fwbuilder/test/pix/firewall11.fw.orig

!
!  This is automatically generated file. DO NOT MODIFY !
!
!  Firewall Builder  fwb_pix v4.2.0.3530
!
!  Generated Wed Apr 20 10:40:35 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: no
!
!# files: * firewall11.fw
!
! testing conversion of objects into their natted addresses when outside interface has multiple addresses and nat rule uses ip address which is not the first one under interface. Nat rules 3-4-5 and global policy rule 0



!
! Prolog script:
!
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
!
! End of prolog script:
!




nameif eth0 outside security0

nameif eth1 dmz security50

nameif eth2 inside security100


no logging buffered
no logging console
no logging timestamp
no logging on


timeout xlate 3:0:0 
timeout conn 1:0:0 
timeout udp 0:2:0 
timeout rpc 0:10:0 
timeout h323 0:5:0 
timeout sip 0:30:0 
timeout sip_media 0:2:0 
timeout half-closed 0:0:0 
timeout uauth 2:0:0 absolute 

telnet timeout 5

aaa authentication ssh console LOCAL
ssh timeout 5

no snmp-server enable traps




no service resetinbound
no service resetoutside
no sysopt connection timewait
sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
sysopt route dnat
floodguard enable


!################





! 
! Rule  0 (global)
access-list outside_acl_in permit tcp any host 10.5.80.20 eq 80 
access-list outside_acl_in permit tcp any host 192.168.1.10 eq 80 
access-list dmz_acl_in permit tcp any host 192.168.1.10 eq 80 
access-list inside_acl_in permit tcp any host 192.168.1.10 eq 80 
! 
! Rule  1 (global)
access-list inside_acl_in permit tcp any host 192.168.1.20 eq 1500 
! 
! Rule  2 (global)
access-list outside_acl_in deny   tcp any any range 1000 10001 
access-list dmz_acl_in deny   tcp any any range 1000 10001 
access-list inside_acl_in deny   tcp any any range 1000 10001 
! 
! Rule  3 (global)
access-list outside_acl_in permit ip any 192.168.1.0 255.255.255.0 
access-list dmz_acl_in permit ip any 192.168.1.0 255.255.255.0 
access-list inside_acl_in permit ip any 192.168.1.0 255.255.255.0 
! 
! Rule  4 (global)
access-list outside_acl_in deny   ip any any 
access-list dmz_acl_in deny   ip any any 
access-list inside_acl_in deny   ip any any 


access-group dmz_acl_in in interface dmz
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside

! 
! Rule  0 (NAT)
global (dmz) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
! 
! Rule  1 (NAT)
global (outside) 1 interface
! 
nat (dmz) 1 192.168.2.0 255.255.255.0 0 0
! 
! Rule  2 (NAT)
! 
! 
! 
! Rule  3 (NAT)
static (inside,outside) tcp 10.5.80.20 80 192.168.1.10 80  netmask 255.255.240.0 0 0



!
! Epilog script:
!

! End of epilog script:
!