added test files for pix 6, 7 and 8 import; build 3500

2026-03-18 17:27:20 +01:00 · 2011-03-13 12:42:51 -07:00 · 2011-03-13 12:42:51 -07:00 · bc2a25a901
commit bc2a25a901
parent e748c72a1f
8 changed files with 595 additions and 5 deletions
--- a/2
+++ b/2
@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3499"
+BUILD_NUM="3500"

 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

--- a/VERSION.h
+++ b/VERSION.h
@ -1,2 +1,2 @@
-#define VERSION      "4.2.0.3499"
+#define VERSION      "4.2.0.3500"
 #define GENERATION   "4.2"
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@ -3,7 +3,7 @@


 %define name    fwbuilder
-%define version 4.2.0.3499
+%define version 4.2.0.3500
 %define release 1

 %if "%_vendor" == "MandrakeSoft"
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
 Priority: extra
 Section: checkinstall
 Maintainer: vadim@fwbuilder.org
-Version: 4.2.0.3499-1
+Version: 4.2.0.3500-1
 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
 Description: Firewall Builder GUI and policy compilers
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@ -1,6 +1,6 @@

 %define name    fwbuilder
-%define version 4.2.0.3499
+%define version 4.2.0.3500
 %define release 1

 %if "%_vendor" == "MandrakeSoft"
--- a/src/unit_tests/ImporterTest/test_data/asa8.3.test
+++ b/src/unit_tests/ImporterTest/test_data/asa8.3.test
@ -0,0 +1,154 @@
+: Saved
+:
+ASA Version 8.3(2) 
+!
+hostname asa5505
+enable password XXXXXXXXXXXXXXXX encrypted
+passwd YYYYYYYYYYYYYYYY encrypted
+names
+name 1.2.3.4 gw
+name 192.168.3.0 fake_network
+name 192.168.4.1 inside_ip
+!
+interface Vlan1
+ nameif inside
+ security-level 100
+ ip address dhcp setroute 
+!
+interface Vlan2
+ nameif outside
+ security-level 0
+ ip address 192.168.2.1 255.255.255.0 
+!
+interface Ethernet0/0
+ switchport access vlan 2
+!
+interface Ethernet0/1
+!
+interface Ethernet0/2
+!             
+interface Ethernet0/3
+!
+interface Ethernet0/4
+!
+interface Ethernet0/5
+!
+interface Ethernet0/6
+!
+interface Ethernet0/7
+!
+boot system disk0:/asa832-k8.bin
+ftp mode passive
+object network internal_subnet_1 
+ subnet 192.168.1.0 255.255.255.192
+object network internal_subnet_2 
+ subnet 192.168.1.64 255.255.255.192
+object service smtp 
+ service tcp destination eq smtp 
+object network firewall90:FastEthernet1:ip-1 
+ host 22.22.22.23
+object network Internal_net 
+ subnet 192.168.1.0 255.255.255.0
+object service http 
+ service tcp destination eq www 
+object network hostA:eth0 
+ host 192.168.1.10
+object service squid 
+ service tcp destination eq 3128 
+object network spamhost1 
+ host 61.150.47.112
+object network spamhost2 
+ host 61.150.47.113
+object service smtps 
+ service tcp destination eq 465 
+object network outside_range-1 
+ range 22.22.22.30 22.22.22.40
+object network external_gw2 
+ host 22.22.22.100
+object-group network outside.id178211X29963.osrc.net.0
+ network-object object internal_subnet_1
+ network-object object internal_subnet_2
+object-group network outside.id21353X4994.osrc.net.0
+ network-object object internal_subnet_1
+ network-object object Internal_net
+ network-object object internal_subnet_2
+object-group network outside.id77971X5929.osrc.net.1
+ network-object object internal_subnet_1
+ network-object object internal_subnet_2
+object-group network outside.id77971X5929.odst.net.1
+ network-object object spamhost1
+ network-object object spamhost2
+object-group service outside.id77971X5929.osrv.1
+ service-object object smtp 
+ service-object object smtps 
