jjeffords
asked on
PIX 506 needing to pass gre and pptp traffic
Hey guys i have someone here at the hospital needing to connect to an outside windows vpn. The inside address here we will say is 10.1.10.1 which is the client inside the hospital and the wan ip for the vpn host which is the dr's office is 64.0.0.0.
What i need to do is allow pptp and gre packets to go through so they(client inside the hospital 10.1.10.1) can use the Windows VPN client to connect to a Dr's office(host 64.0.0.0) accross the street. I have version 6.3 of the IOS loaded.
For arguements sake lets say my wan ip is 198.68.8.161 for my firewall. i have these entries entered but i do not know what else i need to do. Everytime i try to connect i get an Error 721
fixup protocol pptp 1723
access-list acl_out permit tcp any host 198.68.8.161 eq pptp
access-list acl_out permit tcp any host 198.68.8.161 eq 47
If you need any other part of my config i can provide with no problem.
Thanks a million in advance !!!
Jim
What i need to do is allow pptp and gre packets to go through so they(client inside the hospital 10.1.10.1) can use the Windows VPN client to connect to a Dr's office(host 64.0.0.0) accross the street. I have version 6.3 of the IOS loaded.
For arguements sake lets say my wan ip is 198.68.8.161 for my firewall. i have these entries entered but i do not know what else i need to do. Everytime i try to connect i get an Error 721
fixup protocol pptp 1723
access-list acl_out permit tcp any host 198.68.8.161 eq pptp
access-list acl_out permit tcp any host 198.68.8.161 eq 47
If you need any other part of my config i can provide with no problem.
Thanks a million in advance !!!
Jim
>fixup protocol pptp 1723
As long as you don't have any access-list applied to the inside interface, this should be all you need to allow an inside client to connect to an external host.
What version PIX OS? 6.3(2) has a bug in it that does not let this work correctly. Fixed in 6.3(3) and 6.3(4)
As long as you don't have any access-list applied to the inside interface, this should be all you need to allow an inside client to connect to an external host.
What version PIX OS? 6.3(2) has a bug in it that does not let this work correctly. Fixed in 6.3(3) and 6.3(4)
ASKER
Hey this is what the config looks like as far as the fixup protocols and the access list
HELP lol
PIX Version 6.3(4)
interface ethernet0 10baset
interface ethernet1 10baset
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password XXXXXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXXXXXXXX encrypted
hostname pixfirewall
domain-name onslowmemorial.org
no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit icmp any any
access-list acl_out permit tcp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit udp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit ip 204.97.9.0 255.255.255.0 host 198.68.8.166
access-list acl_out permit ip 207.65.105.32 255.255.255.240 host 198.168.8.166
access-list acl_out permit tcp any host 198.68.8.164 eq https
access-list acl_out permit tcp any host 198.68.8.164 eq smtp
access-list acl_out permit tcp any host 198.68.8.164 eq www
access-list acl_out permit tcp any host 198.68.8.174 eq ftp
access-list acl_out permit tcp any host 198.68.8.164 eq 47
access-list acl_out permit tcp any host 198.68.8.164 eq pptp
access-list acl_out permit tcp any host 198.68.8.164 eq 255
access-list acl_out permit tcp any host 198.68.8.164 eq 0
access-list acl_out permit tcp any host 198.68.8.164 eq 4661
access-list acl_out permit tcp any host 198.68.8.164 eq 4662
access-list acl_out permit tcp any host 198.68.8.179 eq ftp
access-list acl_out permit tcp any host 198.68.8.161 eq pptp
access-list acl_out permit tcp any host 198.68.8.161 eq 47
access-list dynacl2 permit ip host 198.68.8.161 host 192.168.10.1
access-list dynacl3 permit ip any host 192.168.10.1
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.254.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.2.2 192.168.10.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.48 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip 10.1.0.0 255.255.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.16.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.17.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.18.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.19.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.20.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.22.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.60 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.61 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.62 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.25.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.26.0 255.255.255.248
access-list bypassingnat permit tcp any host 10.1.50.196 eq 50
access-list bypassingnat permit tcp any host 10.1.50.196 eq 51
access-list bypassingnat permit udp any host 10.1.50.196 eq isakmp
access-list bypassingnat permit ip host 10.1.0.203 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 172.16.29.2 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.21.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.30.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.31.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.32.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.33.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.34.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.35.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.36.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.37.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.83 192.168.38.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.39.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.40.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.24
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.24
access-list bypassingnat permit tcp any host 10.1.50.64 eq pptp
access-list bypassingnat permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
access-list bypassingnat permit ip host 10.1.0.2 192.168.24.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.42.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.43.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.41.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.45.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.46.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.47.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.48.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.49.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.50.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.51.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.10.42 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.52.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.53.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.0.2 192.168.54.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.55.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.56.0 255.255.255.248
access-list inside_out deny tcp host 10.1.10.117 any eq smtp
access-list inside_out deny tcp host 10.1.10.117 any eq pop3
access-list inside_out deny tcp host 10.1.10.117 any eq www
access-list inside_out deny tcp host 10.1.10.117 any eq https
access-list inside_out permit ip any any
access-list cerner permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
HELP lol
PIX Version 6.3(4)
interface ethernet0 10baset
interface ethernet1 10baset
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password XXXXXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXXXXXXXX encrypted
hostname pixfirewall
domain-name onslowmemorial.org
no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit icmp any any
access-list acl_out permit tcp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit udp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit ip 204.97.9.0 255.255.255.0 host 198.68.8.166
access-list acl_out permit ip 207.65.105.32 255.255.255.240 host 198.168.8.166
access-list acl_out permit tcp any host 198.68.8.164 eq https
access-list acl_out permit tcp any host 198.68.8.164 eq smtp
access-list acl_out permit tcp any host 198.68.8.164 eq www
access-list acl_out permit tcp any host 198.68.8.174 eq ftp
access-list acl_out permit tcp any host 198.68.8.164 eq 47
access-list acl_out permit tcp any host 198.68.8.164 eq pptp
access-list acl_out permit tcp any host 198.68.8.164 eq 255
access-list acl_out permit tcp any host 198.68.8.164 eq 0
access-list acl_out permit tcp any host 198.68.8.164 eq 4661
access-list acl_out permit tcp any host 198.68.8.164 eq 4662
access-list acl_out permit tcp any host 198.68.8.179 eq ftp
access-list acl_out permit tcp any host 198.68.8.161 eq pptp
access-list acl_out permit tcp any host 198.68.8.161 eq 47
access-list dynacl2 permit ip host 198.68.8.161 host 192.168.10.1
access-list dynacl3 permit ip any host 192.168.10.1
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.254.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.2.2 192.168.10.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.48 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip 10.1.0.0 255.255.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.16.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.17.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.18.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.19.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.20.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.22.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.60 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.61 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.62 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.25.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.26.0 255.255.255.248
access-list bypassingnat permit tcp any host 10.1.50.196 eq 50
access-list bypassingnat permit tcp any host 10.1.50.196 eq 51
access-list bypassingnat permit udp any host 10.1.50.196 eq isakmp
access-list bypassingnat permit ip host 10.1.0.203 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 172.16.29.2 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.21.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.30.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.31.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.32.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.33.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.34.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.35.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.36.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.37.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.83 192.168.38.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.39.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.40.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.24
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.24
access-list bypassingnat permit tcp any host 10.1.50.64 eq pptp
access-list bypassingnat permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
access-list bypassingnat permit ip host 10.1.0.2 192.168.24.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.42.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.43.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.41.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.45.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.46.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.47.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.48.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.49.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.50.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.51.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.10.42 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.52.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.53.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.0.2 192.168.54.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.55.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.56.0 255.255.255.248
access-list inside_out deny tcp host 10.1.10.117 any eq smtp
access-list inside_out deny tcp host 10.1.10.117 any eq pop3
access-list inside_out deny tcp host 10.1.10.117 any eq www
access-list inside_out deny tcp host 10.1.10.117 any eq https
access-list inside_out permit ip any any
access-list cerner permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
ASKER
My cisco VPN clients are also not connecting which i have just realized
Try adding
For PPTP clients:
access-list inside_out permit gre any any
For Cisco VPN clients:
isakmp nat-traversal 20
For PPTP clients:
access-list inside_out permit gre any any
For Cisco VPN clients:
isakmp nat-traversal 20
If that does not work for PPTP, try removing the inside_out acl while troubleshooting
no access-group inside_out in interface inside
no access-group inside_out in interface inside
ASKER
should i still have the fixup protocol in there?
