Re: Telnet to inside through VPN [7:33589]
Try specifying the exact IP address of the PC from where you want to initiate the Telnet session and not the block of IP. Regard. Oletu - Original Message - From: Dante Martins To: Sent: Tuesday, January 29, 2002 10:50 AM Subject: PIX: Telnet to inside through VPN [7:33589] > How can I telnet to PIX inside interface from the VPN (I.E. from > 10.128.128.0 telnet 172.16.3.252). > > I have tried using telnet command: > "telnet 10.128.128.0 inside" but still no working. > > Can you help me? > > Dante > > > > > CONF MAIN PIX > PIX Version 6.0(1) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 DMZ1 security10 > nameif ethernet3 intf3 security15 > nameif ethernet4 intf4 security20 > nameif ethernet5 intf5 security25 > enable password *** encrypted > passwd ** encrypted > hostname MAIN > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > access-list 101 permit ip 10.128.128.0 255.255.224.0 172.16.3.0 > 255.255.255.0 > access-list 102 permit ip 10.128.128.0 255.255.224.0 192.168.3.0 > 255.255.255.0 > access-list 103 permit ip 10.128.128.0 255.255.224.0 10.250.1.0 > 255.255.255.0 > access-list 103 permit ip 10.128.128.0 255.255.224.0 10.249.0.0 > 255.255.240.0 > access-list 104 permit ip 10.128.128.0 255.255.224.0 10.250.11.0 > 255.255.255.0 > access-list 105 permit ip 10.128.128.0 255.255.224.0 10.250.95.0 > 255.255.255.0 > pager lines 24 > logging on > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto > interface ethernet3 auto > interface ethernet4 auto shutdown > interface ethernet5 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu DMZ1 1500 > mtu intf3 1500 > mtu intf4 1500 > mtu intf5 1500 > ip address outside 200.219.100.2 255.255.255.0 > ip address inside 10.128.159.253 255.255.224.0 > ip address DMZ1 10.255.255.254 255.255.224.0 > ip address intf3 10.250.11.254 255.255.255.0 > ip address intf4 127.0.0.1 255.255.255.255 > ip address intf5 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > no failover > failover timeout 0:00:00 > failover poll 15 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > failover ip address DMZ1 0.0.0.0 > failover ip address intf3 0.0.0.0 > failover ip address intf4 0.0.0.0 > failover ip address intf5 0.0.0.0 > pdm history enable > arp timeout 14400 > global (outside) 1 200.219.100.100-200.219.100.199 > global (outside) 1 200.219.100.200 > global (DMZ1) 1 10.255.224.10-10.255.224.70 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0 > alias (inside) 200.219.100.26 10.255.224.3 255.255.255.255 > alias (inside) 200.219.100.30 10.128.128.30 255.255.255.255 > alias (inside) 200.219.100.31 10.255.224.9 255.255.255.255 > alias (inside) 200.219.100.54 10.255.224.4 255.255.255.255 > > static (inside,outside) 200.219.100.26 10.128.128.26 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.30 10.128.128.30 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.31 10.128.128.32 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.54 10.128.128.54 netmask > 255.255.255.255 0 0 > > conduit permit icmp any any > conduit permit tcp host 200.219.100.30 eq www any > conduit permit tcp host 200.219.100.30 eq domain any > conduit permit udp host 200.219.100.30 eq domain any > conduit permit tcp host 200.219.100.31 eq www any > conduit permit tcp host 200.219.100.31 eq domain any > conduit permit udp host 200.219.100.31 eq domain any > conduit permit tcp host 200.219.100.26 eq 161 any > conduit permit tcp host 200.219.100.26 eq 162 any > conduit permit udp host 200.219.100.26 eq snmp any > conduit permit udp host 200.219.100.26 eq snmptrap any > conduit permit tcp host 200.219.100.54 eq domain any > conduit permit udp host 200.219.100.54 eq domain any > conduit permit tcp host 200.219.100.54 eq 22 any > > route outside 0.0.0.0 0.0.0.0 200.219.100.1 1 > route outside 10.0.64.0 255.255.224.0 10.128.159.252 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > snmp-server host inside 10.128.128.21 > snmp-server location mainsite > snmp-server contact support@mainsite > snmp-server community pixpix > snmp-server enable traps > flo
Re: Telnet to inside through VPN [7:33589]
