diff --git a/VERSION b/VERSION index 9f7d3083f..44dcf939c 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3499" +BUILD_NUM="3500" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index 35538c74f..f0c2e00e4 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.2.0.3499" +#define VERSION "4.2.0.3500" #define GENERATION "4.2" diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index 748bbdaf3..f960fdd73 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.2.0.3499 +%define version 4.2.0.3500 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index caf1fda52..efc7bab2a 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.2.0.3499-1 +Version: 4.2.0.3500-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index 6de6afe88..0e8d48724 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.2.0.3499 +%define version 4.2.0.3500 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/src/unit_tests/ImporterTest/test_data/asa8.3.test b/src/unit_tests/ImporterTest/test_data/asa8.3.test new file mode 100755 index 000000000..c5747f5e1 --- /dev/null +++ b/src/unit_tests/ImporterTest/test_data/asa8.3.test @@ -0,0 +1,154 @@ +: Saved +: +ASA Version 8.3(2) +! +hostname asa5505 +enable password XXXXXXXXXXXXXXXX encrypted +passwd YYYYYYYYYYYYYYYY encrypted +names +name 1.2.3.4 gw +name 192.168.3.0 fake_network +name 192.168.4.1 inside_ip +! +interface Vlan1 + nameif inside + security-level 100 + ip address dhcp setroute +! +interface Vlan2 + nameif outside + security-level 0 + ip address 192.168.2.1 255.255.255.0 +! +interface Ethernet0/0 + switchport access vlan 2 +! +interface Ethernet0/1 +! +interface Ethernet0/2 +! +interface Ethernet0/3 +! +interface Ethernet0/4 +! +interface Ethernet0/5 +! +interface Ethernet0/6 +! +interface Ethernet0/7 +! +boot system disk0:/asa832-k8.bin +ftp mode passive +object network internal_subnet_1 + subnet 192.168.1.0 255.255.255.192 +object network internal_subnet_2 + subnet 192.168.1.64 255.255.255.192 +object service smtp + service tcp destination eq smtp +object network firewall90:FastEthernet1:ip-1 + host 22.22.22.23 +object network Internal_net + subnet 192.168.1.0 255.255.255.0 +object service http + service tcp destination eq www +object network hostA:eth0 + host 192.168.1.10 +object service squid + service tcp destination eq 3128 +object network spamhost1 + host 61.150.47.112 +object network spamhost2 + host 61.150.47.113 +object service smtps + service tcp destination eq 465 +object network outside_range-1 + range 22.22.22.30 22.22.22.40 +object network external_gw2 + host 22.22.22.100 +object-group network outside.id178211X29963.osrc.net.0 + network-object object internal_subnet_1 + network-object object internal_subnet_2 +object-group network outside.id21353X4994.osrc.net.0 + network-object object internal_subnet_1 + network-object object Internal_net + network-object object internal_subnet_2 +object-group network outside.id77971X5929.osrc.net.1 + network-object object internal_subnet_1 + network-object object internal_subnet_2 +object-group network outside.id77971X5929.odst.net.1 + network-object object spamhost1 + network-object object spamhost2 +object-group service outside.id77971X5929.osrv.1 + service-object object smtp + service-object object smtps +object-group network outside.id77971X5929.tsrc.net.1 + network-object object outside_range-1 + network-object object external_gw2 +object-group network outside.id77971X5929.osrc.net.0 + network-object object internal_subnet_1 + network-object object internal_subnet_2 +object-group network outside.id77971X5929.odst.net.0 + network-object object spamhost1 + network-object object spamhost2 +object-group network outside.id77971X5929.tsrc.net.0 + network-object object outside_range-1 + network-object object external_gw2 +access-list outside_acl_in extended deny ip any any log +pager lines 24 +logging enable +logging buffered errors +logging asdm informational +mtu inside 1500 +mtu outside 1500 +icmp unreachable rate-limit 1 burst-size 1 +no asdm history enable +arp timeout 14400 +nat (inside,outside) source dynamic outside.id178211X29963.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp +nat (inside,outside) source dynamic outside.id21353X4994.