All Cisco-Network Study Notes: Completed Configuration for Boston

Completed Configuration for Boston
1. : Saved
2. :
3. PIX Version 6.3(3)
4. nameif ethernet0 outside security0
5. nameif ethernet1 inside security100
6. nameif ethernet2 DMZ security70
7. enable password ksjfglkasglc encrypted
8. passwd kjngczftglkacytiur encrypted
9. hostname Boston
10. domain-name www.Chapter11.com
11. fixup protocol ftp 21
12. fixup protocol http 80
13. fixup protocol smtp 25
14. fixup protocol skinny 2000
15. names
16. access-list inbound permit icmp any host 192.168.2.10
17. access-list inbound permit tcp any host 192.168.2.10 eq www
18. access-list inbound permit tcp any host 192.168.2.10 eq 443
19. access-list DMZ permit udp 172.16.2.0 255.255.255.0 host 10.10.2.240 eq ntp
20. access-list VPN permit ip 10.10.2.0 255.255.255.0 10.10.10.0 255.255.255.0
21. access-list VPN permit ip 10.10.2.0 255.255.255.0 10.10.3.0 255.255.255.0
22. access-list LosAngeles permit ip 10.10.2.0 255.255.255.0 10.10.10.0
255.255.255.0
23. access-list Atlanta permit ip 10.10.2.0 255.255.255.0 10.10.3.0 255.255.255.0
24. pager lines 24
25. logging on
26. logging timestamp
27. interface ethernet0 auto
28. interface ethernet1 auto
29. interface ethernet2 auto
30. mtu outside 1500
31. mtu inside 1500
32 ip address outside 192.168.2.1 255.255.255.0
33. ip address inside 10.10.2.1 255.255.255.0
34. ip address DMZ 172.16.2.1 255.255.255.0
35. arp timeout 14400
36. global (outside) 1 192.168.2.20-192.168.2.200
37. nat (inside) 1 0.0.0.0 0.0.0.0 0 0
38. nat (inside) 0 access-list VPN
39. static (inside DMZ) 10.10.2.240 10.10.2.240 netmask 255.255.255.255 0 0
40. static (DMZ outside) 192.168.2.10 172.16.2.10 netmask 255.255.255.255 0 0
41. access-group inbound in interface outside
42. access-group DMZ in interface DMZ
43. route outside 0.0.0.0 0.0.0.0 192.168.2.254 1
44. timeout xlate 3:00:00
45. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
46. timeout uauth 0:05:00 absolute
47. aaa-server TACACS+ protocol tacacs+
48. aaa-server RADIUS protocol radius
49. no snmp-server location
50. no snmp-server contact
51. snmp-server community public
52. no snmp-server enable traps
53. floodguard enable
54. sysopt connection permit-ipsec
55. crypto ipsec transform-set Chapter11 esp-3des esp-md5-hmac

56. crypto ipsec transform-set NothingNew esp-3des esp-sha-hmac
57. crypto map Chapter11 10 ipsec-isakmp
58. crypto map Chapter11 10 match address LosAngeles
59. crypto map Chapter11 10 set peer 192.168.1.1
60. crypto map Chapter11 10 set transform-set Chapter11
61. crypto map Chapter11 20 ipsec-isakmp
62. crypto map Chapter11 20 match address Atlanta
63. crypto map Chapter11 20 set peer 192.168.3.1
64. crypto map Chapter11 20 set transform-set Chapter11
65. crypto map Chapter11 interface outside
66. isakmp enable outside
67. isakmp key ******** address 192.168.1.1 netmask 255.255.255.255
68. isakmp key ******** address 192.168.3.1 netmask 255.255.255.255
69. isakmp identity address
70. isakmp policy 20 authentication pre-share
71. isakmp policy 20 encryption 3des
72. isakmp policy 20 hash md5
73. isakmp policy 20 group 2
74. isakmp policy 20 lifetime 86400
75. terminal width 80
76. Cryptochecksum:e0c04954fcabd239ae291d58fc618dd5