PIX Version 7.0(4) ! hostname steinway-fw domain-name steinway.com enable password Iyjmv9dl1EzaK7td encrypted names ! interface Ethernet0 nameif outside security-level 0 ip address 63.139.224.161 255.255.255.224 ! interface Ethernet1 nameif inside security-level 100 ip address 172.31.1.251 255.255.0.0 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! passwd Iyjmv9dl1EzaK7td encrypted boot system flash:/image.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring same-security-traffic permit intra-interface access-list Outside extended permit icmp any any access-list Outside extended permit tcp any host 63.139.224.190 eq www access-list Outside extended permit tcp any host 63.139.224.189 eq www access-list Outside extended permit tcp any host 63.139.224.189 eq https access-list Outside extended permit tcp any host 63.139.224.188 eq smtp access-list Outside extended permit tcp any host 63.139.224.187 eq www access-list Outside extended permit tcp any host 63.139.224.187 eq https access-list Outside extended permit tcp any host 63.139.224.187 eq 88 access-list Outside extended permit tcp any host 63.139.224.187 eq 8081 access-list Outside extended permit tcp host 66.18.18.11 host 63.139.224.188 eq ssh access-list Outside extended permit tcp host 206.51.26.33 host 63.139.224.187 eq 3101 access-list Outside extended permit tcp any host 63.139.224.185 eq 5900 access-list Outside extended permit tcp any host 63.139.224.185 eq 5901 access-list Outside extended permit tcp any host 63.139.224.185 eq 5903 access-list Outside extended permit tcp any host 63.139.224.185 eq 5902 access-list Outside extended permit tcp any host 63.139.224.187 eq ftp access-list Outside extended permit tcp any host 63.139.224.183 eq www access-list Outside extended permit tcp any host 63.139.224.182 eq www access-list Outside extended permit tcp any host 63.139.224.179 eq 3389 access-list Outside extended permit tcp any host 63.139.224.178 eq www access-list Outside extended permit tcp any host 63.139.224.186 eq www access-list Outside extended permit tcp host 67.82.62.48 host 63.139.224.169 eq 3389 access-list Outside extended permit tcp host 193.15.14.148 host 63.139.224.176 eq 3389 access-list Outside extended permit tcp host 68.196.93.39 host 63.139.224.176 eq 3389 access-list Outside extended permit tcp host 68.196.93.39 host 63.139.224.184 eq 3389 access-list Outside extended permit tcp host 125.22.246.79 host 63.139.224.176 eq 3389 access-list Outside extended permit tcp host 125.22.246.79 host 63.139.224.184 eq 3389 access-list Outside extended permit tcp host 68.236.222.233 host 63.139.224.180 eq 3389 access-list Outside extended permit tcp host 59.92.88.59 host 63.139.224.176 eq 3389 access-list Outside extended permit tcp host 68.196.84.209 host 63.139.224.176 eq 3389 access-list Outside extended permit tcp host 59.92.88.59 host 63.139.224.184 eq 3389 access-list Outside extended permit tcp host 68.196.84.209 host 63.139.224.184 eq 3389 access-list Outside extended permit tcp any host 63.139.224.181 eq www access-list Outside extended permit tcp host 204.187.87.33 host 63.139.224.177 eq 3101 access-list Outside extended permit tcp host 68.196.93.39 host 63.139.224.174 eq 3389 access-list Outside extended permit tcp host 125.22.245.82 host 63.139.224.174 eq 3389 access-list Outside extended permit tcp 206.51.26.0 255.255.255.0 host 63.139.224.187 eq 3101 access-list Outside extended permit tcp 204.187.87.0 255.255.255.0 host 63.139.224.187 eq 3101 access-list Outside extended permit tcp 216.9.240.0 255.255.240.0 host 63.139.224.187 eq 3101 access-list Outside extended permit tcp 206.53.144.0 255.255.240.0 host 63.139.224.187 eq 3101 access-list Outside extended permit tcp 193.109.81.0 255.255.255.0 host 63.139.224.187 eq 3101 access-list Outside extended permit tcp host 125.22.246.79 host 63.139.224.186 eq 3389 access-list Outside extended permit tcp host 59.92.88.59 host 63.139.224.186 eq 3389 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 192.168.32.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 172.16.40.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.4.0 255.255.255.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 172.16.40.0 255.255.255.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 172.16.0.0 255.255.0.0 access-list bypassingnat extended deny ip 172.31.0.0 255.255.0.0 10.1.1.0 255.255.255.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.0.0 255.255.0.