PIX Configuration for Boston
1. : Saved
2. :
3. PIX Version 6.3(3)
4. nameif ethernet0 outside security0
5. nameif ethernet1 inside security100
6. nameif ethernet2 DMZ security70
7. enable password ksjfglkasglc encrypted
8. passwd kjngczftglkacytiur encrypted
9. hostname Boston
10. domain-name www.Chapter11.com
11. fixup protocol ftp 21
12. fixup protocol http 80
13. fixup protocol smtp 25
14. fixup protocol skinny 2000
15. names
16. access-list inbound permit icmp any host 192.168.2.10
17. access-list inbound permit tcp any host 192.168.2.10 eq www
18. access-list inbound permit tcp any host 192.168.2.10 eq 443
19. access-list DMZ permit udp 172.16.2.0 255.255.255.0 host 10.10.2.240 eq ntp
20. access-list___________________________________________________________________
21. access-list___________________________________________________________________
22. access-list___________________________________________________________________
23. access-list___________________________________________________________________
24. pager lines 24
25. logging on
26. logging timestamp
27. interface ethernet0 auto
28. interface ethernet1 auto
29. interface ethernet2 auto
30. mtu outside 1500
31. mtu inside 1500
32. ip address outside 192.168.2.1 255.255.255.0
33. ip address inside 10.10.2.1 255.255.255.0
34. ip address DMZ 172.16.2.1 255.255.255.0
35. arp timeout 14400
36. global (outside) 1 192.168.2.20-200
37. nat (inside) 1 0.0.0.0 0.0.0.0 0 0
38. nat (inside) 0 access-list VPN
39. static (inside DMZ) 10.10.2.240 10.10.2.240 netmask 255.255.255.255 0 0
40. static (DMZ outside) 192.168.2.10 172.16.2.10 netmask 255.255.255.255 0 0
41. access-group inbound in interface outside
42. access-group DMZ in interface DMZ
43. route outside 0.0.0.0 0.0.0.0 192.168.2.254 1
44. timeout xlate 3:00:00
45. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
46. timeout uauth 0:05:00 absolute
47. aaa-server TACACS+ protocol tacacs+
48. aaa-server RADIUS protocol radius
49. no snmp-server location
50. no snmp-server contact
51. snmp-server community public
52. no snmp-server enable traps
53. floodguard enable
54. ___________________________________________________________
55. ___________________________________________________________
56. ___________________________________________________________
57. crypto map Chapter11 10 ipsec-isakmp
58. crypto map Chapter11 10 match address LosAngeles
59. _____________________________________________
60. crypto map Chapter11 10 set transform-set Chapter11
61. crypto map Chapter11 20 ipsec-isakmp
62. crypto map Chapter11 20 match address Atlanta
63. crypto map Chapter11 20 set peer 192.168.3.1
64. _____________________________________________
65. _____________________________________________
66. isakmp enable outside
67. isakmp key ******** address 192.168.1.1 netmask 255.255.255.255
68. isakmp key ******** address 192.168.3.1 netmask 255.255.255.255
69. isakmp identity address
70. isakmp policy 20 authentication pre-share
71. _____________________________________________
72. _____________________________________________
73. _____________________________________________
74. _____________________________________________
75. terminal width 80
76. Cryptochecksum:e0c04954fcabd239ae291d58fc618dd5