! Generated by Network Security Policy Compiler, version 2.453

! [ BEGIN router:mngt ]
! [ Model = PIX ]
! [ IP = 10.1.11.1 ]
! [ Routing ]
! route network:0/0 -> interface:small.service_lan
route outside 0.0.0.0 0.0.0.0 10.10.1.4
! [ ACL ]
object-group network g0
 network-object host 10.10.1.1
 network-object host 10.10.1.2
 network-object host 10.10.1.3
 network-object host 10.10.1.4
 network-object host 10.10.1.5
 network-object host 172.17.1.2
 network-object host 172.17.1.6
! interface:mngt.service_lan
! permit src=network:0/0; dst=interface:mngt.service_lan; srv=service:ping;
icmp permit 0.0.0.0 0.0.0.0 8 outside
! permit src=network:0/0; dst=interface:mngt.service_lan; srv=service:pong;
icmp permit 0.0.0.0 0.0.0.0 0 outside
! permit src=g0; dst=host:netspoc; srv=service:pong;
access-list outside_in permit icmp object-group g0 host 10.1.11.111 0
! permit src=g0; dst=host:logger; srv=service:syslog;
access-list outside_in permit udp object-group g0 host 10.1.11.20 eq 514
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
access-list outside_in deny ip any any
access-group outside_in in interface outside

object-group network g1
 network-object host 10.10.1.1
 network-object host 10.10.1.2
 network-object host 10.10.1.3
object-group network g2
 network-object host 10.10.1.4
 network-object host 10.10.1.5
 network-object host 172.17.1.2
 network-object host 172.17.1.6
! interface:mngt.management
! permit src=network:0/0; dst=interface:mngt.management; srv=service:ping;
icmp permit 0.0.0.0 0.0.0.0 8 inside
! permit src=network:0/0; dst=interface:mngt.management; srv=service:pong;
icmp permit 0.0.0.0 0.0.0.0 0 inside
! permit src=host:netspoc; dst=interface:mngt.management; srv=service:telnet;
telnet 10.1.11.111 255.255.255.255 inside
! permit src=host:netspoc; dst=g0; srv=service:telnet;
access-list inside_in permit tcp host 10.1.11.111 object-group g0 eq 23
! permit src=host:netspoc; dst=g1; srv=service:ping;
access-list inside_in permit icmp host 10.1.11.111 object-group g1 8
! permit src=host:netspoc; dst=g2; srv=service:ping;
access-list inside_in permit icmp host 10.1.11.111 object-group g2 8
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
access-list inside_in deny ip any any
access-group inside_in in interface inside

! [ NAT ]
! Security levels: outside < inside
static (inside,outside) 10.1.11.0 10.1.11.0 netmask 255.255.255.0
nat (inside) 0 0.0.0.0 0.0.0.0
! [ END router:mngt ]

