Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Added lines for connection but then lost internet 1

Status
Not open for further replies.

jimdwa

MIS
Oct 27, 2006
10
US
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

I added the following lines to create a connection between a new web application and a MS SQL server and File server. The file server and database are on the inside with the private IPs and the web server is in the dmz. The connections worked well and the application is working properly. Previous to this addition the two internal servers could see the internet. Now they can't. There must be an additional line I need to allow this traffic but I don't know for sure what it is. Any help would be appreciated.

access-list acl_dmz permit tcp host 199.241.8.115 host 172.27.116.151 eq 1433

access-list acl_dmz permit tcp host 199.241.8.115 host 172.27.116.151 eq 1434

access-list acl_dmz permit tcp host 199.241.8.115 host 172.27.116.1 eq 445

access-list acl_dmz permit ip host 199.241.8.115 host 172.27.116.151

access-list acl_dmz permit tcp host 199.241.8.115 any

 
Did you add statics? Can you post a config?


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
I had routes for the subnets already in place. And I did add these statics:

static (dmz,outside) 199.241.8.115 199.241.8.115 netmask 255.255.255.255 0 0

static (inside,outside) 172.27.116.151 172.27.116.151 netmask 255.255.255.255 0 0

I'm veteran at networking but a PIX noob. Don't feel bad about talking basics on this. I welcome all comments and advice.

I'm at a government site so I probably shouldn't post a complete config.
 
Where is the dmz ACL applied? If it is the DMZ interface, then there is an implicit deny ip any any at the end. You will need to allow HTTP (and wahtever else you want) to the outside.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
access-group acl_out in interface outside
access-group acl_in in interface inside
access-group acl_dmz in interface dmz

We do have these above the new lines in the acl:
access-list acl_dmz deny tcp any 172.0.0.0 255.0.0.0 eq ftp
access-list acl_dmz deny tcp any 199.0.0.0 255.0.0.0 eq ftp
access-list acl_dmz deny tcp any 199.0.0.0 255.0.0.0 eq www
access-list acl_dmz deny tcp any 172.0.0.0 255.0.0.0 eq www
access-list acl_dmz permit tcp any any eq www
access-list acl_dmz permit tcp any any eq ftp

And we could get to the Internet immediatley before adding the new lines and statics. If I add an any any or any it on the dmz for the 172 addresses?
 
Could be DNS (I don't see it in the ACL), could be a conflict with your global/nat pairs and the statics. I would need to see the whole config. (mask the last 3 octets of the external IPs, remove all passwords.)


Brent
Systems Engineer / Consultant
CCNP, CCSP
 

will this help? I tried connecting to the Internet router from the offending servers by IP address and it failed too. So probably not DNS?

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 100full
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
nameif ethernet3 cjnet security40
nameif ethernet4 test security20
nameif ethernet5 intf5 security25

