Cisco PCI Solution for Retail 2.0 Design and Implementation Guide
Detailed Full Running Configurations
Download this chapter
Download the complete book
Table Of Contents
Detailed Full Running Configurations
Detailed Full Running Configurations
This appendix includes the following device configurations:
•
Branch Configurations
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
•
–
–
–
–
–
•
–
–
–
–
ASA-DC-1
: Saved:ASA Version 8.4(1) <context>!firewall transparenthostname dca-vc1domain-name cisco-irn.comenable password <removed> encryptedpasswd <removed> encryptednames!interface outsidenameif northbridge-group 1security-level 0!interface insidenameif southbridge-group 1security-level 100!interface BVI1ip address 192.168.162.21 255.255.255.0 standby 192.168.162.22!dns domain-lookup southdns server-group DefaultDNSname-server 192.168.42.130domain-name cisco-irn.comobject-group network AdminStationnetwork-object 192.168.41.101 255.255.255.255object-group network AdminStation2network-object 192.168.41.102 255.255.255.255object-group network AdminStation4-bartnetwork-object 10.19.151.99 255.255.255.255object-group network CSM_INLINE_src_rule_77309411633description Generated by CS-Manager from src of FirewallRule# 2 (ASA-DC-1-vdc1_v1/mandatory)group-object AdminStationgroup-object AdminStation2group-object AdminStation4-bartobject-group network DC-ALLdescription All of the Data Centernetwork-object 192.168.0.0 255.255.0.0object-group network Stores-ALLdescription all store networksnetwork-object 10.10.0.0 255.255.0.0object-group network CSM_INLINE_dst_rule_77309411633description Generated by CS-Manager from dst of FirewallRule# 2 (ASA-DC-1-vdc1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLobject-group network EMC-NCMdescription EMC Network Configuration Managernetwork-object 192.168.42.122 255.255.255.255object-group network CSManagerdescription Cisco Security Managernetwork-object 192.168.42.133 255.255.255.255object-group network RSA-enVisiondescription RSA EnVision Syslog collector and SIMnetwork-object 192.168.42.124 255.255.255.255object-group network AdminStation3network-object 192.168.42.138 255.255.255.255object-group network Admin-Systemsgroup-object EMC-NCMgroup-object AdminStationgroup-object AdminStation2group-object CSManagergroup-object RSA-enVisiongroup-object AdminStation3group-object AdminStation4-bartobject-group network DC-DMZdescription (Optimized by CS-Manager)network-object 192.168.20.0 255.255.252.0network-object 192.168.24.0 255.255.255.0object-group network CSM_INLINE_dst_rule_77309411635description Generated by CS-Manager from dst of FirewallRule# 3 (ASA-DC-1-vdc1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLgroup-object DC-DMZobject-group network CSM_INLINE_src_rule_77309414079description Generated by CS-Manager from src of FirewallRule# 4 (ASA-DC-1-vdc1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLobject-group network CSM_INLINE_src_rule_77309414081description Generated by CS-Manager from src of FirewallRule# 5 (ASA-DC-1-vdc1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLobject-group network ActiveDirectory.cisco-irn.comnetwork-object 192.168.42.130 255.255.255.255object-group network vSphere-1description vSphere server for Labnetwork-object 192.168.41.102 255.255.255.255object-group network WCSManagerdescription Wireless Managernetwork-object 192.168.43.135 255.255.255.255object-group network DC-Wifi-Controllersdescription Central Wireless Controllers for storesnetwork-object 192.168.43.21 255.255.255.255network-object 192.168.43.22 255.255.255.255object-group network DC-Wifi-MSEdescription Mobility Service Enginesnetwork-object 192.168.43.31 255.255.255.255network-object 192.168.43.32 255.255.255.255object-group network CSM_INLINE_src_rule_77309411641description Generated by CS-Manager from src of FirewallRule# 9 (ASA-DC-1-vdc1_v1/mandatory)group-object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSEobject-group network PAME-DC-1network-object 192.168.44.111 255.255.255.255object-group network MSP-DC-1description Data Center VSOMnetwork-object 192.168.44.121 255.255.255.255object-group network CSM_INLINE_src_rule_77309411643description Generated by CS-Manager from src of FirewallRule# 10 (ASA-DC-1-vdc1_v1/mandatory)group-object PAME-DC-1group-object MSP-DC-1object-group network DC-WAASdescription WAE Appliances in Data Centernetwork-object 192.168.48.10 255.255.255.255network-object 192.168.49.10 255.255.255.255network-object 192.168.47.11 255.255.255.255network-object 192.168.47.12 255.255.255.255object-group network CSM_INLINE_src_rule_77309414071description Generated by CS-Manager from src of FirewallRule# 15 (ASA-DC-1-vdc1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLobject-group network NTP-Serversdescription NTP Serversnetwork-object 192.168.62.161 255.255.255.255network-object 162.168.62.162 255.255.255.255object-group network TACACSdescription Csico Secure ACS server for TACACS and Radiusnetwork-object 192.168.42.131 255.255.255.255object-group network RSA-AMdescription RSA Authentication Manager for SecureIDnetwork-object 192.168.42.137 255.255.255.255object-group network NAC-2network-object 192.168.42.112 255.255.255.255object-group network NAC-1description ISE server for NACnetwork-object 192.168.42.111 255.255.255.255object-group network CSM_INLINE_dst_rule_77309411663description Generated by CS-Manager from dst of FirewallRule# 25 (ASA-DC-1-vdc1_v1/mandatory)group-object TACACSgroup-object RSA-AMgroup-object NAC-2group-object NAC-1object-group network CSM_INLINE_dst_rule_77309411665description Generated by CS-Manager from dst of FirewallRule# 26 (ASA-DC-1-vdc1_v1/mandatory)group-object NAC-2group-object NAC-1object-group network CSM_INLINE_dst_rule_77309411669description Generated by CS-Manager from dst of FirewallRule# 28 (ASA-DC-1-vdc1_v1/mandatory)group-object PAME-DC-1group-object MSP-DC-1object-group network CSM_INLINE_dst_rule_77309411671description Generated by CS-Manager from dst of FirewallRule# 29 (ASA-DC-1-vdc1_v1/mandatory)group-object DC-Wifi-Controllersgroup-object DC-Wifi-MSEobject-group network MS-Updatedescription Windows Update Servernetwork-object 192.168.42.150 255.255.255.255object-group network MSExchangedescription Mail Servernetwork-object 192.168.42.140 255.255.255.255object-group network POS-Store-Convnetwork-object 10.10.160.81 255.255.255.255object-group network POS-Store-MSPnetwork-object 10.10.176.81 255.255.255.255object-group network POS-Store-SMALL-1description Small Store POS devicesnetwork-object 10.10.128.81 255.255.255.255network-object 10.10.128.82 255.255.255.255object-group network POS-Store-Mediumnetwork-object 10.10.112.81 255.255.255.255network-object 10.10.125.40 255.255.255.255object-group network POS-Store-Mininetwork-object 10.10.144.81 255.255.255.255object-group network POS-Store-3gnetwork-object 10.10.192.82 255.255.255.255object-group network POS-Store-Largenetwork-object 10.10.96.81 255.255.255.255network-object 10.10.96.82 255.255.255.255object-group network CSM_INLINE_src_rule_77309411683description Generated by CS-Manager from src of FirewallRule# 35 (ASA-DC-1-vdc1_v1/mandatory)group-object POS-Store-Convgroup-object POS-Store-MSPgroup-object POS-Store-SMALL-1group-object POS-Store-Mediumgroup-object POS-Store-Minigroup-object POS-Store-3ggroup-object POS-Store-Largeobject-group network DC-POS-Tomaxdescription Tomax POS Communication from Store to Data Centernetwork-object 192.168.52.96 255.255.255.224object-group network DC-POSdescription POS in the Data Centernetwork-object 192.168.52.0 255.255.255.0object-group network DC-POS-SAPdescription SAP POS Communication from Store to Data Centernetwork-object 192.168.52.144 255.255.255.240object-group network DC-POS-Oracledescription Oracle POS Communication from Store to Data Centernetwork-object 192.168.52.128 255.255.255.240object-group network CSM_INLINE_dst_rule_77309411683description Generated by CS-Manager from dst of FirewallRule# 35 (ASA-DC-1-vdc1_v1/mandatory)group-object DC-POS-Tomaxgroup-object DC-POSgroup-object DC-POS-SAPgroup-object DC-POS-Oracleobject-group network CSM_INLINE_src_rule_77309414158description Generated by CS-Manager from src of FirewallRule# 36 (ASA-DC-1-vdc1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255network-object 192.168.21.0 255.255.255.0object-group network CSM_INLINE_src_rule_77309414160description Generated by CS-Manager from src of FirewallRule# 37 (ASA-DC-1-vdc1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255network-object 192.168.21.0 255.255.255.0object-group network CSM_INLINE_src_rule_77309414162description Generated by CS-Manager from src of FirewallRule# 38 (ASA-DC-1-vdc1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255network-object 192.168.21.0 255.255.255.0object-group service HTTPS-8443service-object tcp destination eq 8443object-group service CSM_INLINE_svc_rule_77309411635description Generated by CS-Manager from service of FirewallRule# 3 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq sshservice-object tcp destination eq httpsgroup-object HTTPS-8443object-group service CSM_INLINE_svc_rule_77309414079description Generated by CS-Manager from service of FirewallRule# 4 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq smtpservice-object tcp destination eq httpsservice-object tcp destination eq sshobject-group service CSM_INLINE_svc_rule_77309414081description Generated by CS-Manager from service of FirewallRule# 5 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq sshobject-group service RPCservice-object tcp destination eq 135object-group service LDAP-GCservice-object tcp destination eq 3268object-group service LDAP-GC-SSLservice-object tcp destination eq 3269object-group service DNS-Resolvingdescription Domain Name Serverservice-object tcp destination eq domainservice-object udp destination eq domainobject-group service Kerberos-TCPservice-object tcp destination eq 88object-group service Microsoft-DS-SMBdescription Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharingservice-object tcp destination eq 445object-group service LDAP-UDPservice-object udp destination eq 389object-group service RPC-HighPortsservice-object tcp destination range 1024 65535object-group service CSM_INLINE_svc_rule_77309411637description Generated by CS-Manager from service of FirewallRule# 7 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsservice-object udp destination eq 88service-object udp destination eq ntpservice-object udp destination eq netbios-dgmgroup-object RPCgroup-object LDAP-GCgroup-object LDAP-GC-SSLgroup-object DNS-Resolvinggroup-object Kerberos-TCPgroup-object Microsoft-DS-SMBgroup-object LDAP-UDPgroup-object RPC-HighPortsobject-group service vCenter-to-ESX4description Communication from vCetner to ESX hostsservice-object tcp destination eq 5989service-object tcp destination eq 8000service-object tcp destination eq 902service-object tcp destination eq 903object-group service CSM_INLINE_svc_rule_77309411639description Generated by CS-Manager from service of FirewallRule# 8 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq sshgroup-object vCenter-to-ESX4object-group service IP-Protocol-97description IP protocol 97service-object 97object-group service TFTPdescription Trivial File Transferservice-object tcp destination eq 69service-object udp destination eq tftpobject-group service LWAPPdescription LWAPP UDP ports 12222 and 12223service-object udp destination eq 12222service-object udp destination eq 12223object-group service CAPWAPdescription CAPWAP UDP ports 5246 and 5247service-object udp destination eq 5246service-object udp destination eq 5247object-group service CSM_INLINE_svc_rule_77309411641description Generated by CS-Manager from service of FirewallRule# 9 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq wwwservice-object udp destination eq isakmpservice-object tcp destination eq telnetservice-object tcp destination eq sshgroup-object IP-Protocol-97group-object TFTPgroup-object LWAPPgroup-object CAPWAPobject-group service TCP1080service-object tcp destination eq 1080object-group service TCP8080service-object tcp destination eq 8080object-group service RDPdescription Windows Remote Desktopservice-object tcp destination eq 3389object-group service CSM_INLINE_svc_rule_77309411645description Generated by CS-Manager from service of FirewallRule# 11 (ASA-DC-1-vdc1_v1/mandatory)service-object icmp echoservice-object icmp echo-replyservice-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq sshservice-object tcp destination eq ftpgroup-object HTTPS-8443group-object TCP1080group-object TCP8080group-object RDPobject-group service CISCO-WAASdescription Ports for Cisco WAASservice-object tcp destination eq 4050object-group service Netbiosdescription Netbios Serversservice-object udp destination eq netbios-dgmservice-object udp destination eq netbios-nsservice-object tcp destination eq netbios-ssnobject-group service CSM_INLINE_svc_rule_77309411647description Generated by CS-Manager from service of FirewallRule# 12 (ASA-DC-1-vdc1_v1/mandatory)group-object CISCO-WAASgroup-object HTTPS-8443group-object Microsoft-DS-SMBgroup-object Netbiosobject-group service CSM_INLINE_svc_rule_77309411649description Generated by CS-Manager from service of FirewallRule# 13 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp-udp destination eq sipservice-object tcp destination eq 2000object-group service CSM_INLINE_svc_rule_77309414071description Generated by CS-Manager from service of FirewallRule# 15 (ASA-DC-1-vdc1_v1/mandatory)service-object icmp echoservice-object icmp echo-replyservice-object icmp unreachableservice-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq ftpservice-object tcp destination eq sshgroup-object TCP1080group-object TCP8080group-object RDPobject-group service NTPdescription NTP Protocolsservice-object tcp destination eq 123service-object udp destination eq ntpobject-group service CSM_INLINE_svc_rule_77309414073description Generated by CS-Manager from service of FirewallRule# 16 (ASA-DC-1-vdc1_v1/mandatory)group-object DNS-Resolvinggroup-object NTPobject-group service CSM_INLINE_svc_rule_77309414077description Generated by CS-Manager from service of FirewallRule# 18 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsgroup-object LDAP-GCgroup-object LDAP-GC-SSLgroup-object LDAP-UDPobject-group service CSM_INLINE_svc_rule_77309411655description Generated by CS-Manager from service of FirewallRule# 21 (ASA-DC-1-vdc1_v1/mandatory)service-object udp destination eq snmptrapservice-object udp destination eq snmpservice-object udp destination eq syslogobject-group service CSM_INLINE_svc_rule_77309411657description Generated by CS-Manager from service of FirewallRule# 22 (ASA-DC-1-vdc1_v1/mandatory)service-object udp destination eq domainservice-object tcp destination eq ldapservice-object tcp destination eq ldapsobject-group service CSM_INLINE_svc_rule_77309411663description Generated by CS-Manager from service of FirewallRule# 25 (ASA-DC-1-vdc1_v1/mandatory)service-object udp destination eq 1812service-object udp destination eq 1813object-group service CSM_INLINE_svc_rule_77309411665description Generated by CS-Manager from service of FirewallRule# 26 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq wwwgroup-object HTTPS-8443object-group service ESX-SLPdescription CIM Service Location Protocol (SLP) for VMware systemsservice-object udp destination eq 427service-object tcp destination eq 427object-group service CSM_INLINE_svc_rule_77309411667description Generated by CS-Manager from service of FirewallRule# 27 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq wwwservice-object tcp destination eq sshgroup-object vCenter-to-ESX4group-object ESX-SLPobject-group service Cisco-Mobilitydescription Mobility ports for Wirelessservice-object udp destination eq 16666service-object udp destination eq 16667object-group service CSM_INLINE_svc_rule_77309411671description Generated by CS-Manager from service of FirewallRule# 29 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq httpsservice-object udp destination eq isakmpgroup-object Cisco-Mobilitygroup-object IP-Protocol-97group-object LWAPPgroup-object CAPWAPobject-group service CSM_INLINE_svc_rule_77309411673description Generated by CS-Manager from service of FirewallRule# 30 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp-udp destination eq sipservice-object tcp destination eq 2000object-group service CSM_INLINE_svc_rule_77309411675description Generated by CS-Manager from service of FirewallRule# 31 (ASA-DC-1-vdc1_v1/mandatory)group-object CISCO-WAASgroup-object HTTPS-8443group-object Microsoft-DS-SMBgroup-object Netbiosobject-group service CSM_INLINE_svc_rule_77309411677description Generated by CS-Manager from service of FirewallRule# 32 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsservice-object udp destination eq 88service-object udp destination eq ntpservice-object udp destination eq netbios-dgmgroup-object RPCgroup-object LDAP-GCgroup-object LDAP-GC-SSLgroup-object DNS-Resolvinggroup-object Kerberos-TCPgroup-object Microsoft-DS-SMBgroup-object LDAP-UDPgroup-object RPC-HighPortsobject-group service CSM_INLINE_svc_rule_77309411679description Generated by CS-Manager from service of FirewallRule# 33 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq wwwservice-object tcp destination eq httpsobject-group service CSM_INLINE_svc_rule_77309411681description Generated by CS-Manager from service of FirewallRule# 34 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq smtpservice-object tcp destination eq pop3service-object tcp destination eq imap4object-group service CSM_INLINE_svc_rule_77309414166description Generated by CS-Manager from service of FirewallRule# 40 (ASA-DC-1-vdc1_v1/mandatory)service-object tcp destination eq smtpgroup-object DNS-Resolvingobject-group service CSM_INLINE_svc_rule_77309414172description Generated by CS-Manager from service of FirewallRule# 43 (ASA-DC-1-vdc1_v1/mandatory)service-object udp destination eq 1812service-object udp destination eq 1813object-group service CSM_INLINE_svc_rule_77309414176description Generated by CS-Manager from service of FirewallRule# 45 (ASA-DC-1-vdc1_v1/mandatory)service-object icmpservice-object tcp destination eq sshservice-object tcp destination eq telnetservice-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq 8880service-object tcp destination eq 8444service-object tcp destination eq 5900service-object tcp destination eq 5800group-object RDPgroup-object TCP1080group-object TCP8080group-object TFTPgroup-object HTTPS-8443group-object vCenter-to-ESX4access-list CSM_FW_ACL_north extended permit ospf 192.168.162.0 255.255.255.0 192.168.162.0 255.255.255.0access-list CSM_FW_ACL_north extended permit tcp object-group Stores-ALL object-group EMC-NCM eq sshaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411655 object-group Stores-ALL object-group RSA-enVisionaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411657 object-group Stores-ALL object-group ActiveDirectory.cisco-irn.comaccess-list CSM_FW_ACL_north extended permit tcp object-group Stores-ALL object-group TACACS eq tacacsaccess-list CSM_FW_ACL_north extended permit udp object-group Stores-ALL object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411663 object-group Stores-ALL object-group CSM_INLINE_dst_rule_77309411663access-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411665 object-group Stores-ALL object-group CSM_INLINE_dst_rule_77309411665access-list CSM_FW_ACL_north remark VMWare ESX to Data Centeraccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411667 object-group Stores-ALL object-group vSphere-1access-list CSM_FW_ACL_north remark Physical security systemsaccess-list CSM_FW_ACL_north extended permit tcp object-group Stores-ALL object-group CSM_INLINE_dst_rule_77309411669 eq httpsaccess-list CSM_FW_ACL_north remark Wireless control systemsaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411671 object-group Stores-ALL object-group CSM_INLINE_dst_rule_77309411671access-list CSM_FW_ACL_north remark Voice callsaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411673 object-group Stores-ALL object-group DC-ALLaccess-list CSM_FW_ACL_north remark WAAS systemsaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411675 object-group Stores-ALL object-group DC-WAASaccess-list CSM_FW_ACL_north remark Allow Active Directory Domainaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411677 object-group Stores-ALL object-group ActiveDirectory.cisco-irn.comaccess-list CSM_FW_ACL_north remark Allow Windows Updatesaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411679 object-group Stores-ALL object-group MS-Updateaccess-list CSM_FW_ACL_north remark Allow Mailaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309411681 object-group Stores-ALL object-group MSExchangeaccess-list CSM_FW_ACL_north remark Allow Applicationsaccess-list CSM_FW_ACL_north extended permit tcp object-group CSM_INLINE_src_rule_77309411683 object-group CSM_INLINE_dst_rule_77309411683 eq httpsaccess-list CSM_FW_ACL_north extended permit udp object-group CSM_INLINE_src_rule_77309414158 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_north remark - RIE-2access-list CSM_FW_ACL_north extended permit udp object-group CSM_INLINE_src_rule_77309414160 object-group RSA-enVision eq syslogaccess-list CSM_FW_ACL_north extended permit tcp object-group CSM_INLINE_src_rule_77309414162 object-group TACACS eq tacacsaccess-list CSM_FW_ACL_north extended permit udp 192.168.21.0 255.255.255.0 object-group ActiveDirectory.cisco-irn.com eq domainaccess-list CSM_FW_ACL_north remark Ironport traffic in from DNZaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309414166 host 192.168.23.68 anyaccess-list CSM_FW_ACL_north extended permit udp host 192.168.23.68 object-group RSA-enVision eq syslogaccess-list CSM_FW_ACL_north extended permit udp host 192.168.23.68 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_north extended permit object-group CSM_INLINE_svc_rule_77309414172 host 192.168.23.68 object-group TACACSaccess-list CSM_FW_ACL_north remark Drop all other trafficaccess-list CSM_FW_ACL_north extended deny ip any any logaccess-list CSM_FW_ACL_south extended permit ospf 192.168.162.0 255.255.255.0 192.168.162.0 255.255.255.0access-list CSM_FW_ACL_south extended permit ip object-group CSM_INLINE_src_rule_77309411633 object-group CSM_INLINE_dst_rule_77309411633access-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411635 object-group Admin-Systems object-group CSM_INLINE_dst_rule_77309411635access-list CSM_FW_ACL_south remark Allow services for Ironport appsaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414079 object-group CSM_INLINE_src_rule_77309414079 192.168.23.64 255.255.255.224access-list CSM_FW_ACL_south remark Allow traffic to DMZaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414081 object-group CSM_INLINE_src_rule_77309414081 host 192.168.20.30access-list CSM_FW_ACL_south remark Drop unauthorized traffic to DMZaccess-list CSM_FW_ACL_south extended deny ip any 192.168.20.0 255.255.252.0 logaccess-list CSM_FW_ACL_south remark Allow Active Directory Domainaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411637 object-group ActiveDirectory.cisco-irn.com object-group Stores-ALLaccess-list CSM_FW_ACL_south remark VMWare - ESX systemsaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411639 object-group vSphere-1 object-group Stores-ALLaccess-list CSM_FW_ACL_south remark Wireless Management to Storesaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411641 object-group CSM_INLINE_src_rule_77309411641 object-group Stores-ALLaccess-list CSM_FW_ACL_south remark Physical security systemsaccess-list CSM_FW_ACL_south extended permit tcp object-group CSM_INLINE_src_rule_77309411643 object-group Stores-ALL eq httpsaccess-list CSM_FW_ACL_south remark Allow Management of store systemsaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411645 object-group DC-ALL object-group Stores-ALLaccess-list CSM_FW_ACL_south remark WAAS systemsaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411647 object-group DC-WAAS object-group Stores-ALLaccess-list CSM_FW_ACL_south remark Voice callsaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309411649 object-group DC-ALL object-group Stores-ALLaccess-list CSM_FW_ACL_south extended deny ip any object-group Stores-ALLaccess-list CSM_FW_ACL_south remark Allow outbound services for Internetaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414071 object-group CSM_INLINE_src_rule_77309414071 anyaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414073 object-group ActiveDirectory.cisco-irn.com anyaccess-list CSM_FW_ACL_south extended permit udp object-group NTP-Servers any eq ntpaccess-list CSM_FW_ACL_south remark Allow LDAP out LAB testaccess-list CSM_FW_ACL_south extended permit object-group CSM_INLINE_svc_rule_77309414077 object-group PAME-DC-1 any logaccess-list CSM_FW_ACL_south remark Drop and Log all other trafficaccess-list CSM_FW_ACL_south extended deny ip any any logpager lines 24logging host south 192.168.42.124mtu north 1500mtu south 1500icmp unreachable rate-limit 1 burst-size 1icmp permit any northicmp permit any southasdm history enablearp timeout 14400access-group CSM_FW_ACL_north in interface northaccess-group CSM_FW_ACL_south in interface southroute north 0.0.0.0 0.0.0.0 192.168.162.1 1route south 192.168.38.0 255.255.255.0 192.168.162.7 1route south 192.168.39.0 255.255.255.0 192.168.162.7 1route south 192.168.40.0 255.255.255.0 192.168.162.7 1route south 192.168.41.0 255.255.255.0 192.168.162.7 1route south 192.168.42.0 255.255.255.0 192.168.162.7 1route south 192.168.43.0 255.255.255.0 192.168.162.7 1route south 192.168.44.0 255.255.255.0 192.168.162.7 1route south 192.168.45.0 255.255.255.0 192.168.162.7 1route south 192.168.46.0 255.255.255.0 192.168.162.7 1route south 192.168.52.0 255.255.255.0 192.168.162.7 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00aaa-server RETAIL protocol tacacs+aaa-server RETAIL (south) host 192.168.42.131key *****aaa authentication ssh console RETAIL LOCALaaa authentication enable console RETAIL LOCALaaa authentication http console RETAIL LOCALaaa accounting ssh console RETAILaaa accounting enable console RETAILaaa accounting command privilege 15 RETAILaaa authentication secure-http-clientaaa local authentication attempts max-fail 6aaa authorization exec authentication-serverhttp server enablehttp server idle-timeout 15http server session-timeout 60http 10.19.151.99 255.255.255.255 northhttp 192.168.41.101 255.255.255.255 southhttp 192.168.41.102 255.255.255.255 southhttp 192.168.42.122 255.255.255.255 southhttp 192.168.42.124 255.255.255.255 southhttp 192.168.42.133 255.255.255.255 southhttp 192.168.42.138 255.255.255.255 southno snmp-server locationno snmp-server contacttelnet timeout 5ssh 10.19.151.99 255.255.255.255 northssh 192.168.41.101 255.255.255.255 southssh 192.168.41.102 255.255.255.255 southssh 192.168.42.122 255.255.255.255 southssh 192.168.42.124 255.255.255.255 southssh 192.168.42.133 255.255.255.255 southssh 192.168.42.138 255.255.255.255 southssh timeout 15ssh version 2no threat-detection statistics tcp-interceptusername csmadmin password <removed> encrypted privilege 15username retail password <removed> encrypted privilege 15username bmcgloth password <removed> encrypted privilege 15!class-map inspection_defaultmatch default-inspection-traffic!!policy-map type inspect dns preset_dns_mapparametersmessage-length maximum client automessage-length maximum 512policy-map global_policyclass inspection_defaultinspect dns preset_dns_mapinspect ftpinspect h323 h225inspect h323 rasinspect ip-optionsinspect netbiosinspect rshinspect rtspinspect skinnyinspect esmtpinspect sqlnetinspect sunrpcinspect tftpinspect sipinspect xdmcp!service-policy global_policy globalCryptochecksum:70afa3a2a3007db41f3f336aca5cf51d: endasdm history enableASA-IE-1
: Saved: Written by retail at 20:28:46.793 PDT Fri Apr 29 2011!ASA Version 8.4(1)!hostname ASA-IE-1domain-name cisco-irn.comenable password <removed> encryptedpasswd <removed> encryptednamesdns-guard!interface GigabitEthernet0/0nameif outsidesecurity-level 0ip address 192.168.21.1 255.255.255.0 standby 192.168.21.2!interface GigabitEthernet0/1nameif insidesecurity-level 100ip address 192.168.11.60 255.255.255.0 standby 192.168.11.62!interface GigabitEthernet0/2shutdownno nameifno security-levelno ip address!interface GigabitEthernet0/3description LAN/STATE Failover Interface!interface Management0/0no nameifno security-levelno ip addressmanagement-only!boot system disk0:/asa841-k8.binftp mode passiveclock timezone PST -8clock summer-time PDT recurringdns domain-lookup outsidedns domain-lookup insidedns server-group DefaultDNSname-server 192.168.42.130domain-name cisco-irn.comsame-security-traffic permit inter-interfaceobject network AdminStationhost 192.168.41.101object network AdminStation2host 192.168.41.102object network EMC-NCMhost 192.168.42.122description EMC Network Configuration Managerobject network CSManagerhost 192.168.42.133description Cisco Security Managerobject network RSA-enVisionhost 192.168.42.124description RSA EnVision Syslog collector and SIMobject network AdminStation3host 192.168.42.138object network AdminStation4-barthost 10.19.151.99object network DC-ALLsubnet 192.168.0.0 255.255.0.0description All of the Data Centerobject network Stores-ALLsubnet 10.10.0.0 255.255.0.0description all store networksobject network ActiveDirectory.cisco-irn.comhost 192.168.42.130object network PAME-DC-1host 192.168.44.111object network TACACShost 192.168.42.131description Csico Secure ACS server for TACACS and Radiusobject service TCP1080service tcp destination eq 1080object service TCP8080service tcp destination eq 8080object service RDPservice tcp destination eq 3389description Windows Remote Desktopobject service LDAP-GCservice tcp destination eq 3268object service LDAP-GC-SSLservice tcp destination eq 3269object service LDAP-UDPservice udp destination eq 389object-group network CSM_INLINE_src_rule_77309412132description Generated by CS-Manager from src of FirewallRule# 3 (ASA-IE-1_v1/mandatory)network-object object EMC-NCMnetwork-object object AdminStationnetwork-object object CSManagernetwork-object object AdminStation2network-object object RSA-enVisionnetwork-object object AdminStation3network-object object AdminStation4-bartobject-group network CSM_INLINE_src_rule_77309412156description Generated by CS-Manager from src of FirewallRule# 4 (ASA-IE-1_v1/mandatory)network-object object DC-ALLnetwork-object object Stores-ALLobject-group network CSM_INLINE_src_rule_77309412168description Generated by CS-Manager from src of FirewallRule# 5 (ASA-IE-1_v1/mandatory)network-object object DC-ALLnetwork-object object Stores-ALLobject-group network CSM_INLINE_src_rule_77309412178description Generated by CS-Manager from src of FirewallRule# 7 (ASA-IE-1_v1/mandatory)network-object object DC-ALLnetwork-object object Stores-ALLobject-group network NTP-Serversdescription NTP Serversnetwork-object 192.168.62.161 255.255.255.255network-object 162.168.62.162 255.255.255.255object-group network CSM_INLINE_src_rule_77309412254description Generated by CS-Manager from src of FirewallRule# 15 (ASA-IE-1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255network-object 192.168.21.0 255.255.255.0object-group network CSM_INLINE_src_rule_77309412258description Generated by CS-Manager from src of FirewallRule# 16 (ASA-IE-1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255network-object 192.168.21.0 255.255.255.0object-group network CSM_INLINE_src_rule_77309412260description Generated by CS-Manager from src of FirewallRule# 17 (ASA-IE-1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255network-object 192.168.21.0 255.255.255.0object-group service CSM_INLINE_svc_rule_77309412132description Generated by CS-Manager from service of FirewallRule# 3 (ASA-IE-1_v1/mandatory)service-object tcp destination eq sshservice-object tcp destination eq httpsobject-group service CSM_INLINE_svc_rule_77309412156description Generated by CS-Manager from service of FirewallRule# 4 (ASA-IE-1_v1/mandatory)service-object tcp destination eq smtpservice-object tcp destination eq httpsservice-object tcp destination eq sshobject-group service CSM_INLINE_svc_rule_77309412168description Generated by CS-Manager from service of FirewallRule# 5 (ASA-IE-1_v1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq sshobject-group service CSM_INLINE_svc_rule_77309412178description Generated by CS-Manager from service of FirewallRule# 7 (ASA-IE-1_v1/mandatory)service-object icmp echoservice-object icmp echo-replyservice-object icmp unreachableservice-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq ftpservice-object tcp destination eq sshservice-object object TCP1080service-object object TCP8080service-object object RDPobject-group service DNS-Resolvingdescription Domain Name Serverservice-object tcp destination eq domainservice-object udp destination eq domainobject-group service NTPdescription NTP Protocolsservice-object tcp destination eq 123service-object udp destination eq ntpobject-group service CSM_INLINE_svc_rule_77309412202description Generated by CS-Manager from service of FirewallRule# 8 (ASA-IE-1_v1/mandatory)group-object DNS-Resolvinggroup-object NTPobject-group service CSM_INLINE_svc_rule_77309412216description Generated by CS-Manager from service of FirewallRule# 10 (ASA-IE-1_v1/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsservice-object object LDAP-GCservice-object object LDAP-GC-SSLservice-object object LDAP-UDPobject-group service TFTPdescription Trivial File Transferservice-object tcp destination eq 69service-object udp destination eq tftpobject-group service HTTPS-8443service-object tcp destination eq 8443object-group service vCenter-to-ESX4description Communication from vCetner to ESX hostsservice-object tcp destination eq 5989service-object tcp destination eq 8000service-object tcp destination eq 902service-object tcp destination eq 903object-group service CSM_INLINE_svc_rule_77309412222description Generated by CS-Manager from service of FirewallRule# 13 (ASA-IE-1_v1/mandatory)service-object icmpservice-object tcp destination eq sshservice-object tcp destination eq telnetservice-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq 8880service-object tcp destination eq 8444service-object tcp destination eq 5900service-object tcp destination eq 5800service-object object RDPservice-object object TCP1080service-object object TCP8080group-object TFTPgroup-object HTTPS-8443group-object vCenter-to-ESX4object-group service CSM_INLINE_svc_rule_77309412276description Generated by CS-Manager from service of FirewallRule# 19 (ASA-IE-1_v1/mandatory)service-object tcp destination eq smtpgroup-object DNS-Resolvingobject-group service CSM_INLINE_svc_rule_77309412288description Generated by CS-Manager from service of FirewallRule# 22 (ASA-IE-1_v1/mandatory)service-object udp destination eq 1812service-object udp destination eq 1813access-list all extended permit ip any anyaccess-list INSIDE extended permit ip object AdminStation anyaccess-list INSIDE extended permit ip object AdminStation2 anyaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_77309412132 object-group CSM_INLINE_src_rule_77309412132 192.168.20.0 255.255.252.0access-list INSIDE remark Allow services for Ironport appsaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_77309412156 object-group CSM_INLINE_src_rule_77309412156 192.168.23.64 255.255.255.224access-list INSIDE remark Allow traffic to DMZaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_77309412168 object-group CSM_INLINE_src_rule_77309412168 