
hostname SJC-RFD-FWSM-1
enable password ******************* encrypted
names
!
interface Vlan8
 nameif outside
 security-level 0
 ip address 10.9.8.3 255.255.255.0 standby 10.9.8.4 
!
interface Vlan9
 nameif inside
 security-level 100
 ip address 10.9.9.3 255.255.255.0 standby 10.9.9.4 
!
interface Vlan11
 description LAN Failover Interface
!
interface Vlan13
 description STATE Failover Interface
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
object-group service SIP-PORTS-TCP tcp
 port-object range sip 5062
object-group service ICC-TCP tcp
 description *** Inter-cluster communication
 port-object eq h323
 group-object SIP-PORTS-TCP
object-group service SIP-PORTS-UDP udp
 port-object range sip 5062
object-group service ICC-UDP udp
 description *** Inter-cluster communication
 group-object SIP-PORTS-UDP
object-group service GK-TCP-UDP tcp-udp
 description *** Communications to GK
 port-object eq 1718
 port-object eq 1719
 port-object eq 1720
object-group service PHONE-VOICE-TCP tcp
 description *** TCP protocols used by phones
 port-object eq 2000
 port-object eq 2443
 port-object eq ctiqbe
 port-object eq 8080
 group-object SIP-PORTS-TCP
object-group service PHONE-VOICE-UDP udp
 description *** UDP protocols used by phones
 port-object eq tftp
 port-object eq domain
 group-object SIP-PORTS-UDP
object-group service H323-GW-TCP tcp
 port-object eq h323
 port-object eq 2000
object-group service MGCP-GW-TCP tcp
 port-object eq 2428
 port-object eq 2000
object-group service SRST-TCP tcp
 group-object H323-GW-TCP
 group-object MGCP-GW-TCP
 port-object eq sip
object-group service H323-GW-UDP udp
 port-object eq 1719
object-group service MGCP-GW-UDP udp
 port-object eq 2427
 port-object eq tftp
object-group service SRST-UDP udp
 group-object H323-GW-UDP
 group-object MGCP-GW-UDP
 port-object eq sip
object-group service RTP udp
 port-object range 16384 32768
object-group network MP
 network-object host 10.9.16.11
 network-object host 10.9.16.7
 network-object host 10.9.16.8
 network-object host 10.9.16.9
 network-object host 10.9.16.10
 network-object host 10.9.12.12
object-group network CER
 network-object host 10.9.14.12
object-group network UNITY
 network-object host 10.9.10.12
 network-object host 10.9.10.13
 network-object host 10.9.14.13
object-group network EXCHG
 network-object host 10.9.10.8
 network-object host 10.9.10.9
 network-object host 10.9.10.10
 network-object host 10.9.10.11
 network-object host 10.9.14.8
 network-object host 10.9.14.9
 network-object host 10.9.14.10
 network-object host 10.9.14.11
object-group network FAX
 network-object host 10.9.14.7
 network-object host 10.9.14.16
object-group network PRES
 network-object host 10.9.12.7
object-group network DCS
 network-object host 10.9.12.5
 network-object host 10.9.12.6
object-group network BLINDLY-TRUSTED
 group-object MP
 group-object CER
 group-object UNITY
 group-object EXCHG
 group-object FAX
 group-object PRES
 group-object DCS
object-group network EVERYONE
 network-object 10.0.0.0 255.0.0.0
object-group network MOH-SRVR
 network-object host 10.9.10.7
object-group network NTP-SRVR
 network-object 10.9.8.0 255.255.255.0
object-group network NETMGMT-SRVR
 network-object host 10.9.12.21
 network-object host 10.9.22.34
 network-object host 172.18.143.115
object-group network DNS-SRVR-OUT
 network-object host 10.9.20.11
object-group network DNS-SRVR-IN
 network-object host 10.9.12.4
 network-object host 10.9.12.5
 network-object host 10.9.12.6
object-group network DHCP-SRVR-IN
 network-object host 10.9.12.4
object-group network GKS-OUT
 network-object host 10.9.22.99
 network-object host 10.3.62.99
 network-object host 10.3.70.99
object-group network GKS-IN
 network-object host 10.9.12.99
object-group network MGCP-GWS-OUT
 network-object 10.9.128.32 255.255.255.240
 network-object 10.9.128.48 255.255.255.240
 network-object 10.9.128.64 255.255.255.224
 network-object 10.9.128.96 255.255.255.224
 network-object 10.9.128.128 255.255.255.240
 network-object 10.9.129.0 255.255.255.240
 network-object 10.9.129.16 255.255.255.240
 network-object 10.9.129.32 255.255.255.240
 network-object 10.9.129.48 255.255.255.240
 network-object 10.9.129.64 255.255.255.224
 network-object 10.9.129.96 255.255.255.224
