Re: PIX 515e Config

From: john matijevic (john.matijevic@gmail.com)
Date: Sun Oct 02 2005 - 11:06:45 GMT-3

• Next message: Mike Hwang: "test"
• Previous message: john matijevic: "Re: PIX 515e Config"
• Maybe in reply to: Thanh Nguyen: "PIX 515e Config"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Thanh,
I also needed to add that this will allow for inside initiated connections
only, to allow outside initiated commands than you would need static and acl
commands.
Sincerely,
John

 On 10/2/05, john matijevic <john.matijevic@gmail.com> wrote:
>
> Hello Thanh,
> nat (inside) 0 172.17.2.0 <http://172.17.2.0/>
255.255.255.0<http://255.255.255.0/>
> The following command will disable NAT for all inside hosts and allow the
> inside hosts to access lower security level interfaces.
> Please let us know if the configuration works and please contact offline
> to discuss further.
> Sincerely,
> John
>
>
> On 10/1/05, johnsheahan@charter.net <johnsheahan@charter.net> wrote:
> >
> > you need to add:
> >
> > static (inside,dmz) 172.17.2.0 <http://172.17.2.0/>
172.17.2.0<http://172.17.2.0/>netmask
> > 255.255.255.255 <http://255.255.255.255/> 0 0
> >
> > This will allow the server on the dmz to come inside as long as you have
> > a
> > rule on the dmz access-list to allow it as well.
> >
> > ----- Original Message -----
> > From: "Thanh Nguyen" <insist@insist.com.au>
> > To: <ccielab@groupstudy.com>
> > Sent: Saturday, October 01, 2005 8:41 PM
> > Subject: PIX 515e Config
> >
> >
> > > Hi
> > >
> > > Can some one please help me to config the pix 515e to allow traffic
> > from
> > > webserver in dmz to allow access inside network.
> > >
> > > the webserver ip address is 172.18.2.4 <http://172.18.2.4/>, inside
> > network is 172.17.2.0 <http://172.17.2.0/>
> > >
> > > PIX Version 7.0(1)
> > > names
> > > name 172.17.2.31 <http://172.17.2.31/> Citrix04
> > > name 172.17.2.30 <http://172.17.2.30/> Citrix03
> > > name 172.17.2.28 <http://172.17.2.28/> Citrix01
> > > name 172.17.2.32 <http://172.17.2.32/> Citrix05
> > > name 172.17.2.29 <http://172.17.2.29/> Citrix02
> > > name 172.18.2.2 <http://172.18.2.2/> Citrix-NFuse
> > > name 172.17.2.100 <http://172.17.2.100/> Citrix1
> > > name 172.17.2.101 <http://172.17.2.101/> Citrix2
> > > name 172.17.2.102 <http://172.17.2.102/> Citrix3
> > > name 172.17.2.103 <http://172.17.2.103/> Citrix4
> > > name 172.17.2.104 <http://172.17.2.104/> Citrix5
> > > name 172.17.2.105 <http://172.17.2.105/> Citrix6
> > > name 172.17.2.106 <http://172.17.2.106/> Citrix7
> > > name 172.17.2.107 <http://172.17.2.107/> Citrix8
> > > name 172.17.2.108 <http://172.17.2.108/> Citrix9
> > > name 172.17.2.109 <http://172.17.2.109/> Citrix10
> > > name 172.18.2.3 <http://172.18.2.3/> WEB-INT
> > > name 172.18.2.4 <http://172.18.2.4/> cag
> > > name 172.17.2.20 <http://172.17.2.20/> LDAPServer
> > > !
> > > interface Ethernet0
> > > nameif outside
> > > security-level 0
> > > ip address *.*213.98 255.255.255.224 <http://255.255.255.224/>
> > > !
> > > interface Ethernet1
> > > nameif inside
> > > security-level 100
> > > ip address 172.17.2.2 <http://172.17.2.2/>
255.255.255.0<http://255.255.255.0/>
> > > !
> > > interface Ethernet2
> > > nameif dmz
> > > security-level 15
> > > ip address 172.18.2.1 <http://172.18.2.1/>
255.255.255.0<http://255.255.255.0/>
> > > !
> > > interface Ethernet3
> > > nameif intf3
> > > security-level 10
> > > no ip address
> > > !
> > > interface Ethernet4
> > > shutdown
> > > no nameif
> > > no security-level
> > > no ip address
> > > !
> > > interface Ethernet5
> > > shutdown
> > > no nameif
> > > no security-level
> > > no ip address
> > > !
> > > enable password ** encrypted
> > > passwd ** encrypted
> > > hostname ****-pix
> > > domain-name ****.org
> > > boot system flash:/image.bin
> > > ftp mode passive
> > > access-list dmz_acl extended permit icmp any any
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.10 <http://172.18.2.10/> eq www
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.10 <http://172.18.2.10/> eq 8081
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.10 <http://172.18.2.10/> eq citrix-ica
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.11 <http://172.18.2.11/> eq www
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.11 <http://172.18.2.11/> eq 8081
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.11 <http://172.18.2.11/> eq citrix-ica
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.12 <http://172.18.2.12/> eq www
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.12 <http://172.18.2.12/> eq 8081
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.12 <http://172.18.2.12/> eq citrix-ica
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.13 <http://172.18.2.13/> eq www
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.13 <http://172.18.2.13/> eq 8081
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.13 <http://172.18.2.13/> eq citrix-ica
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.14 <http://172.18.2.14/> eq www
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.14 <http://172.18.2.14/> eq 8081
> > > access-list dmz_acl extended permit tcp host Citrix-NFuse host
> > > 172.18.2.14 <http://172.18.2.14/> eq citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.50<http://172.18.2.50/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.50<http://172.18.2.50/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.51<http://172.18.2.51/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.51<http://172.18.2.51/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.52<http://172.18.2.52/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.52<http://172.18.2.52/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.53<http://172.18.2.53/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.53<http://172.18.2.53/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.54<http://172.18.2.54/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.54<http://172.18.2.54/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.55<http://172.18.2.55/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.55<http://172.18.2.55/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.56<http://172.18.2.56/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.56<http://172.18.2.56/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.57<http://172.18.2.57/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.57<http://172.18.2.57/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.58<http://172.18.2.58/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.58<http://172.18.2.58/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.59<http://172.18.2.59/>eq