+object-group network outside.id77971X5929.tsrc.net.1
+ network-object object outside_range-1
+ network-object object external_gw2
+object-group network outside.id77971X5929.osrc.net.0
+ network-object object internal_subnet_1
+ network-object object internal_subnet_2
+object-group network outside.id77971X5929.odst.net.0
+ network-object object spamhost1
+ network-object object spamhost2
+object-group network outside.id77971X5929.tsrc.net.0
+ network-object object outside_range-1
+ network-object object external_gw2
+access-list outside_acl_in extended deny ip any any log 
+pager lines 24
+logging enable
+logging buffered errors
+logging asdm informational
+mtu inside 1500
+mtu outside 1500
+icmp unreachable rate-limit 1 burst-size 1
+no asdm history enable
+arp timeout 14400
+nat (inside,outside) source dynamic outside.id178211X29963.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp
+nat (inside,outside) source dynamic outside.id21353X4994.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp
+nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid
+nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.0 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtp smtp
+nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.1 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtps smtps
+timeout xlate 3:00:00
+timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
+timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
+timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
+timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
+timeout tcp-proxy-reassembly 0:01:00
+dynamic-access-policy-record DfltAccessPolicy
+aaa authentication ssh console LOCAL 
+http server enable
+http 192.168.1.0 255.255.255.0 inside
+no snmp-server location
+no snmp-server contact
+snmp-server enable traps snmp authentication linkup linkdown coldstart
+crypto ipsec security-association lifetime seconds 28800
+crypto ipsec security-association lifetime kilobytes 4608000
+telnet timeout 5
+ssh scopy enable
+ssh 10.10.10.0 255.255.255.0 inside
+ssh 10.1.1.0 255.255.255.0 inside
+ssh timeout 30
+ssh version 2
+console timeout 0
+
+threat-detection basic-threat
+threat-detection statistics access-list
+no threat-detection statistics tcp-intercept
+webvpn
+username foo password AAAAAAAAAAAAAAAA encrypted privilege 15
+!
+!
+prompt hostname context 
+call-home
+ profile CiscoTAC-1
+  no active
+  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
+  destination address email callhome@cisco.com
+  destination transport-method http
+  subscribe-to-alert-group diagnostic
+  subscribe-to-alert-group environment
+  subscribe-to-alert-group inventory periodic monthly
+  subscribe-to-alert-group configuration periodic monthly
+  subscribe-to-alert-group telemetry periodic daily
+Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+: end
--- a/src/unit_tests/ImporterTest/test_data/pix6.test
+++ b/src/unit_tests/ImporterTest/test_data/pix6.test
@ -0,0 +1,230 @@
+: Saved
+:
+PIX Version 6.3(5)
+interface ethernet0 auto
+interface ethernet1 auto
+nameif ethernet0 outside security0
+nameif ethernet1 inside security100
+enable password XXXXXXXXXXXXXXXX encrypted
+passwd YYYYYYYYYYYYYYYY encrypted
+hostname guardian
+domain-name some-domain.org
+clock timezone PDT -7
+clock summer-time PDT recurring
+fixup protocol ctiqbe 2748
+fixup protocol dns maximum-length 65535
+fixup protocol ftp 21
+fixup protocol h323 h225 1720
+fixup protocol h323 ras 1718-1719
+fixup protocol http 80
+fixup protocol icmp error
+fixup protocol ils 389
