All Cisco-Network Study Notes: PIX Configuration for Los Angeles

PIX Configuration for Los Angeles
1. : Saved
2. :
3. PIX Version 6.3(3)
4. nameif ethernet0 outside security0
5. nameif ethernet1 inside security100
6. nameif ethernet2 DMZ security70
7. enable password HtmvK15kjhtlyfvcl encrypted
8. passwd Kkjhlkf1568Hke encrypted
9. hostname LosAngeles
10. domain-name www.Chapter11.com
11. fixup protocol ftp 21
12. fixup protocol http 80
13. fixup protocol h323 1720
14. fixup protocol rsh 514
15. fixup protocol smtp 25
16. fixup protocol sqlnet 1521
17. fixup protocol sip 5060
18. fixup protocol skinny 2000
19. names
20. access-list inbound permit icmp any host 192.168.1.10
21. access-list inbound permit tcp any host 192.168.1.10 eq www
22. access-list inbound permit tcp any host 192.168.1.10 eq 443
23. access-list inbound permit tcp any host 192.168.1.11 eq www
24. access-list inbound permit tcp any host 192.168.1.11 eq 443
25. access-list inbound permit tcp any host 192.168.1.12 eq www
26. access-list inbound permit tcp any host 192.168.1.12 eq 443
27. access-list inbound permit tcp any host 192.168.1.13 eq ftp
28. access-list inbound permit tcp any host 192.168.1.13 eq 443
29. access-list DMZ permit udp 172.16.1.0 255.255.255.0 host 10.10.10.240 eq ntp
30. access-list VPN permit ip 10.10.10.0 255.255.255.0 10.10.2.0 255.255.255.0
31. _____________________________________________________________________________
32. _____________________________________________________________________________
33. _____________________________________________________________________________
34. pager lines 24
35. logging on
36. logging timestamp
37. interface ethernet0 auto
38. interface ethernet1 auto
39. interface ethernet2 auto
40. mtu outside 1500
41. mtu inside 1500

42. ip address outside 192.168.1.1 255.255.255.0
43. ip address inside 10.10.10.1 255.255.255.0
44. ip address DMZ 172.16.1.1 255.255.255.0
45. failover
46. failover timeout 0:00:00
47. failover poll 15
48. failover ip address outside 192.168.1.2
49. failover ip address inside 10.10.10.2
50. failover ip address DMZ 172.16.1.2
51. arp timeout 14400
52. global (outside) 1 192.168.1.20-250
53. nat (inside) 1 0.0.0.0 0.0.0.0
54. nat (inside) 0 access-list VPN
55. static (inside DMZ) 10.10.10.240 10.10.10.240 netmask 255.255.255.255 0 0
56. static (DMZ outside) 192.168.1.10 172.16.1.10 netmask 255.255.255.255 0 0
57. static (DMZ outside) 192.168.1.11 172.16.1.11 netmask 255.255.255.255 0 0
58. static (DMZ outside) 192.168.1.12 172.16.1.12 netmask 255.255.255.255 0 0
59. static (DMZ outside) 192.168.1.13 172.16.1.13 netmask 255.255.255.255 0 0
60. access-group inbound in interface outside
61. access-group DMZ in interface DMZ
62. route outside 0.0.0.0 0.0.0.0 192.168.1.254 1
63. timeout xlate 3:00:00
64. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00
sip 0:30:00 sip_media 0:02:00
65. timeout uauth 0:05:00 absolute
66. aaa-server TACACS+ protocol tacacs+
67. aaa-server RADIUS protocol radius
68. no snmp-server location
69. no snmp-server contact
70. snmp-server community public
71. no snmp-server enable traps
72. floodguard enable
73. sysopt connection permit-ipsec
74. no sysopt route dnat
75. crypto ipsec transform-set
76. crypto ipsec transform-set NothingNew esp-3des esp-sha-hmac
77. ____________________________________________________________________
78. ____________________________________________________________________
79. ____________________________________________________________________
80. crypto map Chapter11 10 set transform-set Chapter11
81. crypto map Chapter11 20 ipsec-isakmp
82. _____________________________________________________________________
83. _____________________________________________________________________
84. _____________________________________________________________________
85. crypto map Chapter11 interface outside
86. _____________________________________________________________________
87. _____________________________________________________________________

88. _____________________________________________________________________
89. _____________________________________________________________________
90. _____________________________________________________________________
91. _____________________________________________________________________
92. _____________________________________________________________________
93. _____________________________________________________________________
94. _____________________________________________________________________
95. terminal width 80
96. Cryptochecksum:e0clmj3546549637cbsFds54132d5