PIX Version 7.0(4) 
!
hostname steinway-fw
domain-name steinway.com
enable password Iyjmv9dl1EzaK7td encrypted
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 63.139.224.161 255.255.255.224 
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 172.31.1.251 255.255.0.0 
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd Iyjmv9dl1EzaK7td encrypted
boot system flash:/image.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
same-security-traffic permit intra-interface
access-list Outside extended permit icmp any any 
access-list Outside extended permit tcp any host 63.139.224.190 eq www 
access-list Outside extended permit tcp any host 63.139.224.189 eq www 
access-list Outside extended permit tcp any host 63.139.224.189 eq https 
access-list Outside extended permit tcp any host 63.139.224.188 eq smtp 
access-list Outside extended permit tcp any host 63.139.224.187 eq www 
access-list Outside extended permit tcp any host 63.139.224.187 eq https 
access-list Outside extended permit tcp any host 63.139.224.187 eq 88 
access-list Outside extended permit tcp any host 63.139.224.187 eq 8081 
access-list Outside extended permit tcp host 66.18.18.11 host 63.139.224.188 eq ssh 
access-list Outside extended permit tcp host 206.51.26.33 host 63.139.224.187 eq 3101 
access-list Outside extended permit tcp any host 63.139.224.185 eq 5900 
access-list Outside extended permit tcp any host 63.139.224.185 eq 5901 
access-list Outside extended permit tcp any host 63.139.224.185 eq 5903 
access-list Outside extended permit tcp any host 63.139.224.185 eq 5902 
access-list Outside extended permit tcp any host 63.139.224.187 eq ftp 
access-list Outside extended permit tcp any host 63.139.224.183 eq www 
access-list Outside extended permit tcp any host 63.139.224.182 eq www 
access-list Outside extended permit tcp any host 63.139.224.179 eq 3389 
access-list Outside extended permit tcp any host 63.139.224.178 eq www 
access-list Outside extended permit tcp any host 63.139.224.186 eq www 
access-list Outside extended permit tcp host 67.82.62.48 host 63.139.224.169 eq 3389 
access-list Outside extended permit tcp host 193.15.14.148 host 63.139.224.176 eq 3389 
access-list Outside extended permit tcp host 68.196.93.39 host 63.139.224.176 eq 3389 
access-list Outside extended permit tcp host 68.196.93.39 host 63.139.224.184 eq 3389 
access-list Outside extended permit tcp host 125.22.246.79 host 63.139.224.176 eq 3389 
access-list Outside extended permit tcp host 125.22.246.79 host 63.139.224.184 eq 3389 
access-list Outside extended permit tcp host 68.236.222.233 host 63.139.224.180 eq 3389 
access-list Outside extended permit tcp host 59.92.88.59 host 63.139.224.176 eq 3389 
access-list Outside extended permit tcp host 68.196.84.209 host 63.139.224.176 eq 3389 
access-list Outside extended permit tcp host 59.92.88.59 host 63.139.224.184 eq 3389 
access-list Outside extended permit tcp host 68.196.84.209 host 63.139.224.184 eq 3389 
access-list Outside extended permit tcp any host 63.139.224.181 eq www 
access-list Outside extended permit tcp host 204.187.87.33 host 63.139.224.177 eq 3101 
access-list Outside extended permit tcp host 68.196.93.39 host 63.139.224.174 eq 3389 
access-list Outside extended permit tcp host 125.22.245.82 host 63.139.224.174 eq 3389 
access-list Outside extended permit tcp 206.51.26.0 255.255.255.0 host 63.139.224.187 eq 3101 
