PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
hostname LINTHpix515
domain-name pix
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 64.69.117.7 SMTPPUB
name 10.0.10.8 SMTPPRI
name 64.69.117.20 EXCPUB
name 10.0.10.23 EXCPRI
name 64.69.117.5 ACCPUB
name 10.0.10.2 ACCPRI
name 64.69.117.8 NTDEV1PUB
name 10.0.10.61 NTDEV1PRI
name 64.69.117.9 NTDEV7PUB
name 10.0.10.67 NTDEV7PRI
name 64.69.117.10 NTDEV2PUB
name 10.0.10.62 NTDEV2PRI
name 64.69.117.12 NTDEV3PUB
name 10.0.10.63 NTDEV3PRI
name 64.69.117.14 FS1PUB
name 10.0.10.68 FS1PRI
name 64.69.117.17 DEVMS1PUB
name 10.0.10.174 DEVMS1PRI
name 64.69.117.24 USBAPLPUB
name 10.0.10.95 USBAPLPRI
name 64.69.117.22 MINDSCOPEPUB
name 10.0.10.29 MINDSCOPEPRI
name 64.69.117.16 DC2PUB
name 10.0.10.9 DC2PRI
name 64.69.117.15 VM1PUB
name 10.0.10.154 VM1PRI
name 64.69.117.13 VMWEBPUB
name 10.0.10.17 VMWEBPRI
name 64.69.117.41 jprobertspub
name 10.0.10.22 jproberts1pri
name 64.69.117.45 larrypub
name 10.0.10.42 larrypri
name 64.69.117.44 brompub
name 10.0.10.20 brompri
name 64.69.117.47 aguidipub
name 64.69.117.11 PRD1PUB
name 10.0.10.50 PRD1PRI
name 64.69.117.25 VMQA1PUB
name 10.0.10.195 VMQA1PRI
name 64.69.117.48 jnichpub
name 10.0.10.121 jnichpri
name 64.69.117.46 offshorepub
name 10.0.10.80 offshorepri
name 10.0.10.253 aguidipri
name 64.69.117.26 SHAREPTPUB
name 10.0.10.49 SHAREPTPRI
name 64.69.117.27 SMRTTPUB
name 10.0.10.40 SMRTTPRI
name 64.69.117.29 VMDOT20PUB
name 10.0.10.58 VMDOT20PRI
name 64.69.117.28 VMHRHPUB
name 10.0.10.84 VMHRHPRI
name 64.69.117.30 IMAPPUB
name 10.0.10.190 IMAPPRI
name 64.69.117.18 SP2DMZPUB
name 10.0.20.10 SP2DMZPRI
object-group icmp-type PING 
  icmp-object echo 
  icmp-object echo-reply 
  icmp-object unreachable 
  icmp-object time-exceeded 
object-group service RDP-Protocol tcp 
  port-object eq 3389 
object-group network RDP-Servers 
  network-object host ACCPUB 
  network-object host EXCPUB 
  network-object host USBAPLPUB 
  network-object host DC2PUB 
  network-object host brompub 
  network-object host offshorepub 
  network-object host SP2DMZPUB 
object-group service WWW-HTTPS tcp 
  port-object eq www 
  port-object eq https 
  port-object eq 8080 
  port-object eq 10880 
object-group network WEB-Servers 
  network-object host MINDSCOPEPUB 
  network-object host EXCPUB 
  network-object host NTDEV1PUB 
  network-object host NTDEV7PUB 
  network-object host NTDEV2PUB 
  network-object host NTDEV3PUB 
  network-object host PRD1PUB 
  network-object host FS1PUB 
  network-object host DEVMS1PUB 
  network-object host USBAPLPUB 
  network-object host VM1PUB 
  network-object host VMWEBPUB 
  network-object host VMQA1PUB 
  network-object host larrypub 
  network-object host SHAREPTPUB 
  network-object host SMRTTPUB 
  network-object host VMDOT20PUB 
  network-object host VMHRHPUB 
  network-object host IMAPPUB 
  network-object host SP2DMZPUB 
object-group network VPNUSBIOS 
  network-object host 10.28.161.153 
  network-object host 10.28.161.154 
  network-object host 10.28.161.155 
  network-object host 10.28.161.156 
  network-object host 10.28.161.157 
  network-object host 10.28.161.158 
  network-object host 10.28.161.159 
  network-object host 10.28.161.160 
  network-object host 10.28.161.161 
  network-object host 10.28.161.162 
  network-object host 10.28.161.163 
  network-object host 10.28.161.164 
  network-object host 10.28.161.165 
  network-object host 10.28.161.166 
  network-object host 10.28.161.167 
  network-object host 10.28.161.168 
  network-object host 10.28.161.169 
  network-object host 10.28.161.170 
  network-object host 10.28.161.171 
  network-object host 10.28.161.172 
  network-object host 10.28.161.254 
  network-object host 10.28.161.11 
  network-object host 10.28.161.90 
  network-object host 10.28.161.182 
  network-object host 10.28.161.98 
  network-object host 10.28.164.153 
  network-object host 10.28.164.253 
  network-object host 10.28.175.3 
  network-object host 10.28.175.10 
  network-object host 10.28.175.125 
  network-object host 10.28.166.4 
  network-object 10.219.96.0 255.255.240.0 
