access-list INCOMING extended permit tcp any host ххх.ххх.ххх.ххх eq www
access-list INCOMING extended permit icmp any host ххх.ххх.ххх.ххх
access-list OUTCOMING extended permit ip host 192.168.32.20 any
access-list OUTCOMING extended permit ip host 192.168.111.66 any
static (inside,outside) ууу.ууу.ууу.ууу 192.168.111.66 netmask 255.255.255.255
static (inside,outside) ххх.ххх.ххх.ххх 192.168.32.20 netmask 255.255.255.255
access-group OUTCOMING in interface inside
access-group INCOMING in interface outside
sh xlate
Global ууу.ууу.ууу.ууу Local 192.168.111.66
Global ххх.ххх.ххх.ххх Local 192.168.32.20
sh xlate
Global ууу.ууу.ууу.ууу Local 192.168.111.66
Global ххх.ххх.ххх.ххх Local ххх.ххх.ххх.ххх
clear xlate Global ххх.ххх.ххх.ххх
sh xlate
Global ууу.ууу.ууу.ууу Local 192.168.111.66
Global ххх.ххх.ххх.ххх Local 192.168.32.20
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
static (inside,outside) ууу.ууу.ууу.ууу 192.168.111.66 netmask 255.255.255.255
static (inside,outside) ххх.ххх.ххх.ххх 192.168.32.20 netmask 255.255.255.255
FWSM Version 3.2(2) <context>
!
firewall transparent
hostname *****
domain-name net.***.***.ru
enable password ********* encrypted
names
!
interface Vlan2
nameif inside
bridge-group 1
security-level 100
!
interface Vlan5
nameif outside
bridge-group 1
security-level 0
!
interface BVI1
ip address 192.168.3.218 255.255.255.252
!
passwd ********** encrypted
object-group network localnets
network-object 10.0.0.0 255.255.255.0
network-object 172.16.0.0 255.240.0.0
network-object 192.168.0.0 255.255.0.0
network-object 127.0.0.0 255.0.0.0
network-object host 93.187.152.62
object-group network denyserv
network-object host 194.***.***.198
network-object host 194.***.***.33
network-object host 194.***.***.50
network-object host 194.***.***.60
network-object host 194.***.***.209
network-object host 194.***.***.234
network-object host 194.***.***.241
object-group network webservers
network-object 194.***.***.32 255.255.255.240
network-object 194.***.***.208 255.255.255.240
access-list INCOMING extended deny udp any any eq 1434 log errors
access-list INCOMING extended deny ip object-group localnets any log disable
access-list INCOMING extended deny ip any object-group localnets log disable
access-list INCOMING extended deny ip object-group denyserv any log errors
access-list INCOMING extended deny ip any object-group denyserv log errors
access-list INCOMING extended permit tcp any host 194.xxx.xxx.244 eq www
access-list INCOMING extended permit icmp any host 194.xxx.xxx.244
access-list INCOMING extended deny ip any any log errors
access-list OUTCOMING extended deny udp any any eq 1434 log errors
access-list OUTCOMING extended permit ip host 192.168.32.20 any
access-list OUTCOMING extended permit ip host 192.168.111.66 any
access-list OUTCOMING extended deny ip object-group localnets any log disable
access-list OUTCOMING extended deny ip any object-group localnets log disable
access-list OUTCOMING extended deny ip any any log errors
pager lines 24
logging enable
logging trap errors
logging asdm errors
logging facility 16
logging host inside 194.***.***.16
mtu inside 1500
mtu outside 1500
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
static (inside,outside) 194.yyy.yyy.243 192.168.111.66 netmask 255.255.255.255
static (inside,outside) 194.xxx.xxx.244 192.168.32.20 netmask 255.255.255.255
access-group OUTCOMING in interface inside
access-group INCOMING in interface outside
route inside 0.0.0.0 0.0.0.0 192.168.3.217 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 194.***.***.240 255.255.255.240 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 194.***.***.0 255.255.255.192 inside
ssh 194.***.***.240 255.255.255.240 inside
ssh timeout 30
ssh version 2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 768
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect smtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global