Help PIX cisco IOS выдает 96 команд (112 разделов с описанием команд приведено в документации C:\1\Cisco_PIX_Firewall\contents\docs\PIX_61\61_cmd.pdf)
1 aaa Enable, disable, or view TACACS+, RADIUS or LOCAL user authentication, authorization and accounting
aaa accounting Enable, disable, or view LOCAL, TACACS+, or RADIUS user accounting (on a server designated by the aaa-server command). (Configuration mode.)
aaa authentication Enable, disable, or view LOCAL, TACACS+, or RADIUS user authentication (on a server designated by the aaa-server command). Additionally, the aaa authentication command has been modified to support PDM authentication. (Configuration mode.)
aaa authorization Enable or disable LOCAL or TACACS+ user authorization services. (Configuration mode.)
aaa proxy-limit Specifies the number of concurrent proxy connections allowed per user. (Configuration mode.)
Usage:
[no] aaa authentication|authorization|accounting include|exclude <svc> <if_name> <l_ip> <l_mask> [<f_ip> <f_mask>] <server_tag>
[no] aaa authentication serial|telnet|ssh|http|enable console <server_tag>
[no] aaa authentication|authorization|accounting match <access_list_name> <if_name> <server_tag>
[no] aaa authorization command {LOCAL | tacacs_server_tag} aaa proxy-limit <proxy limit> | disable
2 aaa-server Define AAA Server group
Specify an AAA server. (Configuration mode.)
Usage:
[no] aaa-server <tag> [<(if_name)>] host <ip_address> [<key>] [timeout <seconds>]
aaa-server <tag> protocol tacacs+|radius
clear aaa-server [<tag>]
[no] aaa-server radius-authport [<auth_port>]
[no] aaa-server radius-acctport [<acct_port>]
3 access-group Bind an access-list to an interface to filter inbound traffic
Binds the access list to an interface. (Configuration mode.)
Usage:
[no] access-group <access-list> in interface <if_name>
4 access-list Add an access list
Create an access list, or use downloadable access lists. (Downloadable access lists are supported for RADIUS servers only). (Configuration mode.)
Usage:
[no] access-list compiled
[no] access-list <id> compiled
[no] access-list <id> deny|permit <protocol>|object-group <protocol_obj_grp_id>
<sip> <smask> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
<dip> <dmask> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
[no] access-list <id> deny|permit icmp
<sip> <smask> | object-group <network_obj_grp_id>
<dip> <dmask> | object-group <network_obj_grp_id>
[<icmp_type> | object-group <icmp_type_obj_grp_id>]
5 activation-key Modify activation-key.
Updates the activation key on your PIX Firewall and checks the activation key running on your PIX Firewall against the activation key stored in the Flash memory of the PIX Firewall. (Configuration mode.)
Usage:
activation-key <activation-key-four-tuple>
show activation-key
Result of firewall command: "sh activation-key"
Serial Number: 807112150 (0x301b8dd6)
Running Activation Key: 0xfed72fb7 0x36ed2c14 0x0bd663eb 0x00aa3e31
Licensed Features:
Failover:           Disabled
VPN-DES:            Enabled
VPN-3DES:           Disabled
Maximum Interfaces: 2
Cut-through Proxy:  Enabled
Guards:             Enabled
URL-filtering:      Enabled
Inside Hosts:       10
Throughput:         Limited
IKE peers:          5
The flash activation key is the SAME as the running key.
6 age This command is deprecated. See ipsec, isakmp, map, ca commands
7 alias Administer overlapping addresses with dual NAT.
Administer overlapping addresses with dual NAT. (Configuration mode.)
Usage:
[no] alias [<(if_name)>] <dnat_ip> <foreign_ip> [<mask>]
8 apply Apply outbound lists to source or destination IP addresses
Usage:
[no] apply [(<if_name>)] <outbound_id>  outgoing_src|outgoing_dest
9 arp Change or view the arp table, and set the arp timeout value
Change or view the ARP cache, and set the timeout value. (Configuration mode.)
Usage:
[no] arp <if_name> <ip> <mac> [alias]
[no] arp timeout <seconds>
10 auth-prompt Customize authentication challenge, reject or acceptance prompt
Change the AAA challenge text. (Configuration mode.)
Usage:
[no | clear] auth-prompt [prompt | accept | reject] "<prompt text>"
11 auto-update Configure auto update support
Specifies how often to poll an Auto Update Server. (Configuration mode.)
Usage:
auto-update device-id hardware-serial | hostname | ipaddress [<if_name>] | mac-address [<if_name>] | string <text>
no auto-update device-id
auto-update poll-period <poll-period> [<retry-count> [<retry-period>]]
no auto-update poll-period
auto-update server <url> [verify-certificate]
no auto-update server
auto-update timeout <period>
no auto-update timeout
12 blocks Show system buffer utilization
Result of firewall command: "sh blocks"
  SIZE MAX LOW CNT
4 600 597 600
80 400 398 399
256 100 99 100
1550 932 634 673
13 ca CEP (Certificate Enrollment Protocol) Create and enroll RSA key pairs into a PKI (Public Key Infrastructure).
ca Configure the PIX Firewall to interoperate with a certification authority (CA). (Configuration mode.)
ca generate rsa key The ca generate rsa command generates RSA key pairs for your PIX Firewall. RSA keys are generated in pairs—one public RSA key and one private RSA key. (Configuration Mode.)
Usage:
ca generate rsa key|specialkey <key_modulus_size>
ca identity <ca_nickname> <ca_ipaddress | hostname>[:<ca_script_location>] [<ldap_ipaddress | hostname>]
ca configure <ca_nickname> ca|ra <retry_period> <retry_count> [crloptional]
ca authenticate <ca_nickname> [<fingerprint>]
ca enroll <ca_nickname> <challenge_password> [serial] [ipaddress]
[no] ca save all
show ca certificate
show ca mypubkey rsa
ca zeroize rsa
Result of firewall command: "show ca mypubkey rsa"
  % Key pair was generated at: 20:06:31 UTC Jun 7 2003
Key name: pixfirewall.ciscopix.com
 Usage: General Purpose Key
 Key Data:
  307c300d 06092a86 4886f70d 01010105 00036b00 30680261 00ce4a57 54bb7280
  0d2e8b0c 8a55a2ba bab2bd07 8d3fcf62 d85e1411 0135e898 16021b78 f4359c26
  169b94c5 1cccf467 f9cbca7a c414e7eb bd3a9bae f13d0b23 3055f83a b362112a
  73a608c1 12a14db1 0d337e54 2a1f13dc ba5b2f94 578933d7 b7020301 0001
14 capture Capture inbound and outbound packets on one or more interfaces
Enables packet capture capabilities for packet sniffing and network fault isolation. (Configuration mode.)