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 host 1.1.6.1 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 host 1.1.5.1 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 host 1.1.4.1 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.7.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.7.0 255.255.255.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 172.16.20.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.2.0 255.255.255.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 172.16.20.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.5.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.2.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.6.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.7.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.20.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.40.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.50.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.60.0 255.255.255.0 access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.70.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 192.1.1.0 255.255.255.0 access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 192.1.10.0 255.255.255.0 access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 172.16.0.0 255.255.0.0 access-list splitT extended permit ip 172.31.0.0 255.255.0.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 10.1.1.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 10.1.5.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 10.1.2.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 10.1.4.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 10.1.6.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 10.1.7.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 172.16.20.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 172.16.40.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 172.16.50.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 172.16.60.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list splitT extended permit ip 172.16.70.0 255.255.255.0 192.168.32.0 255.255.255.0 access-list IPSEC-westbury extended permit ip 172.31.0.0 255.255.0.0 172.16.50.0 255.255.255.0 access-list IPSEC-westbury extended permit ip 10.1.1.0 255.255.255.0 10.1.5.0 255.255.255.0 access-list IPSEC-westbury extended permit ip 172.31.0.0 255.255.0.0 10.1.5.0 255.255.255.0 access-list IPSEC-westbury extended permit ip 10.1.1.0 255.255.255.0 172.16.50.0 255.255.255.0 access-list IPSEC-westbury extended permit ip 10.1.1.0 255.255.255.0 host 1.1.5.1 access-list IPSEC-westbury extended permit ip 192.168.32.0 255.255.255.0 10.1.5.0 255.255.255.0 access-list IPSEC-westbury extended permit ip 192.168.32.0 255.255.255.0 172.16.50.0 255.255.255.0 access-list IPSEC-conn extended permit ip 172.31.0.0 255.255.0.0 172.16.60.0 255.255.255.0 IPSEC-conn extended permit ip 10.1.1.0 255.255.255.0 10.1.6.0 255.255.255.0 access-list IPSEC-conn extended permit ip 172.31.0.0 255.255.0.0 10.1.6.0 255.255.255.0 access-list IPSEC-conn extended permit ip 10.1.1.0 255.255.255.0 172.16.60.0 255.255.255.0 access-list IPSEC-conn extended permit ip 10.1.1.0 255.255.255.0 host 1.1.6.1 access-list IPSEC-conn extended permit ip 192.168.32.0 255.255.255.0 172.16.60.0 255.255.255.0 access-list IPSEC-conn extended permit ip 192.168.32.0 255.255.255.0 10.1.6.0 255.255.255.0 access-list outside extended permit tcp any any eq pptp access-list IPSEC-paramus extended permit ip 10.1.1.0 255.255.255.0 host 1.1.4.1 access-list IPSEC-paramus extended permit ip 10.1.1.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list IPSEC-paramus extended permit ip 172.31.0.0 255.255.0.0 172.16.40.0 255.255.255.0 access-list IPSEC-paramus extended permit ip 172.31.0.0 255.255.0.0 10.1.4.0 255.255.255.0 access-list IPSEC-paramus extended permit ip 10.1.1.0 255.255.255.0 172.16.40.0 255.255.255.0 access-list IPSEC-paramus extended permit ip 192.168.32.