> > > www
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.59<http://172.18.2.59/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.50<http://172.18.2.50/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.51<http://172.18.2.51/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.52<http://172.18.2.52/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.53<http://172.18.2.53/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.54<http://172.18.2.54/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.55<http://172.18.2.55/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.56<http://172.18.2.56/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.57<http://172.18.2.57/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.58<http://172.18.2.58/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.59<http://172.18.2.59/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.50<http://172.18.2.50/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.51<http://172.18.2.51/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.52<http://172.18.2.52/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.53<http://172.18.2.53/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.54<http://172.18.2.54/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.55<http://172.18.2.55/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.56<http://172.18.2.56/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.57<http://172.18.2.57/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.58<http://172.18.2.58/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host WEB-INT host
172.18.2.59<http://172.18.2.59/>eq
> > > 3389
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.50<http://172.18.2.50/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.50<http://172.18.2.50/>eq
> > > ldap
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.50<http://172.18.2.50/>eq
> > > 3269
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.50<http://172.18.2.50/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.50<http://172.18.2.50/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.20<http://172.18.2.20/>eq
> > > ldap
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.20<http://172.18.2.20/>eq
> > > 3269
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.21<http://172.18.2.21/>eq
> > > 3269
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.51<http://172.18.2.51/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.52<http://172.18.2.52/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.53<http://172.18.2.53/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.54<http://172.18.2.54/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.55<http://172.18.2.55/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.56<http://172.18.2.56/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.57<http://172.18.2.57/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.58<http://172.18.2.58/>eq
> > > 8080
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.51<http://172.18.2.51/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.52<http://172.18.2.52/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.53<http://172.18.2.53/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.54<http://172.18.2.54/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.55<http://172.18.2.55/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.56<http://172.18.2.56/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.57<http://172.18.2.57/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.58<http://172.18.2.58/>eq
> > > citrix-ica
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.51<http://172.18.2.51/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.52<http://172.18.2.52/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.53<http://172.18.2.53/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.54<http://172.18.2.54/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.55<http://172.18.2.55/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.56<http://172.18.2.56/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.57<http://172.18.2.57/>eq
> > > 2598
> > > access-list dmz_acl extended permit tcp host cag host
172.18.2.58<http://172.18.2.58/>eq
> > > 2598
> > > access-list inbound extended permit icmp any any unreachable
> > > access-list inbound extended permit icmp any any time-exceeded
> > > access-list inbound extended permit icmp any any echo-reply
> > > access-list inbound extended permit icmp any any source-quench
> > > access-list outside_acl extended permit tcp any host *.* 213.100 eq
> > https
> > > access-list outside_acl extended permit tcp any host *.*213.99 eq smtp
> > > access-list outside_acl extended permit tcp any host *.*213.99 eq pop3
> > > access-list outside_acl extended permit tcp any host *.* 213.120 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.121 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.122 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.123 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.124 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.* 213.99 eq www
> > > access-list outside_acl extended permit tcp any host *.*213.125 eq
> > https