 network-object 10.9.130.0 255.255.255.240
 network-object 10.9.130.16 255.255.255.240
 network-object 10.9.130.32 255.255.255.240
 network-object 10.9.130.64 255.255.255.240
 network-object 10.9.130.96 255.255.255.224
 network-object 10.9.207.0 255.255.255.240
 network-object 10.9.207.16 255.255.255.240
 network-object 10.9.207.32 255.255.255.240
 network-object 10.9.207.48 255.255.255.240
 network-object 10.9.207.96 255.255.255.224
 network-object 10.9.208.0 255.255.255.240
 network-object 10.9.208.16 255.255.255.240
 network-object 10.9.208.32 255.255.255.240
 network-object 10.9.208.48 255.255.255.240
 network-object 10.9.208.96 255.255.255.224
 network-object 10.9.209.0 255.255.255.240
 network-object 10.9.208.64 255.255.255.240
 network-object 10.9.209.16 255.255.255.240
 network-object 10.9.209.32 255.255.255.240
 network-object 10.9.209.48 255.255.255.240
 network-object 10.9.209.64 255.255.255.240
 network-object 10.9.130.48 255.255.255.240
 network-object host 10.9.22.2
 network-object host 10.9.227.250
 network-object host 10.9.241.248
object-group network H323-GWS-OUT
 network-object host 10.3.28.2
 network-object host 10.9.128.139
 network-object host 10.9.128.140
 network-object host 10.9.207.20
 network-object host 10.9.207.98
 network-object host 10.9.208.98
 network-object host 10.9.22.26
 network-object host 10.9.40.11
 network-object 10.9.128.128 255.255.255.240
object-group network H323-GWS-IN
 network-object host 10.9.14.14
object-group network DFW-CCM
 network-object host 10.3.24.2
 network-object host 10.3.24.3
 network-object host 10.3.24.4
 network-object host 10.3.24.5
 network-object host 10.3.24.6
 network-object host 10.3.24.7
object-group network SJC-CCM
 network-object host 10.9.10.4
 network-object host 10.9.14.4
 network-object host 10.9.10.5
 network-object host 10.9.14.5
 network-object host 10.9.10.6
 network-object host 10.9.14.6
 network-object host 10.9.10.7
object-group network RFD-CCM
 network-object host 10.9.20.2
 network-object host 10.9.20.3
 network-object host 10.9.20.4
 network-object host 10.9.20.5
 network-object host 10.9.20.6
 network-object host 10.9.20.7
object-group network SFO-CCM
 network-object host 10.9.30.3
 network-object host 10.9.30.4
 network-object host 10.9.30.5
 network-object host 10.9.30.6
 network-object host 10.9.30.7
 network-object host 10.9.30.8
 network-object host 10.9.30.9
object-group network ORD-CCM
 network-object host 10.9.40.3
 network-object host 10.9.40.4
 network-object host 10.9.40.5
 network-object host 10.9.40.6
 network-object host 10.9.40.7
 network-object host 10.9.40.8
 network-object host 10.9.40.9
object-group network NYC-CCM
 network-object host 10.3.60.2
 network-object host 10.3.60.3
object-group network RDU-CCM
 network-object host 10.3.90.5
 network-object host 10.3.90.6
object-group network ATL-CME
 network-object host 10.3.80.2
 network-object host 10.3.81.2
 network-object host 10.3.181.190
 network-object host 10.3.83.2
 network-object host 10.3.84.2
 network-object host 10.3.82.2
object-group network YYZ-CME
 network-object host 10.3.181.194
 network-object host 10.3.71.2
 network-object host 10.3.74.2
 network-object host 10.3.75.2
object-group network SRST
 network-object host 10.9.28.2
 network-object host 10.9.38.1
object-group network IP-PHONES
 network-object 10.9.82.0 255.255.254.0
 network-object 10.9.84.0 255.255.254.0
 network-object 10.9.86.0 255.255.254.0
 network-object 10.9.88.0 255.255.254.0
 network-object 10.9.90.0 255.255.254.0
 network-object 10.9.92.0 255.255.254.0
 network-object 10.9.94.0 255.255.254.0
 network-object 10.9.98.0 255.255.254.0
 network-object 10.9.100.0 255.255.254.0
 network-object 10.9.102.0 255.255.254.0
 network-object 10.9.104.0 255.255.254.0
 network-object 10.9.106.0 255.255.254.0
 network-object 10.9.108.0 255.255.254.0
 network-object 10.9.112.0 255.255.254.0
 network-object 10.9.114.0 255.255.254.0
 network-object 10.9.116.0 255.255.254.0
 network-object 10.9.118.0 255.255.254.0
 network-object 10.9.120.0 255.255.254.0
 network-object 10.9.122.0 255.255.254.0
 network-object 10.9.124.0 255.255.254.0
 network-object 10.9.210.0 255.255.254.0
 network-object 10.9.212.0 255.255.254.0
