Building configuration...

  
Current configuration : 9031 bytes
!
! Last configuration change at 16:35:41 GMT Thu Nov 12 2015 by admin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RT1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authorization network local-group-author-list local 
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone GMT 9 0
!
crypto pki trustpoint TP-self-signed-2227276735
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2227276735
 revocation-check none
 rsakeypair TP-self-signed-2227276735
!
!
crypto pki certificate chain TP-self-signed-2227276735
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32323237 32373637 3335301E 170D3135 31313132 30363433 
  31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32323732 
  37363733 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81009E84 134B14D9 5C88A8CD DD9984B5 B5D69DCD 5D37E499 FF2DF81C 16A74718 
  753E1226 39CFF263 27C53E57 580F2058 220AA1AC F8AD15D1 FD9C6B06 1541335B 
  E2DDC023 A16E201C A7ACDA30 3616A2EB 415B4525 749AEE56 8B0C06FB 16B93139 
  8AF3D9CA 6A9A67D3 6E11AC94 B2AC302B E51C13C3 C062CC82 33B55940 CA6E56D5 
  EAFD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 14E7087C 2126906C 2EE73652 C4E834EC 1D982017 E8301D06 
  03551D0E 04160414 E7087C21 26906C2E E73652C4 E834EC1D 982017E8 300D0609 
  2A864886 F70D0101 05050003 81810074 27F08C55 6C7F378D C4E4AEE7 C1727E78 
  56BF8702 F1297738 6CFFDED8 FC372D6F DF9D7845 509EC650 C3DABF2C 5E0FCD44 
  524CBF19 9AB23F6D FD0803E3 176D5A53 43FA59AB CFA66B1A 1E2A597C 458D4CFE 
  7F77E7FF 8B2F8D00 6EAD02E5 00C97DEC A0F5A8A3 8A4C31F6 F97AE2FD 3AE07F25 
  19B442DC 15A4236B C0799C8E D62F85
  	quit
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 11.11.11.1
!
ip dhcp pool lan
 import all
 network 11.11.11.0 255.255.255.0
 dns-server 11.11.11.1 
 default-router 11.11.11.1 
!
!
!
ip domain name njs.local
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
 match ipv4 source address
 match ipv4 destination address
 match application name
 collect interface output
 collect counter bytes
 collect counter packets
 collect timestamp absolute first
 collect timestamp absolute last
!
!
flow monitor application-mon
 cache timeout active 60
 record nbar-appmon
!
parameter-map type inspect global
 max-incomplete low 18000
 max-incomplete high 20000
 nbar-classify
!
multilink bundle-name authenticated
!
license udi pid C841M-4X-JAIS/K9 sn FGL193521BB
!
!
object-group service INTERNAL_UTM_SERVICE 
!
object-group network internet_dst_net 
 any
!
object-group network internet_src_net 
 any
!
object-group service internet_svc 
 ip
!
object-group network local_cws_net 
!
object-group network local_lan_subnets 
 11.11.11.0 255.255.255.0
!
object-group network vpn_remote_subnets 
 10.10.10.0 255.255.255.0
!
username admin privilege 15 secret 5 XXXXXXXX
!
redundancy
!
crypto ikev2 authorization policy authpolicy1 
 route set interface GigabitEthernet0/0
 route set interface GigabitEthernet0/1
 route set interface GigabitEthernet0/2
 route set interface GigabitEthernet0/3
 route set interface Vlan1
!
crypto ikev2 proposal default
 encryption aes-cbc-256 aes-cbc-192 aes-cbc-128
 integrity sha512 sha384 sha256 sha1 md5
 group 5 2
!
crypto ikev2 policy default
 match fvrf any
 proposal default
!
crypto ikev2 keyring key
 peer SITE-KEY
  address 192.168.100.14
  identity address 192.168.100.14
  pre-shared-key vpnpw
 !
!
!
crypto ikev2 profile prof
 match identity remote address 192.168.100.14 255.255.255.255 
 authentication remote pre-share
 authentication local pre-share
 keyring local key
 aaa authorization group psk list local-group-author-list authpolicy1
!
crypto ikev2 dpd 10 2 periodic
!
no cdp run
!
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
 match protocol msnmsgr
 match protocol ymsgr
class-map type inspect match-all internet
 match access-group name internet_acl
!
policy-map type inspect LAN-WAN-POLICY
 class type inspect internet
  inspect 
 class type inspect INTERNAL_DOMAIN_FILTER
  inspect 
 class class-default
  drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
 service-policy type inspect LAN-WAN-POLICY
! 
!
!
crypto ipsec transform-set test_trans esp-aes esp-sha-hmac 
 mode tunnel
!
!
crypto ipsec profile test_profile
 set transform-set test_trans 
 set ikev2-profile prof
!
!
!
!
!
!
interface Tunnel0
 ip address 192.168.100.15 255.255.255.0
 zone-member security VPN
 tunnel source Dialer1
 tunnel mode ipsec ipv4
 tunnel destination 192.168.100.14
 tunnel protection ipsec profile test_profile
!
interface GigabitEthernet0/0
 no ip address
 zone-member security LAN
!
interface GigabitEthernet0/1
 no ip address
 zone-member security LAN
!
interface GigabitEthernet0/2
 no ip address
 zone-member security LAN
!
interface GigabitEthernet0/3
 no ip address
 zone-member security LAN
!
interface GigabitEthernet0/4
 no ip address
 ip tcp adjust-mss 1412
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/5
 description PrimaryWANDesc_
 no ip address
 ip tcp adjust-mss 1412
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Vlan1
 description $ETH_LAN$
 ip address 11.11.11.1 255.255.255.0
 ip nbar protocol-discovery
 ip flow monitor application-mon input
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in
 zone-member security LAN
 ip tcp adjust-mss 1412
 load-interval 30
!
interface Dialer1
 description PrimaryWANDesc__GigabitEthernet0/5
 mtu 1492
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly in
 zone-member security WAN
 encapsulation ppp
 ip tcp adjust-mss 1412
 dialer pool 1
 dialer-group 1
 ppp mtu adaptive
 ppp authentication chap pap callin
 ppp chap hostname test2@test.com
 ppp chap password 0 test2
 ppp pap sent-username test2@test.com password 0 test2
 ppp ipcp dns request
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list nat-list interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended INTRANET-WHITELIST
 permit ip any 10.10.10.0 0.0.0.255
ip access-list extended internet_acl
 permit object-group internet_svc object-group internet_src_net object-group internet_dst_net
ip access-list extended nat-list
 deny   ip object-group local_lan_subnets object-group vpn_remote_subnets
 permit ip object-group local_lan_subnets any
 deny   ip any any
!
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you 
want to use.
 
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the 
password "cisco". These default credentials have a privilege level of 15.
 
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want 
to use. 

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL 
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
 
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp 
-----------------------------------------------------------------------
^C
!
line con 0
 no modem enable
line vty 0 4
 privilege level 15
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end