domain-name ciscopix.com

clock summer-time EDT recurring
fixup protocol dns maximum-length 1400
fixup protocol ftp 21
fixup protocol ftp 8082
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list compiled
access-list acl_out permit tcp any host 199.x.x.x eq eqwww
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit udp any host 199.x.x.x eq domain
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq https
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out deny ip host 12.159.180.253 any
access-list acl_out deny ip host 216.216.30.250 any
access-list acl_out permit udp any host 199.x.x.x eq domain
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq telnet
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq https
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit ip host 64.132.118.2 any
access-list acl_out permit ip host 64.132.127.242 any
access-list acl_out permit tcp any host 199.x.x.x eq smtp
access-list acl_out permit ip host 209.16.112.130 host 199.241.10.198
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 199.x.x.x eq 3389
access-list acl_out permit tcp any host 199.x.x.x eq 5900
access-list acl_out permit tcp any host 199.x.x.x eq 5800
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 172.27.132.20 eq 8234
access-list acl_out permit tcp any host 172.27.132.20 eq 8235
access-list acl_out permit udp any host 172.27.132.20 eq 8234
access-list acl_out permit udp any host 172.27.132.20 eq 8235
access-list acl_out permit tcp any host 199.x.x.x eq 8234
access-list acl_out permit tcp any host 199.x.x.x eq 8235
access-list acl_out permit udp any host 199.x.x.x eq 8234
access-list acl_out permit udp any host 199.x.x.x eq 8235
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq domain
access-list acl_out permit tcp any host 199.x.x.x eq domain
access-list acl_out permit esp any host 199.241.8.113
access-list acl_out permit udp any host 199.x.x.x eq isakmp
access-list acl_out permit udp any host 199.x.x.x eq 4500
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq ftp
access-list acl_out permit tcp any host 199.x.x.x eq smtp
access-list acl_out permit tcp any host 199.x.x.x eq imap4
access-list acl_out permit icmp any any echo-reply
access-list acl_out permit icmp any any time-exceeded
access-list acl_out permit icmp any any unreachable
access-list acl_out permit tcp any host 199.x.x.x eq www
access-list acl_out permit tcp any host 199.x.x.x eq https
access-list acl_dmz permit tcp host 199.x.x.x eq 1526
access-list acl_dmz permit udp host 199.x.x.x eq domain
access-list acl_dmz permit tcp host 199.x.x.x eq smtp
access-list acl_dmz permit udp 199.x.x.x eq ntp
access-list acl_dmz permit tcp host 199.x.x.x eq smtp
access-list acl_dmz permit tcp host 199.x.x.x eq 1590
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit tcp host 199.x.x.x eq 1542
access-list acl_dmz permit tcp host 199.x.x.x eq 1526
access-list acl_dmz permit tcp host 199.x.x.x eq https
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.24
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.25
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.26
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.27
access-list acl_dmz permit tcp host 199.x.x.x eq 1590
access-list acl_dmz permit tcp host 199.x.x.x eq 1570
access-list acl_dmz permit tcp host 199.x.x.x eq 192.168.204.2
access-list acl_dmz permit tcp host 199.x.x.x eq www
access-list acl_dmz permit tcp host 199.x.x.x eq 6401
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.120.110
access-list acl_dmz permit tcp host 199.x.x.x eq 1595
access-list acl_dmz permit tcp host 199.x.x.x eq 1596
access-list acl_dmz permit tcp host 199.x.x.x eq 1595
access-list acl_dmz permit tcp host 199.x.x.x eq 1596
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.84
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.117.12
access-list acl_dmz permit ip host 199.x.x.x eq 199.241.9.5
access-list acl_dmz permit tcp host 199.x.x.x eq 1527
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.24
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.25
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.26
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.27
access-list acl_dmz permit tcp host 199.x.x.x eq www
access-list acl_dmz permit tcp host 199.x.x.x eq https
access-list acl_dmz permit tcp host 199.x.x.x eq 1542
access-list acl_dmz permit tcp host 199.x.x.x eq 1526
access-list acl_dmz permit tcp host 199.x.x.x eq https
access-list acl_dmz permit tcp host 199.x.x.x eq 1590
access-list acl_dmz permit tcp host 199.x.x.x eq 1570
access-list acl_dmz permit tcp host 199.x.x.x eq 1595
access-list acl_dmz permit tcp host 199.x.x.x eq 1596
access-list acl_dmz permit tcp host 199.x.x.x eq 1527
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.24
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.25
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.26
access-list acl_dmz permit tcp host 199.x.x.x eq 172.27.116.27
access-list acl_dmz deny tcp any 172.0.0.0 255.0.0.0 eq ftp
access-list acl_dmz deny tcp any 199.x.x.x eq ftp
access-list acl_dmz deny tcp any 199.x.x.x eq www
access-list acl_dmz deny tcp any 172.0.0.0 255.0.0.0 eq www
access-list acl_dmz permit tcp any any eq www
access-list acl_dmz permit tcp any any eq ftp
access-list acl_dmz permit tcp host 199.x.x.x eq 192.168.204.76
access-list acl_dmz permit tcp host 199.x.x.x eq 192.168.204.189
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit ip host 199.x.x.x eq 172.27.116.11
access-list acl_dmz permit tcp host 199.x.x.x eq 1542
access-list acl_dmz permit tcp host 199.x.x.x eq 1595
access-list acl_dmz permit tcp host 199.x.x.x eq 1596
access-list acl_dmz permit tcp host 199.x.x.x eq smtp
access-list acl_dmz permit tcp host 199.x.x.x eq 1598
access-list acl_dmz permit udp host 199.x.x.x eq domain
access-list acl_dmz permit esp host 199.x.x.x eq any
access-list acl_dmz permit udp host 199.x.x.x eq isakmp
access-list acl_dmz permit udp host 199.x.x.x eq 4500
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit tcp host 199.x.x.x eq any
access-list acl_dmz permit tcp host 199.x.x.x eq 1596
access-list acl_dmz permit tcp host 199.x.x.x eq 1595
access-list acl_dmz permit tcp host 199.x.x.x eq 1542
access-list acl_dmz permit ip host 199.x.x.x eq 172.27.116.11
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit ip host 199.x.x.x eq 172.27.116.11
access-list acl_dmz permit tcp host 199.x.x.x eq 1542
access-list acl_dmz permit tcp host 199.x.x.x eq 1595
access-list acl_dmz permit tcp host 199.x.x.x eq 1596
access-list acl_dmz permit tcp host 199.x.x.x eq any
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit ip host 199.x.x.x eq 172.27.116.11
access-list acl_dmz permit tcp host 199.x.x.x eq 1542
access-list acl_dmz permit tcp host 199.x.x.x eq 1595
access-list acl_dmz permit tcp host 199.x.x.x eq 1596
access-list acl_dmz permit tcp host 199.x.x.x eq any
access-list acl_dmz permit tcp host 199.x.x.x eq any
access-list acl_dmz permit udp host 199.x.x.x eq any
access-list acl_dmz permit tcp host 199.x.x.x eq any
access-list acl_dmz permit tcp host 199.x.x.x eq 1433
access-list acl_dmz permit tcp host 199.x.x.x eq 1434
access-list acl_dmz permit tcp host 199.x.x.x eq 445
access-list acl_dmz permit ip host 199.x.x.x eq 172.27.116.151
access-list acl_dmz permit tcp host 199.x.x.x eq any
access-list toACS permit ip 199.x.x.x eq 138.69.20.241
access-list toACS permit ip 199.x.x.x eq 138.69.31.241
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 172.27.112.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.112.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.112.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list toACS permit ip 172.27.112.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list toACS permit ip 172.27.112.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list toACS permit ip 172.27.112.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 138.69.20.241
access-list toACS permit ip 199.x.x.x eq 138.69.31.241
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 138.69.20.241
access-list toACS permit ip 199.x.x.x eq 138.69.31.241
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 138.69.20.241
access-list toACS permit ip 199.x.x.x eq 138.69.31.241
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 138.69.20.241
access-list toACS permit ip 199.x.x.x eq 138.69.31.241
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 199.x.x.x eq 255.255.255.0
access-list toACS permit ip 172.27.128.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.128.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.128.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list toACS permit ip 172.27.128.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list toACS permit ip 172.27.128.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list toACS permit ip 172.27.128.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list toACS permit ip 172.27.144.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.144.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.144.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list toACS permit ip 172.27.144.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list toACS permit ip 172.27.144.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list toACS permit ip 172.27.144.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list toACS permit ip 172.27.160.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.160.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.160.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list toACS permit ip 172.27.160.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list toACS permit ip 172.27.160.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list toACS permit ip 172.27.160.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 138.69.31.241
access-list nonat permit ip 199.x.x.x eq 138.69.20.241
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 172.27.112.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.112.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.112.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list nonat permit ip 172.27.112.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list nonat permit ip 172.27.112.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list nonat permit ip 172.27.112.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 138.69.31.241
access-list nonat permit ip 199.x.x.x eq 138.69.20.241
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 138.69.31.241
access-list nonat permit ip 199.x.x.x eq 138.69.20.241
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 138.69.31.241
access-list nonat permit ip 199.x.x.x eq 138.69.20.241
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 138.69.31.241
access-list nonat permit ip 199.x.x.x eq 138.69.20.241
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 199.x.x.x eq 255.255.255.0
access-list nonat permit ip 172.27.128.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.128.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.128.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list nonat permit ip 172.27.128.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list nonat permit ip 172.27.128.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list nonat permit ip 172.27.128.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list nonat permit ip 172.27.144.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.144.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.144.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list nonat permit ip 172.27.144.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list nonat permit ip 172.27.144.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list nonat permit ip 172.27.144.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list nonat permit ip 172.27.160.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.160.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.160.0 255.255.240.0 138.69.31.0 255.255.255.0
access-list nonat permit ip 172.27.160.0 255.255.240.0 138.69.21.0 255.255.255.0
access-list nonat permit ip 172.27.160.0 255.255.240.0 172.30.202.0 255.255.255.0
access-list nonat permit ip 172.27.160.0 255.255.240.0 138.69.20.0 255.255.255.0
access-list acl_in deny ip any host 194.63.250.45
access-list acl_in deny ip any host 206.173.193.10
access-list acl_in deny ip any host 64.157.165.246
access-list acl_in deny ip any host 63.236.66.15
access-list acl_in deny ip any host 66.250.74.150
access-list acl_in deny ip any 205.236.189.0 255.255.255.0
access-list acl_in deny ip any host 66.28.250.176
access-list acl_in deny ip any host 63.147.61.208
access-list acl_in deny ip any host 64.94.162.236
access-list acl_in deny ip any host 63.209.100.240
access-list acl_in deny ip any 196.40.75.0 255.255.255.0
access-list acl_in permit tcp any host 199.x.x.x eq smtp
access-list acl_in permit tcp host 172.27.115.140 any
access-list acl_in permit tcp any 199.x.x.x eq 255.255.255.0
access-list acl_in permit udp any any
access-list acl_in permit tcp host 172.27.132.24 any eq smtp
access-list acl_in permit tcp any any
access-list acl_in permit icmp any any echo
access-list acl_cjnet deny ip any any
access-list acl_cjnet deny tcp any any
access-list acl_cjnet deny udp any any
access-list acl-dmz permit ip host 199.x.x.x eq any
pager lines 15
logging on
logging monitor warnings
logging buffered warnings
icmp permit any unreachable outside
icmp permit any echo-reply outside
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu cjnet 1500
mtu test 1500
mtu intf5 1500
ip address outside 199.x.x.x eq 255.255.255.224
ip address inside 192.168.12.254 255.255.255.0
ip address dmz 199.x.x.x eq 255.255.255.0
ip address cjnet 162.143.38.210 255.255.255.240
ip address test 199.x.x.x eq 255.255.255.224
no ip address intf5
ip verify reverse-path interface inside
ip verify reverse-path interface dmz
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp_pool 192.168.98.1-192.168.98.254
failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 199.241.10.200
failover ip address inside 192.168.12.253
failover ip address dmz 199.241.8.3
failover ip address cjnet 162.143.38.212
no failover ip address test
no failover ip address intf5
pdm location 172.27.116.250 255.255.255.255 inside
pdm location 198.31.196.0 255.255.255.0 outside
pdm location 172.27.116.2 255.255.255.255 inside
pdm location 172.27.116.10 255.255.255.255 inside
pdm location 172.27.116.16 255.255.255.255 inside
pdm location 172.27.116.21 255.255.255.255 inside
pdm location 172.27.116.24 255.255.255.255 inside
pdm location 172.27.116.25 255.255.255.255 inside
pdm location 172.27.116.26 255.255.255.255 inside
pdm location 172.27.116.27 255.255.255.255 inside
pdm location 172.27.116.35 255.255.255.255 inside
pdm location 172.27.117.12 255.255.255.255 inside
