Solved

Cisco PIX One-to-One NAT

Posted on 2011-03-17
9
815 Views
Last Modified: 2012-06-21
Looking for help on the commands for adding a One-to-Nat on our PIX to a local server for RDP access. I know Cisco CLI for routing and switching but I know very little about a PIX I have never really gotten into access-lists. We have an available public IP from our pool of public IP's available to us from our ISP.

Would love help with a configuration example to add the NAT and the accompanying Access-list to allow the traffic.
for example our Public ip would be x.x.x.37 nat'ed to a private IP of 192.168.1.58

No one here at our company configured this this was done by several different vendors, we just need ot get this NAT added for RDP access ASAP.
Config is below Thanks.


PIX Version 7.2(3)
!
hostname H*****PIX1
domain-name ***********net
enable password ****************
no names
name 192.168.4.0 Bxxxxd
name 192.168.6.0 Mxxxille
name 192.168.1.0 Serxxxet
name 192.168.3.0 Lxxxxxrg
name 133.133.33.0 Cxxxxab
name 192.168.2.0 Coxxxte
name 192.168.2.253 Cxxxxtr2
name 216.248.12.128 IxxxxInt
name 192.168.2.254 Cxxxxtr1
name 216.248.29.221 Txxxxxtr
name 100.0.0.0 StTxxxxxt
name 10.168.1.2 PxxxZ
name 10.0.0.0 IxxxC
name 192.168.4.102 WxxxW
name 192.168.1.20 Txxx9
name 192.168.8.0 Gxxx
name 192.168.9.0 WIxDxxx
name 192.168.10.0 WIxxx
name 192.168.13.0 STTxxx
name 159.140.160.0 STxxx
name 192.168.19.0 Lexxx
name 192.168.15.0 Metrxxx
name 192.168.18.0 Muxxx
name 192.168.17.0 Mxxx
name 192.168.1.50 xxx
name 10.10.10.0 xxxoE
name 192.168.1.135 ZiXVPM2 description xxxxx
name 192.168.1.134 ZixVPM1 description xxxxx
name 192.168.1.150 xxx description xxxxx
dns-guard
!
interface Ethernet0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address x.x.x.41 255.255.255.240
!
interface Ethernet1
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 172.16.1.1 255.255.255.0
!
interface Ethernet2
 speed 10
 duplex half
 nameif LAPTOP
 security-level 50
 no ip address
!