+fixup protocol mgcp 2427
+fixup protocol mgcp 2727
+fixup protocol pptp 1723
+fixup protocol rsh 514
+fixup protocol rtsp 554
+fixup protocol sip 5060
+fixup protocol sip udp 5060
+fixup protocol skinny 2000
+no fixup protocol smtp 25
+fixup protocol sqlnet 1521
+fixup protocol tftp 69
+names
+object-group icmp-type inside.id12349X2458.srv.icmp.0 
+  icmp-object time-exceeded 
+  icmp-object echo-reply 
+  icmp-object unreachable 
+object-group icmp-type outside.id12363X2458.srv.icmp.0 
+  icmp-object echo 
+  icmp-object time-exceeded 
+  icmp-object echo-reply 
+  icmp-object unreachable 
+object-group service outside.id12376X2458.srv.udp.0 udp 
+  port-object eq bootpc 
+  port-object eq bootps 
+object-group service outside.id12438X2458.srv.tcp.0 tcp 
+  port-object eq ssh 
+  port-object eq www 
+object-group service outside.id12466X2458.srv.tcp.0 tcp 
+  port-object eq 8765 
+  port-object eq ssh 
+access-list outside_acl_in remark 0 (ethernet0)
+access-list outside_acl_in deny ip host 10.1.1.202 any log 5 
+access-list outside_acl_in deny ip 10.1.1.0 255.255.255.0 any log 5 
+access-list outside_acl_in remark 3 (global)
+access-list outside_acl_in permit icmp any interface outside object-group outside.id12363X2458.srv.icmp.0 
+access-list outside_acl_in remark 4 (global)
+access-list outside_acl_in remark fw uses DHCP
+access-list outside_acl_in remark plus many DHCP requests
+access-list outside_acl_in remark from cable modem
+access-list outside_acl_in permit udp any interface outside object-group outside.id12376X2458.srv.udp.0 
+access-list outside_acl_in permit udp any host 255.255.255.255 object-group outside.id12376X2458.srv.udp.0 
+access-list outside_acl_in remark 6 (global)
+access-list outside_acl_in deny tcp any interface outside eq ident 
+access-list outside_acl_in remark 7 (global)
+access-list outside_acl_in permit tcp any host 10.1.1.10 eq smtp 
+access-list outside_acl_in remark 10 (global)
+access-list outside_acl_in remark using swatch to automatically
+access-list outside_acl_in remark block probing ssh connections, so no
+access-list outside_acl_in remark need to limit
+access-list outside_acl_in permit tcp any interface outside eq ssh 
+access-list outside_acl_in permit tcp any interface outside eq www 
+access-list outside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 
+access-list outside_acl_in remark 11 (global)
+access-list outside_acl_in permit tcp any interface outside eq 8765 
+access-list outside_acl_in permit tcp any interface outside eq 2222 
+access-list outside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 
+access-list outside_acl_in remark 17 (global)
+access-list outside_acl_in permit icmp any interface outside 
+access-list outside_acl_in permit icmp any any 
+access-list outside_acl_in remark 19 (global)
+access-list outside_acl_in remark 'catch all' rule
+access-list outside_acl_in deny ip any any log 5 
+access-list inside_acl_in remark 1 (global)
+access-list inside_acl_in permit tcp 10.1.1.0 255.255.255.0 host 10.1.1.202 eq www 
+access-list inside_acl_in permit udp 10.1.1.0 255.255.255.0 host 10.1.1.202 eq snmp 
+access-list inside_acl_in remark 2 (global)
+access-list inside_acl_in permit icmp host 10.1.1.202 host 10.1.1.202 object-group inside.id12349X2458.srv.icmp.0 
+access-list inside_acl_in permit icmp host 10.1.1.202 any object-group inside.id12349X2458.srv.icmp.0 
+access-list inside_acl_in remark 3 (global)
+access-list inside_acl_in permit icmp any host 10.1.1.202 object-group outside.id12363X2458.srv.icmp.0 