Yes. Keep the fixup protocol pptp 1723. This command accepts the VPn request and then knows what to do with the GRE. You just have not explicitly allowed GRE going out.
ASKER
Here is the rest of my config. If it would be easier for you to dial in i am more then happy to let ya ! :)
pager lines 24
logging on
logging timestamp
logging buffered alerts
logging trap notifications
logging history notifications
logging host inside 10.1.4.1
mtu outside 1500
mtu inside 1500
ip address outside 198.68.8.161 255.255.255.224
ip address inside 10.1.20.1 255.255.0.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 192.168.254.1-192.168.254.
ip local pool acsel 192.168.10.1-192.168.10.8
ip local pool support 192.168.11.1-192.168.11.8
ip local pool dvi 192.168.12.1-192.168.12.8
ip local pool arrendale 192.168.13.1-192.168.13.8
ip local pool transcribe 192.168.14.1-192.168.14.8
ip local pool crist 192.168.15.1-192.168.15.8
ip local pool childclinic 192.168.17.1-192.168.17.8
ip local pool grant 192.168.16.1-192.168.16.8
ip local pool drtse 192.168.20.1-192.168.20.8
ip local pool drros 192.168.22.1-192.168.22.8
ip local pool keith 192.168.23.1-192.168.23.8
ip local pool awomolo 192.168.24.1-192.168.24.8
ip local pool kpete 192.168.25.1-192.168.25.8
ip local pool ojebuoboh 192.168.26.1-192.168.26.8
ip local pool philips 192.168.27.1-192.168.27.8
ip local pool hambright 192.168.29.1-192.168.29.8
ip local pool nowitzky 192.168.30.1-192.168.30.8
ip local pool Alvarado 192.168.31.1-192.168.31.8
ip local pool drissa 192.168.21.1-192.168.21.8
ip local pool alvarado2 192.168.32.1-192.168.32.8
ip local pool osunkoya 192.168.33.1-192.168.33.8
ip local pool gantdr 192.168.34.1-192.168.34.8
ip local pool krause 192.168.35.1-192.168.35.8
ip local pool maccarthy 192.168.36.1-192.168.36.8
ip local pool dreweje 192.168.18.1-192.168.18.8
ip local pool heartctr 192.168.37.1-192.168.37.8
ip local pool DRKELLY 192.168.38.1-192.168.38.8
ip local pool lcollins 192.168.39.1-192.168.39.8
ip local pool vrussell 192.168.40.1-192.168.40.8
ip local pool joffutt 192.168.42.1-192.168.42.8
ip local pool sneadferry 192.168.43.1-192.168.43.8
ip local pool kmootsey 192.168.41.1-192.168.41.8
ip local pool amallard 192.168.45.1-192.168.45.8
ip local pool lsmokovich 192.168.46.1-192.168.46.8
ip local pool jjeffords 192.168.47.1-192.168.47.8
ip local pool dwainwright 192.168.48.1-192.168.48.8
ip local pool wwillis 192.168.49.1-192.168.49.8
ip local pool sarthur 192.168.50.1-192.168.50.8
ip local pool dmoore 192.168.51.1-192.168.51.8
ip local pool Katuru 192.168.52.1-192.168.52.8
ip local pool Vistar 192.168.53.1-192.168.53.8
ip local pool familycare 192.168.54.1-192.168.54.8
ip local pool tmcclatchy 192.168.55.1-192.168.55.8
ip local pool rthomas 192.168.56.1-192.168.56.8
pdm location 10.1.0.2 255.255.255.255 inside
pdm location 10.1.0.85 255.255.255.255 inside
pdm location 10.1.0.86 255.255.255.255 inside
pdm location 10.1.2.2 255.255.255.255 inside
pdm location 10.1.4.1 255.255.255.255 inside
pdm location 10.1.10.48 255.255.255.255 inside
pdm location 10.1.10.108 255.255.255.255 inside
pdm location 10.1.15.4 255.255.255.255 inside
pdm location 10.1.50.64 255.255.255.255 inside
pdm location 10.53.0.0 255.255.0.0 inside
pdm location 10.54.0.0 255.255.0.0 inside
pdm location 10.55.0.0 255.255.0.0 inside
pdm location 10.56.0.0 255.255.0.0 inside
pdm location 10.58.0.0 255.255.0.0 inside
pdm location 10.59.0.0 255.255.0.0 inside
pdm location 10.60.0.0 255.255.0.0 inside
pdm location 10.61.0.0 255.255.0.0 inside
pdm location 10.64.0.0 255.255.0.0 inside
pdm location 10.65.0.0 255.255.0.0 inside
pdm location 10.103.0.0 255.255.0.0 inside
pdm location 10.104.0.0 255.255.0.0 inside
pdm location 10.105.0.0 255.255.0.0 inside
pdm location 10.106.0.0 255.255.0.0 inside
pdm location 10.108.0.0 255.255.0.0 inside
pdm location 10.109.0.0 255.255.0.0 inside
pdm location 10.110.0.0 255.255.0.0 inside
pdm location 10.111.0.0 255.255.0.0 inside
pdm location 10.114.0.15 255.255.255.255 inside
pdm location 10.114.0.0 255.255.0.0 inside
pdm location 10.115.0.0 255.255.0.0 inside
pdm location 10.0.0.0 255.0.0.0 inside
pdm location 192.168.10.0 255.255.255.248 outside
pdm location 192.168.11.0 255.255.255.248 outside
pdm location 192.168.12.0 255.255.255.248 outside
pdm location 192.168.13.0 255.255.255.248 outside
pdm location 192.168.14.0 255.255.255.248 outside
pdm location 192.168.15.0 255.255.255.248 outside
pdm location 192.168.16.0 255.255.255.248 outside
pdm location 192.168.17.0 255.255.255.248 outside
pdm location 192.168.18.0 255.255.255.248 outside
pdm location 192.168.19.0 255.255.255.248 outside
pdm location 192.168.20.0 255.255.255.248 outside
pdm location 198.68.8.162 255.255.255.255 outside
pdm location 204.97.9.80 255.255.255.255 outside
pdm location 204.97.9.0 255.255.255.0 outside
pdm location 207.65.105.32 255.255.255.240 outside
pdm location 10.1.20.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 1 198.68.8.167
nat (inside) 0 access-list bypassingnat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 198.68.8.165 10.1.4.1 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.166 10.1.0.85 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.164 10.1.20.2 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.174 10.1.50.8 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.179 10.1.50.216 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group inside_out in interface inside
route outside 0.0.0.0 0.0.0.0 198.68.8.162 1
route inside 10.53.0.0 255.255.0.0 10.1.10.1 1
route inside 10.54.0.0 255.255.0.0 10.1.10.1 1
route inside 10.55.0.0 255.255.0.0 10.1.10.1 1
route inside 10.56.0.0 255.255.0.0 10.1.10.1 1
route inside 10.58.0.0 255.255.0.0 10.1.10.1 1
route inside 10.59.0.0 255.255.0.0 10.1.10.1 1
route inside 10.60.0.0 255.255.0.0 10.1.10.1 1
route inside 10.61.0.0 255.255.0.0 10.1.10.1 1
route inside 10.64.0.0 255.255.0.0 10.1.10.1 1
route inside 10.65.0.0 255.255.0.0 10.1.10.1 1
route inside 10.103.0.0 255.255.0.0 10.1.10.1 1
route inside 10.104.0.0 255.255.0.0 10.1.10.1 1
route inside 10.105.0.0 255.255.0.0 10.1.10.1 1
route inside 10.106.0.0 255.255.0.0 10.1.10.1 1
route inside 10.108.0.0 255.255.0.0 10.1.10.1 1
route inside 10.109.0.0 255.255.0.0 10.1.10.1 1
route inside 10.110.0.0 255.255.0.0 10.1.10.1 1
route inside 10.111.0.0 255.255.0.0 10.1.10.1 1
route inside 10.114.0.0 255.255.0.0 10.1.10.1 1
route inside 10.115.0.0 255.255.0.0 10.1.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 10.1.15.4 timeout 5 protocol TCP version 1
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
http server enable
http 10.1.50.64 255.255.255.255 inside
snmp-server location ohm
no snmp-server contact
snmp-server community year1957
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto ipsec transform-set chevelle esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address cerner
crypto map transam 1 set peer 159.140.244.30
crypto map transam 1 set transform-set chevelle