Usage:
capture <capture-name> [access-list <acl-name>] [buffer <buf-size>] [ethernet-type <type>] [interface <if-name>] [packet-length <bytes>]
clear capture <capture-name>
no capture <capture-name> [access-list] [interface <if-name>]
show capture [<capture-name> [access-list <acl-name>] [count <number>]  [detail] [dump]]
15 checksum View configuration information cryptochecksum
Result of firewall command: "sh checksum"
  Cryptochecksum: 99fa64ee 32accc00 4e83bf0b c0bc907d
16 chunkstat Display chunk stats
Result of firewall command: "sh chunkstat"
  Chunk statistics: created 1, destroyed: 0,sibs created: 0, sibs trimmed: 0
Dump of chunk at 80a5bf48, name "DHCPD Internal Radix Tree Nodes", data start @ 80a5c020, end @ 80a5c4a0
 flink: 80650e00, blink: 80650e00
 next: cccccccc, next_sibling: 00000000, prev_sibling: 00000000
 flags 00000005
 maximum chunk elt's: 32, elt size: 36, index first free 31
 # chunks in use: 1, HWM of total used: 1, alignment: 8
всего выдало 359 строк
17 clear Removes configuration files and commands from the configuration, or resets command values. (All modes.) However, using the no form of a command is preferred to using the clear form to change your configuration because the no form is usually more precise.
18 clock Show and set the date and time of PIX
Set the PIX Firewall clock for use with the PIX Firewall Syslog Server (PFSS) and the Public Key Infrastructure (PKI) protocol. (Configuration mode.)
Usage:
clock set <hh:mm:ss> {<day> <month> | <month> <day>} <year>
clock summer-time <zone> recurring [<week> <weekday> <month> <hh:mm> <week> <weekday> <month> <hh:mm>] [<offset>]
clock summer-time <zone> date {<day> <month> | <month> <day>} <year> <hh:mm> {<day> <month> | <month> <day>} <year> <hh:mm> [<offset>]
no clock summer-time
clock timezone <zone> <hours> [<minutes>]
no clock timezone
show clock [detail]
Result of firewall command: "sh clock"
  21:42:53.880 UTC Sat Jun 7 2003
19 conduit Add conduit access to higher security level network or ICMP
Add, delete, or show conduits through the PIX Firewall for incoming connections. However, the conduit command has been superseded by the access-list command. We recommend that you migrate your configuration away from the conduit command to maintain future compatibility. (Configuration mode.)
Usage:
[no] conduit deny|permit <protocol>|object-group <protocol_obj_grp_id>
<g_ip> <g_mask> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
<f_ip> <f_mask> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
[no] conduit deny|permit icmp <g_ip> <g_mask> | object-group <network_obj_grp_id>
<f_ip> <f_mask> | object-group <network_obj_grp_id>
[<icmp_type> | object-group <icmp_type_obj_grp_id>]
20 configure Configure from terminal, floppy, memory, network, or factory-default.  The configuration will be merged with the active configuration except for factory-default in which case the active configuration is cleared first.
Clear or merge the current configuration with that on floppy or in  flash memory, start configuration mode, or view the current configuration. For the PIX 501 and PIX 506/506E only, the command restores the factory default configuration. (Privileged mode.)
Usage:
configure [terminal|floppy|memory]
configure http[s]://[<user>:<password>@]<location>[:<port>]/<pathname>
configure net [<location>]:[<pathname>]
configure factory-default [<inside_ip> [<mask>]]
clear configure [primary|secondary|all]
Result of firewall command: "sh configure"
  : Saved
: Written by enable_15 at 23:24:35.446 UTC Tue Jun 3 2003
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 9bGG8GMY4xqeq5Hr encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 213.147.32.39 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d
21 copy Change software images without requiring access to the TFTP monitor mode. (Configuration mode.)
USAGE:
copy capture:<capture-name> tftp://<location>/<pathname> [pcap]
copy http[s]://[<user>:<password>@]<location>[:<port>]/<pathname>flash[:[image | pdm]]
copy tftp[:[[//location][/pathname]]] flash[:[image | pdm]]
22 conn Display connection information
Result of firewall command: "show conn"
0 in use, 0 most used
23 cpu Display cpu usage
Result of firewall command: "sh cpu usage"
  CPU utilization for 5 seconds = 0%; 1 minute: 1%; 5 minutes: 1%
24 crypto Configure IPsec, IKE, and CA
crypto dynamic-map Create, view, or delete a dynamic crypto map entry. (Configuration mode.)
crypto ipsec Create, view, or delete IPSec security associations, security association global lifetime values, and global transform sets. (Configuration mode.)
crypto map Create, modify, view or delete a crypto map entry. Also used to  delete a crypto map set. (Configuration mode.)
Usage:
crypto { ca | dynamic-map | map | ipsec | isakmp } ...
25 curpriv Display current privilege level
Result of firewall command: "sh curpriv"
  Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV P_CONF
26 debug Debug packets or ICMP tracings through the PIX Firewall.
You can debug packets or ICMP tracings through the PIX Firewall. The debug command provides information that helps troubleshoot protocols operating with and through the PIX Firewall. (Configuration mode.)
Usage:
[no] debug icmp trace
[no] debug packet <if_name> [src <s_ip> [netmask <m>]]
[dst <d_ip> [netmask <m>]]
[[proto icmp]|[proto tcp [sport <s_p>] [dport <d_p>]]
|[proto udp [sport <s_p>] [dport d_p]] [rx|tx|both]
[no] debug sqlnet
[no] debug crypto ipsec|isakmp|ca
[no] debug dhcpc detail|error|packet
[no] debug dhcpd event|packet
[no] debug vpdn error|event|packet
[no] debug ppp error|io|uauth|chap|upap|negotiation
[no] debug pppoe error|packet|event
[no] debug ssh
[no] debug h323 h225|h245|ras asn|event
[no] debug fover <sub option>
[no] debug rtsp
[no] debug fixup <udp|tcp>
[no] debug rip
[no] debug pdm history
[no] debug ssl [cipher|device]
[no] debug dns <resolver|all>
[no] debug sip
[no] debug skinny
[no] debug access-list <all|standard|turbo>
[no] debug radius [session|all|user <user_name>]
[no] debug ntp [adjust|authentication|events|loopfilter|packets|params|
select|sync|validity]
[no] debug ils
[no] debug igmp
[no] debug mfwd
[no] debug xdmcp
27 dhcpd Configure DHCP Server
The dhcpd command controls the DHCP server feature. (Configuration mode.)