+access-list inside_acl_in remark 5 (global)
+access-list inside_acl_in permit ip host 10.1.1.202 any 
+access-list inside_acl_in remark 6 (global)
+access-list inside_acl_in deny tcp any host 10.1.1.202 eq ident 
+access-list inside_acl_in remark 7 (global)
+access-list inside_acl_in permit tcp any host 10.1.1.10 eq smtp 
+access-list inside_acl_in remark 10 (global)
+access-list inside_acl_in remark using swatch to automatically
+access-list inside_acl_in remark block probing ssh connections, so no
+access-list inside_acl_in remark need to limit
+access-list inside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 
+access-list inside_acl_in remark 11 (global)
+access-list inside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 
+access-list inside_acl_in remark 17 (global)
+access-list inside_acl_in permit icmp any host 10.1.1.202 
+access-list inside_acl_in permit icmp any any 
+access-list inside_acl_in remark 18 (global)
+access-list inside_acl_in permit ip 10.1.1.0 255.255.255.0 any 
+access-list inside_acl_in remark 19 (global)
+access-list inside_acl_in remark 'catch all' rule
+access-list inside_acl_in deny ip any any log 5 
+access-list id12594X2458.0 permit tcp host 10.1.1.43 eq www any 
+access-list id12594X2458.1 permit tcp host 127.0.0.1 eq www any 
+access-list id12594X2458.2 permit tcp host 10.1.1.43 eq ssh any 
+access-list id12594X2458.3 permit tcp host 127.0.0.1 eq ssh any 
+access-list id12626X2458.0 permit tcp host 10.1.1.42 eq smtp any 
+access-list id12626X2458.1 permit tcp host 10.1.1.42 eq 993 any 
+access-list id12626X2458.2 permit tcp host 10.1.1.42 eq 587 any 
+access-list id12642X2458.0 permit tcp host 10.1.1.46 eq ssh any 
+access-list id12656X2458.0 permit tcp host 10.1.1.46 eq 8765 any 
+access-list id12670X2458.0 permit tcp host 10.1.1.32 eq 5900 any 
+access-list id12684X2458.0 permit tcp host 10.1.1.102 eq 5901 any 
+access-list id12743X2458.0 permit ip 10.1.1.0 255.255.255.0 any 
+no pager
+logging on
+logging timestamp
+logging buffered informational
+logging trap notifications
+logging facility 16
+logging queue 10
+logging device-id ipaddress inside
+logging host inside 10.1.1.10
+logging host inside 10.1.1.40 format emblem
+icmp permit any echo outside
+icmp permit any time-exceeded outside
+icmp permit any echo-reply outside
+icmp permit any unreachable outside
+icmp permit any outside
+icmp permit host 10.1.1.202 time-exceeded inside
+icmp permit host 10.1.1.202 echo-reply inside
+icmp permit host 10.1.1.202 unreachable inside
+icmp permit any echo inside
+icmp permit any time-exceeded inside
+icmp permit any echo-reply inside
+icmp permit any unreachable inside
+icmp permit any inside
+icmp permit 10.1.1.0 255.255.255.0 inside
+mtu outside 1500
+mtu inside 1500
+ip address outside dhcp setroute retry 10
+ip address inside 10.1.1.202 255.255.255.0
+ip audit info action alarm
+ip audit attack action alarm
+pdm history enable
+arp timeout 14400
+global (outside) 1 interface
+nat (inside) 1 access-list id12743X2458.0 0 0
+static (inside,outside) tcp interface www access-list id12594X2458.0 0 0 
+static (inside,outside) tcp interface ssh access-list id12594X2458.2 0 0 
+static (inside,outside) tcp interface smtp access-list id12626X2458.0 0 0 
+static (inside,outside) tcp interface 993 access-list id12626X2458.1 0 0 
+static (inside,outside) tcp interface 587 access-list id12626X2458.2 0 0 
+static (inside,outside) tcp interface 2222 access-list id12642X2458.0 0 0 
+static (inside,outside) tcp interface 8765 access-list id12656X2458.0 0 0 