host 192.168.20.30access-list INSIDE remark Drop unauthorized traffic to DMZaccess-list INSIDE extended deny ip any 192.168.20.0 255.255.255.0 logaccess-list INSIDE remark Allow outbound services for Internetaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_77309412178 object-group CSM_INLINE_src_rule_77309412178 anyaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_77309412202 object ActiveDirectory.cisco-irn.com anyaccess-list INSIDE extended permit udp object-group NTP-Servers any eq ntpaccess-list INSIDE remark Allow LDAP out LAB testaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_77309412216 object PAME-DC-1 any logaccess-list INSIDE remark Drop and Log all other trafficaccess-list INSIDE extended deny ip any any logaccess-list OUTSIDE remark Allow SSL VPNaccess-list OUTSIDE extended permit tcp any host 192.168.21.1 eq https logaccess-list OUTSIDE extended permit udp object-group CSM_INLINE_src_rule_77309412254 object-group NTP-Servers eq ntpaccess-list OUTSIDE remark - RIE-2access-list OUTSIDE extended permit udp object-group CSM_INLINE_src_rule_77309412258 object RSA-enVision eq syslogaccess-list OUTSIDE extended permit tcp object-group CSM_INLINE_src_rule_77309412260 object TACACS eq tacacsaccess-list OUTSIDE extended permit udp 192.168.21.0 255.255.255.0 object ActiveDirectory.cisco-irn.com eq domainaccess-list OUTSIDE remark Ironport traffic in from DNZaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_77309412276 host 192.168.23.68 anyaccess-list OUTSIDE extended permit udp host 192.168.23.68 object RSA-enVision eq syslogaccess-list OUTSIDE extended permit udp host 192.168.23.68 object-group NTP-Servers eq ntpaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_77309412288 host 192.168.23.68 object TACACSaccess-list OUTSIDE remark Drop all other trafficaccess-list OUTSIDE extended deny ip any any logaccess-list all-web webtype permit url any log defaultpager lines 24logging asdm informationallogging host inside 192.168.42.124mtu outside 1500mtu inside 1500failoverfailover lan unit primaryfailover lan interface folink GigabitEthernet0/3failover link folink GigabitEthernet0/3failover interface ip folink 192.168.12.31 255.255.255.0 standby 192.168.12.32icmp unreachable rate-limit 1 burst-size 1icmp permit any outsideicmp permit any insideasdm image disk0:/asdm-641.binasdm history enablearp timeout 14400access-group OUTSIDE in interface outsideaccess-group INSIDE in interface insideroute outside 0.0.0.0 0.0.0.0 192.168.21.10 1route inside 10.10.0.0 255.255.0.0 192.168.11.1 1route outside 10.10.0.0 255.255.255.0 192.168.21.10 1route inside 192.168.0.0 255.255.0.0 192.168.11.10 1route outside 192.168.20.0 255.255.255.0 192.168.21.10 1route outside 192.168.22.0 255.255.255.0 192.168.21.10 1route outside 192.168.23.0 255.255.255.0 192.168.21.10 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record DfltAccessPolicynetwork-acl allwebvpnappl-acl all-weburl-list value page1file-browsing enablefile-entry enablehttp-proxy enableurl-entry enablesvc ask enable default webvpnaaa-server partnerauth protocol radiusaaa-server partnerauth (inside) host 192.168.42.137timeout 5key *****radius-common-pw *****aaa-server RETAIL protocol tacacs+aaa-server RETAIL (inside) host 192.168.42.131key *****aaa authentication ssh console RETAIL LOCALaaa authentication enable console RETAIL LOCALaaa authentication http console RETAIL LOCALaaa accounting ssh console RETAILaaa accounting enable console RETAILaaa accounting command privilege 15 RETAILaaa authentication secure-http-clientaaa local authentication attempts max-fail 6aaa authorization exec authentication-serverhttp server enablehttp server idle-timeout 15http server session-timeout 60http 10.19.151.99 255.255.255.255 insidehttp 192.168.41.101 255.255.255.255 insidehttp 192.168.41.102 255.255.255.255 insidehttp 192.168.42.122 255.255.255.255 insidehttp 192.168.42.124 255.255.255.255 insidehttp 192.168.42.133 255.255.255.255 insidehttp 192.168.42.138 255.255.255.255 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartno snmp-server enabletelnet timeout 5ssh 10.19.151.99 255.255.255.255 insidessh 192.168.41.101 255.255.255.255 insidessh 192.168.41.102 255.255.255.255 insidessh 192.168.42.122 255.255.255.255 insidessh 192.168.42.124 255.255.255.255 insidessh 192.168.42.133 255.255.255.255 insidessh 192.168.42.138 255.255.255.255 insidessh timeout 15ssh version 2console timeout 15threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptntp server 192.168.62.162 source insidentp server 192.168.62.161 source inside preferwebvpnenable outsideinternal-password enablesmart-tunnel list AllExternalApplications All-Applications * platform windowsgroup-policy DfltGrpPolicy attributeswebvpnurl-list value page1smart-tunnel enable AllExternalApplicationsgroup-policy Retail-PCI internalgroup-policy Retail-PCI attributesvpn-tunnel-protocol ssl-clientlessusername csmadmin password <removed> encrypted privilege 15username retail password <removed> encrypted privilege 15username bmcgloth password <removed> encrypted privilege 15tunnel-group DefaultRAGroup general-attributesauthentication-server-group partnerauthtunnel-group DefaultWEBVPNGroup general-attributesauthentication-server-group partnerauthtunnel-group Retail-Lab type remote-accesstunnel-group Retail-Lab general-attributesauthentication-server-group partnerauth LOCALdefault-group-policy Retail-PCI!class-map inspection_defaultmatch default-inspection-traffic!!policy-map type inspect dns migrated_dns_map_1parametersmessage-length maximum client automessage-length maximum 512policy-map global_policyclass inspection_defaultinspect dns migrated_dns_map_1inspect ftpinspect h323 h225inspect h323 rasinspect netbiosinspect rshinspect rtspinspect skinnyinspect esmtpinspect sqlnetinspect sunrpcinspect tftpinspect sipinspect xdmcpinspect ip-options!service-policy global_policy globalprompt hostname contextcall-homeprofile CiscoTAC-1no activedestination address http https://tools.cisco.com/its/service/oddce/services/DDCEServicedestination address email callhome@cisco.comdestination transport-method httpsubscribe-to-alert-group diagnosticsubscribe-to-alert-group environmentsubscribe-to-alert-group inventory periodic monthlysubscribe-to-alert-group configuration periodic monthlysubscribe-to-alert-group telemetry periodic dailypassword encryption aesCryptochecksum:7523e3d4b6eac19b34c670de405c3e45: endASA-WAN-1
: Saved: Written by retail at 18:21:22.920 PDT Fri Apr 29 2011!ASA Version 8.4(1)!firewall transparenthostname ASA-WAN-1domain-name cisco-irn.comenable password <removed> encryptedpasswd <removed> encryptednames!interface GigabitEthernet0/0nameif outsidebridge-group 1security-level 0!interface GigabitEthernet0/1nameif insidebridge-group 1security-level 100!interface GigabitEthernet0/2shutdownno nameifno security-level!interface GigabitEthernet0/3description LAN/STATE Failover Interface!interface Management0/0shutdownno nameifno security-levelmanagement-only!interface BVI1ip address 192.168.11.20 255.255.255.0 standby 192.168.11.21!ftp mode passiveclock timezone PST -8clock summer-time PDT recurringdns server-group DefaultDNSdomain-name cisco-irn.comobject network AdminStationhost 192.168.41.101object network AdminStation2host 192.168.41.102object network AdminStation4-barthost 10.19.151.99object network EMC-NCMhost 192.168.42.122description EMC Network Configuration Managerobject network CSManagerhost 192.168.42.133description Cisco Security Managerobject network AdminStation3host 192.168.42.138object network ActiveDirectory.cisco-irn.comhost 192.168.42.130object network Stores-ALLsubnet 10.10.0.0 255.255.0.0description all store networksobject network vSphere-1host 192.168.41.102description vSphere server for Labobject network WCSManagerhost 192.168.43.135description Wireless Managerobject network PAME-DC-1host 192.168.44.111object network MSP-DC-1host 192.168.44.121description Data Center VSOMobject network DC-ALLsubnet 192.168.0.0 255.255.0.0description All of the Data Centerobject network RSA-enVisionhost 192.168.42.124description RSA EnVision Syslog collector and SIMobject network TACACShost 192.168.42.131description Csico Secure ACS server for TACACS and Radiusobject network RSA-AMhost 192.168.42.137description RSA Authentication Manager for SecureIDobject network NAC-2host 192.168.42.112object network NAC-1host 192.168.42.111description ISE server for NACobject network MS-Updatehost 192.168.42.150description Windows Update Serverobject network MSExchangehost 192.168.42.140description Mail Serverobject network DC-POSsubnet 192.168.52.0 255.255.255.0description POS in the Data Centerobject service RPCservice tcp destination eq 135object service LDAP-GCservice tcp destination eq 3268object service LDAP-GC-SSLservice tcp destination eq 3269object service Kerberos-TCPservice tcp destination eq 88object service Microsoft-DS-SMBservice tcp destination eq 445description Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharingobject service LDAP-UDPservice udp destination eq 389object service RPC-HighPortsservice tcp destination range 1024 65535object service IP-Protocol-97service 97description IP protocol 97object service TCP1080service tcp destination eq 1080object service TCP8080service tcp destination eq 8080object service RDPservice tcp destination eq 3389description Windows Remote Desktopobject-group network CSM_INLINE_src_rule_73014456577description Generated by CS-Manager from src of FirewallRule# 1 (ASA-WAN_1/mandatory)network-object object AdminStationnetwork-object object AdminStation2network-object object AdminStation4-bartobject-group network STORE-POSnetwork-object 10.10.0.0 255.255.0.0object-group network Admin-Systemsnetwork-object object EMC-NCMnetwork-object object AdminStationnetwork-object object AdminStation2network-object object CSManagernetwork-object object AdminStation3network-object object AdminStation4-bartobject-group network DC-Wifi-Controllersdescription Central Wireless Controllers for storesnetwork-object 192.168.43.21 255.255.255.255network-object 192.168.43.22 255.255.255.255object-group network DC-Wifi-MSEdescription Mobility Service Enginesnetwork-object 192.168.43.31 255.255.255.255network-object 192.168.43.32 255.255.255.255object-group network CSM_INLINE_src_rule_73014456585description Generated by CS-Manager from src of FirewallRule# 5 (ASA-WAN_1/mandatory)network-object object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSEobject-group network CSM_INLINE_src_rule_73014456587description Generated by CS-Manager from src of FirewallRule# 6 (ASA-WAN_1/mandatory)network-object object PAME-DC-1network-object object MSP-DC-1object-group network DC-WAASdescription WAE Appliances in Data Centernetwork-object 192.168.48.10 255.255.255.255network-object 192.168.49.10 255.255.255.255network-object 192.168.47.11 255.255.255.255network-object 192.168.47.12 255.255.255.255object-group network NTP-Serversdescription NTP Serversnetwork-object 192.168.62.161 255.255.255.255network-object 162.168.62.162 255.255.255.255object-group network CSM_INLINE_dst_rule_73014456607description Generated by CS-Manager from dst of FirewallRule# 16 (ASA-WAN_1/mandatory)network-object object TACACSnetwork-object object RSA-AMnetwork-object object NAC-2network-object object NAC-1object-group network CSM_INLINE_dst_rule_73014456609description Generated by CS-Manager from dst of FirewallRule# 17 (ASA-WAN_1/mandatory)network-object object NAC-2network-object object NAC-1object-group network CSM_INLINE_dst_rule_73014456613description Generated by CS-Manager from dst of FirewallRule# 19 (ASA-WAN_1/mandatory)network-object object PAME-DC-1network-object object MSP-DC-1object-group network CSM_INLINE_dst_rule_73014456615description Generated by CS-Manager from dst of FirewallRule# 20 (ASA-WAN_1/mandatory)group-object DC-Wifi-Controllersgroup-object DC-Wifi-MSEobject-group network DC-POS-Tomaxdescription Tomax POS Communication from Store to Data Centernetwork-object 192.168.52.96 255.255.255.224object-group network DC-POS-SAPdescription SAP POS Communication from Store to Data Centernetwork-object 192.168.52.144 255.255.255.240object-group network DC-POS-Oracledescription Oracle POS Communication from Store to Data Centernetwork-object 192.168.52.128 255.255.255.240object-group network CSM_INLINE_dst_rule_73014456627description Generated by CS-Manager from dst of FirewallRule# 26 (ASA-WAN_1/mandatory)group-object DC-POS-Tomaxnetwork-object object DC-POSgroup-object DC-POS-SAPgroup-object DC-POS-Oracleobject-group service HTTPS-8443service-object tcp destination eq 8443object-group service CSM_INLINE_svc_rule_73014456579description Generated by CS-Manager from service of FirewallRule# 2 (ASA-WAN_1/mandatory)service-object tcp destination eq sshservice-object tcp destination eq httpsgroup-object HTTPS-8443object-group service DNS-Resolvingdescription Domain Name Serverservice-object tcp destination eq domainservice-object udp destination eq domainobject-group service CSM_INLINE_svc_rule_73014456581description Generated by CS-Manager from service of FirewallRule# 3 (ASA-WAN_1/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsservice-object udp destination eq 88service-object udp destination eq ntpservice-object udp destination eq netbios-dgmservice-object object RPCservice-object object LDAP-GCservice-object object LDAP-GC-SSLservice-object object Kerberos-TCPservice-object object Microsoft-DS-SMBservice-object object LDAP-UDPservice-object object RPC-HighPortsgroup-object DNS-Resolvingobject-group service vCenter-to-ESX4description Communication from vCetner to ESX hostsservice-object tcp destination eq 5989service-object tcp destination eq 8000service-object tcp destination eq 902service-object tcp destination eq 903object-group service CSM_INLINE_svc_rule_73014456583description Generated by CS-Manager from service of FirewallRule# 4 (ASA-WAN_1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq sshgroup-object vCenter-to-ESX4object-group service TFTPdescription Trivial File Transferservice-object tcp destination eq 69service-object udp destination eq tftpobject-group service LWAPPdescription LWAPP UDP ports 12222 and 12223service-object udp destination eq 12222service-object udp destination eq 12223object-group service CAPWAPdescription CAPWAP UDP ports 5246 and 5247service-object udp destination eq 5246service-object udp destination eq 5247object-group service CSM_INLINE_svc_rule_73014456585description Generated by CS-Manager from service of FirewallRule# 5 (ASA-WAN_1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq wwwservice-object udp destination eq isakmpservice-object tcp destination eq telnetservice-object tcp destination eq sshservice-object object IP-Protocol-97group-object TFTPgroup-object LWAPPgroup-object CAPWAPobject-group service CSM_INLINE_svc_rule_73014456589description Generated by CS-Manager from service of FirewallRule# 7 (ASA-WAN_1/mandatory)service-object icmp echoservice-object icmp echo-replyservice-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq sshservice-object tcp destination eq ftpservice-object object TCP1080service-object object TCP8080service-object object RDPgroup-object HTTPS-8443object-group service CISCO-WAASdescription Ports for Cisco WAASservice-object tcp destination eq 4050object-group service Netbiosdescription Netbios Serversservice-object udp destination eq netbios-dgmservice-object udp destination eq netbios-nsservice-object tcp destination eq netbios-ssnobject-group service CSM_INLINE_svc_rule_73014456591description Generated by CS-Manager from service of FirewallRule# 8 (ASA-WAN_1/mandatory)service-object object Microsoft-DS-SMBgroup-object CISCO-WAASgroup-object HTTPS-8443group-object Netbiosobject-group service CSM_INLINE_svc_rule_73014456593description Generated by CS-Manager from service of FirewallRule# 9 (ASA-WAN_1/mandatory)service-object tcp-udp destination eq sipservice-object tcp destination eq 2000object-group service CSM_INLINE_svc_rule_73014456599description Generated by CS-Manager from service of FirewallRule# 12 (ASA-WAN_1/mandatory)service-object udp destination eq snmptrapservice-object udp destination eq snmpservice-object udp destination eq syslogobject-group service CSM_INLINE_svc_rule_73014456601description Generated by CS-Manager from service of FirewallRule# 13 (ASA-WAN_1/mandatory)service-object udp destination eq domainservice-object tcp destination eq ldapservice-object tcp destination eq ldapsobject-group service CSM_INLINE_svc_rule_73014456607description Generated by CS-Manager from service of FirewallRule# 16 (ASA-WAN_1/mandatory)service-object udp destination eq 1812service-object udp destination eq 1813object-group service CSM_INLINE_svc_rule_73014456609description Generated by CS-Manager from service of FirewallRule# 17 (ASA-WAN_1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq wwwgroup-object HTTPS-8443object-group service ESX-SLPdescription CIM Service Location Protocol (SLP) for VMware systemsservice-object udp destination eq 427service-object tcp destination eq 427object-group service CSM_INLINE_svc_rule_73014456611description Generated by CS-Manager from service of FirewallRule# 18 (ASA-WAN_1/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq wwwservice-object tcp destination eq sshgroup-object vCenter-to-ESX4group-object ESX-SLPobject-group service Cisco-Mobilitydescription Mobility ports for Wirelessservice-object udp destination eq 16666service-object udp destination eq 16667object-group service CSM_INLINE_svc_rule_73014456615description Generated by CS-Manager from service of FirewallRule# 20 (ASA-WAN_1/mandatory)service-object tcp destination eq httpsservice-object udp destination eq isakmpservice-object object IP-Protocol-97group-object Cisco-Mobilitygroup-object LWAPPgroup-object CAPWAPobject-group service CSM_INLINE_svc_rule_73014456617description Generated by CS-Manager from service of FirewallRule# 21 (ASA-WAN_1/mandatory)service-object tcp-udp destination eq sipservice-object tcp destination eq 2000object-group service CSM_INLINE_svc_rule_73014456619description Generated by CS-Manager from service of FirewallRule# 22 (ASA-WAN_1/mandatory)service-object object Microsoft-DS-SMBgroup-object CISCO-WAASgroup-object HTTPS-8443group-object Netbiosobject-group service CSM_INLINE_svc_rule_73014456621description Generated by CS-Manager from service of FirewallRule# 23 (ASA-WAN_1/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsservice-object udp destination eq 88service-object udp destination eq ntpservice-object udp destination eq netbios-dgmservice-object object RPCservice-object object LDAP-GCservice-object object LDAP-GC-SSLservice-object object Kerberos-TCPservice-object object Microsoft-DS-SMBservice-object object LDAP-UDPservice-object object RPC-HighPortsgroup-object DNS-Resolvingobject-group service CSM_INLINE_svc_rule_73014456623description Generated by CS-Manager from service of FirewallRule# 24 (ASA-WAN_1/mandatory)service-object tcp destination eq wwwservice-object tcp destination eq httpsobject-group service CSM_INLINE_svc_rule_73014456625description Generated by CS-Manager from service of FirewallRule# 25 (ASA-WAN_1/mandatory)service-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq smtpservice-object tcp destination eq pop3service-object tcp destination eq imap4object-group network DM_INLINE_NETWORK_1network-object 10.10.0.0 255.255.0.0network-object object Stores-ALLobject-group service DM_INLINE_SERVICE_1service-object tcp destination eq ftpservice-object tcp destination eq sshservice-object udp destination eq tftpaccess-list INSIDE extended permit ip object-group CSM_INLINE_src_rule_73014456577 object-group STORE-POSaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_73014456579 object-group Admin-Systems object-group STORE-POSaccess-list INSIDE remark Allow Active Directory Domainaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_73014456581 object ActiveDirectory.cisco-irn.com object Stores-ALLaccess-list INSIDE remark VMWare - ESX systemsaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_73014456583 object vSphere-1 object Stores-ALLaccess-list INSIDE remark Wireless Management to Storesaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_73014456585 object-group CSM_INLINE_src_rule_73014456585 object Stores-ALLaccess-list INSIDE remark Physical security systemsaccess-list INSIDE extended permit tcp object-group CSM_INLINE_src_rule_73014456587 object Stores-ALL eq httpsaccess-list INSIDE remark Allow Management of store systemsaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_73014456589 object DC-ALL object Stores-ALLaccess-list INSIDE remark WAAS systemsaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_73014456591 object-group DC-WAAS object Stores-ALLaccess-list INSIDE remark Voice callsaccess-list INSIDE extended permit object-group CSM_INLINE_svc_rule_73014456593 object DC-ALL object Stores-ALLaccess-list INSIDE remark Drop and Log all other trafficaccess-list INSIDE extended deny ip any any logaccess-list OUTSIDE extended permit tcp object Stores-ALL object EMC-NCM eq sshaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456599 object Stores-ALL object RSA-enVisionaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456601 object Stores-ALL object ActiveDirectory.cisco-irn.comaccess-list OUTSIDE extended permit tcp object Stores-ALL object TACACS eq tacacsaccess-list OUTSIDE extended permit udp object Stores-ALL object-group NTP-Servers eq ntpaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456607 object Stores-ALL object-group CSM_INLINE_dst_rule_73014456607access-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456609 object Stores-ALL object-group CSM_INLINE_dst_rule_73014456609access-list OUTSIDE remark VMWare ESX to Data Centeraccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456611 object Stores-ALL object vSphere-1access-list OUTSIDE remark Physical security systemsaccess-list OUTSIDE extended permit tcp object Stores-ALL object-group CSM_INLINE_dst_rule_73014456613 eq httpsaccess-list OUTSIDE remark Wireless control systemsaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456615 object Stores-ALL object-group CSM_INLINE_dst_rule_73014456615access-list OUTSIDE remark Voice callsaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456617 object Stores-ALL object DC-ALLaccess-list OUTSIDE remark WAAS systemsaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456619 object Stores-ALL object-group DC-WAASaccess-list OUTSIDE remark Allow Active Directory Domainaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456621 object Stores-ALL object ActiveDirectory.cisco-irn.comaccess-list OUTSIDE remark Allow Windows Updatesaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456623 object Stores-ALL object MS-Updateaccess-list OUTSIDE remark Allow Mailaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014456625 object Stores-ALL object MSExchangeaccess-list OUTSIDE remark Allow Applicationsaccess-list OUTSIDE extended permit tcp object Stores-ALL object-group CSM_INLINE_dst_rule_73014456627 eq httpsaccess-list OUTSIDE extended permit object-group DM_INLINE_SERVICE_1 object-group DM_INLINE_NETWORK_1 object AdminStation2 log disableaccess-list OUTSIDE remark Drop all other trafficaccess-list OUTSIDE extended deny ip any any logpager lines 24logging host inside 192.168.42.124mtu outside 1500mtu inside 1500failoverfailover lan unit primaryfailover lan interface folink GigabitEthernet0/3failover link folink GigabitEthernet0/3failover interface ip folink 192.168.12.20 255.255.255.0 standby 192.168.12.21icmp unreachable rate-limit 1 burst-size 1icmp permit any outsideicmp permit any insideasdm image disk0:/asdm-641.binasdm history enablearp timeout 14400access-group OUTSIDE in interface outsideaccess-group INSIDE in interface insideroute inside 0.0.0.0 0.0.0.0 192.168.11.60 1route outside 10.10.0.0 255.255.0.0 192.168.11.1 1route inside 10.10.0.0 255.255.255.0 192.168.11.60 1route outside 10.10.1.0 255.255.255.0 192.168.11.2 1route outside 10.10.2.0 255.255.255.0 192.168.11.3 1route inside 10.10.3.0 255.255.255.0 192.168.11.60 1route inside 10.10.4.0 255.255.255.0 192.168.11.60 1route outside 10.10.254.0 255.255.255.0 192.168.11.3 1route outside 10.10.255.0 255.255.255.0 192.168.11.2 1route inside 192.168.0.0 255.255.0.0 192.168.11.10 1route outside 192.168.1.111 255.255.255.255 192.168.11.2 1route outside 192.168.1.112 255.255.255.255 192.168.11.3 1route inside 192.168.20.0 255.255.252.0 192.168.11.60 1route inside 192.168.24.0 255.255.255.0 192.168.11.60 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record DfltAccessPolicyaaa-server RETAIL protocol tacacs+aaa-server RETAIL (inside) host 192.168.42.131key *****aaa authentication ssh console RETAIL LOCALaaa authentication enable console RETAIL LOCALaaa authentication http console RETAIL LOCALaaa accounting ssh console RETAILaaa accounting enable console RETAILaaa accounting command privilege 15 RETAILaaa authentication secure-http-clientaaa local authentication attempts max-fail 6aaa authorization exec authentication-serverhttp server enablehttp server idle-timeout 15http server session-timeout 60http 192.168.41.102 255.255.255.255 insidehttp 10.19.151.99 255.255.255.255 insidehttp 192.168.41.101 255.255.255.255 insidehttp 192.168.42.122 255.255.255.255 insidehttp 192.168.42.124 255.255.255.255 insidehttp 192.168.42.133 255.255.255.255 insidehttp 192.168.42.138 255.255.255.255 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartno snmp-server enabletelnet timeout 1ssh scopy enablessh 10.19.151.99 255.255.255.255 insidessh 192.168.41.101 255.255.255.255 insidessh 192.168.41.102 255.255.255.255 insidessh 192.168.42.122 255.255.255.255 insidessh 192.168.42.124 255.255.255.255 insidessh 192.168.42.133 255.255.255.255 insidessh 192.168.42.138 255.255.255.255 insidessh timeout 15ssh version 2console timeout 15threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptntp server 192.168.62.162 source insidentp server 192.168.62.161 source inside preferusername csmadmin password <removed> encrypted privilege 15username retail password <removed> encrypted privilege 15username bmcgloth password <removed> encrypted privilege 15!class-map inspection_defaultmatch default-inspection-trafficclass-map global-class-PCImatch any!!policy-map type inspect dns preset_dns_mapparametersmessage-length maximum client automessage-length maximum 512policy-map global_policydescription IPS inspection policy for Cisco PCI LABclass inspection_defaultinspect dns preset_dns_mapinspect ftpinspect h323 h225inspect h323 rasinspect rshinspect rtspinspect esmtpinspect sqlnetinspect skinnyinspect sunrpcinspect xdmcpinspect sipinspect netbiosinspect tftpinspect ip-optionsclass global-class-PCIips promiscuous fail-open!service-policy global_policy globalprompt hostname contextcall-homeprofile CiscoTAC-1no activedestination address http https://tools.cisco.com/its/service/oddce/services/DDCEServicedestination address email callhome@cisco.comdestination transport-method httpsubscribe-to-alert-group diagnosticsubscribe-to-alert-group environmentsubscribe-to-alert-group inventory periodic monthlysubscribe-to-alert-group configuration periodic monthlysubscribe-to-alert-group telemetry periodic dailypassword encryption aesCryptochecksum:6711019c0f0a6b2f849474306a18ba82: endASA-WAN-1_IDS
! ------------------------------! Current configuration last modified Thu Apr 28 23:24:09 2011! ------------------------------! Version 7.0(4)! Host:! Realm Keys key1.0! Signature Definition:! Signature Update S500.0 2010-07-09! ------------------------------service interfaceexit! ------------------------------service authenticationattemptLimit 6password-strengthsize 7-64digits-min 1lowercase-min 1other-min 1number-old-passwords 4exitexit! ------------------------------service event-action-rules rules0exit! ------------------------------service hostnetwork-settingshost-ip 192.168.11.23/24,192.168.11.10host-name ASA-WAN-1_IPStelnet-option disabledaccess-list 10.19.151.99/32access-list 192.168.41.101/32access-list 192.168.41.102/32access-list 192.168.42.122/32access-list 192.168.42.124/32access-list 192.168.42.133/32access-list 192.168.42.138/32dns-primary-server enabledaddress 192.168.42.130exitdns-secondary-server disableddns-tertiary-server disabledhttp-proxy proxy-serveraddress 128.107.241.169port 80exitexittime-zone-settingsoffset -8standard-time-zone-name PSTexitntp-option enabled-ntp-unauthenticatedntp-server 192.168.62.161exitsummertime-option recurringsummertime-zone-name PDTexitexit! ------------------------------service loggerexit! ------------------------------service network-accessexit! ------------------------------service notificationtrap-destinations 192.168.42.124trap-community-name <removed>exitenable-notifications truetrap-community-name <removed>exit! ------------------------------service signature-definition sig0exit! ------------------------------service ssh-known-hostsexit! ------------------------------service trusted-certificatesexit! ------------------------------service web-serverexit! ------------------------------service anomaly-detection ad0exit! ------------------------------service external-product-interfaceexit! ------------------------------service health-monitorexit! ------------------------------service global-correlationexit! ------------------------------service aaaaaa radiusprimary-serverserver-address 192.168.42.131shared-secret <removed>exitnas-id DMZ-IDS1local-fallback enabledconsole-authentication radius-and-localdefault-user-role administratorexitexit! ------------------------------service analysis-engineexitASA-WAN-2_IDS
! ------------------------------! Current configuration last modified Thu Apr 28 23:26:43 2011! ------------------------------! Version 7.0(4)! Host:! Realm Keys key1.0! Signature Definition:! Signature Update S500.0 2010-07-09! ------------------------------service interfaceexit! ------------------------------service authenticationattemptLimit 6password-strengthsize 7-64digits-min 1lowercase-min 1other-min 1number-old-passwords 4exitexit! ------------------------------service event-action-rules rules0exit! ------------------------------service hostnetwork-settingshost-ip 192.168.11.24/24,192.168.11.10host-name ASA-WAN-2_IPStelnet-option disabledaccess-list 10.19.151.99/32access-list 192.168.41.101/32access-list 192.168.41.102/32access-list 192.168.42.122/32access-list 192.168.42.124/32access-list 192.168.42.133/32access-list 192.168.42.138/32dns-primary-server enabledaddress 192.168.42.130exitdns-secondary-server disableddns-tertiary-server disabledhttp-proxy proxy-serveraddress 128.107.241.169port 80exitexittime-zone-settingsoffset -8standard-time-zone-name PSTexitntp-option enabled-ntp-unauthenticatedntp-server 192.168.62.161exitsummertime-option recurringsummertime-zone-name PDTexitexit! ------------------------------service loggerexit! ------------------------------service network-accessexit! ------------------------------service notificationtrap-destinations 192.168.42.124trap-community-name <removed>exitenable-notifications truetrap-community-name <removed>exit! ------------------------------service signature-definition sig0exit! ------------------------------service ssh-known-hostsexit! ------------------------------service trusted-certificatesexit! ------------------------------service web-serverexit! ------------------------------service anomaly-detection ad0exit! ------------------------------service external-product-interfaceexit! ------------------------------service health-monitorexit! ------------------------------service global-correlationexit! ------------------------------service aaaaaa radiusprimary-serverserver-address 192.168.42.131shared-secret <removed>exitnas-id DMZ-IDS1local-fallback enabledconsole-authentication radius-and-localdefault-user-role administratorexitexit! ------------------------------service analysis-engineexitDMZ-ACE-1
logging enablelogging timestamplogging trap 6logging buffered 6logging device-id context-namelogging host 192.168.42.124 udp/514logging rate-limit 1 120 message 302027login timeout 15hostname ACE1boot system image:c6ace-t1k9-mz.3.0.0_A1_4a.binresource-class Goldlimit-resource all minimum 0.00 maximum unlimitedlimit-resource conc-connections minimum 10.00 maximum unlimitedlimit-resource sticky minimum 10.00 maximum unlimitedtacacs-server host 192.168.42.131 key 7 "<removed>"aaa group server tacacs+ RETAILserver 192.168.42.131clock timezone standard PSTclock summer-time standard PDTaaa authentication login default group RETAIL localaaa authentication login console group RETAIL localaaa accounting default group RETAIL localclass-map type management match-any remote-mgmt9 match protocol ssh source-address 192.168.41.102 255.255.255.25510 match protocol ssh source-address 192.168.42.131 255.255.255.25530 match protocol icmp any31 match protocol ssh source-address 10.19.151.99 255.255.255.25532 match protocol ssh source-address 192.168.41.101 255.255.255.25533 match protocol ssh source-address 192.168.42.111 255.255.255.25534 match protocol ssh source-address 192.168.42.122 255.255.255.25535 match protocol ssh source-address 192.168.42.124 255.255.255.25536 match protocol ssh source-address 192.168.42.133 255.255.255.25537 match protocol ssh source-address 192.168.42.138 255.255.255.255policy-map type management first-match remote-accessclass remote-mgmtpermitinterface vlan 21ip address 192.168.21.95 255.255.255.0service-policy input remote-accessno shutdownft interface vlan 85ip address 192.168.20.9 255.255.255.252peer ip address 192.168.20.10 255.255.255.252no shutdownft peer 1heartbeat interval 300heartbeat count 10ft-interface vlan 85ft group 11peer 1priority 110peer priority 105associate-context Admininservicedomain cisco-irn.comip route 0.0.0.0 0.0.0.0 192.168.21.1context PCIallocate-interface vlan 82-83allocate-interface vlan 95ft group 10peer 1priority 110peer priority 105associate-context PCIinserviceusername admin password 5 <removed> role Admin domain default-domainusername www password 5 <removed> role Admin domain default-domainusername retail password 5 <removed> role Admin domain default-domainusername csmadmin password 5 <removed> role Admin domain default-domainssh key rsa 1024 forceDMZ-ACE-1_PCI