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp +nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid +nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.0 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtp smtp +nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.1 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtps smtps +timeout xlate 3:00:00 +timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 +timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 +timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 +timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute +timeout tcp-proxy-reassembly 0:01:00 +dynamic-access-policy-record DfltAccessPolicy +aaa authentication ssh console LOCAL +http server enable +http 192.168.1.0 255.255.255.0 inside +no snmp-server location +no snmp-server contact +snmp-server enable traps snmp authentication linkup linkdown coldstart +crypto ipsec security-association lifetime seconds 28800 +crypto ipsec security-association lifetime kilobytes 4608000 +telnet timeout 5 +ssh scopy enable +ssh 10.10.10.0 255.255.255.0 inside +ssh 10.1.1.0 255.255.255.0 inside +ssh timeout 30 +ssh version 2 +console timeout 0 + +threat-detection basic-threat +threat-detection statistics access-list +no threat-detection statistics tcp-intercept +webvpn +username foo password AAAAAAAAAAAAAAAA encrypted privilege 15 +! +! +prompt hostname context +call-home + profile CiscoTAC-1 + no active + destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService + destination address email callhome@cisco.com + destination transport-method http + subscribe-to-alert-group diagnostic + subscribe-to-alert-group environment + subscribe-to-alert-group inventory periodic monthly + subscribe-to-alert-group configuration periodic monthly + subscribe-to-alert-group telemetry periodic daily +Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +: end diff --git a/src/unit_tests/ImporterTest/test_data/pix6.test b/src/unit_tests/ImporterTest/test_data/pix6.test new file mode 100755 index 000000000..09d2cda4b --- /dev/null +++ b/src/unit_tests/ImporterTest/test_data/pix6.test @@ -0,0 +1,230 @@ +: Saved +: +PIX Version 6.3(5) +interface ethernet0 auto +interface ethernet1 auto +nameif ethernet0 outside security0 +nameif ethernet1 inside security100 +enable password XXXXXXXXXXXXXXXX encrypted +passwd YYYYYYYYYYYYYYYY encrypted +hostname guardian +domain-name some-domain.org +clock timezone PDT -7 +clock summer-time PDT recurring +fixup protocol ctiqbe 2748 +fixup protocol dns maximum-length 65535 +fixup protocol ftp 21 +fixup protocol h323 h225 1720 +fixup protocol h323 ras 1718-1719 +fixup protocol http 80 +fixup protocol icmp error +fixup protocol ils 389 +fixup protocol mgcp 2427 +fixup protocol mgcp 2727 +fixup protocol pptp 1723 +fixup protocol rsh 514 +fixup protocol rtsp 554 +fixup protocol sip 5060 +fixup protocol sip udp 5060 +fixup protocol skinny 2000 +no fixup protocol smtp 25 +fixup protocol sqlnet 1521 +fixup protocol tftp 69 +names +object-group icmp-type inside.id12349X2458.srv.icmp.0 + icmp-object time-exceeded + icmp-object echo-reply + icmp-object unreachable +object-group icmp-type outside.id12363X2458.srv.icmp.0 + icmp-object echo + icmp-object time-exceeded + icmp-object echo-reply + icmp-object unreachable +object-group service outside.id12376X2458.srv.udp.0 udp + port-object eq bootpc + port-object eq bootps +object-group service outside.id12438X2458.srv.tcp.0 tcp + port-object eq ssh + port-object eq www +object-group service outside.id12466X2458.srv.tcp.0 tcp + port-object eq 8765 + port-object eq ssh +access-list outside_acl_in remark 0 (ethernet0) +access-list outside_acl_in deny ip host 10.1.1.202 any log 5 +access-list outside_acl_in deny ip 10.1.1.0 255.255.255.0 any log 5 +access-list outside_acl_in remark 3 (global) +access-list outside_acl_in permit icmp any interface outside object-group outside.id12363X2458.srv.icmp.0 +access-list outside_acl_in remark 4 (global) +access-list outside_acl_in remark fw uses DHCP +access-list outside_acl_in remark plus many DHCP requests +access-list outside_acl_in remark from cable modem +access-list outside_acl_in permit udp any interface outside object-group outside.id12376X2458.srv.udp.0 +access-list outside_acl_in permit udp any host 255.255.255.255 object-group outside.id12376X2458.srv.udp.0 +access-list outside_acl_in remark 6 (global) +access-list outside_acl_in deny tcp any interface outside eq ident +access-list outside_acl_in remark 7 (global) +access-list outside_acl_in permit tcp any host 10.1.1.10 eq smtp +access-list outside_acl_in remark 10 (global) +access-list outside_acl_in remark