+static (inside,outside) tcp interface 5900 access-list id12670X2458.0 0 0 
+static (inside,outside) tcp interface 5901 access-list id12684X2458.0 0 0 
+access-group outside_acl_in in interface outside
+access-group inside_acl_in in interface inside
+timeout xlate 3:00:00
+timeout conn 1:00:00 half-closed 0:00:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
+timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:00:00
+timeout sip-disconnect 0:02:00 sip-invite 0:03:00
+timeout uauth 2:00:00 absolute
+aaa-server TACACS+ protocol tacacs+ 
+aaa-server TACACS+ max-failed-attempts 3 
+aaa-server TACACS+ deadtime 10 
+aaa-server RADIUS protocol radius 
+aaa-server RADIUS max-failed-attempts 3 
+aaa-server RADIUS deadtime 10 
+aaa-server LOCAL protocol local 
+aaa authentication ssh console LOCAL
+aaa authentication telnet console LOCAL
+aaa authorization command LOCAL 
+ntp server 10.1.1.10 source inside prefer
+http server enable
+http 10.1.1.40 255.255.255.255 inside
+http 10.1.1.0 255.255.255.0 inside
+snmp-server host inside 10.1.1.30
+snmp-server host inside 10.1.1.41
+snmp-server host inside 10.1.1.42
+no snmp-server location
+no snmp-server contact
+snmp-server community public
+no snmp-server enable traps
+floodguard enable
+sysopt connection permit-ipsec
+service resetinbound
+service resetoutside
+crypto ipsec transform-set tripledes esp-3des esp-md5-hmac 
+crypto map real 10 ipsec-isakmp
+crypto map real 10 set peer 192.168.171.2
+crypto map real 10 set transform-set tripledes
+! Incomplete
+crypto map real interface outside
+crypto map real interface inside
+isakmp enable outside
+isakmp key ******** address 192.168.171.2 netmask 255.255.255.255 
+isakmp identity address
+isakmp policy 1 authentication pre-share
+isakmp policy 1 encryption 3des
+isakmp policy 1 hash md5
+isakmp policy 1 group 2
+isakmp policy 1 lifetime 86400
+isakmp policy 10 authentication pre-share
+isakmp policy 10 encryption 3des
+isakmp policy 10 hash sha
+isakmp policy 10 group 2
+isakmp policy 10 lifetime 86400
+telnet 10.1.1.0 255.255.255.0 inside
+telnet timeout 5
+ssh 10.1.1.30 255.255.255.255 inside
+ssh 10.1.1.0 255.255.255.0 inside
+ssh timeout 5
+console timeout 0
+username foo password AAAAAAAAAAAAAAAA encrypted privilege 15
+terminal width 256
+Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+: end
+
--- a/src/unit_tests/ImporterTest/test_data/pix7.test
+++ b/src/unit_tests/ImporterTest/test_data/pix7.test
@ -0,0 +1,206 @@
+: Saved
+:
+PIX Version 7.2(1) 
+!
+terminal width 511
+hostname pix1
+domain-name some-domain.org
+enable password XXXXXXXXXXXXXXXX encrypted
+names
+name 1.2.3.4 gw
+name 192.168.3.0 fake_network
+name 192.168.4.1 inside_ip
+!
+dns-guard
+!
+interface Ethernet0
+ no nameif
+ no security-level
+ no ip address
+!
+interface Ethernet0.101
+ vlan 101
+ nameif outside
+ security-level 0
+ ip address 192.0.2.253 255.255.255.0 
+!
+interface Ethernet0.102
+ vlan 102
+ nameif dmz20 
+ security-level 20
+ ip address 10.0.0.253 255.255.255.0 standby 10.0.0.254 
+!
+interface Ethernet1
+ speed 100
+ duplex full
+ nameif inside
+ security-level 100
+ ip address 10.1.1.206 255.255.255.0 
+!
+interface Ethernet2
+ description LAN/STATE Failover Interface
+ speed 10
+!
+interface Ethernet3
+ shutdown
+ no nameif
+ no security-level
+ no ip address
+!
+interface Ethernet4
+ shutdown
+ no nameif
+ no security-level
+ no ip address
+!             
+interface Ethernet5
+ shutdown
+ no nameif
+ no security-level
+ no ip address
+!