 network-object 10.9.214.0 255.255.254.0
 network-object 10.9.216.0 255.255.254.0
 network-object 10.9.218.0 255.255.254.0
 network-object 10.9.220.0 255.255.254.0
 network-object 10.9.222.0 255.255.254.0
 network-object 10.9.226.0 255.255.254.0
 network-object 10.9.228.0 255.255.254.0
 network-object 10.9.230.0 255.255.254.0
 network-object 10.9.232.0 255.255.254.0
 network-object 10.9.234.0 255.255.254.0
 network-object 10.9.236.0 255.255.254.0
 network-object 10.9.240.0 255.255.254.0
 network-object 10.9.242.0 255.255.254.0
 network-object 10.9.244.0 255.255.254.0
 network-object 10.9.246.0 255.255.254.0
 network-object 10.9.248.0 255.255.254.0
 network-object 10.9.250.0 255.255.254.0
 network-object 10.9.252.0 255.255.254.0
 network-object 10.9.28.0 255.255.255.0
 network-object 10.9.38.0 255.255.255.0
 network-object 10.9.142.0 255.255.255.0
 network-object 10.9.96.0 255.255.254.0
object-group network SIP-PROXY
 network-object host 10.3.51.2
access-list mode auto-commit
access-list ALLOW-ALL extended permit ip any any 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** All ICMP traffic
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit icmp object-group EVERYONE object-group EVERYONE 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** NTP -- Not sure if both ports are 'ntp'
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit udp object-group EVERYONE eq ntp object-group NTP-SRVR eq ntp 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** DHCP and DNS
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit udp object-group EVERYONE object-group DNS-SRVR-OUT eq domain 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** Network Mgmt
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit udp object-group NETMGMT-SRVR eq snmp object-group EVERYONE eq snmp 
access-list INSIDE-IN extended permit udp object-group EVERYONE eq snmptrap object-group NETMGMT-SRVR eq snmptrap 
access-list INSIDE-IN extended permit tcp object-group NETMGMT-SRVR object-group EVERYONE eq ssh 
access-list INSIDE-IN extended permit udp object-group EVERYONE object-group NETMGMT-SRVR eq tftp 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** Traffic between CCM clusters
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group DFW-CCM object-group ICC-TCP 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group SFO-CCM object-group ICC-TCP 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group ORD-CCM object-group ICC-TCP 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group NYC-CCM object-group ICC-TCP 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group RDU-CCM object-group ICC-TCP 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group ATL-CME object-group ICC-TCP 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group YYZ-CME object-group ICC-TCP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group DFW-CCM object-group ICC-UDP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group SFO-CCM object-group ICC-UDP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group ORD-CCM object-group ICC-UDP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group NYC-CCM object-group ICC-UDP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group RDU-CCM object-group ICC-UDP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group ATL-CME object-group ICC-UDP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group YYZ-CME object-group ICC-UDP 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** COW traffic
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group RFD-CCM 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group RFD-CCM 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** H323...
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark ***   ... CCM to GW
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group H323-GWS-OUT eq h323 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark ***   ... inside GW to remote CCM
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit tcp object-group H323-GWS-IN object-group RFD-CCM object-group H323-GW-TCP 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark ***   ... between CCMs and GKs
access-list INSIDE-IN remark ***       (We could make the ports more granular.)