pdm location 172.27.117.13 255.255.255.255 inside
pdm location 172.27.127.5 255.255.255.255 inside
pdm location 172.27.127.253 255.255.255.255 inside
pdm location 172.27.112.0 255.255.240.0 inside
pdm location 172.27.132.30 255.255.255.255 inside
pdm location 172.27.128.0 255.255.240.0 inside
pdm location 172.27.144.0 255.255.240.0 inside
pdm location 172.27.160.0 255.255.240.0 inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 205.153.144.0 255.255.255.0 inside
pdm location 205.153.145.0 255.255.255.0 inside
pdm location 205.153.146.134 255.255.255.255 inside
pdm location 205.153.146.0 255.255.255.0 inside
pdm location 205.153.147.0 255.255.255.0 inside
pdm location 205.153.148.90 255.255.255.255 inside
pdm location 205.153.148.253 255.255.255.255 inside
pdm location 205.153.148.0 255.255.255.0 inside
pdm location 205.153.149.0 255.255.255.0 inside
pdm location 205.153.150.0 255.255.255.0 inside
pdm location 205.153.151.0 255.255.255.0 inside
pdm location 205.172.172.66 255.255.255.255 inside
pdm location 205.172.172.166 255.255.255.255 inside
pdm location 205.172.172.0 255.255.255.0 inside
pdm location 205.172.173.0 255.255.255.0 inside
pdm location 205.172.174.176 255.255.255.240 inside
pdm location 205.172.174.0 255.255.255.0 inside
pdm location 205.172.175.34 255.255.255.255 inside
pdm location 205.172.175.0 255.255.255.0 inside
pdm location 209.114.201.234 255.255.255.255 inside
pdm location 209.114.201.236 255.255.255.255 inside
pdm location 209.114.201.237 255.255.255.255 inside
pdm location 209.114.201.238 255.255.255.255 inside
pdm location 162.143.0.0 255.255.0.0 dmz
pdm location 172.27.116.10 255.255.255.255 dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 138.69.20.241 255.255.255.255 outside
pdm location 138.69.20.0 255.255.255.0 outside
pdm location 138.69.21.0 255.255.255.0 outside
pdm location 138.69.31.241 255.255.255.255 outside
pdm location 138.69.31.0 255.255.255.0 outside
pdm location 172.30.202.0 255.255.255.0 outside
pdm location 162.143.0.0 255.255.0.0 cjnet
pdm location 199.x.x.x eq inside
pdm location 172.27.117.1 255.255.255.255 inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 172.27.116.109 255.255.255.255 inside
pdm location 199.x.x.x eq dmz
pdm location 172.27.116.155 255.255.255.255 inside
pdm location 172.27.116.120 255.255.255.255 inside
pdm location 10.101.0.0 255.255.0.0 inside
pdm location 10.102.0.0 255.255.0.0 inside
pdm location 10.103.0.0 255.255.0.0 inside
pdm location 10.106.1.221 255.255.255.255 inside
pdm location 10.106.0.0 255.255.0.0 inside
pdm location 10.121.10.0 255.255.255.0 inside
pdm location 172.20.112.0 255.255.240.0 inside
pdm location 172.20.128.0 255.255.240.0 inside
pdm location 172.27.108.0 255.255.252.0 inside
pdm location 172.27.114.0 255.255.255.0 inside
pdm location 172.27.115.140 255.255.255.255 inside
pdm location 172.27.116.11 255.255.255.255 inside
pdm location 172.27.116.13 255.255.255.255 inside
pdm location 172.27.116.14 255.255.255.255 inside
pdm location 172.27.116.23 255.255.255.255 inside
pdm location 172.27.116.28 255.255.255.255 inside
pdm location 172.27.116.29 255.255.255.255 inside
pdm location 172.27.116.36 255.255.255.255 inside
pdm location 172.27.116.47 255.255.255.255 inside
pdm location 172.27.116.74 255.255.255.255 inside
pdm location 172.27.116.78 255.255.255.255 inside
pdm location 172.27.116.82 255.255.255.255 inside
pdm location 172.27.116.84 255.255.255.255 inside
pdm location 172.27.116.90 255.255.255.255 inside
pdm location 172.27.116.95 255.255.255.255 inside
pdm location 172.27.116.116 255.255.255.255 inside
pdm location 172.27.116.151 255.255.255.255 inside
pdm location 172.27.116.170 255.255.255.255 inside
pdm location 172.27.117.5 255.255.255.255 inside
pdm location 172.27.117.6 255.255.255.255 inside
pdm location 172.27.120.110 255.255.255.255 inside
pdm location 172.27.132.16 255.255.255.255 inside
pdm location 172.27.132.18 255.255.255.255 inside
pdm location 172.27.132.20 255.255.255.255 inside
pdm location 172.27.132.24 255.255.255.255 inside
pdm location 172.27.143.252 255.255.255.255 inside
pdm location 172.27.176.0 255.255.240.0 inside
pdm location 172.27.192.0 255.255.240.0 inside
pdm location 172.0.0.0 255.0.0.0 inside
pdm location 192.168.121.0 255.255.255.0 inside
pdm location 192.168.123.0 255.255.255.0 inside
pdm location 192.168.124.0 255.255.255.0 inside
pdm location 192.168.125.0 255.255.255.0 inside
pdm location 192.168.126.0 255.255.255.0 inside
pdm location 192.168.201.0 255.255.255.0 inside
pdm location 192.168.203.0 255.255.255.0 inside
pdm location 192.168.204.2 255.255.255.255 inside
pdm location 192.168.204.76 255.255.255.255 inside
pdm location 192.168.204.189 255.255.255.255 inside
pdm location 192.168.204.0 255.255.255.0 inside
pdm location 192.168.205.0 255.255.255.0 inside
pdm location 192.168.206.0 255.255.255.0 inside
pdm location 192.168.210.0 255.255.255.0 inside
pdm location 192.168.222.0 255.255.255.0 inside
pdm location 192.168.223.0 255.255.255.0 inside
pdm location 192.168.224.0 255.255.255.0 inside
pdm location 192.168.225.0 255.255.255.0 inside
pdm location 192.168.230.0 255.255.255.0 inside
pdm location 192.168.233.0 255.255.255.0 inside
pdm location 192.168.238.0 255.255.255.0 inside
pdm location 192.168.241.0 255.255.255.0 inside
pdm location 192.168.242.0 255.255.255.0 inside
pdm location 192.168.243.0 255.255.255.0 inside
pdm location 192.168.250.0 255.255.255.0 inside
pdm location 192.168.251.0 255.255.255.0 inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 199.x.x.x eq inside
pdm location 205.114.194.0 255.255.255.0 inside
pdm location 205.153.146.50 255.255.255.255 inside
pdm location 205.153.146.221 255.255.255.255 inside
pdm location 205.172.172.69 255.255.255.255 inside
pdm location 205.172.172.0 255.255.255.128 inside
pdm location 205.172.175.192 255.255.255.224 inside
pdm location 10.106.1.221 255.255.255.255 dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 199.x.x.x eq dmz
pdm location 205.153.146.221 255.255.255.255 dmz
pdm location 199.x.x.x eq cjnet
pdm location 12.159.180.253 255.255.255.255 outside
pdm location 64.132.118.2 255.255.255.255 outside
pdm location 64.132.127.242 255.255.255.255 outside
pdm location 199.x.x.x eq outside
pdm location 209.16.112.130 255.255.255.255 outside
pdm location 216.216.30.250 255.255.255.255 outside
pdm location 172.27.116.1 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 199.x.x.x eq 255.255.255.224
global (dmz) 1 199.x.x.x eq 255.255.255.0
global (cjnet) 1 162.143.38.211 netmask 255.255.255.240
global (test) 1 199.x.x.x eq 255.255.255.224
nat (inside) 0 access-list nonat
nat (inside) 0 172.27.116.1 255.255.255.255 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,dmz) 172.27.117.12 172.27.117.12 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,dmz) 172.27.116.21 172.27.116.21 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.24 172.27.116.24 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.25 172.27.116.25 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.26 172.27.116.26 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.27 172.27.116.27 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.35 172.27.116.35 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,dmz) 205.172.175.34 205.172.175.34 netmask 255.255.255.255 0 0
static (inside,dmz) 205.172.172.66 205.172.172.66 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.146.134 205.153.146.134 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.148.253 205.153.148.253 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 172.27.127.253 172.27.127.253 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.127.5 172.27.127.5 netmask 255.255.255.255 0 0
static (inside,dmz) 192.168.204.2 192.168.204.2 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,dmz) 172.27.132.30 172.27.132.30 netmask 255.255.255.255 0 0
static (inside,dmz) 205.172.172.166 205.172.172.166 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.116.35 172.27.116.35 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.13 172.27.117.13 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.148.90 205.153.148.90 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,outside) 172.27.117.12 172.27.117.12 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,dmz) 172.27.117.1 172.27.117.1 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.116.28 172.27.116.28 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 172.27.120.110 172.27.120.110 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.5 172.27.117.5 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.6 172.27.117.6 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.116.74 172.27.116.74 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.84 172.27.116.84 netmask 255.255.255.255 0 0
static (inside,outside) 172.20.112.0 172.20.112.0 netmask 255.255.240.0 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.116.14 172.27.116.14 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,dmz) 172.27.116.95 172.27.116.95 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.10 172.27.116.10 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.116.78 172.27.116.78 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 192.168.204.76 192.168.204.76 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 205.153.146.50 205.153.146.50 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.132.30 172.27.132.30 netmask 255.255.255.255 0 0
static (dmz,inside) 205.153.146.221 205.153.146.221 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.146.221 205.153.146.221 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 172.27.116.23 172.27.116.23 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.116.11 172.27.116.11 netmask 255.255.255.255 0 0
static (inside,dmz) 192.168.204.189 192.168.204.189 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.132.16 172.27.132.16 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,dmz) 172.27.116.11 172.27.116.11 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,dmz) 172.27.132.24 172.27.132.24 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.116.109 172.27.116.109 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.109 172.27.116.109 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (dmz,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 199.x.x.x eq 0
static (dmz,inside) 10.106.1.221 10.106.1.221 netmask 255.255.255.255 0 0
static (inside,dmz) 10.106.1.221 10.106.1.221 netmask 255.255.255.255 0 0
static (inside,dmz) 205.172.172.69 205.172.172.69 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.x.x eq 0
static (inside,outside) 172.27.116.151 172.27.116.151 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.151 172.27.116.151 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
access-group acl_dmz in interface dmz
access-group acl_cjnet in interface cjnet
route outside 0.0.0.0 0.0.0.0 199.x.x.x eq 1
route inside 10.101.0.0 255.255.0.0 192.168.12.1 1
route inside 10.102.0.0 255.255.0.0 192.168.12.1 1
route inside 10.103.0.0 255.255.0.0 192.168.12.1 1
route inside 10.106.0.0 255.255.0.0 192.168.12.1 1
route inside 10.121.10.0 255.255.255.0 192.168.12.1 1
route cjnet 162.143.0.0 255.255.0.0 162.143.38.209 1
route inside 172.20.112.0 255.255.240.0 192.168.12.1 1
route inside 172.20.128.0 255.255.240.0 192.168.12.1 1
route inside 172.27.108.0 255.255.252.0 192.168.12.113 1
route inside 172.27.112.0 255.255.240.0 192.168.12.1 1
route inside 172.27.128.0 255.255.240.0 192.168.12.1 1
route inside 172.27.144.0 255.255.240.0 192.168.12.1 1
route inside 172.27.160.0 255.255.240.0 192.168.12.1 1
route inside 172.27.176.0 255.255.240.0 192.168.12.1 1
route inside 172.27.192.0 255.255.240.0 192.168.12.1 1
route inside 192.168.121.0 255.255.255.0 192.168.12.1 1
route inside 192.168.123.0 255.255.255.0 192.168.12.1 1
route inside 192.168.124.0 255.255.255.0 192.168.12.1 1
route inside 192.168.125.0 255.255.255.0 192.168.12.1 1
route inside 192.168.126.0 255.255.255.0 192.168.12.1 1
route inside 192.168.201.0 255.255.255.0 192.168.12.1 1
route inside 192.168.203.0 255.255.255.0 192.168.12.1 1
route inside 192.168.204.0 255.255.255.0 192.168.12.1 1
route inside 192.168.205.0 255.255.255.0 192.168.12.1 1
route inside 192.168.206.0 255.255.255.0 192.168.12.1 1
route inside 192.168.210.0 255.255.255.0 192.168.12.1 1
route inside 192.168.222.0 255.255.255.0 192.168.12.1 1
route inside 192.168.223.0 255.255.255.0 192.168.12.1 1
route inside 192.168.224.0 255.255.255.0 192.168.12.1 1
route inside 192.168.225.0 255.255.255.0 192.168.12.1 1
route inside 192.168.230.0 255.255.255.0 192.168.12.1 1
route inside 192.168.233.0 255.255.255.0 192.168.0.1 1
route inside 192.168.238.0 255.255.255.0 192.168.12.1 1
route inside 192.168.241.0 255.255.255.0 192.168.12.1 1
route inside 192.168.242.0 255.255.255.0 192.168.12.1 1
route inside 192.168.243.0 255.255.255.0 192.168.12.1 1
route inside 192.168.250.0 255.255.255.0 192.168.12.1 1
route inside 192.168.251.0 255.255.255.0 192.168.12.1 1
route inside 199.x.x.x eq 1
route inside 199.x.x.x eq 1
route inside 199.x.x.x eq 1
route inside 199.x.x.x eq 1
route inside 199.x.x.x eq 1
route inside 199.x.x.x eq 1
route inside 199.x.x.x eq 1
route cjnet 199.x.x.x eq 1
route outside 199.x.x.x eq 1
route inside 205.114.194.0 255.255.255.0 192.168.12.1 1
route inside 205.153.144.0 255.255.255.0 192.168.12.1 1
route inside 205.153.145.0 255.255.255.0 192.168.12.1 1
route inside 205.153.146.0 255.255.255.0 192.168.12.1 1
route inside 205.153.147.0 255.255.255.0 192.168.12.1 1
route inside 205.153.148.0 255.255.255.0 192.168.12.1 1
route inside 205.153.149.0 255.255.255.0 192.168.12.1 1
route inside 205.153.150.0 255.255.255.0 192.168.12.1 0
route inside 205.153.151.0 255.255.255.0 192.168.12.1 1
route inside 205.172.172.0 255.255.255.128 192.168.12.1 1
route inside 205.172.173.0 255.255.255.0 192.168.12.1 1
route inside 205.172.174.0 255.255.255.0 192.168.12.1 1
route inside 205.172.174.176 255.255.255.240 192.168.12.1 1
route inside 205.172.175.192 255.255.255.224 192.168.12.1 1
route inside 209.114.201.234 255.255.255.255 192.168.12.1 1
route inside 209.114.201.236 255.255.255.255 192.168.12.1 1
route inside 209.114.201.237 255.255.255.255 192.168.12.1 1
route inside 209.114.201.238 255.255.255.255 192.168.12.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 172.27.127.253 source inside
http server enable
http 199.x.x.x eq inside
http 199.x.x.x eq inside
http 172.27.114.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 199.x.x.x eq /
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set slsset esp-3des esp-md5-hmac
crypto map ACS 10 ipsec-isakmp
crypto map ACS 10 match address toACS
crypto map ACS 10 set peer 12.42.34.140
crypto map ACS 10 set transform-set slsset
crypto map ACS interface outside
isakmp enable outside

isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 172.27.116.10 255.255.255.255 inside
telnet 172.27.112.0 255.255.240.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 60
ssh timeout 5
console timeout 0
vpdn group pptp_users accept dialin pptp
vpdn group pptp_users ppp authentication mschap
vpdn group pptp_users ppp encryption mppe auto
vpdn group pptp_users client configuration address local pptp_pool
vpdn group pptp_users client configuration dns 199.241.8.5
vpdn group pptp_users pptp echo 60
vpdn group pptp_users client authentication local
 
OK, so we need to clean this up before I can figure out what is going on. Your search and replace took out important info.

1. For external IP's I need teh first and last octect so I can match them up (X out the middle 2)
2. same for the routes
3. You can leave the pdm location stuff off

Are the internal servers or the dmz web server behind any other routers or attachded directly to a switch that is attached to the pix interfaces?


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Thanks for taking the time Supergrrover, I'll remote in tomorrow and pull the config. I thought what I gave you might have been a little too cut up. This pix has been in production a long time and it contains a lot of legacy support that probably isn't needed anymore. I'm in the unfortunate postion of coming into a network that has been around since the early 90s. This firewall hasn't been there that long, of course but some of the devices it supports are getting a little long in the tooth. It's a Windows shop and I was brought in as a Active Directory administrator which quickly became Network Engineer. I do have some router and switching experience but I'm new to pix. Look for another post from me tomorrow with more info. And thanks again.