access-list Outside extended permit tcp 204.187.87.0 255.255.255.0 host 63.139.224.187 eq 3101 
access-list Outside extended permit tcp 216.9.240.0 255.255.240.0 host 63.139.224.187 eq 3101 
access-list Outside extended permit tcp 206.53.144.0 255.255.240.0 host 63.139.224.187 eq 3101 
access-list Outside extended permit tcp 193.109.81.0 255.255.255.0 host 63.139.224.187 eq 3101 
access-list Outside extended permit tcp host 125.22.246.79  host 63.139.224.186 eq 3389
access-list Outside extended permit tcp host 59.92.88.59 host 63.139.224.186 eq 3389
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 192.168.32.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 172.16.40.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.4.0 255.255.255.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 172.16.40.0 255.255.255.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.4.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 172.16.0.0 255.255.0.0 
access-list bypassingnat extended deny ip 172.31.0.0 255.255.0.0 10.1.1.0 255.255.255.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.0.0 255.255.0.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.0.0 255.255.0.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 host 1.1.6.1 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 host 1.1.5.1 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 host 1.1.4.1 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.7.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.7.0 255.255.255.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 172.16.20.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 10.1.2.0 255.255.255.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 172.16.20.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.5.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.2.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.4.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.6.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 10.1.7.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.20.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.40.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.50.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.60.0 255.255.255.0 
access-list bypassingnat extended permit ip 192.168.32.0 255.255.255.0 172.16.70.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 192.1.1.0 255.255.255.0 
access-list bypassingnat extended permit ip 172.31.0.0 255.255.0.0 192.1.10.0 255.255.255.0 
access-list bypassingnat extended permit ip 10.1.1.0 255.255.255.0 172.16.0.0 255.255.0.0 
access-list splitT extended permit ip 172.31.0.0 255.255.0.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 10.1.1.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 10.1.5.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 10.1.2.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 10.1.4.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 10.1.6.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 10.1.7.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 172.16.20.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 172.16.40.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 172.16.50.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 172.16.60.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list splitT extended permit ip 172.16.70.0 255.255.255.0 192.168.32.0 255.255.255.0 