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit tcp object-group GKS-IN object-group GKS-OUT object-group GK-TCP-UDP 
access-list INSIDE-IN extended permit udp object-group GKS-IN object-group GKS-OUT object-group GK-TCP-UDP 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group GKS-OUT object-group GK-TCP-UDP 
access-list INSIDE-IN extended permit udp object-group SJC-CCM object-group GKS-OUT object-group GK-TCP-UDP 
access-list INSIDE-IN remark ***********************************************
access-list INSIDE-IN remark *** Workarounds; outside of Security Policy ***
access-list INSIDE-IN remark ***********************************************
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** CSCsc11305 ICT & GK
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group DFW-CCM range 32768 65535 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group RFD-CCM range 32768 65535 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group SFO-CCM range 32768 65535 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group ORD-CCM range 32768 65535 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group NYC-CCM range 32768 65535 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group RDU-CCM range 32768 65535 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group ATL-CME range 32768 65535 
access-list INSIDE-IN extended permit tcp object-group SJC-CCM object-group YYZ-CME range 32768 65535 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** CSCsc55543 MOH & SIP
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit udp object-group MOH-SRVR object-group RTP object-group EVERYONE object-group RTP 
access-list INSIDE-IN remark ***************************************************
access-list INSIDE-IN remark *** For convenience; outside of Security Policy ***
access-list INSIDE-IN remark ***************************************************
access-list INSIDE-IN remark *** Allow everything from blindly trusted sources until port use is determined
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit ip object-group BLINDLY-TRUSTED any 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** Allow telnet everywhere
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended permit tcp any any eq telnet 
access-list INSIDE-IN remark ***
access-list INSIDE-IN remark *** Nothing else shall pass here
access-list INSIDE-IN remark ***
access-list INSIDE-IN extended deny ip any any 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** All ICMP traffic
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit icmp object-group EVERYONE object-group EVERYONE 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** Network mgmt
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit udp object-group NETMGMT-SRVR eq snmp object-group EVERYONE eq snmp 
access-list OUTSIDE-IN extended permit udp object-group NETMGMT-SRVR eq 1438 object-group EVERYONE eq snmp 
access-list OUTSIDE-IN extended permit udp object-group EVERYONE eq snmptrap object-group NETMGMT-SRVR eq snmptrap 
access-list OUTSIDE-IN extended permit tcp object-group NETMGMT-SRVR object-group EVERYONE eq ssh 
access-list OUTSIDE-IN extended permit udp object-group EVERYONE object-group NETMGMT-SRVR eq tftp 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** DHCP and DNS
access-list OUTSIDE-IN remark *** DHCP setting assumes no hosts directly connected to FW
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit udp object-group EVERYONE eq bootps object-group DHCP-SRVR-IN eq bootps 
access-list OUTSIDE-IN extended permit udp object-group EVERYONE object-group DNS-SRVR-IN eq domain 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** Voice protocols from phones to CCM
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group IP-PHONES object-group SJC-CCM object-group PHONE-VOICE-TCP 
access-list OUTSIDE-IN extended permit udp object-group IP-PHONES object-group SJC-CCM object-group PHONE-VOICE-UDP 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** ICT communication
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group DFW-CCM object-group SJC-CCM object-group ICC-TCP 
access-list OUTSIDE-IN extended permit tcp object-group SFO-CCM object-group SJC-CCM object-group ICC-TCP 
access-list OUTSIDE-IN extended permit tcp object-group ORD-CCM object-group SJC-CCM object-group ICC-TCP 
access-list OUTSIDE-IN extended permit tcp object-group NYC-CCM object-group SJC-CCM object-group ICC-TCP 
access-list OUTSIDE-IN extended permit tcp object-group RDU-CCM object-group SJC-CCM object-group ICC-TCP 
access-list OUTSIDE-IN extended permit tcp object-group ATL-CME object-group SJC-CCM object-group ICC-TCP 
access-list OUTSIDE-IN extended permit tcp object-group YYZ-CME object-group SJC-CCM object-group ICC-TCP 
access-list OUTSIDE-IN extended permit udp object-group DFW-CCM object-group SJC-CCM object-group ICC-UDP 
access-list OUTSIDE-IN extended permit udp object-group SFO-CCM object-group SJC-CCM object-group ICC-UDP 
access-list OUTSIDE-IN extended permit udp object-group ORD-CCM object-group SJC-CCM object-group ICC-UDP 
access-list OUTSIDE-IN extended permit udp object-group NYC-CCM object-group SJC-CCM object-group ICC-UDP 
access-list OUTSIDE-IN extended permit udp object-group RDU-CCM object-group SJC-CCM object-group ICC-UDP 
access-list OUTSIDE-IN extended permit udp object-group ATL-CME object-group SJC-CCM object-group ICC-UDP 
access-list OUTSIDE-IN extended permit udp object-group YYZ-CME object-group SJC-CCM object-group ICC-UDP 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** COW traffic
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group RFD-CCM object-group SJC-CCM 
access-list OUTSIDE-IN extended permit udp object-group RFD-CCM object-group SJC-CCM 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** SRST servers to CCM
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group SRST object-group SJC-CCM object-group SRST-TCP 
access-list OUTSIDE-IN extended permit udp object-group SRST object-group SJC-CCM object-group SRST-UDP 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** MGCP gateways to CCM
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group MGCP-GWS-OUT object-group SJC-CCM object-group MGCP-GW-TCP 
access-list OUTSIDE-IN extended permit udp object-group MGCP-GWS-OUT object-group SJC-CCM object-group MGCP-GW-UDP 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** H323...