ACE1/PCI# sh runGenerating configuration....logging enablelogging timestamplogging buffered 7logging monitor 7logging device-id context-namelogging host 192.168.42.124 udp/514logging rate-limit 1 120 message 302027login timeout 15tacacs-server host 192.168.42.131 key 7 "<removed>"aaa group server tacacs+ RETAILserver 192.168.42.131aaa authentication login default group RETAIL localaaa authentication login console group RETAIL localaaa accounting default group RETAIL localaccess-list allow2server line 20 extended permit ip any host 192.168.20.3access-list allow2server line 21 extended permit tcp host 192.168.20.44 host 192.168.42.130 eq ldapaccess-list allow2server line 22 extended deny ip any anyaccess-list in2out line 10 extended permit ip host 192.168.20.3 anyaccess-list in2out line 15 extended deny ip any anyaccess-list out2in line 10 extended permit tcp any host 192.168.20.1 eq wwwaccess-list out2in line 15 extended deny ip any anyprobe icmp ICMPinterval 2faildetect 2passdetect interval 60passdetect count 2rserver host ECOMip address 192.168.20.44inserviceserverfarm host PCI-ECOMpredictor leastconnsprobe ICMPrserver ECOMinserviceclass-map match-any ECOMVIP11 match virtual-address 192.168.20.1 anyclass-map type management match-any remote-mgmt30 match protocol icmp any31 match protocol ssh source-address 10.19.151.99 255.255.255.25532 match protocol ssh source-address 192.168.41.101 255.255.255.25533 match protocol ssh source-address 192.168.41.102 255.255.255.25534 match protocol ssh source-address 192.168.42.111 255.255.255.25535 match protocol ssh source-address 192.168.42.122 255.255.255.25536 match protocol ssh source-address 192.168.42.124 255.255.255.25537 match protocol ssh source-address 192.168.42.131 255.255.255.25538 match protocol ssh source-address 192.168.42.133 255.255.255.25539 match protocol ssh source-address 192.168.42.138 255.255.255.255policy-map type management first-match remote-accessclass remote-mgmtpermitpolicy-map type loadbalance first-match ECOMPOLICYclass class-defaultserverfarm PCI-ECOMpolicy-map multi-match ECOM_MATCHclass ECOMVIPloadbalance vip inserviceloadbalance policy ECOMPOLICYservice-policy input remote-accessinterface vlan 82description ACE_outsideip address 192.168.20.28 255.255.255.248ip verify reverse-pathalias 192.168.20.30 255.255.255.248peer ip address 192.168.20.29 255.255.255.248access-group input out2inservice-policy input ECOM_MATCHno shutdowninterface vlan 83description ACE_insideip address 192.168.20.4 255.255.255.248ip verify reverse-pathalias 192.168.20.6 255.255.255.248peer ip address 192.168.20.5 255.255.255.248access-group input in2outno shutdowndomain cisco-irn.comip route 0.0.0.0 0.0.0.0 192.168.20.25username csmadmin password 5 <removed> role Admin domain default-domainusername retail password 5 <removed> role Admin domaindefault-domainusername bmcgloth password 5 <removed> role Admin domain default-domainDMZ-ACE-2_Admin
ACE2/Admin# sh runGenerating configuration....logging enablelogging timestamplogging trap 6logging buffered 6logging device-id context-namelogging host 192.168.42.124 udp/514logging rate-limit 1 120 message 302027login timeout 15hostname ACE2boot system image:c6ace-t1k9-mz.3.0.0_A1_4a.binresource-class Goldlimit-resource all minimum 0.00 maximum unlimitedlimit-resource conc-connections minimum 10.00 maximum unlimitedlimit-resource sticky minimum 10.00 maximum unlimitedtacacs-server host 192.168.42.131 key 7 "<removed>"aaa group server tacacs+ RETAILserver 192.168.42.131clock timezone standard PSTclock summer-time standard PDTaaa authentication login default group RETAIL localaaa authentication login console group RETAIL localaaa accounting default group RETAIL localclass-map type management match-any remote-mgmt9 match protocol ssh source-address 192.168.41.102 255.255.255.25510 match protocol ssh source-address 192.168.42.131 255.255.255.25530 match protocol icmp any31 match protocol ssh source-address 10.19.151.99 255.255.255.25532 match protocol ssh source-address 192.168.41.101 255.255.255.25533 match protocol ssh source-address 192.168.42.111 255.255.255.25534 match protocol ssh source-address 192.168.42.122 255.255.255.25535 match protocol ssh source-address 192.168.42.124 255.255.255.25536 match protocol ssh source-address 192.168.42.133 255.255.255.25537 match protocol ssh source-address 192.168.42.138 255.255.255.255policy-map type management first-match remote-accessclass remote-mgmtpermitinterface vlan 21peer ip address 192.168.21.95 255.255.255.0service-policy input remote-accessno shutdownft interface vlan 85ip address 192.168.20.10 255.255.255.252peer ip address 192.168.20.9 255.255.255.252no shutdownft peer 1heartbeat interval 300heartbeat count 10ft-interface vlan 85ft group 11peer 1priority 105peer priority 110associate-context Admininservicedomain cisco-irn.comip route 0.0.0.0 0.0.0.0 192.168.21.1context PCIallocate-interface vlan 82-83allocate-interface vlan 95ft group 10peer 1priority 105peer priority 110associate-context PCIinserviceusername admin password 5 <removed> role Admin domaindefault-domainusername www password 5 <removed> role Admin domain default-domainusername retail password 5 <removed> role Admin domaindefault-domainusername csmadmin password 5 <removed> role Admin domain default-domainssh key rsa 1024 forceACE2/Admin#DMZ-ACE-2_PCI
ACE2/PCI# sh runGenerating configuration....logging enablelogging timestamplogging buffered 7logging monitor 7logging device-id context-namelogging host 192.168.42.124 udp/514logging rate-limit 1 120 message 302027login timeout 15tacacs-server host 192.168.42.131 key 7 "<removed>"aaa group server tacacs+ RETAILserver 192.168.42.131aaa authentication login default group RETAIL localaaa authentication login console group RETAIL localaaa accounting default group RETAIL localaccess-list allow2server line 20 extended permit ip any host 192.168.20.3access-list allow2server line 21 extended permit tcp host 192.168.20.44 host 192.168.42.130 eq ldapaccess-list allow2server line 22 extended deny ip any anyaccess-list in2out line 10 extended permit ip host 192.168.20.3 anyaccess-list in2out line 15 extended deny ip any anyaccess-list out2in line 10 extended permit tcp any host 192.168.20.1 eq wwwaccess-list out2in line 15 extended deny ip any anyprobe icmp ICMPinterval 2faildetect 2passdetect interval 60passdetect count 2rserver host ECOMip address 192.168.20.44inserviceserverfarm host PCI-ECOMpredictor leastconnsprobe ICMPrserver ECOMinserviceclass-map match-any ECOMVIP11 match virtual-address 192.168.20.1 anyclass-map type management match-any remote-mgmt30 match protocol icmp any31 match protocol ssh source-address 10.19.151.99 255.255.255.25532 match protocol ssh source-address 192.168.41.101 255.255.255.25533 match protocol ssh source-address 192.168.41.102 255.255.255.25534 match protocol ssh source-address 192.168.42.111 255.255.255.25535 match protocol ssh source-address 192.168.42.122 255.255.255.25536 match protocol ssh source-address 192.168.42.124 255.255.255.25537 match protocol ssh source-address 192.168.42.131 255.255.255.25538 match protocol ssh source-address 192.168.42.133 255.255.255.25539 match protocol ssh source-address 192.168.42.138 255.255.255.255policy-map type management first-match remote-accessclass remote-mgmtpermitpolicy-map type loadbalance first-match ECOMPOLICYclass class-defaultserverfarm PCI-ECOMpolicy-map multi-match ECOM_MATCHclass ECOMVIPloadbalance vip inserviceloadbalance policy ECOMPOLICYservice-policy input remote-accessinterface vlan 82description ACE_outsideip address 192.168.20.29 255.255.255.248ip verify reverse-pathalias 192.168.20.30 255.255.255.248peer ip address 192.168.20.28 255.255.255.248access-group input out2inservice-policy input ECOM_MATCHno shutdowninterface vlan 83description ACE_insideip address 192.168.20.5 255.255.255.248ip verify reverse-pathalias 192.168.20.6 255.255.255.248peer ip address 192.168.20.4 255.255.255.248access-group input in2outno shutdowndomain cisco-irn.comip route 0.0.0.0 0.0.0.0 192.168.20.25username csmadmin password 5 <removed> role Admin domain default-domainusername retail password 5 <removed> role Admin domaindefault-domainusername bmcgloth password 5 <removed> role Admin domain default-domainACE2/PCI#DMZ-IDS-1
! ------------------------------! Current configuration last modified Thu Apr 28 21:34:42 2011! ------------------------------! Version 7.0(4)! Host:! Realm Keys key1.0! Signature Definition:! Signature Update S500.0 2010-07-09! ------------------------------service interfacephysical-interfaces GigabitEthernet0/7subinterface-type inline-vlan-pairsubinterface 1description INT1 vlans 83 and 84vlan1 83vlan2 84exitexitexitexit! ------------------------------service authenticationattemptLimit 6password-strengthsize 7-64digits-min 1lowercase-min 1other-min 1number-old-passwords 4exitexit! ------------------------------service event-action-rules rules0exit! ------------------------------service hostnetwork-settingshost-ip 192.168.21.93/24,192.168.21.1host-name DMZ-IDS1telnet-option disabledaccess-list 10.19.151.99/32access-list 192.168.41.101/32access-list 192.168.41.102/32access-list 192.168.42.122/32access-list 192.168.42.124/32access-list 192.168.42.133/32access-list 192.168.42.138/32dns-primary-server enabledaddress 192.168.42.130exitdns-secondary-server disableddns-tertiary-server disabledhttp-proxy proxy-serveraddress 128.107.241.169port 80exitexittime-zone-settingsoffset -8standard-time-zone-name PSTexitntp-option enabled-ntp-unauthenticatedntp-server 192.168.62.161exitsummertime-option recurringsummertime-zone-name PDTexitexit! ------------------------------service loggerexit! ------------------------------service network-accessexit! ------------------------------service notificationtrap-destinations 192.168.42.124trap-community-name <removed>exitenable-notifications truetrap-community-name <removed>exit! ------------------------------service signature-definition sig0exit! ------------------------------service ssh-known-hostsexit! ------------------------------service trusted-certificatesexit! ------------------------------service web-serverexit! ------------------------------service anomaly-detection ad0exit! ------------------------------service external-product-interfaceexit! ------------------------------service health-monitorexit! ------------------------------service global-correlationexit! ------------------------------service aaaaaa radiusprimary-serverserver-address 192.168.42.131shared-secret <removed>exitnas-id DMZ-IDS1local-fallback enabledconsole-authentication radius-and-localdefault-user-role administratorexitexit! ------------------------------service analysis-engineexitDMZ-IDSM2
! ------------------------------! Current configuration last modified Thu Apr 28 22:06:38 2011! ------------------------------! Version 7.0(4)! Host:! Realm Keys key1.0! Signature Definition:! Signature Update S500.0 2010-07-09! ------------------------------service interfacephysical-interfaces GigabitEthernet0/7subinterface-type inline-vlan-pairsubinterface 1description INT1 vlans 83 and 84vlan1 83vlan2 84exitexitexitexit! ------------------------------service authenticationattemptLimit 6password-strengthsize 7-64digits-min 1lowercase-min 1other-min 1number-old-passwords 4exitexit! ------------------------------service event-action-rules rules0exit! ------------------------------service hostnetwork-settingshost-ip 192.168.21.94/24,192.168.21.1host-name DMZ-IDS2telnet-option disabledaccess-list 10.19.151.99/32access-list 192.168.41.101/32access-list 192.168.41.102/32access-list 192.168.42.122/32access-list 192.168.42.124/32access-list 192.168.42.133/32access-list 192.168.42.138/32dns-primary-server enabledaddress 192.168.42.130exitdns-secondary-server disableddns-tertiary-server disabledhttp-proxy proxy-serveraddress 128.107.241.169port 80exitexittime-zone-settingsoffset -8standard-time-zone-name PSTexitntp-option enabled-ntp-unauthenticatedntp-server 192.168.62.161exitsummertime-option recurringsummertime-zone-name PDTexitexit! ------------------------------service loggerexit! ------------------------------service network-accessexit! ------------------------------service notificationtrap-destinations 192.168.42.124trap-community-name <removed>exitenable-notifications truetrap-community-name <removed>exit! ------------------------------service signature-definition sig0exit! ------------------------------service ssh-known-hostsexit! ------------------------------service trusted-certificatesexit! ------------------------------service web-serverexit! ------------------------------service anomaly-detection ad0exit! ------------------------------service external-product-interfaceexit! ------------------------------service health-monitorexit! ------------------------------service global-correlationexit! ------------------------------service aaaaaa radiusprimary-serverserver-address 192.168.42.131shared-secret <removed>exitnas-id DMZ-IDS1local-fallback enabledconsole-authentication radius-and-localdefault-user-role administratorexitexit! ------------------------------service analysis-engineexitFW-A2-MSP-1
: Saved: Written by retail at 18:15:18.945 PDT Fri Apr 29 2011!ASA Version 8.4(1)!hostname FW-A2-MSP-1domain-name cisco-irn.comenable password <removed> encryptedpasswd <removed> encryptednamesdns-guard!interface Ethernet0/0nameif MSP-WANsecurity-level 0ip address 10.10.255.176 255.255.255.0!interface Ethernet0/1no nameifno security-levelno ip address!interface Ethernet0/1.11vlan 11nameif POSsecurity-level 95ip address 10.10.176.1 255.255.255.0!interface Ethernet0/1.12vlan 12nameif DATAsecurity-level 85ip address 10.10.177.1 255.255.255.0!interface Ethernet0/1.13vlan 13nameif VOICEsecurity-level 80ip address 10.10.178.1 255.255.255.0!interface Ethernet0/1.14vlan 14nameif WIRELESSsecurity-level 70ip address 10.10.179.1 255.255.255.0!interface Ethernet0/1.15vlan 15nameif WIRELESS-POSsecurity-level 90ip address 10.10.180.1 255.255.255.0!interface Ethernet0/1.16vlan 16nameif PARTNERsecurity-level 65ip address 10.10.181.1 255.255.255.0!interface Ethernet0/1.17vlan 17nameif WIRELESS-GUESTsecurity-level 10ip address 10.10.182.1 255.255.255.0!interface Ethernet0/1.18vlan 18nameif WIRELESS-CONTROLsecurity-level 75ip address 10.10.183.1 255.255.255.0!interface Ethernet0/1.19vlan 19nameif WAASsecurity-level 100ip address 10.10.184.1 255.255.255.0!interface Ethernet0/1.1000vlan 1000nameif MANAGEMENTsecurity-level 100ip address 10.10.191.1 255.255.255.0!interface Ethernet0/2shutdownno nameifno security-levelno ip address!interface Ethernet0/3shutdownno nameifno security-levelno ip address!interface Management0/0shutdownno nameifno security-levelno ip address!ftp mode passiveclock timezone PST -8clock summer-time PDT recurringdns server-group DefaultDNSdomain-name cisco-irn.comsame-security-traffic permit inter-interfaceobject network AdminStationhost 192.168.41.101object network AdminStation2host 192.168.41.102object network AdminStation4-barthost 10.19.151.99object network EMC-NCMhost 192.168.42.122description EMC Network Configuration Managerobject network CSManagerhost 192.168.42.133description Cisco Security Managerobject network AdminStation3host 192.168.42.138object network ActiveDirectory.cisco-irn.comhost 192.168.42.130object network DC-POSsubnet 192.168.52.0 255.255.255.0description POS in the Data Centerobject network WCSManagerhost 192.168.43.135description Wireless Managerobject network PAME-DC-1host 192.168.44.111object network MSP-DC-1host 192.168.44.121description Data Center VSOMobject network DC-ALLsubnet 192.168.0.0 255.255.0.0description All of the Data Centerobject network RSA-enVisionhost 192.168.42.124description RSA EnVision Syslog collector and SIMobject network TACACShost 192.168.42.131description Csico Secure ACS server for TACACS and Radiusobject network RSA-AMhost 192.168.42.137description RSA Authentication Manager for SecureIDobject network NAC-2host 192.168.42.112object network NAC-1host 192.168.42.111description ISE server for NACobject network MS-Updatehost 192.168.42.150description Windows Update Serverobject network MSExchangehost 192.168.42.140description Mail Serverobject service RPCservice tcp destination eq 135object service LDAP-GCservice tcp destination eq 3268object service LDAP-GC-SSLservice tcp destination eq 3269object service Kerberos-TCPservice tcp destination eq 88object service Microsoft-DS-SMBservice tcp destination eq 445description Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharingobject service LDAP-UDPservice udp destination eq 389object service RPC-HighPortsservice tcp destination range 1024 65535object service ORACLE-OASservice tcp destination eq 12601description OAS uses one port for HTTP and RMI - 12601.object service TOMAX-8990service tcp destination eq 8990description Tomax Application Portobject service IP-Protocol-97service 97description IP protocol 97object service TCP1080service tcp destination eq 1080object service TCP8080service tcp destination eq 8080object service RDPservice tcp destination eq 3389description Windows Remote Desktopobject-group network CSM_INLINE_src_rule_73014461090description Generated by CS-Manager from src of FirewallRule# 1 (ASA-Store_V2/mandatory)network-object object AdminStationnetwork-object object AdminStation2network-object object AdminStation4-bartobject-group network Admin-Systemsnetwork-object object EMC-NCMnetwork-object object AdminStationnetwork-object object AdminStation2network-object object CSManagernetwork-object object AdminStation3network-object object AdminStation4-bartobject-group network DC-POS-Tomaxdescription Tomax POS Communication from Store to Data Centernetwork-object 192.168.52.96 255.255.255.224object-group network DC-POS-SAPdescription SAP POS Communication from Store to Data Centernetwork-object 192.168.52.144 255.255.255.240object-group network DC-POS-Oracledescription Oracle POS Communication from Store to Data Centernetwork-object 192.168.52.128 255.255.255.240object-group network CSM_INLINE_src_rule_73014461184description Generated by CS-Manager from src of FirewallRule# 4 (ASA-Store_V2/mandatory)group-object DC-POS-Tomaxnetwork-object object DC-POSgroup-object DC-POS-SAPgroup-object DC-POS-Oracleobject-group network POS-Store-MSPnetwork-object 10.10.176.81 255.255.255.255object-group network CSM_INLINE_dst_rule_73014461438description Generated by CS-Manager from dst of FirewallRule# 5 (ASA-Store_V2/mandatory)group-object DC-POS-Tomaxnetwork-object object DC-POSgroup-object DC-POS-SAPgroup-object DC-POS-Oracleobject-group network Store-MSP-POS-netnetwork-object 10.10.176.0 255.255.255.0network-object 10.10.180.0 255.255.255.0object-group network CSM_INLINE_dst_rule_73014461436description Generated by CS-Manager from dst of FirewallRule# 7 (ASA-Store_V2/mandatory)group-object DC-POS-Tomaxnetwork-object object DC-POSgroup-object DC-POS-SAPgroup-object DC-POS-Oracleobject-group network DC-Wifi-Controllersdescription Central Wireless Controllers for storesnetwork-object 192.168.43.21 255.255.255.255network-object 192.168.43.22 255.255.255.255object-group network DC-Wifi-MSEdescription Mobility Service Enginesnetwork-object 192.168.43.31 255.255.255.255network-object 192.168.43.32 255.255.255.255object-group network CSM_INLINE_src_rule_73014461098description Generated by CS-Manager from src of FirewallRule# 8 (ASA-Store_V2/mandatory)network-object object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSEobject-group network CSM_INLINE_src_rule_73014461100description Generated by CS-Manager from src of FirewallRule# 9 (ASA-Store_V2/mandatory)network-object object PAME-DC-1network-object object MSP-DC-1object-group network DC-WAASdescription WAE Appliances in Data Centernetwork-object 192.168.48.10 255.255.255.255network-object 192.168.49.10 255.255.255.255network-object 192.168.47.11 255.255.255.255network-object 192.168.47.12 255.255.255.255object-group network NTP-Serversdescription NTP Serversnetwork-object 192.168.62.161 255.255.255.255network-object 162.168.62.162 255.255.255.255object-group network CSM_INLINE_dst_rule_73014461120description Generated by CS-Manager from dst of FirewallRule# 17 (ASA-Store_V2/mandatory)network-object object TACACSnetwork-object object RSA-AMnetwork-object object NAC-2network-object object NAC-1object-group network CSM_INLINE_dst_rule_73014461126description Generated by CS-Manager from dst of FirewallRule# 18 (ASA-Store_V2/mandatory)network-object object PAME-DC-1network-object object MSP-DC-1object-group network CSM_INLINE_dst_rule_73014461128description Generated by CS-Manager from dst of FirewallRule# 19 (ASA-Store_V2/mandatory)group-object DC-Wifi-Controllersgroup-object DC-Wifi-MSEobject-group service HTTPS-8443service-object tcp destination eq 8443object-group service CSM_INLINE_svc_rule_73014461092description Generated by CS-Manager from service of FirewallRule# 2 (ASA-Store_V2/mandatory)service-object tcp destination eq sshservice-object tcp destination eq httpsgroup-object HTTPS-8443object-group service DNS-Resolvingdescription Domain Name Serverservice-object tcp destination eq domainservice-object udp destination eq domainobject-group service CSM_INLINE_svc_rule_73014461094description Generated by CS-Manager from service of FirewallRule# 3 (ASA-Store_V2/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsservice-object udp destination eq 88service-object udp destination eq ntpservice-object udp destination eq netbios-dgmservice-object object RPCservice-object object LDAP-GCservice-object object LDAP-GC-SSLservice-object object Kerberos-TCPservice-object object Microsoft-DS-SMBservice-object object LDAP-UDPservice-object object RPC-HighPortsgroup-object DNS-Resolvingobject-group service ORACLE-RMIdescription RMI TCP ports 1300 and 1301-1319.service-object tcp destination range 1300 1319object-group service ORACLE-Weblogicdescription HTTP/RMI and HTTPS/RMI-SSL 7001 & 7002. OracleAQ uses 1521.service-object tcp destination eq 7001service-object tcp destination eq 7002service-object tcp destination eq sqlnetobject-group service ORACLE-WASdescription RMI/IIOP over 2809 HTTP over 9443 IBM-MQ 1414service-object tcp destination eq 2809service-object tcp destination eq 9443service-object tcp destination eq 1414object-group service CSM_INLINE_svc_rule_73014461184description Generated by CS-Manager from service of FirewallRule# 4 (ASA-Store_V2/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq sshservice-object object ORACLE-OASservice-object object TOMAX-8990group-object ORACLE-RMIgroup-object ORACLE-Weblogicgroup-object ORACLE-WASgroup-object HTTPS-8443object-group service TFTPdescription Trivial File Transferservice-object tcp destination eq 69service-object udp destination eq tftpobject-group service LWAPPdescription LWAPP UDP ports 12222 and 12223service-object udp destination eq 12222service-object udp destination eq 12223object-group service CAPWAPdescription CAPWAP UDP ports 5246 and 5247service-object udp destination eq 5246service-object udp destination eq 5247object-group service CSM_INLINE_svc_rule_73014461098description Generated by CS-Manager from service of FirewallRule# 8 (ASA-Store_V2/mandatory)service-object tcp destination eq httpsservice-object tcp destination eq wwwservice-object udp destination eq isakmpservice-object tcp destination eq telnetservice-object tcp destination eq sshservice-object object IP-Protocol-97group-object TFTPgroup-object LWAPPgroup-object CAPWAPobject-group service CSM_INLINE_svc_rule_73014461102description Generated by CS-Manager from service of FirewallRule# 10 (ASA-Store_V2/mandatory)service-object icmp echoservice-object icmp echo-replyservice-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq sshservice-object tcp destination eq ftpservice-object object TCP1080service-object object TCP8080service-object object RDPgroup-object HTTPS-8443object-group service CISCO-WAASdescription Ports for Cisco WAASservice-object tcp destination eq 4050object-group service Netbiosdescription Netbios Serversservice-object udp destination eq netbios-dgmservice-object udp destination eq netbios-nsservice-object tcp destination eq netbios-ssnobject-group service CSM_INLINE_svc_rule_73014461104description Generated by CS-Manager from service of FirewallRule# 11 (ASA-Store_V2/mandatory)service-object object Microsoft-DS-SMBgroup-object CISCO-WAASgroup-object HTTPS-8443group-object Netbiosobject-group service CSM_INLINE_svc_rule_73014461106description Generated by CS-Manager from service of FirewallRule# 12 (ASA-Store_V2/mandatory)service-object tcp-udp destination eq sipservice-object tcp destination eq 2000object-group service CSM_INLINE_svc_rule_73014461112description Generated by CS-Manager from service of FirewallRule# 14 (ASA-Store_V2/mandatory)service-object udp destination eq snmptrapservice-object udp destination eq snmpservice-object udp destination eq syslogobject-group service CSM_INLINE_svc_rule_73014461120description Generated by CS-Manager from service of FirewallRule# 17 (ASA-Store_V2/mandatory)service-object udp destination eq 1812service-object udp destination eq 1813service-object tcp destination eq httpsservice-object tcp destination eq wwwgroup-object HTTPS-8443object-group service Cisco-Mobilitydescription Mobility ports for Wirelessservice-object udp destination eq 16666service-object udp destination eq 16667object-group service CSM_INLINE_svc_rule_73014461128description Generated by CS-Manager from service of FirewallRule# 19 (ASA-Store_V2/mandatory)service-object tcp destination eq httpsservice-object udp destination eq isakmpservice-object object IP-Protocol-97group-object Cisco-Mobilitygroup-object LWAPPgroup-object CAPWAPobject-group service CSM_INLINE_svc_rule_73014461130description Generated by CS-Manager from service of FirewallRule# 20 (ASA-Store_V2/mandatory)service-object tcp-udp destination eq sipservice-object tcp destination eq 2000object-group service CSM_INLINE_svc_rule_73014461132description Generated by CS-Manager from service of FirewallRule# 21 (ASA-Store_V2/mandatory)service-object object Microsoft-DS-SMBgroup-object CISCO-WAASgroup-object HTTPS-8443group-object Netbiosobject-group service CSM_INLINE_svc_rule_73014461134description Generated by CS-Manager from service of FirewallRule# 22 (ASA-Store_V2/mandatory)service-object tcp destination eq ldapservice-object tcp destination eq ldapsservice-object udp destination eq 88service-object udp destination eq ntpservice-object udp destination eq netbios-dgmservice-object object RPCservice-object object LDAP-GCservice-object object LDAP-GC-SSLservice-object object Kerberos-TCPservice-object object Microsoft-DS-SMBservice-object object LDAP-UDPservice-object object RPC-HighPortsgroup-object DNS-Resolvingobject-group service CSM_INLINE_svc_rule_73014461136description Generated by CS-Manager from service of FirewallRule# 23 (ASA-Store_V2/mandatory)service-object tcp destination eq wwwservice-object tcp destination eq httpsobject-group service CSM_INLINE_svc_rule_73014461138description Generated by CS-Manager from service of FirewallRule# 24 (ASA-Store_V2/mandatory)service-object tcp destination eq wwwservice-object tcp destination eq httpsservice-object tcp destination eq smtpservice-object tcp destination eq pop3service-object tcp destination eq imap4access-list OUTSIDE remark LAB Testingaccess-list OUTSIDE extended permit ip object-group CSM_INLINE_src_rule_73014461090 10.10.176.0 255.255.248.0access-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461092 object-group Admin-Systems 10.10.176.0 255.255.248.0access-list OUTSIDE remark Allow Active Directory Domainaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461094 object ActiveDirectory.cisco-irn.com 10.10.176.0 255.255.248.0access-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461184 object-group CSM_INLINE_src_rule_73014461184 object-group POS-Store-MSPaccess-list OUTSIDE extended deny ip any object-group Store-MSP-POS-netaccess-list OUTSIDE extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list OUTSIDE remark Wireless Management to Storesaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461098 object-group CSM_INLINE_src_rule_73014461098 10.10.183.0 255.255.255.0access-list OUTSIDE remark Physical security systemsaccess-list OUTSIDE extended permit tcp object-group CSM_INLINE_src_rule_73014461100 10.10.191.0 255.255.255.0 eq httpsaccess-list OUTSIDE remark Allow Management of store systemsaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461102 object DC-ALL 10.10.176.0 255.255.248.0access-list OUTSIDE remark WAAS systemsaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461104 object-group DC-WAAS 10.10.184.0 255.255.255.0access-list OUTSIDE remark Voice callsaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461106 object DC-ALL 10.10.178.0 255.255.255.0access-list OUTSIDE extended permit tcp 10.10.176.0 255.255.248.0 object EMC-NCM eq sshaccess-list OUTSIDE extended permit object-group CSM_INLINE_svc_rule_73014461112 10.10.176.0 255.255.248.0 object RSA-enVisionaccess-list OUTSIDE extended permit tcp 10.10.176.0 255.255.248.0 object TACACS eq tacacsaccess-list OUTSIDE extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list OUTSIDE remark Drop all other trafficaccess-list OUTSIDE extended deny ip any any logaccess-list CSM_FW_ACL_POS remark Allow Applicationsaccess-list CSM_FW_ACL_POS extended permit tcp object-group POS-Store-MSP object-group CSM_INLINE_dst_rule_73014461438 eq httpsaccess-list CSM_FW_ACL_POS extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_POS extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_POS extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_POS extended permit object-group CSM_INLINE_svc_rule_73014461120 10.10.176.0 255.255.248.0 object-group CSM_INLINE_dst_rule_73014461120access-list CSM_FW_ACL_POS remark Allow Active Directory Domainaccess-list CSM_FW_ACL_POS extended permit object-group CSM_INLINE_svc_rule_73014461134 10.10.176.0 255.255.248.0 object ActiveDirectory.cisco-irn.comaccess-list CSM_FW_ACL_POS remark Allow Windows Updatesaccess-list CSM_FW_ACL_POS extended permit object-group CSM_INLINE_svc_rule_73014461136 10.10.176.0 255.255.248.0 object MS-Updateaccess-list CSM_FW_ACL_POS remark Allow Mailaccess-list CSM_FW_ACL_POS extended permit object-group CSM_INLINE_svc_rule_73014461138 10.10.176.0 255.255.248.0 object MSExchangeaccess-list CSM_FW_ACL_POS remark Drop all other trafficaccess-list CSM_FW_ACL_POS extended deny ip any any logaccess-list CSM_FW_ACL_WIRELESS-POS remark Allow Applicationsaccess-list CSM_FW_ACL_WIRELESS-POS extended permit tcp object-group POS-Store-MSP object-group CSM_INLINE_dst_rule_73014461438 eq httpsaccess-list CSM_FW_ACL_WIRELESS-POS extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_WIRELESS-POS extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_WIRELESS-POS extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_WIRELESS-POS remark Allow Active Directory Domainaccess-list CSM_FW_ACL_WIRELESS-POS extended permit object-group CSM_INLINE_svc_rule_73014461134 10.10.176.0 255.255.248.0 object ActiveDirectory.cisco-irn.comaccess-list CSM_FW_ACL_WIRELESS-POS remark Allow Windows Updatesaccess-list CSM_FW_ACL_WIRELESS-POS extended permit object-group CSM_INLINE_svc_rule_73014461136 10.10.176.0 255.255.248.0 object MS-Updateaccess-list CSM_FW_ACL_WIRELESS-POS remark Allow Mailaccess-list CSM_FW_ACL_WIRELESS-POS extended permit object-group CSM_INLINE_svc_rule_73014461138 10.10.176.0 255.255.248.0 object MSExchangeaccess-list CSM_FW_ACL_WIRELESS-POS remark Drop all other trafficaccess-list CSM_FW_ACL_WIRELESS-POS extended deny ip any any logaccess-list CSM_FW_ACL_DATA extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_DATA extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_DATA extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_DATA extended permit object-group CSM_INLINE_svc_rule_73014461120 10.10.176.0 255.255.248.0 object-group CSM_INLINE_dst_rule_73014461120access-list CSM_FW_ACL_DATA remark Allow Active Directory Domainaccess-list CSM_FW_ACL_DATA extended permit object-group CSM_INLINE_svc_rule_73014461134 10.10.176.0 255.255.248.0 object ActiveDirectory.cisco-irn.comaccess-list CSM_FW_ACL_DATA remark Allow Windows Updatesaccess-list CSM_FW_ACL_DATA extended permit object-group CSM_INLINE_svc_rule_73014461136 10.10.176.0 255.255.248.0 object MS-Updateaccess-list CSM_FW_ACL_DATA remark Allow Mailaccess-list CSM_FW_ACL_DATA extended permit object-group CSM_INLINE_svc_rule_73014461138 10.10.176.0 255.255.248.0 object MSExchangeaccess-list CSM_FW_ACL_DATA remark Drop all other trafficaccess-list CSM_FW_ACL_DATA extended deny ip any any logaccess-list CSM_FW_ACL_MANAGEMENT extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_MANAGEMENT extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_MANAGEMENT extended permit tcp 10.10.176.0 255.255.248.0 object EMC-NCM eq sshaccess-list CSM_FW_ACL_MANAGEMENT extended permit object-group CSM_INLINE_svc_rule_73014461112 10.10.176.0 255.255.248.0 object RSA-enVisionaccess-list CSM_FW_ACL_MANAGEMENT extended permit tcp 10.10.176.0 255.255.248.0 object TACACS eq tacacsaccess-list CSM_FW_ACL_MANAGEMENT extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_MANAGEMENT extended permit object-group CSM_INLINE_svc_rule_73014461120 10.10.176.0 255.255.248.0 object-group CSM_INLINE_dst_rule_73014461120access-list CSM_FW_ACL_MANAGEMENT remark Physical security systemsaccess-list CSM_FW_ACL_MANAGEMENT extended permit tcp 10.10.191.0 255.255.255.0 object-group CSM_INLINE_dst_rule_73014461126 eq httpsaccess-list CSM_FW_ACL_MANAGEMENT remark Allow Mailaccess-list CSM_FW_ACL_MANAGEMENT extended permit object-group CSM_INLINE_svc_rule_73014461138 10.10.176.0 255.255.248.0 object MSExchangeaccess-list CSM_FW_ACL_MANAGEMENT remark Drop all other trafficaccess-list CSM_FW_ACL_MANAGEMENT extended deny ip any any logaccess-list CSM_FW_ACL_PARTNER extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_PARTNER extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_PARTNER extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_PARTNER extended permit object-group CSM_INLINE_svc_rule_73014461120 10.10.176.0 255.255.248.0 object-group CSM_INLINE_dst_rule_73014461120access-list CSM_FW_ACL_PARTNER remark Allow Mailaccess-list CSM_FW_ACL_PARTNER extended permit object-group CSM_INLINE_svc_rule_73014461138 10.10.176.0 255.255.248.0 object MSExchangeaccess-list CSM_FW_ACL_PARTNER remark Drop all other trafficaccess-list CSM_FW_ACL_PARTNER extended deny ip any any logaccess-list CSM_FW_ACL_VOICE extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_VOICE extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_VOICE extended permit tcp 10.10.176.0 255.255.248.0 object EMC-NCM eq sshaccess-list CSM_FW_ACL_VOICE extended permit object-group CSM_INLINE_svc_rule_73014461112 10.10.176.0 255.255.248.0 object RSA-enVisionaccess-list CSM_FW_ACL_VOICE extended permit tcp 10.10.176.0 255.255.248.0 object TACACS eq tacacsaccess-list CSM_FW_ACL_VOICE extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_VOICE extended permit object-group CSM_INLINE_svc_rule_73014461120 10.10.176.0 255.255.248.0 object-group CSM_INLINE_dst_rule_73014461120access-list CSM_FW_ACL_VOICE remark Voice callsaccess-list CSM_FW_ACL_VOICE extended permit object-group CSM_INLINE_svc_rule_73014461130 10.10.178.0 255.255.255.0 object DC-ALLaccess-list CSM_FW_ACL_VOICE remark Allow Mailaccess-list CSM_FW_ACL_VOICE extended permit object-group CSM_INLINE_svc_rule_73014461138 10.10.176.0 255.255.248.0 object MSExchangeaccess-list CSM_FW_ACL_VOICE remark Drop all other trafficaccess-list CSM_FW_ACL_VOICE extended deny ip any any logaccess-list CSM_FW_ACL_WAAS extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_WAAS extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_WAAS extended permit tcp 10.10.176.0 255.255.248.0 object EMC-NCM eq sshaccess-list CSM_FW_ACL_WAAS extended permit object-group CSM_INLINE_svc_rule_73014461112 10.10.176.0 255.255.248.0 object RSA-enVisionaccess-list CSM_FW_ACL_WAAS extended permit tcp 10.10.176.0 255.255.248.0 object TACACS eq tacacsaccess-list CSM_FW_ACL_WAAS extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_WAAS remark WAAS systemsaccess-list CSM_FW_ACL_WAAS extended permit object-group CSM_INLINE_svc_rule_73014461132 10.10.184.0 255.255.255.0 object-group DC-WAASaccess-list CSM_FW_ACL_WAAS remark Allow Active Directory Domainaccess-list CSM_FW_ACL_WAAS extended permit object-group CSM_INLINE_svc_rule_73014461134 10.10.176.0 255.255.248.0 object ActiveDirectory.cisco-irn.comaccess-list CSM_FW_ACL_WAAS remark Drop all other trafficaccess-list CSM_FW_ACL_WAAS extended deny ip any any logaccess-list CSM_FW_ACL_WIRELESS extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_WIRELESS extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_WIRELESS extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_WIRELESS remark Allow Active Directory Domainaccess-list CSM_FW_ACL_WIRELESS extended permit object-group