You can telnet to the outside of a pix. You have to use ipsec to do it, but it can be done as of 5.0 I am sure this is going to wrap, but this is how you do it with 5.1 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/advanced.htm#xtocid2143047 hth, ipguru Dante Martins wrote: > How can I telnet to PIX inside interface from the VPN (I.E. from > 10.128.128.0 telnet 172.16.3.252). > > I have tried using telnet command: > "telnet 10.128.128.0 255.255.255.0 inside" but still no working. > > Can you help me? > > Dante > > CONF MAIN PIX > PIX Version 6.0(1) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 DMZ1 security10 > nameif ethernet3 intf3 security15 > nameif ethernet4 intf4 security20 > nameif ethernet5 intf5 security25 > enable password *** encrypted > passwd ** encrypted > hostname MAIN > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > access-list 101 permit ip 10.128.128.0 255.255.224.0 172.16.3.0 > 255.255.255.0 > access-list 102 permit ip 10.128.128.0 255.255.224.0 192.168.3.0 > 255.255.255.0 > access-list 103 permit ip 10.128.128.0 255.255.224.0 10.250.1.0 > 255.255.255.0 > access-list 103 permit ip 10.128.128.0 255.255.224.0 10.249.0.0 > 255.255.240.0 > access-list 104 permit ip 10.128.128.0 255.255.224.0 10.250.11.0 > 255.255.255.0 > access-list 105 permit ip 10.128.128.0 255.255.224.0 10.250.95.0 > 255.255.255.0 > pager lines 24 > logging on > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto > interface ethernet3 auto > interface ethernet4 auto shutdown > interface ethernet5 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu DMZ1 1500 > mtu intf3 1500 > mtu intf4 1500 > mtu intf5 1500 > ip address outside 200.219.100.2 255.255.255.0 > ip address inside 10.128.159.253 255.255.224.0 > ip address DMZ1 10.255.255.254 255.255.224.0 > ip address intf3 10.250.11.254 255.255.255.0 > ip address intf4 127.0.0.1 255.255.255.255 > ip address intf5 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > no failover > failover timeout 0:00:00 > failover poll 15 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > failover ip address DMZ1 0.0.0.0 > failover ip address intf3 0.0.0.0 > failover ip address intf4 0.0.0.0 > failover ip address intf5 0.0.0.0 > pdm history enable > arp timeout 14400 > global (outside) 1 200.219.100.100-200.219.100.199 > global (outside) 1 200.219.100.200 > global (DMZ1) 1 10.255.224.10-10.255.224.70 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0 > alias (inside) 200.219.100.26 10.255.224.3 255.255.255.255 > alias (inside) 200.219.100.30 10.128.128.30 255.255.255.255 > alias (inside) 200.219.100.31 10.255.224.9 255.255.255.255 > alias (inside) 200.219.100.54 10.255.224.4 255.255.255.255 > > static (inside,outside) 200.219.100.26 10.128.128.26 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.30 10.128.128.30 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.31 10.128.128.32 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.54 10.128.128.54 netmask > 255.255.255.255 0 0 > > conduit permit icmp any any > conduit permit tcp host 200.219.100.30 eq www any > conduit permit tcp host 200.219.100.30 eq domain any > conduit permit udp host 200.219.100.30 eq domain any > conduit permit tcp host 200.219.100.31 eq www any > conduit permit tcp host 200.219.100.31 eq domain any > conduit permit udp host 200.219.100.31 eq domain any > conduit permit tcp host 200.219.100.26 eq 161 any > conduit permit tcp host 200.219.100.26 eq 162 any > conduit permit udp host 200.219.100.26 eq snmp any > conduit permit udp host 200.219.100.26 eq snmptrap any > conduit permit tcp host 200.219.100.54 eq domain any > conduit permit udp host 200.219.100.54 eq domain any > conduit permit tcp host 200.219.100.54 eq 22 any > > route outside 0.0.0.0 0.0.0.0 200.219.100.1 1 > route outside 10.0.64.0 255.255.224.0 10.128.159.252 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > snmp-server host inside 10.128.128.21 > snmp-server location mainsite > snmp-server contact support@mainsite > snmp-server community pixpix > snmp-server enable traps > floodguard enable > sysopt connection permit-ipsec > sysopt ipsec pl-compatible > no sysopt route dnat > > crypto ipsec transform-set strong esp-des esp-sha-hmac > crypto map cmap 1 ipsec-isakmp > crypto map cmap 1 match address 101 > crypto map cmap 1 set peer 200.200.100.2 > crypto map cmap 1 set transform-set strong > crypto map cmap 2 ipsec-isakmp > crypto map cma
PIX: Telnet to inside through VPN [7:33589]