  network-object host 10.28.161.80 
  network-object host 10.28.161.115 
  network-object host 10.28.161.213 
  network-object host 10.28.147.12 
  network-object host 10.28.147.13 
  network-object host 10.28.247.11 
  network-object host 10.28.247.12 
  network-object host 10.28.247.13 
  network-object 10.28.148.0 255.255.255.0 
  network-object 10.28.248.0 255.255.255.0 
  network-object host 10.28.161.12 
  network-object host 10.28.175.15 
  network-object host 10.28.175.13 
  network-object host 10.210.148.136 
  network-object host 10.210.148.139 
object-group network VPN 
  network-object 172.22.0.0 255.255.255.0 
  network-object 172.20.0.0 255.255.255.0 
  network-object 172.24.0.0 255.255.255.0 
  network-object 192.168.6.0 255.255.255.0 
  network-object 10.10.10.0 255.255.255.0 
object-group network chevychase 
  network-object host 10.108.16.2 
  network-object host 10.108.16.3 
  network-object host 10.108.16.4 
  network-object host 10.108.16.5 
object-group network RDP-Servers_real 
  network-object ACCPRI 255.255.255.255 
  network-object EXCPRI 255.255.255.255 
  network-object USBAPLPRI 255.255.255.255 
  network-object DC2PRI 255.255.255.255 
  network-object brompri 255.255.255.255 
  network-object offshorepri 255.255.255.255 
object-group network WEB-Servers_real 
  network-object MINDSCOPEPRI 255.255.255.255 
  network-object EXCPRI 255.255.255.255 
  network-object NTDEV1PRI 255.255.255.255 
  network-object NTDEV7PRI 255.255.255.255 
  network-object NTDEV2PRI 255.255.255.255 
  network-object NTDEV3PRI 255.255.255.255 
  network-object PRD1PRI 255.255.255.255 
  network-object FS1PRI 255.255.255.255 
  network-object DEVMS1PRI 255.255.255.255 
  network-object USBAPLPRI 255.255.255.255 
  network-object VM1PRI 255.255.255.255 
  network-object VMWEBPRI 255.255.255.255 
  network-object VMQA1PRI 255.255.255.255 
  network-object larrypri 255.255.255.255 
  network-object SHAREPTPRI 255.255.255.255 
  network-object SMRTTPRI 255.255.255.255 
object-group network WEB-Server 
  network-object host VMHRHPUB 
access-list acl_inside deny udp any any eq 8998 
access-list acl_inside permit icmp any any echo 
access-list acl_inside permit tcp host EXCPRI any eq smtp 
access-list acl_inside deny udp any any eq 1434 
access-list acl_inside permit udp any any eq isakmp 
access-list acl_inside permit ip any any 
access-list 101 permit ip 10.0.10.0 255.255.255.0 object-group VPNUSBIOS 
access-list acl_outside deny udp any any eq 1434 
access-list acl_outside permit tcp any any eq 51 
access-list acl_outside permit udp any any eq isakmp 
access-list acl_outside permit tcp any any eq 50 
access-list acl_outside permit tcp any host SMTPPUB eq smtp 
access-list acl_outside permit tcp any host EXCPUB eq 2703 
access-list acl_outside permit tcp any host EXCPUB eq 995 
access-list acl_outside permit tcp any host EXCPUB eq pop3 
access-list acl_outside permit tcp any host FS1PUB eq ftp 
access-list acl_outside permit tcp any host DEVMS1PUB eq 9080 
access-list acl_outside permit tcp any object-group RDP-Servers object-group RDP-Protocol 
access-list acl_outside permit tcp any object-group WEB-Servers object-group WWW-HTTPS 
access-list acl_outside permit icmp any any object-group PING 
access-list acl_outside permit tcp any host SMTPPUB eq pptp 
access-list acl_outside permit tcp any host brompub eq 7176 
access-list acl_outside permit gre any any 
access-list acl_outside permit tcp any host SHAREPTPUB eq 10880 
access-list 120 permit ip 10.0.10.0 255.255.255.0 172.22.0.0 255.255.255.0 
access-list 140 permit ip 10.0.10.0 255.255.255.0 172.20.0.0 255.255.255.0 
access-list NONAT permit ip 10.0.10.0 255.255.255.0 object-group VPNUSBIOS 
access-list NONAT permit ip 10.0.8.0 255.255.252.0 object-group VPN 
access-list NONAT permit ip 10.0.10.0 255.255.255.0 object-group chevychase 
access-list 150 permit ip 10.0.10.0 255.255.255.0 10.108.16.0 255.255.255.0 
access-list 160 permit ip 10.0.10.0 255.255.255.0 172.24.0.0 255.255.255.0 
access-list acl_dmz permit icmp any any object-group PING 
access-list acl_dmz permit tcp any object-group WEB-Servers object-group WWW-HTTPS 