Usage:
dhcpd address <ip1>[-<ip2>] [<srv_ifc_name>]
dhcpd dns <dnsip1> [<dnsip2>]
dhcpd wins <winsip1> [<winsip2>]
dhcpd lease <lease_length>
dhcpd ping_timeout <timeout>
dhcpd domain <domain_name>
dhcpd option <code> {ascii <string> | hex <hex_string> | ip <address_1> [<address_2>]}
dhcpd auto_config [<clnt_ifc_name>]
dhcpd enable [<srv_ifc_name>]
show dhcpd [binding|statistics]
Result of firewall command: "sh dhcpd"
  dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
28 disable Exit privileged mode and return to unprivileged mode. (Privileged mode.)
29 domain-name Change domain name
Change the IPSec domain name. (Configuration mode.)
Usage:
domain-name <name>
Result of firewall command: "sh domain-name"
domain-name ciscopix.com
30 dynamic-map Specify a dynamic crypto map template
View or delete a dynamic crypto map entry. (Configuration mode.)
Usage:
crypto dynamic-map <map> <seq>
match address <acl-name> |
set pfs {group1|group2} |
set peer <ip-addr> |
set transform-set <proposal> [<proposal> ...]|
set security-association lifetime | {seconds <secs>|kilobytes <kbytes>}
31 eeprom show or reprogram the 525 onboard i82559 devices
This command applies only to PIX 525 models with serial numbers 44480380055 through 44480480044. Displays and updates the contents of the EEPROM non-volatile storage devices used for low-level Ethernet interface configuration information. (Configuration mode.)
Usage:
show eeprom
eeprom update
Result of firewall command: "sh eeprom"
  This eeprom does not support the platform
32 enable Configure enable passwords
Start privileged mode or access privilege levels. (Unprivileged mode for enable, and Configuration mode for enable password.)
Usage:
enable password [<pw>] [level <level>] [encrypted]
no enable password level <level>
show enable
Result of firewall command: "show enable"
enable password 9bGG8GMY4xqeq5Hr encrypted
33 established Allow inbound connections based on established connections
Permit return connections on ports other than those used for the originating connection based on an established connection. (Configuration mode.)
Usage:
[no] established <est_protocol> <dport> [sport] [permitto <protocol> <port>[-<port>]] [permitfrom <protocol> <port>[-<port>]]
34 exit Exit an access mode. (All modes.)
35 failover Enable/disable PIX failover feature to a standby PIX
Change or view access to the optional failover feature. (Configuration mode.)
Usage:
[no] failover [active]
failover ip address <if_name> <ip_address>
failover mac address <ifc_name> <act_mac> <stn_mac>
failover reset
failover link <if_name>
failover poll <seconds>
failover replication http
failover lan unit primary|secondary | interface <lan_if_name>|  key <key_secret>|  enable
show failover [lan [detail]]
Result of firewall command: "sh failover"
No license for Failover
36 filter Enable, disable, or view URL, Java, and ActiveX filtering
Enables, disables, or displays URL, Java, or ActiveX filtering. (Configuration mode.)
Usage:
[no] filter url <port>[-<port>]|except <lcl_ip> <mask> <frgn_ip> <mask> [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate]
[no] filter ActiveX|Java <port>[-<port>] <lcl_ip> <mask> <frgn_ip> <mask>
37 fixup Add or delete PIX service and feature defaults
fixup protocol Modifies PIX Firewall protocol fixups to add, delete, or change services and feature defaults. (Configuration mode.)
Usage:
[no] fixup protocol <prot> [<option>] <port>[-<port>]
38 flashfs Show, destroy, or preserve filesystem information
Clear, display, or downgrade filesystem information. (Configuration mode.)
Usage:
[no|clear|show] flashfs [downgrade 4.X|5.1|5.0]
Result of firewall command: "sh flashfs"
flash file system:  version:2  magic:0x12345679
file 0: origin:       0 length:1540152
file 1: origin: 1572864 length:1644
file 2: origin:       0 length:0
file 3: origin: 1703936 length:4748324
file 4: origin: 7864320 length:280
39 floodguard Enable or disable Flood Defender to protect against flood attacks. (Configuration mode.)
USAGE:
[no] floodguard
40 fragment Configure the IP fragment database
The fragment command provides additional management of packet fragmentation and improves compatibility with NFS. (Configuration Mode.)
Usage:
fragment {size|chain|timeout} <limit> [<interface>]
show fragment [<interface>]
clear fragment
Result of firewall command: "sh fragment"
Interface: outside
    Size: 200, Chain: 24, Timeout: 5
    Queue: 0, Assemble: 0, Fail: 0, Overflow: 0
Interface: inside
    Size: 200, Chain: 24, Timeout: 5
    Queue: 0, Assemble: 0, Fail: 0, Overflow: 0
41 global Specify, delete or view global address pools, or designate a PAT(Port Address Translated) address
Create or delete entries from a pool of global addresses. (Configuration mode.)
Usage:
[no] global [(<ext_if_name>)] <nat_id> {<global_ip>[-<global_ip>] [netmask <global_mask>]} | interface
42 h225 Show the current h225 data stored for each connection.
Result of firewall command: "sh h225"
Total: 0 LOCAL TPKT FOREIGN TPKT
43 h245 List the h245 connections.
Result of firewall command: "sh h245"
Total: 0 LOCAL TPKT FOREIGN TPKT
44 h323-ras Show the current h323 ras data stored for each connection.
Result of firewall command: "sh h323-ras"
Total: 0 GK Callert
45 help Display help information. (Unprivileged, Privileged, and Configuration modes.)
USAGE:
Help list
46 hostname Change the host name in the PIX Firewall command line prompt. (Configuration mode.)
USAGE:
hostname <name>
47 history Display the session command history
48 http Configure HTTP server
Enables the PIX Firewall HTTP server and specifies the clients that are permitted to access it. Additionally, for access, the Cisco PIX Device Manager (PDM) requires that the PIX Firewall have an enabled HTTP server. (Configuration mode.)
