Home CISCO Firewall Showing sample CISCO PIX 515E Configuration
Showing sample CISCO PIX 515E Configuration PDF Print E-mail
Written by Siva   
Saturday, 13 August 2011 12:50

Showing sample CISCO PIX 515E Configuration!

 

(Note: Here all IP addresses, keys, VPN details are NOT real!)

 

vmgenie-pix>

vmgenie-pix> en

Password:

Invalid password

Password: **

Invalid password

Password: *******

vmgenie-pix#

vmgenie-pix#

vmgenie-pix# sh run

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password 8v0/ZEF/hZawtm20 encrypted

passwd 8v0/ZEF/hZawtm20 encrypted

hostname vmgenie-pix

domain-name corp.genie.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names        

name 212.42.200.2 WEB-LAN-PIX

access-list 110 permit ip 192.168.7.0 255.255.255.0 10.20.0.0 255.255.0.0

access-list 110 permit ip 192.168.7.0 255.255.255.0 10.12.0.0 255.255.0.0

access-list 110 permit ip 192.168.7.0 255.255.255.0 172.16.100.0 255.255.255.0

access-list 110 permit ip 192.168.7.0 255.255.255.0 172.20.10.0 255.255.255.0

access-list nonat permit ip 192.168.7.0 255.255.255.0 10.20.0.0 255.255.0.0

access-list nonat permit ip 192.168.7.0 255.255.255.0 10.12.0.0 255.255.0.0

access-list nonat permit ip 192.168.7.0 255.255.255.0 172.16.100.0 255.255.255.0

access-list nonat permit ip 192.168.7.0 255.255.255.0 172.20.10.0 255.255.255.0

pager lines 24

logging history critical

mtu outside 1500

mtu inside 1500

mtu intf2 1500

ip address outside 75.5.120.81 255.255.255.248

ip address inside 192.168.7.1 255.255.255.0

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm location 10.20.1.0 255.255.255.0 inside

pdm location 10.20.0.0 255.255.0.0 outside

pdm location 10.12.0.0 255.255.0.0 outside

pdm location 68.113.59.0 255.255.255.0 outside

pdm location 172.16.100.0 255.255.255.0 outside

pdm location 204.114.67.23 255.255.255.255 outside

pdm location 172.20.10.0 255.255.255.0 outside

pdm location 192.168.7.200 255.255.255.255 inside

pdm history enable

arp timeout 14400

global (outside) 1 75.5.120.81 netmask 255.255.255.248

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 71.6.110.81 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 10.25.1.0 255.255.255.0 inside

http 192.168.7.0 255.255.255.0 inside

snmp-server host inside 192.168.7.200

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps

tftp-server inside 192.168.7.200 vmgenie-pix_002.cfg

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map mymap 10 ipsec-isakmp

crypto map mymap 10 match address 110

crypto map mymap 10 set peer 67.114.57.5

crypto map mymap 10 set peer WEB-LAN-PIX

crypto map mymap 10 set transform-set myset

crypto map mymap interface outside

isakmp enable outside

isakmp key ******** address WEB-LAN-PIX netmask 255.255.255.255

isakmp identity address

isakmp nat-traversal 20

isakmp policy 9 authentication rsa-sig

isakmp policy 9 encryption des

isakmp policy 9 hash sha

isakmp policy 9 group 1

isakmp policy 9 lifetime 86400

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 1000

telnet 204.115.69.25 255.255.255.255 outside

telnet 10.20.1.0 255.255.255.0 inside

telnet 192.168.7.0 255.255.255.0 inside

telnet timeout 60

ssh 65.114.56.0 255.255.255.0 outside

ssh 10.20.1.0 255.255.255.0 inside

ssh timeout 60

management-access inside

console timeout 0

dhcpd address 192.168.7.10-192.168.7.64 inside

dhcpd dns 10.20.1.14 10.20.1.16

dhcpd wins 10.20.1.14 10.20.1.16

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain corp.genie.com

dhcpd enable inside

username siva password XXXXXXXXXXXXXX encrypted privilege 15

terminal width 80

Cryptochecksum:7ab621abcdefghijklmnopac44e2fc363d78

: end        

vmgenie-pix#    

vmgenie-pix#

vmgenie-pix#

vmgenie-pix#

vmgenie-pix#

vmgenie-pix#

vmgenie-pix#

vmgenie-pix#

vmgenie-pix#

************************************************************************************

********************************************************

*************************************88

************************

********

**

CHANGES MADE---------!!

 

vmgenie-pix#

vmgenie-pix#

vmgenie-pix#

vmgenie-pix# .

vmgenie-pix# config t

vmgenie-pix(config)# dhcpd dns 10.20.1.14 10.20.1.16

vmgenie-pix(config)# no dhcpd wins 10.20.1.14 10.20.1.16

vmgenie-pix(config)# no dhcpd dns 10.20.1.14 10.20.1.16

vmgenie-pix(config)# dhcpd dns 10.20.1.83 10.20.1.17

vmgenie-pix(config)# dhcpd wins 10.20.1.83 10.20.1.17

 
 

Advertisement

Featured Links:
HREmail.com
Looking for job? Try HREmail.com
Want to have CMS based Websites?
Try siliconwebcreators.com to CMS based websites.
VM Solutions Inc
For best VM solutions..
Digital Procedure Inc.
Looking for Oracle /SAP /Weblogic Consulting services? visit digitalprocedure.com