pix# show version Cisco PIX Security Appliance Software Version 8.0(2) Compiled on Fri 15-Jun-07 18:25 by builders System image file is "flash:/image" Config file at boot was "startup-config" pannonvolanfw up 8 days 22 hours Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz Flash E28F128J3 @ 0xfff00000, 16MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB 0: Ext: Ethernet0 : address is 0013.8098.ff4a, irq 10 1: Ext: Ethernet1 : address is 0013.8098.ff4b, irq 11 2: Ext: Ethernet2 : address is 000e.0c6f.9001, irq 11 Licensed features for this platform: Maximum Physical Interfaces : 3 Maximum VLANs : 10 Inside Hosts : Unlimited Failover : Disabled VPN-DES : Enabled VPN-3DES-AES : Enabled Cut-through Proxy : Enabled Guards : Enabled URL Filtering : Enabled Security Contexts : 0 GTP/GPRS : Disabled VPN Peers : Unlimited This platform has a Restricted (R) license. Serial Number: ***** Running Activation Key: ***** Configuration last modified by enable_15 at 10:52:40.149 UTC Fri Nov 28 2008 pix# show run : Saved : PIX Version 8.0(2) ! hostname ***** domain-name ***** enable password ***** encrypted names dns-guard ! interface Ethernet0 nameif outside security-level 0 ip address pppoe setroute ! interface Ethernet1 nameif intranet security-level 50 ip address 192.168.61.110 255.255.255.0 ! interface Ethernet2 nameif inside security-level 100 ip address 172.16.0.1 255.255.0.0 ! passwd ***** encrypted no ftp mode passive dns server-group DefaultDNS domain-name ***** object-group network pop3-passthru network-object 192.168.61.199 255.255.255.255 network-object 192.168.61.36 255.255.255.255 network-object 192.168.61.33 255.255.255.255 network-object 192.168.61.71 255.255.255.255 network-object 192.168.61.138 255.255.255.255 network-object 192.168.61.200 255.255.255.255 object-group network server-group network-object 192.168.61.109 255.255.255.255 network-object 192.168.61.103 255.255.255.255 network-object 192.168.61.111 255.255.255.255 network-object 192.168.61.115 255.255.255.255 network-object 192.168.61.3 255.255.255.255 network-object 192.168.61.7 255.255.255.255 network-object 192.168.61.53 255.255.255.255 network-object 192.168.61.114 255.255.255.255 network-object 192.168.61.101 255.255.255.255 network-object 192.168.61.100 255.255.255.255 access-list intradmz extended permit icmp any any access-list intradmz extended permit tcp host 192.168.61.71 any eq 5900 access-list intradmz extended permit gre any any access-list intradmz extended permit esp any any access-list intradmz extended permit tcp any any eq pptp access-list intradmz extended permit udp any any eq isakmp access-list intradmz extended permit tcp any any eq ftp access-list intradmz extended permit tcp any any eq 8182 access-list intradmz extended permit tcp any any eq https access-list intradmz extended permit tcp host 192.168.61.121 any eq 21000 access-list intradmz extended permit udp host 192.168.61.121 any eq 21000 access-list intradmz extended permit ip any 192.168.81.0 255.255.255.0 access-list intradmz extended permit tcp object-group pop3-passthru any eq pop3 access-list intradmz extended permit ip object-group server-group any access-list internet extended permit icmp any any access-list internet extended permit tcp any interface outside eq smtp access-list internet extended permit tcp any interface outside eq ftp access-list internet extended permit tcp any interface outside eq 995 access-list internet extended permit tcp any interface outside eq ident access-list internet extended permit tcp any interface outside eq pptp access-list internet extended permit gre any interface outside access-list internet extended permit tcp any interface outside eq https access-list internet extended permit tcp host ***** interface outside access-list internet extended permit udp host ***** interface outside access-list internet extended permit esp any any access-list internet extended permit tcp any interface outside eq 23389 