access-list IPSEC-westbury extended permit ip 172.31.0.0 255.255.0.0 172.16.50.0 255.255.255.0 
access-list IPSEC-westbury extended permit ip 10.1.1.0 255.255.255.0 10.1.5.0 255.255.255.0 
access-list IPSEC-westbury extended permit ip 172.31.0.0 255.255.0.0 10.1.5.0 255.255.255.0 
access-list IPSEC-westbury extended permit ip 10.1.1.0 255.255.255.0 172.16.50.0 255.255.255.0 
access-list IPSEC-westbury extended permit ip 10.1.1.0 255.255.255.0 host 1.1.5.1 
access-list IPSEC-westbury extended permit ip 192.168.32.0 255.255.255.0 10.1.5.0 255.255.255.0 
access-list IPSEC-westbury extended permit ip 192.168.32.0 255.255.255.0 172.16.50.0 255.255.255.0 
access-list IPSEC-conn extended permit ip 172.31.0.0 255.255.0.0 172.16.60.0 255.255.255.0 
IPSEC-conn extended permit ip 10.1.1.0 255.255.255.0 10.1.6.0 255.255.255.0 
access-list IPSEC-conn extended permit ip 172.31.0.0 255.255.0.0 10.1.6.0 255.255.255.0 
access-list IPSEC-conn extended permit ip 10.1.1.0 255.255.255.0 172.16.60.0 255.255.255.0 
access-list IPSEC-conn extended permit ip 10.1.1.0 255.255.255.0 host 1.1.6.1 
access-list IPSEC-conn extended permit ip 192.168.32.0 255.255.255.0 172.16.60.0 255.255.255.0 
access-list IPSEC-conn extended permit ip 192.168.32.0 255.255.255.0 10.1.6.0 255.255.255.0 
access-list outside extended permit tcp any any eq pptp 
access-list IPSEC-paramus extended permit ip 10.1.1.0 255.255.255.0 host 1.1.4.1 
access-list IPSEC-paramus extended permit ip 10.1.1.0 255.255.255.0 10.1.4.0 255.255.255.0 
access-list IPSEC-paramus extended permit ip 172.31.0.0 255.255.0.0 172.16.40.0 255.255.255.0 
access-list IPSEC-paramus extended permit ip 172.31.0.0 255.255.0.0 10.1.4.0 255.255.255.0 
access-list IPSEC-paramus extended permit ip 10.1.1.0 255.255.255.0 172.16.40.0 255.255.255.0 
access-list IPSEC-paramus extended permit ip 192.168.32.0 255.255.255.0 10.1.4.0 255.255.255.0 
access-list IPSEC-paramus extended permit ip 192.168.32.0 255.255.255.0 172.16.40.0 255.255.255.0 
access-list IPSEC-miami extended permit ip 10.1.1.0 255.255.255.0 host 1.1.7.1 
access-list IPSEC-miami extended permit ip 10.1.1.0 255.255.255.0 10.1.7.0 255.255.255.0 
access-list IPSEC-miami extended permit ip 172.31.0.0 255.255.0.0 172.16.70.0 255.255.255.0 
access-list IPSEC-miami extended permit ip 172.31.0.0 255.255.0.0 10.1.7.0 255.255.255.0 
access-list IPSEC-miami extended permit ip 10.1.1.0 255.255.255.0 172.16.70.0 255.255.255.0 
access-list IPSEC-miami extended permit ip 192.168.32.0 255.255.255.0 172.16.70.0 255.255.255.0 
access-list IPSEC-miami extended permit ip 192.168.32.0 255.255.255.0 10.1.7.0 255.255.255.0 
access-list cap_traffic extended permit ip host 10.1.1.5 host 10.1.5.1 
access-list cap_traffic extended permit ip host 10.1.5.1 host 10.1.1.5 
access-list IPSEC-nyc extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 
access-list IPSEC-nyc extended permit ip 172.31.0.0 255.255.0.0 172.16.20.0 255.255.255.0 
access-list IPSEC-nyc extended permit ip 172.31.0.0 255.255.0.0 10.1.2.0 255.255.255.0 
access-list IPSEC-nyc extended permit ip 10.1.1.0 255.255.255.0 172.16.20.0 255.255.255.0 
access-list IPSEC-HAMBURG extended permit ip 172.31.0.0 255.255.0.0 192.1.1.0 255.255.255.0 
access-list IPSEC-HAMBURG extended permit ip 172.31.0.0 255.255.0.0 192.1.10.0 255.255.255.0 
!
mgcp-map asa_mgcp_map
 call-agent 10.1.1.4 1
 call-agent 10.1.1.5 1
 gateway 10.1.4.1 1
 gateway 10.1.5.1 1
 gateway 10.1.6.1 1
 gateway 10.1.7.1 1
!