Jim
Network Engineer
MCSE,CCNA,Net+,Sec+
 
I used different letters for the third octet to designate different subnets. Thanks.

:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 100full
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
nameif ethernet3 cjnet security40
nameif ethernet4 test security20
nameif ethernet5 intf5 security25

domain-name ciscopix.com
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 1400
fixup protocol ftp 21
fixup protocol ftp 8082
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list compiled
access-list acl_out permit tcp any host 199.x.b.75 eq www
access-list acl_out permit tcp any host 199.x.a.7 eq www
access-list acl_out permit udp any host 199.x.a.5 eq domain
access-list acl_out permit tcp any host 199.x.a.101 eq www
access-list acl_out permit tcp any host 199.x.a.100 eq ftp
access-list acl_out permit tcp any host 199.x.b.209 eq www
access-list acl_out permit tcp any host 199.x.a.100 eq www
access-list acl_out permit tcp any host 199.x.a.100 eq https
access-list acl_out permit tcp any host 199.x.a.90 eq www
access-list acl_out deny ip host 12.159.180.253 any
access-list acl_out deny ip host 216.216.30.250 any
access-list acl_out permit udp any host 199.x.f.25 eq domain
access-list acl_out permit tcp any host 199.x.b.76 eq www
access-list acl_out permit tcp any host 199.x.a.8 eq www
access-list acl_out permit tcp any host 199.x.c.198 eq telnet
access-list acl_out permit tcp any host 199.x.a.107 eq ftp
access-list acl_out permit tcp any host 199.x.a.107 eq www
access-list acl_out permit tcp any host 199.x.a.107 eq https
access-list acl_out permit tcp any host 199.x.c.199 eq www
access-list acl_out permit tcp any host 199.x.c.216 eq www
access-list acl_out permit ip host 64.132.118.2 any
access-list acl_out permit ip host 64.132.127.242 any
access-list acl_out permit tcp any host 199.x.a.22 eq smtp
access-list acl_out permit ip host 209.16.112.130 host 199.x.c.198
access-list acl_out permit tcp any host 199.x.a.115 eq www
access-list acl_out permit tcp any host 199.x.a.115 eq ftp
access-list acl_out permit tcp any host 199.x.c.219 eq 3389
access-list acl_out permit tcp any host 199.x.c.219 eq 5900
access-list acl_out permit tcp any host 199.x.c.219 eq 5800
access-list acl_out permit tcp any host 199.x.a.88 eq www
access-list acl_out permit tcp any host 199.x.a.88 eq ftp
access-list acl_out permit tcp any host 172.27.132.20 eq 8234
access-list acl_out permit tcp any host 172.27.132.20 eq 8235
access-list acl_out permit udp any host 172.27.132.20 eq 8234
access-list acl_out permit udp any host 172.27.132.20 eq 8235
access-list acl_out permit tcp any host 199.x.c.219 eq 8234
access-list acl_out permit tcp any host 199.x.c.219 eq 8235
access-list acl_out permit udp any host 199.x.c.219 eq 8234
access-list acl_out permit udp any host 199.x.c.219 eq 8235
access-list acl_out permit tcp any host 199.x.a.50 eq www
access-list acl_out permit tcp any host 199.x.a.5 eq domain
access-list acl_out permit tcp any host 199.x.f.25 eq domain
access-list acl_out permit esp any host 199.x.a.113
access-list acl_out permit udp any host 199.x.a.113 eq isakmp
access-list acl_out permit udp any host 199.x.a.113 eq 4500
access-list acl_out permit tcp any host 199.x.a.125 eq ftp
access-list acl_out permit tcp any host 199.x.a.125 eq www
access-list acl_out permit tcp any host 199.x.c.197 eq ftp
access-list acl_out permit tcp any host 199.x.a.254 eq www
access-list acl_out permit tcp any host 199.x.a.254 eq ftp
access-list acl_out permit tcp any host 199.x.a.253 eq www
access-list acl_out permit tcp any host 199.x.a.253 eq ftp
access-list acl_out permit tcp any host 199.x.c.221 eq smtp
access-list acl_out permit tcp any host 199.x.c.221 eq imap4
access-list acl_out permit icmp any any echo-reply
access-list acl_out permit icmp any any time-exceeded
access-list acl_out permit icmp any any unreachable
access-list acl_out permit tcp any host 199.x.b.250 eq www
access-list acl_out permit tcp any host 199.x.b.250 eq https
access-list acl_dmz permit tcp host 199.x.a.7 host 199.x.b.203 eq 1526
access-list acl_dmz permit udp host 199.x.a.5 any eq domain
access-list acl_dmz permit tcp host 199.x.a.22 any eq smtp
access-list acl_dmz permit udp 199.x.a.0 255.255.255.0 host 172.27.127.253 eq
ntp
access-list acl_dmz permit tcp host 199.x.a.22 host 172.27.132.30 eq smtp
access-list acl_dmz permit tcp host 199.x.a.90 host 172.27.117.13 eq 1590
access-list acl_dmz permit tcp host 199.x.a.90 host 199.x.b.127 eq 1433
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.117.12 eq 1542
access-list acl_dmz permit tcp host 199.x.a.100 host 199.x.b.203 eq 1526
access-list acl_dmz permit tcp host 199.x.a.100 any eq https
access-list acl_dmz permit tcp host 199.x.a.90 host 172.27.116.24
access-list acl_dmz permit tcp host 199.x.a.90 host 172.27.116.25
access-list acl_dmz permit tcp host 199.x.a.90 host 172.27.116.26
access-list acl_dmz permit tcp host 199.x.a.90 host 172.27.116.27
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.117.13 eq 1590
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.117.1 eq 1570
access-list acl_dmz permit tcp host 199.x.a.184 host 192.168.204.2
access-list acl_dmz permit tcp host 199.x.a.184 host 199.x.b.75 eq www
access-list acl_dmz permit tcp host 199.x.a.209 host 172.27.120.110 eq 6401
access-list acl_dmz permit tcp host 199.x.a.209 host 172.27.120.110
access-list acl_dmz permit tcp host 199.x.a.7 host 172.27.117.5 eq 1595
access-list acl_dmz permit tcp host 199.x.a.7 host 172.27.117.6 eq 1596
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.117.5 eq 1595
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.117.6 eq 1596
access-list acl_dmz permit tcp host 199.x.a.209 host 172.27.116.84
access-list acl_dmz permit tcp host 199.x.a.90 host 172.27.117.12
access-list acl_dmz permit ip host 199.x.a.90 host 199.x.b.5
access-list acl_dmz permit tcp host 199.x.a.100 host 199.x.b.71 eq 1527
access-list acl_dmz permit tcp host 199.x.a.100 host 199.x.b.5 eq 1433
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.116.24
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.116.25
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.116.26
access-list acl_dmz permit tcp host 199.x.a.100 host 172.27.116.27
access-list acl_dmz permit tcp host 199.x.a.22 any eq www
access-list acl_dmz permit tcp host 199.x.a.22 any eq https
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.117.12 eq 1542
access-list acl_dmz permit tcp host 199.x.a.107 host 199.x.b.203 eq 1526
access-list acl_dmz permit tcp host 199.x.a.107 any eq https
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.117.13 eq 1590
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.117.1 eq 1570
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.117.5 eq 1595
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.117.6 eq 1596
access-list acl_dmz permit tcp host 199.x.a.107 host 199.x.b.71 eq 1527
access-list acl_dmz permit tcp host 199.x.a.107 host 199.x.b.5 eq 1433
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.116.24
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.116.25
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.116.26
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.116.27
access-list acl_dmz deny tcp any 172.0.0.0 255.0.0.0 eq ftp
access-list acl_dmz deny tcp any 199.0.0.0 255.0.0.0 eq ftp
access-list acl_dmz deny tcp any 199.0.0.0 255.0.0.0 eq www
access-list acl_dmz deny tcp any 172.0.0.0 255.0.0.0 eq www
access-list acl_dmz permit tcp any any eq www
access-list acl_dmz permit tcp any any eq ftp
access-list acl_dmz permit tcp host 199.x.a.184 host 192.168.204.76
access-list acl_dmz permit tcp host 199.x.a.184 host 192.168.204.189
access-list acl_dmz permit tcp host 199.x.a.115 host 172.27.116.11 eq 1433
access-list acl_dmz permit ip host 199.x.a.115 host 172.27.116.11
access-list acl_dmz permit tcp host 199.x.a.115 host 172.27.117.12 eq 1542
access-list acl_dmz permit tcp host 199.x.a.115 host 172.27.117.5 eq 1595
access-list acl_dmz permit tcp host 199.x.a.115 host 172.27.117.6 eq 1596
access-list acl_dmz permit tcp host 199.x.a.22 host 172.27.132.24 eq smtp
access-list acl_dmz permit tcp host 199.x.a.107 host 172.27.116.109 eq 1598
access-list acl_dmz permit udp host 199.x.f.25 any eq domain
access-list acl_dmz permit esp host 199.x.a.113 any
access-list acl_dmz permit udp host 199.x.a.113 any eq isakmp
access-list acl_dmz permit udp host 199.x.a.113 any eq 4500
access-list acl_dmz permit tcp host 199.x.a.125 host 172.27.116.11 eq 1433
access-list acl_dmz permit tcp host 199.x.a.125 any
access-list acl_dmz permit tcp host 199.x.a.125 host 172.27.117.6 eq 1596
access-list acl_dmz permit tcp host 199.x.a.125 host 172.27.117.5 eq 1595
access-list acl_dmz permit tcp host 199.x.a.125 host 172.27.117.12 eq 1542
access-list acl_dmz permit ip host 199.x.a.125 host 172.27.116.11
access-list acl_dmz permit tcp host 199.x.c.197 host 172.27.116.11 eq 1433
access-list acl_dmz permit tcp host 199.x.a.254 host 172.27.116.11 eq 1433
access-list acl_dmz permit ip host 199.x.a.254 host 172.27.116.11
access-list acl_dmz permit tcp host 199.x.a.254 host 172.27.116.12 eq 1542
access-list acl_dmz permit tcp host 199.x.a.254 host 172.27.116.5 eq 1595
access-list acl_dmz permit tcp host 199.x.a.254 host 172.27.116.6 eq 1596
access-list acl_dmz permit tcp host 199.x.a.254 any
access-list acl_dmz permit tcp host 199.x.a.253 host 172.27.116.11 eq 1433
access-list acl_dmz permit ip host 199.x.a.253 host 172.27.116.11
access-list acl_dmz permit tcp host 199.x.a.253 host 172.27.117.12 eq 1542
access-list acl_dmz permit tcp host 199.x.a.253 host 172.27.117.5 eq 1595
access-list acl_dmz permit tcp host 199.x.a.253 host 172.27.117.6 eq 1596
access-list acl_dmz permit tcp host 199.x.a.253 any
access-list acl_dmz permit tcp host 199.x.a.113 any
access-list acl_dmz permit udp host 199.x.a.113 any
access-list acl_dmz permit tcp host 199.x.b.250 any
access-list acl_dmz permit tcp host 199.x.a.115 host 172.27.116.151 eq 1433
access-list acl_dmz permit tcp host 199.x.a.115 host 172.27.116.151 eq 1434
access-list acl_dmz permit tcp host 199.x.a.115 host 172.27.116.1 eq 445
access-list acl_dmz permit ip host 199.x.a.115 host 172.27.116.151
access-list acl_dmz permit tcp host 199.x.a.115 any
access-list toACS permit ip 199.x.b.0 255.255.255.0 host 138.69.20.241
access-list toACS permit ip 199.x.b.0 255.255.255.0 host 138.69.31.241
access-list toACS permit ip 199.x.b.0 255.255.255.0 138.69.31.0 255.255.255.0
access-list toACS permit ip 199.x.b.0 255.255.255.0 138.69.21.0 255.255.255.0
access-list toACS permit ip 199.x.b.0 255.255.255.0 172.30.202.0 255.255.255.0