Usage:
[no] http <local_ip> [<mask>] [<if_name>]
[no] http server enable
49 icmp Configure access for ICMP traffic that terminates at an interface
Enable or disable pinging to an interface. (Configuration mode.)
Usage:
[no] icmp permit|deny <ip-address> <net-mask> [<icmp-type>] <if-name>
[clear|show] icmp
50 interface Identify network interface type, speed duplex, and if shutdown
Identify network interface speed and duplex. (Configuration mode.)
Usage:
interface <hardware_id> [<hw_speed> [<shutdown>]]
Result of firewall command: "sh interface"
interface ethernet0 "outside" is up, line protocol is down
  Hardware is i82559 ethernet, address is 000c.850c.66d7
  IP address 213.147.32.39, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/0)
output queue (curr/max blocks): hardware (0/0) software (0/0)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000c.850c.66d8
  IP address 192.168.1.1, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 10000 Kbit full duplex
6987 packets input, 647172 bytes, 0 no buffer
Received 95 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
11068 packets output, 13354718 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/8)
output queue (curr/max blocks): hardware (1/15) software (0/9)
51 igmp Clear or display IGMP groups
Refer to the multicast command for the igmp subcommands.
Usage:
show igmp [<group>|interface <interface_name>] [detail]
clear igmp [<group>|interface <interface_name>]
52 ip Set the ip address and mask for an interface/ Define a local address pool / Configure Unicast RPF on an interface / Configure the Intrusion Detection System
ip address Identifies addresses for network interfaces, and enables you to set the number of times the PIX Firewall will poll for DHCP information. (Configuration mode.)
ip audit Configures IDS signature use. (Configuration mode.)
ip local pool Identify addresses for a local pool. (Configuration mode.)
ip verify reverse-path Implements Unicast RPF IP spoofing protection. (Configuration mode.)
Usage:
ip address <if_name> <ip_address> [<mask>]
ip address <if_name> dhcp [setroute] [retry <retry_cnt>]
ip address <if_name> pppoe [setroute]
ip address <if_name> <ip_address> <mask> pppoe [setroute]
ip local pool <poolname> <ip1>[-<ip2>]
ip verify reverse-path interface <if_name>
ip audit [name|signature|interface|attack|info] ...
show|clear ip audit count [global] [interface <interface>]
show ip address <if_name> [pppoe|dhcp [lease|server]]
Result of firewall command: "sh ip"
System IP Addresses:
ip address outside 213.147.32.39 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
Current IP Addresses:
ip address outside 213.147.32.39 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
53 ipsec Configure IPSEC policy
Usage:
crypto ipsec transform-set <trans-name> [ ah-md5-hmac|ah-sha-hmac ] [ esp-des|esp-3des|esp-null ] [ esp-md5-hmac|esp-sha-hmac ]
crypto ipsec transform-set <trans-name> mode transport
show crypto ipsec { sa [map <map-name>|address|detail|identity]
clear crypto [ipsec] sa { peer <addr> |map <map-name> | counters |  entry <addr> <prot> <spi>
54 isakmp Configure ISAKMP policy
isakmp Negotiates IPSec security associations and enables IPSec secure communications. (Configuration mode.)
isakmp policy The isakmp policy commands are included with the isakmp commands. Please refer to the isakmp commands for usage information on the isakmp policy commands.
Usage:
isakmp policy <priority> authen <pre-share|rsa-sig>
isakmp policy <priority> encrypt <des|3des>
isakmp policy <priority> hash <md5|sha>
isakmp policy <priority> group <1|2>
isakmp policy <priority> lifetime <seconds>
isakmp key <key-string> address <ip> [netmask <mask>] [no-xauth] [no-config-mode]
isakmp enable <if_name>
isakmp identity <address|hostname|key-id> [<key-id-string>]
isakmp keepalive <seconds> [<retry seconds>]
isakmp client configuration address-pool local <poolname> [<pif_name>]
isakmp peer fqdn|ip <fqdn|ip> [no-xauth] [no-config-mode]
55 kill Terminate a Telnet session. (Privileged mode.)
Usage:
kill <telnet_id>
56 local-host Display or clear the local host network information
57 logging Enable logging facility
Enable or disable syslog and SNMP logging. (Configuration mode.)
Usage:
[no] logging on
[no] logging timestamp
[no] logging standby
[no] logging host [<in_if>] <l_ip> [tcp|udp/port#]
[no] logging console <level>
[no] logging buffered <level>
[no] logging monitor <level>
[no] logging history <level>
[no] logging trap <level>
[no] logging message <syslog_id>
[no] logging facility <fac>
logging queue <queue_size>
Result of firewall command: "sh logging"
Syslog logging: disabled
    Facility: 20
    Timestamp logging: disabled
    Standby logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: disabled
    History logging: disabled
58 login Initiates the log-in prompt on the PIX Firewall for starting a session, accessing another privilege level, or command mode as a specific user. (Unprivileged mode.)
59 map Configure IPsec crypto map
Usage:
crypto map <map> <seq>
ipsec-manual|ipsec-isakmp |
match address <acl-number> |
set pfs {group1|group2} |
set peer <ip-addr> |
set transform-set <trans-name> |
set security-association lifetime | {seconds <sec>|kilobytes <kbytes>}|
set session-key {inbound|outbound} ah <spi> <hex-key> |
set session-key {inbound|outbound} esp <spi> cipher <hex-key> authenticator <hex-key>
crypto map <map> client configuration address initiate|respond
crypto map <map> client [token] authentication <aaa-server>
Result of firewall command: "sh map"
No crypto maps found.
60 memory System memory utilization
Result of firewall command: "sh memory"
16777216 bytes total, 4538368 bytes free
61 mroute Configure a multicast route
Configures a static multicast route. (Configuration mode.)
Usage:
[no] mroute <src> <smask> <in_if_name> <dst> <dmask> <out_if_name> [show|clear] mroute [<dst> [<src>]]
62 mtu Specify MTU(Maximum Transmission Unit) for an interface
Specify the maximum transmission unit (MTU) for an interface. (Configuration mode.)
Usage:
mtu <if_name> <bytes> | (64-65535)
63 multicast Configure multicast on an interface
Enables multicast traffic to pass through the PIX Firewall. Includes an igmp subcommand mode for multicast support. (Configuration mode.)