crypto map transam 65535 ipsec-isakmp dynamic dynmap
crypto map transam interface outside
isakmp enable outside
isakmp key ******** address 159.140.244.30 netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpngroup vpn3000 address-pool vpnpool
vpngroup vpn3000 dns-server 10.1.20.2
vpngroup vpn3000 wins-server 10.1.4.1
vpngroup vpn3000 default-domain MAIN
vpngroup vpn3000 split-tunnel bypassingnat
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password ********
vpngroup acsel address-pool acsel
vpngroup acsel dns-server 10.1.20.2
vpngroup acsel default-domain MAIN
vpngroup acsel idle-time 1800
vpngroup acsel password ********
vpngroup support address-pool support
vpngroup support dns-server 10.1.20.2
vpngroup support default-domain MAIN
vpngroup support idle-time 1800
vpngroup support password ********
vpngroup dvi address-pool dvi
vpngroup dvi dns-server 10.1.20.2
vpngroup dvi default-domain MAIN
vpngroup dvi idle-time 1800
vpngroup dvi password ********
vpngroup arrendale address-pool arrendale
vpngroup arrendale dns-server 10.1.20.2
vpngroup arrendale default-domain MAIN
vpngroup arrendale idle-time 1800
vpngroup arrendale password ********
vpngroup aarendale idle-time 1800
vpngroup arendale idle-time 1800
vpngroup transcribe address-pool transcribe
vpngroup transcribe dns-server 10.1.20.2
vpngroup transcribe default-domain MAIN
vpngroup transcribe idle-time 1800
vpngroup transcribe password ********
vpngroup crist address-pool crist
vpngroup crist dns-server 10.1.20.2
vpngroup crist default-domain MAIN
vpngroup crist split-tunnel bypassingnat
vpngroup crist idle-time 1800
vpngroup crist password ********
vpngroup childclinic address-pool childclinic
vpngroup childclinic dns-server 10.1.20.2
vpngroup childclinic default-domain MAIN
vpngroup childclinic split-tunnel bypassingnat
vpngroup childclinic idle-time 1800
vpngroup childclinic password ********
vpngroup grant address-pool grant
vpngroup grant dns-server 10.1.20.2
vpngroup grant default-domain MAIN
vpngroup grant split-tunnel bypassingnat
vpngroup grant idle-time 1800
vpngroup grant password ********
vpngroup drtse address-pool drtse
vpngroup drtse dns-server 10.1.20.2
vpngroup drtse default-domain MAIN
vpngroup drtse split-tunnel bypassingnat
vpngroup drtse idle-time 1800
vpngroup drtse password ********
vpngroup drros address-pool drros
vpngroup drros dns-server 10.1.20.2
vpngroup drros default-domain MAIN
vpngroup drros split-tunnel bypassingnat
vpngroup drros idle-time 1800
vpngroup drros password ********
vpngroup keith address-pool keith
vpngroup keith dns-server 10.1.20.2
vpngroup keith default-domain MAIN
vpngroup keith idle-time 1800
vpngroup keith password ********
vpngroup drleung address-pool drtse
vpngroup drleung dns-server 10.1.20.2
vpngroup drleung default-domain MAIN
vpngroup drleung split-tunnel bypassingnat
vpngroup drleung idle-time 1800
vpngroup drleung password ********
vpngroup mcclurg address-pool grant
vpngroup mcclurg dns-server 10.1.20.2
vpngroup mcclurg default-domain MAIN
vpngroup mcclurg split-tunnel bypassingnat
vpngroup mcclurg idle-time 1800
vpngroup mcclurg password ********
vpngroup ebianchi2 address-pool drros
vpngroup ebianchi2 dns-server 10.1.20.2
vpngroup ebianchi2 default-domain MAIN
vpngroup ebianchi2 split-tunnel bypassingnat
vpngroup ebianchi2 idle-time 1800
vpngroup ebianchi2 password ********
vpngroup lnara address-pool drtse
vpngroup lnara dns-server 10.1.20.2
vpngroup lnara default-domain MAIN
vpngroup lnara idle-time 1800
vpngroup lnara password ********
vpngroup support2 address-pool support
vpngroup support2 dns-server 10.1.20.2
vpngroup support2 default-domain MAIN
vpngroup support2 idle-time 1800
vpngroup support2 password ********
vpngroup rthomas address-pool rthomas
vpngroup rthomas dns-server 10.1.20.2
vpngroup rthomas default-domain MAIN
vpngroup rthomas idle-time 1800
vpngroup rthomas password ********
vpngroup awomolo address-pool awomolo
vpngroup awomolo dns-server 10.1.20.2
vpngroup awomolo default-domain MAIN
vpngroup awomolo idle-time 1800
vpngroup awomolo password ********
vpngroup kpete address-pool kpete
vpngroup kpete dns-server 10.1.20.2
vpngroup kpete default-domain MAIN
vpngroup kpete split-tunnel bypassingnat
vpngroup kpete idle-time 1800
vpngroup kpete password ********
vpngroup kpete2 address-pool kpete
vpngroup kpete2 dns-server 10.1.20.2
vpngroup kpete2 default-domain MAIN
vpngroup kpete2 split-tunnel bypassingnat
vpngroup kpete2 idle-time 1800
vpngroup kpete2 password ********
vpngroup ojebuoboh address-pool ojebuoboh
vpngroup ojebuoboh dns-server 10.1.20.2
vpngroup ojebuoboh default-domain MAIN
vpngroup ojebuoboh idle-time 1800
vpngroup ojebuoboh password ********
vpngroup philips address-pool philips
vpngroup philips dns-server 10.1.20.2
vpngroup philips default-domain MAIN
vpngroup philips split-tunnel bypassingnat
vpngroup philips idle-time 1800
vpngroup philips password ********
vpngroup hambright address-pool hambright
vpngroup hambright dns-server 10.1.20.2
vpngroup hambright default-domain MAIN
vpngroup hambright split-tunnel bypassingnat
vpngroup hambright idle-time 1800
vpngroup hambright password ********
vpngroup nowitzky address-pool nowitzky
vpngroup nowitzky dns-server 10.1.20.2
vpngroup nowitzky default-domain MAIN
vpngroup nowitzky split-tunnel bypassingnat
vpngroup nowitzky idle-time 1800
vpngroup nowitzky password ********
vpngroup janiscox address-pool nowitzky
vpngroup janiscox dns-server 10.1.20.2
vpngroup janiscox default-domain MAIN
vpngroup janiscox split-tunnel bypassingnat
vpngroup janiscox idle-time 1800
vpngroup janiscox password ********
vpngroup haye address-pool hambright
vpngroup haye dns-server 10.1.20.2
vpngroup haye default-domain MAIN
vpngroup haye split-tunnel bypassingnat
vpngroup haye idle-time 1800
vpngroup haye password ********
vpngroup davis address-pool Alvarado
vpngroup davis dns-server 10.1.20.2
vpngroup davis default-domain MAIN
vpngroup davis split-tunnel bypassingnat
vpngroup davis idle-time 1800
vpngroup davis password ********
vpngroup edwards address-pool Alvarado
vpngroup edwards dns-server 10.1.20.2
vpngroup edwards default-domain MAIN
vpngroup edwards split-tunnel bypassingnat
vpngroup edwards idle-time 1800
vpngroup edwards password ********
vpngroup williams address-pool crist
vpngroup williams dns-server 10.1.20.2
vpngroup williams default-domain MAIN
vpngroup williams split-tunnel bypassingnat
vpngroup williams idle-time 1800
vpngroup williams password ********
vpngroup proca address-pool crist
vpngroup proca dns-server 10.1.20.2
vpngroup proca default-domain MAIN
vpngroup proca split-tunnel bypassingnat
vpngroup proca idle-time 1800
vpngroup proca password ********
vpngroup drissa address-pool drissa
vpngroup drissa dns-server 10.1.20.2
vpngroup drissa default-domain MAIN
vpngroup drissa split-tunnel bypassingnat
vpngroup drissa idle-time 1800
vpngroup drissa password ********
vpngroup alvarado2 address-pool alvarado2
