Sample PIX 501 Configuration

From LinuxServerTech

A sample that can be used to set up new PIX's

: Saved
  : Written by rodo at 01:47:55.119 CDT Wed Jun 14 2006 
  PIX Version 6.3(5) 
  interface ethernet0 auto 
  interface ethernet1 100full 
  nameif ethernet0 outside security0 
  nameif ethernet1 inside security100 
  enable password XXXXXXXXXXXXX encrypted 
  passwd XXXXXXXXXXXX encrypted 
  hostname router 
  domain-name example.com 
  clock timezone CST -6 
  clock summer-time CDT recurring 
  fixup protocol dns maximum-length 512 
  fixup protocol ftp 21 
  fixup protocol h323 h225 1720 
  fixup protocol h323 ras 1718-1719 
  fixup protocol http 80 
  fixup protocol pptp 1723 
  fixup protocol rsh 514 
  fixup protocol rtsp 554 
  fixup protocol sip 5060 
  fixup protocol sip udp 5060 
  fixup protocol skinny 2000 
  fixup protocol smtp 25 
  fixup protocol sqlnet 1521 
  fixup protocol tftp 69 
  names 
  name 10.111.111.2 tully 
  name 10.111.111.3 knn 
  access-list acl-in permit tcp any interface outside eq www 
  access-list inside_outbound_nat0_acl permit ip 10.111.111.0 255.255.255.0 10.111.111.32 255.255.255.240 
  access-list outside_cryptomap_dyn_20 permit ip 10.111.111.0 255.255.255.0 10.111.111.32 255.255.255.240 
  access-list split-tunnel permit ip 10.111.111.0 255.255.255.0 10.111.111.32 255.255.255.240 
  access-list outside permit ip any host 192.168.1.17 
  access-list outside permit ip any host 192.168.1.18 
  no pager 
  logging on 
  logging timestamp 
  logging console debugging 
  logging monitor debugging 
  logging buffered notifications 
  logging trap warnings 
  logging device-id hostname 
  logging host inside tully 
  mtu outside 1500 
  mtu inside 1500 
  ip address outside 192.168.1.22 255.255.255.248 pppoe setroute 
  ip address inside 10.111.111.1 255.255.255.0 
  ip audit info action alarm 
  ip audit attack action alarm 
  ip local pool vpn-pool 10.111.111.32-10.111.111.47 
  pdm location tully 255.255.255.255 inside 
  pdm location 66.17.131.0 255.255.255.0 outside 
  pdm location 10.111.111.111 255.255.255.255 outside 
  pdm location 10.111.111.0 255.255.255.0 inside 
  pdm location knn 255.255.255.255 inside 
  pdm location 172.16.0.1 255.255.255.255 outside 
  pdm location 10.111.105.6 255.255.255.255 outside 
  pdm logging warnings 100 
  pdm history enable 
  arp timeout 14400 
  global (outside) 1 interface 
  nat (inside) 0 access-list inside_outbound_nat0_acl 
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0 
  static (inside,outside) 192.168.1.17 10.111.111.29 netmask 255.255.255.255 0 0 
  static (inside,outside) 192.168.1.18 tully netmask 255.255.255.255 0 0 
  access-group outside in interface outside 
  timeout xlate 0:05:00 
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 
  timeout sip-disconnect 0:02:00 sip-invite 0:03:00 
  timeout uauth 0:05:00 absolute 
  aaa-server radius-authport 1812 
  aaa-server radius-acctport 1813 
  aaa-server TACACS+ protocol tacacs+ 
  aaa-server TACACS+ max-failed-attempts 3 
  aaa-server TACACS+ deadtime 10 
  aaa-server RADIUS protocol radius 
  aaa-server RADIUS max-failed-attempts 3 
  aaa-server RADIUS deadtime 10 
  aaa-server RADIUS (inside) host tully xxxxxxxx timeout 5 
  aaa-server LOCAL protocol local 
  aaa-server AuthVPN protocol radius 
  aaa-server AuthVPN max-failed-attempts 3 
  aaa-server AuthVPN deadtime 10 
  aaa-server AuthVPN (inside) host tully joe timeout 5 
  aaa authentication enable console LOCAL 
  aaa authentication http console LOCAL 
  aaa authentication serial console LOCAL 
  aaa authentication ssh console RADIUS LOCAL 
  aaa authentication telnet console LOCAL 
  aaa authorization command LOCAL 
  ntp server 192.5.41.41 source outside prefer 
  http server enable 
  http 10.111.111.0 255.255.255.0 inside 
  no snmp-server location 
  no snmp-server contact 
  snmp-server community someCompletelyNonsensicalNameHere
  no snmp-server enable traps 
  floodguard enable 
  sysopt connection permit-ipsec 
  sysopt connection permit-pptp 
  sysopt connection permit-l2tp 
  sysopt ipsec pl-compatible 
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map 
  crypto map outside_map client authentication AuthVPN LOCAL 
  crypto map outside_map interface outside 
  isakmp enable outside 
  isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 
  isakmp nat-traversal 20 
  isakmp policy 20 authentication pre-share 
  isakmp policy 20 encryption 3des 
  isakmp policy 20 hash md5 
  isakmp policy 20 group 2 
  isakmp policy 20 lifetime 86400 
  vpngroup acl-vpn address-pool vpn-pool 
  vpngroup acl-vpn dns-server tully 66.17.131.183 
  vpngroup acl-vpn wins-server tully 
  vpngroup acl-vpn default-domain example.com 
  vpngroup acl-vpn split-tunnel split-tunnel 
  vpngroup acl-vpn idle-time 1800 
  vpngroup acl-vpn password xxxxxxxx 
  telnet 10.111.111.0 255.255.255.0 inside 
  telnet timeout 5 
  ssh 10.111.111.0 255.255.255.0 inside 
  ssh timeout 60 
  management-access inside 
  console timeout 0 
  vpdn group pppoe_group request dialout pppoe 
  vpdn group pppoe_group localname user@example.com
  vpdn group pppoe_group ppp authentication pap 
  vpdn username user@example.com password xxxxxxxx 
  dhcpd address 10.111.120.128-10.111.120.159 inside 
  dhcpd dns tully 172.16.0.5
  dhcpd wins tully 
  dhcpd lease 3600 
  dhcpd ping_timeout 750 
  dhcpd domain example.com 
  dhcpd auto_config outside 
  dhcpd enable inside 
  username user1 password xxxxxxxx encrypted privilege 15 
  username user2 password xxxxxxxx encrypted privilege 15 
  privilege show level 0 command version 
  privilege show level 0 command curpriv 
  privilege show level 3 command pdm 
  privilege show level 3 command blocks 
  privilege show level 3 command ssh 
  privilege configure level 3 command who 
  privilege show level 3 command isakmp 
  privilege show level 3 command ipsec 
  privilege show level 3 command vpdn 
  privilege show level 3 command local-host 
  privilege show level 3 command interface 
  privilege show level 3 command ip 
  privilege configure level 3 command ping 
  privilege show level 3 command uauth 
  privilege configure level 5 mode enable command configure 
  privilege show level 5 command running-config 
  privilege show level 5 command privilege 
  privilege show level 5 command clock 
  privilege show level 5 command ntp 
  privilege show level 5 mode configure command logging 
  privilege show level 5 command fragment 
  terminal width 80
Retrieved from "http://wiki.linuxservertech.com/index.php/Sample_PIX_501_Configuration"
Categories: Systems Administration | PIX
Sample PIX 501 Configuration

From LinuxServerTech

A sample that can be used to set up new PIX's

Views

Personal tools

Navigation

Search

Toolbox