CSM_INLINE_svc_rule_73014461134 10.10.176.0 255.255.248.0 object ActiveDirectory.cisco-irn.comaccess-list CSM_FW_ACL_WIRELESS remark Allow Windows Updatesaccess-list CSM_FW_ACL_WIRELESS extended permit object-group CSM_INLINE_svc_rule_73014461136 10.10.176.0 255.255.248.0 object MS-Updateaccess-list CSM_FW_ACL_WIRELESS remark Allow Mailaccess-list CSM_FW_ACL_WIRELESS extended permit object-group CSM_INLINE_svc_rule_73014461138 10.10.176.0 255.255.248.0 object MSExchangeaccess-list CSM_FW_ACL_WIRELESS remark Drop all other trafficaccess-list CSM_FW_ACL_WIRELESS extended deny ip any any logaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_WIRELESS-CONTROL extended permit tcp 10.10.176.0 255.255.248.0 object EMC-NCM eq sshaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended permit object-group CSM_INLINE_svc_rule_73014461112 10.10.176.0 255.255.248.0 object RSA-enVisionaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended permit tcp 10.10.176.0 255.255.248.0 object TACACS eq tacacsaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended permit object-group CSM_INLINE_svc_rule_73014461120 10.10.176.0 255.255.248.0 object-group CSM_INLINE_dst_rule_73014461120access-list CSM_FW_ACL_WIRELESS-CONTROL remark Wireless control systemsaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended permit object-group CSM_INLINE_svc_rule_73014461128 10.10.183.0 255.255.255.0 object-group CSM_INLINE_dst_rule_73014461128access-list CSM_FW_ACL_WIRELESS-CONTROL remark Drop all other trafficaccess-list CSM_FW_ACL_WIRELESS-CONTROL extended deny ip any any logaccess-list CSM_FW_ACL_WIRELESS-GUEST extended deny ip any object-group Store-MSP-POS-netaccess-list CSM_FW_ACL_WIRELESS-GUEST extended deny ip any object-group CSM_INLINE_dst_rule_73014461436access-list CSM_FW_ACL_WIRELESS-GUEST extended permit udp 10.10.176.0 255.255.248.0 object-group NTP-Servers eq ntpaccess-list CSM_FW_ACL_WIRELESS-GUEST remark Drop all other trafficaccess-list CSM_FW_ACL_WIRELESS-GUEST extended deny ip any any logpager lines 24logging enablelogging trap debugginglogging asdm debugginglogging host MSP-WAN 192.168.42.124mtu MSP-WAN 1500mtu POS 1500mtu DATA 1500mtu VOICE 1500mtu WIRELESS 1500mtu WIRELESS-POS 1500mtu PARTNER 1500mtu WIRELESS-GUEST 1500mtu WIRELESS-CONTROL 1500mtu WAAS 1500mtu MANAGEMENT 1500no failovericmp unreachable rate-limit 1 burst-size 1icmp permit any MSP-WANicmp permit any POSicmp permit any DATAicmp permit any VOICEicmp permit any WIRELESSicmp permit any WIRELESS-POSicmp permit any PARTNERicmp permit any WIRELESS-GUESTicmp permit any WIRELESS-CONTROLicmp permit any WAASicmp permit any MANAGEMENTasdm image disk0:/asdm-641.binasdm history enablearp timeout 14400access-group OUTSIDE in interface MSP-WANaccess-group CSM_FW_ACL_POS in interface POSaccess-group CSM_FW_ACL_DATA in interface DATAaccess-group CSM_FW_ACL_VOICE in interface VOICEaccess-group CSM_FW_ACL_WIRELESS in interface WIRELESSaccess-group CSM_FW_ACL_WIRELESS-POS in interface WIRELESS-POSaccess-group CSM_FW_ACL_PARTNER in interface PARTNERaccess-group CSM_FW_ACL_WIRELESS-GUEST in interface WIRELESS-GUESTaccess-group CSM_FW_ACL_WIRELESS-CONTROL in interface WIRELESS-CONTROLaccess-group CSM_FW_ACL_WAAS in interface WAASaccess-group CSM_FW_ACL_MANAGEMENT in interface MANAGEMENTroute MSP-WAN 0.0.0.0 0.0.0.0 10.10.255.11 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record DfltAccessPolicyaaa-server RETAIL protocol tacacs+aaa-server RETAIL (MANAGEMENT) host 192.168.42.131key ******aaa authentication enable console RETAIL LOCALaaa authentication http console RETAIL LOCALaaa authentication ssh console RETAIL LOCALaaa accounting ssh console RETAILaaa accounting enable console RETAILaaa accounting command privilege 15 RETAILaaa authentication secure-http-clientaaa local authentication attempts max-fail 6aaa authorization exec authentication-serverhttp server enablehttp server idle-timeout 15http server session-timeout 60http 10.19.151.99 255.255.255.255 MSP-WANhttp 192.168.41.101 255.255.255.255 MSP-WANhttp 192.168.41.102 255.255.255.255 MSP-WANhttp 192.168.42.122 255.255.255.255 MSP-WANhttp 192.168.42.124 255.255.255.255 MSP-WANhttp 192.168.42.133 255.255.255.255 MSP-WANhttp 192.168.42.138 255.255.255.255 MSP-WANno snmp-server locationno snmp-server contactsnmp-server community RetailCMOprivateno snmp-server enabletelnet timeout 5ssh 10.19.151.99 255.255.255.255 MSP-WANssh 192.168.41.101 255.255.255.255 MSP-WANssh 192.168.41.102 255.255.255.255 MSP-WANssh 192.168.42.122 255.255.255.255 MSP-WANssh 192.168.42.124 255.255.255.255 MSP-WANssh 192.168.42.133 255.255.255.255 MSP-WANssh 192.168.42.138 255.255.255.255 MSP-WANssh timeout 15ssh version 2console timeout 15dhcprelay server 192.168.42.130 MSP-WANdhcprelay enable POSdhcprelay enable DATAdhcprelay enable VOICEdhcprelay enable WIRELESSdhcprelay enable WIRELESS-POSdhcprelay enable PARTNERdhcprelay enable WIRELESS-GUESTdhcprelay enable WIRELESS-CONTROLdhcprelay timeout 60threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptntp server 192.168.62.162 source MSP-WANntp server 192.168.62.161 source MSP-WAN preferwebvpnusername csmadmin password <removed> encrypted privilege 15username retail password <removed> encrypted privilege 15username bmcgloth password <removed> encrypted privilege 15!!prompt hostname contextcall-homeprofile CiscoTAC-1no activedestination address http https://tools.cisco.com/its/service/oddce/services/DDCEServicedestination address email callhome@cisco.comdestination transport-method httpsubscribe-to-alert-group diagnosticsubscribe-to-alert-group environmentsubscribe-to-alert-group inventory periodic monthlysubscribe-to-alert-group configuration periodic monthlysubscribe-to-alert-group telemetry periodic dailypassword encryption aesCryptochecksum:0b5ca833caa61d445ed02aeee4bbf096: endFWSM-DMZ-1
FWSM-RIE-3# sh run: Saved:FWSM Version 4.1(5)!hostname FWSM-RIE-3domain-name cisco-irn.comenable password <removed> encryptednamesdns-guard!interface Vlan21nameif insidesecurity-level 100ip address 192.168.21.10 255.255.255.0!interface Vlan22nameif outsidesecurity-level 0ip address 192.168.22.1 255.255.255.0 standby 192.168.22.2!interface Vlan82nameif DMZsecurity-level 20ip address 192.168.20.25 255.255.255.248 standby 192.168.20.26!interface Vlan91description LAN Failover Interface!interface Vlan92description STATE Failover Interface!interface Vlan2305nameif EmailSecurityAppliancesecurity-level 50ip address 192.168.23.65 255.255.255.240 standby 192.168.23.66!interface Vlan2306nameif EmailSecurityMgrAppliancesecurity-level 60ip address 192.168.23.81 255.255.255.240 standby 192.168.23.82!passwd <removed> encryptedftp mode passivedns domain-lookup insidedns name-server 192.168.42.130same-security-traffic permit inter-interfaceobject-group icmp-type CSM_INLINE_svc_rule_81604379602.icmpdescription Generated by CS-Manager from service of FirewallRule# 10 (FWSM-DMZ-1_v1/mandatory)icmp-object echoicmp-object echo-replyicmp-object unreachableobject-group network CSM_INLINE_src_rule_81604379520description Generated by CS-Manager from src of FirewallRule# 1 (FWSM-DMZ-1_v1/mandatory)network-object 192.168.23.68 255.255.255.255network-object 192.168.23.84 255.255.255.255object-group network CSM_INLINE_src_rule_81604379526description Generated by CS-Manager from src of FirewallRule# 2 (FWSM-DMZ-1_v1/mandatory)network-object 192.168.23.68 255.255.255.255network-object 192.168.23.84 255.255.255.255object-group network RSA-enVision_1description RSA EnVision Syslog collector and SIMnetwork-object 192.168.42.124 255.255.255.255object-group network CSM_INLINE_src_rule_81604379528description Generated by CS-Manager from src of FirewallRule# 3 (FWSM-DMZ-1_v1/mandatory)network-object 192.168.23.68 255.255.255.255network-object 192.168.23.84 255.255.255.255object-group network NTP-Serversdescription NTP Serversnetwork-object 192.168.62.161 255.255.255.255network-object 162.168.62.162 255.255.255.255object-group network CSM_INLINE_src_rule_81604379532description Generated by CS-Manager from src of FirewallRule# 4 (FWSM-DMZ-1_v1/mandatory)network-object 192.168.23.68 255.255.255.255network-object 192.168.23.84 255.255.255.255object-group network TACACS_1description Csico Secure ACS server for TACACS and Radiusnetwork-object 192.168.42.131 255.255.255.255object-group network AdminStationnetwork-object 192.168.41.101 255.255.255.255object-group network AdminStation2network-object 192.168.41.102 255.255.255.255object-group network CSM_INLINE_src_rule_81604379552description Generated by CS-Manager from src of FirewallRule# 5 (FWSM-DMZ-1_v1/mandatory)group-object AdminStationgroup-object AdminStation2object-group network EMC-NCMdescription EMC Network Configuration Managernetwork-object 192.168.42.122 255.255.255.255object-group network CSManagerdescription Cisco Security Managernetwork-object 192.168.42.133 255.255.255.255object-group network RSA-enVisiondescription RSA EnVision Syslog collector and SIMnetwork-object 192.168.42.124 255.255.255.255object-group network AdminStation3network-object 192.168.42.138 255.255.255.255object-group network AdminStation4-bartnetwork-object 10.19.151.99 255.255.255.255object-group network Admin-Systemsgroup-object EMC-NCMgroup-object AdminStationgroup-object AdminStation2group-object CSManagergroup-object RSA-enVisiongroup-object AdminStation3group-object AdminStation4-bartobject-group network DC-ALLdescription All of the Data Centernetwork-object 192.168.0.0 255.255.0.0object-group network Stores-ALLdescription all store networksnetwork-object 10.10.0.0 255.255.0.0object-group network CSM_INLINE_src_rule_81604379580description Generated by CS-Manager from src of FirewallRule# 7 (FWSM-DMZ-1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLobject-group network CSM_INLINE_src_rule_81604379592description Generated by CS-Manager from src of FirewallRule# 8 (FWSM-DMZ-1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLobject-group network CSM_INLINE_src_rule_81604379602description Generated by CS-Manager from src of FirewallRule# 10 (FWSM-DMZ-1_v1/mandatory)group-object DC-ALLgroup-object Stores-ALLobject-group network ActiveDirectory.cisco-irn.comnetwork-object 192.168.42.130 255.255.255.255object-group network PAME-DC-1network-object 192.168.44.111 255.255.255.255object-group network TACACSdescription Csico Secure ACS server for TACACS and Radiusnetwork-object 192.168.42.131 255.255.255.255object-group network CSM_INLINE_src_rule_81604379688description Generated by CS-Manager from src of FirewallRule# 21 (FWSM-DMZ-1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255object-group network CSM_INLINE_src_rule_81604379690description Generated by CS-Manager from src of FirewallRule# 22 (FWSM-DMZ-1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255object-group network CSM_INLINE_src_rule_81604379692description Generated by CS-Manager from src of FirewallRule# 23 (FWSM-DMZ-1_v1/mandatory)network-object 192.168.22.11 255.255.255.255network-object 192.168.22.12 255.255.255.255object-group service CSM_INLINE_svc_rule_81604379520.tcp tcpdescription Generated by CS-Manager from service of FirewallRule# 1 (FWSM-DMZ-1_v1/mandatory)port-object eq smtpport-object eq domainobject-group service CSM_INLINE_svc_rule_81604379532 udpdescription Generated by CS-Manager from service of FirewallRule# 4 (FWSM-DMZ-1_v1/mandatory)port-object eq 1812port-object eq 1813object-group service CSM_INLINE_svc_rule_81604379556 tcpdescription Generated by CS-Manager from service of FirewallRule# 6 (FWSM-DMZ-1_v1/mandatory)port-object eq sshport-object eq httpsobject-group service CSM_INLINE_svc_rule_81604379580 tcpdescription Generated by CS-Manager from service of FirewallRule# 7 (FWSM-DMZ-1_v1/mandatory)port-object eq smtpport-object eq httpsport-object eq sshobject-group service CSM_INLINE_svc_rule_81604379592 tcpdescription Generated by CS-Manager from service of FirewallRule# 8 (FWSM-DMZ-1_v1/mandatory)port-object eq httpsport-object eq sshobject-group service CSM_INLINE_svc_rule_81604379602.tcp tcpdescription Generated by CS-Manager from service of FirewallRule# 10 (FWSM-DMZ-1_v1/mandatory)port-object eq wwwport-object eq ftpport-object eq httpsport-object eq 8443port-object eq 1080port-object eq 8080port-object eq telnetport-object eq sshobject-group service CSM_INLINE_svc_rule_81604379626.tcp tcpdescription Generated by CS-Manager from service of FirewallRule# 11 (FWSM-DMZ-1_v1/mandatory)port-object eq domainport-object eq 123object-group service CSM_INLINE_svc_rule_81604379626.udp udpdescription Generated by CS-Manager from service of FirewallRule# 11 (FWSM-DMZ-1_v1/mandatory)port-object eq domainport-object eq ntpobject-group service CSM_INLINE_svc_rule_81604379640.tcp tcpdescription Generated by CS-Manager from service of FirewallRule# 13 (FWSM-DMZ-1_v1/mandatory)port-object eq ldapport-object eq 3268port-object eq 3269port-object eq ldapsobject-group service CSM_INLINE_svc_rule_81604379680 tcpdescription Generated by CS-Manager from service of FirewallRule# 18 (FWSM-DMZ-1_v1/mandatory)port-object eq httpsport-object eq sshobject-group service vCenter-to-ESX4 tcpdescription Communication from vCetner to ESX hostsport-object eq 5989port-object eq 8000port-object eq 902port-object eq 903object-group service CSM_INLINE_svc_rule_81604380215.tcp tcpdescription Generated by CS-Manager from service of FirewallRule# 25 (FWSM-DMZ-1_v1/mandatory)port-object eq 8880port-object eq 8444port-object eq 5900port-object eq 5800port-object eq sshport-object eq 3389port-object eq 1080port-object eq 8080port-object eq telnetport-object eq 69port-object eq wwwport-object eq httpsport-object eq 8443group-object vCenter-to-ESX4access-list Ironport1-in remark Allow main and DNZaccess-list Ironport1-in extended permit udp object-group CSM_INLINE_src_rule_81604379520 any eq domainaccess-list Ironport1-in extended permit tcp object-group CSM_INLINE_src_rule_81604379520 any object-group CSM_INLINE_svc_rule_81604379520.tcpaccess-list Ironport1-in extended permit udp object-group CSM_INLINE_src_rule_81604379526 object-group RSA-enVision_1 eq syslogaccess-list Ironport1-in extended permit udp object-group CSM_INLINE_src_rule_81604379528 object-group NTP-Servers eq ntpaccess-list Ironport1-in extended permit udp object-group CSM_INLINE_src_rule_81604379532 object-group TACACS_1 object-group CSM_INLINE_svc_rule_81604379532access-list From-DMZ extended permit udp 192.168.20.0 255.255.255.0 object-group RSA-enVision eq syslogaccess-list From-DMZ extended permit tcp 192.168.20.0 255.255.255.0 object-group TACACS eq tacacsaccess-list From-DMZ extended permit udp 192.168.20.0 255.255.255.0 object-group NTP-Servers eq ntpaccess-list Ironport2-in remark Allow main and DNZaccess-list Ironport2-in extended permit udp object-group CSM_INLINE_src_rule_81604379520 any eq domainaccess-list Ironport2-in extended permit tcp object-group CSM_INLINE_src_rule_81604379520 any object-group CSM_INLINE_svc_rule_81604379520.tcpaccess-list Ironport2-in extended permit udp object-group CSM_INLINE_src_rule_81604379526 object-group RSA-enVision_1 eq syslogaccess-list Ironport2-in extended permit udp object-group CSM_INLINE_src_rule_81604379528 object-group NTP-Servers eq ntpaccess-list Ironport2-in extended permit udp object-group CSM_INLINE_src_rule_81604379532 object-group TACACS_1 object-group CSM_INLINE_svc_rule_81604379532access-list INSIDE extended permit tcp object-group Admin-Systems 192.168.20.0 255.255.252.0 object-group CSM_INLINE_svc_rule_81604379556access-list INSIDE remark Allow services for Ironport appsaccess-list INSIDE extended permit tcp object-group CSM_INLINE_src_rule_81604379580 192.168.23.64 255.255.255.224 object-group CSM_INLINE_svc_rule_81604379580access-list INSIDE remark Allow traffic to DMZaccess-list INSIDE extended permit tcp object-group CSM_INLINE_src_rule_81604379592 host 192.168.20.30 object-group CSM_INLINE_svc_rule_81604379592access-list INSIDE remark - Drop unauthorized traffic to DMZaccess-list INSIDE extended deny ip any 192.168.20.0 255.255.252.0 logaccess-list INSIDE remark Allow outbound services for Internetaccess-list INSIDE extended permit icmp object-group CSM_INLINE_src_rule_81604379602 any object-group CSM_INLINE_svc_rule_81604379602.icmpaccess-list INSIDE extended permit tcp object-group CSM_INLINE_src_rule_81604379602 any object-group CSM_INLINE_svc_rule_81604379602.tcpaccess-list INSIDE extended permit tcp object-group ActiveDirectory.cisco-irn.com any object-group CSM_INLINE_svc_rule_81604379626.tcpaccess-list INSIDE extended permit udp object-group ActiveDirectory.cisco-irn.com any object-group CSM_INLINE_svc_rule_81604379626.udpaccess-list INSIDE extended permit udp object-group NTP-Servers any eq ntpaccess-list INSIDE remark Allow LDAP out LAB testaccess-list INSIDE extended permit udp object-group PAME-DC-1 any eq 389 logaccess-list INSIDE extended permit tcp object-group PAME-DC-1 any object-group CSM_INLINE_svc_rule_81604379640.tcp logaccess-list INSIDE remark Drop and Log all other traffic - END-OF-LINEaccess-list INSIDE extended deny ip any any logaccess-list OUTSIDE remark Allow traffic to DMZ e-commerce Serveraccess-list OUTSIDE extended permit tcp any host 192.168.20.30 object-group CSM_INLINE_svc_rule_81604379680access-list OUTSIDE remark Mail to Ironportaccess-list OUTSIDE extended permit tcp any host 192.168.23.68 eq smtpaccess-list OUTSIDE remark Remote Access SSL VPNaccess-list OUTSIDE extended permit tcp any host 192.168.21.1 eq httpsaccess-list OUTSIDE remark Allow traffic from edge routers - RIE-1access-list OUTSIDE extended permit udp object-group CSM_INLINE_src_rule_81604379688 object-group RSA-enVision eq syslogaccess-list OUTSIDE remark Allow traffic from edge routers - RIE-1access-list OUTSIDE extended permit tcp object-group CSM_INLINE_src_rule_81604379690 object-group TACACS eq tacacsaccess-list OUTSIDE remark Allow traffic from edge routers - RIE-1access-list OUTSIDE extended permit udp object-group CSM_INLINE_src_rule_81604379692 object-group NTP-Servers eq ntpaccess-list OUTSIDE remark Drop all other trafficaccess-list OUTSIDE extended deny ip any any logpager lines 24logging host inside 192.168.42.124mtu inside 1500mtu outside 1500mtu EmailSecurityAppliance 1500mtu EmailSecurityMgrAppliance 1500mtu DMZ 1500failoverfailover lan unit primaryfailover lan interface failover Vlan91failover link statelink Vlan92failover interface ip failover 192.168.20.13 255.255.255.252 standby 192.168.20.14failover interface ip statelink 192.168.20.33 255.255.255.252 standby 192.168.20.34icmp permit any insideicmp permit any outsideicmp permit any EmailSecurityApplianceicmp permit any EmailSecurityMgrApplianceasdm history enablearp timeout 14400access-group INSIDE in interface insideaccess-group OUTSIDE in interface outsideaccess-group Ironport1-in in interface EmailSecurityApplianceaccess-group Ironport2-in in interface EmailSecurityMgrApplianceaccess-group From-DMZ in interface DMZroute inside 192.168.0.0 255.255.0.0 192.168.21.1 1route inside 10.10.0.0 255.255.0.0 192.168.21.1 1route outside 10.10.0.0 255.255.255.0 192.168.22.10 1route outside 0.0.0.0 0.0.0.0 192.168.22.10 1route outside 10.10.3.0 255.255.255.0 192.168.22.11 1route outside 10.10.4.0 255.255.255.0 192.168.22.12 1route DMZ 192.168.20.0 255.255.255.248 192.168.20.28 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00timeout sip-invite 0:03:00 sip-disconnect 0:02:00timeout pptp-gre 0:02:00timeout uauth 0:05:00 absoluteaaa-server RETAIL protocol tacacs+aaa-server RETAIL host 192.168.42.131key ******username csmadmin password <removed> encrypted privilege 15username retail password <removed> encrypted privilege 15username bmcgloth password <removed> encrypted privilege 15aaa authentication ssh console RETAIL LOCALaaa authentication enable console RETAIL LOCALaaa authentication http console RETAIL LOCALaaa accounting ssh console RETAILaaa accounting enable console RETAILaaa accounting command privilege 15 RETAILaaa authentication secure-http-clientaaa local authentication attempts max-fail 6http server enablehttp 10.19.151.99 255.255.255.255 insidehttp 192.168.41.101 255.255.255.255 insidehttp 192.168.41.102 255.255.255.255 insidehttp 192.168.42.122 255.255.255.255 insidehttp 192.168.42.124 255.255.255.255 insidehttp 192.168.42.133 255.255.255.255 insidehttp 192.168.42.138 255.255.255.255 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartno snmp-server enableservice reset no-connectionno service reset connection marked-for-deletiontelnet timeout 5ssh 10.19.151.99 255.255.255.255 insidessh 192.168.41.101 255.255.255.255 insidessh 192.168.41.102 255.255.255.255 insidessh 192.168.42.122 255.255.255.255 insidessh 192.168.42.124 255.255.255.255 insidessh 192.168.42.133 255.255.255.255 insidessh 192.168.42.138 255.255.255.255 insidessh timeout 15ssh version 2console timeout 15!class-map inspection_defaultmatch default-inspection-traffic!!policy-map global_policyclass inspection_defaultinspect dns maximum-length 512inspect ftpinspect h323 h225inspect h323 rasinspect netbiosinspect rshinspect skinnyinspect smtpinspect sqlnetinspect sunrpcinspect tftpinspect sipinspect xdmcp!service-policy global_policy globalprompt hostname contextCryptochecksum:0ce5577c4093206d7ce2fc0f65139d9d: endFWSM-RIE-3#MDS-DC-1-running
!Command: show running-config!Time: Sun Apr 24 16:47:39 2011version 5.0(1a)system default switchport mode Ffeature npivfeature privilegefeature tacacs+role name default-roledescription This is a system defined role and applies to all users.rule 5 permit show feature environmentrule 4 permit show feature hardwarerule 3 permit show feature modulerule 2 permit show feature snmprule 1 permit show feature systemusername admin password 5 <removed> role network-adminusername retail password 5 <removed> role network-adminusername emc-ncm password 5 <removed> role network-adminusername bart password 5 <removed> role network-adminenable secret 5 <removed>banner motd #WARNING: **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail **** **** AUTHORIZED USERS ONLY! ****ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENTTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARYTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHERREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUTFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHERCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAWENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.#ssh login-attempts 6ip domain-lookupip domain-name cisco-irn.comip host MDS-DC-1 192.168.41.51tacacs-server key 7 "<removed>"tacacs-server host 192.168.42.131aaa group server tacacs+ CiscoACSserver 192.168.42.131aaa group server radius radiussnmp-server user bart network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server user admin network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server user retail network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server user emc-ncm network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server host 192.168.41.101 traps version 2c public udp-port 2162snmp-server host 192.168.42.121 traps version 3 auth publicno snmp-server enable traps entity entity_mib_changeno snmp-server enable traps entity entity_module_status_changeno snmp-server enable traps entity entity_power_status_changeno snmp-server enable traps entity entity_module_insertedno snmp-server enable traps entity entity_module_removedno snmp-server enable traps entity entity_unrecognised_moduleno snmp-server enable traps entity entity_fan_status_changeno snmp-server enable traps entity entity_power_out_changeno snmp-server enable traps rf redundancy_frameworkntp server 192.168.62.161ntp server 192.168.62.162aaa authentication login default group CiscoACSaaa authentication login console group CiscoACSaaa authorization ssh-certificate default group CiscoACSaaa accounting default group CiscoACSaaa authentication login error-enableip access-list 23 permit ip 127.0.0.1 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.41.101 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.41.102 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.42.111 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.42.121 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.42.122 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.42.131 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.42.133 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 192.168.42.138 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 permit ip 10.19.151.99 0.0.0.0 192.168.41.51 0.0.0.0ip access-list 23 deny ip any any log-denyvsan databasevsan 2 name "Promise-2"vsan 10 name "UIM_VSAN_A_10"fcdomain fcid databasevsan 1 wwn 50:00:40:20:03:fc:44:6a fcid 0x020000 dynamicvsan 1 wwn 50:00:40:21:03:fc:44:6a fcid 0x020001 dynamicvsan 1 wwn 21:00:00:e0:8b:19:70:09 fcid 0x020100 area dynamicvsan 1 wwn 20:89:00:05:30:00:99:de fcid 0x020200 area dynamicvsan 1 wwn 20:8a:00:05:30:00:99:de fcid 0x020300 area dynamicvsan 1 wwn 23:00:00:05:30:00:99:e0 fcid 0x020002 dynamicvsan 1 wwn 23:01:00:05:30:00:99:e0 fcid 0x020003 dynamicvsan 1 wwn 23:02:00:05:30:00:99:e0 fcid 0x020004 dynamicvsan 1 wwn 23:03:00:05:30:00:99:e0 fcid 0x020005 dynamicvsan 1 wwn 23:04:00:05:30:00:99:e0 fcid 0x020006 dynamicvsan 1 wwn 23:05:00:05:30:00:99:e0 fcid 0x020007 dynamicvsan 1 wwn 23:06:00:05:30:00:99:e0 fcid 0x020008 dynamicvsan 1 wwn 23:07:00:05:30:00:99:e0 fcid 0x020009 dynamicvsan 1 wwn 23:08:00:05:30:00:99:e0 fcid 0x02000a dynamicvsan 1 wwn 22:02:00:05:30:00:99:e0 fcid 0x02000b dynamicvsan 1 wwn 22:04:00:05:30:00:99:e0 fcid 0x02000c dynamicvsan 1 wwn 22:06:00:05:30:00:99:e0 fcid 0x02000d dynamicvsan 1 wwn 22:08:00:05:30:00:99:e0 fcid 0x02000e dynamicvsan 1 wwn 22:0a:00:05:30:00:99:e0 fcid 0x02000f dynamicvsan 1 wwn 22:0c:00:05:30:00:99:e0 fcid 0x020010 dynamicvsan 1 wwn 10:00:00:00:c9:60:df:80 fcid 0x020011 dynamicvsan 1 wwn 23:12:00:05:30:00:99:e0 fcid 0x020012 dynamicvsan 1 wwn 23:13:00:05:30:00:99:e0 fcid 0x020013 dynamicvsan 1 wwn 23:14:00:05:30:00:99:e0 fcid 0x020014 dynamicvsan 1 wwn 23:15:00:05:30:00:99:e0 fcid 0x020015 dynamicvsan 1 wwn 23:17:00:05:30:00:99:e0 fcid 0x020016 dynamicvsan 1 wwn 23:16:00:05:30:00:99:e0 fcid 0x020017 dynamicvsan 1 wwn 23:18:00:05:30:00:99:e0 fcid 0x020018 dynamicvsan 1 wwn 23:19:00:05:30:00:99:e0 fcid 0x020019 dynamicvsan 1 wwn 11:00:00:00:00:00:00:01 fcid 0x02001a dynamicvsan 1 wwn 20:00:00:00:00:00:00:01 fcid 0x02001b dynamicvsan 1 wwn 10:00:00:00:c9:77:94:21 fcid 0x02001c dynamicvsan 1 wwn 10:00:00:00:c9:77:92:e9 fcid 0x02001d dynamicvsan 1 wwn 10:00:00:00:c9:77:dd:bc fcid 0x02001e dynamicvsan 1 wwn 20:41:00:05:9b:73:10:c0 fcid 0x02001f dynamicvsan 1 wwn 20:41:00:05:9b:73:17:40 fcid 0x020020 dynamicvsan 1 wwn 10:00:00:00:c9:77:dc:c3 fcid 0x020021 dynamicvsan 1 wwn 10:00:00:00:c9:75:68:c3 fcid 0x020022 dynamicvsan 1 wwn 20:4c:00:0d:ec:2d:94:c0 fcid 0x020400 area dynamicvsan 1 wwn 20:64:00:0d:ec:2d:94:c0 fcid 0x020500 area dynamicvsan 1 wwn 10:00:00:00:c9:77:db:c3 fcid 0x020023 dynamicvsan 2 wwn 20:4c:00:0d:ec:2d:94:c0 fcid 0xef0000 area dynamicvsan 2 wwn 10:00:00:00:c9:75:68:c3 fcid 0xef0100 dynamicvsan 2 wwn 10:00:00:00:c9:77:dc:c3 fcid 0xef0101 dynamicvsan 2 wwn 10:00:00:00:c9:77:dd:bc fcid 0xef0102 dynamicvsan 2 wwn 10:00:00:00:c9:77:db:c3 fcid 0xef0103 dynamicvsan 2 wwn 10:00:00:00:c9:77:92:e9 fcid 0xef0104 dynamicvsan 2 wwn 50:06:01:60:46:e0:33:aa fcid 0xef01ef dynamicvsan 2 wwn 20:41:00:05:9b:73:10:c0 fcid 0xef0105 dynamicvsan 1 wwn 50:06:01:68:46:e0:33:aa fcid 0x0200ef dynamicvsan 1 wwn 50:06:01:60:46:e0:33:aa fcid 0x0206ef dynamicvsan 2 wwn 20:41:00:05:9b:73:17:40 fcid 0xef0106 dynamicvsan 2 wwn 10:00:00:00:c9:77:94:21 fcid 0xef0107 dynamicvsan 2 wwn 20:64:00:0d:ec:2d:94:c0 fcid 0xef0200 area dynamicvsan 2 wwn 50:06:01:68:46:e0:33:aa fcid 0xef03ef dynamicvsan 10 wwn 50:06:01:60:46:e0:33:aa fcid 0xd800ef dynamicvsan 10 wwn 20:41:00:05:9b:73:10:c0 fcid 0xd80000 dynamicvsan 10 wwn 20:41:00:05:9b:73:17:40 fcid 0xd80001 dynamicvsan 10 wwn 10:00:00:00:c9:77:94:21 fcid 0xd80002 dynamicvsan 10 wwn 50:06:01:61:46:e0:33:aa fcid 0xd801ef dynamicvsan 10 wwn 50:06:01:69:46:e0:33:aa fcid 0xd802ef dynamicvsan 10 wwn 20:42:00:05:9b:73:10:c0 fcid 0xd80003 dynamicvsan 10 wwn 20:00:00:25:b5:01:11:0f fcid 0xd80004 dynamicvsan 10 wwn 20:00:00:25:b5:01:11:18 fcid 0xd80005 dynamicvsan 10 wwn 20:00:00:25:b5:01:11:12 fcid 0xd80006 dynamicvsan 10 wwn 20:00:00:25:b5:01:11:15 fcid 0xd80007 dynamicvsan 10 wwn 20:00:00:25:b5:01:11:19 fcid 0xd80008 dynamicvsan 10 wwn 20:00:00:25:b5:01:11:10 fcid 0xd80009 dynamicvsan 10 wwn 20:00:00:25:b5:01:11:1c fcid 0xd8000a dynamicvsan 10 wwn 20:00:00:25:b5:01:11:25 fcid 0xd8000b dynamicvsan 10 wwn 20:00:00:25:b5:01:11:22 fcid 0xd8000c dynamicvsan 10 wwn 20:00:00:25:b5:01:11:1f fcid 0xd8000d dynamicvsan 10 wwn 20:00:00:25:b5:01:11:2b fcid 0xd8000e dynamicvsan 10 wwn 20:00:00:25:b5:01:11:28 fcid 0xd8000f dynamicvsan databasevsan 2 interface fc2/1vsan 2 interface fc2/2vsan 2 interface fc2/3vsan 2 interface fc2/4vsan 2 interface fc2/5vsan 2 interface fc2/6vsan 2 interface fc2/7vsan 2 interface fc2/8vsan 2 interface fc2/9vsan 2 interface fc2/10vsan 2 interface fc2/11vsan 2 interface fc2/12vsan 2 interface fc2/13vsan 2 interface fc2/14vsan 2 interface fc2/15vsan 2 interface fc2/16vsan 2 interface fc2/17vsan 2 interface fc2/18vsan 2 interface fc2/19vsan 2 interface fc2/20vsan 2 interface fc2/21vsan 2 interface fc2/22vsan 2 interface fc2/23vsan 10 interface fc2/24vsan 10 interface fc2/25vsan 10 interface fc2/26vsan 2 interface fc2/27vsan 2 interface fc2/28vsan 2 interface fc2/29vsan 2 interface fc2/30vsan 2 interface fc2/31vsan 2 interface fc2/32vsan 2 interface fc2/33vsan 2 interface fc2/34vsan 2 interface fc2/35vsan 2 interface fc2/36vsan 2 interface fc2/37vsan 2 interface fc2/38vsan 2 interface fc2/39vsan 2 interface fc2/40vsan 2 interface fc2/41vsan 2 interface fc2/42vsan 2 interface fc2/43vsan 2 interface fc2/44vsan 2 interface fc2/45vsan 2 interface fc2/46vsan 2 interface fc2/47vsan 10 interface fc2/48vsan 2 interface fc4/1vsan 2 interface fc4/2vsan 2 interface fc4/3vsan 2 interface fc4/4vsan 2 interface fc4/5vsan 2 interface fc4/6vsan 2 interface fc4/7vsan 2 interface fc4/8vsan 2 interface fc4/9vsan 2 interface fc4/10vsan 2 interface fc4/11vsan 2 interface fc4/12vsan 2 interface fc4/13vsan 2 interface fc4/14vsan 2 interface fc4/15vsan 2 interface fc4/16vsan 2 interface fc4/17vsan 2 interface fc4/18clock timezone PST -8 0clock summer-time PST 1 Sun April 02:00 5 Sun Oct 02:00 60ip default-gateway 192.168.41.1switchname MDS-DC-1line vtyexec-timeout 15line consoleexec-timeout 15boot kickstart bootflash:/m9500-sf2ek9-kickstart-mzg.5.0.1a.bin.S4 sup-1boot system bootflash:/m9500-sf2ek9-mzg.5.0.1a.bin.S4 sup-1boot kickstart bootflash:/m9500-sf2ek9-kickstart-mzg.5.0.1a.bin.S4 sup-2boot system bootflash:/m9500-sf2ek9-mzg.5.0.1a.bin.S4 sup-2interface fc2/12switchport speed 4000switchport rate-mode sharedinterface fc2/11switchport rate-mode dedicatedinterface fc2/36switchport rate-mode dedicatedinterface fc2/1interface fc2/2interface fc2/3interface fc2/4interface fc2/5interface fc2/6interface fc2/7interface fc2/8interface fc2/9interface fc2/10interface fc2/12switchport mode FLinterface fc2/13interface fc2/14interface fc2/15interface fc2/16interface fc2/17interface fc2/18interface fc2/19interface fc2/20interface fc2/21interface fc2/22interface fc2/23interface fc2/24interface fc2/25interface fc2/26interface fc2/27interface fc2/28interface fc2/29interface fc2/30interface fc2/31interface fc2/32interface fc2/33interface fc2/34interface fc2/35interface fc2/37interface fc2/38interface fc2/39interface fc2/40interface fc2/41interface fc2/42interface fc2/43interface fc2/44interface fc2/45interface fc2/46interface fc2/47interface fc2/48interface fc2/11switchport mode autointerface fc2/36switchport mode autointerface fc4/1interface fc4/2interface fc4/3interface fc4/4interface fc4/5interface fc4/6interface fc4/7interface fc4/8interface fc4/9interface fc4/10interface fc4/11interface fc4/12interface fc4/13interface fc4/14interface fc4/15interface fc4/16interface fc4/17interface fc4/18logging server 192.168.42.121logging server 192.168.42.124 6system default zone default-zone permitsystem default zone distribute fullzone default-zone permit vsan 2zone default-zone permit vsan 10zoneset distribute full vsan 1-2zoneset distribute full vsan 10!Full Zone Database Section for vsan 2zone name global_zone vsan 2member pwwn 26:00:00:01:55:35:7e:44member pwwn 26:02:00:01:55:35:7e:44member pwwn 10:00:00:00:c9:75:68:c3member pwwn 10:00:00:00:c9:77:92:e9member pwwn 10:00:00:00:c9:77:db:c3member pwwn 10:00:00:00:c9:77:dc:c3member pwwn 10:00:00:00:c9:77:dd:bcmember pwwn 21:00:00:1b:32:00:33:0cmember pwwn 21:00:00:1b:32:00:3a:0cmember pwwn 21:00:00:1b:32:00:5d:0dmember pwwn 21:00:00:1b:32:00:5e:0dmember pwwn 21:00:00:1b:32:00:70:0dmember pwwn 21:00:00:1b:32:00:ab:0dmember pwwn 21:00:00:1b:32:80:0b:10member pwwn 21:00:00:1b:32:80:52:10member pwwn 21:00:00:1b:32:80:da:0fmember pwwn 21:00:00:1b:32:80:f1:0fzoneset name promise-2_zs vsan 2member global_zonezoneset activate name promise-2_zs vsan 2!Full Zone Database Section for vsan 10zone name UIM_20000025B5011112_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011110_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011112_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011110_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011112_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011110_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011112_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011110_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011115_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011116_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011115_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011116_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011115_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011116_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011115_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011116_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501111A_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011119_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111A_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011119_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111A_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011119_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111A_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011119_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501111D_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111C_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111D_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111C_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111D_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111C_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111D_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501111C_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501111F_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011120_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111F_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011120_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111F_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011120_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111F_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011120_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011123_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011122_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011123_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011122_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011123_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011122_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011123_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011122_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011125_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011126_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011125_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011126_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011125_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011126_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011125_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011126_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011129_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011128_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011129_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011128_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011129_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011128_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011129_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011128_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501112B_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501112C_5006016946E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501112B_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501112C_5006016846E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501112B_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501112C_5006016046E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501112B_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501112C_5006016146E033AA