pager lines 24
logging enable
logging buffered warnings
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool ciscovpn 192.168.32.1-192.168.32.254
ERROR: Command requires failover license
ERROR: Command requires failover license
asdm image flash:/asdm-504.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list bypassingnat
nat (inside) 1 10.1.1.0 255.255.255.0
nat (inside) 1 192.168.32.0 255.255.255.0
nat (inside) 1 192.168.200.0 255.255.255.0
nat (inside) 1 172.31.0.0 255.255.0.0
static (inside,outside) tcp 63.139.224.185 5900 10.1.1.4 5900 netmask 255.255.255.255 
static (inside,outside) tcp 63.139.224.185 5901 10.1.1.5 5901 netmask 255.255.255.255 
static (inside,outside) tcp 63.139.224.185 5902 10.1.1.6 5902 netmask 255.255.255.255 
static (inside,outside) tcp 63.139.224.185 5903 192.168.200.2 5903 netmask 255.255.255.255 
static (inside,outside) tcp 63.139.224.185 3389 192.168.200.2 3389 netmask 255.255.255.255 
static (inside,outside) 63.139.224.190 172.31.2.14 netmask 255.255.255.255 
static (inside,outside) 63.139.224.187 172.31.2.12 netmask 255.255.255.255 
static (inside,outside) 63.139.224.188 172.31.2.30 netmask 255.255.255.255 
static (inside,outside) 63.139.224.189 172.31.2.47 netmask 255.255.255.255 
static (inside,outside) 63.139.224.186 172.31.2.8 netmask 255.255.255.255 
static (inside,outside) 63.139.224.183 172.31.2.49 netmask 255.255.255.255 dns 
static (inside,outside) 63.139.224.179 172.31.2.36 netmask 255.255.255.255 
static (inside,outside) 63.139.224.178 172.31.2.54 netmask 255.255.255.255 
static (inside,outside) 63.139.224.175 172.31.4.30 netmask 255.255.255.255 
static (inside,outside) 63.139.224.169 172.31.2.28 netmask 255.255.255.255 
static (inside,outside) 63.139.224.182 172.31.2.55 netmask 255.255.255.255 
static (inside,outside) 63.139.224.176 172.31.2.13 netmask 255.255.255.255 
static (inside,outside) 63.139.224.184 172.31.2.60 netmask 255.255.255.255 
static (inside,outside) 63.139.224.180 172.31.2.16 netmask 255.255.255.255 
static (inside,outside) 63.139.224.181 172.31.2.144 netmask 255.255.255.255 
static (inside,outside) 63.139.224.177 172.31.2.143 netmask 255.255.255.255 
static (inside,outside) 63.139.224.174 172.31.2.37 netmask 255.255.255.255 
access-group Outside in interface outside
route outside 0.0.0.0 0.0.0.0 63.139.224.162 1
route inside 192.168.200.0 255.255.255.0 172.31.1.1 1
route inside 172.16.4.0 255.255.255.0 172.31.1.1 1
route inside 10.1.1.0 255.255.255.0 172.31.1.1 1
route inside 10.1.2.0 255.255.255.0 172.31.1.1 1
route inside 172.16.20.0 255.255.255.0 172.31.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy tech internal
group-policy tech attributes
 wins-server value 172.31.2.1
 dns-server value 172.31.2.1
vpn-idle-timeout 30
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splitT
group-policy split-dns internal
group-policy split-dns attributes
 vpn-idle-timeout 30
group-policy steinway internal
group-policy steinway attributes
 wins-server value 172.31.2.1 172.31.2.27
 dns-server value 172.31.2.1 172.31.2.27
 vpn-idle-timeout 30
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splitT
 default-domain value steinway.com
group-policy show internal
group-policy show attributes
 vpn-idle-timeout 30
http server enable
http 172.31.0.0 255.255.0.0 inside
http 10.1.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set strong esp-des esp-md5-hmac 
crypto ipsec transform-set westbury-SET esp-des esp-sha-hmac 
crypto ipsec transform-set conn-SET esp-des esp-sha-hmac 
crypto ipsec transform-set paramus-SET esp-des esp-sha-hmac 
crypto ipsec transform-set miami-SET esp-des esp-sha-hmac 
crypto ipsec transform-set nyc-SET esp-des esp-sha-hmac 
crypto ipsec transform-set HAMBURG-SET esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 3600
crypto dynamic-map cuser 10 set transform-set strong
crypto dynamic-map cuser 10 set security-association lifetime seconds 28800
crypto map remote 20 match address IPSEC-nyc