access-list toACS permit ip 199.x.b.0 255.255.255.0 138.69.20.0 255.255.255.0
access-list toACS permit ip 172.27.112.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.112.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.112.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 172.27.112.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 172.27.112.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 172.27.112.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list toACS permit ip 199.x.e.0 255.255.255.0 host 138.69.20.241
access-list toACS permit ip 199.x.e.0 255.255.255.0 host 138.69.31.241
access-list toACS permit ip 199.x.e.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 199.x.e.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 199.x.e.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 199.x.e.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list toACS permit ip 199.x.d.0 255.255.255.0 host 138.69.20.241
access-list toACS permit ip 199.x.d.0 255.255.255.0 host 138.69.31.241
access-list toACS permit ip 199.x.d.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 199.x.d.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 199.x.d.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 199.x.d.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list toACS permit ip 199.x.f.0 255.255.255.0 host 138.69.20.241
access-list toACS permit ip 199.x.f.0 255.255.255.0 host 138.69.31.241
access-list toACS permit ip 199.x.f.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 199.x.f.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 199.x.f.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 199.x.f.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list toACS permit ip 199.x.c.0 255.255.255.0 host 138.69.20.241
access-list toACS permit ip 199.x.c.0 255.255.255.0 host 138.69.31.241
access-list toACS permit ip 199.x.c.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 199.x.c.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 199.x.c.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 199.x.c.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list toACS permit ip 172.27.128.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.128.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.128.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 172.27.128.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 172.27.128.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 172.27.128.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list toACS permit ip 172.27.144.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.144.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.144.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 172.27.144.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 172.27.144.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 172.27.144.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list toACS permit ip 172.27.160.0 255.255.240.0 host 138.69.20.241
access-list toACS permit ip 172.27.160.0 255.255.240.0 host 138.69.31.241
access-list toACS permit ip 172.27.160.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list toACS permit ip 172.27.160.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list toACS permit ip 172.27.160.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list toACS permit ip 172.27.160.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 199.x.b.0 255.255.255.0 host 138.69.31.241
access-list nonat permit ip 199.x.b.0 255.255.255.0 host 138.69.20.241
access-list nonat permit ip 199.x.b.0 255.255.255.0 138.69.31.0 255.255.255.0
access-list nonat permit ip 199.x.b.0 255.255.255.0 138.69.21.0 255.255.255.0
access-list nonat permit ip 199.x.b.0 255.255.255.0 172.30.202.0 255.255.255.0

access-list nonat permit ip 199.x.b.0 255.255.255.0 138.69.20.0 255.255.255.0
access-list nonat permit ip 172.27.112.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.112.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.112.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 172.27.112.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 172.27.112.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 172.27.112.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 199.x.e.0 255.255.255.0 host 138.69.31.241
access-list nonat permit ip 199.x.e.0 255.255.255.0 host 138.69.20.241
access-list nonat permit ip 199.x.e.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 199.x.e.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 199.x.e.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 199.x.e.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 199.x.d.0 255.255.255.0 host 138.69.31.241
access-list nonat permit ip 199.x.d.0 255.255.255.0 host 138.69.20.241
access-list nonat permit ip 199.x.d.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 199.x.d.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 199.x.d.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 199.x.d.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 199.x.f.0 255.255.255.0 host 138.69.31.241
access-list nonat permit ip 199.x.f.0 255.255.255.0 host 138.69.20.241
access-list nonat permit ip 199.x.f.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 199.x.f.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 199.x.f.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 199.x.f.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 199.x.c.0 255.255.255.0 host 138.69.31.241
access-list nonat permit ip 199.x.c.0 255.255.255.0 host 138.69.20.241
access-list nonat permit ip 199.x.c.0 255.255.255.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 199.x.c.0 255.255.255.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 199.x.c.0 255.255.255.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 199.x.c.0 255.255.255.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 172.27.128.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.128.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.128.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 172.27.128.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 172.27.128.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 172.27.128.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 172.27.144.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.144.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.144.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 172.27.144.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 172.27.144.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 172.27.144.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list nonat permit ip 172.27.160.0 255.255.240.0 host 138.69.31.241
access-list nonat permit ip 172.27.160.0 255.255.240.0 host 138.69.20.241
access-list nonat permit ip 172.27.160.0 255.255.240.0 138.69.31.0 255.255.255.0