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list IPSEC-paramus extended permit ip 192.168.32.0 255.255.255.0 172.16.40.0 255.255.255.0 access-list IPSEC-miami extended permit ip 10.1.1.0 255.255.255.0 host 1.1.7.1 access-list IPSEC-miami extended permit ip 10.1.1.0 255.255.255.0 10.1.7.0 255.255.255.0 access-list IPSEC-miami extended permit ip 172.31.0.0 255.255.0.0 172.16.70.0 255.255.255.0 access-list IPSEC-miami extended permit ip 172.31.0.0 255.255.0.0 10.1.7.0 255.255.255.0 access-list IPSEC-miami extended permit ip 10.1.1.0 255.255.255.0 172.16.70.0 255.255.255.0 access-list IPSEC-miami extended permit ip 192.168.32.0 255.255.255.0 172.16.70.0 255.255.255.0 access-list IPSEC-miami extended permit ip 192.168.32.0 255.255.255.0 10.1.7.0 255.255.255.0 access-list cap_traffic extended permit ip host 10.1.1.5 host 10.1.5.1 access-list cap_traffic extended permit ip host 10.1.5.1 host 10.1.1.5 access-list IPSEC-nyc extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 access-list IPSEC-nyc extended permit ip 172.31.0.0 255.255.0.0 172.16.20.0 255.255.255.0 access-list IPSEC-nyc extended permit ip 172.31.0.0 255.255.0.0 10.1.2.0 255.255.255.0 access-list IPSEC-nyc extended permit ip 10.1.1.0 255.255.255.0 172.16.20.0 255.255.255.0 access-list IPSEC-HAMBURG extended permit ip 172.31.0.0 255.255.0.0 192.1.1.0 255.255.255.0 access-list IPSEC-HAMBURG extended permit ip 172.31.0.0 255.255.0.0 192.1.10.0 255.255.255.0 ! mgcp-map asa_mgcp_map call-agent 10.1.1.4 1 call-agent 10.1.1.5 1 gateway 10.1.4.1 1 gateway 10.1.5.1 1 gateway 10.1.6.1 1 gateway 10.1.7.1 1 ! pager lines 24 logging enable logging buffered warnings logging asdm informational mtu outside 1500 mtu inside 1500 ip local pool ciscovpn 192.168.32.1-192.168.32.254 ERROR: Command requires failover license ERROR: Command requires failover license asdm image flash:/asdm-504.bin asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list bypassingnat nat (inside) 1 10.1.1.0 255.255.255.0 nat (inside) 1 192.168.32.0 255.255.255.0 nat (inside) 1 192.168.200.0 255.255.255.0 nat (inside) 1 172.31.0.0 255.255.0.0 static (inside,outside) tcp 63.139.224.185 5900 10.1.1.4 5900 netmask 255.255.255.255 static (inside,outside) tcp 63.139.224.185 5901 10.1.1.5 5901 netmask 255.255.255.255 static (inside,outside) tcp 63.139.224.185 5902 10.1.1.6 5902 netmask 255.255.255.255 static (inside,outside) tcp 63.139.224.185 5903 192.168.200.2 5903 netmask 255.255.255.255 static (inside,outside) tcp 63.139.224.185 3389 192.168.200.2 3389 netmask 255.255.255.255 static (inside,outside) 63.139.224.190 172.31.2.14 netmask 255.255.255.255 static (inside,outside) 63.139.224.187 172.31.2.12 netmask 255.255.255.255 static (inside,outside) 63.139.224.188 172.31.2.30 netmask 255.255.255.255 static (inside,outside) 63.139.224.189 172.31.2.47 netmask 255.255.255.255 static (inside,outside) 63.139.224.186 172.31.2.8 netmask 255.255.255.255 static (inside,outside) 63.139.224.183 172.31.2.49 netmask 255.255.255.255 dns static (inside,outside) 63.139.224.179 172.31.2.36 netmask 255.255.255.255 static (inside,outside) 63.139.224.178 172.31.2.54 netmask 255.255.255.255 static (inside,outside) 63.139.224.175 172.31.4.30 netmask 255.255.255.255 static (inside,outside) 63.139.224.169 172.31.2.28 netmask 255.255.255.255 static (inside,outside) 63.139.224.182 172.31.2.55 netmask 255.255.255.255 static (inside,outside) 63.139.224.176 172.31.2.13 netmask 255.255.255.255 static (inside,outside) 63.139.224.184 172.31.2.60 netmask 255.255.255.255 static (inside,outside) 63.139.224.180 172.31.2.16 netmask 255.255.255.255 static (inside,outside) 63.139.224.181 172.31.2.144 netmask 255.255.255.255 static (inside,outside) 63.139.224.177 172.31.2.143 netmask 255.255.255.255 static (inside,outside) 63.139.224.174 172.31.2.37 netmask 255.255.255.255 access-group Outside in interface outside route outside 0.0.0.0 0.0.0.0 63.139.224.162 1 route inside 192.168.200.0 255.255.255.0 172.31.1.1 1 route inside 172.16.4.0 255.255.255.0 172.31.1.1 1 route inside 10.1.1.0 255.255.255.0 172.31.1.1 1 route inside 10.1.2.0 255.255.255.0 172.31.1.1 1 route inside 172.16.20.0 255.255.255.0 172.31.1.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius group-policy tech internal group-policy tech attributes wins-server value 172.31.2.1 dns-server value 172.31.2.1 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value splitT group-policy split-dns internal group-policy split-dns attributes vpn-idle-timeout 30 group-policy steinway internal group-policy steinway attributes wins-server value 172.31.2.1 172.31.2.27 dns-server value 172.31.2.1 172.31.2.27 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value splitT default-domain value steinway.com group-policy show internal group-policy show attributes vpn-idle-timeout 30 http server enable http 172.31.0.0 255.255.0.0 inside http 10.1.