access-list internet extended permit tcp any interface outside eq 5500 access-list internet extended permit tcp any interface outside eq ssh access-list internet extended permit tcp any interface outside eq 13389 access-list internet extended permit ip 192.168.81.0 255.255.255.0 any access-list dk-ip extended permit tcp any host ***** access-list dk-ip extended permit tcp any host ***** access-list dk-ip extended permit tcp any host ***** access-list DEMAND_DIAL_VPN_CLIENTS extended permit ip 192.168.61.0 255.255.255.0 192.168.81.0 255.255.255.0 access-list NO_NAT extended permit ip 192.168.61.0 255.255.255.0 192.168.81.0 255.255.255.0 pager lines 22 logging enable logging monitor debugging logging trap warnings logging host inside 192.168.61.109 mtu outside 1492 mtu intranet 1500 mtu inside 1500 ip local pool DEMAND_DIAL_VPN_CLIENT_POOL 192.168.81.100-192.168.81.150 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (intranet) 1 192.168.0.0 255.255.0.0 nat (inside) 0 access-list NO_NAT static (intranet,outside) tcp interface 13389 192.168.61.100 3389 netmask 255.255.255.255 static (intranet,outside) tcp interface 1122 192.168.61.100 ssh netmask 255.255.255.255 static (intranet,outside) tcp interface 23389 192.168.61.111 3389 netmask 255.255.255.255 static (intranet,outside) tcp interface ftp 192.168.61.109 ftp netmask 255.255.255.255 static (intranet,outside) tcp interface smtp 192.168.61.109 smtp netmask 255.255.255.255 static (intranet,outside) tcp interface https 192.168.61.109 https netmask 255.255.255.255 static (intranet,outside) tcp interface 5500 192.168.61.109 ssh netmask 255.255.255.255 access-group internet in interface outside access-group intradmz in interface intranet route intranet 192.168.0.0 255.255.0.0 192.168.61.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius snmp-server host intranet 192.168.61.109 community public snmp-server location ***** snmp-server contact ***** snmp-server community ***** crypto ipsec transform-set TRANS_ESP_AES_SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto dynamic-map DYN_MAP 10 set transform-set TRANS_ESP_AES_SHA TRANS_ESP_3DES_SHA crypto dynamic-map DYN_MAP 10 set security-association lifetime seconds 86400 crypto map OUTSIDE_MAP 30 ipsec-isakmp dynamic DYN_MAP crypto map OUTSIDE_MAP interface outside crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 20 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 192.168.61.109 255.255.255.255 intranet telnet timeout 30 ssh ***** 255.255.255.255 outside ssh timeout 15 ssh version 1 console timeout 0 vpdn group pppoex request dialout pppoe vpdn group pppoex localname ***** vpdn group pppoex ppp authentication pap vpdn username ***** password ********* priority-queue outside no threat-detection basic-threat no threat-detection statistics access-list ! class-map inspection_default match default-inspection-traffic class-map dk-eleres match access-list dk-ip class-map mail_traffic match port tcp eq smtp ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect ils inspect netbios inspect pptp inspect rsh inspect rtsp inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect esmtp policy-map qos class mail_traffic police output 122500 class dk-eleres priority ! service-policy global_policy global service-policy qos interface outside ssl encryption rc4-sha1 group-policy CISCO_CLIENT_VPN_POLICY internal group-policy CISCO_CLIENT_VPN_POLICY attributes dns-server value 192.168.61.111 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value DEMAND_DIAL_VPN_CLIENTS default-domain value ***** nem enable username ***** password ***** encrypted privilege 15 tunnel-group CISCO_CLIENT_VPN_GROUP type remote-access tunnel-group CISCO_CLIENT_VPN_GROUP general-attributes address-pool DEMAND_DIAL_VPN_CLIENT_POOL default-group-policy CISCO_CLIENT_VPN_POLICY tunnel-group CISCO_CLIENT_VPN_GROUP ipsec-attributes pre-shared-key * prompt hostname context Cryptochecksum:ee45fa26bbdc56d177afce0509c6deea : end