troubleshooting Question

Cisco Pix 525 Firewall Configuration Problems

Avatar of Bob Sampson
Bob Sampson asked on
Software FirewallsCisco
4 Comments1 Solution998 ViewsLast Modified:
Hi all,

I have a Cisco PIX 525 firewall with a config on it that is giving me lots of problems. Simple senario:
1 external network card (IP 62.253.220.1 255.255.255.192).
2 internal network cards on different subnets (10.0.0.5/24 and 10.0.2.1/24).
All outbound traffic from both subnets needs to be allowed (and is actually working fine. All outbound traffic is going out the router with no problems, web, mail, RDP etc).
There are 59 available public facing IPs on the external card some of which have servers behind, on each of the subnets.
These servers have limited port access from the outside world ie inbound port 3389, 80, 443, 25 commonly and a number of other random ports.
Currently NO inbound traffic is working on any of the ports on any of the IPs.  I need this up and working ASAP. Here is the configuration log...............

**************************************************************
PIX Version 7.0(4)
!
hostname LUPIXFW-01
domain-name luton.watford
enable password yyB04azV5FZ8k/yT encrypted
names
!
interface Ethernet0
 description External Interface - gateway at 62.253.220.60
 nameif External
 security-level 0
 ip address 62.253.220.1 255.255.255.192
!
interface Ethernet1
 description Interface for 10.0.0.0/24 subnet
 nameif Intsub1
 security-level 100
 ip address 10.0.0.5 255.255.255.0
!
interface Ethernet2
 description Interface for 10.0.2.0/24 subnet
 nameif Intsub2
 security-level 100
 ip address 10.0.2.1 255.255.255.0
!
interface GigabitEthernet0
 description Temporarily Disabled
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup External
dns domain-lookup Intsub1
dns domain-lookup Intsub2
dns name-server 10.0.0.1
dns name-server 10.0.0.12
dns name-server 10.0.0.3
dns name-server 194.168.4.100
dns name-server 194.168.8.100
same-security-traffic permit inter-interface
object-group service NeilCrowtherTCP tcp
 description Neil Crowther's Inbound TCP Ports
 port-object eq 4662
 port-object eq 4711
 port-object eq 4661
 port-object eq 29900
 port-object eq 27015
 port-object eq 55125
 port-object eq 39582
 port-object eq 55124
 port-object eq 55123
 port-object eq 3389
 port-object eq 16567
object-group service NeilCrowtherUDP udp
 description Neil Crowther's Inbound UDP Ports
 port-object eq 4665
 port-object eq 39582
 port-object eq 4672
 port-object eq 1200
 port-object eq 27015
object-group service WebServersTCP tcp
 description Web Servers (62.253.220.14)
 port-object eq 2803
 port-object eq 8232
 port-object eq 2801
 port-object eq 7244
 port-object eq www
 port-object eq https
 port-object eq 1234
object-group service DocumanTCP tcp
 description Documan (62.253.220.29) Inbound TCP Ports
 port-object eq smtp
 port-object eq ssh
 port-object eq 2020
 port-object eq ftp
 port-object eq www
 port-object eq 898
object-group service DocushareTCP tcp
 description Docushare (62.253.220.36) Inbound TCP Ports
 port-object eq ssh
 port-object eq ftp
 port-object eq www
 port-object eq 8236
object-group service IronmailTCP tcp
 description Ironmail (62.253.220.45) Inbound TCP Ports
 port-object eq 10443
 port-object eq 465
 port-object eq 995
 port-object eq smtp
 port-object eq imap4
 port-object eq 993
 port-object eq www
 port-object eq ssh
 port-object eq ftp-data
 port-object eq pop3
 port-object eq 20022
object-group service LutonTSTCP tcp
 description Luton-TS001 (62.253.220.35) Inbound TCP Ports
 port-object eq 3389
 port-object eq www
 port-object eq https
object-group service HadesTCP tcp
 description Hades (62.253.220.20) Inbound TCP Ports
 port-object eq 10001
 port-object eq pcanywhere-data
 port-object eq www
 port-object eq https
 port-object eq 9734
 port-object eq 800
object-group service HadesUDP udp
 description Hades (62.253.220.20) Inbound UDP Ports
 port-object eq pcanywhere-status
object-group service Mail.Watford.Co.Uk_10.0.0.1_TCP tcp
 description Mail.Waford.Co.Uk (62.253.220.4) Inbound TCP Ports To 10.0.0.1
 port-object eq pptp
 port-object eq 47
 port-object eq 3389
 port-object eq ftp
 port-object eq nntp
 port-object eq imap4
 port-object eq domain
object-group service Mail.Watford.Co.Uk_10.0.0.1_UDP udp