> > > access-list outside_acl extended permit tcp any host *.*213.101 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.* 213.102 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.103 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.104 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.105 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.106 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.* 213.111 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.112 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.113 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.116 eq
> > > citrix-ica
> > > access-list outside_acl extended permit tcp any host *.*213.125 eq
> > 3389
> > > access-list outside_acl extended permit tcp any host *.* 213.113 eq
> > https
> > > pager lines 24
> > > mtu outside 1500
> > > mtu inside 1500
> > > mtu dmz 1500
> > > mtu intf3 1500
> > > no failover
> > > monitor-interface outside
> > > monitor-interface inside
> > > monitor-interface dmz
> > > monitor-interface intf3
> > > asdm image flash:/pdm
> > > no asdm history enable
> > > arp timeout 14400
> > > global (outside) 1 *.*213.108-*.*213.110 netmask
255.255.255.255<http://255.255.255.255/>
> > > global (outside) 1 *.*213.107 netmask
255.255.255.255<http://255.255.255.255/>
> > > global (dmz) 1 172.18.2.254 <http://172.18.2.254/> netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > nat (inside) 1 0.0.0.0 <http://0.0.0.0/> 0.0.0.0 <http://0.0.0.0/>
> > > nat (dmz) 1 172.18.2.0 <http://172.18.2.0/> 255.255.255.0
> > <http://255.255.255.0/>
> > > static (inside,outside) *.*213.99 172.17.2.19
<http://172.17.2.19/>netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,outside) *.*213.120 Citrix01 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.121 Citrix02 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.122 Citrix03 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.123 Citrix04 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.124 Citrix05 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.101 Citrix1 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.102 Citrix2 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.103 Citrix3 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.104 Citrix4 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.105 Citrix5 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.106 Citrix6 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.111 Citrix7 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.112 Citrix8 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,outside) *.*213.116 Citrix10 netmask
255.255.255.255<http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.10 <http://172.18.2.10/> Citrix01 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.11 <http://172.18.2.11/> Citrix02 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.12 <http://172.18.2.12/> Citrix03 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.13 <http://172.18.2.13/> Citrix04 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.14 <http://172.18.2.14/> Citrix05 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.50 <http://172.18.2.50/>Citrix1 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.51 <http://172.18.2.51/> Citrix2 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.52 <http://172.18.2.52/> Citrix3 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.53 <http://172.18.2.53/> Citrix4 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.54 <http://172.18.2.54/> Citrix5 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.55 <http://172.18.2.55/>Citrix6 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.56 <http://172.18.2.56/> Citrix7 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.57 <http://172.18.2.57/> Citrix8 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.58 <http://172.18.2.58/> Citrix9 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.59 <http://172.18.2.59/> Citrix10 netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.20
<http://172.18.2.20/>172.17.2.45<http://172.17.2.45/>netmask
> > 255.255.255.255 <http://255.255.255.255/>
> > > static (inside,dmz) 172.18.2.21 <http://172.18.2.21/> 172.17.2.46
> > <http://172.17.2.46/>netmask 255.255.255.255 <http://255.255.255.255/>
> > > static (dmz,outside) *.*213.100 Citrix-NFuse netmask
255.255.255.255<http://255.255.255.255/>
> > > static (dmz,outside) *.*213.125 WEB-INT netmask
255.255.255.255<http://255.255.255.255/>
> > > static (dmz,outside) *.*213.113 cag netmask
255.255.255.255<http://255.255.255.255/>
> > > access-group outside_acl in interface outside
> > > access-group dmz_acl in interface dmz
> > > route outside 0.0.0.0 <http://0.0.0.0/> 0.0.0.0 <http://0.0.0.0/> *.*
> > 213.97 1
> > > route inside 172.17.0.0 <http://172.17.0.0/>
255.255.0.0<http://255.255.0.0/>
> > 172.17.2.1 <http://172.17.2.1/> 1
> > > timeout xlate 3:00:00
> > > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> > > timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
> > > timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
> > > timeout uauth 0:05:00 absolute
> > > username admin password ** encrypted
> > > http server enable
> > > http 172.17.0.0 <http://172.17.0.0/> 255.255.0.0
<http://255.255.0.0/>inside
> > > no snmp-server location
> > > no snmp-server contact
> > > snmp-server enable traps snmp
> > > telnet 172.17.0.0 <http://172.17.0.0/>
255.255.0.0<http://255.255.0.0/>inside
> > > telnet timeout 5
> > > ssh timeout 5
> > > console timeout 0
> > > Cryptochecksum:**
> > > ****-pix#
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> John Matijevic, CCIE #13254
> U.S. Installation Group
> Senior Network Engineer
> 954-969-7160 ext. 1147 (office)
> 305-321-6232 (cell)

--
John Matijevic, CCIE #13254
U.S. Installation Group
Senior Network Engineer
954-969-7160 ext. 1147 (office)
305-321-6232 (cell)

• Next message: Mike Hwang: "test"
• Previous message: john matijevic: "Re: PIX 515e Config"
• Maybe in reply to: Thanh Nguyen: "PIX 515e Config"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3