Usage:
[no] multicast interface <interface_name>
[show|clear] multicast
64 name Associate a name with an IP address
name/ names Associate a name with an IP address. (Configuration mode.)
Usage:
[no] name <ip_address> <name>
65 nameif Assign a name to an interface
Name interfaces and assign security level. (Configuration mode.)
Usage:
nameif <hardware_id> <if_name> <security_lvl>
no nameif
Result of firewall command: "sh nameif"
nameif ethernet0 outside security0
nameif ethernet1 inside security100
66 names Enable, disable or display IP address to name conversion
name/ names Associate a name with an IP address. (Configuration mode.)
Usage:
[no] names
67 nat Associate a network with a pool of global IP addresses
Associate a network with a pool of global IP addresses. (Configuration mode.)
Usage:
[no] nat [(<if_name>)] <nat_id> <local_ip> [<mask>
[dns] [outside]
[<max_conns> [emb_limit> [<norandomseq>]]]]
[no] nat [(if_name)] 0 [access-list <acl-name> [outside]]
Result of firewall command: "sh nat"
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
68 object-group Create an object group for use in 'access-list', 'conduit', etc
Defines object groups that you can use to optimize your configuration. Objects such as hosts, protocols, or services can be grouped, and then you can issue a single command using the group name to apply to every item in the group. (Configuration mode.)
Usage:
[no] object-group protocol | network | icmp-type <obj_grp_id>
[no] object-group service <obj_grp_id> tcp|udp|tcp-udp
show object-group [protocol | service | icmp-type | network]
show object-group id <obj_grp_id>
clear object-group [protocol | service | icmp-type | network]
69 ntp Configure Network Time Protocol
Synchronizes the PIX Firewall with a network time server using the Network Time Protocol (NTP). (Configuration mode.)
Usage:
ntp authenticate
no ntp authenticate
ntp authentication-key <number> md5 <value>
no ntp authentication-key <number>
ntp server <ip_address> [key <number>] source <if_name> [prefer]
no ntp server <ip_address>
ntp trusted-key <number>
no ntp trusted-key <number>
show ntp [associations [detail] | status]
70 outbound Create an outbound access list
outbound/ apply Create an access list for controlling Internet use. (Configuration mode.)
Usage:
[no] outbound <outbound_id> permit|deny|except <ip> [<mask> [port[-port]] [<protocol>]]
71 pager Control page length for pagination
Enable or disable screen paging. (Privileged mode.)
Usage:
[no] pager [lines <lines>]
72 passwd Change Telnet console access password
Set password for Telnet access to the PIX Firewall console. (Privileged mode.)
Usage:
passwd <password> encrypted
Result of firewall command: "passwd lenmax"
The command has been sent to the firewall
Result of firewall command: "sh passwd"
passwd 9bGG8GMY4xqeq5Hr encrypted
73 pdm Configure Pix Device Manager
These commands support communication between the PIX Firewall and a browser running the Cisco PIX Device Manager (PDM). (Configuration mode.)
Usage:
pdm disconnect <session_id>
pdm history enable
pdm logging [<level> [<messages>]]
show pdm history [view {all|12h|5d|60m|10m}] [snapshot]
[feature {all|blocks|cpu|failover|ids|interface <if_name>|
memory|perfmon|sas|tunnels|xlates}] [pdmclient]
show pdm logging
show pdm sessions
clear pdm
clear pdm location
clear pdm logging
Result of firewall command: "sh pdm sessions"
0 192.168.1.9
74 perfmon View performance information. (Privileged mode.)
Usage:
perfmon interval <seconds>
perfmon quiet | verbose
perfmon settings
75 ping Determine if other IP addresses are visible from the PIX Firewall. (Privileged mode.)
Usage:
ping [if_name] <host>
76 privilege Configure/Display privilege levels for commands
Configures or displays command privilege levels. (Configuration mode.)
Usage:
[no] privilege [{show | clear | configure}] level <level> [mode {enable|configure}] command <command>
show privilege [all | {command <command>} | {level <level>}]
clear privilege
77 quit Configures or displays command privilege levels. (Configuration mode.)
Usage:
quit|exit|^Z
78 reload Reboot and reload the configuration. (Privileged mode.)
Usage:
reload [noconfirm]
79 processes Display processes
Result of firewall command: "sh processes"
PC SP STATE Runtime SBASE Stack Process
Hsi 800b0e09 80759798 8052ddd8 0 80758810 3928/4096 arp_timer
Lsi 800b5271 8077c880 8052ddd8 0 8077b908 3912/4096 FragDBGC
Lwe 8000f9fe 808b6cc0 80531508 0 808b5e48 3704/4096 dbgtrace
Lwe 8020685d 808b8e20 80507300 0 808b6ed8 8008/8192 Logger
Hsi 8020a4ed 808bbee8 8052ddd8 0 808b9f70 7700/8192 tcp_fast
Hsi 8020a38d 808bdf78 8052ddd8 0 808bc000 8008/8192 tcp_slow
Lsi 80137edd 809400f0 8052ddd8 0 8093f168 3928/4096 xlate clean
Lsi 80137deb 80941170 8052ddd8 0 809401f8 3912/4096 uxlate clean
Mwe 8012f423 8095dc88 8052ddd8 0 8095bcf0 7908/8192 tcp_intercept_timer_process
Lsi 80256f4d 8096c430 8052ddd8 0 8096b4a8 3900/4096 route_process
Hsi 8011bd84 8096d4a0 8052ddd8 0 8096c538 3844/4096 Hosts conn cleaner
Hwe 800da249 80999b10 8052ddd8 0 80995ba8 16048/16384 isakmp_time_keeper
Lsi 801217ac 809a6d80 8052ddd8 0 809a5df8 3928/4096 perfmon
Hwe 800d6f61 809aeb60 804eda20 0 809adc18 3912/4096 Ipsec response handler
Mwe 800d2671 809b0c20 8052ddd8 0 809aeca8 7860/8192 Ipsec response handler
Hwe 801c089b 809c2f98 8053d5f8 0 809c1040 7096/8192 qos_metric_daemon
Lwe 8012ff5a 809d9d08 80539908 0 809d8e90 3704/4096 pix/trace
Lwe 8013016a 809dad98 80539fd0 0 809d9f20 3704/4096 pix/tconsole