vsan 10member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:61:46:e0:33:aazoneset name UIM_ZONESET_A vsan 10member UIM_20000025B5011112_5006016046E033AAmember UIM_20000025B5011110_5006016046E033AAmember UIM_20000025B5011112_5006016946E033AAmember UIM_20000025B5011110_5006016946E033AAmember UIM_20000025B5011112_5006016846E033AAmember UIM_20000025B5011110_5006016846E033AAmember UIM_20000025B5011112_5006016146E033AAmember UIM_20000025B5011110_5006016146E033AAmember UIM_20000025B5011115_5006016846E033AAmember UIM_20000025B5011116_5006016846E033AAmember UIM_20000025B5011115_5006016146E033AAmember UIM_20000025B5011116_5006016146E033AAmember UIM_20000025B5011115_5006016946E033AAmember UIM_20000025B5011116_5006016946E033AAmember UIM_20000025B5011115_5006016046E033AAmember UIM_20000025B5011116_5006016046E033AAmember UIM_20000025B501111A_5006016946E033AAmember UIM_20000025B5011119_5006016946E033AAmember UIM_20000025B501111A_5006016146E033AAmember UIM_20000025B5011119_5006016146E033AAmember UIM_20000025B501111A_5006016846E033AAmember UIM_20000025B5011119_5006016846E033AAmember UIM_20000025B501111A_5006016046E033AAmember UIM_20000025B5011119_5006016046E033AAmember UIM_20000025B501111D_5006016146E033AAmember UIM_20000025B501111C_5006016146E033AAmember UIM_20000025B501111D_5006016846E033AAmember UIM_20000025B501111C_5006016846E033AAmember UIM_20000025B501111D_5006016946E033AAmember UIM_20000025B501111C_5006016946E033AAmember UIM_20000025B501111D_5006016046E033AAmember UIM_20000025B501111C_5006016046E033AAmember UIM_20000025B501111F_5006016146E033AAmember UIM_20000025B5011120_5006016146E033AAmember UIM_20000025B501111F_5006016946E033AAmember UIM_20000025B5011120_5006016946E033AAmember UIM_20000025B501111F_5006016846E033AAmember UIM_20000025B5011120_5006016846E033AAmember UIM_20000025B501111F_5006016046E033AAmember UIM_20000025B5011120_5006016046E033AAmember UIM_20000025B5011123_5006016946E033AAmember UIM_20000025B5011122_5006016946E033AAmember UIM_20000025B5011123_5006016146E033AAmember UIM_20000025B5011122_5006016146E033AAmember UIM_20000025B5011123_5006016846E033AAmember UIM_20000025B5011122_5006016846E033AAmember UIM_20000025B5011123_5006016046E033AAmember UIM_20000025B5011122_5006016046E033AAmember UIM_20000025B5011125_5006016146E033AAmember UIM_20000025B5011126_5006016146E033AAmember UIM_20000025B5011125_5006016946E033AAmember UIM_20000025B5011126_5006016946E033AAmember UIM_20000025B5011125_5006016846E033AAmember UIM_20000025B5011126_5006016846E033AAmember UIM_20000025B5011125_5006016046E033AAmember UIM_20000025B5011126_5006016046E033AAmember UIM_20000025B5011129_5006016846E033AAmember UIM_20000025B5011128_5006016846E033AAmember UIM_20000025B5011129_5006016046E033AAmember UIM_20000025B5011128_5006016046E033AAmember UIM_20000025B5011129_5006016146E033AAmember UIM_20000025B5011128_5006016146E033AAmember UIM_20000025B5011129_5006016946E033AAmember UIM_20000025B5011128_5006016946E033AAmember UIM_20000025B501112B_5006016946E033AAmember UIM_20000025B501112C_5006016946E033AAmember UIM_20000025B501112B_5006016846E033AAmember UIM_20000025B501112C_5006016846E033AAmember UIM_20000025B501112B_5006016046E033AAmember UIM_20000025B501112C_5006016046E033AAmember UIM_20000025B501112B_5006016146E033AAmember UIM_20000025B501112C_5006016146E033AAzoneset activate name UIM_ZONESET_A vsan 10interface fc2/1interface fc2/2interface fc2/3interface fc2/4interface fc2/5interface fc2/6interface fc2/7interface fc2/8interface fc2/9interface fc2/10interface fc2/11no shutdowninterface fc2/12no shutdowninterface fc2/13interface fc2/14interface fc2/15interface fc2/16interface fc2/17interface fc2/18interface fc2/19interface fc2/20interface fc2/21interface fc2/22interface fc2/23interface fc2/24no shutdowninterface fc2/25no shutdowninterface fc2/26no shutdowninterface fc2/27interface fc2/28interface fc2/29interface fc2/30interface fc2/31interface fc2/32interface fc2/33interface fc2/34interface fc2/35interface fc2/36no shutdowninterface fc2/37shutdowninterface fc2/38interface fc2/39interface fc2/40interface fc2/41interface fc2/42interface fc2/43interface fc2/44interface fc2/45interface fc2/46interface fc2/47interface fc2/48no shutdowninterface fc4/1interface fc4/2interface fc4/3interface fc4/4interface fc4/5interface fc4/6interface fc4/7interface fc4/8interface fc4/9interface fc4/10interface fc4/11interface fc4/12interface fc4/13interface fc4/14interface fc4/15interface fc4/16interface fc4/17interface fc4/18interface GigabitEthernet4/1interface GigabitEthernet4/2interface GigabitEthernet4/3interface GigabitEthernet4/4interface mgmt0ip address 192.168.41.51 255.255.255.0ip access-group 23 inno system default switchport shutdownMDS-DC-2-running
!Command: show running-config!Time: Sun Apr 24 16:48:05 2011version 5.0(4)system default switchport mode Ffeature npivfeature privilegefeature tacacs+role name default-roledescription This is a system defined role and applies to all users.rule 5 permit show feature environmentrule 4 permit show feature hardwarerule 3 permit show feature modulerule 2 permit show feature snmprule 1 permit show feature systemusername admin password 5 <removed> role network-adminusername retail password 5 <removed> role network-adminusername emc-ncm password 5 <removed> role network-adminusername bart password 5 <removed> role network-adminenable secret 5 <removed>banner motd #WARNING:**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ******** AUTHORIZED USERS ONLY! ****ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENTTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARYTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHERREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUTFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHERCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAWENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.#ssh login-attempts 6ip domain-lookupip domain-name cisco-irn.comip host MDS-DC-2 192.168.41.52ip host MDS-DC-2 192.168.41.52tacacs-server key 7 "<removed>"tacacs-server host 192.168.42.131aaa group server tacacs+ CiscoACSserver 192.168.42.131aaa group server radius radiussnmp-server user bart network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server user admin network-admin auth md5 <removed> localizedkeysnmp-server user retail network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server user emc-ncm network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server host 192.168.41.101 traps version 2c public udp-port 2162snmp-server host 192.168.42.121 traps version 3 auth publicrmon event 1 log trap public description FATAL(1) owner PMON@FATALrmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICALrmon event 3 log trap public description ERROR(3) owner PMON@ERRORrmon event 4 log trap public description WARNING(4) owner PMON@WARNINGrmon event 5 log trap public description INFORMATION(5) owner PMON@INFOntp server 192.168.62.161ntp server 192.168.62.162aaa authentication login default group CiscoACSaaa authentication login console group CiscoACSaaa authorization ssh-certificate default group CiscoACSaaa accounting default group CiscoACSaaa authentication login error-enableip access-list 23 permit ip 127.0.0.1 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.41.101 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.41.102 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.42.111 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.42.121 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.42.122 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.42.131 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.42.133 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 192.168.42.138 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 permit ip 10.19.151.99 0.0.0.0 192.168.41.52 0.0.0.0ip access-list 23 deny ip any any log-denyvsan databasevsan 2 name "Promise-2"vsan 11 name "UIM_VSAN_B_11"fcdomain fcid databasevsan 1 wwn 21:01:00:e0:8b:39:35:58 fcid 0x010000 area dynamicvsan 1 wwn 22:03:00:0d:ec:20:2b:40 fcid 0x010100 area dynamicvsan 11 wwn 20:41:00:05:9b:73:17:40 fcid 0xd40000 dynamicvsan 11 wwn 20:42:00:05:9b:73:17:40 fcid 0xd40001 dynamicvsan 1 wwn 21:00:00:e0:8b:19:35:58 fcid 0x010200 area dynamicvsan 11 wwn 50:06:01:69:46:e0:33:aa fcid 0xd400ef dynamicvsan 11 wwn 50:06:01:68:46:e0:33:aa fcid 0xd401ef dynamicvsan 1 wwn 26:01:00:01:55:35:7e:44 fcid 0x010300 dynamicvsan 2 wwn 26:01:00:01:55:35:7e:44 fcid 0x890000 dynamicvsan 2 wwn 20:64:00:0d:ec:38:76:00 fcid 0x890100 area dynamicvsan 11 wwn 20:00:00:25:b5:01:11:10 fcid 0xd40002 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:19 fcid 0xd40003 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:13 fcid 0xd40004 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:16 fcid 0xd40005 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:1a fcid 0xd40006 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:12 fcid 0xd40007 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:1d fcid 0xd40008 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:26 fcid 0xd40009 dynamicvsan 11 wwn 20:00:00:25:b5:01:11:23 fcid 0xd4000a dynamicvsan 11 wwn 20:00:00:25:b5:01:11:20 fcid 0xd4000b dynamicvsan 11 wwn 20:00:00:25:b5:01:11:2c fcid 0xd4000c dynamicvsan 11 wwn 20:00:00:25:b5:01:11:29 fcid 0xd4000d dynamicvsan databasevsan 11 interface fc2/24vsan 11 interface fc2/25vsan 11 interface fc2/26vsan 11 interface fc2/48clock timezone PST -8 0clock summer-time PST 1 Sun April 02:00 5 Sun Oct 02:00 60ip default-gateway 192.168.41.1switchname MDS-DC-2line vtysession-limit 32exec-timeout 15line consoleexec-timeout 15boot kickstart bootflash:/m9500-sf2ek9-kickstart-mz.5.0.4.bin sup-1boot system bootflash:/m9500-sf2ek9-mz.5.0.4.bin sup-1boot kickstart bootflash:/m9500-sf2ek9-kickstart-mz.5.0.4.bin sup-2boot system bootflash:/m9500-sf2ek9-mz.5.0.4.bin sup-2interface fc2/1interface fc2/2interface fc2/3interface fc2/4interface fc2/5interface fc2/6interface fc2/7interface fc2/8interface fc2/9interface fc2/10interface fc2/11interface fc2/12interface fc2/13interface fc2/14interface fc2/15interface fc2/16interface fc2/17interface fc2/18interface fc2/19interface fc2/20interface fc2/21interface fc2/22interface fc2/23interface fc2/24interface fc2/25interface fc2/26interface fc2/27interface fc2/28interface fc2/29interface fc2/30interface fc2/31interface fc2/32interface fc2/33interface fc2/34interface fc2/35interface fc2/36interface fc2/37interface fc2/38interface fc2/39interface fc2/40interface fc2/41interface fc2/42interface fc2/43interface fc2/44interface fc2/45interface fc2/46interface fc2/47interface fc2/48logging server 192.168.42.121logging server 192.168.42.124 6system default zone default-zone permitsystem default zone distribute fullzone default-zone permit vsan 2zone default-zone permit vsan 11zoneset distribute full vsan 1-2zoneset distribute full vsan 11!Full Zone Database Section for vsan 2zone name global_zone vsan 2zoneset name promise-2_zs vsan 2member global_zone!Full Zone Database Section for vsan 11zone name UIM_20000025B5011110_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011112_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011110_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011112_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011110_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011112_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011110_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:10member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011112_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:12member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011116_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011115_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011116_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011115_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011116_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011115_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011116_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:16member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011115_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:15member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011119_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111A_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011119_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501111A_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011119_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111A_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011119_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:19member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111A_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1amember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111D_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111C_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111D_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111C_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111D_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111C_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111D_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1dmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501111C_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1cmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011120_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501111F_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011120_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501111F_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011120_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501111F_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011120_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:20member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501111F_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:1fmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011122_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011123_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011122_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011123_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011122_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011123_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011122_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:22member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011123_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:23member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011126_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011125_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011126_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011125_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011126_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011125_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011126_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:26member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011125_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:25member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011128_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011129_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B5011128_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011129_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B5011128_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011129_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B5011128_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:28member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B5011129_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:29member pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501112C_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501112B_5006016046E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:60:46:e0:33:aazone name UIM_20000025B501112C_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501112B_5006016946E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:69:46:e0:33:aazone name UIM_20000025B501112C_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501112B_5006016846E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:68:46:e0:33:aazone name UIM_20000025B501112C_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2cmember pwwn 50:06:01:61:46:e0:33:aazone name UIM_20000025B501112B_5006016146E033AA vsan 11member pwwn 20:00:00:25:b5:01:11:2bmember pwwn 50:06:01:61:46:e0:33:aazoneset name UIM_ZONESET_B vsan 11member UIM_20000025B5011110_5006016946E033AAmember UIM_20000025B5011112_5006016946E033AAmember UIM_20000025B5011110_5006016046E033AAmember UIM_20000025B5011112_5006016046E033AAmember UIM_20000025B5011110_5006016146E033AAmember UIM_20000025B5011112_5006016146E033AAmember UIM_20000025B5011110_5006016846E033AAmember UIM_20000025B5011112_5006016846E033AAmember UIM_20000025B5011116_5006016046E033AAmember UIM_20000025B5011115_5006016046E033AAmember UIM_20000025B5011116_5006016946E033AAmember UIM_20000025B5011115_5006016946E033AAmember UIM_20000025B5011116_5006016846E033AAmember UIM_20000025B5011115_5006016846E033AAmember UIM_20000025B5011116_5006016146E033AAmember UIM_20000025B5011115_5006016146E033AAmember UIM_20000025B5011119_5006016146E033AAmember UIM_20000025B501111A_5006016146E033AAmember UIM_20000025B5011119_5006016046E033AAmember UIM_20000025B501111A_5006016046E033AAmember UIM_20000025B5011119_5006016946E033AAmember UIM_20000025B501111A_5006016946E033AAmember UIM_20000025B5011119_5006016846E033AAmember UIM_20000025B501111A_5006016846E033AAmember UIM_20000025B501111D_5006016146E033AAmember UIM_20000025B501111C_5006016146E033AAmember UIM_20000025B501111D_5006016846E033AAmember UIM_20000025B501111C_5006016846E033AAmember UIM_20000025B501111D_5006016946E033AAmember UIM_20000025B501111C_5006016946E033AAmember UIM_20000025B501111D_5006016046E033AAmember UIM_20000025B501111C_5006016046E033AAmember UIM_20000025B5011120_5006016846E033AAmember UIM_20000025B501111F_5006016846E033AAmember UIM_20000025B5011120_5006016146E033AAmember UIM_20000025B501111F_5006016146E033AAmember UIM_20000025B5011120_5006016046E033AAmember UIM_20000025B501111F_5006016046E033AAmember UIM_20000025B5011120_5006016946E033AAmember UIM_20000025B501111F_5006016946E033AAmember UIM_20000025B5011122_5006016946E033AAmember UIM_20000025B5011123_5006016946E033AAmember UIM_20000025B5011122_5006016146E033AAmember UIM_20000025B5011123_5006016146E033AAmember UIM_20000025B5011122_5006016046E033AAmember UIM_20000025B5011123_5006016046E033AAmember UIM_20000025B5011122_5006016846E033AAmember UIM_20000025B5011123_5006016846E033AAmember UIM_20000025B5011126_5006016846E033AAmember UIM_20000025B5011125_5006016846E033AAmember UIM_20000025B5011126_5006016946E033AAmember UIM_20000025B5011125_5006016946E033AAmember UIM_20000025B5011126_5006016146E033AAmember UIM_20000025B5011125_5006016146E033AAmember UIM_20000025B5011126_5006016046E033AAmember UIM_20000025B5011125_5006016046E033AAmember UIM_20000025B5011128_5006016946E033AAmember UIM_20000025B5011129_5006016946E033AAmember UIM_20000025B5011128_5006016046E033AAmember UIM_20000025B5011129_5006016046E033AAmember UIM_20000025B5011128_5006016146E033AAmember UIM_20000025B5011129_5006016146E033AAmember UIM_20000025B5011128_5006016846E033AAmember UIM_20000025B5011129_5006016846E033AAmember UIM_20000025B501112C_5006016046E033AAmember UIM_20000025B501112B_5006016046E033AAmember UIM_20000025B501112C_5006016946E033AAmember UIM_20000025B501112B_5006016946E033AAmember UIM_20000025B501112C_5006016846E033AAmember UIM_20000025B501112B_5006016846E033AAmember UIM_20000025B501112C_5006016146E033AAmember UIM_20000025B501112B_5006016146E033AAzoneset activate name UIM_ZONESET_B vsan 11interface fc2/1interface fc2/2interface fc2/3interface fc2/4interface fc2/5interface fc2/6interface fc2/7interface fc2/8interface fc2/9interface fc2/10interface fc2/11interface fc2/12interface fc2/13interface fc2/14interface fc2/15interface fc2/16interface fc2/17interface fc2/18interface fc2/19interface fc2/20interface fc2/21interface fc2/22interface fc2/23interface fc2/24interface fc2/25interface fc2/26interface fc2/27interface fc2/28interface fc2/29interface fc2/30interface fc2/31interface fc2/32interface fc2/33interface fc2/34interface fc2/35interface fc2/36interface fc2/37interface fc2/38interface fc2/39interface fc2/40interface fc2/41interface fc2/42interface fc2/43interface fc2/44interface fc2/45interface fc2/46interface fc2/47interface fc2/48interface mgmt0ip address 192.168.41.52 255.255.255.0ip access-group 23 inno system default switchport shutdownN1kv-1-running
!Command: show running-config!Time: Sat Apr 30 03:02:54 2011version 4.2(1)SV1(4)no feature telnetfeature tacacs+username admin password 5 <removed> role network-adminusername retail password 5 <removed> role network-adminbanner motd # WARNING: **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail **** **** AUTHORIZED USERS ONLY! **** ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT TO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY TO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER REPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT FURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER CRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW ENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS. #ssh key rsa 2048ip domain-lookupip domain-lookuptacacs-server key 7 "<removed>"tacacs-server host 192.168.42.131aaa group server tacacs+ CiscoACSserver 192.168.42.131use-vrf managementsource-interface mgmt0aaa group server tacacs+ tacacshostname N1kv-1ip access-list 2310 permit ip 192.168.42.0/24 any20 permit ip any any30 deny ip any anyip access-list 8810 permit ip 192.168.42.0/24 any20 permit ip any any30 deny ip any anyvem 3host vmware id 414e3537-3441-3255-5838-34353034544bvem 4host vmware id 414e3537-3441-3255-5838-34353034544dvem 5host vmware id 414e3537-3441-3255-5838-333930345046vem 6host vmware id 414e3537-3441-3255-5838-34353034544cvem 7host vmware id 414e3537-3441-3255-5838-333930344e59vem 8host vmware id 414e3537-3441-3255-5838-333830333330vem 9host vmware id 414e3537-3441-3255-5838-333930345057vem 10host vmware id 414e3537-3441-3255-5838-343530345630vem 11host vmware id 414e3537-3441-3255-5838-343530345448vem 12host vmware id 414e3537-3441-3255-5838-333930345048snmp-server user admin network-admin auth md5 <removed> priv <removed> localizedkeysnmp-server user retail network-admin auth md5 <removed> priv <removed> localizedkeyntp server 192.168.62.161 use-vrf managementntp server 192.168.62.162 use-vrf managementntp source 192.168.41.61aaa authentication login default group CiscoACSaaa authentication login console group CiscoACSvrf context managementip route 0.0.0.0/0 192.168.41.1vlan 1vlan 36name VLAN36vlan 37name VLAN37vlan 38name VLAN38vlan 39name VLAN39vlan 40name VLAN40vlan 41name VLAN41vlan 42name VLAN42vlan 43name VLAN43vlan 44name VLAN44vlan 45name VLAN45vlan 46name VLAN46vlan 52name VLAN52vlan 64name VLAN64vlan 72name VLAN72vlan 80name VLAN80vlan 81name VLAN81vlan 82name VLAN82vlan 83name VLAN83port-channel load-balance ethernet source-macport-profile default max-ports 32port-profile type vethernet VLAN38vmware port-groupswitchport mode accessswitchport access vlan 38no shutdownstate enabledport-profile type vethernet VLAN36vmware port-groupswitchport mode accessswitchport access vlan 36no shutdownstate enabledport-profile type vethernet VLAN37vmware port-groupswitchport mode accessswitchport access vlan 37no shutdownstate enabledport-profile type vethernet VLAN39vmware port-groupswitchport mode accessswitchport access vlan 39no shutdownstate enabledport-profile type vethernet VLAN40vmware port-groupswitchport mode accessswitchport access vlan 40no shutdownstate enabledport-profile type vethernet VLAN41vmware port-groupswitchport mode accessswitchport access vlan 41no shutdownsystem vlan 41state enabledport-profile type vethernet VLAN42vmware port-groupswitchport mode accessswitchport access vlan 42no shutdownstate enabledport-profile type vethernet VLAN43vmware port-groupswitchport mode accessswitchport access vlan 43no shutdownstate enabledport-profile type vethernet VLAN44vmware port-groupswitchport mode accessswitchport access vlan 44no shutdownstate enabledport-profile type vethernet VLAN45vmware port-groupswitchport mode accessswitchport access vlan 45no shutdownstate enabledport-profile type vethernet VLAN46vmware port-groupswitchport mode accessswitchport access vlan 46no shutdownstate enabledport-profile type vethernet VLAN52vmware port-groupswitchport mode accessswitchport access vlan 52no shutdownstate enabledport-profile type vethernet VLAN64vmware port-groupswitchport mode accessswitchport access vlan 64no shutdownstate enabledport-profile type vethernet VLAN72vmware port-groupswitchport mode accessswitchport access vlan 72no shutdownstate enabledport-profile type vethernet VLAN80vmware port-groupswitchport mode accessswitchport access vlan 80no shutdownstate enabledport-profile type vethernet VLAN81vmware port-groupswitchport mode accessswitchport access vlan 81no shutdownstate enabledport-profile type vethernet VLAN82vmware port-groupswitchport mode accessswitchport access vlan 82no shutdownstate enabledport-profile type vethernet VLAN83vmware port-groupswitchport mode accessswitchport access vlan 83no shutdownstate enabledport-profile type ethernet Unused_Or_Quarantine_Uplinkvmware port-groupshutdowndescription Port-group created for Nexus1000V internal usage. Do not use.state enabledport-profile type vethernet Unused_Or_Quarantine_Vethvmware port-groupshutdowndescription Port-group created for Nexus1000V internal usage. Do not use.state enabledport-profile type ethernet sysuplinkvmware port-groupswitchport mode trunkswitchport trunk allowed vlan 36-83no shutdownsystem vlan 41state enabledport-profile type vethernet VSG-DADA-HAvmware port-groupswitchport access vlan 41no shutdownstate enabledport-profile type vethernet Tenant-1vmware port-grouporg root/Tenant-1vn-service ip-address 192.168.52.11 vlan 52 security-profile SecurityProfile-1switchport mode accessswitchport access vlan 41no shutdownstate enabledvdc N1kv-1 id 1limit-resource vlan minimum 16 maximum 2049limit-resource monitor-session minimum 0 maximum 2limit-resource vrf minimum 16 maximum 8192limit-resource port-channel minimum 0 maximum 768limit-resource u4route-mem minimum 32 maximum 32limit-resource u6route-mem minimum 16 maximum 16limit-resource m4route-mem minimum 58 maximum 58limit-resource m6route-mem minimum 8 maximum 8interface mgmt0ip address 192.168.41.61/24interface Vethernet3inherit port-profile VLAN42description RSA-Archer,Network Adapter 1vmware dvport 207 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"vmware vm mac 0050.56BB.001Einterface Vethernet5inherit port-profile VSG-DADA-HAdescription Nexus1000VSG,Network Adapter 3vmware dvport 1057 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"vmware vm mac 0050.56BB.0004interface Vethernet6inherit port-profile VSG-DADA-HAdescription Nexus1000VSG,Network Adapter 1vmware dvport 1056 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"vmware vm mac 0050.56BB.0002interface Vethernet7inherit port-profile VLAN52description POS Terminal,Network Adapter 1vmware dvport 352 dvswitch uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0"vmware vm mac 0050.56BB.0005interface control0clock timezone PST -8 0clock summer-time PST 1 Sun April 02:00 5 Sun Oct 02:00 60line vtyexec-timeout 15line consoleexec-timeout 15boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4.bin sup-1boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4.bin sup-1boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4.bin sup-2boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4.bin sup-2svs-domaindomain id 2control vlan 41packet vlan 41svs mode L2svs connection vcprotocol vmware-vimremote ip address 192.168.41.102 port 80vmware dvs uuid "f9 31 3b 50 f5 23 1c a3-34 b1 f1 a6 d6 24 6c c0" datacenter-name Retail Lab-CMOconnectvnm-policy-agentregistration-ip 192.168.41.65shared-secret **********policy-agent-image bootflash:/vnmc-vsmpa.1.0.1j.binlog-levellogging server 192.168.42.124 7 facility sysloglogging timestamp millisecondsr-a2-conv-1
!! Last configuration change at 00:53:21 PST Sat Apr 30 2011 by retail! NVRAM config last updated at 00:53:22 PST Sat Apr 30 2011 by retail!version 15.1no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime localtime show-timezoneservice timestamps log datetime msec localtime show-timezone yearservice password-encryptionservice sequence-numbersno service password-recovery!hostname R-A2-Conv-1!boot-start-markerboot system flash c890-universalk9-mz.151-3.T.binboot-end-marker!!security authentication failure rate 2 logsecurity passwords min-length 7logging buffered 50000no logging rate-limitenable secret 5 <removed>!aaa new-model!!aaa authentication login RETAIL group tacacs+ localaaa authentication enable default group tacacs+ enableaaa authorization exec default group tacacs+ if-authenticatedaaa accounting update newinfoaaa accounting exec defaultaction-type start-stopgroup tacacs+!aaa accounting commands 15 defaultaction-type start-stopgroup tacacs+!aaa accounting system defaultaction-type start-stopgroup tacacs+!!!!!!aaa session-id common!clock timezone PST -8 0clock summer-time PST recurringservice-module wlan-ap 0 bootimage autonomouscrypto pki token default removal timeout 0!crypto pki trustpoint TP-self-signed-479252603enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-479252603revocation-check nonersakeypair TP-self-signed-479252603!!crypto pki certificate chain TP-self-signed-479252603certificate self-signed 01<removed>quitno ip source-route!!!!!ip cefno ip bootp serverip domain name cisco-irn.comip name-server 192.168.42.130ip multicast-routingip port-map user-8443 port tcp 8443ip ips config location flash: retries 1 timeout 1ip ips name Store-IPS!ip ips signature-categorycategory allretired truecategory ios_ips defaultretired false!ip inspect log drop-pktip inspect audit-trailip wccp 61ip wccp 62login block-for 1800 attempts 6 within 1800login quiet-mode access-class 23login on-failure loglogin on-success logno ipv6 cef!multilink bundle-name authenticatedparameter-map type inspect Inspect-1audit-trail onparameter-map type inspect globalWAAS enableparameter-map type trend-global trend-glob-mappassword encryption aeslicense udi pid CISCO891W-AGN-N-K9 sn <removed>!!archivelog configlogging enablenotify syslog contenttype plaintexthidekeysobject-group network ActiveDirectory.cisco-irn.comhost 192.168.42.130!object-group service CAPWAPdescription CAPWAP UDP ports 5246 and 5247udp eq 5246udp eq 5247!object-group service CISCO-WAASdescription Ports for Cisco WAAStcp eq 4050!object-group network DC-ALLdescription All of the Data Center192.168.0.0 255.255.0.0!object-group network Stores-ALLdescription all store networks10.10.0.0 255.255.0.0!object-group network CSM_INLINE_dst_rule_68719541425description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network WCSManagerdescription Wireless Managerhost 192.168.43.135!object-group network DC-Wifi-Controllersdescription Central Wireless Controllers for storeshost 192.168.43.21host 192.168.43.22!object-group network DC-Wifi-MSEdescription Mobility Service Engineshost 192.168.43.31host 192.168.43.32!object-group network CSM_INLINE_dst_rule_68719541431description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSE!object-group network PAME-DC-1host 192.168.44.111!object-group network MSP-DC-1description Data Center VSOMhost 192.168.44.121!object-group network CSM_INLINE_dst_rule_68719541435description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object PAME-DC-1group-object MSP-DC-1!object-group network CSM_INLINE_dst_rule_68719541457description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network CSM_INLINE_dst_rule_68719541461description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network CSM_INLINE_dst_rule_68719541465description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network EMC-NCMdescription EMC Network Configuration Managerhost 192.168.42.122!object-group network RSA-enVisiondescription RSA EnVision Syslog collector and SIMhost 192.168.42.124!object-group network CSM_INLINE_dst_rule_73014451187description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object EMC-NCMgroup-object RSA-enVision!object-group network TACACSdescription Csico Secure ACS server for TACACS and Radiushost 192.168.42.131!object-group network RSA-AMdescription RSA Authentication Manager for SecureIDhost 192.168.42.137!object-group network NAC-1description ISE server for NAChost 192.168.42.111!object-group network CSM_INLINE_dst_rule_73014451193description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object ActiveDirectory.cisco-irn.comgroup-object TACACSgroup-object RSA-AMgroup-object NAC-1!object-group network NAC-2host 192.168.42.112!object-group network CSM_INLINE_dst_rule_73014451223description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-Small/mandatory)group-object NAC-2group-object NAC-1!object-group network DC-Admindescription DC Admin Systemshost 192.168.41.101host 192.168.41.102!object-group network CSManagerdescription Cisco Security Managerhost 192.168.42.133!object-group network CSM_INLINE_src_rule_68719541409description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-Admingroup-object EMC-NCMgroup-object CSManager!object-group network CSM_INLINE_src_rule_68719541427description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network CSM_INLINE_src_rule_68719541429description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-Small/mandatory)group-object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSE!object-group network CSM_INLINE_src_rule_68719541433description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-Small/mandatory)group-object PAME-DC-1group-object