boot system flash:/pix723.bin
ftp mode passive
clock timezone xxTxx
clock summer-time CDT recurring
dns server-group DefaultDNS
 domain-name xxxxxxup.net
object-group network xWAN
 network-object 192.168.1.0 255.255.255.0
 network-object 192.168.2.0 255.255.255.0
 network-object 192.168.3.0 255.255.255.0
 network-object 192.168.4.0 255.255.255.0
 network-object 192.168.6.0 255.255.255.0
 network-object 192.168.8.0 255.255.255.240
 network-object 192.168.19.0 255.255.255.0
 network-object 192.168.17.0 255.255.255.0
 network-object 192.168.18.0 255.255.255.0
 network-object 10.10.10.0 255.255.255.0
object-group network Darwin
 network-object 192.168.32.0 255.255.255.0
object-group network Ht-C-IPs
 description 192.168.0.0 to 192.168.31.254
 network-object 192.168.0.0 255.255.224.0
access-list outside_access_in extended permit tcp any host x.x.x.131 eq ssh
access-list outside_access_in extended permit tcp any host x.x.x.31 eq https
access-list outside_access_in extended permit tcp any host x.x.x.31 eq www
access-list outside_access_in extended permit tcp any host x.x.x.40 eq pop3
access-list outside_access_in extended permit tcp any host x.x.x.140 eq imap4
access-list outside_access_in extended permit tcp any host x.x.x.140 eq https
access-list outside_access_in extended permit tcp any host x.x.x.40 eq www
access-list outside_access_in extended permit tcp any host x.x.x.40 eq smtp
access-list outside_access_in extended permit tcp any host x.x.x.39 eq smtp
access-list outside_access_in extended permit tcp any host 192.168.100.44
access-list outside_access_in extended permit icmp any host 192.168.100.44
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit icmp any any echo
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit tcp any host x.x.x.6
access-list inside_outbound_nat0_acl extended permit ip host 192.168.4.100 172.16.1.8 255.255.255.248
access-list inside_outbound_nat0_acl extended permit ip host 192.168.4.102 172.16.1.8 255.255.255.248
access-list inside_outbound_nat0_acl extended permit ip host 192.168.2.25 172.16.1.8 255.255.255.248
access-list inside_outbound_nat0_acl extended permit ip any 192.168.5.16 255.255.255.240
access-list inside_outbound_nat0_acl extended permit ip any 172.16.1.16 255.255.255.240
access-list inside_outbound_nat0_acl extended permit ip host 192.168.1.5 10.1.10.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.5.16 255.255.255.240 192.168.5.16 255.255.255.240
access-list inside_outbound_nat0_acl extended permit ip 10.0.0.0 255.0.0.0 192.168.22.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 172.16.0.0 255.240.0.0 192.168.22.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.0.0 255.255.0.0 192.168.22.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 100.0.0.0 255.0.0.0 192.168.22.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 159.140.0.0 255.255.0.0 192.168.22.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 180.30.0.0 255.255.0.0 192.168.22.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 10.0.0.0 255.0.0.0 192.168.23.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 172.16.0.0 255.240.0.0 192.168.23.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.0.0 255.255.0.0 192.168.23.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 100.0.0.0 255.0.0.0 192.168.23.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 159.140.0.0 255.255.0.0 192.168.23.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 180.30.0.0 255.255.0.0 192.168.23.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 10.0.0.0 255.0.0.0 192.168.24.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 172.16.0.0 255.240.0.0 192.168.24.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.0.0 255.255.0.0 192.168.24.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 100.0.0.0 255.0.0.0 192.168.24.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 159.140.0.0 255.255.0.0 192.168.24.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip x.x.x0.0 255.255.0.0 192.168.24.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 172.16.0.0 255.240.0.0 192.168.29.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.0.0 255.255.0.0 192.168.29.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 100.0.0.0 255.0.0.0 192.168.29.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 159.140.0.0 255.255.0.0 192.168.29.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 180.30.0.0 255.255.0.0 192.168.29.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 10.10.1.0 255.255.255.0 192.168.29.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 10.85.0.0 255.255.0.0 192.168.29.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip object-group Heart-Clinic-IPs object-group Darwin
access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.5.16 255.255.255.240
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any host 10.168.1.2
access-list inside_access_in extended permit icmp any any
access-list outside_cryptomap_dyn_40 extended permit ip any 172.16.1.16 255.255.255.240
access-list outside_cryptomap_20 extended permit ip host 192.168.1.5 10.1.10.0 255.255.255.0
access-list PhoneVPN_splitTunnelAcl standard permit 192.168.5.16 255.255.255.240
access-list Phone_splitTunnelAcl standard permit any
access-list outside_cryptomap_65535.60 extended permit ip any 192.168.5.96 255.255.255.240
access-list webtraffic extended permit icmp host 7x.x.x.0 host 216.248.12.140
access-list DCI_Split_Tunnel_List standard permit 192.168.0.0 255.255.0.0
access-list DCI_Split_Tunnel_List standard permit 10.10.10.0 255.255.255.0
access-list DCI_Split_Tunnel_List standard permit 172.16.1.0 255.255.255.0
access-list outside_cryptomap_dyn_60 extended permit ip 10.0.0.0 255.0.0.0 192.168.22.0 255.255.255.0
access-list outside_cryptomap_dyn_60 extended permit ip 172.16.0.0 255.240.0.0 192.168.22.0 255.255.255.0
access-list outside_cryptomap_dyn_60 extended permit ip 192.168.0.0 255.255.0.0 192.168.22.0 255.255.255.0
access-list outside_cryptomap_dyn_60 extended permit ip 100.0.0.0 255.0.0.0 192.168.22.0 255.255.255.0
access-list outside_cryptomap_dyn_60 extended permit ip 159.140.0.0 255.255.0.0 192.168.22.0 255.255.255.0
access-list outside_cryptomap_dyn_60 extended permit ip x.x.x..0 255.255.0.0 192.168.22.0 255.255.255.0
access-list capout extended permit ip host 192.168.1.5 host 1x.x.x.7
access-list capout extended permit ip host 192.168.2.60 host 1x.x.x.7
access-list outside_cryptomap_dyn_100 extended permit ip 10.0.0.0 255.0.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_dyn_100 extended permit ip 172.16.0.0 255.240.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_dyn_100 extended permit ip 192.168.0.0 255.255.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_dyn_100 extended permit ip 100.0.0.0 255.0.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_dyn_100 extended permit ip 159.140.0.0 255.255.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_dyn_100 extended permit ip x.x.x..0 255.255.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 10.0.0.0 255.0.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 172.16.0.0 255.240.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 192.168.0.0 255.255.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 100.0.0.0 255.0.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip x.x.x..0 255.255.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip x.x.x.0 255.255.0.0 192.168.23.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 10.0.0.0 255.0.0.0 192.168.24.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 172.16.0.0 255.240.0.0 192.168.24.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 192.168.0.0 255.255.0.0 192.168.24.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip 100.0.0.0 255.0.0.0 192.168.24.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip x.x.x.0.0 255.255.0.0 192.168.24.0 255.255.255.0
access-list outside_cryptomap_100 extended permit ip x.x.x..0 255.255.0.0 192.168.24.0 255.255.255.0
access-list tst extended permit ip host 192.168.15.150 host 216.166.12.247