vpngroup alvarado2 dns-server 10.1.20.2
vpngroup alvarado2 default-domain MAIN
vpngroup alvarado2 split-tunnel bypassingnat
vpngroup alvarado2 idle-time 1800
vpngroup alvarado2 password ********
vpngroup Alvarado address-pool Alvarado
vpngroup Alvarado dns-server 10.1.20.2
vpngroup Alvarado default-domain MAIN
vpngroup Alvarado split-tunnel bypassingnat
vpngroup Alvarado idle-time 1800
vpngroup Alvarado password ********
vpngroup osunkoya address-pool osunkoya
vpngroup osunkoya dns-server 10.1.20.2
vpngroup osunkoya default-domain MAIN
vpngroup osunkoya split-tunnel bypassingnat
vpngroup osunkoya idle-time 1800
vpngroup osunkoya password ********
vpngroup gantdr address-pool gantdr
vpngroup gantdr dns-server 10.1.20.2
vpngroup gantdr default-domain MAIN
vpngroup gantdr split-tunnel bypassingnat
vpngroup gantdr idle-time 1800
vpngroup gantdr password ********
vpngroup krause address-pool krause
vpngroup krause dns-server 10.1.20.2
vpngroup krause default-domain MAIN
vpngroup krause split-tunnel bypassingnat
vpngroup krause idle-time 1800
vpngroup krause password ********
vpngroup maccarthy address-pool maccarthy
vpngroup maccarthy dns-server 10.1.20.2
vpngroup maccarthy default-domain MAIN
vpngroup maccarthy split-tunnel bypassingnat
vpngroup maccarthy idle-time 1800
vpngroup maccarthy password ********
vpngroup dreweje address-pool dreweje
vpngroup dreweje dns-server 10.1.20.2
vpngroup dreweje default-domain MAIN
vpngroup dreweje split-tunnel bypassingnat
vpngroup dreweje idle-time 1800
vpngroup dreweje password ********
vpngroup drkale address-pool gantdr
vpngroup drkale dns-server 10.1.20.2
vpngroup drkale default-domain MAIN
vpngroup drkale split-tunnel bypassingnat
vpngroup drkale idle-time 1800
vpngroup drkale password ********
vpngroup maccarthy2 address-pool maccarthy
vpngroup maccarthy2 dns-server 10.1.20.2
vpngroup maccarthy2 default-domain MAIN
vpngroup maccarthy2 split-tunnel bypassingnat
vpngroup maccarthy2 idle-time 1800
vpngroup maccarthy2 password ********
vpngroup heartctr address-pool heartctr
vpngroup heartctr dns-server 10.1.20.2
vpngroup heartctr default-domain MAIN
vpngroup heartctr split-tunnel bypassingnat
vpngroup heartctr idle-time 1800
vpngroup heartctr password ********
vpngroup ebianchi address-pool drros
vpngroup ebianchi dns-server 10.1.20.2
vpngroup ebianchi default-domain MAIN
vpngroup ebianchi split-tunnel bypassingnat
vpngroup ebianchi idle-time 1800
vpngroup ebianchi password ********
vpngroup heartctr2 address-pool heartctr
vpngroup heartctr2 dns-server 10.1.20.2
vpngroup heartctr2 default-domain MAIN
vpngroup heartctr2 split-tunnel bypassingnat
vpngroup heartctr2 idle-time 1800
vpngroup heartctr2 password ********
vpngroup DRKELLY address-pool DRKELLY
vpngroup DRKELLY dns-server 10.1.20.2
vpngroup DRKELLY default-domain MAIN
vpngroup DRKELLY split-tunnel bypassingnat
vpngroup DRKELLY idle-time 1800
vpngroup DRKELLY password ********
vpngroup lcollins address-pool lcollins
vpngroup lcollins dns-server 10.1.20.2
vpngroup lcollins default-domain MAIN
vpngroup lcollins idle-time 1800
vpngroup lcollins password ********
vpngroup vrussell address-pool vrussell
vpngroup vrussell dns-server 10.1.20.2
vpngroup vrussell default-domain MAIN
vpngroup vrussell idle-time 1800
vpngroup vrussell password ********
vpngroup kmootsey address-pool kmootsey
vpngroup kmootsey dns-server 10.1.20.2
vpngroup kmootsey wins-server 10.1.4.1
vpngroup kmootsey default-domain MAIN
vpngroup kmootsey split-tunnel bypassingnat
vpngroup kmootsey idle-time 1800
vpngroup kmootsey password ********
vpngroup joffutt address-pool joffutt
vpngroup joffutt dns-server 10.1.20.2
vpngroup joffutt wins-server 10.1.4.1
vpngroup joffutt default-domain MAIN
vpngroup joffutt idle-time 1800
vpngroup joffutt password ********
vpngroup sneadferry address-pool sneadferry
vpngroup sneadferry dns-server 10.1.20.2
vpngroup sneadferry default-domain MAIN
vpngroup sneadferry split-tunnel bypassingnat
vpngroup sneadferry idle-time 1800
vpngroup sneadferry password ********
vpngroup vistar idle-time 1800
vpngroup amallard address-pool amallard
vpngroup amallard dns-server 10.1.20.2
vpngroup amallard split-tunnel bypassingnat
vpngroup amallard idle-time 1800
vpngroup amallard password ********
vpngroup lsmokovich address-pool lsmokovich
vpngroup lsmokovich dns-server 10.1.20.2
vpngroup lsmokovich split-tunnel bypassingnat
vpngroup lsmokovich idle-time 1800
vpngroup lsmokovich password ********
vpngroup jjeffords address-pool jjeffords
vpngroup jjeffords dns-server 10.1.20.2
vpngroup jjeffords split-tunnel bypassingnat
vpngroup jjeffords idle-time 1800
vpngroup jjeffords password ********
vpngroup dwainwright address-pool dwainwright
vpngroup dwainwright dns-server 10.1.20.2
vpngroup dwainwright split-tunnel bypassingnat
vpngroup dwainwright idle-time 1800
vpngroup dwainwright password ********
vpngroup wwillis address-pool wwillis
vpngroup wwillis dns-server 10.1.20.2
vpngroup wwillis split-tunnel bypassingnat
vpngroup wwillis idle-time 1800
vpngroup wwillis password ********
vpngroup sarthur address-pool sarthur
vpngroup sarthur dns-server 10.1.20.2
vpngroup sarthur split-tunnel bypassingnat
vpngroup sarthur idle-time 1800
vpngroup sarthur password ********
vpngroup dmoore address-pool dmoore
vpngroup dmoore dns-server 10.1.20.2
vpngroup dmoore split-tunnel bypassingnat
vpngroup dmoore idle-time 1800
vpngroup dmoore password ********
vpngroup Katuru address-pool Katuru
vpngroup Katuru dns-server 10.1.20.2
vpngroup Katuru split-tunnel bypassingnat
vpngroup Katuru idle-time 1800
vpngroup Katuru password ********
vpngroup Vistar address-pool Vistar
vpngroup Vistar dns-server 10.1.20.2
vpngroup Vistar split-tunnel bypassingnat
vpngroup Vistar idle-time 1800
vpngroup Vistar password ********
vpngroup split-tunnel idle-time 1800
vpngroup familycare address-pool familycare
vpngroup familycare dns-server 10.1.20.2
vpngroup familycare split-tunnel bypassingnat
vpngroup familycare idle-time 1800
vpngroup fcclinic idle-time 1800
vpngroup fcclinic password ********
vpngroup tmcclatchy address-pool tmcclatchy
vpngroup tmcclatchy dns-server 10.1.20.2
vpngroup tmcclatchy split-tunnel bypassingnat
vpngroup tmcclatchy idle-time 1800
vpngroup tmcclathcy idle-time 1800
vpngroup tmcclathcy password ********
telnet 204.97.9.80 255.255.255.255 outside
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 15
ssh 206.126.161.0 255.255.255.0 outside
ssh 82.161.24.4 255.255.255.255 outside
ssh timeout 60
console timeout 0
url-block url-mempool 1500
url-block url-size 4
terminal width 80
Cryptochecksum:1a54b69df0b
pager lines 24
logging on
logging timestamp
logging buffered alerts
logging trap notifications
logging history notifications
logging host inside 10.1.4.1
mtu outside 1500
mtu inside 1500
ip address outside 198.68.8.161 255.255.255.224
ip address inside 10.1.20.1 255.255.0.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 192.168.254.1-192.168.254.