MSP-DC-1!object-group network DC-WAASdescription WAE Appliances in Data Centerhost 192.168.48.10host 192.168.49.10host 192.168.47.11host 192.168.47.12!object-group network CSM_INLINE_src_rule_68719541437description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-Admingroup-object DC-WAAS!object-group network DC-POS-Tomaxdescription Tomax POS Communication from Store to Data Center192.168.52.96 255.255.255.224!object-group network DC-POS-SAPdescription SAP POS Communication from Store to Data Center192.168.52.144 255.255.255.240!object-group network DC-POS-Oracledescription Oracle POS Communication from Store to Data Center192.168.52.128 255.255.255.240!object-group network CSM_INLINE_src_rule_73014451215description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-Admingroup-object DC-POS-Tomaxgroup-object DC-POS-SAPgroup-object DC-POS-Oracle!object-group network CSM_INLINE_src_rule_73014451217description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-Small/mandatory)group-object DC-Admingroup-object DC-POS-Tomaxgroup-object DC-POS-SAPgroup-object DC-POS-Oracle!object-group service CSM_INLINE_svc_rule_68719541409description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443tcp eq 22!object-group service CSM_INLINE_svc_rule_68719541425description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachable!object-group service CSM_INLINE_svc_rule_68719541427description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachable!object-group service LWAPPdescription LWAPP UDP ports 12222 and 12223udp eq 12222udp eq 12223!object-group service TFTPdescription Trivial File Transfertcp eq 69udp eq tftp!object-group service IP-Protocol-97description IP protocol 9797!object-group service CSM_INLINE_svc_rule_68719541429description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443tcp eq wwwtcp eq 22tcp eq telnetudp eq isakmpgroup-object CAPWAPgroup-object LWAPPgroup-object TFTPgroup-object IP-Protocol-97!object-group service Cisco-Mobilitydescription Mobility ports for Wirelessudp eq 16666udp eq 16667!object-group service CSM_INLINE_svc_rule_68719541431description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)udp eq isakmpgroup-object CAPWAPgroup-object LWAPPgroup-object Cisco-Mobilitygroup-object IP-Protocol-97!object-group service HTTPS-8443tcp eq 8443!object-group service Microsoft-DS-SMBdescription Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharingtcp eq 445!object-group service CSM_INLINE_svc_rule_68719541437description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcptcp eq 139group-object CISCO-WAASgroup-object HTTPS-8443group-object Microsoft-DS-SMB!object-group service CSM_INLINE_svc_rule_68719541439description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcptcp eq 139group-object CISCO-WAASgroup-object HTTPS-8443group-object Microsoft-DS-SMB!object-group service CSM_INLINE_svc_rule_68719541455description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)icmptcp-udp eq 5060tcp eq 2000tcp eq wwwtcp eq 443group-object TFTP!object-group service CSM_INLINE_svc_rule_68719541457description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp-udp eq 5060tcp eq 2000!object-group service Netbiosdescription Netbios Serversudp eq netbios-dgmudp eq netbios-nstcp eq 139!object-group service ORACLE-SIMdescription Oracle Store Inventory Managementtcp eq 7777tcp eq 6003tcp range 12401 12500!object-group service RDPdescription Windows Remote Desktoptcp eq 3389!object-group service Workbraintcp eq 8444!object-group service CSM_INLINE_svc_rule_68719541459description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq ftptcp eq wwwtcp eq 443udp eq 88tcp-udp eq 42group-object Microsoft-DS-SMBgroup-object Netbiosgroup-object ORACLE-SIMgroup-object RDPgroup-object Workbrain!object-group service CSM_INLINE_svc_rule_73014451187description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)udp eq syslogudp eq snmpudp eq snmptrap!object-group service CSM_INLINE_svc_rule_73014451193description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq tacacsudp eq 1812udp eq 1813tcp eq 389tcp eq 636!object-group service vCenter-to-ESX4description Communication from vCetner to ESX hoststcp eq 5989tcp eq 8000tcp eq 902tcp eq 903!object-group service CSM_INLINE_svc_rule_73014451195description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq wwwtcp eq 443tcp eq 22group-object vCenter-to-ESX4!object-group service ESX-SLPdescription CIM Service Location Protocol (SLP) for VMware systemsudp eq 427tcp eq 427!object-group service CSM_INLINE_svc_rule_73014451197description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443group-object vCenter-to-ESX4group-object ESX-SLP!object-group service ORACLE-RMIdescription RMI TCP ports 1300 and 1301-1319.tcp range 1300 1319!object-group service ORACLE-Weblogicdescription HTTP/RMI and HTTPS/RMI-SSL 7001 & 7002. OracleAQ uses 1521.tcp eq 7001tcp eq 7002tcp eq 1521!object-group service ORACLE-WASdescription RMI/IIOP over 2809 HTTP over 9443 IBM-MQ 1414tcp eq 2809tcp eq 9443tcp eq 1414!object-group service ORACLE-OASdescription OAS uses one port for HTTP and RMI - 12601.tcp eq 12601!object-group service CSM_INLINE_svc_rule_73014451203description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443tcp eq 22group-object ORACLE-RMIgroup-object ORACLE-Weblogicgroup-object ORACLE-WASgroup-object ORACLE-OAS!object-group service CSM_INLINE_svc_rule_73014451205description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443tcp eq 22group-object ORACLE-RMIgroup-object ORACLE-Weblogicgroup-object ORACLE-WASgroup-object ORACLE-OAS!object-group service CSM_INLINE_svc_rule_73014451207description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443tcp eq 22group-object HTTPS-8443!object-group service CSM_INLINE_svc_rule_73014451209description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443tcp eq 22group-object HTTPS-8443!object-group service TOMAX-8990description Tomax Application Porttcp eq 8990!object-group service CSM_INLINE_svc_rule_73014451211description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443group-object TOMAX-8990!object-group service CSM_INLINE_svc_rule_73014451213description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq 443group-object TOMAX-8990!object-group service ICMP-Requestsdescription ICMP requestsicmp information-requesticmp mask-requesticmp timestamp-request!object-group service CSM_INLINE_svc_rule_73014451215description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachableicmp redirecticmp alternate-addressgroup-object ICMP-Requests!object-group service CSM_INLINE_svc_rule_73014451217description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachableicmp redirecticmp alternate-addressgroup-object ICMP-Requests!object-group service DNS-Resolvingdescription Domain Name Servertcp eq domainudp eq domain!object-group service CSM_INLINE_svc_rule_73014451221description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)udp eq bootpsgroup-object DNS-Resolving!object-group service CSM_INLINE_svc_rule_73014451223description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq wwwtcp eq 443group-object HTTPS-8443!object-group service CSM_INLINE_svc_rule_73014451388description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcptcp eq 139group-object Microsoft-DS-SMB!object-group service CSM_INLINE_svc_rule_73014451393description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq wwwtcp eq 443tcp eq smtptcp eq pop3tcp eq 143!object-group service CSM_INLINE_svc_rule_73014451395description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq wwwtcp eq 443!object-group service CSM_INLINE_svc_rule_73014451397description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcpudptcp eq 443!object-group service CSM_INLINE_svc_rule_73014451404description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq wwwtcp eq 443!object-group service CSM_INLINE_svc_rule_73014451406description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-Small/mandatory)tcp eq wwwtcp eq 443tcp eq smtptcp eq pop3tcp eq 143!object-group network DC-Applicationsdescription Applications in the Data Center that are non-PCI related(Optimized by CS-Manager)192.168.180.0 255.255.254.0!object-group network DC-Voicedescription Data Center Voice192.168.45.0 255.255.255.0!object-group network MS-Updatedescription Windows Update Serverhost 192.168.42.150!object-group network MSExchangedescription Mail Serverhost 192.168.42.140!object-group service NTPdescription NTP Protocolstcp eq 123udp eq ntp!object-group network NTP-Serversdescription NTP Servershost 192.168.62.161host 162.168.62.162!object-group network STORE-POS10.10.0.0 255.255.0.0!object-group network vSphere-1description vSphere server for Labhost 192.168.41.102!username retail privilege 15 secret 5 <removed>username bart privilege 15 secret 5 <removed>username emc-ncm privilege 15 secret 5 <removed>username bmcgloth privilege 15 secret 5 <removed>username csmadmin privilege 15 secret 5 <removed>!!!!ip ssh time-out 30ip ssh authentication-retries 2ip ssh version 2ip scp server enable!class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_7match protocol httpmatch protocol httpsmatch protocol microsoft-dsmatch protocol ms-sqlmatch protocol ms-sql-mmatch protocol netbios-dgmmatch protocol netbios-nsmatch protocol oraclematch protocol oracle-em-vpmatch protocol oraclenamesmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_10match access-group name CSM_ZBF_CMAP_ACL_10match class-map CSM_ZBF_CMAP_PLMAP_7class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_16match protocol httpmatch protocol httpsmatch protocol isakmpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_23match access-group name CSM_ZBF_CMAP_ACL_23match class-map CSM_ZBF_CMAP_PLMAP_16class-map type inspect match-all CSM_ZBF_CLASS_MAP_32match access-group name CSM_ZBF_CMAP_ACL_32class-map type inspect match-all CSM_ZBF_CLASS_MAP_11match access-group name CSM_ZBF_CMAP_ACL_11match protocol icmpclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_5match protocol httpmatch protocol httpsmatch protocol netbios-dgmmatch protocol netbios-nsmatch protocol netbios-ssnmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_22match access-group name CSM_ZBF_CMAP_ACL_22match class-map CSM_ZBF_CMAP_PLMAP_5class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_4match protocol httpmatch protocol httpsmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_33match access-group name CSM_ZBF_CMAP_ACL_33match class-map CSM_ZBF_CMAP_PLMAP_4class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_8match protocol sipmatch protocol sip-tlsmatch protocol skinnymatch protocol tftpmatch protocol httpmatch protocol httpsmatch protocol icmpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_12match access-group name CSM_ZBF_CMAP_ACL_12match class-map CSM_ZBF_CMAP_PLMAP_8class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_15match protocol httpmatch protocol httpsmatch protocol netbios-nsmatch protocol netbios-dgmmatch protocol netbios-ssnmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_21match access-group name CSM_ZBF_CMAP_ACL_21match class-map CSM_ZBF_CMAP_PLMAP_15class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_17match protocol httpmatch protocol httpsmatch protocol imap3match protocol pop3match protocol pop3smatch protocol smtpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_30match access-group name CSM_ZBF_CMAP_ACL_30match class-map CSM_ZBF_CMAP_PLMAP_17class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_9match protocol syslogmatch protocol syslog-connmatch protocol snmpmatch protocol snmptrapclass-map type inspect match-all CSM_ZBF_CLASS_MAP_13match access-group name CSM_ZBF_CMAP_ACL_13match class-map CSM_ZBF_CMAP_PLMAP_9class-map type inspect match-all CSM_ZBF_CLASS_MAP_20match access-group name CSM_ZBF_CMAP_ACL_20match class-map CSM_ZBF_CMAP_PLMAP_4class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_20match protocol httpmatch protocol httpsmatch protocol netbios-dgmmatch protocol netbios-nsmatch protocol netbios-ssnmatch protocol ftpmatch protocol sshmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_31match access-group name CSM_ZBF_CMAP_ACL_31match class-map CSM_ZBF_CMAP_PLMAP_20class-map match-all BRANCH-BULK-DATAmatch protocol tftpmatch protocol nfsmatch access-group name BULK-DATA-APPSclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_10match protocol ldapsmatch protocol ldapmatch protocol ldap-adminmatch protocol radiusmatch protocol tacacsmatch protocol tacacs-dsmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_14match access-group name CSM_ZBF_CMAP_ACL_14match class-map CSM_ZBF_CMAP_PLMAP_10class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_18match protocol httpmatch protocol httpsmatch protocol udpmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_27match access-group name CSM_ZBF_CMAP_ACL_27match class-map CSM_ZBF_CMAP_PLMAP_18class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_22match protocol sipmatch protocol sip-tlsmatch protocol skinnymatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_36match access-group name CSM_ZBF_CMAP_ACL_36match class-map CSM_ZBF_CMAP_PLMAP_22class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_11match protocol ntpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_15match access-group name CSM_ZBF_CMAP_ACL_15match class-map CSM_ZBF_CMAP_PLMAP_11class-map type inspect match-all CSM_ZBF_CLASS_MAP_26match access-group name CSM_ZBF_CMAP_ACL_26match class-map CSM_ZBF_CMAP_PLMAP_17class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_12match protocol bootpcmatch protocol bootpsmatch protocol udpmatch protocol tcpmatch protocol dnsmatch protocol dhcp-failoverclass-map type inspect match-all CSM_ZBF_CLASS_MAP_16match access-group name CSM_ZBF_CMAP_ACL_16match class-map CSM_ZBF_CMAP_PLMAP_12class-map type inspect match-all CSM_ZBF_CLASS_MAP_25match access-group name CSM_ZBF_CMAP_ACL_25match protocol icmpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_34match access-group name CSM_ZBF_CMAP_ACL_34class-map type inspect match-all CSM_ZBF_CLASS_MAP_17match access-group name CSM_ZBF_CMAP_ACL_17match protocol icmpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_24match access-group name CSM_ZBF_CMAP_ACL_24match class-map CSM_ZBF_CMAP_PLMAP_7class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_21match protocol tcpmatch protocol udpmatch protocol httpmatch protocol httpsclass-map type inspect match-all CSM_ZBF_CLASS_MAP_35match access-group name CSM_ZBF_CMAP_ACL_35match class-map CSM_ZBF_CMAP_PLMAP_21class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_13match protocol httpsmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_18match access-group name CSM_ZBF_CMAP_ACL_18match class-map CSM_ZBF_CMAP_PLMAP_13class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_14match protocol httpmatch protocol httpsmatch protocol user-8443class-map type inspect match-all CSM_ZBF_CLASS_MAP_19match access-group name CSM_ZBF_CMAP_ACL_19match class-map CSM_ZBF_CMAP_PLMAP_14class-map type inspect match-all CSM_ZBF_CLASS_MAP_29match access-group name CSM_ZBF_CMAP_ACL_29match class-map CSM_ZBF_CMAP_PLMAP_18class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_19match protocol httpmatch protocol httpsmatch protocol icmpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_28match access-group name CSM_ZBF_CMAP_ACL_28match class-map CSM_ZBF_CMAP_PLMAP_19class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_1match protocol httpsmatch protocol sshclass-map type inspect match-all CSM_ZBF_CLASS_MAP_1match access-group name CSM_ZBF_CMAP_ACL_1match class-map CSM_ZBF_CMAP_PLMAP_1class-map type inspect match-all CSM_ZBF_CLASS_MAP_3match access-group name CSM_ZBF_CMAP_ACL_3match protocol icmpclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_2match protocol httpsmatch protocol httpmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_2match access-group name CSM_ZBF_CMAP_ACL_2match class-map CSM_ZBF_CMAP_PLMAP_2class-map type inspect match-all CSM_ZBF_CLASS_MAP_5match access-group name CSM_ZBF_CMAP_ACL_5match class-map CSM_ZBF_CMAP_PLMAP_4class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_3match protocol httpmatch protocol httpsmatch protocol sshmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_4match access-group name CSM_ZBF_CMAP_ACL_4match class-map CSM_ZBF_CMAP_PLMAP_3class-map type inspect match-all CSM_ZBF_CLASS_MAP_7match access-group name CSM_ZBF_CMAP_ACL_7match class-map CSM_ZBF_CMAP_PLMAP_5class-map type inspect match-all CSM_ZBF_CLASS_MAP_6match access-group name CSM_ZBF_CMAP_ACL_6match protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_9match access-group name CSM_ZBF_CMAP_ACL_9match protocol tcpclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_6match protocol httpmatch protocol httpsmatch protocol sshmatch protocol telnetmatch protocol tftpmatch protocol isakmpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_8match access-group name CSM_ZBF_CMAP_ACL_8match class-map CSM_ZBF_CMAP_PLMAP_6class-map match-all BULK-DATAmatch ip dscp af11 af12class-map match-all INTERACTIVE-VIDEOmatch ip dscp af41 af42class-map match-any BRANCH-TRANSACTIONAL-DATAmatch protocol citrixmatch protocol ldapmatch protocol telnetmatch protocol sqlnetmatch protocol http url "*SalesReport*"match access-group name TRANSACTIONAL-DATA-APPSclass-map match-all BRANCH-MISSION-CRITICALmatch access-group name MISSION-CRITICAL-SERVERSclass-map match-all VOICEmatch ip dscp efclass-map match-all MISSION-CRITICAL-DATAmatch ip dscp 25class-map match-any BRANCH-NET-MGMTmatch protocol snmpmatch protocol syslogmatch protocol dnsmatch protocol icmpmatch protocol sshmatch access-group name NET-MGMT-APPSclass-map match-all ROUTINGmatch ip dscp cs6class-map match-all SCAVENGERmatch ip dscp cs1class-map match-all NET-MGMTmatch ip dscp cs2class-map match-any BRANCH-SCAVENGERmatch protocol gnutellamatch protocol fasttrackmatch protocol kazaa2class-map match-any CALL-SIGNALINGmatch ip dscp cs3class-map match-all TRANSACTIONAL-DATAmatch ip dscp af21 af22!!policy-map type inspect CSM_ZBF_POLICY_S_Security_S_POS-Wclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Data_S_POS-Wclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Data-W_S_POSclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_WAN_S_Guestclass type inspect CSM_ZBF_CLASS_MAP_6inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_WAN_S_Data-Wclass type inspect CSM_ZBF_CLASS_MAP_6inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Voice_S_POSclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Guest_S_POSclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_MGMT_S_POS-Wclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_WLC-AP_S_POSclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_LOOPBACK_S_POS-Wclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_WAAS_S_POS-Wclass class-defaultdrop logpolicy-map BRANCH-LAN-EDGE-OUTclass class-defaultpolicy-map type inspect CSM_ZBF_POLICY_S_WAAS_S_Partnersclass type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_S_WAAS_S_POSclass class-defaultdrop logpolicy-map BRANCH-WAN-EDGEclass VOICEpriority percent 18class INTERACTIVE-VIDEOpriority percent 15class CALL-SIGNALINGbandwidth percent 5class ROUTINGbandwidth percent 3class NET-MGMTbandwidth percent 2class MISSION-CRITICAL-DATAbandwidth percent 15random-detectclass TRANSACTIONAL-DATAbandwidth percent 12random-detect dscp-basedclass BULK-DATAbandwidth percent 4random-detect dscp-basedclass SCAVENGERbandwidth percent 1class class-defaultbandwidth percent 25random-detectpolicy-map type inspect CSM_ZBF_POLICY_S_WLC-AP_S_POS-Wclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_18class type inspect CSM_ZBF_CLASS_MAP_28inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_19class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_29inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_30inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_31inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_16class type inspect CSM_ZBF_CLASS_MAP_24inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_25inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_26inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_27inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_17class type inspect CSM_ZBF_CLASS_MAP_25inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_26inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_27inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_14class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_15class type inspect CSM_ZBF_CLASS_MAP_13inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_14inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_23inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_12class type inspect CSM_ZBF_CLASS_MAP_13inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_14inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_21class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_30inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_34drop logclass type inspect CSM_ZBF_CLASS_MAP_35inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_S_MGMT_S_POSclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_13class type inspect CSM_ZBF_CLASS_MAP_13inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_14inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_21inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_20class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_32drop logclass type inspect CSM_ZBF_CLASS_MAP_33inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_10class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_11class type inspect CSM_ZBF_CLASS_MAP_13inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_14inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_22class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_36inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Voice_S_POS-Wclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Guest_S_POS-Wclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_9class type inspect CSM_ZBF_CLASS_MAP_13inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_14inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_15inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_8class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_12inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_7class type inspect CSM_ZBF_CLASS_MAP_9inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_10inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_11inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_6class type inspect CSM_ZBF_CLASS_MAP_6inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_5class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_8inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_4class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_6inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_7inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_3class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_5inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_2class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_4inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_1class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_2inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_S_Partners_S_POSclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Security_S_POSclass class-defaultdrop logpolicy-map BRANCH-LAN-EDGE-INclass BRANCH-MISSION-CRITICALset ip dscp 25class BRANCH-TRANSACTIONAL-DATAset ip dscp af21class BRANCH-NET-MGMTset ip dscp cs2class BRANCH-BULK-DATAset ip dscp af11class BRANCH-SCAVENGERset ip dscp cs1policy-map type inspect CSM_ZBF_POLICY_S_Data_S_POSclass class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_S_Data-W_S_POS-Wclass class-defaultdrop log!zone security S_WANdescription Store WAN Linkzone security LOOPBACKdescription Loopback interfacezone security S_MGMTdescription VLAN1000 Managementzone security S_Securitydescription VLAN20 Physical Security Systemszone security S_WAASdescription VLAN19 WAAS optimizationzone security S_WLC-APdescription VLAN18 Wireless Systemszone security S_Datadescription VLAN12 Store Datazone security S_Data-Wdescription VLAN14 Store Wireless Datazone security S_Guestdescription VLAN17 Guest/Public Wirelesszone security S_Voicedescription VLAN13 Store Voicezone security S_Partnersdescription VLAN16 Partner networkzone security S_POSdescription VLAN 11 POS Datazone security S_POS-Wdescription VLAN15 Store Wireless POSzone-pair security CSM_S_WAN-LOOPBACK_1 source S_WAN destination LOOPBACKservice-policy type inspect CSM_ZBF_POLICY_MAP_1zone-pair security CSM_S_WAN-S_MGMT_1 source S_WAN destination S_MGMTservice-policy type inspect CSM_ZBF_POLICY_MAP_2zone-pair security CSM_S_WAN-S_Security_1 source S_WAN destination S_Securityservice-policy type inspect CSM_ZBF_POLICY_MAP_3zone-pair security CSM_S_WAN-S_WAAS_1 source S_WAN destination S_WAASservice-policy type inspect CSM_ZBF_POLICY_MAP_4zone-pair security CSM_S_WAN-S_WLC-AP_1 source S_WAN destination S_WLC-APservice-policy type inspect CSM_ZBF_POLICY_MAP_5zone-pair security CSM_S_WAN-S_Data_1 source S_WAN destination S_Dataservice-policy type inspect CSM_ZBF_POLICY_MAP_6zone-pair security CSM_S_WAN-S_Data-W_1 source S_WAN destination S_Data-Wservice-policy type inspect CSM_ZBF_POLICY_S_WAN_S_Data-Wzone-pair security CSM_S_WAN-S_Guest_1 source S_WAN destination S_Guestservice-policy type inspect CSM_ZBF_POLICY_S_WAN_S_Guestzone-pair security CSM_S_WAN-S_Partners_1 source S_WAN destination S_Partnersservice-policy type inspect CSM_ZBF_POLICY_MAP_6zone-pair security CSM_S_WAN-S_POS_1 source S_WAN destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_7zone-pair security CSM_S_WAN-S_POS-W_1 source S_WAN destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_7zone-pair security CSM_S_WAN-S_Voice_1 source S_WAN destination S_Voiceservice-policy type inspect CSM_ZBF_POLICY_MAP_8zone-pair security CSM_LOOPBACK-S_WAN_1 source LOOPBACK destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_9zone-pair security CSM_LOOPBACK-S_POS_1 source LOOPBACK destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_10zone-pair security CSM_LOOPBACK-S_POS-W_1 source LOOPBACK destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_LOOPBACK_S_POS-Wzone-pair security CSM_S_MGMT-S_WAN_1 source S_MGMT destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_11zone-pair security CSM_S_MGMT-S_POS_1 source S_MGMT destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_MGMT_S_POSzone-pair security CSM_S_MGMT-S_POS-W_1 source S_MGMT destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_MGMT_S_POS-Wzone-pair security CSM_S_Security-S_WAN_1 source S_Security destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_12zone-pair security CSM_S_Security-S_POS_1 source S_Security destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_Security_S_POSzone-pair security CSM_S_Security-S_POS-W_1 source S_Security destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_Security_S_POS-Wzone-pair security CSM_S_WAAS-S_WAN_1 source S_WAAS destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_13zone-pair security CSM_S_WAAS-S_POS_1 source S_WAAS destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_WAAS_S_POSzone-pair security CSM_S_WAAS-S_POS-W_1 source S_WAAS destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_WAAS_S_POS-Wzone-pair security CSM_S_WAAS-S_Data_1 source S_WAAS destination S_Dataservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_WAAS-S_Data-W_1 source S_WAAS destination S_Data-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_WAAS-S_Partners_1 source S_WAAS destination S_Partnersservice-policy type inspect CSM_ZBF_POLICY_S_WAAS_S_Partnerszone-pair security CSM_S_WLC-AP-S_WAN_1 source S_WLC-AP destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_15zone-pair security CSM_S_WLC-AP-S_POS_1 source S_WLC-AP destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_WLC-AP_S_POSzone-pair security CSM_S_WLC-AP-S_POS-W_1 source S_WLC-AP destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_WLC-AP_S_POS-Wzone-pair security CSM_S_POS-S_WAN_1 source S_POS destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_16zone-pair security CSM_S_POS-W-S_WAN_1 source S_POS-W destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_17zone-pair security CSM_S_POS-W-S_POS_1 source S_POS-W destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_18zone-pair security CSM_S_Data-S_POS_1 source S_Data destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_Data_S_POSzone-pair security CSM_S_Data-S_POS-W_1 source S_Data destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_Data_S_POS-Wzone-pair security CSM_S_Data-S_WAN_1 source S_Data destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_19zone-pair security CSM_S_Data-W-S_POS_1 source S_Data-W destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_Data-W_S_POSzone-pair security CSM_S_Data-W-S_POS-W_1 source S_Data-W destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_Data-W_S_POS-Wzone-pair security CSM_S_Data-W-S_WAN_1 source S_Data-W destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_19zone-pair security CSM_S_Guest-S_POS_1 source S_Guest destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_Guest_S_POSzone-pair security CSM_S_Guest-S_POS-W_1 source S_Guest destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_Guest_S_POS-Wzone-pair security CSM_S_Guest-S_WAN_1 source S_Guest destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_20zone-pair security CSM_S_Partners-S_POS_1 source S_Partners destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_Partners_S_POSzone-pair security CSM_S_Partners-S_POS-W_1 source S_Partners destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_10zone-pair security CSM_S_Partners-S_WAN_1 source S_Partners destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_21zone-pair security CSM_S_Voice-S_POS_1 source S_Voice destination S_POSservice-policy type inspect CSM_ZBF_POLICY_S_Voice_S_POSzone-pair security CSM_S_Voice-S_POS-W_1 source S_Voice destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_S_Voice_S_POS-Wzone-pair security CSM_S_Voice-S_WAN_1 source S_Voice destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_22!!!!!!!interface Loopback0ip address 10.10.174.1 255.255.255.255ip pim sparse-dense-modezone-member security LOOPBACK!interface FastEthernet0switchport mode trunk!interface FastEthernet1switchport access vlan 17switchport protected!interface FastEthernet2switchport access vlan 17switchport protected!interface FastEthernet3switchport access vlan 17switchport protected!interface FastEthernet4switchport access vlan 17switchport protected!interface FastEthernet5switchport access vlan 17switchport protected!interface FastEthernet6switchport access vlan 17switchport protected!interface FastEthernet7switchport access vlan 17switchport protected!interface FastEthernet8no ip addressduplex autospeed auto!interface FastEthernet8.1!interface GigabitEthernet0ip address 10.10.255.160 255.255.255.0ip ips Store-IPS inip ips Store-IPS outzone-member security S_WANduplex autospeed autoservice-policy output BRANCH-WAN-EDGE!interface wlan-ap0description Service module interface to manage the embedded APip address 10.10.174.33 255.255.255.252zone-member security S_WLC-APservice-module ip address 10.10.174.34 255.255.255.252service-module ip default-gateway 10.10.174.33arp timeout 0!interface Wlan-GigabitEthernet0description Internal switch interface connecting to the embedded APswitchport mode trunkzone-member security S_WLC-APservice-module ip address 10.10.174.34 255.255.255.252service-module ip default-gateway 10.10.174.33!interface Vlan1no ip addressip ips Store-IPS inip ips Store-IPS outzone-member security S_POS!interface Vlan11description POSip address 10.10.160.2 255.255.255.0ip helper-address 192.168.42.130ip pim sparse-dense-modeip ips Store-IPS inip ips Store-IPS outzone-member security S_POSstandby 11 ip 10.10.160.1standby 11 priority 101standby 11 preemptip igmp query-interval 125service-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan12description DATAip address 10.10.161.2 255.255.255.0ip helper-address 192.168.42.130ip wccp 61 redirect inip pim sparse-dense-modezone-member security S_Datastandby 12 ip 10.10.161.1standby 12 priority 101standby 12 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan13description VOICEip address 10.10.162.2 255.255.255.0ip helper-address 192.168.42.130ip pim sparse-dense-modezone-member security S_Voicestandby 13 ip 10.10.162.1standby 13 priority 101standby 13 preemptservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan14description WIRELESSip address 10.10.163.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_Data-Wstandby 14 ip 10.10.163.1standby 14 priority 101standby 14 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan15description WIRELESS-POSip address 10.10.164.2 255.255.255.0ip helper-address 192.168.42.130ip ips Store-IPS inip ips Store-IPS outzone-member security S_POS-Wstandby 15 ip 10.10.164.1standby 15 priority 101standby 15 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan16description PARTNERip address 10.10.165.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_Partnersstandby 16 ip 10.10.165.1standby 16 priority 101standby 16 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan17description WIRELESS-GUESTip address 10.10.166.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_Gueststandby 17 ip 10.10.166.1standby 17 priority 101standby 17 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan18description WIRELESS-CONTROLip address 10.10.167.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_WLC-APstandby 18 ip 10.10.167.1standby 18 priority 101standby 18 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan19description WAASip address 10.10.168.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_WAASstandby 19 ip 10.10.168.1standby 19 priority 101standby 19 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan20description SECURITYip address 10.10.169.