 description Mail.Watford.Co.Uk (62.253.220.4) Inbound UDP Ports To 10.0.0.1
 port-object eq 1701
 port-object eq domain
object-group service Email_10.0.0.10_TCP tcp
 description Email (62.253.220.37) Inbound TCP Ports
 port-object eq smtp
 port-object eq https
object-group service Mail.Watford.Co.Uk_10.0.0.10_TCP tcp
 description Mail.Watford.Co.Uk (62.253.220.4) Inbound TCP Ports To 10.0.0.10
 port-object eq pop3
 port-object eq www
object-group service Starbug_10.0.2.102_TCP tcp
 description Starbug (62.253.220.3) Inbound TCP Ports To 10.0.2.102
 port-object eq 2200
 port-object eq ftp
 port-object eq 9663
object-group service WatfordVPN_10.0.2.88_TCP tcp
 description Watford-VPN (62.253.220.43) Inbound TCP Ports To 10.0.2.88
 port-object eq pptp
 port-object eq 47
object-group service WatfordVPN_10.0.2.88_UDP udp
 description Watford-VPN (62.253.220.43) Inbound UDP Ports To 10.0.2.88
 port-object eq 1701
object-group service Masterpack_10.0.2.10_TCP tcp
 description Masterpack (62.253.220.18) Inbound TCP Ports To 10.0.2.10
 port-object eq telnet
 port-object eq ftp
 port-object eq 3468
 port-object eq https
object-group service Test.Savastore_10.0.2.202_TCP tcp
 description Test.Savastore (62.253.220.26) Inbound TCP Ports To 10.0.2.202
 port-object eq 8797
 port-object eq www
 port-object eq 8799
 port-object eq https
object-group service Hoasting_10.0.2.210_TCP tcp
 description Hoasting (62.253.220.12) Inbound TCP Ports To 10.0.2.210
 port-object eq smtp
 port-object eq 3389
 port-object eq pop3
 port-object eq www
object-group service Carrera_10.0.2.15_TCP tcp
 description Carrera (62.253.220.32) Inbound TCP Ports To 10.0.2.15
 port-object eq ftp
 port-object eq www
 port-object eq https
object-group service Old-Web_10.0.2.15_TCP tcp
 description Old-Web (62.253.220.5) Inbound TCP Ports To 10.0.2.15
 port-object eq smtp
 port-object eq 9030
 port-object eq 9016
object-group service Gandalf_10.0.0.6_TCP tcp
 description Gandalf (62.253.220.22)  Inbound TCP Ports To 10.0.0.6
 port-object eq www
 port-object eq https
object-group service Savascheme_10.0.2.15_TCP tcp
 description Savascheme (62.253.220.31) Inbound TCP Ports To 10.0.2.15
 port-object eq www
 port-object eq https
object-group service Xchange01_10.0.2.30_TCP tcp
 description Xchange01 (62.253.220.7) Inbound TCP Ports To 10.0.2.30
 port-object eq ftp
 port-object eq www
object-group service Demonite_10.0.2.15_TCP tcp
 description Demonite (62.253.220.33) Inbound TCP Ports To 10.0.2.15
 port-object eq www
 port-object eq https
object-group service DocumanNew_10.0.0.58_TCP tcp
 description Documan New (62.253.220.38) Inbound TCP Ports To 10.0.0.58
 port-object eq www
 port-object eq https
object-group service DocumanDemo_10.0.0.197_TCP tcp
 description Documan Demo (62.253.220.41) Inbound TCP Ports To 10.0.0.197
 port-object eq www
 port-object eq https
object-group service NeilCrowther_10.0.0.99_UDP udp
 description Neil Crowther (62.253.220.25) Inbound UDP Ports To 10.0.0.99
 port-object eq 4665
 port-object eq 39582
 port-object eq 4672
 port-object eq 1200
 port-object eq 27015
object-group service NeilCrowther_10.0.0.99_TCP tcp
 description Neil Crowther (62.253.220.25) Inbound TCP Ports To 10.0.0.99
 port-object eq 4662
 port-object eq 4711
 port-object eq 4661
 port-object eq 29900
 port-object eq 27015
 port-object eq 55125
 port-object eq 39582
 port-object eq 55124
 port-object eq 55123
 port-object eq 3389
 port-object eq 16567
object-group service Watford-VPN_10.0.2.88_UDP udp
 description Watford-VPN (62.253.220.43) Inbound UDP Ports To 10.0.2.88
 port-object eq 1701
object-group service Ironmail_10.0.0.21_TCP tcp
 description Ironmail (62.253.220.45) Inbound TCP Ports To 10.0.0.21
 port-object eq 10443
 port-object eq 465
 port-object eq 995
 port-object eq smtp
 port-object eq imap4
 port-object eq 993
 port-object eq www
 port-object eq ssh
 port-object eq ftp-data
 port-object eq pop3
 port-object eq 20022
object-group service Web-Servers_10.0.2.15_TCP tcp
 description Web-Servers (62.253.220.14) Inbound TCP Ports To 10.0.2.15
 port-object eq 2803
 port-object eq 8232
 port-object eq 2801
 port-object eq 7244
 port-object eq www
 port-object eq https
 port-object eq 1234
object-group service Agodfrey_10.0.2.110_TCP tcp