Hwe 800b2dd0 809dce28 80753b9c 0 809dafb0 7196/8192 pix/intf1
Hwe 800b2dd0 809deee8 80753b58 180 809dd040 5068/8192 pix/intf0
Hwe 80015207 809e4be8 80318530 0 809e10e0 14780/16384 ci/console
Csi 801299b3 809e60c8 8052ddd8 10 809e5170 3540/4096 update_cpu_usage
Hwe 8011a791 80a08880 804ef288 0 80a069f8 7676/8192 uauth0
Hwe 8011a791 80a0a920 804ef298 0 80a08a98 7676/8192 uauth1
Hwe 802090d1 80a0ca00 80793e1c 0 80a0ab28 7896/8192 uauth
Hwe 8021b280 80a0db30 805077c8 0 80a0cbb8 3960/4096 udp_timer
Hsi 800aa0d2 80a0f490 8052ddd8 0 80a0e518 3892/4096 557mcfix
Crd 800aa087 80a10540 8052e240 3890250 80a0f5a8 3704/4096 557poll
Lsi 800aa139 80a115b0 8052ddd8 0 80a10638 3748/4096 557timer
Cwe 800b2e00 80a22638 8077ecf8 0 80a216f0 3912/4096 fover_ip1
Cwe 800abb55 80a23688 808420b4 230 80a22780 3620/4096 ip/1:1
Hwe 800b2e00 80a24758 8077ecd0 0 80a23810 3912/4096 icmp1
Mwe 8021aff6 80a257d8 807cd974 0 80a248a0 3896/4096 riprx/1
Msi 801c8831 80a268a8 8052ddd8 0 80a25930 3888/4096 riptx/1
Hwe 800b2e00 80a27910 8077eca8 10 80a269d8 3784/4096 udp_thread/1
Hwe 800b2e00 80a28988 8077ec80 1010 80a27a80 3360/4096 tcp_thread/1
Cwe 800b2e00 80a29a68 8077ec58 0 80a28b20 3912/4096 fover_ip0
Cwe 800abb55 80a2aab8 807cec04 0 80a29bb0 3848/4096 ip/0:0
Hwe 800b2e00 80a2bb88 8077ec30 0 80a2ac40 3912/4096 icmp0
Mwe 8021aff6 80a2cc18 807cd934 0 80a2bce0 3896/4096 riprx/0
Msi 801c8831 80a2dcf8 8052ddd8 0 80a2cd80 3888/4096 riptx/0
Hwe 800b2e00 80a2ed60 8077ec08 0 80a2de28 3896/4096 udp_thread/0
Hwe 800b2e00 80a2fdd8 8077ebe0 0 80a2eed0 3848/4096 tcp_thread/0
Hwe 802092e5 80a56d30 8078031c 20 80a56a88 300/1024 listen/http1
Mwe 80021681 80a59028 8052ddd8 0 80a570a0 7892/8192 DHCPD Timer
Mwe 801992c2 80a5e490 8052ddd8 0 80a5c518 7704/8192 Crypto CA
Mwe 80112884 80a78e60 804ef028 38490 80a77538 4664/8192 http1
M* 80209c9f 7ffffe2c 8052de00 10 80a79aa0 4116/8192 http1
80 rip Broadcast default route or passive RIP
Change RIP settings. (Configuration mode.)
Usage:
[no] rip <if_name> default|passive [version <1|2>] [authentication <text|md5> <key> <key id>]
81 route Enter a static route for an interface
Enter a static or default route for the specified interface. (Configuration mode.)
Usage:
[no] route <if_name> <foreign_ip> <mask> <gateway> [<metric>]
Result of firewall command: "sh route"
outside 0.0.0.0 0.0.0.0 213.147.32.33 1 OTHER static
inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
outside 213.147.32.0 255.255.255.0 213.147.32.39 1 CONNECT static
83 running-config Display the current running configuration
Result of firewall command: "sh running-config"
: Saved
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 9bGG8GMY4xqeq5Hr encrypted
passwd 9bGG8GMY4xqeq5Hr encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 213.147.32.39 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d
: end
84 service Enable system services
Reset inbound connections. (Configuration mode.)
Usage:
service {resetinbound|resetoutside}
85 setup The setup command prompts you to enter the information needed to use the Cisco PIX Device Manager (PDM) with a new PIX Firewall. (Configuration Mode.)
86 session Access an internal AccessPro router console
Access an embedded AccessPro router console; only use this command if you have an AccessPro router installed in your PIX Firewall. (Privileged mode.)
Usage:
[no] session enable
87 show View command information. (All modes.)
show blocks/ clear blocks Show system buffer utilization. (Privileged mode.)
show checksum Display the configuration checksum. (Unprivileged mode.)
show conn Display all active connections. (Privileged mode.)
show cpu usage The show cpu usage command displays CPU utilization. (Privileged or configuration mode.)
show history Display previously entered commands. (Privileged mode.)
show local-host/clear local host View local host network states. (Privileged mode (show), configuration mode (clear).)
show memory Show system memory utilization. (Privileged mode.)
show processes Display processes. (Privileged mode.)
show running-config Display the PIX Firewall running configuration. (Privileged mode.)
show startup-config Display the PIX Firewall startup configuration. (Privileged mode.)
show tech-support View information to help a support analyst. (Privileged mode.)
show traffic/clear traffic Shows interface transmit and receive activity. (Privileged mode.)
show uauth/clear uauth Delete all authorization caches for a user. (Privileged mode.)
show version View the PIX Firewall operating information. (Unprivileged mode.)
show xlate/clear xlate View or clear translation slot information. (Privileged mode.)
88 shun Manages the filtering of packets from undesired hosts
The shun command enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection. (Configuration Mode.)
Usage:
shun src_ip [dst_ip sport dport [prot]]
no shun src_ip
show shun [src_ip|statistics]
clear shun [statistics]
89 snmp-server Provide SNMP and event information
Provide PIX Firewall event information through SNMP. (Configuration mode.)
Usage:
[no] snmp-server community|contact|location <text>
[no] snmp-server host [<if_name>] <local_ip> [trap|poll]
[no] snmp-server enable traps
Result of firewall command: "sh snmp-server"
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
90 ssh Add SSH access to PIX console, set idle timeout, display list of active SSH sessions & terminate a SSH session
Specify a host for PIX Firewall console access through Secure Shell (SSH). (Configuration mode.)