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_Securitystandby 20 ip 10.10.169.1standby 20 priority 101standby 20 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Vlan1000description MANAGEMENTip address 10.10.175.2 255.255.255.0zone-member security S_MGMTstandby 100 ip 10.10.175.1standby 100 priority 101standby 100 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface Async1no ip addressencapsulation slip!interface Group-Async0physical-layer asyncno ip addressencapsulation slipno group-range!router ospf 5router-id 10.10.174.1passive-interface default!no ip forward-protocol nd!!no ip http serverip http access-class 23ip http authentication aaa login-authentication RETAILip http secure-serverip http secure-ciphersuite 3des-ede-cbc-shaip http timeout-policy idle 60 life 86400 requests 10000ip route 0.0.0.0 0.0.0.0 10.10.255.11ip tacacs source-interface Loopback0!ip access-list extended BULK-DATA-APPSremark ---File Transfer---permit tcp any any eq ftppermit tcp any any eq ftp-dataremark ---E-mail traffic---permit tcp any any eq smtppermit tcp any any eq pop3permit tcp any any eq 143remark ---other EDM app protocols---permit tcp any any range 3460 3466permit tcp any range 3460 3466 anyremark ---messaging services---permit tcp any any eq 2980permit tcp any eq 2980 anyremark ---Microsoft file services---permit tcp any any range 137 139permit tcp any range 137 139 anyip access-list extended CSM_ZBF_CMAP_ACL_1remark Data Center Mgmt to Devicespermit object-group CSM_INLINE_svc_rule_68719541409 object-group CSM_INLINE_src_rule_68719541409 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_10remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451205 object-group DC-POS-Oracle object-group STORE-POSremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451209 object-group DC-POS-SAP object-group STORE-POSremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451213 object-group DC-POS-Tomax object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_11remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451215 object-group CSM_INLINE_src_rule_73014451215 object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_12remark Data Center VOICE (wired and Wireless)permit object-group CSM_INLINE_svc_rule_68719541455 object-group DC-Voice object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_13remark Syslog and SNMP Alertspermit object-group CSM_INLINE_svc_rule_73014451187 object-group Stores-ALL object-group CSM_INLINE_dst_rule_73014451187ip access-list extended CSM_ZBF_CMAP_ACL_14remark Store to Data Center Authenticationspermit object-group CSM_INLINE_svc_rule_73014451193 object-group Stores-ALL object-group CSM_INLINE_dst_rule_73014451193ip access-list extended CSM_ZBF_CMAP_ACL_15remark Store to Data Center for NTPpermit object-group NTP object-group Stores-ALL object-group NTP-Serversip access-list extended CSM_ZBF_CMAP_ACL_16remark Store to Data Center for DHCP and DNSpermit object-group CSM_INLINE_svc_rule_73014451221 object-group Stores-ALL object-group ActiveDirectory.cisco-irn.comip access-list extended CSM_ZBF_CMAP_ACL_17remark Permit ICMP trafficpermit object-group CSM_INLINE_svc_rule_68719541425 object-group Stores-ALL object-group CSM_INLINE_dst_rule_68719541425ip access-list extended CSM_ZBF_CMAP_ACL_18remark Store UCS Express to Data Center vShpherepermit object-group CSM_INLINE_svc_rule_73014451197 object-group Stores-ALL object-group vSphere-1ip access-list extended CSM_ZBF_CMAP_ACL_19remark Store NACpermit object-group CSM_INLINE_svc_rule_73014451223 object-group Stores-ALL object-group CSM_INLINE_dst_rule_73014451223ip access-list extended CSM_ZBF_CMAP_ACL_2remark Data Center subscribe to IPS SDEE eventspermit tcp object-group RSA-enVision object-group Stores-ALL eq 443ip access-list extended CSM_ZBF_CMAP_ACL_20remark Store to Data Center Physical Securitypermit ip object-group Stores-ALL object-group CSM_INLINE_dst_rule_68719541435ip access-list extended CSM_ZBF_CMAP_ACL_21remark Store WAAS (WAAS Devices need their own zone)permit object-group CSM_INLINE_svc_rule_68719541439 object-group Stores-ALL object-group DC-WAASip access-list extended CSM_ZBF_CMAP_ACL_22remark Store WAAS to Clients and Serverspermit object-group CSM_INLINE_svc_rule_73014451388 object-group Stores-ALL object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_23remark Store to Data Center wireless controller trafficpermit object-group CSM_INLINE_svc_rule_68719541431 object-group Stores-ALL object-group CSM_INLINE_dst_rule_68719541431ip access-list extended CSM_ZBF_CMAP_ACL_24remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451203 object-group STORE-POS object-group DC-POS-Oracleremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451207 object-group STORE-POS object-group DC-POS-SAPremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451211 object-group STORE-POS object-group DC-POS-Tomaxip access-list extended CSM_ZBF_CMAP_ACL_25remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_73014451217 object-group CSM_INLINE_src_rule_73014451217 object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_26remark Store to Data Center for E-mailpermit object-group CSM_INLINE_svc_rule_73014451393 object-group STORE-POS object-group MSExchangeip access-list extended CSM_ZBF_CMAP_ACL_27remark Store to Data Center for Windows Updatespermit object-group CSM_INLINE_svc_rule_73014451395 object-group STORE-POS object-group MS-Updateip access-list extended CSM_ZBF_CMAP_ACL_28remark Permit POS clients to talk to store POS serverpermit object-group CSM_INLINE_svc_rule_73014451397 object-group STORE-POS object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_29remark Store to Data Center for Windows Updatespermit object-group CSM_INLINE_svc_rule_73014451404 object-group Stores-ALL object-group MS-Updateip access-list extended CSM_ZBF_CMAP_ACL_3remark Permit ICMP trafficpermit object-group CSM_INLINE_svc_rule_68719541427 object-group CSM_INLINE_src_rule_68719541427 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_30remark Store to Data Center for E-mailpermit object-group CSM_INLINE_svc_rule_73014451406 object-group Stores-ALL object-group MSExchangeip access-list extended CSM_ZBF_CMAP_ACL_31remark Store DATA (wired and Wireless - Access to DC Other applications)permit object-group CSM_INLINE_svc_rule_68719541459 object-group Stores-ALL object-group DC-Applicationsip access-list extended CSM_ZBF_CMAP_ACL_32remark Store GUEST - Drop Traffic to Enterprisepermit ip object-group Stores-ALL object-group CSM_INLINE_dst_rule_68719541465ip access-list extended CSM_ZBF_CMAP_ACL_33remark Store GUEST (access to internet/DMZ web servers)permit ip object-group Stores-ALL anyip access-list extended CSM_ZBF_CMAP_ACL_34remark Store PARTNERS - Drop Traffic to Enterprisepermit ip object-group Stores-ALL object-group CSM_INLINE_dst_rule_68719541461ip access-list extended CSM_ZBF_CMAP_ACL_35remark Store PARTNERS (wired and wireless - Access to Partner site, Internet VPN)permit ip object-group Stores-ALL anyip access-list extended CSM_ZBF_CMAP_ACL_36remark Store VOICE (wired and Wireless - Acess to corporate wide voice)permit object-group CSM_INLINE_svc_rule_68719541457 object-group Stores-ALL object-group CSM_INLINE_dst_rule_68719541457ip access-list extended CSM_ZBF_CMAP_ACL_4remark Data Center vSphere to UCS Expresspermit object-group CSM_INLINE_svc_rule_73014451195 object-group vSphere-1 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_5remark Data Center to Store Physical Securitypermit ip object-group CSM_INLINE_src_rule_68719541433 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_6remark Data Center Mgmt to Devicespermit object-group RDP object-group DC-Admin object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_7remark Data Center WAAS to Storepermit object-group CSM_INLINE_svc_rule_68719541437 object-group CSM_INLINE_src_rule_68719541437 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_8remark Data Center Wireless Control to AP's and Controllers in storespermit object-group CSM_INLINE_svc_rule_68719541429 object-group CSM_INLINE_src_rule_68719541429 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_9remark Data Center Mgmt to Devicespermit object-group RDP object-group DC-Admin object-group STORE-POSip access-list extended MISSION-CRITICAL-SERVERSremark ---POS Applications---permit ip any 192.168.52.0 0.0.0.255ip access-list extended NET-MGMT-APPSremark - Router user Authentication - Identifies TACACS Control trafficpermit tcp any any eq tacacspermit tcp any eq tacacs anyip access-list extended TRANSACTIONAL-DATA-APPSremark ---Workbrain Application---remark --Large Store Clock Server to Central Clock Applicationpermit tcp host 10.10.49.94 host 192.168.46.72 eq 8444remark --Large store Clock Server to CUAEpermit tcp host 10.10.49.94 host 192.168.45.185 eq 8000remark ---LiteScape Application---permit ip any host 192.168.46.82permit ip any 239.192.0.0 0.0.0.255permit ip any host 239.255.255.250remark ---Remote Desktop---permit tcp any any eq 3389permit tcp any eq 3389 anyremark ---Oracle SIM---permit tcp any 192.168.46.0 0.0.0.255 eq 7777permit tcp any 192.168.46.0 0.0.0.255 eq 6003permit tcp any 192.168.46.0 0.0.0.255 range 12401 12500permit tcp 192.168.46.0 0.0.0.255 eq 7777 anypermit tcp 192.168.46.0 0.0.0.255 eq 6003 anypermit tcp 192.168.46.0 0.0.0.255 range 12401 12500 any!logging esm configlogging trap debugginglogging source-interface Loopback0logging 192.168.42.124access-list 23 permit 192.168.41.101 logaccess-list 23 permit 192.168.41.102 logaccess-list 23 permit 192.168.42.111 logaccess-list 23 permit 192.168.42.122 logaccess-list 23 permit 192.168.42.124 logaccess-list 23 permit 127.0.0.1 logaccess-list 23 permit 192.168.42.131 logaccess-list 23 permit 192.168.42.133 logaccess-list 23 permit 192.168.42.138 logaccess-list 23 permit 10.19.151.99 logaccess-list 23 deny any logaccess-list 88 permit 192.168.42.124 logaccess-list 88 deny any log!!!!!snmp-server engineID remote 192.168.42.124 0000000000snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access 88snmp-server user remoteuser remoteuser v3snmp-server group causer v3 privsnmp-server group remoteuser v3 noauthsnmp-server trap-source Loopback0snmp-server packetsize 8192snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXsnmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXsnmp-server enable traps snmp authentication linkdown linkup coldstart warmstartsnmp-server enable traps flash insertion removalsnmp-server enable traps envmon fan shutdown supply temperature statussnmp-server enable traps energywisesnmp-server enable traps config-copysnmp-server enable traps configsnmp-server enable traps config-ctidsnmp-server enable traps entitysnmp-server enable traps hsrpsnmp-server enable traps cpu thresholdsnmp-server enable traps rsvpsnmp-server enable traps ipslasnmp-server enable traps syslogsnmp-server enable traps vtpsnmp-server host 192.168.42.124 remoteusertacacs-server host 192.168.42.131tacacs-server directed-requesttacacs-server domain-strippingtacacs-server key 7 <removed>!!control-plane!banner exec CWARNING:**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ******** AUTHORIZED USERS ONLY! ****ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENTTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARYTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHERREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUTFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHERCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAWENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.banner incoming CWARNING:**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ******** AUTHORIZED USERS ONLY! ****ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENTTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARYTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHERREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUTFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHERCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAWENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.banner login CWARNING:THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!!line con 0session-timeout 15 outputexec-timeout 15 0login authentication RETAILline 1modem InOutstopbits 1speed 115200flowcontrol hardwareline 2no activation-characterno exectransport preferred nonetransport input sshtransport output noneline aux 0session-timeout 1 outputexec-timeout 0 1privilege level 0login authentication RETAILno exectransport preferred nonetransport output noneline vty 0 4session-timeout 15 outputaccess-class 23 inexec-timeout 15 0logging synchronouslogin authentication RETAILtransport preferred nonetransport input sshtransport output noneline vty 5 15session-timeout 15 outputaccess-class 23 inexec-timeout 15 0logging synchronouslogin authentication RETAILtransport preferred nonetransport input sshtransport output none!scheduler max-task-time 5000ntp source Loopback0ntp server 192.168.62.161 preferntp server 192.168.62.162endr-a2-lrg-1
!! Last configuration change at 00:54:49 PST Sat Apr 30 2011 by retail! NVRAM config last updated at 00:54:49 PST Sat Apr 30 2011 by retail!version 15.1no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime localtime show-timezoneservice timestamps log datetime msec localtime show-timezone yearservice password-encryptionservice sequence-numbers!hostname R-A2-Lrg-1!boot-start-markerboot system flash0 c3900-universalk9-mz.SPA.151-3.T.binboot-end-marker!!security authentication failure rate 2 logsecurity passwords min-length 7logging buffered 50000no logging rate-limitenable secret 5 <removed>!aaa new-model!!aaa authentication login RETAIL group tacacs+ localaaa authentication enable default group tacacs+ enableaaa authorization exec default group tacacs+ if-authenticatedaaa accounting update newinfoaaa accounting exec defaultaction-type start-stopgroup tacacs+!aaa accounting commands 15 defaultaction-type start-stopgroup tacacs+!aaa accounting system defaultaction-type start-stopgroup tacacs+!!!!!!aaa session-id common!clock timezone PST -8 0clock summer-time PST recurring!crypto pki token default removal timeout 0!crypto pki trustpoint TP-self-signed-72006796enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-72006796revocation-check none!!crypto pki certificate chain TP-self-signed-72006796certificate self-signed 03<removed>quitno ipv6 cefno ip source-routeip cef!!!ip multicast-routing!!no ip bootp serverip domain name cisco-irn.comip name-server 192.168.42.130ip port-map user-8443 port tcp 8443ip inspect log drop-pktip inspect audit-trailip ips config location flash0: retries 1 timeout 1ip ips name Store-IPS!ip ips signature-categorycategory allretired truecategory ios_ips defaultretired false!ip wccp 61ip wccp 62login block-for 1800 attempts 6 within 1800login quiet-mode access-class 23login on-failure loglogin on-success log!multilink bundle-name authenticated!parameter-map type inspect globalWAAS enableparameter-map type inspect Inspect-1audit-trail onparameter-map type trend-global trend-glob-map!!!!password encryption aesvoice-card 0!!!!!!!license udi pid C3900-SPE150/K9 sn <removed>hw-module pvdm 0/0!!!archivelog configlogging enablenotify syslog contenttype plaintexthidekeysobject-group network ActiveDirectory.cisco-irn.comhost 192.168.42.130!object-group service CAPWAPdescription CAPWAP UDP ports 5246 and 5247udp eq 5246udp eq 5247!object-group service CISCO-WAASdescription Ports for Cisco WAAStcp eq 4050!object-group network EMC-NCMdescription EMC Network Configuration Managerhost 192.168.42.122!object-group network RSA-enVisiondescription RSA EnVision Syslog collector and SIMhost 192.168.42.124!object-group network CSM_INLINE_dst_rule_81604380995description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object EMC-NCMgroup-object RSA-enVision!object-group network TACACSdescription Csico Secure ACS server for TACACS and Radiushost 192.168.42.131!object-group network RSA-AMdescription RSA Authentication Manager for SecureIDhost 192.168.42.137!object-group network NAC-1description ISE server for NAChost 192.168.42.111!object-group network CSM_INLINE_dst_rule_81604381001description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object ActiveDirectory.cisco-irn.comgroup-object TACACSgroup-object RSA-AMgroup-object NAC-1!object-group network NAC-2host 192.168.42.112!object-group network CSM_INLINE_dst_rule_81604381037description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object NAC-2group-object NAC-1!object-group network DC-ALLdescription All of the Data Center192.168.0.0 255.255.0.0!object-group network Stores-ALLdescription all store networks10.10.0.0 255.255.0.0!object-group network CSM_INLINE_dst_rule_81604381039description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network WCSManagerdescription Wireless Managerhost 192.168.43.135!object-group network DC-Wifi-Controllersdescription Central Wireless Controllers for storeshost 192.168.43.21host 192.168.43.22!object-group network DC-Wifi-MSEdescription Mobility Service Engineshost 192.168.43.31host 192.168.43.32!object-group network CSM_INLINE_dst_rule_81604381045description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSE!object-group network PAME-DC-1host 192.168.44.111!object-group network MSP-DC-1description Data Center VSOMhost 192.168.44.121!object-group network CSM_INLINE_dst_rule_81604381049description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object PAME-DC-1group-object MSP-DC-1!object-group network CSM_INLINE_dst_rule_81604381059description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network CSM_INLINE_dst_rule_81604381067description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network CSM_INLINE_dst_rule_81604381071description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network CSM_INLINE_dst_rule_81604381150description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)10.10.126.0 255.255.255.010.10.110.0 255.255.255.0!object-group network CSM_INLINE_dst_rule_81604381152description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)10.10.126.0 255.255.255.010.10.110.0 255.255.255.0!object-group network DC-Admindescription DC Admin Systemshost 192.168.41.101host 192.168.41.102!object-group network CSManagerdescription Cisco Security Managerhost 192.168.42.133!object-group network CSM_INLINE_src_rule_81604380993description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-Admingroup-object EMC-NCMgroup-object CSManager!object-group network DC-POS-Tomaxdescription Tomax POS Communication from Store to Data Center192.168.52.96 255.255.255.224!object-group network DC-POS-SAPdescription SAP POS Communication from Store to Data Center192.168.52.144 255.255.255.240!object-group network DC-POS-Oracledescription Oracle POS Communication from Store to Data Center192.168.52.128 255.255.255.240!object-group network CSM_INLINE_src_rule_81604381021description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-Admingroup-object DC-POS-Tomaxgroup-object DC-POS-SAPgroup-object DC-POS-Oracle!object-group network CSM_INLINE_src_rule_81604381023description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-Admingroup-object DC-POS-Tomaxgroup-object DC-POS-SAPgroup-object DC-POS-Oracle!object-group network CSM_INLINE_src_rule_81604381041description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network CSM_INLINE_src_rule_81604381043description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSE!object-group network CSM_INLINE_src_rule_81604381047description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object PAME-DC-1group-object MSP-DC-1!object-group network DC-WAASdescription WAE Appliances in Data Centerhost 192.168.48.10host 192.168.49.10host 192.168.47.11host 192.168.47.12!object-group network CSM_INLINE_src_rule_81604381051description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-Admingroup-object DC-WAAS!object-group network CSM_INLINE_src_rule_81604381150description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)10.10.126.0 255.255.255.010.10.110.0 255.255.255.0!object-group network CSM_INLINE_src_rule_81604381152description Generated by CS-Manager from src of ZbfInspectRule# 0 (Store-HA_v1/mandatory)10.10.126.0 255.255.255.010.10.110.0 255.255.255.0!object-group service CSM_INLINE_svc_rule_81604380993description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443tcp eq 22!object-group service CSM_INLINE_svc_rule_81604380995description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)udp eq syslogudp eq snmpudp eq snmptrap!object-group service CSM_INLINE_svc_rule_81604381001description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq tacacsudp eq 1812udp eq 1813tcp eq 389tcp eq 636!object-group service vCenter-to-ESX4description Communication from vCetner to ESX hoststcp eq 5989tcp eq 8000tcp eq 902tcp eq 903!object-group service CSM_INLINE_svc_rule_81604381003description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq wwwtcp eq 443tcp eq 22group-object vCenter-to-ESX4!object-group service ESX-SLPdescription CIM Service Location Protocol (SLP) for VMware systemsudp eq 427tcp eq 427!object-group service CSM_INLINE_svc_rule_81604381005description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443group-object vCenter-to-ESX4group-object ESX-SLP!object-group service ORACLE-RMIdescription RMI TCP ports 1300 and 1301-1319.tcp range 1300 1319!object-group service ORACLE-Weblogicdescription HTTP/RMI and HTTPS/RMI-SSL 7001 & 7002. OracleAQ uses 1521.tcp eq 7001tcp eq 7002tcp eq 1521!object-group service ORACLE-WASdescription RMI/IIOP over 2809 HTTP over 9443 IBM-MQ 1414tcp eq 2809tcp eq 9443tcp eq 1414!object-group service ORACLE-OASdescription OAS uses one port for HTTP and RMI - 12601.tcp eq 12601!object-group service CSM_INLINE_svc_rule_81604381009description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443tcp eq 22group-object ORACLE-RMIgroup-object ORACLE-Weblogicgroup-object ORACLE-WASgroup-object ORACLE-OAS!object-group service CSM_INLINE_svc_rule_81604381011description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443tcp eq 22group-object ORACLE-RMIgroup-object ORACLE-Weblogicgroup-object ORACLE-WASgroup-object ORACLE-OAS!object-group service HTTPS-8443tcp eq 8443!object-group service CSM_INLINE_svc_rule_81604381013description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443tcp eq 22group-object HTTPS-8443!object-group service CSM_INLINE_svc_rule_81604381015description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443tcp eq 22group-object HTTPS-8443!object-group service TOMAX-8990description Tomax Application Porttcp eq 8990!object-group service CSM_INLINE_svc_rule_81604381017description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443group-object TOMAX-8990!object-group service CSM_INLINE_svc_rule_81604381019description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443group-object TOMAX-8990!object-group service ICMP-Requestsdescription ICMP requestsicmp information-requesticmp mask-requesticmp timestamp-request!object-group service CSM_INLINE_svc_rule_81604381021description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachableicmp redirecticmp alternate-addressgroup-object ICMP-Requests!object-group service CSM_INLINE_svc_rule_81604381023description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachableicmp redirecticmp alternate-addressgroup-object ICMP-Requests!object-group service CSM_INLINE_svc_rule_81604381025description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq wwwtcp eq 443tcp eq smtptcp eq pop3tcp eq 143!object-group service CSM_INLINE_svc_rule_81604381027description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq wwwtcp eq 443!object-group service CSM_INLINE_svc_rule_81604381029description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcpudptcp eq 443!object-group service DNS-Resolvingdescription Domain Name Servertcp eq domainudp eq domain!object-group service CSM_INLINE_svc_rule_81604381035description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)udp eq bootpsgroup-object DNS-Resolving!object-group service CSM_INLINE_svc_rule_81604381037description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq wwwtcp eq 443group-object HTTPS-8443!object-group service CSM_INLINE_svc_rule_81604381039description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachable!object-group service CSM_INLINE_svc_rule_81604381041description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)icmp echoicmp echo-replyicmp tracerouteicmp unreachable!object-group service LWAPPdescription LWAPP UDP ports 12222 and 12223udp eq 12222udp eq 12223!object-group service TFTPdescription Trivial File Transfertcp eq 69udp eq tftp!object-group service IP-Protocol-97description IP protocol 9797!object-group service CSM_INLINE_svc_rule_81604381043description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq 443tcp eq wwwtcp eq 22tcp eq telnetudp eq isakmpgroup-object CAPWAPgroup-object LWAPPgroup-object TFTPgroup-object IP-Protocol-97!object-group service Cisco-Mobilitydescription Mobility ports for Wirelessudp eq 16666udp eq 16667!object-group service CSM_INLINE_svc_rule_81604381045description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)udp eq isakmpgroup-object CAPWAPgroup-object LWAPPgroup-object Cisco-Mobilitygroup-object IP-Protocol-97!object-group service Microsoft-DS-SMBdescription Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharingtcp eq 445!object-group service CSM_INLINE_svc_rule_81604381051description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcptcp eq 139group-object CISCO-WAASgroup-object HTTPS-8443group-object Microsoft-DS-SMB!object-group service CSM_INLINE_svc_rule_81604381053description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcptcp eq 139group-object CISCO-WAASgroup-object HTTPS-8443group-object Microsoft-DS-SMB!object-group service CSM_INLINE_svc_rule_81604381055description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcptcp eq 139group-object Microsoft-DS-SMB!object-group service CSM_INLINE_svc_rule_81604381057description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)icmptcp-udp eq 5060tcp eq 2000tcp eq wwwtcp eq 443group-object TFTP!object-group service CSM_INLINE_svc_rule_81604381059description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp-udp eq 5060tcp eq 2000!object-group service CSM_INLINE_svc_rule_81604381061description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq wwwtcp eq 443!object-group service CSM_INLINE_svc_rule_81604381063description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq wwwtcp eq 443tcp eq smtptcp eq pop3tcp eq 143!object-group service Netbiosdescription Netbios Serversudp eq netbios-dgmudp eq netbios-nstcp eq 139!object-group service ORACLE-SIMdescription Oracle Store Inventory Managementtcp eq 7777tcp eq 6003tcp range 12401 12500!object-group service RDPdescription Windows Remote Desktoptcp eq 3389!object-group service Workbraintcp eq 8444!object-group service CSM_INLINE_svc_rule_81604381065description Generated by CS-Manager from service of ZbfInspectRule# 0 (Store-HA_v1/mandatory)tcp eq ftptcp eq wwwtcp eq 443udp eq 88tcp-udp eq 42group-object Microsoft-DS-SMBgroup-object Netbiosgroup-object ORACLE-SIMgroup-object RDPgroup-object Workbrain!object-group network DC-Applicationsdescription Applications in the Data Center that are non-PCI related(Optimized by CS-Manager)192.168.180.0 255.255.254.0!object-group network DC-Voicedescription Data Center Voice192.168.45.0 255.255.255.0!object-group network MS-Updatedescription Windows Update Serverhost 192.168.42.150!object-group network MSExchangedescription Mail Serverhost 192.168.42.140!object-group service NTPdescription NTP Protocolstcp eq 123udp eq ntp!object-group network NTP-Serversdescription NTP Servershost 192.168.62.161host 162.168.62.162!object-group network STORE-POS10.10.0.0 255.255.0.0!object-group network vSphere-1description vSphere server for Labhost 192.168.41.102!username retail privilege 15 secret 5 <removed>username bart privilege 15 secret 5 <removed>username emc-ncm privilege 15 secret 5 <removed>username bmcgloth privilege 15 secret 5 <removed>username csmadmin privilege 15 secret 5 <removed>!redundancy!!!!ip ssh time-out 30ip ssh authentication-retries 2ip ssh version 2ip scp server enable!class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_7match protocol httpmatch protocol httpsmatch protocol microsoft-dsmatch protocol ms-sqlmatch protocol ms-sql-mmatch protocol netbios-dgmmatch protocol netbios-nsmatch protocol oraclematch protocol oracle-em-vpmatch protocol oraclenamesmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_10match access-group name CSM_ZBF_CMAP_ACL_10match class-map CSM_ZBF_CMAP_PLMAP_7class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_4match protocol httpmatch protocol httpsmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_23match access-group name CSM_ZBF_CMAP_ACL_23match class-map CSM_ZBF_CMAP_PLMAP_4class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_17match protocol httpmatch protocol httpsmatch protocol imap3match protocol pop3match protocol pop3smatch protocol smtpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_32match access-group name CSM_ZBF_CMAP_ACL_32match class-map CSM_ZBF_CMAP_PLMAP_17class-map type inspect match-all CSM_ZBF_CLASS_MAP_11match access-group name CSM_ZBF_CMAP_ACL_11match protocol icmpclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_14match protocol httpmatch protocol httpsmatch protocol user-8443class-map type inspect match-all CSM_ZBF_CLASS_MAP_22match access-group name CSM_ZBF_CMAP_ACL_22match class-map CSM_ZBF_CMAP_PLMAP_14class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_20match protocol httpmatch protocol httpsmatch protocol netbios-dgmmatch protocol netbios-nsmatch protocol netbios-ssnmatch protocol ftpmatch protocol sshmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_33match access-group name CSM_ZBF_CMAP_ACL_33match class-map CSM_ZBF_CMAP_PLMAP_20class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_8match protocol sipmatch protocol sip-tlsmatch protocol skinnymatch protocol tftpmatch protocol httpmatch protocol httpsmatch protocol icmpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_12match access-group name CSM_ZBF_CMAP_ACL_12match class-map CSM_ZBF_CMAP_PLMAP_8class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_13match protocol httpsmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_21match access-group name CSM_ZBF_CMAP_ACL_21match class-map CSM_ZBF_CMAP_PLMAP_13class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_19match protocol httpmatch protocol httpsmatch protocol icmpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_30match access-group name CSM_ZBF_CMAP_ACL_30match class-map CSM_ZBF_CMAP_PLMAP_19class-map type inspect match-all CSM_ZBF_CLASS_MAP_13match access-group name CSM_ZBF_CMAP_ACL_13class-map type inspect match-all CSM_ZBF_CLASS_MAP_20match access-group name CSM_ZBF_CMAP_ACL_20match protocol icmpclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_18match protocol httpmatch protocol httpsmatch protocol udpmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_31match access-group name CSM_ZBF_CMAP_ACL_31match class-map CSM_ZBF_CMAP_PLMAP_18class-map match-all BRANCH-BULK-DATAmatch protocol tftpmatch protocol nfsmatch access-group name BULK-DATA-APPSclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_5match protocol httpmatch protocol httpsmatch protocol netbios-dgmmatch protocol netbios-nsmatch protocol netbios-ssnmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_14match access-group name CSM_ZBF_CMAP_ACL_14match class-map CSM_ZBF_CMAP_PLMAP_5class-map type inspect match-all CSM_ZBF_CLASS_MAP_27match access-group name CSM_ZBF_CMAP_ACL_27match protocol icmpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_36match access-group name CSM_ZBF_CMAP_ACL_36class-map type inspect match-all CSM_ZBF_CLASS_MAP_15match access-group name CSM_ZBF_CMAP_ACL_15class-map type inspect match-all CSM_ZBF_CLASS_MAP_26match access-group name CSM_ZBF_CMAP_ACL_26match class-map CSM_ZBF_CMAP_PLMAP_7class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_21match protocol tcpmatch protocol udpmatch protocol httpmatch protocol httpsclass-map type inspect match-all CSM_ZBF_CLASS_MAP_37match access-group name CSM_ZBF_CMAP_ACL_37match class-map CSM_ZBF_CMAP_PLMAP_21class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_9match protocol syslogmatch protocol syslog-connmatch protocol snmpmatch protocol snmptrapclass-map type inspect match-all CSM_ZBF_CLASS_MAP_16match access-group name CSM_ZBF_CMAP_ACL_16match class-map CSM_ZBF_CMAP_PLMAP_9class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_16match protocol httpmatch protocol httpsmatch protocol isakmpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_25match access-group name CSM_ZBF_CMAP_ACL_25match class-map CSM_ZBF_CMAP_PLMAP_16class-map type inspect match-all CSM_ZBF_CLASS_MAP_34match access-group name CSM_ZBF_CMAP_ACL_34class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_10match protocol ldapsmatch protocol ldapmatch protocol ldap-adminmatch protocol radiusmatch protocol tacacsmatch protocol tacacs-dsmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_17match access-group name CSM_ZBF_CMAP_ACL_17match class-map CSM_ZBF_CMAP_PLMAP_10class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_15match protocol httpmatch protocol httpsmatch protocol netbios-nsmatch protocol netbios-dgmmatch protocol netbios-ssnmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_24match access-group name CSM_ZBF_CMAP_ACL_24match class-map CSM_ZBF_CMAP_PLMAP_15class-map type inspect match-all CSM_ZBF_CLASS_MAP_35match access-group name CSM_ZBF_CMAP_ACL_35match class-map CSM_ZBF_CMAP_PLMAP_4class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_11match protocol ntpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_18match access-group name CSM_ZBF_CMAP_ACL_18match class-map CSM_ZBF_CMAP_PLMAP_11class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_12match protocol bootpcmatch protocol bootpsmatch protocol udpmatch protocol tcpmatch protocol dnsmatch protocol dhcp-failoverclass-map type inspect match-all CSM_ZBF_CLASS_MAP_19match access-group name CSM_ZBF_CMAP_ACL_19match class-map CSM_ZBF_CMAP_PLMAP_12class-map type inspect match-all CSM_ZBF_CLASS_MAP_29match access-group name CSM_ZBF_CMAP_ACL_29match class-map CSM_ZBF_CMAP_PLMAP_18class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_22match protocol sipmatch protocol sip-tlsmatch protocol skinnymatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_38match access-group name CSM_ZBF_CMAP_ACL_38match class-map CSM_ZBF_CMAP_PLMAP_22class-map type inspect match-all CSM_ZBF_CLASS_MAP_28match access-group name CSM_ZBF_CMAP_ACL_28match class-map CSM_ZBF_CMAP_PLMAP_17class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_1match protocol httpsmatch protocol sshclass-map type inspect match-all CSM_ZBF_CLASS_MAP_1match access-group name CSM_ZBF_CMAP_ACL_1match class-map CSM_ZBF_CMAP_PLMAP_1class-map type inspect match-all CSM_ZBF_CLASS_MAP_3match access-group name CSM_ZBF_CMAP_ACL_3match protocol icmpclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_2match protocol httpsmatch protocol httpmatch protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_2match access-group name CSM_ZBF_CMAP_ACL_2match class-map CSM_ZBF_CMAP_PLMAP_2class-map type inspect match-all CSM_ZBF_CLASS_MAP_5match access-group name CSM_ZBF_CMAP_ACL_5match class-map CSM_ZBF_CMAP_PLMAP_4class-map type inspect match-any CSM_ZBF_CMAP_PLMAP_3match protocol httpmatch protocol httpsmatch protocol sshmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_4match access-group name CSM_ZBF_CMAP_ACL_4match class-map CSM_ZBF_CMAP_PLMAP_3class-map type inspect match-all CSM_ZBF_CLASS_MAP_7match access-group name CSM_ZBF_CMAP_ACL_7match class-map CSM_ZBF_CMAP_PLMAP_5class-map type inspect match-all CSM_ZBF_CLASS_MAP_6match access-group name CSM_ZBF_CMAP_ACL_6match protocol tcpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_9match access-group name CSM_ZBF_CMAP_ACL_9match protocol tcpclass-map type inspect match-any CSM_ZBF_CMAP_PLMAP_6match protocol httpmatch protocol httpsmatch protocol sshmatch protocol telnetmatch protocol tftpmatch protocol isakmpmatch protocol tcpmatch protocol udpclass-map type inspect match-all CSM_ZBF_CLASS_MAP_8match access-group name CSM_ZBF_CMAP_ACL_8match class-map CSM_ZBF_CMAP_PLMAP_6class-map match-all BULK-DATAmatch ip dscp af11 af12class-map match-all INTERACTIVE-VIDEOmatch ip dscp af41 af42class-map match-any BRANCH-TRANSACTIONAL-DATAmatch protocol citrixmatch protocol ldapmatch protocol telnetmatch protocol sqlnetmatch protocol http url "*SalesReport*"match access-group name TRANSACTIONAL-DATA-APPSclass-map match-all BRANCH-MISSION-CRITICALmatch access-group name MISSION-CRITICAL-SERVERSclass-map match-all VOICEmatch ip dscp efclass-map match-all MISSION-CRITICAL-DATAmatch ip dscp 25class-map match-any BRANCH-NET-MGMTmatch protocol snmpmatch protocol syslogmatch protocol dnsmatch protocol icmpmatch protocol sshmatch access-group name NET-MGMT-APPSclass-map match-all