How can I telnet to PIX inside interface from the VPN (I.E. from 10.128.128.0 telnet 172.16.3.252). I have tried using telnet command: "telnet 10.128.128.0 inside" but still no working. Can you help me? Dante CONF MAIN PIX PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ1 security10 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 nameif ethernet5 intf5 security25 enable password *** encrypted passwd ** encrypted hostname MAIN fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list 101 permit ip 10.128.128.0 255.255.224.0 172.16.3.0 255.255.255.0 access-list 102 permit ip 10.128.128.0 255.255.224.0 192.168.3.0 255.255.255.0 access-list 103 permit ip 10.128.128.0 255.255.224.0 10.250.1.0 255.255.255.0 access-list 103 permit ip 10.128.128.0 255.255.224.0 10.249.0.0 255.255.240.0 access-list 104 permit ip 10.128.128.0 255.255.224.0 10.250.11.0 255.255.255.0 access-list 105 permit ip 10.128.128.0 255.255.224.0 10.250.95.0 255.255.255.0 pager lines 24 logging on interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto interface ethernet4 auto shutdown interface ethernet5 auto shutdown mtu outside 1500 mtu inside 1500 mtu DMZ1 1500 mtu intf3 1500 mtu intf4 1500 mtu intf5 1500 ip address outside 200.219.100.2 255.255.255.0 ip address inside 10.128.159.253 255.255.224.0 ip address DMZ1 10.255.255.254 255.255.224.0 ip address intf3 10.250.11.254 255.255.255.0 ip address intf4 127.0.0.1 255.255.255.255 ip address intf5 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address DMZ1 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 failover ip address intf5 0.0.0.0 pdm history enable arp timeout 14400 global (outside) 1 200.219.100.100-200.219.100.199 global (outside) 1 200.219.100.200 global (DMZ1) 1 10.255.224.10-10.255.224.70 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0 alias (inside) 200.219.100.26 10.255.224.3 255.255.255.255 alias (inside) 200.219.100.30 10.128.128.30 255.255.255.255 alias (inside) 200.219.100.31 10.255.224.9 255.255.255.255 alias (inside) 200.219.100.54 10.255.224.4 255.255.255.255 static (inside,outside) 200.219.100.26 10.128.128.26 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.30 10.128.128.30 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.31 10.128.128.32 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.54 10.128.128.54 netmask 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp host 200.219.100.30 eq www any conduit permit tcp host 200.219.100.30 eq domain any conduit permit udp host 200.219.100.30 eq domain any conduit permit tcp host 200.219.100.31 eq www any conduit permit tcp host 200.219.100.31 eq domain any conduit permit udp host 200.219.100.31 eq domain any conduit permit tcp host 200.219.100.26 eq 161 any conduit permit tcp host 200.219.100.26 eq 162 any conduit permit udp host 200.219.100.26 eq snmp any conduit permit udp host 200.219.100.26 eq snmptrap any conduit permit tcp host 200.219.100.54 eq domain any conduit permit udp host 200.219.100.54 eq domain any conduit permit tcp host 200.219.100.54 eq 22 any route outside 0.0.0.0 0.0.0.0 200.219.100.1 1 route outside 10.0.64.0 255.255.224.0 10.128.159.252 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius snmp-server host inside 10.128.128.21 snmp-server location mainsite snmp-server contact support@mainsite snmp-server community pixpix snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt ipsec pl-compatible no sysopt route dnat crypto ipsec transform-set strong esp-des esp-sha-hmac crypto map cmap 1 ipsec-isakmp crypto map cmap 1 match address 101 crypto map cmap 1 set peer 200.200.100.2 crypto map cmap 1 set transform-set strong crypto map cmap 2 ipsec-isakmp crypto map cmap 2 match address 102 crypto map cmap 2 set peer 200.200.111.2 crypto map cmap 2 set transform-set strong crypto map cmap 3 ipsec-isakmp crypto map cmap 3 match address 103 crypto map cmap 3 set peer 200.200.222.2 crypto map cmap 3 set transform-set strong crypto map cmap 4 ipsec-isakmp crypto map cmap 4 match address 104 crypto map cmap 4 set peer 200.202.202.2 crypto map cmap 4 set transform-set strong crypto map cmap 5 ipsec-isakmp crypto map cmap 5 match address 105 crypto map cmap 5 set peer 205.205.205.2 crypto map cmap 5 set transform-set strong crypto map cmap inter
RE: Telnet to inside through VPN [7:33589]
