! ! This is automatically generated file. DO NOT MODIFY ! ! ! Firewall Builder fwb_pix v4.2.0.3530 ! ! Generated Wed Apr 20 10:40:40 2011 PDT by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported ! Emulate outbound ACLs: yes ! Generating outbound ACLs: no ! Assume firewall is part of any: yes ! !# files: * firewall4.fw ! ! this object is used to test "Replace NAT'ted objects with their translations" option ! ! Prolog script: ! ! ! End of prolog script: ! nameif eth0 inside security100 nameif eth1 dmz1 security40 nameif eth2 dmz2 security50 nameif eth3 outside security0 no logging buffered no logging console no logging timestamp no logging on timeout xlate 3:0:0 timeout conn 1:0:0 timeout udp 0:2:0 timeout rpc 0:10:0 timeout h323 0:5:0 timeout sip 0:30:0 timeout sip_media 0:0:0 timeout uauth 2:0:0 absolute telnet timeout -1 clear ssh aaa authentication ssh console LOCAL ssh timeout -1 clear snmp-server no snmp-server enable traps clear ntp no service resetinbound no service resetoutside no sysopt connection timewait no sysopt security fragguard no sysopt nodnsalias inbound no sysopt nodnsalias outbound no sysopt route dnat floodguard disable !################ clear xlate clear static clear global clear nat clear access-list clear icmp clear telnet clear object-group object-group service id3D79A1C2.srv.tcp.0 tcp port-object eq 80 port-object eq 22 exit object-group network id3D79A1E4.dst.net.0 network-object host 192.168.1.10 network-object host 192.168.1.20 exit ! ! Rule 0 (global) access-list inside_acl_in permit tcp any host 192.168.1.10 eq 22 access-list dmz1_acl_in permit tcp any host 192.168.1.10 eq 22 access-list dmz2_acl_in permit tcp any host 192.168.2.1 eq 22 access-list dmz2_acl_in permit tcp any host 192.168.1.10 eq 22 access-list outside_acl_in permit tcp any host 222.222.222.222 eq 22 access-list outside_acl_in permit tcp any host 192.168.1.10 eq 22 ! ! Rule 1 (global) access-list inside_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 access-list dmz1_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 access-list dmz2_acl_in permit tcp any host 192.168.2.1 eq 22 access-list dmz2_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 access-list outside_acl_in permit tcp any host 222.222.222.222 eq 22 access-list outside_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 ! ! Rule 2 (global) access-list inside_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 access-list dmz1_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 access-list dmz2_acl_in permit tcp any host 192.168.2.1 eq 22 access-list dmz2_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 access-list outside_acl_in permit tcp any host 222.222.222.222 eq 22 access-list outside_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 ! ! Rule 3 (global) ! 'masquerading' rule access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any ! ! Rule 4 (global) ! 'catch all' rule access-list inside_acl_in deny ip any any access-list dmz1_acl_in deny ip any any access-list dmz2_acl_in deny ip any any access-list outside_acl_in deny ip any any access-group dmz1_acl_in in interface dmz1 access-group dmz2_acl_in in interface dmz2 access-group inside_acl_in in interface inside access-group outside_acl_in in interface outside ! ! Rule 0 (NAT) static (inside,outside) tcp interface 22 192.168.1.10 22 0 0 ! ! Rule 1 (NAT) static (inside,dmz2) tcp interface 22 192.168.1.10 22 0 0 ! ! Rule 2 (NAT) static (inside,dmz2) tcp interface 22 192.168.1.10 22 0 0 ! ! Epilog script: ! ! End of epilog script: !