access-list tst2 extended permit ip host x.x.x.7 host 216.248.12.142
access-list Darwin extended permit ip 192.168.0.0 255.255.224.0 192.168.32.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging asdm-buffer-size 500
logging buffered informational
logging asdm alerts
mtu outside 1500
mtu inside 1500
mtu LAPTOP 1500
ip local pool newuserpool 192.168.5.17-192.168.5.31
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo outside
icmp permit any echo-reply outside
asdm image flash:/asdm-523.bin
asdm location 192.168.2.0 255.255.255.0 inside
asdm location 192.168.1.0 255.255.255.0 inside
asdm location 192.168.3.0 255.255.255.0 inside
asdm location 192.168.4.0 255.255.255.0 inside
asdm location 192.168.6.0 255.255.255.0 inside
asdm location 133.133.33.0 255.255.255.0 inside
asdm location 192.168.2.253 255.255.255.255 inside
asdm location 192.168.2.254 255.255.255.255 inside
asdm location 216.248.29.221 255.255.255.255 outside
asdm location 192.168.0.0 255.255.0.0 inside
asdm location 172.16.1.0 255.255.255.248 outside
asdm location 172.16.1.0 255.255.255.128 outside
asdm location 172.16.1.28 255.255.255.252 outside
asdm location 172.16.1.0 255.255.255.252 outside
asdm location 192.168.2.25 255.255.255.255 inside
asdm location 100.7.0.0 255.255.0.0 outside
asdm location 100.0.0.0 255.0.0.0 outside
asdm location 10.168.1.2 255.255.255.255 LAPTOP
asdm location 100.0.0.0 255.0.0.0 LAPTOP
asdm location 10.168.0.0 255.255.0.0 inside
asdm location 10.168.0.0 255.255.0.0 LAPTOP
asdm location 67.142.29.86 255.255.255.255 outside
asdm location 172.16.1.16 255.255.255.240 outside
asdm location 172.16.1.8 255.255.255.248 outside
asdm location 192.168.13.0 255.255.255.224 inside
asdm location 192.168.10.0 255.255.254.0 inside
asdm location 192.168.4.102 255.255.255.255 inside
asdm location 192.168.1.20 255.255.255.255 inside
asdm location 192.168.4.100 255.255.255.255 inside
asdm location 192.168.1.25 255.255.255.255 inside
asdm location 192.168.2.183 255.255.255.255 inside
asdm location 192.168.8.0 255.255.255.240 inside
asdm location 192.168.8.0 255.255.255.0 inside
asdm location 192.168.9.0 255.255.255.0 inside
asdm location 10.168.1.2 255.255.255.255 outside
asdm location 159.140.160.0 255.255.240.0 outside
asdm location 67.33.45.35 255.255.255.255 outside
asdm location 67.33.45.37 255.255.255.255 outside
asdm location 171.68.225.213 255.255.255.255 outside
asdm location 171.68.225.212 255.255.255.255 outside
asdm location 66.168.99.170 255.255.255.255 outside
asdm location 192.168.2.85 255.255.255.255 inside
asdm location 71.4.240.1 255.255.255.255 outside
asdm location 192.168.1.139 255.255.255.255 inside
asdm location 192.168.100.1 255.255.255.255 inside
asdm location 192.168.26.15 255.255.255.255 outside
asdm location 192.168.26.0 255.255.255.0 outside
asdm location 192.168.1.44 255.255.255.255 inside
asdm location 192.168.19.0 255.255.255.0 inside
asdm location 192.168.18.0 255.255.255.0 inside
asdm location 192.168.17.0 255.255.255.0 inside
asdm group WAN inside
asdm history enable
arp timeout 14400
nat-control
global (outside) 10 x.x.x.2
global (outside) 11 x.x.x.3
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0
static (inside,outside) x.x.x.1 192.168.4.102 netmask 255.255.255.255
static (inside,outside) x.x.x.0 192.168.1.20 netmask 255.255.255.255
static (inside,outside) x.x.x.2 192.168.1.50 netmask 255.255.255.255
static (inside,outside) x.x.x.9 192.168.1.134 netmask 255.255.255.255
static (inside,outside) x.x.x.6 192.168.1.150 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication ssh console LOCAL
http server enable
http x.x.x.7 255.255.255.255 outside
http x.x.x..170 255.255.255.255 outside
http x.x.x..1 255.255.255.255 outside
http 0.0.0.0 0.0.0.0 outside
http 192.168.2.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
http 172.16.1.1 255.255.255.255 inside
http 10.168.0.0 255.255.0.0 LAPTOP
http 172.16.1.100 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set nsset esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 10 set reverse-route
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_65535.60
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set security-association lifetime seconds 28800
crypto map outside_map 10 set peer x.x.x.6.2
crypto map outside_map 10 set transform-set ESP-3DES-MD5
crypto map outside_map 10 set security-association lifetime seconds 28800
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer x.x.x.4
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 set security-association lifetime seconds 28800
crypto map outside_map 50 set peer x.x.x.8
crypto map outside_map 50 set transform-set ESP-3DES-MD5
crypto map outside_map 50 set security-association lifetime seconds 28800
crypto map outside_map 100 match address outside_cryptomap_100
crypto map outside_map 100 set peer x.x.x.9
crypto map outside_map 100 set transform-set ESP-3DES-MD5
crypto map outside_map 100 set security-association lifetime seconds 28800
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map nsmap 40 match address Darwin
crypto map nsmap 40 set peer x.x.x.1
crypto map nsmap 40 set transform-set nsset
crypto map nsmap 40 set reverse-route
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 1
 lifetime 86400
crypto isakmp policy 20
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 40
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 60
 authentication pre-share
 encryption des
 hash md5
 group 1
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal  20
telnet 192.168.2.253 255.255.255.255 inside
telnet 192.168.2.254 255.255.255.255 inside
telnet 192.168.0.0 255.255.0.0 inside
telnet 192.168.25.0 255.255.255.252 LAPTOP
telnet timeout 15
ssh x.x.x.7 255.255.255.255 outside
ssh x.x.x.0 255.255.255.255 outside
ssh x.x.x..1 255.255.255.255 outside
ssh x.x.x..0 255.255.0.0 outside
ssh x.x.x.0 255.255.255.0 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.0.0 255.255.0.0 inside
ssh 172.16.1.100 255.255.255.255 inside
ssh timeout 30
ssh version 1
console timeout 0
management-access inside
!
class-map Frost-Arnett
 match flow ip destination-address
 match tunnel-group x.x.x.4
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ils
  inspect netbios
  inspect pptp
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
policy-map qos
 class Frost-Arnett
  police output 1500000 256000
!
service-policy global_policy global
service-policy qos interface outside
group-policy DfltGrpPolicy attributes
 banner none
 wins-server none
 dns-server none
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec l2tp-ipsec
 password-storage disable
 ip-comp disable
 re-xauth disable
 group-lock none
 pfs disable
 ipsec-udp disable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain none
 split-dns none
 intercept-dhcp 255.255.255.255 disable
 secure-unit-authentication disable
 user-authentication disable
 user-authentication-idle-timeout 30
 ip-phone-bypass disable
 leap-bypass disable
 nem disable
 backup-servers keep-client-config
 msie-proxy server none
 msie-proxy method no-modify
 msie-proxy except-list none
 msie-proxy local-bypass disable
 nac disable
 nac-sq-period 300
 nac-reval-period 36000
 nac-default-acl none
 address-pools none
 smartcard-removal-disconnect enable
 client-firewall none
 client-access-rule none
group-policy UserVPN internal
group-policy UserVPN attributes
 wins-server value x.x.x.1 x.x.x.2
 dns-server value 1x.x.x.1 x.x.x.2
 vpn-idle-timeout 30
 default-domain value heartgroup.local
group-policy DciVPN internal
group-policy DciVPN attributes
 wins-server value x.x.x..21 x.x.x.2
 dns-server value x.x.x.1.21 x.x.x.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value DCI_Split_Tunnel_List
 default-domain value heartgroup.local
group-policy PhoneVPN internal
group-policy PhoneVPN attributes
 wins-server value x.x.x.1 x.x.x.2
 dns-server value x.x.x.1 x.x.x.2
 vpn-simultaneous-logins 3
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain value
 split-dns none