How can I telnet to PIX inside interface from the VPN (I.E. from 10.128.128.0 telnet 172.16.3.252). I have tried using telnet command: "telnet 10.128.128.0 255.255.255.0 inside" but still no working. Can you help me? Dante CONF MAIN PIX PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ1 security10 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 nameif ethernet5 intf5 security25 enable password *** encrypted passwd ** encrypted hostname MAIN fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list 101 permit ip 10.128.128.0 255.255.224.0 172.16.3.0 255.255.255.0 access-list 102 permit ip 10.128.128.0 255.255.224.0 192.168.3.0 255.255.255.0 access-list 103 permit ip 10.128.128.0 255.255.224.0 10.250.1.0 255.255.255.0 access-list 103 permit ip 10.128.128.0 255.255.224.0 10.249.0.0 255.255.240.0 access-list 104 permit ip 10.128.128.0 255.255.224.0 10.250.11.0 255.255.255.0 access-list 105 permit ip 10.128.128.0 255.255.224.0 10.250.95.0 255.255.255.0 pager lines 24 logging on interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto interface ethernet4 auto shutdown interface ethernet5 auto shutdown mtu outside 1500 mtu inside 1500 mtu DMZ1 1500 mtu intf3 1500 mtu intf4 1500 mtu intf5 1500 ip address outside 200.219.100.2 255.255.255.0 ip address inside 10.128.159.253 255.255.224.0 ip address DMZ1 10.255.255.254 255.255.224.0 ip address intf3 10.250.11.254 255.255.255.0 ip address intf4 127.0.0.1 255.255.255.255 ip address intf5 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address DMZ1 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 failover ip address intf5 0.0.0.0 pdm history enable arp timeout 14400 global (outside) 1 200.219.100.100-200.219.100.199 global (outside) 1 200.219.100.200 global (DMZ1) 1 10.255.224.10-10.255.224.70 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0 alias (inside) 200.219.100.26 10.255.224.3 255.255.255.255 alias (inside) 200.219.100.30 10.128.128.30 255.255.255.255 alias (inside) 200.219.100.31 10.255.224.9 255.255.255.255 alias (inside) 200.219.100.54 10.255.224.4 255.255.255.255 static (inside,outside) 200.219.100.26 10.128.128.26 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.30 10.128.128.30 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.31 10.128.128.32 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.54 10.128.128.54 netmask 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp host 200.219.100.30 eq www any conduit permit tcp host 200.219.100.30 eq domain any conduit permit udp host 200.219.100.30 eq domain any conduit permit tcp host 200.219.100.31 eq www any conduit permit tcp host 200.219.100.31 eq domain any conduit permit udp host 200.219.100.31 eq domain any conduit permit tcp host 200.219.100.26 eq 161 any conduit permit tcp host 200.219.100.26 eq 162 any conduit permit udp host 200.219.100.26 eq snmp any conduit permit udp host 200.219.100.26 eq snmptrap any conduit permit tcp host 200.219.100.54 eq domain any conduit permit udp host 200.219.100.54 eq domain any conduit permit tcp host 200.219.100.54 eq 22 any route outside 0.0.0.0 0.0.0.0 200.219.100.1 1 route outside 10.0.64.0 255.255.224.0 10.128.159.252 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius snmp-server host inside 10.128.128.21 snmp-server location mainsite snmp-server contact support@mainsite snmp-server community pixpix snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt ipsec pl-compatible no sysopt route dnat crypto ipsec transform-set strong esp-des esp-sha-hmac crypto map cmap 1 ipsec-isakmp crypto map cmap 1 match address 101 crypto map cmap 1 set peer 200.200.100.2 crypto map cmap 1 set transform-set strong crypto map cmap 2 ipsec-isakmp crypto map cmap 2 match address 102 crypto map cmap 2 set peer 200.200.111.2 crypto map cmap 2 set transform-set strong crypto map cmap 3 ipsec-isakmp crypto map cmap 3 match address 103 crypto map cmap 3 set peer 200.200.222.2 crypto map cmap 3 set transform-set strong crypto map cmap 4 ipsec-isakmp crypto map cmap 4 match address 104 crypto map cmap 4 set peer 200.202.202.2 crypto map cmap 4 set transform-set strong crypto map cmap 5 ipsec-isakmp crypto map cmap 5 match address 105 crypto map cmap 5 set peer 205.205.205.2 crypto map cmap 5 set transform-set strong crypto
Re: Telnet to inside through VPN [7:33589]