access-list nonat permit ip 172.27.160.0 255.255.240.0 138.69.21.0 255.255.255.0

access-list nonat permit ip 172.27.160.0 255.255.240.0 172.30.202.0 255.255.255.
0
access-list nonat permit ip 172.27.160.0 255.255.240.0 138.69.20.0 255.255.255.0

access-list acl_in deny ip any host 194.63.250.45
access-list acl_in deny ip any host 206.173.193.10
access-list acl_in deny ip any host 64.157.165.246
access-list acl_in deny ip any host 63.236.66.15
access-list acl_in deny ip any host 66.250.74.150
access-list acl_in deny ip any 205.236.189.0 255.255.255.0
access-list acl_in deny ip any host 66.28.250.176
access-list acl_in deny ip any host 63.147.61.208
access-list acl_in deny ip any host 64.94.162.236
access-list acl_in deny ip any host 63.209.100.240
access-list acl_in deny ip any 196.40.75.0 255.255.255.0
access-list acl_in permit tcp any host 199.x.a.22 eq smtp
access-list acl_in permit tcp host 172.27.115.140 any
access-list acl_in permit tcp any 199.x.a.0 255.255.255.0
access-list acl_in permit udp any any
access-list acl_in permit tcp host 172.27.132.24 any eq smtp
access-list acl_in permit tcp any any
access-list acl_in permit icmp any any echo
access-list acl_cjnet deny ip any any
access-list acl_cjnet deny tcp any any
access-list acl_cjnet deny udp any any
access-list acl-dmz permit ip host 199.x.a.22 any
pager lines 15
logging on
logging monitor warnings
logging buffered warnings
icmp permit any unreachable outside
icmp permit any echo-reply outside
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu cjnet 1500
mtu test 1500
mtu intf5 1500
ip address outside 199.x.c.193 255.255.255.224
ip address inside 192.168.12.254 255.255.255.0
ip address dmz 199.x.a.1 255.255.255.0
ip address cjnet 162.143.38.210 255.255.255.240
ip address test 199.x.c.161 255.255.255.224
no ip address intf5
ip verify reverse-path interface inside
ip verify reverse-path interface dmz
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp_pool 192.168.98.1-192.168.98.254
failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 199.x.c.200
failover ip address inside 192.168.12.253
failover ip address dmz 199.x.a.3
failover ip address cjnet 162.143.38.212
no failover ip address test
no failover ip address intf5

arp timeout 14400
global (outside) 1 199.x.c.194 netmask 255.255.255.224
global (dmz) 1 199.x.a.2 netmask 255.255.255.0
global (cjnet) 1 162.143.38.211 netmask 255.255.255.240
global (test) 1 199.x.c.162 netmask 255.255.255.224
nat (inside) 0 access-list nonat
nat (inside) 0 172.27.116.1 255.255.255.255 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (dmz,outside) 199.x.a.7 199.x.a.7 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.12 172.27.117.12 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.b.71 199.x.b.71 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.b.171 199.x.b.171 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.b.203 199.x.b.203 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.d.49 199.x.d.49 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.240 199.x.a.240 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.5 199.x.a.5 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.22 199.x.a.22 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.75 199.x.b.75 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.176 199.x.b.176 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.185 199.x.a.185 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.200 199.x.a.200 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.184 199.x.a.184 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.86 199.x.a.86 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.21 172.27.116.21 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.24 172.27.116.24 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.25 172.27.116.25 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.26 172.27.116.26 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.27 172.27.116.27 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.35 172.27.116.35 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.14 199.x.b.14 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.100 199.x.b.100 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.18 199.x.b.18 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.d.49 199.x.d.49 netmask 255.255.255.255 0 0
static (inside,dmz) 205.172.175.34 205.172.175.34 netmask 255.255.255.255 0 0
static (inside,dmz) 205.172.172.66 205.172.172.66 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.146.134 205.153.146.134 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.148.253 205.153.148.253 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.d.142 199.x.d.142 netmask 255.255.255.255 0
0
static (inside,outside) 199.x.d.182 199.x.d.182 netmask 255.255.255.255 0
0
static (inside,outside) 199.x.d.185 199.x.d.185 netmask 255.255.255.255 0
0
static (inside,dmz) 172.27.127.253 172.27.127.253 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.127.5 172.27.127.5 netmask 255.255.255.255 0 0
static (inside,dmz) 192.168.204.2 192.168.204.2 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.b.75 199.x.b.75 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.132.30 172.27.132.30 netmask 255.255.255.255 0 0
static (inside,dmz) 205.172.172.166 205.172.172.166 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.187 199.x.a.187 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.32 199.x.b.32 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.3 199.x.b.3 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.252 199.x.b.252 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.217 199.x.b.217 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.207 199.x.b.207 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.24 199.x.b.24 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.5 199.x.b.5 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.116.35 172.27.116.35 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.13 172.27.117.13 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.148.90 205.153.148.90 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.90 199.x.a.90 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.b.127 199.x.b.127 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.117.12 172.27.117.12 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.100 199.x.a.100 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.246 199.x.b.246 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.101 199.x.a.101 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.253 199.x.b.253 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.95 199.x.b.95 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.209 199.x.b.209 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.b.129 199.x.b.129 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.1 172.27.117.1 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.d.170 199.x.d.170 netmask 255.255.255.255 0
0
static (inside,outside) 199.x.b.76 199.x.b.76 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.116.28 172.27.116.28 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.e.228 199.x.e.228 netmask 255.255.255.255 0
0
static (inside,dmz) 172.27.120.110 172.27.120.110 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.5 172.27.117.5 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.117.6 172.27.117.6 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.210 199.x.b.210 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.116.74 172.27.116.74 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.84 172.27.116.84 netmask 255.255.255.255 0 0
static (inside,outside) 172.20.112.0 172.20.112.0 netmask 255.255.240.0 0 0
static (inside,outside) 199.x.e.2 199.x.e.2 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.116.14 172.27.116.14 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.d.252 199.x.d.252 netmask 255.255.255.255 0
0
static (inside,dmz) 199.x.b.5 199.x.b.5 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.95 172.27.116.95 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.10 172.27.116.10 netmask 255.255.255.255 0 0
static (inside,dmz) 199.x.b.76 199.x.b.76 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.197 172.27.116.90 netmask 255.255.255.255 0 0

static (dmz,outside) 199.x.a.8 199.x.a.8 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.217 172.27.116.82 netmask 255.255.255.255 0 0

static (inside,outside) 199.x.b.71 199.x.b.71 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.198 172.27.117.1 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.23 199.x.a.23 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.220 172.27.116.47 netmask 255.255.255.255 0 0

static (inside,outside) 172.27.116.78 172.27.116.78 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.107 199.x.a.107 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.199 172.27.116.13 netmask 255.255.255.255 0 0

static (inside,outside) 199.x.b.11 199.x.b.11 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.216 172.27.116.36 netmask 255.255.255.255 0 0

static (inside,dmz) 192.168.204.76 192.168.204.76 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.216 199.x.b.216 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.146.50 205.153.146.50 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.215 172.27.116.16 netmask 255.255.255.255 0 0

static (inside,outside) 199.x.c.202 172.27.116.116 netmask 255.255.255.255 0
0
static (inside,outside) 172.27.132.30 172.27.132.30 netmask 255.255.255.255 0 0
static (dmz,inside) 205.153.146.221 205.153.146.221 netmask 255.255.255.255 0 0
static (inside,dmz) 205.153.146.221 205.153.146.221 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.f.5 199.x.f.5 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.116.23 172.27.116.23 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.116.11 172.27.116.11 netmask 255.255.255.255 0 0
static (inside,dmz) 192.168.204.189 192.168.204.189 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.132.16 172.27.132.16 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.195 172.27.116.29 netmask 255.255.255.255 0 0

static (inside,dmz) 172.27.116.11 172.27.116.11 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.115 199.x.a.115 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.219 172.27.132.18 netmask 255.255.255.255 0 0

static (dmz,outside) 199.x.a.88 199.x.a.88 netmask 255.255.255.255 0 0
static (inside,dmz) 172.27.132.24 172.27.132.24 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.218 172.27.132.20 netmask 255.255.255.255 0 0