tunnel-group DefaultL2LGroup ipsec-attributes
 pre-shared-key cisco123
tunnel-group DefaultRAGroup ipsec-attributes
 isakmp ikev1-user-authentication (outside) none
tunnel-group UserVPN type ipsec-ra
tunnel-group UserVPN general-attributes
 address-pool newuserpool
 default-group-policy UserVPN
 password-management
tunnel-group UserVPN ipsec-attributes
 pre-shared-key *************
 isakmp ikev1-user-authentication (outside) none
tunnel-group x.x.x.x4 type ipsec-l2l
tunnel-group x.x.x4 ipsec-attributes
 pre-shared-key ***************
tunnel-group DciVPN type ipsec-ra
tunnel-group DciVPN general-attributes
 address-pool newuserpool
 default-group-policy DciVPN
tunnel-group DciVPN ipsec-attributes
 pre-shared-key**************
tunnel-group x.x.x.2 type ipsec-l2l
tunnel-group x.x.x.2 ipsec-attributes
 pre-shared-key *************
tunnel-group x.x.x.9 type ipsec-l2l
tunnel-group x.x.x.9 ipsec-attributes
 pre-shared-key **************
tunnel-group x.x.x.1 type ipsec-l2l
tunnel-group x.x.x.1 general-attributes
tunnel-group x.x.x.1 ipsec-attributes




