mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-23 11:47:24 +01:00
139d5ce2de
CustomService objects in policy and nat rules for asa 8.3 using named objects and object-groups. -- see #1942 "ASA NAT - if custom service is included in service group incorrect config generated" -- see #1929 "move map named_objects inside class NamedObjectManager" -- see #1946 "restrict generation of the named objects by PolicyCompiler_pix to ASA 8" -- see #1885 "named network and service objects in pix8"
105 lines
1.8 KiB
Plaintext
Executable File
105 lines
1.8 KiB
Plaintext
Executable File
!
|
|
! This is automatically generated file. DO NOT MODIFY !
|
|
!
|
|
! Firewall Builder fwb_pix v4.2.0.3435
|
|
!
|
|
! Generated Sun Jan 16 22:59:12 2011 PST by vadim
|
|
!
|
|
! Compiled for pix 6.3
|
|
! Outbound ACLs: not supported
|
|
! Emulate outbound ACLs: yes
|
|
! Generating outbound ACLs: no
|
|
! Assume firewall is part of any: no
|
|
!
|
|
!# files: * firewall14.fw
|
|
!
|
|
! testing dual NAT per user's request
|
|
|
|
|
|
|
|
!
|
|
! Prolog script:
|
|
!
|
|
|
|
!
|
|
! End of prolog script:
|
|
!
|
|
|
|
|
|
|
|
|
|
nameif eth0 outside security0
|
|
|
|
nameif eth2 inside security100
|
|
|
|
|
|
no logging buffered
|
|
no logging console
|
|
no logging timestamp
|
|
no logging on
|
|
|
|
|
|
timeout xlate 3:0:0
|
|
timeout conn 1:0:0
|
|
timeout udp 0:2:0
|
|
timeout rpc 0:10:0
|
|
timeout h323 0:5:0
|
|
timeout sip 0:30:0
|
|
timeout sip_media 0:2:0
|
|
timeout uauth 2:0:0 absolute
|
|
|
|
telnet timeout 5
|
|
|
|
clear ssh
|
|
aaa authentication ssh console LOCAL
|
|
ssh timeout 5
|
|
|
|
no snmp-server enable traps
|
|
|
|
|
|
|
|
|
|
no service resetinbound
|
|
no service resetoutside
|
|
no sysopt connection timewait
|
|
no sysopt nodnsalias inbound
|
|
no sysopt nodnsalias outbound
|
|
floodguard enable
|
|
|
|
|
|
!################
|
|
!
|
|
! Rule 0 (global)
|
|
access-list inside_acl_in permit ip 10.1.2.0 255.255.255.0 any
|
|
!
|
|
! Rule 1 (global)
|
|
access-list outside_acl_in deny ip any any
|
|
access-list inside_acl_in deny ip any any
|
|
|
|
|
|
access-group inside_acl_in in interface inside
|
|
access-group outside_acl_in in interface outside
|
|
|
|
!
|
|
! Rule 0 (NAT)
|
|
global (outside) 1 interface
|
|
access-list id3FA74FDE.0 permit ip host 10.1.2.27 any
|
|
nat (inside) 1 access-list id3FA74FDE.0 0 0
|
|
!
|
|
! Rule 1 (NAT)
|
|
access-list id3FA74FCE.0 permit ip host 209.165.201.11 any
|
|
static (outside,inside) interface access-list id3FA74FCE.0 0 0
|
|
!
|
|
! Rule 2 (NAT)
|
|
access-list id3FA7502F.0 permit ip host 10.1.2.27 any
|
|
static (inside,outside) interface access-list id3FA7502F.0 0 0
|
|
|
|
|
|
|
|
!
|
|
! Epilog script:
|
|
!
|
|
|
|
! End of epilog script:
|
|
!
|