ip local pool acsel 192.168.10.1-192.168.10.8
ip local pool support 192.168.11.1-192.168.11.8
ip local pool dvi 192.168.12.1-192.168.12.8
ip local pool arrendale 192.168.13.1-192.168.13.8
ip local pool transcribe 192.168.14.1-192.168.14.8
ip local pool crist 192.168.15.1-192.168.15.8
ip local pool childclinic 192.168.17.1-192.168.17.8
ip local pool grant 192.168.16.1-192.168.16.8
ip local pool drtse 192.168.20.1-192.168.20.8
ip local pool drros 192.168.22.1-192.168.22.8
ip local pool keith 192.168.23.1-192.168.23.8
ip local pool awomolo 192.168.24.1-192.168.24.8
ip local pool kpete 192.168.25.1-192.168.25.8
ip local pool ojebuoboh 192.168.26.1-192.168.26.8
ip local pool philips 192.168.27.1-192.168.27.8
ip local pool hambright 192.168.29.1-192.168.29.8
ip local pool nowitzky 192.168.30.1-192.168.30.8
ip local pool Alvarado 192.168.31.1-192.168.31.8
ip local pool drissa 192.168.21.1-192.168.21.8
ip local pool alvarado2 192.168.32.1-192.168.32.8
ip local pool osunkoya 192.168.33.1-192.168.33.8
ip local pool gantdr 192.168.34.1-192.168.34.8
ip local pool krause 192.168.35.1-192.168.35.8
ip local pool maccarthy 192.168.36.1-192.168.36.8
ip local pool dreweje 192.168.18.1-192.168.18.8
ip local pool heartctr 192.168.37.1-192.168.37.8
ip local pool DRKELLY 192.168.38.1-192.168.38.8
ip local pool lcollins 192.168.39.1-192.168.39.8
ip local pool vrussell 192.168.40.1-192.168.40.8
ip local pool joffutt 192.168.42.1-192.168.42.8
ip local pool sneadferry 192.168.43.1-192.168.43.8
ip local pool kmootsey 192.168.41.1-192.168.41.8
ip local pool amallard 192.168.45.1-192.168.45.8
ip local pool lsmokovich 192.168.46.1-192.168.46.8
ip local pool jjeffords 192.168.47.1-192.168.47.8
ip local pool dwainwright 192.168.48.1-192.168.48.8
ip local pool wwillis 192.168.49.1-192.168.49.8
ip local pool sarthur 192.168.50.1-192.168.50.8
ip local pool dmoore 192.168.51.1-192.168.51.8
ip local pool Katuru 192.168.52.1-192.168.52.8
ip local pool Vistar 192.168.53.1-192.168.53.8
ip local pool familycare 192.168.54.1-192.168.54.8
ip local pool tmcclatchy 192.168.55.1-192.168.55.8
ip local pool rthomas 192.168.56.1-192.168.56.8
pdm location 10.1.0.2 255.255.255.255 inside
pdm location 10.1.0.85 255.255.255.255 inside
pdm location 10.1.0.86 255.255.255.255 inside
pdm location 10.1.2.2 255.255.255.255 inside
pdm location 10.1.4.1 255.255.255.255 inside
pdm location 10.1.10.48 255.255.255.255 inside
pdm location 10.1.10.108 255.255.255.255 inside
pdm location 10.1.15.4 255.255.255.255 inside
pdm location 10.1.50.64 255.255.255.255 inside
pdm location 10.53.0.0 255.255.0.0 inside
pdm location 10.54.0.0 255.255.0.0 inside
pdm location 10.55.0.0 255.255.0.0 inside
pdm location 10.56.0.0 255.255.0.0 inside
pdm location 10.58.0.0 255.255.0.0 inside
pdm location 10.59.0.0 255.255.0.0 inside
pdm location 10.60.0.0 255.255.0.0 inside
pdm location 10.61.0.0 255.255.0.0 inside
pdm location 10.64.0.0 255.255.0.0 inside
pdm location 10.65.0.0 255.255.0.0 inside
pdm location 10.103.0.0 255.255.0.0 inside
pdm location 10.104.0.0 255.255.0.0 inside
pdm location 10.105.0.0 255.255.0.0 inside
pdm location 10.106.0.0 255.255.0.0 inside
pdm location 10.108.0.0 255.255.0.0 inside
pdm location 10.109.0.0 255.255.0.0 inside
pdm location 10.110.0.0 255.255.0.0 inside
pdm location 10.111.0.0 255.255.0.0 inside
pdm location 10.114.0.15 255.255.255.255 inside
pdm location 10.114.0.0 255.255.0.0 inside
pdm location 10.115.0.0 255.255.0.0 inside
pdm location 10.0.0.0 255.0.0.0 inside
pdm location 192.168.10.0 255.255.255.248 outside
pdm location 192.168.11.0 255.255.255.248 outside
pdm location 192.168.12.0 255.255.255.248 outside
pdm location 192.168.13.0 255.255.255.248 outside
pdm location 192.168.14.0 255.255.255.248 outside
pdm location 192.168.15.0 255.255.255.248 outside
pdm location 192.168.16.0 255.255.255.248 outside
pdm location 192.168.17.0 255.255.255.248 outside
pdm location 192.168.18.0 255.255.255.248 outside
pdm location 192.168.19.0 255.255.255.248 outside
pdm location 192.168.20.0 255.255.255.248 outside
pdm location 198.68.8.162 255.255.255.255 outside
pdm location 204.97.9.80 255.255.255.255 outside
pdm location 204.97.9.0 255.255.255.0 outside
pdm location 207.65.105.32 255.255.255.240 outside
pdm location 10.1.20.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 1 198.68.8.167
nat (inside) 0 access-list bypassingnat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 198.68.8.165 10.1.4.1 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.166 10.1.0.85 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.164 10.1.20.2 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.174 10.1.50.8 netmask 255.255.255.255 0 0
static (inside,outside) 198.68.8.179 10.1.50.216 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group inside_out in interface inside
route outside 0.0.0.0 0.0.0.0 198.68.8.162 1
route inside 10.53.0.0 255.255.0.0 10.1.10.1 1
route inside 10.54.0.0 255.255.0.0 10.1.10.1 1
route inside 10.55.0.0 255.255.0.0 10.1.10.1 1
route inside 10.56.0.0 255.255.0.0 10.1.10.1 1
route inside 10.58.0.0 255.255.0.0 10.1.10.1 1
route inside 10.59.0.0 255.255.0.0 10.1.10.1 1
route inside 10.60.0.0 255.255.0.0 10.1.10.1 1
route inside 10.61.0.0 255.255.0.0 10.1.10.1 1
route inside 10.64.0.0 255.255.0.0 10.1.10.1 1
route inside 10.65.0.0 255.255.0.0 10.1.10.1 1
route inside 10.103.0.0 255.255.0.0 10.1.10.1 1
route inside 10.104.0.0 255.255.0.0 10.1.10.1 1
route inside 10.105.0.0 255.255.0.0 10.1.10.1 1
route inside 10.106.0.0 255.255.0.0 10.1.10.1 1
route inside 10.108.0.0 255.255.0.0 10.1.10.1 1
route inside 10.109.0.0 255.255.0.0 10.1.10.1 1
route inside 10.110.0.0 255.255.0.0 10.1.10.1 1
route inside 10.111.0.0 255.255.0.0 10.1.10.1 1
route inside 10.114.0.0 255.255.0.0 10.1.10.1 1
route inside 10.115.0.0 255.255.0.0 10.1.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 10.1.15.4 timeout 5 protocol TCP version 1
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
http server enable
http 10.1.50.64 255.255.255.255 inside
snmp-server location ohm
no snmp-server contact
snmp-server community year1957
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto ipsec transform-set chevelle esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address cerner
crypto map transam 1 set peer 159.140.244.30
crypto map transam 1 set transform-set chevelle
crypto map transam 65535 ipsec-isakmp dynamic dynmap
crypto map transam interface outside
isakmp enable outside
isakmp key ******** address 159.140.244.30 netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpngroup vpn3000 address-pool vpnpool
vpngroup vpn3000 dns-server 10.1.20.2
vpngroup vpn3000 wins-server 10.1.4.1
vpngroup vpn3000 default-domain MAIN
vpngroup vpn3000 split-tunnel bypassingnat
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password ********
vpngroup acsel address-pool acsel
vpngroup acsel dns-server 10.1.20.2
vpngroup acsel default-domain MAIN
vpngroup acsel idle-time 1800
vpngroup acsel password ********
vpngroup support address-pool support
vpngroup support dns-server 10.1.20.2
vpngroup support default-domain MAIN
vpngroup support idle-time 1800
vpngroup support password ********
vpngroup dvi address-pool dvi
vpngroup dvi dns-server 10.1.20.2
vpngroup dvi default-domain MAIN
vpngroup dvi idle-time 1800
vpngroup dvi password ********
vpngroup arrendale address-pool arrendale
vpngroup arrendale dns-server 10.1.20.2
vpngroup arrendale default-domain MAIN
vpngroup arrendale idle-time 1800
vpngroup arrendale password ********
vpngroup aarendale idle-time 1800
vpngroup arendale idle-time 1800
vpngroup transcribe address-pool transcribe
vpngroup transcribe dns-server 10.1.20.2
vpngroup transcribe default-domain MAIN
vpngroup transcribe idle-time 1800
vpngroup transcribe password ********
vpngroup crist address-pool crist
vpngroup crist dns-server 10.1.20.2
vpngroup crist default-domain MAIN
vpngroup crist split-tunnel bypassingnat
vpngroup crist idle-time 1800
vpngroup crist password ********
vpngroup childclinic address-pool childclinic
vpngroup childclinic dns-server 10.1.20.2
vpngroup childclinic default-domain MAIN
vpngroup childclinic split-tunnel bypassingnat
vpngroup childclinic idle-time 1800
vpngroup childclinic password ********