 
0
Comment
Question by:Schmittie
  • 4
  • 3
  • 2
9 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 250 total points
ID: 35157095
static (inside,outside) x.x.x.37 192.168.1.58 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host x.x.x.37 eq 3389


Should do the trick.
0
 
LVL 2

Assisted Solution

by:mwblsz
mwblsz earned 250 total points
ID: 35157180
try this

access-list outside_access_in extended permit tcp any host x.x.x.37 eq 3389
static (inside,outside) x.x.x.37 192.168.1.58 netmask 255.255.255.255

sincerely
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35157237
@mwblsz:2fast4you

;)
0
 
LVL 2

Expert Comment

by:mwblsz
ID: 35157244
sorry erniebeek, did not see your comment, must be typing while you post it.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:Schmittie
ID: 35157308
thanks guys, we will give that a go and hopefully all will be good.
Post back in a minute or two.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35157336
@mwblsz:never mind, happens to me all of the time. Atleast we're thinking in the same direction :)
0
 
LVL 1

Author Comment

by:Schmittie
ID: 35157616
thats got it I had written something very similar already in a txt file i was just to chicken to use it with out being 100% sure. Which I am glad I asked I did have the syntax wrong on one of the commands.

Thanks again!
0
 
LVL 1

Author Closing Comment

by:Schmittie
ID: 35157635
Thanks again guys on a side note do you know of a good reference material i.e. a book or something to help learn more on the PIX?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35157636
You're welcome, glad you fixed it :)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now