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set strong esp-des esp-md5-hmac crypto ipsec transform-set westbury-SET esp-des esp-sha-hmac crypto ipsec transform-set conn-SET esp-des esp-sha-hmac crypto ipsec transform-set paramus-SET esp-des esp-sha-hmac crypto ipsec transform-set miami-SET esp-des esp-sha-hmac crypto ipsec transform-set nyc-SET esp-des esp-sha-hmac crypto ipsec transform-set HAMBURG-SET esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 3600 crypto dynamic-map cuser 10 set transform-set strong crypto dynamic-map cuser 10 set security-association lifetime seconds 28800 crypto map remote 20 match address IPSEC-nyc crypto map remote 20 set peer 209.11.47.65 crypto map remote 20 set transform-set nyc-SET crypto map remote 20 set security-association lifetime seconds 28800 crypto map remote 21 match address IPSEC-westbury crypto map remote 21 set peer 67.103.235.79 crypto map remote 21 set transform-set westbury-SET crypto map remote 21 set security-association lifetime seconds 28800 crypto map remote 31 match address IPSEC-conn crypto map remote 31 set peer 69.182.149.54 crypto map remote 31 set transform-set conn-SET crypto map remote 31 set security-association lifetime seconds 28800 crypto map remote 40 match address IPSEC-paramus crypto map remote 40 set peer 70.21.254.30 crypto map remote 40 set transform-set paramus-SET crypto map remote 40 set security-association lifetime seconds 28800 crypto map remote 70 match address IPSEC-miami crypto map remote 70 set peer 68.16.251.36 crypto map remote 70 set transform-set miami-SET crypto map remote 70 set security-association lifetime seconds 28800 crypto map remote 80 match address IPSEC-HAMBURG crypto map remote 80 set peer 195.143.196.90 crypto map remote 80 set transform-set HAMBURG-SET crypto map remote 80 set security-association lifetime seconds 28800 crypto map remote 65535 ipsec-isakmp dynamic cuser crypto map remote interface outside isakmp identity address isakmp enable outside isakmp policy 21 authentication pre-share isakmp policy 21 encryption des isakmp policy 21 hash sha isakmp policy 21 group 2 isakmp policy 21 lifetime 86400 isakmp policy 31 authentication pre-share isakmp policy 31 encryption des isakmp policy 31 hash sha isakmp policy 31 group 1 isakmp policy 31 lifetime 86400 isakmp policy 65535 authentication pre-share isakmp policy 65535 encryption 3des isakmp policy 65535 hash sha isakmp policy 65535 group 2 isakmp policy 65535 lifetime 86400 isakmp nat-traversal 20 tunnel-group 67.103.235.79 type ipsec-l2l tunnel-group 67.103.235.79 ipsec-attributes pre-shared-key * tunnel-group 69.182.149.54 type ipsec-l2l tunnel-group 69.182.149.54 ipsec-attributes pre-shared-key * tunnel-group 70.21.254.30 type ipsec-l2l tunnel-group 70.21.254.30 ipsec-attributes pre-shared-key * tunnel-group tech type ipsec-ra tunnel-group tech general-attributes address-pool ciscovpn authentication-server-group (outside) none default-group-policy tech tunnel-group tech ipsec-attributes pre-shared-key * tunnel-group steinway type ipsec-ra tunnel-group steinway general-attributes address-pool ciscovpn authentication-server-group (outside) none default-group-policy steinway tunnel-group steinway ipsec-attributes pre-shared-key * tunnel-group split-dns type ipsec-ra tunnel-group split-dns general-attributes authentication-server-group (outside) none default-group-policy split-dns tunnel-group show type ipsec-ra tunnel-group show general-attributes authentication-server-group (outside) none default-group-policy show tunnel-group 68.16.251.36 type ipsec-l2l tunnel-group 68.16.251.36 ipsec-attributes pre-shared-key * tunnel-group 209.11.47.65 type ipsec-l2l tunnel-group 209.11.47.65 ipsec-attributes pre-shared-key * tunnel-group 195.143.196.90 type ipsec-l2l tunnel-group 195.143.196.90 ipsec-attributes pre-shared-key * telnet 172.31.0.0 255.255.0.0 inside telnet 10.1.1.0 255.255.255.0 inside telnet timeout 60 ssh 171.68.225.212 255.255.255.255 outside ssh 0.0.0.0 0.0.0.0 outside ssh 172.31.0.0 255.255.0.0 inside ssh timeout 20 ssh version 1 console timeout 0 dhcpd ping_timeout 750 dhcpd option 150 ip 10.1.1.5 ! class-map class_mgcp1 match port udp eq 2428 class-map class_mgcp2 match port udp eq 2727 class-map class_mgcp match port udp eq 2427 class-map class_http match port tcp eq 69 class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp class class_http inspect http class class_mgcp inspect mgcp asa_mgcp_map class class_mgcp1 inspect mgcp asa_mgcp_map class class_mgcp2 inspect mgcp asa_mgcp_map ! service-policy global_policy global Cryptochecksum:f75fbf4f4dbe87d1daad0999d6f06a52 : end