Your config will let everything in!!! Is that what you want???
Lano Kris wrote:
> Building configuration...
> : Saved
> :
> PIX Version 6.0(1)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
>
> enable password 2KFQnbNIdI.2KYOU encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname pixfirewall
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 1720
> fixup protocol rsh 514
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol sip 5060
> fixup protocol skinny 2000
> names
>
> access-list ping_acl permit icmp any any
> access-list ping_acl permit tcp any any eq www
> access-list ping_acl permit tcp any any
> access-list ping_acl permit udp any any
> access-list acl_out permit icmp any any
> access-list acl_out permit tcp any any eq www
> access-list acl_out permit tcp any any
> access-list acl_out permit udp any any
> pager lines 24
>
> interface ethernet0 100basetx
> interface ethernet1 100basetx
>
> mtu outside 1500
> mtu inside 1500
> mtu ndtv 1500
> ip address outside 172.110.0.2 255.255.0.0
> ip address inside 172.100.0.1 255.255.0.0
>
> ip audit info action alarm
> ip audit attack action alarm
> no failover
> failover timeout 0:00:00
> failover poll 15
> failover ip address outside 0.0.0.0
> failover ip address inside 0.0.0.0
>
> pdm history enable
> arp timeout 600
> global (outside) 1 202.196.214.40-202.196.214.45 netmask 255.255.255.224
> global (outside) 1 202.196.214.46
>
> nat (inside) 1 172.100.0.0 255.255.0.0 0 0
>
> access-group acl_out in interface outside
> access-group ping_acl in interface inside
>
> route outside 0.0.0.0 0.0.0.0 172.110.0.1 1
>
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
> 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> no floodguard enable
> no sysopt route dnat
>
> telnet 172.100.0.0 255.255.0.0 inside
> telnet 172.120.0.0 255.255.0.0 inside
>
> telnet timeout 5
> ssh timeout 5
> terminal width 80
> Cryptochecksum:b27e96cd58b6c27b71ff163898579460
> [OK]
> pixfirewall#
--
"You can say any foolish thing to a dog,
and the dog will give you a look that says,
'My God, you're right! I never would've
thought of that!'"
-Dave Barry
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12727&t=12605
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