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark ***   ... GW to CCM
access-list OUTSIDE-IN remark ***       (We could make the source address more granular.)
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group H323-GWS-OUT object-group SJC-CCM object-group H323-GW-TCP 
access-list OUTSIDE-IN extended permit udp object-group H323-GWS-OUT object-group SJC-CCM object-group H323-GW-UDP 
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark ***   ... between CCMs and GKs
access-list OUTSIDE-IN remark ***       (We could make the ports more granular.)
access-list OUTSIDE-IN remark ***       (We could make the source address more granular.)
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group EVERYONE object-group GKS-IN object-group GK-TCP-UDP 
access-list OUTSIDE-IN extended permit udp object-group EVERYONE object-group GKS-IN object-group GK-TCP-UDP 
access-list OUTSIDE-IN remark ***********************************************
access-list OUTSIDE-IN remark *** Workarounds; outside of Security Policy ***
access-list OUTSIDE-IN remark ***********************************************
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN remark *** CSCsc11305 ICT & GK
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit tcp object-group DFW-CCM object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN extended permit tcp object-group RFD-CCM object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN extended permit tcp object-group SFO-CCM object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN extended permit tcp object-group ORD-CCM object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN extended permit tcp object-group NYC-CCM object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN extended permit tcp object-group RDU-CCM object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN extended permit tcp object-group ATL-CME object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN extended permit tcp object-group YYZ-CME object-group SJC-CCM range 32768 65535 
access-list OUTSIDE-IN remark ***************************************************
access-list OUTSIDE-IN remark *** For convenience; outside of Security Policy ***
access-list OUTSIDE-IN remark ***************************************************
access-list OUTSIDE-IN remark *** Allow everything from blindly trusted sources until port use is determined
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended permit ip any object-group BLINDLY-TRUSTED 
access-list OUTSIDE-IN remark *** Nothing else shall pass here
access-list OUTSIDE-IN remark ***
access-list OUTSIDE-IN extended deny ip any any 
access-list tmp extended permit udp host 1.1.1.1 eq bootps host 1.1.1.1 eq bootps 
no pager
logging enable
logging standby
logging buffered debugging
logging trap debugging
logging host outside 10.3.2.129
logging debug-trace
mtu outside 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface flan Vlan11
failover polltime unit 1 holdtime 5
failover link flin Vlan13
failover interface ip flan 1.1.1.1 255.255.255.252 standby 1.1.1.2
failover interface ip flin 1.1.1.5 255.255.255.252 standby 1.1.1.6
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
access-group OUTSIDE-IN in interface outside
access-group INSIDE-IN in interface inside
route outside 172.18.143.115 255.255.255.255 10.9.8.1 1
route outside 10.3.2.204 255.255.255.255 10.9.8.1 1
route outside 10.3.2.129 255.255.255.255 10.9.8.1 1
!
router ospf 1
 network 10.0.0.0 255.0.0.0 area 9
 area 9 stub no-summary
 log-adj-changes
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 non_TCP_UDP 0:02:00
timeout uauth 0:05:00 absolute
username cisco password *************** encrypted
aaa authentication telnet console LOCAL 
aaa authentication ssh console LOCAL 
snmp-server host inside 10.9.12.21 community public version 2c
snmp-server host outside 10.9.22.34 community public version 2c
snmp-server host outside 172.18.143.115 community public version 2c
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-ipsec
telnet timeout 5
ssh 10.3.2.0 255.255.255.0 outside
ssh timeout 30
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
class-map default
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect skinny 
  inspect smtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:98c9fec2aeb9ff5502367f683e7fa547
: end
