Dit is een deel van de configuratie die ik in de Cisco UN-LAB-PIX-01/02 heb gebruikt

conf term
clear config all
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password **********
passwd **********
hostname UN-LAB-PIX-01 / UN-LAB-PIX-02
domain-name UN-LAB.local

fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol pptp 1723
fixup protocol dns maximum-length 4096
names

access-list acl_NoNat permit ip 10.10.0.0 / 172.16.0.0 255.255.255.0 192.168.XXX.0 255.255.252.0
access-list acl_NoNat permit ip 192.168.XXX.0 255.255.252.0 10.10.0.0 / 172.16.0.0 255.255.255.0

access-list acl_Allow_Outside permit icmp any any

access-group acl_Allow_Outside in interface outside

icmp permit 192.168.XXX.0 255.255.252.0 outside
icmp deny 0.0.0.0 0.0.0.0 outside

interface ethernet0 auto
interface ethernet1 auto

ip address outside 192.168.XXX.XXX 255.255.252.0

ip address inside 172.16.0.1 / 10.10.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm

telnet 192.168.XXX.0 255.255.252.0 outside
telnet 10.10.0.0 172.16.0.0 255.255.255.0 inside

ssh 192.168.XXX.0 255.255.252.0 outside
ssh 10.10.0.0 172.16.0.0 255.255.255.0 inside

global (outside) 1 interface
nat (inside) 0 access-list acl_NoNat
nat (inside) 1 10.10.0.0 / 172.16.0.0 255.255.255.0 0 0

route outside 0.0.0.0 0.0.0.0 192.168.XXX.1 1

timeout xlate 0:05:00
timeout uauth 0:05:00 absolute
floodguard enable
http server enable
http 0.0.0.0 0.0.0.0 inside
no dhcpd enable inside

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
isakmp nat-traversal

write memory

ca generate rsa key 1024
show ca mypubkey rsa
ca save all

write memory