1. : Saved
2. :
3. PIX Version 6.2(2)
4. nameif ethernet0 outside security0
5. nameif ethernet1 inside security100
6. nameif ethernet2 DMZ security70
7. enable password ksjfglkasglc encrypted
8. passwd kjngczftglkacytiur encrypted
9. hostname Atlanta
10. domain-name www.bruceweng.bokee.com
11. fixup protocol ftp 21
12. fixup protocol http 80
13. fixup protocol smtp 25
14. fixup protocol skinny 2000
15. names
16. access-list inbound permit icmp any host 192.168.3.10
17. access-list inbound permit tcp any host 192.168.3.10 eq www
18. access-list inbound permit tcp any host 192.168.3.10 eq 443
19. access-list DMZ permit udp 172.16.3.0 255.255.255.0 host 10.10.3.240 eq ntp
20. access-list ××× permit ip 10.10.3.0 255.255.255.0 10.10.2.0 255.255.255.0
21. access-list ××× permit ip 10.10.3.0 255.255.255.0 10.10.10.0 255.255.255.0
22. access-list LosAngeles permit ip 10.10.3.0 255.255.255.0 10.10.10.0
255.255.255.0
23. access-list Boston permit ip 10.10.3.0 255.255.255.0 10.10.2.0 255.255.255.0
24. pager lines 24
25. logging on
26. logging timestamp
27. interface ethernet0 auto
28. interface ethernet1 auto
29. interface ethernet2 auto
30. mtu outside 1500
31. mtu inside 1500
32. ip address outside 192.168.3.1 255.255.255.0
33. ip address inside 10.10.3.1 255.255.255.0
34. ip address DMZ 172.16.3.1 255.255.255.0
35. arp timeout 14400
36. global (outside) 1 192.168.3.20-200
37. nat (inside) 1 0.0.0.0 0.0.0.0 0 0
38. nat (inside) 0 access-list ×××
39. static (DMZ,outside) 192.168.3.10 172.16.3.10 netmask 255.255.255.255 0 0
40. access-group inbound in interface outside
41. access-group DMZ in interface DMZ
42. route outside 0.0.0.0 0.0.0.0 192.168.3.254 1
43. timeout xlate 3:00:00
44. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
45. timeout uauth 0:05:00 absolute
46. aaa-server TACACS+ protocol tacacs+
47. aaa-server RADIUS protocol radius
48. no snmp-server location
49. no snmp-server contact
50. snmp-server community public
51. no snmp-server enable traps
52. floodguard enable
53. sysopt connection permit-ipsec
54. crypto ipsec transform-set Branch××× esp-3des esp-md5-hmac
55. crypto ipsec transform-set NothingNew esp-3des esp-sha-hmac
56. crypto map Branch××× 10 ipsec-isakmp
57. crypto map Branch××× 10 match address LosAngeles
58. crypto map Branch××× 10 set peer 192.168.1.1
59. crypto map Branch××× 10 set transform-set Branch×××
60. crypto map Branch××× 20 ipsec-isakmp
61. crypto map Branch××× 20 match address Boston
62. crypto map Branch××× 20 set peer 192.168.2.1
63. crypto map Branch××× 20 set transform-set Branch×××
64. crypto map Branch××× interface outside
65. isakmp enable outside
66. isakmp key ******** address 192.168.1.1 netmask 255.255.255.255
67. isakmp key ******** address 192.168.2.1 netmask 255.255.255.255
68. isakmp identity address
69. isakmp policy 20 authentication pre-share
70. isakmp policy 20 encryption 3des
71. isakmp policy 20 hash md5
72. isakmp policy 20 group 2
73. isakmp policy 20 lifetime 86400
74. terminal width 80
75. Cryptochecksum:e0c04954fcabd239ae291d58fc618dd5