access-list acl_dmz permit tcp any object-group RDP-Servers object-group RDP-Protocol 
access-list acl_dmz permit tcp any host SP2DMZPUB eq ldap 
access-list 170 permit ip 10.0.10.0 255.255.255.0 192.168.6.0 255.255.255.0 
access-list 180 permit ip 10.0.10.0 255.255.255.0 10.10.10.0 255.255.255.0 
pager lines 24
logging on
logging timestamp
logging trap warnings
logging history debugging
logging host inside 10.0.10.77
icmp permit any unreachable outside
icmp permit any echo-reply outside
icmp permit any time-exceeded outside
icmp permit any echo outside
icmp permit any echo-reply inside
icmp permit any echo inside
icmp permit any unreachable inside
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 64.69.117.4 255.255.255.192
ip address inside 10.0.10.1 255.255.252.0
ip address dmz 10.0.20.4 255.255.255.0
ip audit name ATTACKPOL attack action alarm drop
ip audit info action alarm
ip audit attack action alarm
no pdm history enable
arp timeout 14400
global (outside) 1 64.69.117.50-64.69.117.61 netmask 255.255.255.192
global (outside) 1 64.69.117.62
global (dmz) 1 10.0.20.200-10.0.20.254
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 10.0.20.0 255.255.255.0 0 0
static (inside,outside) SMTPPUB SMTPPRI netmask 255.255.255.255 0 0 
static (inside,outside) EXCPUB EXCPRI netmask 255.255.255.255 0 0 
static (inside,outside) ACCPUB ACCPRI netmask 255.255.255.255 0 0 
static (inside,outside) NTDEV1PUB NTDEV1PRI netmask 255.255.255.255 0 0 
static (inside,outside) NTDEV7PUB NTDEV7PRI netmask 255.255.255.255 0 0 
static (inside,outside) NTDEV2PUB NTDEV2PRI netmask 255.255.255.255 0 0 
static (inside,outside) NTDEV3PUB NTDEV3PRI netmask 255.255.255.255 0 0 
static (inside,outside) FS1PUB FS1PRI netmask 255.255.255.255 0 0 
static (inside,outside) DEVMS1PUB DEVMS1PRI netmask 255.255.255.255 0 0 
static (inside,outside) USBAPLPUB USBAPLPRI netmask 255.255.255.255 0 0 
static (inside,outside) MINDSCOPEPUB MINDSCOPEPRI netmask 255.255.255.255 0 0 
static (inside,outside) DC2PUB DC2PRI netmask 255.255.255.255 0 0 
static (inside,outside) VM1PUB VM1PRI netmask 255.255.255.255 0 0 
static (inside,outside) VMWEBPUB VMWEBPRI netmask 255.255.255.255 0 0 
static (inside,outside) jprobertspub jproberts1pri netmask 255.255.255.255 0 0 
static (inside,outside) larrypub larrypri netmask 255.255.255.255 0 0 
static (inside,outside) brompub brompri netmask 255.255.255.255 0 0 
static (inside,outside) PRD1PUB PRD1PRI netmask 255.255.255.255 0 0 
static (inside,outside) VMQA1PUB VMQA1PRI netmask 255.255.255.255 0 0 
static (inside,outside) jnichpub jnichpri netmask 255.255.255.255 0 0 
static (inside,outside) offshorepub offshorepri netmask 255.255.255.255 0 0 
static (inside,outside) aguidipub aguidipri netmask 255.255.255.255 0 0 
static (inside,outside) SHAREPTPUB SHAREPTPRI netmask 255.255.255.255 0 0 
static (inside,outside) SMRTTPUB SMRTTPRI netmask 255.255.255.255 0 0 
static (inside,dmz) 10.0.10.0 10.0.10.0 netmask 255.255.255.0 0 0 
static (inside,outside) VMDOT20PUB VMDOT20PRI netmask 255.255.255.255 0 0 
static (inside,outside) VMHRHPUB VMHRHPRI netmask 255.255.255.255 0 0 
static (inside,outside) IMAPPUB IMAPPRI netmask 255.255.255.255 0 0 
static (dmz,outside) SP2DMZPUB SP2DMZPRI netmask 255.255.255.255 0 0 
access-group acl_outside in interface outside
access-group acl_inside in interface inside
access-group acl_dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 10.0.10.24 1
timeout xlate 1:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server TACACS+ max-failed-attempts 3 
aaa-server TACACS+ deadtime 10 
aaa-server RADIUS protocol radius 
aaa-server RADIUS max-failed-attempts 3 
aaa-server RADIUS deadtime 10 
aaa-server LOCAL protocol local 
aaa authentication enable console LOCAL
aaa authorization command LOCAL 
http server enable
http 10.0.10.0 255.255.255.0 inside
snmp-server host inside 10.0.10.77
no snmp-server location
no snmp-server contact

snmp-server enable traps
tftp-server inside brompri linthicumpix515-backup
floodguard enable
sysopt connection permit-ipsec
sysopt noproxyarp dmz