All Cisco-Network Study Notes: Completed Configuration for Los Angeles

Completed Configuration for Los Angeles
1. : Saved
2. :
3. PIX Version 6.3(3)
4. nameif ethernet0 outside security0
5. nameif ethernet1 inside security100
6. nameif ethernet2 DMZ security70
7. enable password HtmvK15kjhtlyfvcl encrypted
8. passwd Kkjhlkf1568Hke encrypted
9. hostname LosAngeles
10. domain-name www.Chapter11.com
11. fixup protocol ftp 21
12. fixup protocol http 80
13. fixup protocol h323 1720
14. fixup protocol rsh 514
15. fixup protocol smtp 25
16. fixup protocol sqlnet 1521
17. fixup protocol sip 5060
18. fixup protocol skinny 2000
19. names
20. access-list inbound permit icmp any host 192.168.1.10
21. access-list inbound permit tcp any host 192.168.1.10 eq www
22. access-list inbound permit tcp any host 192.168.1.10 eq 443
23. access-list inbound permit tcp any host 192.168.1.11 eq www
24. access-list inbound permit tcp any host 192.168.1.11 eq 443
25. access-list inbound permit tcp any host 192.168.1.12 eq www
26. access-list inbound permit tcp any host 192.168.1.12 eq 443
27. access-list inbound permit tcp any host 192.168.1.13 eq ftp
28. access-list inbound permit tcp any host 192.168.1.10 eq 443
29. access-list DMZ permit udp 172.16.1.0 255.255.255.0 host 10.10.10.240 eq ntp
30. access-list VPN permit ip 10.10.10.0 255.255.255.0 10.10.2.0 255.255.255.0
31. access-list VPN permit ip 10.10.10.0 255.255.255.0 10.10.3.0 255.255.255.0
32. access-list Boston permit ip 10.10.10.0 255.255.255.0 10.10.2.0 255.255.255.0
33. access-list Atlanta permit ip 10.10.10.0 255.255.255.0 10.10.3.0 255.255.255.0
34. pager lines 24
35. logging on
36. logging timestamp
37. interface ethernet0 auto
38. interface ethernet1 auto
39. interface ethernet2 auto
40. mtu outside 1500
41. mtu inside 1500
42. ip address outside 192.168.1.1 255.255.255.0
43. ip address inside 10.10.10.1 255.255.255.0
44. ip address DMZ 172.16.1.1 255.255.255.0
45. failover
46. failover timeout 0:00:00
47. failover poll 15
48. failover ip address outside 192.168.1.2
49. failover ip address inside 10.10.10.2
50. failover ip address DMZ 172.16.1.2
51. arp timeout 14400
52. global (outside) 1 192.168.1.20-192.168.1.250
53. nat (inside) 1 0.0.0.0 0.0.0.0 0 0
54. nat (inside) 0 access-list VPN
55. static (inside DMZ) 10.10.10.240 10.10.10.240 netmask 255.255.255.255 0 0
56. static (DMZ outside) 192.168.1.10 172.16.1.10 netmask 255.255.255.255 0 0
57. static (DMZ outside) 192.168.1.11 172.16.1.11 netmask 255.255.255.255 0 0
58. static (DMZ outside) 192.168.1.12 172.16.1.12 netmask 255.255.255.255 0 0
59. static (DMZ outside) 192.168.1.13 172.16.1.13 netmask 255.255.255.255 0 0
60. access-group inbound in interface outside
61. access-group DMZ in interface DMZ
62. route outside 0.0.0.0 0.0.0.0 192.168.1.254 1
63. timeout xlate 3:00:00
64. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00

sip 0:30:00 sip_media 0:02:00
65. timeout uauth 0:05:00 absolute
66. aaa-server TACACS+ protocol tacacs+
67. aaa-server RADIUS protocol radius
68. no snmp-server location
69. no snmp-server contact
70. snmp-server community public
71. no snmp-server enable traps
72. floodguard enable
73. sysopt connection permit-ipsec
74. no sysopt route dnat
75. crypto ipsec transform-set Chapter11 esp-3des esp-md5-hmac
76. crypto ipsec transform-set NothingNew esp-3des esp-sha-hmac
77. crypto map Chapter11 10 ipsec-isakmp
78. crypto map Chapter11 10 match address Boston
79. crypto map Chapter11 10 set peer 192.168.2.1
80. crypto map Chapter11 10 set transform-set Chapter11
81. crypto map Chapter11 20 ipsec-isakmp
82. crypto map Chapter11 20 match address Atlanta
83. crypto map Chapter11 20 set peer 192.168.3.1
84. crypto map Chapter11 20 set transform-set Chapter11
85. crypto map Chapter11 interface outside
86. isakmp enable outside
87. isakmp key ******** address 192.168.2.1 netmask 255.255.255.255
88. isakmp key ******** address 192.168.3.1 netmask 255.255.255.255
89. isakmp identity address
90. isakmp policy 20 authentication pre-share
91. isakmp policy 20 encryption 3des
92. isakmp policy 20 hash md5
93. isakmp policy 20 group 2
94. isakmp policy 20 lifetime 86400
95. terminal width 80
96. Cryptochecksum:e0clmj3546549637cbsFds54132d5