 description Agodfrey (62.253.220.44) Inbound TCP Port To 10.0.2.110
 port-object eq 3389
object-group service Documan_10.0.0.63_TCP tcp
 description Documan (62.253.220.29) Inbound TCP Ports To 10.0.0.63
 port-object eq smtp
 port-object eq ssh
 port-object eq 2020
 port-object eq ftp
 port-object eq www
 port-object eq 898
object-group service Dalius_10.0.2.87_TCP tcp
 description Dalius (62.253.220.9) Inbound TCP Ports To 10.0.2.87
 port-object eq 3389
object-group service Docushare_10.0.0.198_TCP tcp
 description Docushare (62.253.220.36) Inbound TCP Ports To 10.0.0.198
 port-object eq ssh
 port-object eq ftp
 port-object eq www
 port-object eq 8236
object-group service Luton-TS001_10.0.0.95_TCP tcp
 description Luton-TS001 (62.253.220.35) Inbound TCP Ports To 10.0.0.95
 port-object eq 3389
 port-object eq www
 port-object eq https
object-group service Hades_10.0.2.23_TCP tcp
 description Hades (62.253.220.20) Inbound TCP Ports To 10.0.2.23
 port-object eq 10001
 port-object eq pcanywhere-data
 port-object eq www
 port-object eq https
 port-object eq 9734
 port-object eq 800
object-group service Hades_10.0.2.23_UDP udp
 description Hades (62.253.220.20) Inbound UDP Ports To 10.0.2.23
 port-object eq pcanywhere-status
object-group service Intsub1_Network_TCP tcp
 description Intsub1 (10.0.0.0/24) Inbound TCP Ports
 port-object eq 8080
 port-object eq ident
 port-object eq 77
object-group service Intsub1_Network_UDP udp
 description Intsub1 (10.0.0.0/24) Inbound UDP Ports
 port-object range 1024 65535
 port-object eq domain
object-group service Intsub2_Network_TCP tcp
 description Intsub2 (10.0.2.0/24) Inbound TCP Ports
 port-object eq 8080
 port-object eq ident
 port-object eq 77
object-group service Intsub2_Network_UDP udp
 description Intsub2 (10.0.2.0/24) Inbound UDP Ports
 port-object range 1024 65535
 port-object eq domain
object-group service Starbug_10.0.2.15_TCP tcp
 description Starbug (62.253.220.3) Inbound TCP Ports To 10.0.2.15
 port-object eq 9090
access-list acl-out extended permit icmp any any
access-list External_access_in extended permit icmp any any unreachable
access-list External_access_in extended permit icmp any any time-exceeded
access-list External_access_in extended permit icmp any any traceroute
access-list External_access_in extended permit icmp any any echo-reply
access-list External_access_in extended permit tcp any host 62.253.220.32 object-group Carrera_10.0.2.15_TCP
access-list External_access_in extended permit tcp any host 62.253.220.31 object-group Savascheme_10.0.2.15_TCP
access-list External_access_in extended permit tcp any host 62.253.220.33 object-group Demonite_10.0.2.15_TCP
access-list External_access_in extended permit tcp any host 62.253.220.14 object-group Web-Servers_10.0.2.15_TCP
access-list External_access_in extended permit tcp any host 62.253.220.5 object-group Old-Web_10.0.2.15_TCP
access-list External_access_in extended permit tcp any host 62.253.220.37 object-group Email_10.0.0.10_TCP
access-list External_access_in extended permit tcp any host 62.253.220.4 object-group Mail.Watford.Co.Uk_10.0.0.10_TCP
access-list External_access_in extended permit tcp any host 62.253.220.4 object-group Mail.Watford.Co.Uk_10.0.0.1_TCP
access-list External_access_in extended permit udp any host 62.253.220.4 object-group Mail.Watford.Co.Uk_10.0.0.1_UDP
access-list External_access_in extended permit tcp any host 62.253.220.20 object-group Hades_10.0.2.23_TCP
access-list External_access_in extended permit udp any host 62.253.220.20 object-group Hades_10.0.2.23_UDP
access-list External_access_in extended permit tcp any host 62.253.220.43 object-group WatfordVPN_10.0.2.88_TCP
access-list External_access_in extended permit udp any host 62.253.220.43 object-group Watford-VPN_10.0.2.88_UDP
access-list External_access_in extended permit tcp any host 62.253.220.22 object-group Gandalf_10.0.0.6_TCP
access-list External_access_in extended permit tcp any host 62.253.220.18 object-group Masterpack_10.0.2.10_TCP
access-list External_access_in extended permit tcp any host 62.253.220.38 object-group DocumanNew_10.0.0.58_TCP
access-list External_access_in extended permit tcp any host 62.253.220.25 object-group NeilCrowther_10.0.0.99_TCP
access-list External_access_in extended permit udp any host 62.253.220.25 object-group NeilCrowther_10.0.0.99_UDP