Usage:
[no] ssh <local_ip> [<mask>] [<if_name>]
ssh timeout <number>
show ssh sessions [<client_ip>]
ssh disconnect <session_id>
91 startup-config Display the startup configuration
Result of firewall command: "sh startup-config"
: Saved
: Written by enable_15 at 23:24:35.446 UTC Tue Jun 3 2003
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 9bGG8GMY4xqeq5Hr encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 213.147.32.39 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d
92 static Configure one-to-one address translation rule
Configure a persistent one-to-one address translation rule by mapping a local IP address to a global IP address. This is also known as Static Port Address Translation (Static PAT). (Configuration mode.)
Usage:
[no] static [(internal_if_name, external_if_name)]
{<global_ip>|interface} <local_ip> [dns] [netmask <mask>]
[<max_conns> [<emb_limit> [<norandomseq>]]]
[no] static [(internal_if_name, external_if_name)] {tcp|udp}
{<global_ip>|interface} <global_port>
<local_ip> <local_port> [dns] [netmask <mask>]
[<max_conns> [<emb_limit> [<norandomseq>]]]
93 syslog Enable syslog message facility. Obsolete command replaced by the logging command. (Privileged mode.)
Usage:
[no] logging on
[no] logging timestamp
[no] logging standby
[no] logging host [<in_if>] <l_ip> [tcp|udp/port#]
[no] logging console <level>
[no] logging buffered <level>
[no] logging monitor <level>
[no] logging history <level>
[no] logging trap <level>
[no] logging message <syslog_id>
[no] logging facility <fac>
logging queue <queue_size>
94 sysopt Set system functional option
Change PIX Firewall system options. (Configuration mode.)
Usage:
    [no] sysopt connection { permit-ipsec | permit-l2tp |
               permit-pptp | timewait | {tcpmss [minimum] <bytes>} }
    [no] sysopt ipsec pl-compatible
    [no] sysopt noproxyarp <if-name>
    [no] sysopt nodnsalias { inbound | outbound }
    [no] sysopt security fragguard
    [no] sysopt radius ignore-secret
    [no] sysopt uauth allow-http-cache
    [no] sysopt route dnat
Result of firewall command: "sh sysopt"
no sysopt security fragguard
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
no sysopt radius ignore-secret
no sysopt uauth allow-http-cache
no sysopt connection permit-ipsec
no sysopt connection permit-pptp
no sysopt connection permit-l2tp
no sysopt ipsec pl-compatible
no sysopt route dnat
95 tcpstat Display status of tcp stack and tcp connections
Result of firewall command: "sh tcpstat"
CURRENT MAX TOTAL
tcb_cnt 3 5 320
proxy_cnt 0 0 160
tcp_xmt pkts = 12218
tcp_rcv good pkts = 868
tcp_rcv drop pkts = 0
tcp bad chksum = 0
tcp user hash add = 290
tcp user hash add dup = 0
tcp user srch hash hit = 7893
tcp user srch hash miss = 582
tcp user hash delete = 288
tcp user hash delete miss = 0
lip = 192.168.1.1 fip = 192.168.1.9 lp = 443 fp = 1122 st = 4 rexqlen = 0 inqlen = 0   tw_timer = 0 to_timer = 174000 cl_timer = 0 per_timer = 0 rt_timer = 0 tries = 0
lip = 0.0.0.0 fip = 0.0.0.0 lp = 443 fp = 0 st = 1 rexqlen = 0 inqlen = 0   tw_timer = 0 to_timer = 0 cl_timer = 0 per_timer = 0 rt_timer = 0 tries = 0
lip = 192.168.1.1 fip = 192.168.1.9 lp = 443 fp = 1423 st = 4 rexqlen = 1 inqlen = 0   tw_timer = 0 to_timer = 180000 cl_timer = 0 per_timer = 0 rt_timer = 1000 tries = 1
96 tech-support Tech support
Result of firewall command: "sh tech-support"
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.1(1)
Compiled on Fri 07-Jun-02 17:49 by morlee
pixfirewall up 2 hours 28 mins
Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 000c.850c.66d7, irq 9
1: ethernet1: address is 000c.850c.66d8, irq 10
Licensed Features:
Failover:           Disabled
VPN-DES:            Enabled
VPN-3DES:           Disabled
Maximum Interfaces: 2
Cut-through Proxy:  Enabled
Guards:             Enabled
URL-filtering:      Enabled
Inside Hosts:       10
Throughput:         Limited
IKE peers:          5
Serial Number: 807112150 (0x301b8dd6)
Running Activation Key: 0xfed72fb7 0x36ed2c14 0x0bd663eb 0x00aa3e31
Configuration last modified by enable_15 at 22:19:24.612 UTC Sat Jun 7 2003
------------------ show config (run time) ------------------
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 9bGG8GMY4xqeq5Hr encrypted
passwd 9bGG8GMY4xqeq5Hr encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 213.147.32.39 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 213.147.32.33 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:99fa64ee32accc004e83bf0bc0bc907d
------------------ show blocks ------------------
SIZE MAX LOW CNT
4 600 597 600
80 400 398 398
256 100 99 100
1550 932 634 668
------------------ show interface ------------------
interface ethernet0 "outside" is up, line protocol is down
  Hardware is i82559 ethernet, address is 000c.850c.66d7
  IP address 213.147.32.39, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/0)
output queue (curr/max blocks): hardware (0/0) software (0/0)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000c.850c.66d8
  IP address 192.168.1.1, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 10000 Kbit full duplex
8657 packets input, 829764 bytes, 0 no buffer
Received 117 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
13462 packets output, 15910763 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/8)
output queue (curr/max blocks): hardware (3/15) software (0/9)
------------------ show process ------------------
    PC       SP       STATE       Runtime    SBASE     Stack Process
Hsi 800b0e09 80759798 8052ddd8 0 80758810 3928/4096 arp_timer
Lsi 800b5271 8077c880 8052ddd8 0 8077b908 3912/4096 FragDBGC
------------------ show failover ------------------
No license for Failover
97 telnet Add telnet access to PIX console and set idle timeout
Specify the host for PIX Firewall console access via Telnet. (Configuration mode.)
Usage:
[no] telnet <local_ip> [<mask>] [<if_name>]
telnet timeout <number>
98 terminal Set terminal line parameters
Change console terminal settings. (Configuration mode.)
Usage:
terminal {width <columns> | [no] monitor}
99 tftp-server Specify default TFTP server address and directory
Specify the IP address of the TFTP configuration server. (Configuration mode.)
