Last Updated:
Friday, 27 February 2009 By: Steve Warner

Home | About Us | Standards | Cisco IOS© | Cisco CCNA© | Cisco CCNP© | Cisco CCIE© | Security | VoIP | Configs | Links

Search

Example Configs

Cisco PIX Firewall Config Example 5.3(1)

 


 

PIX (506)

: Saved
:
PIX Version 5.3(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password EnablePasswd encrypted
passwd TelnetPasswd encrypted
hostname pix
domain-name cdcentre.demon.co.uk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol smtp 25
names
pager lines 24
logging on
logging timestamp
no logging standby
logging console debugging
no logging monitor
logging buffered alerts
logging trap debugging
no logging history
logging facility 20
logging queue 512
logging host inside 172.16.0.10
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1500
mtu inside 1500
ip address outside 172.16.254.253 255.255.255.0
ip address inside 172.16.0.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 172.16.254.252 netmask 255.255.255.0
nat (inside) 1 10.0.0.0 255.255.255.0 0 0
nat (inside) 1 172.16.0.0 255.255.255.0 0 0
static (inside,outside) 172.16.254.10 172.16.0.10 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.254.54 172.16.0.54 netmask 255.255.255.255 0 0
conduit permit tcp 172.16.254.0 255.255.255.0 eq telnet host 172.16.129.11 
conduit permit tcp host 172.16.254.10 eq tacacs host 172.16.254.254 
conduit permit tcp host 172.16.254.10 eq www any 
conduit permit tcp host 172.16.254.54 eq www any 
conduit permit udp 172.16.254.0 255.255.255.0 eq netbios-ns host 172.16.129.11 eq netbios-ns 
conduit permit udp 172.16.254.0 255.255.255.0 eq netbios-dgm host 172.16.129.11 eq netbios-dgm 
conduit permit udp host 172.16.254.10 eq syslog host 172.16.254.254 
conduit permit tcp 172.16.254.0 255.255.255.0 eq 139 host 172.16.129.11 
conduit permit udp host 172.16.254.10 eq ntp host 172.16.254.254 
conduit permit udp host 172.16.254.54 eq ntp host 172.16.254.254 
conduit permit tcp host 172.16.254.10 eq ftp host 172.16.129.11 
conduit permit tcp host 172.16.254.54 eq ftp host 172.16.129.11 
conduit permit tcp host 172.16.254.54 eq ftp 194.42.226.64 255.255.255.240 
conduit permit tcp host 172.16.254.54 eq 22 194.42.226.64 255.255.255.240 
conduit permit tcp host 172.16.254.54 eq ftp host 194.42.236.249 
conduit permit tcp host 172.16.254.54 eq ftp host 194.42.224.25 
conduit permit tcp host 172.16.254.10 eq nntp host 172.16.129.11 
conduit permit tcp host 172.16.254.10 eq pop3 host 172.16.129.11 
conduit permit tcp host 172.16.254.10 eq telnet 194.42.226.64 255.255.255.240 
conduit permit tcp host 172.16.254.54 eq ident host 194.42.224.135 
conduit permit tcp host 172.16.254.10 eq smtp host 172.16.129.11 
conduit permit udp host 172.16.254.10 eq tftp host 172.16.254.254 
conduit permit icmp any any 
conduit permit tcp host 172.16.254.54 eq ftp host 194.42.249.74 
conduit permit tcp host 172.16.254.10 eq 22 194.42.226.64 255.255.255.240 
conduit permit tcp host 172.16.254.10 eq nntp 194.42.226.64 255.255.255.240 
conduit permit tcp host 172.16.254.54 eq 22 host 194.42.249.74 
conduit permit tcp host 172.16.254.10 eq 22 host 194.42.249.74 
conduit permit tcp host 172.16.254.54 eq telnet 194.42.226.64 255.255.255.240 
conduit permit udp host 172.16.254.54 eq bootps host 172.16.129.253 
conduit permit udp host 172.16.254.10 eq bootps host 172.16.129.253 
conduit permit tcp host 172.16.254.10 eq smtp any 
route outside 0.0.0.0 0.0.0.0 172.16.254.254 1
route inside 10.0.0.0 255.255.255.0 172.16.0.10 1
timeout xlate 3:00:00
timeout conn 24:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server Auth protocol tacacs+ 
aaa-server Auth (inside) host 172.16.0.10 TacacsKey timeout 5
aaa authentication telnet console Auth
aaa authentication ssh console Auth
snmp-server host inside 172.16.0.10
snmp-server location -STEVE WARNER- UK - 07966 425252
snmp-server contact Steve Warner
snmp-server community public
no snmp-server enable traps
tftp-server inside 172.16.0.10 /home/tftp/bdsltd.pix
floodguard enable
no sysopt route dnat
isakmp identity hostname
telnet 172.16.0.0 255.255.255.0 inside
telnet timeout 5
ssh 172.16.0.10 255.255.255.255 inside
ssh 172.16.0.54 255.255.255.255 inside
ssh 10.0.0.10 255.255.255.255 inside
ssh timeout 5
terminal width 80
Cryptochecksum:
: end
6.3(1)

 

 

Valid HTML 4.01!

ExamPointers.com Top

Copyright 2001 - 2017. All trademarks acknowledged.
Hosted by NETconf Limited