vpngroup grant address-pool grant
vpngroup grant dns-server 10.1.20.2
vpngroup grant default-domain MAIN
vpngroup grant split-tunnel bypassingnat
vpngroup grant idle-time 1800
vpngroup grant password ********
vpngroup drtse address-pool drtse
vpngroup drtse dns-server 10.1.20.2
vpngroup drtse default-domain MAIN
vpngroup drtse split-tunnel bypassingnat
vpngroup drtse idle-time 1800
vpngroup drtse password ********
vpngroup drros address-pool drros
vpngroup drros dns-server 10.1.20.2
vpngroup drros default-domain MAIN
vpngroup drros split-tunnel bypassingnat
vpngroup drros idle-time 1800
vpngroup drros password ********
vpngroup keith address-pool keith
vpngroup keith dns-server 10.1.20.2
vpngroup keith default-domain MAIN
vpngroup keith idle-time 1800
vpngroup keith password ********
vpngroup drleung address-pool drtse
vpngroup drleung dns-server 10.1.20.2
vpngroup drleung default-domain MAIN
vpngroup drleung split-tunnel bypassingnat
vpngroup drleung idle-time 1800
vpngroup drleung password ********
vpngroup mcclurg address-pool grant
vpngroup mcclurg dns-server 10.1.20.2
vpngroup mcclurg default-domain MAIN
vpngroup mcclurg split-tunnel bypassingnat
vpngroup mcclurg idle-time 1800
vpngroup mcclurg password ********
vpngroup ebianchi2 address-pool drros
vpngroup ebianchi2 dns-server 10.1.20.2
vpngroup ebianchi2 default-domain MAIN
vpngroup ebianchi2 split-tunnel bypassingnat
vpngroup ebianchi2 idle-time 1800
vpngroup ebianchi2 password ********
vpngroup lnara address-pool drtse
vpngroup lnara dns-server 10.1.20.2
vpngroup lnara default-domain MAIN
vpngroup lnara idle-time 1800
vpngroup lnara password ********
vpngroup support2 address-pool support
vpngroup support2 dns-server 10.1.20.2
vpngroup support2 default-domain MAIN
vpngroup support2 idle-time 1800
vpngroup support2 password ********
vpngroup rthomas address-pool rthomas
vpngroup rthomas dns-server 10.1.20.2
vpngroup rthomas default-domain MAIN
vpngroup rthomas idle-time 1800
vpngroup rthomas password ********
vpngroup awomolo address-pool awomolo
vpngroup awomolo dns-server 10.1.20.2
vpngroup awomolo default-domain MAIN
vpngroup awomolo idle-time 1800
vpngroup awomolo password ********
vpngroup kpete address-pool kpete
vpngroup kpete dns-server 10.1.20.2
vpngroup kpete default-domain MAIN
vpngroup kpete split-tunnel bypassingnat
vpngroup kpete idle-time 1800
vpngroup kpete password ********
vpngroup kpete2 address-pool kpete
vpngroup kpete2 dns-server 10.1.20.2
vpngroup kpete2 default-domain MAIN
vpngroup kpete2 split-tunnel bypassingnat
vpngroup kpete2 idle-time 1800
vpngroup kpete2 password ********
vpngroup ojebuoboh address-pool ojebuoboh
vpngroup ojebuoboh dns-server 10.1.20.2
vpngroup ojebuoboh default-domain MAIN
vpngroup ojebuoboh idle-time 1800
vpngroup ojebuoboh password ********
vpngroup philips address-pool philips
vpngroup philips dns-server 10.1.20.2
vpngroup philips default-domain MAIN
vpngroup philips split-tunnel bypassingnat
vpngroup philips idle-time 1800
vpngroup philips password ********
vpngroup hambright address-pool hambright
vpngroup hambright dns-server 10.1.20.2
vpngroup hambright default-domain MAIN
vpngroup hambright split-tunnel bypassingnat
vpngroup hambright idle-time 1800
vpngroup hambright password ********
vpngroup nowitzky address-pool nowitzky
vpngroup nowitzky dns-server 10.1.20.2
vpngroup nowitzky default-domain MAIN
vpngroup nowitzky split-tunnel bypassingnat
vpngroup nowitzky idle-time 1800
vpngroup nowitzky password ********
vpngroup janiscox address-pool nowitzky
vpngroup janiscox dns-server 10.1.20.2
vpngroup janiscox default-domain MAIN
vpngroup janiscox split-tunnel bypassingnat
vpngroup janiscox idle-time 1800
vpngroup janiscox password ********
vpngroup haye address-pool hambright
vpngroup haye dns-server 10.1.20.2
vpngroup haye default-domain MAIN
vpngroup haye split-tunnel bypassingnat
vpngroup haye idle-time 1800
vpngroup haye password ********
vpngroup davis address-pool Alvarado
vpngroup davis dns-server 10.1.20.2
vpngroup davis default-domain MAIN
vpngroup davis split-tunnel bypassingnat
vpngroup davis idle-time 1800
vpngroup davis password ********
vpngroup edwards address-pool Alvarado
vpngroup edwards dns-server 10.1.20.2
vpngroup edwards default-domain MAIN
vpngroup edwards split-tunnel bypassingnat
vpngroup edwards idle-time 1800
vpngroup edwards password ********
vpngroup williams address-pool crist
vpngroup williams dns-server 10.1.20.2
vpngroup williams default-domain MAIN
vpngroup williams split-tunnel bypassingnat
vpngroup williams idle-time 1800
vpngroup williams password ********
vpngroup proca address-pool crist
vpngroup proca dns-server 10.1.20.2
vpngroup proca default-domain MAIN
vpngroup proca split-tunnel bypassingnat
vpngroup proca idle-time 1800
vpngroup proca password ********
vpngroup drissa address-pool drissa
vpngroup drissa dns-server 10.1.20.2
vpngroup drissa default-domain MAIN
vpngroup drissa split-tunnel bypassingnat
vpngroup drissa idle-time 1800
vpngroup drissa password ********
vpngroup alvarado2 address-pool alvarado2
vpngroup alvarado2 dns-server 10.1.20.2
vpngroup alvarado2 default-domain MAIN
vpngroup alvarado2 split-tunnel bypassingnat
vpngroup alvarado2 idle-time 1800
vpngroup alvarado2 password ********
vpngroup Alvarado address-pool Alvarado
vpngroup Alvarado dns-server 10.1.20.2
vpngroup Alvarado default-domain MAIN
vpngroup Alvarado split-tunnel bypassingnat
vpngroup Alvarado idle-time 1800
vpngroup Alvarado password ********
vpngroup osunkoya address-pool osunkoya
vpngroup osunkoya dns-server 10.1.20.2
vpngroup osunkoya default-domain MAIN
vpngroup osunkoya split-tunnel bypassingnat
vpngroup osunkoya idle-time 1800
vpngroup osunkoya password ********
vpngroup gantdr address-pool gantdr
vpngroup gantdr dns-server 10.1.20.2
vpngroup gantdr default-domain MAIN
vpngroup gantdr split-tunnel bypassingnat
vpngroup gantdr idle-time 1800
vpngroup gantdr password ********
vpngroup krause address-pool krause
vpngroup krause dns-server 10.1.20.2
vpngroup krause default-domain MAIN
vpngroup krause split-tunnel bypassingnat
vpngroup krause idle-time 1800
vpngroup krause password ********
vpngroup maccarthy address-pool maccarthy
vpngroup maccarthy dns-server 10.1.20.2
vpngroup maccarthy default-domain MAIN
vpngroup maccarthy split-tunnel bypassingnat
vpngroup maccarthy idle-time 1800
vpngroup maccarthy password ********
vpngroup dreweje address-pool dreweje
vpngroup dreweje dns-server 10.1.20.2
vpngroup dreweje default-domain MAIN
vpngroup dreweje split-tunnel bypassingnat
vpngroup dreweje idle-time 1800
vpngroup dreweje password ********
vpngroup drkale address-pool gantdr
vpngroup drkale dns-server 10.1.20.2
vpngroup drkale default-domain MAIN
vpngroup drkale split-tunnel bypassingnat
vpngroup drkale idle-time 1800
vpngroup drkale password ********
vpngroup maccarthy2 address-pool maccarthy
vpngroup maccarthy2 dns-server 10.1.20.2
vpngroup maccarthy2 default-domain MAIN
vpngroup maccarthy2 split-tunnel bypassingnat
vpngroup maccarthy2 idle-time 1800
vpngroup maccarthy2 password ********
vpngroup heartctr address-pool heartctr
vpngroup heartctr dns-server 10.1.20.2
vpngroup heartctr default-domain MAIN
vpngroup heartctr split-tunnel bypassingnat
vpngroup heartctr idle-time 1800
vpngroup heartctr password ********
vpngroup ebianchi address-pool drros
vpngroup ebianchi dns-server 10.1.20.2
vpngroup ebianchi default-domain MAIN
vpngroup ebianchi split-tunnel bypassingnat
vpngroup ebianchi idle-time 1800
vpngroup ebianchi password ********
vpngroup heartctr2 address-pool heartctr
vpngroup heartctr2 dns-server 10.1.20.2
vpngroup heartctr2 default-domain MAIN
vpngroup heartctr2 split-tunnel bypassingnat
vpngroup heartctr2 idle-time 1800
vpngroup heartctr2 password ********
vpngroup DRKELLY address-pool DRKELLY
vpngroup DRKELLY dns-server 10.1.20.2
vpngroup DRKELLY default-domain MAIN
vpngroup DRKELLY split-tunnel bypassingnat
vpngroup DRKELLY idle-time 1800
vpngroup DRKELLY password ********
vpngroup lcollins address-pool lcollins
vpngroup lcollins dns-server 10.1.20.2
vpngroup lcollins default-domain MAIN
vpngroup lcollins idle-time 1800
vpngroup lcollins password ********
vpngroup vrussell address-pool vrussell
vpngroup vrussell dns-server 10.1.20.2