static (dmz,outside) 199.x.a.50 199.x.a.50 netmask 255.255.255.255 0 0
static (inside,outside) 172.27.116.109 172.27.116.109 netmask 255.255.255.255 0
0
static (inside,dmz) 172.27.116.109 172.27.116.109 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.f.25 199.x.f.25 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.113 199.x.a.113 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.125 199.x.a.125 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.196 172.27.116.170 netmask 255.255.255.255 0
0
static (dmz,outside) 199.x.a.254 199.x.a.254 netmask 255.255.255.255 0 0
static (dmz,outside) 199.x.a.253 199.x.a.253 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.c.204 172.27.116.155 netmask 255.255.255.255 0
0
static (inside,outside) 199.x.c.203 172.27.116.120 netmask 255.255.255.255 0
0
static (inside,outside) 199.x.c.221 172.27.143.252 netmask 255.255.255.255 0
0
static (dmz,inside) 10.106.1.221 10.106.1.221 netmask 255.255.255.255 0 0
static (inside,dmz) 10.106.1.221 10.106.1.221 netmask 255.255.255.255 0 0
static (inside,dmz) 205.172.172.69 205.172.172.69 netmask 255.255.255.255 0 0
static (inside,outside) 199.x.b.250 172.27.116.250 netmask 255.255.255.255 0 0

static (inside,outside) 172.27.116.151 172.27.116.151 netmask 255.255.255.255 0
0
static (inside,dmz) 172.27.116.151 172.27.116.151 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
access-group acl_dmz in interface dmz
access-group acl_cjnet in interface cjnet
route outside 0.0.0.0 0.0.0.0 199.x.c.222 1
route inside 10.101.0.0 255.255.0.0 192.168.12.1 1
route inside 10.102.0.0 255.255.0.0 192.168.12.1 1
route inside 10.103.0.0 255.255.0.0 192.168.12.1 1
route inside 10.106.0.0 255.255.0.0 192.168.12.1 1
route inside 10.121.10.0 255.255.255.0 192.168.12.1 1
route cjnet 162.143.0.0 255.255.0.0 162.143.38.209 1
route inside 172.20.112.0 255.255.240.0 192.168.12.1 1
route inside 172.20.128.0 255.255.240.0 192.168.12.1 1
route inside 172.27.108.0 255.255.252.0 192.168.12.113 1
route inside 172.27.112.0 255.255.240.0 192.168.12.1 1
route inside 172.27.128.0 255.255.240.0 192.168.12.1 1
route inside 172.27.144.0 255.255.240.0 192.168.12.1 1
route inside 172.27.160.0 255.255.240.0 192.168.12.1 1
route inside 172.27.176.0 255.255.240.0 192.168.12.1 1
route inside 172.27.192.0 255.255.240.0 192.168.12.1 1
route inside 192.168.121.0 255.255.255.0 192.168.12.1 1
route inside 192.168.123.0 255.255.255.0 192.168.12.1 1
route inside 192.168.124.0 255.255.255.0 192.168.12.1 1
route inside 192.168.125.0 255.255.255.0 192.168.12.1 1
route inside 192.168.126.0 255.255.255.0 192.168.12.1 1
route inside 192.168.201.0 255.255.255.0 192.168.12.1 1
route inside 192.168.203.0 255.255.255.0 192.168.12.1 1
route inside 192.168.204.0 255.255.255.0 192.168.12.1 1
route inside 192.168.205.0 255.255.255.0 192.168.12.1 1
route inside 192.168.206.0 255.255.255.0 192.168.12.1 1
route inside 192.168.210.0 255.255.255.0 192.168.12.1 1
route inside 192.168.222.0 255.255.255.0 192.168.12.1 1
route inside 192.168.223.0 255.255.255.0 192.168.12.1 1
route inside 192.168.224.0 255.255.255.0 192.168.12.1 1
route inside 192.168.225.0 255.255.255.0 192.168.12.1 1
route inside 192.168.230.0 255.255.255.0 192.168.12.1 1
route inside 192.168.233.0 255.255.255.0 192.168.0.1 1
route inside 192.168.238.0 255.255.255.0 192.168.12.1 1
route inside 192.168.241.0 255.255.255.0 192.168.12.1 1
route inside 192.168.242.0 255.255.255.0 192.168.12.1 1
route inside 192.168.243.0 255.255.255.0 192.168.12.1 1
route inside 192.168.250.0 255.255.255.0 192.168.12.1 1
route inside 192.168.251.0 255.255.255.0 192.168.12.1 1
route inside 199.x.b.0 255.255.255.0 192.168.12.1 1
route inside 199.x.c.32 255.255.255.224 192.168.12.1 1
route inside 199.x.c.96 255.255.255.224 192.168.12.1 1
route inside 199.x.c.128 255.255.255.224 192.168.12.1 1
route inside 199.x.d.0 255.255.255.0 192.168.12.1 1
route inside 199.x.e.0 255.255.255.0 192.168.12.1 1
route inside 199.x.f.0 255.255.255.0 192.168.12.1 1
route cjnet 199.250.21.0 255.255.255.0 162.143.38.209 1
route outside 199.250.21.20 255.255.255.255 199.x.c.222 1
route inside 205.114.194.0 255.255.255.0 192.168.12.1 1
route inside 205.153.144.0 255.255.255.0 192.168.12.1 1
route inside 205.153.145.0 255.255.255.0 192.168.12.1 1
route inside 205.153.146.0 255.255.255.0 192.168.12.1 1
route inside 205.153.147.0 255.255.255.0 192.168.12.1 1
route inside 205.153.148.0 255.255.255.0 192.168.12.1 1
route inside 205.153.149.0 255.255.255.0 192.168.12.1 1
route inside 205.153.150.0 255.255.255.0 192.168.12.1 0
route inside 205.153.151.0 255.255.255.0 192.168.12.1 1
route inside 205.172.172.0 255.255.255.128 192.168.12.1 1
route inside 205.172.173.0 255.255.255.0 192.168.12.1 1
route inside 205.172.174.0 255.255.255.0 192.168.12.1 1
route inside 205.172.174.176 255.255.255.240 192.168.12.1 1
route inside 205.172.175.192 255.255.255.224 192.168.12.1 1
route inside 209.114.201.234 255.255.255.255 192.168.12.1 1
route inside 209.114.201.236 255.255.255.255 192.168.12.1 1
route inside 209.114.201.237 255.255.255.255 192.168.12.1 1
route inside 209.114.201.238 255.255.255.255 192.168.12.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 172.27.127.253 source inside
http server enable
http 199.x.b.181 255.255.255.255 inside
http 199.x.b.3 255.255.255.255 inside
http 172.27.114.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 199.x.b.181 /
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set slsset esp-3des esp-md5-hmac
crypto map ACS 10 ipsec-isakmp
crypto map ACS 10 match address toACS
crypto map ACS 10 set peer 12.42.34.140
crypto map ACS 10 set transform-set slsset
crypto map ACS interface outside
isakmp enable outside

isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 172.27.116.10 255.255.255.255 inside
telnet 172.27.112.0 255.255.240.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 60
ssh timeout 5
console timeout 0
vpdn group pptp_users accept dialin pptp
vpdn group pptp_users ppp authentication mschap
vpdn group pptp_users ppp encryption mppe auto
vpdn group pptp_users client configuration address local pptp_pool
vpdn group pptp_users client configuration dns 199.x.a.5
vpdn group pptp_users pptp echo 60
vpdn group pptp_users client authentication local

: end


Jim
Network Engineer
MCSE,CCNA,Net+,Sec+
 
These lines
nat (inside) 0 172.27.116.1 255.255.255.255 0 0
static (inside,outside) 172.27.116.151 172.27.116.151 netmask 255.255.255.255 0 0
tell the pix not to NAT the 172.27.116.1 or the 172.27.116.151 addresses when going anywhere. They are your culprits.

Put "no" in front of them and they are gone and then "clear xlate". The internet for those should be up for them after that.

It may be time to start cleaning up that config and remove anything that isn't necessary or no longer in use. That thing is quite a beast. Check the CPU utilization and memory use and see how they are doing.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Beast is right. I'll get on those lines tomorrow. Thank you so much. I know there are references to things that don't exist anymore. It will take a while to sift through them.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top