using swatch to automatically +access-list outside_acl_in remark block probing ssh connections, so no +access-list outside_acl_in remark need to limit +access-list outside_acl_in permit tcp any interface outside eq ssh +access-list outside_acl_in permit tcp any interface outside eq www +access-list outside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 +access-list outside_acl_in remark 11 (global) +access-list outside_acl_in permit tcp any interface outside eq 8765 +access-list outside_acl_in permit tcp any interface outside eq 2222 +access-list outside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 +access-list outside_acl_in remark 17 (global) +access-list outside_acl_in permit icmp any interface outside +access-list outside_acl_in permit icmp any any +access-list outside_acl_in remark 19 (global) +access-list outside_acl_in remark 'catch all' rule +access-list outside_acl_in deny ip any any log 5 +access-list inside_acl_in remark 1 (global) +access-list inside_acl_in permit tcp 10.1.1.0 255.255.255.0 host 10.1.1.202 eq www +access-list inside_acl_in permit udp 10.1.1.0 255.255.255.0 host 10.1.1.202 eq snmp +access-list inside_acl_in remark 2 (global) +access-list inside_acl_in permit icmp host 10.1.1.202 host 10.1.1.202 object-group inside.id12349X2458.srv.icmp.0 +access-list inside_acl_in permit icmp host 10.1.1.202 any object-group inside.id12349X2458.srv.icmp.0 +access-list inside_acl_in remark 3 (global) +access-list inside_acl_in permit icmp any host 10.1.1.202 object-group outside.id12363X2458.srv.icmp.0 +access-list inside_acl_in remark 5 (global) +access-list inside_acl_in permit ip host 10.1.1.202 any +access-list inside_acl_in remark 6 (global) +access-list inside_acl_in deny tcp any host 10.1.1.202 eq ident +access-list inside_acl_in remark 7 (global) +access-list inside_acl_in permit tcp any host 10.1.1.10 eq smtp +access-list inside_acl_in remark 10 (global) +access-list inside_acl_in remark using swatch to automatically +access-list inside_acl_in remark block probing ssh connections, so no +access-list inside_acl_in remark need to limit +access-list inside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 +access-list inside_acl_in remark 11 (global) +access-list inside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 +access-list inside_acl_in remark 17 (global) +access-list inside_acl_in permit icmp any host 10.1.1.202 +access-list inside_acl_in permit icmp any any +access-list inside_acl_in remark 18 (global) +access-list inside_acl_in permit ip 10.1.1.0 255.255.255.0 any +access-list inside_acl_in remark 19 (global) +access-list inside_acl_in remark 'catch all' rule +access-list inside_acl_in deny ip any any log 5 +access-list id12594X2458.0 permit tcp host 10.1.1.43 eq www any +access-list id12594X2458.1 permit tcp host 127.0.0.1 eq www any +access-list id12594X2458.2 permit tcp host 10.1.1.43 eq ssh any +access-list id12594X2458.3 permit tcp host 127.0.0.1 eq ssh any +access-list id12626X2458.0 permit tcp host 10.1.1.42 eq smtp any +access-list id12626X2458.1 permit tcp host 10.1.1.42 eq 993 any +access-list id12626X2458.2 permit tcp host 10.1.1.42 eq 587 any +access-list id12642X2458.0 permit tcp host 10.1.1.46 eq ssh any +access-list id12656X2458.0 permit tcp host 10.1.1.46 eq 8765 any +access-list id12670X2458.0 permit tcp host 10.1.1.32 eq 5900 any +access-list id12684X2458.0 permit tcp host 10.1.1.102 eq 5901 any +access-list id12743X2458.0 permit ip 10.1.1.0 255.255.255.0 any +no pager +logging on +logging timestamp +logging buffered informational +logging trap notifications +logging facility 16 +logging queue 10 +logging device-id ipaddress inside +logging host inside 10.1.1.10 +logging host inside 10.1.1.40 format emblem +icmp permit any echo outside +icmp permit any time-exceeded outside +icmp permit any echo-reply outside +icmp permit any unreachable outside +icmp permit any outside +icmp permit host 10.1.1.202 time-exceeded inside +icmp permit host 10.1.1.202 echo-reply inside +icmp permit host 10.1.1.202 unreachable inside +icmp permit any echo inside +icmp permit any time-exceeded inside +icmp permit any echo-reply inside +icmp permit any unreachable inside +icmp permit any inside +icmp permit 10.1.1.0 255.255.255.0 inside +mtu outside 1500 +mtu inside 1500 +ip address outside dhcp setroute retry 10 +ip address inside 10.1.1.202 255.255.255.0 +ip audit info action alarm +ip audit attack action alarm +pdm history enable +arp timeout 14400 +global (outside) 1 interface +nat (inside) 1 access-list id12743X2458.0 0 0 +static (inside,outside) tcp interface www access-list id12594X2458.0 0 0 +static (inside,outside) tcp interface ssh access-list id12594X2458.2 0 0 +static (inside,outside) tcp interface smtp access-list id12626X2458.0 0 0 +static (inside,outside) tcp interface 993 access-list id12626X2458.1 0 0 +static (inside,outside) tcp interface 587 access-list id12626X2458.2 0 0 +static (inside,outside) tcp interface 2222 access-list id12642X2458.0 0 0 +static (inside,outside) tcp interface 8765 access-list id12656X2458.0 0 0 +static (inside,outside) tcp interface 5900 access-list id12670X2458.0 0 0 +static (inside,outside) tcp interface 5901 access-list id12684X2458.0 0 0 +access-group outside_acl_in in interface outside +access-group inside_acl_in in interface inside +timeout xlate 3:00:00 +timeout conn 1:00:00 half-closed 0:00:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 +timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:00:00 +timeout sip-disconnect 0:02:00 sip-invite 0:03:00 +timeout uauth 2:00:00 absolute +aaa-server TACACS+ protocol tacacs+ +aaa-server TACACS+ max-failed-attempts 3 +aaa-server TACACS+ deadtime 10 +aaa-server RADIUS protocol radius +aaa-server RADIUS max-failed-attempts 3 +aaa-server RADIUS deadtime 10 +aaa-server LOCAL protocol local +aaa authentication ssh console LOCAL +aaa authentication telnet console LOCAL +aaa authorization command LOCAL +ntp server 10.1.1.10 source inside prefer +http server enable +http 10.1.1.40 255.255.255.255 inside +http 10.1.1.0 255.255.255.0 inside +snmp-server host inside 10.1.1.30 +snmp-server host inside 10.1.1.41 +snmp-server host inside 10.1.1.42 +no snmp-server location +no snmp-server contact +snmp-server community public +no snmp-server enable traps +floodguard enable +sysopt connection permit-ipsec +service resetinbound +service resetoutside +crypto ipsec transform-set tripledes esp-3des esp-md5-hmac +crypto map real 10 ipsec-isakmp +crypto map real 10 set peer 192.168.171.2 +crypto map real 10 set transform-set tripledes +! Incomplete +crypto map real interface outside +crypto map real interface inside +isakmp enable outside +isakmp key ******** address 192.168.171.2 netmask 255.255.255.255 +isakmp identity address +isakmp policy 1 authentication pre-share +isakmp policy 1 encryption 3des +isakmp policy 1 hash md5 +isakmp policy 1 group 2 +isakmp policy 1 lifetime 86400 +isakmp policy 10 authentication pre-share +isakmp policy 10 encryption 3des +isakmp policy 10 hash sha +isakmp policy 10 group 2 +isakmp policy 10 lifetime 86400 +telnet 10.1.1.0 255.255.255.0 inside +telnet timeout 5 +ssh 10.1.1.30 255.255.255.255 inside +ssh 10.1.1.0 255.255.255.0 inside +ssh timeout 5 +console timeout 0 +username foo password AAAAAAAAAAAAAAAA encrypted privilege 15 +terminal width 256 +Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +: end + diff --git a/src/unit_tests/ImporterTest/test_data/pix7.test b/src/unit_tests/ImporterTest/test_data/pix7.test new file mode 100644 index 000000000..b4350d9af --- /dev/null +++ b/src/unit_tests/ImporterTest/test_data/pix7.test @@ -0,0 +1,206 @@ +: Saved +: +PIX Version 7.2(1) +! +terminal width 511 +hostname pix1 +domain-name some-domain.org +enable password XXXXXXXXXXXXXXXX encrypted +names +name 1.2.3.4 gw +name 192.168.3.0 fake_network +name 192.168.4.1 inside_ip +! +dns-guard +! +interface Ethernet0 + no nameif + no security-level + no ip address +! +interface Ethernet0.101 + vlan 101 + nameif outside + security-level 0 + ip address 192.0.2.253 255.255.255.0 +! +interface Ethernet0.102 + vlan 102 + nameif dmz20 + security-level 20 + ip address 10.0.0.253 255.255.255.0 standby 10.0.0.254 +! +interface Ethernet1 + speed 100 + duplex full + nameif inside + security-level 100 + ip address 10.1.1.206 255.255.255.0 +! +interface Ethernet2 + description LAN/STATE Failover Interface + speed 10 +! +interface Ethernet3 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet4 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet5 + shutdown + no nameif + no security-level + no ip address +! +passwd MMMMMMMMMMMMMMMM encrypted +boot system flash:/pix721.bin +ftp mode passive +clock timezone PDT -7 +dns server-group DefaultDNS + domain-name some-domain.org +object-group network outside.id12051X6282.src.net.0 + network-object host 10.1.1.206 + network-object host 10.1.1.207 +object-group network outside.id12051X6282.src.net.1 + network-object host 172.17.1.253 + network-object host 172.17.1.254 + network-object host 192.0.2.253 + network-object host 192.0.2.254 +object-group network outside.id12051X6282.src.net.2 + network-object host 10.0.0.253 + network-object host 10.0.0.254 +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.0 any log warnings +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.1 any log warnings +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.2 any log warnings +access-list outside_in extended deny ip 10.1.1.0 255.255.255.0 any log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.0 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.1 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.2 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit ip 10.1.1.0 255.255.255.0 any +access-list inside_out extended deny ip any any log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.0 log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.1 log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.2 log warnings +access-list inside_in extended permit ip 10.1.1.0 255.255.255.0 any +access-list inside_in extended deny ip any any log warnings +access-list id12251X6282.0 extended permit ip 10.1.1.0 255.255.255.0 any +pager lines 24 +logging enable +logging emblem +logging trap debugging +logging history informational +logging facility 16 +logging queue 10 +logging device-id ipaddress inside +logging host inside 192.168.240.20 +logging host inside 10.1.1.40 format emblem +logging class config buffered debugging +mtu outside 1500 +mtu dmz20 1500 +mtu inside 1500 +failover +failover lan unit primary +failover lan interface failover Ethernet2 +failover lan enable +failover key ***** +failover link failover Ethernet2 +failover interface ip failover 172.17.1.253 255.255.255.252 standby 172.17.1.254 +no asdm history enable +arp timeout 14400 +nat-control +global (outside) 1 interface +nat (inside) 1 access-list id12251X6282.0 +access-group outside_in in interface outside +access-group inside_in in interface inside +access-group inside_out out interface inside +route inside 192.168.10.0 255.255.255.0 10.1.1.254 1 +route inside 10.1.2.0 255.255.255.0 10.1.1.201 1 +timeout xlate 3:00:00 +timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 +timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 +timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 +timeout uauth 2:00:00 absolute +aaa-server TACACS+ protocol tacacs+ +aaa-server RADIUS protocol radius +username fwbtest password AAAAAAAAAAAAAAAA encrypted privilege 15 +aaa authentication ssh console LOCAL +snmp-server host inside 10.1.1.180 community public +snmp-server host inside 10.1.1.30 community public +snmp-server host inside 10.1.1.40 poll community public version 2c +no snmp-server location +no snmp-server contact +snmp-server community public +crypto ipsec transform-set spde esp-des esp-sha-hmac +crypto map spdemap 21 set peer 192.0.2.254 +crypto map spdemap 21 set transform-set spde +crypto isakmp identity address +crypto isakmp policy 21 + authentication pre-share + encryption des + hash sha + group 1 + lifetime 3600 +crypto isakmp policy 65535 + authentication pre-share + encryption 3des + hash sha + group 2 + lifetime 86400 +tunnel-group 192.0.2.254 type ipsec-l2l +tunnel-group 192.0.2.254 ipsec-attributes + pre-shared-key * +telnet timeout 5 +ssh scopy enable +ssh 10.1.1.0 255.255.255.0 inside +ssh timeout 20 +console timeout 0 +! +class-map custom_h323_h225_inspection + match port tcp range h323 1721 +class-map custom_http_inspection + match port tcp range www 88 +class-map inspection_default + match default-inspection-traffic +! +! +policy-map type inspect dns migrated_dns_map_1 + parameters + message-length maximum 512 +policy-map global_policy + class inspection_default + inspect dns migrated_dns_map_1 + inspect ftp + inspect h323 h225 + inspect h323 ras + inspect http + inspect netbios + inspect rsh + inspect rtsp + inspect skinny + inspect sqlnet + inspect sunrpc + inspect tftp + inspect sip + inspect xdmcp + inspect ctiqbe + inspect icmp + inspect ils + inspect mgcp + inspect esmtp + class custom_h323_h225_inspection + inspect h323 h225 + class custom_http_inspection + inspect http +! +service-policy global_policy global +prompt hostname context +Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +: end +