv4 eq smtp
access-list traffic_from_dmz permit tcp dmz-net 255.255.255.0 host xxxxx eq citrix-ica
access-list traffic_from_dmz permit tcp dmz-net 255.255.255.0 host ups eq 3052
access-list traffic_from_dmz permit udp dmz-net 255.255.255.0 host xxxx eq 5500
access-list traffic_from_dmz permit ip dmz-net 255.255.255.0 xxxxx 255.255.255.0
access-list traffic_from_dmz permit ip dmz-net 255.255.255.0 xxxxxx 255.255.255.0
access-list traffic_from_dmz permit icmp any any
access-list traffic_from_dmz deny ip any any
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.132 eq smtp
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.133 eq www
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.133 eq https
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.134 eq www
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.134 eq https
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.135 eq www
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.135 eq https
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.136 eq www
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.136 eq https
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.137 eq www
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.137 eq https
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.138 eq www
access-list traffic_from_outside permit tcp any host xxx.yyy.zzz.138 eq https
access-list traffic_from_outside permit icmp any any echo-reply
access-list traffic_from_outside deny ip any any
access-list inside_outbound_nat0_acl permit ip inside-net 255.255.252.0 xxxxx 255.255.255.0
access-list inside_outbound_nat0_acl permit ip inside-net 255.255.252.0 xxxx 255.255.255.0
access-list outside_cryptomap_10 permit ip inside-net 255.255.252.0 xxxxx-net 255.255.255.0
access-list outside_cryptomap_10 permit ip dmz-net 255.255.255.0 xxxxx-net 255.255.255.0
access-list outside_cryptomap_20 permit ip inside-net 255.255.252.0 xxxxx-net 255.255.255.0
access-list outside_cryptomap_20 permit ip dmz-net 255.255.255.0 xxxxx-net 255.255.255.0
access-list dmz_outbound_nat0_acl permit ip dmz-net 255.255.252.0 xxxxx-net 255.255.255.0
access-list dmz_outbound_nat0_acl permit ip dmz-net 255.255.252.0 xxxxx-net 255.255.255.0
access-list traffic_from_inside permit tcp any any eq www
access-list traffic_from_inside permit tcp any any eq https
access-list traffic_from_inside permit tcp any any eq 1863
access-list traffic_from_inside permit icmp any any
access-list traffic_from_inside permit tcp any host xxxxxxx53 eq ftp
access-list traffic_from_inside permit tcp any host xxxxxxx34 eq ftp
access-list traffic_from_inside permit tcp any host xxxxxxx84 eq citrix-ica
access-list traffic_from_inside permit udp any host xxxxxx eq 1604
access-list traffic_from_inside permit tcp any host xxxxxxx.60 eq nntp
access-list traffic_from_inside permit ip inside-net 255.255.252.0 dmz-net 255.255.255.0
access-list traffic_from_inside permit ip xxxxx-net1 255.255.0.0 dmz-net 255.255.255.0
access-list traffic_from_inside permit ip xxxxx-net2 255.255.252.0 dmz-net 255.255.255.0
access-list traffic_from_inside permit ip any xxxxx-net 255.255.255.0
access-list traffic_from_inside permit ip any xxxxx-net 255.255.255.0
access-list traffic_from_inside permit udp host xxxxx1 any eq domain
access-list traffic_from_inside permit udp host xxxxx3 any eq domain
access-list traffic_from_inside permit udp host box any eq domain
access-list traffic_from_inside permit udp host xxxxx1 any eq ntp
access-list traffic_from_inside permit udp host xxxxx3 any eq ntp
access-list traffic_from_inside permit tcp host xxxxx4 any eq smtp
access-list traffic_from_inside permit tcp host xxxx   any eq ftp
access-list traffic_from_inside permit tcp host box any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.201 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.202 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.203 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.204 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.205 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.206 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.207 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.208 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.209 any eq ftp
access-list traffic_from_inside permit tcp host 172.28.10.210 any eq ftp
access-list traffic_from_inside permit ip host 172.28.10.3 any
access-list traffic_from_inside permit ip host 172.28.9.252 any
access-list traffic_from_inside deny ip any any
no pager
logging on
logging buffered informational
logging trap informational
logging host inside xxxxx2
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside xxx.yyy.zzz.130 255.255.255.224
ip address inside 172.28.11.248 255.255.252.0
ip address dmz 172.28.100.253 255.255.255.0
ip audit name IDS_info info action alarm drop
ip audit name IDS_Attack attack action alarm reset
ip audit interface outside IDS_Attack
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
static (dmz,outside) tcp xxx.yyy.zzz.133 https xxxwb_17 446 netmask 255.255.255.255 0 0
static (dmz,outside) tcp xxx.yyy.zzz.133 www xxxwb_17 www netmask 255.255.255.255 0 0
static (inside,dmz) inside-net inside-net netmask 255.255.252.0 0 0
static (dmz,outside) xxx.yyy.zzz.134 xxxwb_11 netmask 255.255.255.255 0 0
static (dmz,outside) xxx.yyy.zzz.135 xxxwb_12 netmask 255.255.255.255 0 0
static (dmz,outside) xxx.yyy.zzz.136 xxxwb_13 netmask 255.255.255.255 0 0
static (dmz,outside) xxx.yyy.zzz.137 xxxwb_14 netmask 255.255.255.255 0 0
static (inside,outside) xxx.yyy.zzz.132 xxxxx4 netmask 255.255.255.255 0 0
static (dmz,outside) xxx.yyy.zzz.138 xxxwb_15 netmask 255.255.255.255 0 0
access-group traffic_from_outside in interface outside
access-group traffic_from_inside in interface inside
access-group traffic_from_dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 xxx.yyy.zzz.129 1
route inside yyyy-net 255.255.255.0 172.28.11.253 1
route inside xxxxx-net1 255.255.0.0 172.28.11.251 1
route inside xxxxx-net2 255.255.252.0 172.28.11.251 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http inside-net 255.255.252.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 10 ipsec-isakmp
crypto map outside_map 10 match address outside_cryptomap_10
crypto map outside_map 10 set peer xxxxxxxxx.110
crypto map outside_map 10 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer xxxxxxx.134
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address xxxxxxxx110 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address xxxxxxxx.134 netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 172.28.9.250 255.255.255.255 inside
telnet 172.28.9.251 255.255.255.255 inside
telnet 172.28.9.252 255.255.255.255 inside
telnet 172.28.9.253 255.255.255.255 inside
telnet xxxxx2 255.255.255.255 inside
telnet 172.28.10.0 255.255.255.0 inside
telnet timeout 30
ssh xxxxxxxxxxx.0 255.255.255.0 outside
ssh xxxxxxxxxx.0 255.255.255.0 outside
ssh timeout 30
console timeout 0
terminal width 80
Cryptochecksum:db1743297585e4ba
: end