You cannot telnet to the inside address from the outside even over a VPN AFAIK. Just use SSH to the outside if you have RADIUS or TACACS. Otherwise you'll have to SSH or Telnet to a host on the inside of the PIX and then Telnet back in. So, if you have a router or switch on the inside of the network just go to it first and then back to the inside interface of the PIX. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm ""Dante Martins"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > How can I telnet to PIX inside interface from the VPN (I.E. from > 10.128.128.0 telnet 172.16.3.252). > > I have tried using telnet command: > "telnet 10.128.128.0 255.255.255.0 inside" but still no working. > > Can you help me? > > Dante > > > > > CONF MAIN PIX > PIX Version 6.0(1) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 DMZ1 security10 > nameif ethernet3 intf3 security15 > nameif ethernet4 intf4 security20 > nameif ethernet5 intf5 security25 > enable password *** encrypted > passwd ** encrypted > hostname MAIN > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > access-list 101 permit ip 10.128.128.0 255.255.224.0 172.16.3.0 > 255.255.255.0 > access-list 102 permit ip 10.128.128.0 255.255.224.0 192.168.3.0 > 255.255.255.0 > access-list 103 permit ip 10.128.128.0 255.255.224.0 10.250.1.0 > 255.255.255.0 > access-list 103 permit ip 10.128.128.0 255.255.224.0 10.249.0.0 > 255.255.240.0 > access-list 104 permit ip 10.128.128.0 255.255.224.0 10.250.11.0 > 255.255.255.0 > access-list 105 permit ip 10.128.128.0 255.255.224.0 10.250.95.0 > 255.255.255.0 > pager lines 24 > logging on > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto > interface ethernet3 auto > interface ethernet4 auto shutdown > interface ethernet5 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu DMZ1 1500 > mtu intf3 1500 > mtu intf4 1500 > mtu intf5 1500 > ip address outside 200.219.100.2 255.255.255.0 > ip address inside 10.128.159.253 255.255.224.0 > ip address DMZ1 10.255.255.254 255.255.224.0 > ip address intf3 10.250.11.254 255.255.255.0 > ip address intf4 127.0.0.1 255.255.255.255 > ip address intf5 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > no failover > failover timeout 0:00:00 > failover poll 15 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > failover ip address DMZ1 0.0.0.0 > failover ip address intf3 0.0.0.0 > failover ip address intf4 0.0.0.0 > failover ip address intf5 0.0.0.0 > pdm history enable > arp timeout 14400 > global (outside) 1 200.219.100.100-200.219.100.199 > global (outside) 1 200.219.100.200 > global (DMZ1) 1 10.255.224.10-10.255.224.70 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0 > alias (inside) 200.219.100.26 10.255.224.3 255.255.255.255 > alias (inside) 200.219.100.30 10.128.128.30 255.255.255.255 > alias (inside) 200.219.100.31 10.255.224.9 255.255.255.255 > alias (inside) 200.219.100.54 10.255.224.4 255.255.255.255 > > static (inside,outside) 200.219.100.26 10.128.128.26 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.30 10.128.128.30 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.31 10.128.128.32 netmask > 255.255.255.255 0 0 > static (inside,outside) 200.219.100.54 10.128.128.54 netmask > 255.255.255.255 0 0 > > conduit permit icmp any any > conduit permit tcp host 200.219.100.30 eq www any > conduit permit tcp host 200.219.100.30 eq domain any > conduit permit udp host 200.219.100.30 eq domain any > conduit permit tcp host 200.219.100.31 eq www any > conduit permit tcp host 200.219.100.31 eq domain any > conduit permit udp host 200.219.100.31 eq domain any > conduit permit tcp host 200.219.100.26 eq 161 any > conduit permit tcp host 200.219.100.26 eq 162 any > conduit permit udp host 200.219.100.26 eq snmp any > conduit permit udp host 200.219.100.26 eq snmptrap any > conduit permit tcp host 200.219.100.54 eq domain any > conduit permit udp host 200.219.100.54 eq domain any > conduit permit tcp host 200.219.100.54 eq 22 any > > route outside 0.0.0.0 0.0.0.0 200.219.100.1 1 > route outside 10.0.64.0 255.255.224.0 10.128.159.252 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > snmp-server host inside 10.128.128.21 > snmp-server location mainsite > snmp-server contact support@mainsite > snmp-server community pixpix > snmp-server enable traps > floodguard enable > sysopt connectio
