PIX Version 6.0(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10
hostname pix
domain-name ipsec2001.hsc.fr
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list allow-all permit ip any any 
access-list inside-net permit ip 10.198.0.0 255.255.0.0 192.70.106.192 255.255.255.192 
access-list 6wind permit ip 10.198.0.0 255.255.0.0 10.196.0.0 255.255.0.0 
access-list no-nat permit ip 10.198.0.0 255.255.0.0 any 
access-list freeswan permit ip 10.198.0.0 255.255.0.0 10.205.0.0 255.255.0.0 
access-list netcelo permit ip 10.198.0.0 255.255.0.0 10.201.0.0 255.255.0.0 
access-list openbsd permit ip 10.198.0.0 255.255.0.0 10.200.0.0 255.255.0.0 
access-list vpn3000 permit ip 10.198.0.0 255.255.0.0 10.199.0.0 255.255.0.0 
access-list ios permit ip 10.198.0.0 255.255.0.0 10.202.0.0 255.255.0.0 
access-list netasq permit ip 10.198.0.0 255.255.0.0 10.207.0.0 255.255.0.0 
access-list netscreen permit ip 10.198.0.0 255.255.0.0 10.209.0.0 255.255.0.0 
access-list nortel permit ip 10.198.0.0 255.255.0.0 10.213.0.0 255.255.0.0 
pager lines 24
logging monitor debugging
logging buffered debugging
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 192.70.106.198 255.255.255.192
ip address inside 10.198.0.1 255.255.0.0
ip address dmz 10.0.0.10 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address dmz 0.0.0.0
pdm location 192.70.106.64 255.255.255.224 outside
pdm logging notifications 100
pdm history enable
arp timeout 14400
nat (inside) 0 access-list no-nat
access-group allow-all in interface outside
access-group allow-all in interface inside
conduit permit icmp any any 
route outside 0.0.0.0 0.0.0.0 192.70.106.254 1
route outside 10.196.0.0 255.255.0.0 192.70.106.196 1
route outside 10.199.0.0 255.255.0.0 192.70.106.199 1
route outside 10.200.0.0 255.255.0.0 192.70.106.200 1
route outside 10.201.0.0 255.255.0.0 192.70.106.201 1
route outside 10.202.0.0 255.255.0.0 192.70.106.202 1
route outside 10.205.0.0 255.255.0.0 192.70.106.205 1
route outside 10.207.0.0 255.255.0.0 192.70.106.207 1
route outside 10.209.0.0 255.255.0.0 192.70.106.209 1
route outside 10.213.0.0 255.255.0.0 192.70.106.213 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server RADIUS protocol radius 
http server enable
http 192.70.106.223 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac 
crypto ipsec transform-set esp-3des-md5 esp-3des esp-md5-hmac 
crypto map mymap 10 ipsec-isakmp
crypto map mymap 10 match address 6wind
crypto map mymap 10 set peer 192.70.106.196 
crypto map mymap 10 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 20 ipsec-isakmp
crypto map mymap 20 match address freeswan
crypto map mymap 20 set peer 192.70.106.205 
crypto map mymap 20 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 30 ipsec-isakmp
crypto map mymap 30 match address netcelo
crypto map mymap 30 set peer 192.70.106.201 
crypto map mymap 30 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 40 ipsec-isakmp
crypto map mymap 40 match address openbsd
crypto map mymap 40 set peer 192.70.106.200 
crypto map mymap 40 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 50 ipsec-isakmp
crypto map mymap 50 match address vpn3000
crypto map mymap 50 set peer 192.70.106.199 
crypto map mymap 50 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 60 ipsec-isakmp
crypto map mymap 60 match address ios
crypto map mymap 60 set peer 192.70.106.202 
crypto map mymap 60 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 70 ipsec-isakmp
crypto map mymap 70 match address netasq
crypto map mymap 70 set peer 192.70.106.207 
crypto map mymap 70 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 80 ipsec-isakmp
crypto map mymap 80 match address netscreen
crypto map mymap 80 set peer 192.70.106.209 
crypto map mymap 80 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap 90 ipsec-isakmp
crypto map mymap 90 match address nortel
crypto map mymap 90 set peer 192.70.106.213 
crypto map mymap 90 set transform-set esp-3des-sha esp-3des-md5
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 
isakmp policy 10 authentication rsa-sig
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption 3des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
ca identity idealx 192.70.106.211:/cgi-bin 
ca configure idealx ca 1 0 
telnet timeout 60
ssh 192.70.106.223 255.255.255.255 outside
ssh 192.70.106.200 255.255.255.255 outside
ssh 10.198.0.2 255.255.255.255 inside
ssh timeout 60
terminal width 80
Cryptochecksum:de6958fdc8947a37f2ba17eb78c93a5c