access-list External_access_in extended permit tcp any host 62.253.220.41 object-group DocumanDemo_10.0.0.197_TCP
access-list External_access_in extended permit tcp any host 62.253.220.26 object-group Test.Savastore_10.0.2.202_TCP
access-list External_access_in extended permit tcp any host 62.253.220.29 object-group Documan_10.0.0.63_TCP
access-list External_access_in extended permit tcp any host 62.253.220.7 object-group Xchange01_10.0.2.30_TCP
access-list External_access_in extended permit tcp any host 62.253.220.36 object-group Docushare_10.0.0.198_TCP
access-list External_access_in extended permit tcp any host 62.253.220.35 object-group Luton-TS001_10.0.0.95_TCP
access-list External_access_in extended permit tcp any host 62.253.220.44 object-group Agodfrey_10.0.2.110_TCP
access-list External_access_in extended permit tcp any host 62.253.220.45 object-group Ironmail_10.0.0.21_TCP
access-list External_access_in extended permit tcp any host 62.253.220.9 object-group Dalius_10.0.2.87_TCP
access-list External_access_in extended permit tcp any host 62.253.220.12 object-group Hoasting_10.0.2.210_TCP
access-list External_access_in extended permit tcp any host 62.253.220.3 object-group Starbug_10.0.2.102_TCP
access-list External_access_in extended permit tcp any host 62.253.220.3 object-group Starbug_10.0.2.15_TCP
access-list outbound extended permit ip interface Intsub1 any
access-list outbound extended permit ip interface Intsub2 any
pager lines 24
logging enable
logging buffered notifications
logging from-address PixFw@watford.co.uk
logging recipient-address Neil@watford.co.uk level errors
logging recipient-address Mike@Watford.co.uk level errors
mtu External 1500
mtu Intsub1 1500
mtu Intsub2 1500
ip local pool VPNUsers 10.0.22.0-10.0.22.255 mask 255.255.255.0
failover
failover key *****
icmp permit any External
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (External) 1 interface
nat (Intsub1) 1 10.0.0.0 255.255.255.0
nat (Intsub2) 1 10.0.2.0 255.255.255.0
static (Intsub2,External) tcp 62.253.220.31 www 10.0.2.15 9033 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.31 https 10.0.2.15 9034 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.33 www 10.0.2.15 9037 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.33 https 10.0.2.15 9038 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.14 www 10.0.2.15 www netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.14 https 10.0.2.15 https netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.14 2801 10.0.2.15 2801 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.14 7244 10.0.2.15 7244 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.14 8232 10.0.2.15 8232 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.14 2803 10.0.2.15 2803 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.14 1234 10.0.2.15 1234 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.5 smtp 10.0.2.15 smtp netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.5 9016 10.0.2.15 9016 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.5 9030 10.0.2.15 9030 netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.37 smtp 10.0.0.10 smtp netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.37 https 10.0.0.10 https netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.4 www 10.0.0.10 www netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.4 pop3 10.0.0.10 pop3 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.20 www 10.0.2.23 www netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.20 https 10.0.2.23 https netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.20 800 10.0.2.23 800 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.20 pcanywhere-data 10.0.2.23 pcanywhere-data netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.20 9734 10.0.2.23 9734 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.20 10001 10.0.2.23 10001 netmask 255.255.255.255
static (Intsub2,External) udp 62.253.220.20 pcanywhere-status 10.0.2.23 pcanywhere-status netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.43 47 10.0.2.88 47 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.43 pptp 10.0.2.88 pptp netmask 255.255.255.255