vpngroup vrussell default-domain MAIN
vpngroup vrussell idle-time 1800
vpngroup vrussell password ********
vpngroup kmootsey address-pool kmootsey
vpngroup kmootsey dns-server 10.1.20.2
vpngroup kmootsey wins-server 10.1.4.1
vpngroup kmootsey default-domain MAIN
vpngroup kmootsey split-tunnel bypassingnat
vpngroup kmootsey idle-time 1800
vpngroup kmootsey password ********
vpngroup joffutt address-pool joffutt
vpngroup joffutt dns-server 10.1.20.2
vpngroup joffutt wins-server 10.1.4.1
vpngroup joffutt default-domain MAIN
vpngroup joffutt idle-time 1800
vpngroup joffutt password ********
vpngroup sneadferry address-pool sneadferry
vpngroup sneadferry dns-server 10.1.20.2
vpngroup sneadferry default-domain MAIN
vpngroup sneadferry split-tunnel bypassingnat
vpngroup sneadferry idle-time 1800
vpngroup sneadferry password ********
vpngroup vistar idle-time 1800
vpngroup amallard address-pool amallard
vpngroup amallard dns-server 10.1.20.2
vpngroup amallard split-tunnel bypassingnat
vpngroup amallard idle-time 1800
vpngroup amallard password ********
vpngroup lsmokovich address-pool lsmokovich
vpngroup lsmokovich dns-server 10.1.20.2
vpngroup lsmokovich split-tunnel bypassingnat
vpngroup lsmokovich idle-time 1800
vpngroup lsmokovich password ********
vpngroup jjeffords address-pool jjeffords
vpngroup jjeffords dns-server 10.1.20.2
vpngroup jjeffords split-tunnel bypassingnat
vpngroup jjeffords idle-time 1800
vpngroup jjeffords password ********
vpngroup dwainwright address-pool dwainwright
vpngroup dwainwright dns-server 10.1.20.2
vpngroup dwainwright split-tunnel bypassingnat
vpngroup dwainwright idle-time 1800
vpngroup dwainwright password ********
vpngroup wwillis address-pool wwillis
vpngroup wwillis dns-server 10.1.20.2
vpngroup wwillis split-tunnel bypassingnat
vpngroup wwillis idle-time 1800
vpngroup wwillis password ********
vpngroup sarthur address-pool sarthur
vpngroup sarthur dns-server 10.1.20.2
vpngroup sarthur split-tunnel bypassingnat
vpngroup sarthur idle-time 1800
vpngroup sarthur password ********
vpngroup dmoore address-pool dmoore
vpngroup dmoore dns-server 10.1.20.2
vpngroup dmoore split-tunnel bypassingnat
vpngroup dmoore idle-time 1800
vpngroup dmoore password ********
vpngroup Katuru address-pool Katuru
vpngroup Katuru dns-server 10.1.20.2
vpngroup Katuru split-tunnel bypassingnat
vpngroup Katuru idle-time 1800
vpngroup Katuru password ********
vpngroup Vistar address-pool Vistar
vpngroup Vistar dns-server 10.1.20.2
vpngroup Vistar split-tunnel bypassingnat
vpngroup Vistar idle-time 1800
vpngroup Vistar password ********
vpngroup split-tunnel idle-time 1800
vpngroup familycare address-pool familycare
vpngroup familycare dns-server 10.1.20.2
vpngroup familycare split-tunnel bypassingnat
vpngroup familycare idle-time 1800
vpngroup fcclinic idle-time 1800
vpngroup fcclinic password ********
vpngroup tmcclatchy address-pool tmcclatchy
vpngroup tmcclatchy dns-server 10.1.20.2
vpngroup tmcclatchy split-tunnel bypassingnat
vpngroup tmcclatchy idle-time 1800
vpngroup tmcclathcy idle-time 1800
vpngroup tmcclathcy password ********
telnet 204.97.9.80 255.255.255.255 outside
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 15
ssh 206.126.161.0 255.255.255.0 outside
ssh 82.161.24.4 255.255.255.255 outside
ssh timeout 60
console timeout 0
url-block url-mempool 1500
url-block url-size 4
terminal width 80
Cryptochecksum:1a54b69df0b
ASKER
Sorry here is the first part again with the changes
PIX Version 6.3(4)
interface ethernet0 10baset
interface ethernet1 10baset
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password uvid4bjPwsid8PCr encrypted
passwd 1weLSVkDS7SRefzk encrypted
hostname pixfirewall
domain-name onslowmemorial.org
no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit icmp any any
access-list acl_out permit tcp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit udp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit ip 204.97.9.0 255.255.255.0 host 198.68.8.166
access-list acl_out permit ip 207.65.105.32 255.255.255.240 host 198.168.8.166
access-list acl_out permit tcp any host 198.68.8.164 eq https
access-list acl_out permit tcp any host 198.68.8.164 eq smtp
access-list acl_out permit tcp any host 198.68.8.164 eq www
access-list acl_out permit tcp any host 198.68.8.174 eq ftp
access-list acl_out permit tcp any host 198.68.8.164 eq 47
access-list acl_out permit tcp any host 198.68.8.164 eq pptp
access-list acl_out permit tcp any host 198.68.8.164 eq 255
access-list acl_out permit tcp any host 198.68.8.164 eq 0
access-list acl_out permit tcp any host 198.68.8.164 eq 4661
access-list acl_out permit tcp any host 198.68.8.164 eq 4662
access-list acl_out permit tcp any host 198.68.8.179 eq ftp
access-list acl_out permit tcp any host 198.68.8.161 eq pptp
access-list acl_out permit tcp any host 198.68.8.161 eq 47
access-list acl_out permit tcp any host 65.40.160.33 eq 47
access-list dynacl2 permit ip host 198.68.8.161 host 192.168.10.1
access-list dynacl3 permit ip any host 192.168.10.1
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.254.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.2.2 192.168.10.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.48 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip 10.1.0.0 255.255.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.16.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.17.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.18.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.19.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.20.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.22.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.60 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.61 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.62 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.25.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.26.0 255.255.255.248
access-list bypassingnat permit tcp any host 10.1.50.196 eq 50
access-list bypassingnat permit tcp any host 10.1.50.196 eq 51
access-list bypassingnat permit udp any host 10.1.50.196 eq isakmp
access-list bypassingnat permit ip host 10.1.0.203 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 172.16.29.2 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.21.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.30.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.31.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.32.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.33.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.34.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.35.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.36.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.37.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.83 192.168.38.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.39.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.40.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.24
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.24
access-list bypassingnat permit tcp any host 10.1.50.64 eq pptp
access-list bypassingnat permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
access-list bypassingnat permit ip host 10.1.0.2 192.168.24.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.42.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.43.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.41.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.45.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.46.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.47.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.48.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.49.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.50.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.51.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.10.42 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.52.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.53.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.0.2 192.168.54.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.55.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.56.0 255.255.255.248
access-list inside_out deny tcp host 10.1.10.117 any eq smtp
