: Saved

:

PIX Version 7.1(2)

!

hostname pixfirewall

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Ethernet0

nameif outside

security-level 0

ip address x.x.x.13  255.255.255.248

!

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.2.1 255.255.255.0

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list 101 extended permit ip host 192.168.2.14 host 172.16.32.1

access-list 101 extended permit ip host 192.168.2.14 host 172.16.32.2

access-list 101 extended permit ip host 192.168.2.14 host 172.16.32.3

access-list nonat extended permit ip host 192.168.2.14 host 172.16.32.1

access-list nonat extended permit ip host 192.168.2.14 host 172.16.32.2

access-list nonat extended permit ip host 192.168.2.14 host 172.16.32.3

pager lines 24

mtu outside 1500

mtu inside 1500

no failover

no asdm history enable

arp timeout 14400

nat (inside) 0 0.0.0.0 0.0.0.0

nat (inside) 0 access-list nonat

access-group 101 in interface outside

route outside 0.0.0.0 0.0.0.0 x.x.x.9

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set RMS esp-aes-192 esp-sha-hmac

crypto map My_Transform_Set 1 match address 101

crypto map My_Transform_Set 1 set peer y.y.y.y

crypto map My_Transform_Set 1 set transform-set RMS

crypto map My_Transform_Set interface outside

isakmp enable outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption aes-192

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 28800

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

tunnel-group y.y.y.y type ipsec-l2l

tunnel-group y.y.y.y ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

Cryptochecksum:6ac9bcc328574fcf4177fc23f53864e0

: end

Is there any problem in this configuration?

Thank You