+passwd MMMMMMMMMMMMMMMM encrypted
+boot system flash:/pix721.bin
+ftp mode passive
+clock timezone PDT -7
+dns server-group DefaultDNS
+ domain-name some-domain.org
+object-group network outside.id12051X6282.src.net.0
+ network-object host 10.1.1.206
+ network-object host 10.1.1.207
+object-group network outside.id12051X6282.src.net.1
+ network-object host 172.17.1.253
+ network-object host 172.17.1.254
+ network-object host 192.0.2.253
+ network-object host 192.0.2.254
+object-group network outside.id12051X6282.src.net.2
+ network-object host 10.0.0.253
+ network-object host 10.0.0.254
+access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.0 any log warnings 
+access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.1 any log warnings 
+access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.2 any log warnings 
+access-list outside_in extended deny ip 10.1.1.0 255.255.255.0 any log warnings 
+access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.0 10.1.1.0 255.255.255.0 eq domain log warnings 
+access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.1 10.1.1.0 255.255.255.0 eq domain log warnings 
+access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.2 10.1.1.0 255.255.255.0 eq domain log warnings 
+access-list inside_out extended permit ip 10.1.1.0 255.255.255.0 any 
+access-list inside_out extended deny ip any any log warnings 
+access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.0 log warnings 
+access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.1 log warnings 
+access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.2 log warnings 
+access-list inside_in extended permit ip 10.1.1.0 255.255.255.0 any 
+access-list inside_in extended deny ip any any log warnings 
+access-list id12251X6282.0 extended permit ip 10.1.1.0 255.255.255.0 any 
+pager lines 24
+logging enable
+logging emblem
+logging trap debugging
+logging history informational
+logging facility 16
+logging queue 10
+logging device-id ipaddress inside
+logging host inside 192.168.240.20
+logging host inside 10.1.1.40 format emblem
+logging class config buffered debugging 
+mtu outside 1500
+mtu dmz20 1500
+mtu inside 1500
+failover
+failover lan unit primary
+failover lan interface failover Ethernet2
+failover lan enable
+failover key *****
+failover link failover Ethernet2
+failover interface ip failover 172.17.1.253 255.255.255.252 standby 172.17.1.254
+no asdm history enable
+arp timeout 14400
+nat-control
+global (outside) 1 interface
+nat (inside) 1 access-list id12251X6282.0
+access-group outside_in in interface outside
+access-group inside_in in interface inside
+access-group inside_out out interface inside
+route inside 192.168.10.0 255.255.255.0 10.1.1.254 1
+route inside 10.1.2.0 255.255.255.0 10.1.1.201 1
+timeout xlate 3:00:00
+timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
+timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
+timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
+timeout uauth 2:00:00 absolute
+aaa-server TACACS+ protocol tacacs+
+aaa-server RADIUS protocol radius
+username fwbtest password AAAAAAAAAAAAAAAA encrypted privilege 15
+aaa authentication ssh console LOCAL 
+snmp-server host inside 10.1.1.180 community public
+snmp-server host inside 10.1.1.30 community public
+snmp-server host inside 10.1.1.40 poll community public version 2c
+no snmp-server location
+no snmp-server contact
+snmp-server community public
+crypto ipsec transform-set spde esp-des esp-sha-hmac 
+crypto map spdemap 21 set peer 192.0.2.254 
+crypto map spdemap 21 set transform-set spde
+crypto isakmp identity address 
+crypto isakmp policy 21
+ authentication pre-share
+ encryption des
+ hash sha
+ group 1
+ lifetime 3600
+crypto isakmp policy 65535
+ authentication pre-share
+ encryption 3des
+ hash sha
+ group 2
+ lifetime 86400
+tunnel-group 192.0.2.254 type ipsec-l2l
+tunnel-group 192.0.2.254 ipsec-attributes
+ pre-shared-key *
+telnet timeout 5
+ssh scopy enable
+ssh 10.1.1.0 255.255.255.0 inside
+ssh timeout 20
+console timeout 0
+!
+class-map custom_h323_h225_inspection
+ match port tcp range h323 1721
+class-map custom_http_inspection
+ match port tcp range www 88
+class-map inspection_default
+ match default-inspection-traffic
+!
+!
+policy-map type inspect dns migrated_dns_map_1
+ parameters   
+  message-length maximum 512
+policy-map global_policy
+ class inspection_default
+  inspect dns migrated_dns_map_1 
+  inspect ftp 
+  inspect h323 h225 
+  inspect h323 ras 
+  inspect http 
+  inspect netbios 
+  inspect rsh 
+  inspect rtsp 
+  inspect skinny 
+  inspect sqlnet 
+  inspect sunrpc 
+  inspect tftp 
+  inspect sip 
+  inspect xdmcp 
+  inspect ctiqbe 
+  inspect icmp 
+  inspect ils 
+  inspect mgcp 
+  inspect esmtp 
+ class custom_h323_h225_inspection
+  inspect h323 h225 
+ class custom_http_inspection
+  inspect http 
+!
+service-policy global_policy global
+prompt hostname context 
+Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+: end
+