access-list inside_out deny tcp host 10.1.10.117 any eq pop3
access-list inside_out deny tcp host 10.1.10.117 any eq www
access-list inside_out deny tcp host 10.1.10.117 any eq https
access-list inside_out permit ip any any
access-list inside_out permit gre any any
access-list cerner permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
PIX Version 6.3(4)
interface ethernet0 10baset
interface ethernet1 10baset
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password uvid4bjPwsid8PCr encrypted
passwd 1weLSVkDS7SRefzk encrypted
hostname pixfirewall
domain-name onslowmemorial.org
no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit icmp any any
access-list acl_out permit tcp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit udp host 198.68.8.162 host 198.68.8.165
access-list acl_out permit ip 204.97.9.0 255.255.255.0 host 198.68.8.166
access-list acl_out permit ip 207.65.105.32 255.255.255.240 host 198.168.8.166
access-list acl_out permit tcp any host 198.68.8.164 eq https
access-list acl_out permit tcp any host 198.68.8.164 eq smtp
access-list acl_out permit tcp any host 198.68.8.164 eq www
access-list acl_out permit tcp any host 198.68.8.174 eq ftp
access-list acl_out permit tcp any host 198.68.8.164 eq 47
access-list acl_out permit tcp any host 198.68.8.164 eq pptp
access-list acl_out permit tcp any host 198.68.8.164 eq 255
access-list acl_out permit tcp any host 198.68.8.164 eq 0
access-list acl_out permit tcp any host 198.68.8.164 eq 4661
access-list acl_out permit tcp any host 198.68.8.164 eq 4662
access-list acl_out permit tcp any host 198.68.8.179 eq ftp
access-list acl_out permit tcp any host 198.68.8.161 eq pptp
access-list acl_out permit tcp any host 198.68.8.161 eq 47
access-list acl_out permit tcp any host 65.40.160.33 eq 47
access-list dynacl2 permit ip host 198.68.8.161 host 192.168.10.1
access-list dynacl3 permit ip any host 192.168.10.1
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.254.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.2.2 192.168.10.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.48 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip 10.1.0.0 255.255.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.13.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.85 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.86 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.108 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.14.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.16.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.17.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.18.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.19.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.20.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.11.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.22.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.60 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.61 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.115.50.62 192.168.23.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.25.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.26.0 255.255.255.248
access-list bypassingnat permit tcp any host 10.1.50.196 eq 50
access-list bypassingnat permit tcp any host 10.1.50.196 eq 51
access-list bypassingnat permit udp any host 10.1.50.196 eq isakmp
access-list bypassingnat permit ip host 10.1.0.203 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 172.16.29.2 192.168.27.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.21.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.30.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.31.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.32.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.10.203 192.168.15.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.33.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.34.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.35.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.36.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.37.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.83 192.168.38.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.39.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.40.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.63 192.168.29.0 255.255.255.24
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.50.64 192.168.29.0 255.255.255.24
access-list bypassingnat permit tcp any host 10.1.50.64 eq pptp
access-list bypassingnat permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
access-list bypassingnat permit ip host 10.1.0.2 192.168.24.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.42.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.43.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.41.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.45.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.46.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.47.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.48.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.49.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.50.0 255.255.255.0
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.51.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.10.42 192.168.12.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.52.0 255.255.255.248
access-list bypassingnat permit ip 10.0.0.0 255.0.0.0 192.168.53.0 255.255.255.0
access-list bypassingnat permit ip host 10.1.0.2 192.168.54.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.55.0 255.255.255.248
access-list bypassingnat permit ip host 10.1.0.2 192.168.56.0 255.255.255.248
access-list inside_out deny tcp host 10.1.10.117 any eq smtp
access-list inside_out deny tcp host 10.1.10.117 any eq pop3
access-list inside_out deny tcp host 10.1.10.117 any eq www
access-list inside_out deny tcp host 10.1.10.117 any eq https
access-list inside_out permit ip any any
access-list inside_out permit gre any any
access-list cerner permit ip host 10.1.5.1 159.140.250.0 255.255.255.240
>global (outside) 1 interface
>global (outside) 1 198.68.8.167
I would remove the second PAT global statement and keep the "inteface" one. Since they both have the same priority number "1"....
I think that will do it with removing the acl. If that gets everything working, then I will help you get the oubound restrictions that you need working.
no access-group inside_out in interface inside
>global (outside) 1 198.68.8.167
I would remove the second PAT global statement and keep the "inteface" one. Since they both have the same priority number "1"....
I think that will do it with removing the acl. If that gets everything working, then I will help you get the oubound restrictions that you need working.
no access-group inside_out in interface inside
ASKER
Ok you can connect via cisco client now
But i didnt make any of the last changes you just suggested. If you wanna take a look in you can.
Do you have any messanger services?
But i didnt make any of the last changes you just suggested. If you wanna take a look in you can.
Do you have any messanger services?
ASKER
Problem is i still cant pass any traffic through. For example we are trying to use a Microsoft Client from inside here to connect to an outside host. And it gives and error 721 everytime.
the ip i am wanting to let through is 10.1.50.63 and it is going to 65.40.160.33
the ip i am wanting to let through is 10.1.50.63 and it is going to 65.40.160.33
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey thanks the Cisco client is working fine. If you ever get a chance or some free time let me know cause i would love for you to connect up and take a look at my config and see if there is anything no necesary in there and see if you see anything incorrect in there.
You can email me at jim51109@ec.rr.com to get messanger name etc....
Thanks
You can email me at jim51109@ec.rr.com to get messanger name etc....
Thanks
access-list acl_out permit tcp any host 64.0.0.10 eq pptp
access-list acl_out permit tcp any host 64.0.0.10 eq 47
If this does not help, see the following link for configuration and troubleshooting information:
http://www.cisco.com/warp/public/110/pix_pptp.html
Nick