Usage:
tftp-server [<if_name>] <ip> <directory>
[no|show|clear] tftp-server
100 timeout Set the maximum idle times
Set the maximum idle time duration. (Configuration mode.)
Usage:
timeout [xlate|conn|half-closed|udp|rpc|h323|sip|sip_media|uauth  <hh:mm:ss> [...]]
show timeout [xlate|conn|half-closed|udp|rpc|h323|sip|sip_media|uauth]
Result of firewall command: "sh timeout"
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
101 traffic Counters for traffic statistics
Result of firewall command: "sh traffic"
outside:
received (in 9117.190 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 9117.190 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
inside:
received (in 9117.200 secs):
8876 packets 852092 bytes
0 pkts/sec 93 bytes/sec
transmitted (in 9117.200 secs):
13778 packets 16238530 bytes
1 pkts/sec 1310 bytes/sec
102 uauth Display or clear current user authorization information
Result of firewall command: "sh uauth"
Current    Most Seen
Authenticated Users 0 0
Authen In Progress 0 1
103 url-cache Enable URL caching
Caches webserver responses that are pending a permit or deny response from an N2H2 or Websense server. (Configuration mode.)
Usage:
[no] url-cache <dst|src_dst> size <Kbytes>
104 url-block Enable URL pending block buffer and long URL support
Enables long URL support and HTTP response buffering for URL filtering services. (Configuration mode.)
Result of firewall command: "show url-block block stat"
URL Pending Packet Buffer Stats with max block 0
-----------------------------------------------------
Cumulative number of packets held: 0
Maximum number of packets held (per URL): 0
Current number of packets held (global): 0
Packets dropped due to
       exceeding url-block buffer limit: 0
       HTTP server retransmission: 0
Number of packets released back to client: 0
105 url-server Specify a URL filter server
Designate a server running either N2H2 or Websense for use with the filter command; you cannot run both of these URL filtering services simultaneously. (Configuration mode.)
Usage:
[no] url-server [<(if_name)>] [vendor websense] host <local_ip> [timeout <seconds>] [protocol TCP|UDP [version 1|4]]
[no] url-server [<(if_name)>] vendor n2h2 host <local_ip> [port <number>] [timeout <seconds>] [protocol TCP|UDP]
106 username Configure user authentication local database
Sets the username for the specified privilege level. (Configuration mode.)
Usage:
username <username> {nopassword|password <password>[encrypted]} [privilege <level>]
username <username> privilege <level>
[no|show} username {<name>]
clear username
107 version Display PIX system software version
Result of firewall command: "sh version"
Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.1(1)
Compiled on Fri 07-Jun-02 17:49 by morlee
pixfirewall up 2 hours 37 mins
Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 000c.850c.66d7, irq 9
1: ethernet1: address is 000c.850c.66d8, irq 10
Licensed Features:
Failover:           Disabled
VPN-DES:            Enabled
VPN-3DES:           Disabled
Maximum Interfaces: 2
Cut-through Proxy:  Enabled
Guards:             Enabled
URL-filtering:      Enabled
Inside Hosts:       10
Throughput:         Limited
IKE peers:          5
Serial Number: 807112150 (0x301b8dd6)
Running Activation Key: 0xfed72fb7 0x36ed2c14 0x0bd663eb 0x00aa3e31
Configuration last modified by enable_15 at 22:19:24.612 UTC Sat Jun 7 2003
108 virtual Set address for authentication virtual servers
Sets the username for the specified privilege level. (Configuration mode.)
Usage:
[no] virtual http <ip> [warn]
[no] virtual telnet <ip>
109 vpdn Configure VPDN (PPTP, L2TP, PPPoE) Policy
Implement the L2TP, PPTP, or PPPoE features. (Configuration mode.)
Usage:
vpdn group <name>
accept dialin pptp|l2tp
request dialout pppoe
ppp authentication pap|chap|mschap |
ppp encryption mppe 40|128|auto [required] |
client configuration address local <address_pool_name> |
client configuration dns <dns_ip1> [<dns_ip2>]|
client configuration wins <wins_ip1> [<wins_ip2>]|
client authentication local|aaa <auth_aaa_group>|
client accounting <acct_aaa_group>|
pptp echo <echo_time>|
l2tp tunnel hello <hello_time>
localname <name>
vpdn username <name> password <passwd> [store-local]
vpdn enable <if_name>
show vpdn tunnel [l2tp|pptp|pppoe] [id <tnl_id>|packets|state|summary|transport]
show vpdn session [l2tp|pptp|pppoe] [id <sess_id>|packets|state|window]
show vpdn pppinterface [id <dev_id>]
show vpdn group [<group_name>]
show vpdn username [user_name]
clear vpdn [group|interface|tunnel|username]
110 vpnclient Configure Easy VPN Remote
Initiates Easy VPN Remote setup. (Configuration mode.)
Usage:
vpnclient vpngroup {groupname} password {preshared_key}
vpnclient username {xauth_username} password {xauth_password}
vpnclient server ip_primary [ip_secondary_1] ... [ip_secondary_N]
vpnclient mode {client-mode | network-extension-mode}
vpnclient enable
no vpnclient {vpngroup | username | server | mode | enable}
show vpnclient
clear vpnclient
111 vpngroup Configure group settings for Cisco VPN Clients and Cisco Easy VPN Remote products
Supports Cisco VPN Client version 3.x (Cisco Unified VPN Client Framework) and Easy VPN Remote devices. (Configuration mode.)
Usage:
vpngroup <group_name> address-pool <pool_name>
vpngroup <group_name> dns-server <dns_ip_prim> [<dns_ip_sec>]
vpngroup <group_name> wins-server <wins_ip_prim> [<wins_ip_sec>]
vpngroup <group_name> default-domain <domain_name>
vpngroup <group_name> split-tunnel <access_list>
vpngroup <group_name> split-dns domain_name1 [domain_name2 ... domain_name8]
vpngroup <group_name> pfs
vpngroup <group_name> idle-time <idle_seconds>
vpngroup <group_name> max-time <max_seconds>
vpngroup <group_name> password <preshared_key>
112 who Show active administration sessions on PIX
Show active Telnet administration sessions on the PIX Firewall. (Unprivileged mode.)
Usage:
who [ip]
113 xlate Display current translation and connection slot information
Store, view, or erase the current configuration. (Privileged mode.)
Result of firewall command: "sh xlate"
0 in use, 0 most used