ROUTINGmatch ip dscp cs6class-map match-all SCAVENGERmatch ip dscp cs1class-map match-all NET-MGMTmatch ip dscp cs2class-map match-any BRANCH-SCAVENGERmatch protocol gnutellamatch protocol fasttrackmatch protocol kazaa2class-map match-any CALL-SIGNALINGmatch ip dscp cs3class-map match-all TRANSACTIONAL-DATAmatch ip dscp af21 af22!!policy-map BRANCH-LAN-EDGE-OUTclass class-defaultpolicy-map BRANCH-WAN-EDGEclass VOICEpriority percent 18class INTERACTIVE-VIDEOpriority percent 15class CALL-SIGNALINGbandwidth percent 5class ROUTINGbandwidth percent 3class NET-MGMTbandwidth percent 2class MISSION-CRITICAL-DATAbandwidth percent 15random-detectclass TRANSACTIONAL-DATAbandwidth percent 12random-detect dscp-basedclass BULK-DATAbandwidth percent 4random-detect dscp-basedclass SCAVENGERbandwidth percent 1class class-defaultbandwidth percent 25random-detectpolicy-map type inspect CSM_ZBF_POLICY_MAP_18class type inspect CSM_ZBF_CLASS_MAP_14inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_19class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_25inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_16class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_23inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_25class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_32inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_36drop logclass type inspect CSM_ZBF_CLASS_MAP_37inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_17class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_24inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_24class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_34drop logclass type inspect CSM_ZBF_CLASS_MAP_35inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_14class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_27class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_15class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_21inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_26class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_38inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_12class type inspect CSM_ZBF_CLASS_MAP_15passclass class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_21class type inspect CSM_ZBF_CLASS_MAP_27inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_28inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_29inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_13class type inspect CSM_ZBF_CLASS_MAP_16inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_17inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_20class type inspect CSM_ZBF_CLASS_MAP_26inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_27inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_28inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_29inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_10class type inspect CSM_ZBF_CLASS_MAP_6inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_14inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_23class type inspect CSM_ZBF_CLASS_MAP_18inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_19inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_22inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_20inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_31inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_32inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_33inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_11class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_22class type inspect CSM_ZBF_CLASS_MAP_30inspect Inspect-1class class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_9class type inspect CSM_ZBF_CLASS_MAP_13passclass class-defaultdroppolicy-map type inspect CSM_ZBF_POLICY_MAP_8class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_12inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_7class type inspect CSM_ZBF_CLASS_MAP_9inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_10inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_11inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_6class type inspect CSM_ZBF_CLASS_MAP_6inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_5class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_8inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_4class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_6inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_7inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_3class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_5inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_2class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_4inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdrop logpolicy-map type inspect CSM_ZBF_POLICY_MAP_1class type inspect CSM_ZBF_CLASS_MAP_1inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_2inspect Inspect-1class type inspect CSM_ZBF_CLASS_MAP_3inspect Inspect-1class class-defaultdroppolicy-map BRANCH-LAN-EDGE-INclass BRANCH-MISSION-CRITICALset ip dscp 25class BRANCH-TRANSACTIONAL-DATAset ip dscp af21class BRANCH-NET-MGMTset ip dscp cs2class BRANCH-BULK-DATAset ip dscp af11class BRANCH-SCAVENGERset ip dscp cs1!zone security S_WANdescription Store WAN Linkzone security S_R-2-Rdescription Bridge link between routerszone security LOOPBACKdescription Loopback interfacezone security S_MGMTdescription VLAN1000 Managementzone security S_Securitydescription VLAN20 Physical Security Systemszone security S_WAASdescription VLAN19 WAAS optimizationzone security S_WLC-APdescription VLAN18 Wireless Systemszone security S_Datadescription VLAN12 Store Datazone security S_Data-Wdescription VLAN14 Store Wireless Datazone security S_Guestdescription VLAN17 Guest/Public Wirelesszone security S_Voicedescription VLAN13 Store Voicezone security S_Partnersdescription VLAN16 Partner networkzone security S_POSdescription VLAN 11 POS Datazone security S_POS-Wdescription VLAN15 Store Wireless POSzone-pair security CSM_S_WAN-LOOPBACK_1 source S_WAN destination LOOPBACKservice-policy type inspect CSM_ZBF_POLICY_MAP_1zone-pair security CSM_S_WAN-S_MGMT_1 source S_WAN destination S_MGMTservice-policy type inspect CSM_ZBF_POLICY_MAP_2zone-pair security CSM_S_WAN-S_Security_1 source S_WAN destination S_Securityservice-policy type inspect CSM_ZBF_POLICY_MAP_3zone-pair security CSM_S_WAN-S_WAAS_1 source S_WAN destination S_WAASservice-policy type inspect CSM_ZBF_POLICY_MAP_4zone-pair security CSM_S_WAN-S_WLC-AP_1 source S_WAN destination S_WLC-APservice-policy type inspect CSM_ZBF_POLICY_MAP_5zone-pair security CSM_S_WAN-S_Data_1 source S_WAN destination S_Dataservice-policy type inspect CSM_ZBF_POLICY_MAP_6zone-pair security CSM_S_WAN-S_Data-W_1 source S_WAN destination S_Data-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_6zone-pair security CSM_S_WAN-S_Guest_1 source S_WAN destination S_Guestservice-policy type inspect CSM_ZBF_POLICY_MAP_6zone-pair security CSM_S_WAN-S_Partners_1 source S_WAN destination S_Partnersservice-policy type inspect CSM_ZBF_POLICY_MAP_6zone-pair security CSM_S_WAN-S_POS_1 source S_WAN destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_7zone-pair security CSM_S_WAN-S_POS-W_1 source S_WAN destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_7zone-pair security CSM_S_WAN-S_Voice_1 source S_WAN destination S_Voiceservice-policy type inspect CSM_ZBF_POLICY_MAP_8zone-pair security CSM_S_R-2-R-LOOPBACK_1 source S_R-2-R destination LOOPBACKservice-policy type inspect CSM_ZBF_POLICY_MAP_1zone-pair security CSM_S_R-2-R-S_MGMT_1 source S_R-2-R destination S_MGMTservice-policy type inspect CSM_ZBF_POLICY_MAP_2zone-pair security CSM_S_R-2-R-S_Security_1 source S_R-2-R destination S_Securityservice-policy type inspect CSM_ZBF_POLICY_MAP_3zone-pair security CSM_S_R-2-R-S_WAAS_1 source S_R-2-R destination S_WAASservice-policy type inspect CSM_ZBF_POLICY_MAP_4zone-pair security CSM_S_R-2-R-S_WLC-AP_1 source S_R-2-R destination S_WLC-APservice-policy type inspect CSM_ZBF_POLICY_MAP_5zone-pair security CSM_S_R-2-R-self_1 source S_R-2-R destination selfservice-policy type inspect CSM_ZBF_POLICY_MAP_9zone-pair security CSM_S_R-2-R-S_Data_1 source S_R-2-R destination S_Dataservice-policy type inspect CSM_ZBF_POLICY_MAP_10zone-pair security CSM_S_R-2-R-S_Data-W_1 source S_R-2-R destination S_Data-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_10zone-pair security CSM_S_R-2-R-S_Guest_1 source S_R-2-R destination S_Guestservice-policy type inspect CSM_ZBF_POLICY_MAP_6zone-pair security CSM_S_R-2-R-S_Partners_1 source S_R-2-R destination S_Partnersservice-policy type inspect CSM_ZBF_POLICY_MAP_10zone-pair security CSM_S_R-2-R-S_POS_1 source S_R-2-R destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_7zone-pair security CSM_S_R-2-R-S_POS-W_1 source S_R-2-R destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_7zone-pair security CSM_S_R-2-R-S_Voice_1 source S_R-2-R destination S_Voiceservice-policy type inspect CSM_ZBF_POLICY_MAP_11zone-pair security CSM_self-S_R-2-R_1 source self destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_12zone-pair security CSM_LOOPBACK-S_WAN_1 source LOOPBACK destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_13zone-pair security CSM_LOOPBACK-S_R-2-R_1 source LOOPBACK destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_13zone-pair security CSM_LOOPBACK-S_POS_1 source LOOPBACK destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_LOOPBACK-S_POS-W_1 source LOOPBACK destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_MGMT-S_WAN_1 source S_MGMT destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_15zone-pair security CSM_S_MGMT-S_R-2-R_1 source S_MGMT destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_15zone-pair security CSM_S_MGMT-S_POS_1 source S_MGMT destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_MGMT-S_POS-W_1 source S_MGMT destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Security-S_WAN_1 source S_Security destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_16zone-pair security CSM_S_Security-S_R-2-R_1 source S_Security destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_16zone-pair security CSM_S_Security-S_POS_1 source S_Security destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Security-S_POS-W_1 source S_Security destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_WAAS-S_WAN_1 source S_WAAS destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_17zone-pair security CSM_S_WAAS-S_R-2-R_1 source S_WAAS destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_17zone-pair security CSM_S_WAAS-S_POS_1 source S_WAAS destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_WAAS-S_POS-W_1 source S_WAAS destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_WAAS-S_Data_1 source S_WAAS destination S_Dataservice-policy type inspect CSM_ZBF_POLICY_MAP_18zone-pair security CSM_S_WAAS-S_Data-W_1 source S_WAAS destination S_Data-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_18zone-pair security CSM_S_WAAS-S_Partners_1 source S_WAAS destination S_Partnersservice-policy type inspect CSM_ZBF_POLICY_MAP_18zone-pair security CSM_S_WLC-AP-S_WAN_1 source S_WLC-AP destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_19zone-pair security CSM_S_WLC-AP-S_R-2-R_1 source S_WLC-AP destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_19zone-pair security CSM_S_WLC-AP-S_POS_1 source S_WLC-AP destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_WLC-AP-S_POS-W_1 source S_WLC-AP destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_POS-S_WAN_1 source S_POS destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_20zone-pair security CSM_S_POS-S_R-2-R_1 source S_POS destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_20zone-pair security CSM_S_POS-W-S_WAN_1 source S_POS-W destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_21zone-pair security CSM_S_POS-W-S_R-2-R_1 source S_POS-W destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_21zone-pair security CSM_S_POS-W-S_POS_1 source S_POS-W destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_22zone-pair security CSM_S_Data-S_POS_1 source S_Data destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Data-S_POS-W_1 source S_Data destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Data-S_WAN_1 source S_Data destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_23zone-pair security CSM_S_Data-S_R-2-R_1 source S_Data destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_23zone-pair security CSM_S_Data-W-S_POS_1 source S_Data-W destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Data-W-S_POS-W_1 source S_Data-W destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Data-W-S_WAN_1 source S_Data-W destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_23zone-pair security CSM_S_Data-W-S_R-2-R_1 source S_Data-W destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_23zone-pair security CSM_S_Guest-S_POS_1 source S_Guest destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Guest-S_POS-W_1 source S_Guest destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Guest-S_WAN_1 source S_Guest destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_24zone-pair security CSM_S_Guest-S_R-2-R_1 source S_Guest destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_24zone-pair security CSM_S_Partners-S_POS_1 source S_Partners destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Partners-S_POS-W_1 source S_Partners destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Partners-S_WAN_1 source S_Partners destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_25zone-pair security CSM_S_Partners-S_R-2-R_1 source S_Partners destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_25zone-pair security CSM_S_Voice-S_POS_1 source S_Voice destination S_POSservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Voice-S_POS-W_1 source S_Voice destination S_POS-Wservice-policy type inspect CSM_ZBF_POLICY_MAP_14zone-pair security CSM_S_Voice-S_WAN_1 source S_Voice destination S_WANservice-policy type inspect CSM_ZBF_POLICY_MAP_26zone-pair security CSM_S_Voice-S_R-2-R_1 source S_Voice destination S_R-2-Rservice-policy type inspect CSM_ZBF_POLICY_MAP_27!!!!!!!interface Loopback0ip address 10.10.110.1 255.255.255.255ip pim sparse-dense-modezone-member security LOOPBACK!interface GigabitEthernet0/0description ROUTER LINK TO SWITCHno ip addressduplex autospeed auto!interface GigabitEthernet0/0.11description POSencapsulation dot1Q 11ip address 10.10.96.2 255.255.255.0ip helper-address 192.168.42.130ip helper-address 192.168.42.111ip pim sparse-dense-modeip ips Store-IPS inip ips Store-IPS outzone-member security S_POSstandby 11 ip 10.10.96.1standby 11 priority 101standby 11 preemptip igmp query-interval 125service-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.12description DATAencapsulation dot1Q 12ip address 10.10.97.2 255.255.255.0ip helper-address 192.168.42.130ip wccp 61 redirect inip pim sparse-dense-modezone-member security S_Datastandby 12 ip 10.10.97.1standby 12 priority 101standby 12 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.13description VOICEencapsulation dot1Q 13ip address 10.10.98.2 255.255.255.0ip helper-address 192.168.42.130ip pim sparse-dense-modezone-member security S_Voicestandby 13 ip 10.10.98.1standby 13 priority 101standby 13 preemptservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.14description WIRELESSencapsulation dot1Q 14ip address 10.10.99.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_Data-Wstandby 14 ip 10.10.99.1standby 14 priority 101standby 14 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.15description WIRELESS-POSencapsulation dot1Q 15ip address 10.10.100.2 255.255.255.0ip helper-address 192.168.42.130ip ips Store-IPS inip ips Store-IPS outzone-member security S_POS-Wstandby 15 ip 10.10.100.1standby 15 priority 101standby 15 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.16description PARTNERencapsulation dot1Q 16ip address 10.10.101.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_Partnersstandby 16 ip 10.10.101.1standby 16 priority 101standby 16 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.17description WIRELESS-GUESTencapsulation dot1Q 17ip address 10.10.102.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_Gueststandby 17 ip 10.10.102.1standby 17 priority 101standby 17 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.18description WIRELESS-CONTROLencapsulation dot1Q 18ip address 10.10.103.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_WLC-APstandby 18 ip 10.10.103.1standby 18 priority 101standby 18 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.19description WAASencapsulation dot1Q 19ip address 10.10.104.2 255.255.255.0ip helper-address 192.168.42.130zone-member security S_WAASstandby 19 ip 10.10.104.1standby 19 priority 101standby 19 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.20description SECURITY-SYSTEMSencapsulation dot1Q 20ip address 10.10.105.2 255.255.255.0ip helper-address 192.168.42.130ip pim sparse-dense-modezone-member security S_Securitystandby 20 ip 10.10.105.1standby 20 priority 101standby 20 preemptservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/0.102description ROUTER LINK TOencapsulation dot1Q 102ip address 10.10.110.29 255.255.255.252ip pim sparse-dense-modezone-member security S_R-2-Rservice-policy input BRANCH-LAN-EDGE-IN!interface GigabitEthernet0/0.1000description MANAGEMENTencapsulation dot1Q 1000ip address 10.10.111.2 255.255.255.0zone-member security S_MGMTstandby 100 ip 10.10.111.1standby 100 priority 101standby 100 preemptservice-policy input BRANCH-LAN-EDGE-INservice-policy output BRANCH-LAN-EDGE-OUT!interface GigabitEthernet0/1no ip addressduplex autospeed auto!interface GigabitEthernet0/1.101description ROUTER LINK TOencapsulation dot1Q 101ip address 10.10.110.25 255.255.255.252ip pim sparse-dense-modezone-member security S_R-2-Rservice-policy input BRANCH-LAN-EDGE-IN!interface GigabitEthernet0/2ip address 10.10.255.96 255.255.255.0ip ips Store-IPS inip ips Store-IPS outzone-member security S_WANduplex autospeed autoservice-policy output BRANCH-WAN-EDGE!!router ospf 5router-id 10.10.110.1redistribute connected subnetspassive-interface defaultno passive-interface GigabitEthernet0/0.102no passive-interface GigabitEthernet0/1.101network 10.10.0.0 0.0.255.255 area 10default-information originate!no ip forward-protocol nd!no ip http serverip http access-class 23ip http authentication aaa login-authentication RETAILip http secure-serverip http secure-ciphersuite 3des-ede-cbc-shaip http timeout-policy idle 60 life 86400 requests 10000!ip route 0.0.0.0 0.0.0.0 10.10.255.11ip tacacs source-interface Loopback0!ip access-list extended BULK-DATA-APPSremark ---File Transfer---permit tcp any any eq ftppermit tcp any any eq ftp-dataremark ---E-mail traffic---permit tcp any any eq smtppermit tcp any any eq pop3permit tcp any any eq 143remark ---other EDM app protocols---permit tcp any any range 3460 3466permit tcp any range 3460 3466 anyremark ---messaging services---permit tcp any any eq 2980permit tcp any eq 2980 anyremark ---Microsoft file services---permit tcp any any range 137 139permit tcp any range 137 139 anyip access-list extended CSM_ZBF_CMAP_ACL_1remark Data Center Mgmt to Devicespermit object-group CSM_INLINE_svc_rule_81604380993 object-group CSM_INLINE_src_rule_81604380993 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_10remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381011 object-group DC-POS-Oracle object-group STORE-POSremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381015 object-group DC-POS-SAP object-group STORE-POSremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381019 object-group DC-POS-Tomax object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_11remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381021 object-group CSM_INLINE_src_rule_81604381021 object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_12remark Data Center VOICE (wired and Wireless)permit object-group CSM_INLINE_svc_rule_81604381057 object-group DC-Voice object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_13permit ospf object-group CSM_INLINE_src_rule_81604381150 object-group CSM_INLINE_dst_rule_81604381150ip access-list extended CSM_ZBF_CMAP_ACL_14remark Store WAAS to Clients and Serverspermit object-group CSM_INLINE_svc_rule_81604381055 object-group Stores-ALL object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_15permit ospf object-group CSM_INLINE_src_rule_81604381152 object-group CSM_INLINE_dst_rule_81604381152ip access-list extended CSM_ZBF_CMAP_ACL_16remark Syslog and SNMP Alertspermit object-group CSM_INLINE_svc_rule_81604380995 object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604380995ip access-list extended CSM_ZBF_CMAP_ACL_17remark Store to Data Center Authenticationspermit object-group CSM_INLINE_svc_rule_81604381001 object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381001ip access-list extended CSM_ZBF_CMAP_ACL_18remark Store to Data Center for NTPpermit object-group NTP object-group Stores-ALL object-group NTP-Serversip access-list extended CSM_ZBF_CMAP_ACL_19remark Store to Data Center for DHCP and DNSpermit object-group CSM_INLINE_svc_rule_81604381035 object-group Stores-ALL object-group ActiveDirectory.cisco-irn.comip access-list extended CSM_ZBF_CMAP_ACL_2remark Data Center subscribe to IPS SDEE eventspermit tcp object-group RSA-enVision object-group Stores-ALL eq 443ip access-list extended CSM_ZBF_CMAP_ACL_20remark Permit ICMP trafficpermit object-group CSM_INLINE_svc_rule_81604381039 object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381039ip access-list extended CSM_ZBF_CMAP_ACL_21remark Store UCS Express to Data Center vShpherepermit object-group CSM_INLINE_svc_rule_81604381005 object-group Stores-ALL object-group vSphere-1ip access-list extended CSM_ZBF_CMAP_ACL_22remark Store NACpermit object-group CSM_INLINE_svc_rule_81604381037 object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381037ip access-list extended CSM_ZBF_CMAP_ACL_23remark Store to Data Center Physical Securitypermit ip object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381049ip access-list extended CSM_ZBF_CMAP_ACL_24remark Store WAAS (WAAS Devices need their own zone)permit object-group CSM_INLINE_svc_rule_81604381053 object-group Stores-ALL object-group DC-WAASip access-list extended CSM_ZBF_CMAP_ACL_25remark Store to Data Center wireless controller trafficpermit object-group CSM_INLINE_svc_rule_81604381045 object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381045ip access-list extended CSM_ZBF_CMAP_ACL_26remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381009 object-group STORE-POS object-group DC-POS-Oracleremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381013 object-group STORE-POS object-group DC-POS-SAPremark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381017 object-group STORE-POS object-group DC-POS-Tomaxip access-list extended CSM_ZBF_CMAP_ACL_27remark Permit POS systems to talk to Data Center Serverspermit object-group CSM_INLINE_svc_rule_81604381023 object-group CSM_INLINE_src_rule_81604381023 object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_28remark Store to Data Center for E-mailpermit object-group CSM_INLINE_svc_rule_81604381025 object-group STORE-POS object-group MSExchangeip access-list extended CSM_ZBF_CMAP_ACL_29remark Store to Data Center for Windows Updatespermit object-group CSM_INLINE_svc_rule_81604381027 object-group STORE-POS object-group MS-Updateip access-list extended CSM_ZBF_CMAP_ACL_3remark Permit ICMP trafficpermit object-group CSM_INLINE_svc_rule_81604381041 object-group CSM_INLINE_src_rule_81604381041 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_30remark Permit POS clients to talk to store POS serverpermit object-group CSM_INLINE_svc_rule_81604381029 object-group STORE-POS object-group STORE-POSip access-list extended CSM_ZBF_CMAP_ACL_31remark Store to Data Center for Windows Updatespermit object-group CSM_INLINE_svc_rule_81604381061 object-group Stores-ALL object-group MS-Updateip access-list extended CSM_ZBF_CMAP_ACL_32remark Store to Data Center for E-mailpermit object-group CSM_INLINE_svc_rule_81604381063 object-group Stores-ALL object-group MSExchangeip access-list extended CSM_ZBF_CMAP_ACL_33remark Store DATA (wired and Wireless - Access to DC Other applications)permit object-group CSM_INLINE_svc_rule_81604381065 object-group Stores-ALL object-group DC-Applicationsip access-list extended CSM_ZBF_CMAP_ACL_34remark Store GUEST - Drop Traffic to Enterprisepermit ip object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381071ip access-list extended CSM_ZBF_CMAP_ACL_35remark Store GUEST (access to internet/DMZ web servers)permit ip object-group Stores-ALL anyip access-list extended CSM_ZBF_CMAP_ACL_36remark Store PARTNERS - Drop Traffic to Enterprisepermit ip object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381067ip access-list extended CSM_ZBF_CMAP_ACL_37remark Store PARTNERS (wired and wireless - Access to Partner site, Internet VPN)permit ip object-group Stores-ALL anyip access-list extended CSM_ZBF_CMAP_ACL_38remark Store VOICE (wired and Wireless - Acess to corporate wide voice)permit object-group CSM_INLINE_svc_rule_81604381059 object-group Stores-ALL object-group CSM_INLINE_dst_rule_81604381059ip access-list extended CSM_ZBF_CMAP_ACL_4remark Data Center vSphere to UCS Expresspermit object-group CSM_INLINE_svc_rule_81604381003 object-group vSphere-1 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_5remark Data Center to Store Physical Securitypermit ip object-group CSM_INLINE_src_rule_81604381047 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_6remark Data Center Mgmt to Devicespermit object-group RDP object-group DC-Admin object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_7remark Data Center WAAS to Storepermit object-group CSM_INLINE_svc_rule_81604381051 object-group CSM_INLINE_src_rule_81604381051 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_8remark Data Center Wireless Control to AP's and Controllers in storespermit object-group CSM_INLINE_svc_rule_81604381043 object-group CSM_INLINE_src_rule_81604381043 object-group Stores-ALLip access-list extended CSM_ZBF_CMAP_ACL_9remark Data Center Mgmt to Devicespermit object-group RDP object-group DC-Admin object-group STORE-POSip access-list extended MISSION-CRITICAL-SERVERSremark ---POS Applications---permit ip any 192.168.52.0 0.0.0.255ip access-list extended NET-MGMT-APPSremark - Router user Authentication - Identifies TACACS Control trafficpermit tcp any any eq tacacspermit tcp any eq tacacs anyip access-list extended TRANSACTIONAL-DATA-APPSremark ---Workbrain Application---remark --Large Store Clock Server to Central Clock Applicationpermit tcp host 10.10.49.94 host 192.168.46.72 eq 8444remark --Large store Clock Server to CUAEpermit tcp host 10.10.49.94 host 192.168.45.185 eq 8000remark ---LiteScape Application---permit ip any host 192.168.46.82permit ip any 239.192.0.0 0.0.0.255permit ip any host 239.255.255.250remark ---Remote Desktop---permit tcp any any eq 3389permit tcp any eq 3389 anyremark ---Oracle SIM---permit tcp any 192.168.46.0 0.0.0.255 eq 7777permit tcp any 192.168.46.0 0.0.0.255 eq 6003permit tcp any 192.168.46.0 0.0.0.255 range 12401 12500permit tcp 192.168.46.0 0.0.0.255 eq 7777 anypermit tcp 192.168.46.0 0.0.0.255 eq 6003 anypermit tcp 192.168.46.0 0.0.0.255 range 12401 12500 any!logging esm configlogging trap debugginglogging source-interface Loopback0logging 192.168.42.124access-list 23 permit 192.168.41.101 logaccess-list 23 permit 192.168.41.102 logaccess-list 23 permit 192.168.42.111 logaccess-list 23 permit 192.168.42.122 logaccess-list 23 permit 192.168.42.124 logaccess-list 23 permit 127.0.0.1 logaccess-list 23 permit 192.168.42.131 logaccess-list 23 permit 192.168.42.133 logaccess-list 23 permit 192.168.42.138 logaccess-list 23 permit 10.19.151.99 logaccess-list 23 deny any logaccess-list 88 permit 192.168.42.124 logaccess-list 88 deny any log!!!!nls resp-timeout 1cpd cr-id 1!snmp-server engineID remote 192.168.42.124 0000000000snmp-server user remoteuser remoteuser remote 192.168.42.124 v3 access 88snmp-server user remoteuser remoteuser v3snmp-server group remoteuser v3 noauthsnmp-server trap-source Loopback0snmp-server packetsize 8192snmp-server location XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXsnmp-server contact XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXsnmp-server enable traps snmp authentication linkdown linkup coldstart warmstartsnmp-server enable traps envmon fan shutdown supply temperature statussnmp-server enable traps flash insertion removalsnmp-server enable traps energywisesnmp-server enable traps config-copysnmp-server enable traps configsnmp-server enable traps config-ctidsnmp-server enable traps entitysnmp-server enable traps hsrpsnmp-server enable traps cpu thresholdsnmp-server enable traps rsvpsnmp-server enable traps syslogsnmp-server enable traps vtpsnmp-server enable traps ipslasnmp-server host 192.168.42.124 remoteusertacacs-server host 192.168.42.131tacacs-server directed-requesttacacs-server domain-strippingtacacs-server key 7 <removed>!!control-plane!!!!mgcp profile default!!!!!gatekeepershutdown!!banner exec CWARNING:**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ******** AUTHORIZED USERS ONLY! ****ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENTTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARYTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHERREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUTFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHERCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAWENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.banner incoming CWARNING:**** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CMO Retail ******** AUTHORIZED USERS ONLY! ****ANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENTTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARYTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHERREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUTFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHERCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAWENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW.UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.banner loginWARNING:THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!!line con 0session-timeout 15 outputexec-timeout 15 0login authentication RETAILline aux 0session-timeout 1 outputexec-timeout 0 1privilege level 0login authentication RETAILno exectransport preferred nonetransport output noneline vty 0 4session-timeout 15 outputaccess-class 23 inexec-timeout 15 0logging synchronouslogin authentication RETAILtransport preferred nonetransport input sshtransport output noneline vty 5 15session-timeout 15 outputaccess-class 23 inexec-timeout 15 0logging synchronouslogin authentication RETAILtransport preferred nonetransport input sshtransport output none!scheduler allocate 20000 1000ntp source Loopback0ntp server 192.168.62.161 preferntp server 192.168.62.162endr-a2-lrg-2
!! Last configuration change at 00:59:26 PST Sat Apr 30 2011 by retail! NVRAM config last updated at 01:00:56 PST Sat Apr 30 2011 by retail!version 15.1no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime localtime show-timezoneservice timestamps log datetime msec localtime show-timezone yearservice password-encryptionservice sequence-numbers!hostname R-A2-Lrg-2!boot-start-markerboot system flash0 c3900-universalk9-mz.SPA.151-3.T.binboot-end-marker!!security authentication failure rate 2 logsecurity passwords min-length 7logging buffered 50000no logging rate-limitenable secret 5 <removed>!aaa new-model!!aaa authentication login RETAIL group tacacs+ localaaa authentication enable default group tacacs+ enableaaa authorization exec default group tacacs+ if-authenticatedaaa accounting update newinfoaaa accounting exec defaultaction-type start-stopgroup tacacs+!aaa accounting commands 15 defaultaction-type start-stopgroup tacacs+!aaa accounting system defaultaction-type start-stopgroup tacacs+!!!!!!aaa session-id common!clock timezone PST -8 0clock summer-time PST recurring!crypto pki token default removal timeout 0!crypto pki trustpoint TP-self-signed-660084654enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-660084654revocation-check nonersakeypair TP-self-signed-660084654!!crypto pki certificate chain TP-self-signed-660084654certificate self-signed 01<removed>quitno ipv6 cefno ip source-routeip cef!!!ip multicast-routing!!no ip bootp serverip domain name cisco-irn.comip name-server 192.168.42.130ip port-map user-8443 port tcp 8443ip inspect log drop-pktip inspect audit-trailip ips config location flash0: retries 1 timeout 1ip ips name Store-IPS!ip ips signature-categorycategory allretired truecategory ios_ips defaultretired false!ip wccp 61ip wccp 62login block-for 1800 attempts 6 within 1800login quiet-mode access-class 23login on-failure loglogin on-success log!multilink bundle-name authenticated!parameter-map type inspect globalWAAS enableparameter-map type inspect Inspect-1audit-trail onparameter-map type trend-global trend-glob-map!!!!password encryption aesvoice-card 0!!!!!!!license udi pid C3900-SPE150/K9 sn <removed>hw-module pvdm 0/0!!!archivelog configlogging enablenotify syslog contenttype plaintexthidekeysobject-group network ActiveDirectory.cisco-irn.comhost 192.168.42.130!object-group service CAPWAPdescription CAPWAP UDP ports 5246 and 5247udp eq 5246udp eq 5247!object-group service CISCO-WAASdescription Ports for Cisco WAAStcp eq 4050!object-group network EMC-NCMdescription EMC Network Configuration Managerhost 192.168.42.122!object-group network RSA-enVisiondescription RSA EnVision Syslog collector and SIMhost 192.168.42.124!object-group network CSM_INLINE_dst_rule_81604380995description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object EMC-NCMgroup-object RSA-enVision!object-group network TACACSdescription Csico Secure ACS server for TACACS and Radiushost 192.168.42.131!object-group network RSA-AMdescription RSA Authentication Manager for SecureIDhost 192.168.42.137!object-group network NAC-1description ISE server for NAChost 192.168.42.111!object-group network CSM_INLINE_dst_rule_81604381001description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object ActiveDirectory.cisco-irn.comgroup-object TACACSgroup-object RSA-AMgroup-object NAC-1!object-group network NAC-2host 192.168.42.112!object-group network CSM_INLINE_dst_rule_81604381037description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object NAC-2group-object NAC-1!object-group network DC-ALLdescription All of the Data Center192.168.0.0 255.255.0.0!object-group network Stores-ALLdescription all store networks10.10.0.0 255.255.0.0!object-group network CSM_INLINE_dst_rule_81604381039description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object DC-ALLgroup-object Stores-ALL!object-group network WCSManagerdescription Wireless Managerhost 192.168.43.135!object-group network DC-Wifi-Controllersdescription Central Wireless Controllers for storeshost 192.168.43.21host 192.168.43.22!object-group network DC-Wifi-MSEdescription Mobility Service Engineshost 192.168.43.31host 192.168.43.32!object-group network CSM_INLINE_dst_rule_81604381045description Generated by CS-Manager from dst of ZbfInspectRule# 0 (Store-HA_v1/mandatory)group-object WCSManagergroup-object DC-Wifi-Controllersgroup-object DC-Wifi-MSE!object-group network PAME-DC-1host 192.168.44.111!object-group network MSP-DC-1description Data Center VSOMhost 192.168.44.121!object-group network CSM_INLINE_dst_rule_81604381049description Gener