crypto map remote 20 set peer 209.11.47.65 
crypto map remote 20 set transform-set nyc-SET
crypto map remote 20 set security-association lifetime seconds 28800
crypto map remote 21 match address IPSEC-westbury
crypto map remote 21 set peer 67.103.235.79 
crypto map remote 21 set transform-set westbury-SET
crypto map remote 21 set security-association lifetime seconds 28800
crypto map remote 31 match address IPSEC-conn
crypto map remote 31 set peer 69.182.149.54 
crypto map remote 31 set transform-set conn-SET
crypto map remote 31 set security-association lifetime seconds 28800
crypto map remote 40 match address IPSEC-paramus
crypto map remote 40 set peer 70.21.254.30 
crypto map remote 40 set transform-set paramus-SET
crypto map remote 40 set security-association lifetime seconds 28800
crypto map remote 70 match address IPSEC-miami
crypto map remote 70 set peer 68.16.251.36 
crypto map remote 70 set transform-set miami-SET
crypto map remote 70 set security-association lifetime seconds 28800
crypto map remote 80 match address IPSEC-HAMBURG
crypto map remote 80 set peer 195.143.196.90 
crypto map remote 80 set transform-set HAMBURG-SET
crypto map remote 80 set security-association lifetime seconds 28800
crypto map remote 65535 ipsec-isakmp dynamic cuser
crypto map remote interface outside
isakmp identity address 
isakmp enable outside
isakmp policy 21 authentication pre-share
isakmp policy 21 encryption des
isakmp policy 21 hash sha
isakmp policy 21 group 2
isakmp policy 21 lifetime 86400
isakmp policy 31 authentication pre-share
isakmp policy 31 encryption des
isakmp policy 31 hash sha
isakmp policy 31 group 1
isakmp policy 31 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
isakmp nat-traversal  20
tunnel-group 67.103.235.79 type ipsec-l2l
tunnel-group 67.103.235.79 ipsec-attributes
 pre-shared-key *
tunnel-group 69.182.149.54 type ipsec-l2l
tunnel-group 69.182.149.54 ipsec-attributes
 pre-shared-key *
tunnel-group 70.21.254.30 type ipsec-l2l
tunnel-group 70.21.254.30 ipsec-attributes
 pre-shared-key *
tunnel-group tech type ipsec-ra
tunnel-group tech general-attributes
 address-pool ciscovpn
 authentication-server-group (outside) none
 default-group-policy tech
tunnel-group tech ipsec-attributes
 pre-shared-key *
tunnel-group steinway type ipsec-ra
tunnel-group steinway general-attributes
 address-pool ciscovpn
 authentication-server-group (outside) none
 default-group-policy steinway
tunnel-group steinway ipsec-attributes
 pre-shared-key *
tunnel-group split-dns type ipsec-ra
tunnel-group split-dns general-attributes
 authentication-server-group (outside) none
 default-group-policy split-dns
tunnel-group show type ipsec-ra
tunnel-group show general-attributes
 authentication-server-group (outside) none
 default-group-policy show
tunnel-group 68.16.251.36 type ipsec-l2l
tunnel-group 68.16.251.36 ipsec-attributes
 pre-shared-key *
tunnel-group 209.11.47.65 type ipsec-l2l
tunnel-group 209.11.47.65 ipsec-attributes
 pre-shared-key *
tunnel-group 195.143.196.90 type ipsec-l2l
tunnel-group 195.143.196.90 ipsec-attributes
 pre-shared-key *
telnet 172.31.0.0 255.255.0.0 inside
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 60
ssh 171.68.225.212 255.255.255.255 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh 172.31.0.0 255.255.0.0 inside
ssh timeout 20
ssh version 1
console timeout 0
dhcpd ping_timeout 750
dhcpd option 150 ip 10.1.1.5
!
class-map class_mgcp1
 match port udp eq 2428
class-map class_mgcp2
 match port udp eq 2727
class-map class_mgcp
 match port udp eq 2427
class-map class_http
 match port tcp eq 69
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
 class class_http
  inspect http 
 class class_mgcp
  inspect mgcp asa_mgcp_map 
 class class_mgcp1
  inspect mgcp asa_mgcp_map 
 class class_mgcp2
  inspect mgcp asa_mgcp_map 
!
service-policy global_policy global
Cryptochecksum:f75fbf4f4dbe87d1daad0999d6f06a52
: end