pixfirewall> en
Password:
pixfirewall# show run
: Saved
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 203.95.102.10 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 203.95.1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:87eef335e5cc042f60486a8f950c8468
: end
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
:
PIX Version 6.3(3)
pixfirewall# show inte ethernet0 auto
interface ethernet0 "outside" is up, line protocol is down
nameif ethernet0 outside security0
Hardware is i82559 ethernet, address is 000f.908f.2e5f
enable password 8Ry2Y
IP address 203.95.102.10, subnet mask 255.255.255.248
passwd 2KFQnbNIdI.2KYOU encrypted
MTU 1500 bytes, BW 10000 Kbit half duplex
fixup protocol dns maximum
0 packets input, 0 bytes, 0 no buffer
fixup protocol ftp 21
Received 0 broadcasts, 0 runts, 0 giants
fixup protocol h323 ras 1718-1719
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
fixup protocol rsh 514
fixup protocol rtsp
aaa-server TACACS+ protocol tacacs+
38 packets output, 2706 bytes, 0 underrunsl radius
aaa-serv
0 output errors, 0 collisions, 0 interface resetssnmp-server location
no snmp-serve
0 babbles, 0 late collisions, 0 deferrednity public
no snmp-
1 lost carrier, 0 no carrier
floodguard enable
input queue (curr/max blocks): hardware (128/128) software (0/1)ole timeout 0
terminal width 80
Crypto
pi
pixfirewall#
pi
pixfirewall# show ve
pixfirewall#
Cisco PIX Firewall Version 6.3(3)firewall#
pixfirewall
Cisco PIX Device Manager Version 3.0(1)ixfirewall#
pixfirewall#
1: ethernet1: address is 000f.908f.2e60, irq 11
Licensed Features:
Failover: Disabled
×××-DES: Enabled
×××-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has a Restricted (R) license.
Serial Number: 808242422 (0x302cccf6)
Running Activation Key: 0x8e6e5eea 0xd75f7a69 0x07255152 0x0faadaa8
Configuration last modified by enable_15 at 21:41:09.735 UTC Sat Feb 4 2012
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
r1# show ? Confi
At the end of show <command>, use the pipe character '|' followed by: Configure group settings for Cisco ××× Clients and
fixup prot
begin|include|exclude|grep [-v] <regular_exp>, to filter show output. Cisco Easy ××× Remote products
mtu inside 1500
aaa Enable, disable, or view TACACS+, RADIUS or LOCAL
ip address inside 192.168.1.
xlate
user authentication, authorization and accountingionion alarm
ip audit attack action ala
aaa-server Define AAA Server group#y e
r1#e
r1#
r1#
r1#rp
meout
access-group Bind an access-list to an interface to filter inbound traffic
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
condu
access-list Add an access list
route outside 0.0.0
activation-key Modify activation-key.
timeout
age This command is deprecat
PIX Version 6.3(3)
interface ethernet0 auto
checksum View configuration information cryptochecksumeif ethernet0 outside security0
chunkstat Display chunk statsy100
clock Show and set the date and time of PIX
passwd 2KFQnbNIdI
conduit Add conduit access to higher security level network or ICMP
fixup protocol dns maximum-length 512
configure Configure from terminal, floppy, memory, network, orcol h323 h225 1720
fixup protocol h323
timeout xlate 3:00:00
timeou
curpriv Display current privilege levelpc 0:10:00 h225 1:00:00
debug Debug packets or ICMP tracings through the PIX Firewall.0 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
dhcpd Configure DHCP Servermeout uauth 0:05:00 absolute
dhcprelay Configure DHCP Relay Agentotocol tacacs+
domain-name Change domain nameradius
dynamic-map Specify a dynamic crypto map template
no snmp-server location
eeprom show or reprogram the 525 onboard i82559 devices community public
no snmp-server ena
enable Configure enable passwordsuard enable
telnet timeou
established Allow inbound connections based nsole timeout 0
ering conf
fixup Add or delete PIX service and feature defaults
Type help or '?' for a list of avail
flashfs Show, destroy, or preserve filesystem informationixfirewall(config)# login authenticate FOR_VTY
fragment Configure the IP fragment database list of available commands.
global Specify, delete or view global address pools,
pixfirewall(config)#
pixfirewall(
or designate a PAT(Port Address Translated) address
pixfirewall(config)# int s1
h225 Show the current h225 data stored r "s1"
interface Set network interface paremeters and configure VLANstdown]]
igmp Clear or display IGMP groupsgical|physical] [shutdown]
ip Set the ip address and mask for an interface interface <hardware_id> change-vlan <old_vlan_id> <new
Define a local address pool
ipsec Configure IPSEC policy ethernet0 "outside" is up, line proto
isakmp Configure ISAKMP policy
Hardware is
local-host Display or clear the local host network information
IP address 203.95.102.10, subnet
logging Enable logging facility
M
mac-list Add a list of mac addresses using first match search
0 packets input, 0 bytes, 0 no buffer
map Configure IPsec crypto map Received 0 broadcasts, 0 runts, 0 gia
memory System memory utilization
0 input errors, 0 CRC,
mgcp Configure the Media Gateway Control Protocol fixu
nameif Assign a name to an interface
int
names Enable, disable or display IP address to name conversion
Hardware is i82559 ethernet, addres
nat Associate a network with a pool of global IP addresses
IP address 192.168.1.1, subnet mask 255.255.255.0
ntp Configure Network T
pdm Configure PIX Device Manager
0 babbles, 0 late col
prefix-list Configure a prefix-list
1 l
privilege Configure/Display privilege levels for commands input queue (curr/max blocks): hardware (128/128) softwar
processes Display processes
rip Broadcast default route or blocks
router Create/configure OSPF routing process
pixfirewall(config)
routing Configure interface specific unicast routing parameters.
pixfirewall(config)# rface ethernet0
running-config Display the current running configurationst of available commands.
service Enable system services
pixfirewall(confi
shun Manages the filtering of packets from undesired hostsrewall(config)# interface ethernet0
sip Show the current data stored for each SIP session. interface <hardware_id> [<hw_speed> [shutdown]]
skinny Show the current data stored for each Skinny sessware_id> <vlan_id>
startup-config Display the startup configuration
static Configure one-to-one address translation ruleal] [shutdown]
telnet Add telnet access to PIX console and set idle timeout
terminal Set terminal line parameters
tftp-server Specify default TFTP server address and directory
timeout Set the maximum idle times
traffic Counters for traffic statistics
uauth Display or clear current user authorization information
url-cache Enable URL caching
url-block Enable URL pending block buffer and long URL support
url-server Specify a URL filter server
username Configure user authentication local database
version Display PIX system software version
virtual Set address for authentication virtual servers
vpdn Configure VPDN (PPTP, L2TP, PPPoE) Policy
***client Configure Easy ××× Remote
***group Configure group settings for Cisco ××× Clients and
Cisco Easy ××× Remote products
who Show active administration sessions on PIX
xlate Display current translation and connection slot information
r1# show
r1#
r1#