! ! This is automatically generated file. DO NOT MODIFY ! ! ! Firewall Builder fwb_pix v1.1.0-20031102cvs ! ! Generated Fri Nov 7 22:54:05 2003 PST by vadim ! ! Prolog script: ! ! ! End of prolog script: ! nameif eth1 outside security0 nameif eth0 inside security100 no logging buffered no logging console no logging timestamp no logging on timeout xlate 3:0:0 timeout conn 1:0:0 timeout udp 0:2:0 timeout rpc 0:10:0 timeout h323 0:5:0 timeout sip 0:30:0 timeout sip_media 0:2:0 timeout uauth 2:0:0 absolute clear snmp-server no snmp-server enable traps clear ntp no service resetinbound no service resetoutside no sysopt connection timewait no sysopt nodnsalias inbound no sysopt nodnsalias outbound floodguard disable clear access-list clear icmp clear object-group clear telnet clear ssh ! ! Rule 0(outside) ! Anti-spoofing rule ! access-list outside_acl remark 0(outside) access-list outside_acl deny ip host 192.0.2.1 any access-list outside_acl deny ip host 10.1.1.1 any access-list outside_acl deny ip 10.1.1.0 255.255.255.0 any ! ! Rule 0(global) ! ssh access to firewall ! ssh 10.1.1.0 255.255.255.0 inside ! ! Rule 1(global) ! firewall uses DNS server on LAN ! access-list outside_acl remark 1(global) access-list outside_acl permit tcp host 192.0.2.1 10.1.1.0 255.255.255.0 eq 53 access-list inside_acl remark 1(global) access-list inside_acl permit tcp host 10.1.1.1 10.1.1.0 255.255.255.0 eq 53 access-list outside_acl permit udp host 192.0.2.1 10.1.1.0 255.255.255.0 eq 53 access-list inside_acl permit udp host 10.1.1.1 10.1.1.0 255.255.255.0 eq 53 ! ! Rule 2(global) ! 'masquerading' rule ! access-list inside_acl remark 2(global) access-list inside_acl permit ip 10.1.1.0 255.255.255.0 any ! ! Rule 3(global) ! 'catch all' rule ! access-list outside_acl remark 3(global) access-list outside_acl deny ip any any access-list inside_acl remark 3(global) access-list inside_acl deny ip any any access-group inside_acl in interface inside access-group outside_acl in interface outside telnet timeout -1 ssh timeout -1 clear xlate clear static clear global clear nat ! ! Rule 0(NAT) ! ! global (outside) 1 interface access-list id3FAC7F06.0 permit ip 10.1.1.0 255.255.255.0 any nat (inside) 1 access-list id3FAC7F06.0 ! ! Epilog script: ! ! End of epilog script: !