static (Intsub2,External) udp 62.253.220.43 1701 10.0.2.88 1701 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.18 ftp 10.0.2.10 ftp netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.18 telnet 10.0.2.10 telnet netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.18 https 10.0.2.10 https netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.18 3468 10.0.2.10 3468 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.26 www 10.0.2.202 www netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.26 https 10.0.2.202 https netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.26 8797 10.0.2.202 8797 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.26 8799 10.0.2.203 8799 netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.22 www 10.0.0.6 www netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.22 https 10.0.0.6 https netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.7 ftp 10.0.2.30 ftp netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.7 www 10.0.2.30 www netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.38 www 10.0.0.58 www netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.38 https 10.0.0.58 https netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.41 www 10.0.0.197 www netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.41 https 10.0.0.197 https netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.9 3389 10.0.2.87 3389 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.12 smtp 10.0.2.210 smtp netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.12 www 10.0.2.210 www netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.12 pop3 10.0.2.210 pop3 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.12 3389 10.0.2.210 3389 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.3 ftp 10.0.2.102 ftp netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.3 2200 10.0.2.102 2200 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.3 9663 10.0.2.102 9663 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.3 www 10.0.2.15 9090 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.32 ftp 10.0.2.15 ftp netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.32 www 10.0.2.15 9035 netmask 255.255.255.255
static (Intsub2,External) tcp 62.253.220.32 https 10.0.2.15 9036 netmask 255.255.255.255
static (Intsub1,External) tcp 62.253.220.14 www 10.0.2.15 www netmask 255.255.255.255
static (Intsub1,External) 62.253.220.25 10.0.0.99 netmask 255.255.255.255
static (Intsub2,External) 62.253.220.44 10.0.2.110 netmask 255.255.255.255
static (Intsub1,External) 62.253.220.29 10.0.0.63 netmask 255.255.255.255
static (Intsub1,External) 62.253.220.36 10.0.0.198 netmask 255.255.255.255
static (Intsub1,External) 62.253.220.35 10.0.0.95 netmask 255.255.255.255
static (Intsub1,External) 62.253.220.45 10.0.0.21 netmask 255.255.255.255
static (Intsub2,External) 62.253.220.40 10.0.2.40 netmask 255.255.255.255
static (Intsub1,External) 62.253.220.24 10.0.0.53 netmask 255.255.255.255
static (Intsub1,External) 62.253.220.2 10.0.0.4 netmask 255.255.255.255
access-group External_access_in in interface External
rip Intsub1 passive version 1
rip Intsub1 default version 1
route External 0.0.0.0 0.0.0.0 62.253.220.60 1
route Intsub1 213.232.80.0 255.255.255.0 10.0.0.193 1
route Intsub1 194.70.94.152 255.255.255.255 10.0.0.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username administrator password DIDoj/44tMeFMFGd encrypted privilege 15
username andrews password VWz7WydquTjZz/aD encrypted privilege 15
http server enable
http 10.0.99.0 255.255.255.0 Intsub1
http 10.0.0.0 255.255.255.0 Intsub1
http 10.0.2.0 255.255.255.0 Intsub2
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
fragment chain 1 External
fragment chain 1 Intsub1
no sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
isakmp enable External
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
no vpn-addr-assign local
telnet 10.0.0.0 255.255.255.0 Intsub1
telnet 10.0.99.0 255.255.255.0 Intsub1
telnet 10.0.2.0 255.255.255.0 Intsub2
telnet timeout 5
ssh timeout 5
console timeout 0
smtp-server 10.0.0.1 10.0.0.10
Cryptochecksum:bb838f090b465df9b1377278b6fa2177
: end

**************************************************************

Many thanks for any help you can give.

Bob

bob@andrews-computers.com
ASKER CERTIFIED SOLUTION
paul1gilbert

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros