!
!  This is automatically generated file. DO NOT MODIFY !
!
!  Firewall Builder  fwb_pix v5.0.1.3581
!
!  Generated Wed Oct 19 16:51:11 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall83.fw
!
! test for the warning issued when translated address is used in
! policy rule. Here we have SNAT rule and warning should not be issued



!
! Prolog script:
!

!
! End of prolog script:
!




interface FastEthernet0
  nameif inside
  security-level 100
exit

interface FastEthernet1
  nameif outside
  security-level 0
exit


no logging buffered
no logging console
no logging timestamp
no logging on


timeout xlate 3:0:0 
timeout conn 1:0:0 
timeout udp 0:2:0 
timeout sunrpc 0:10:0 
timeout h323 0:5:0 
timeout sip 0:30:0 
timeout sip_media 0:0:0 
timeout half-closed 0:0:0 
timeout uauth 2:0:0 absolute 


clear config ssh
aaa authentication ssh console LOCAL

clear config snmp-server
no snmp-server enable traps

clear config ntp


no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound


class-map inspection_default
  match default-inspection-traffic

policy-map global_policy
  class inspection_default

service-policy global_policy global

policy-map type inspect ip-options ip-options-map
parameters
  eool action allow
  router-alert action clear


!################

clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear config object

object service http.0
  service tcp destination eq 80
exit

object network hostA:eth0.0
  host 192.168.1.10
exit

! 
! Rule  0 (global)
! matching "any" icmp and "all" tcp 
! in one service-group
! 
access-list inside_acl_in deny   icmp any object hostA:eth0.0 
access-list outside_acl_in deny   icmp any object hostA:eth0.0 
access-list inside_acl_in deny   tcp any object hostA:eth0.0 
access-list outside_acl_in deny   tcp any object hostA:eth0.0 
! 
! Rule  1 (FastEthernet1)
! test rule using translated address in dst
access-list outside_acl_in permit tcp any host 22.22.22.22 eq 80 
! 
! Rule  2 (global)
! test rule using translated address in dst
access-list outside_acl_in permit tcp any host 22.22.22.22 eq 80 
! 
! Rule  3 (global)
! test rule using translated address in dst
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
! 
! Rule  4 (global)
access-list inside_acl_in deny   ip any any 
access-list outside_acl_in deny   ip any any 


access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside

! 
! Rule  0 (NAT)
nat (inside,outside) source static hostA:eth0.0 interface service http.0 http.0 description "0 (NAT)"



!
! Epilog script:
!

! End of epilog script:
!