version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname S2Router ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ip dhcp excluded-address 192.168.80.1 192.168.80.9 ip dhcp excluded-address 192.168.90.1 192.168.90.9 ip dhcp excluded-address 172.0.0.1 172.0.0.9 ip dhcp excluded-address 172.16.0.1 172.16.0.9 ! ip dhcp pool VLAN80 network 192.168.80.0 255.255.255.0 default-router 192.168.80.1 dns-server 192.198.50.2 ip dhcp pool VOICE network 192.168.90.0 255.255.255.0 default-router 192.168.90.1 option 150 ip 10.0.0.1 dns-server 192.168.50.2 ip dhcp pool WIRELESS network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 8.8.8.8 ! ! aaa new-model ! aaa authentication login default group tacacs+ local ! ! aaa authorization exec default group tacacs+ local ! ! ! ip cef no ipv6 cef ! ! ! username localadmin privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! license udi pid CISCO2911/K9 sn FTX152435Q4 license boot module c2900 technology-package securityk9 ! ! ! crypto isakmp policy 1 encr aes authentication pre-share group 2 ! crypto isakmp key 0 address 10.0.0.9 ! ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set SECUREWAN esp-aes esp-sha-hmac ! crypto map IPSECWAN 100 ipsec-isakmp set peer 10.0.0.9 set security-association lifetime seconds 86400 set transform-set SECUREWAN match address SECURED-TRAFFIC ! ! ! ! ip ssh version 2 ip domain-name mycorp.com ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address ip nat inside duplex auto speed auto ! interface GigabitEthernet0/0.80 encapsulation dot1Q 80 ip address 192.168.80.1 255.255.255.0 ip helper-address 10.0.0.9 ! interface GigabitEthernet0/0.90 encapsulation dot1Q 90 ip address 192.168.90.1 255.255.255.0 ! interface GigabitEthernet0/1 ip address 172.16.0.1 255.255.255.0 ip access-group 100 in ip nat inside duplex auto speed auto ! interface GigabitEthernet0/2 no ip address duplex auto speed auto shutdown ! interface Serial0/3/0 ip address 10.0.0.10 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco clock rate 2000000 crypto map IPSECWAN ! interface Serial0/3/1 ip address 28.28.28.28 255.255.255.0 ip nat outside clock rate 2000000 ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 192.168.80.0 0.0.0.255 area 2 network 192.168.90.0 0.0.0.255 area 2 network 10.0.0.8 0.0.0.3 area 0 ! ip nat inside source list 2 interface Serial0/3/1 overload ip nat inside source list 3 interface Serial0/3/1 overload ip classless ! ip flow-export version 9 ! ! ip access-list extended SECURED-TRAFFIC permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 access-list 1 permit 192.168.60.0 0.0.0.255 access-list 100 deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 100 deny ip 172.16.0.0 0.0.255.255 10.0.0.0 0.0.0.255 access-list 100 permit ip any any access-list 2 permit 192.168.80.0 0.0.0.255 access-list 3 permit 172.16.0.0 0.0.0.255 ! ! tacacs-server host 192.168.50.2 key cisco ! ! ! logging 192.168.50.2 line con 0 ! line aux 0 ! line vty 0 4 access-class 1 in exec-timeout 2 0 login authentication default transport input ssh line vty 5 15 access-class 1 in exec-timeout 2 0 login authentication default transport input ssh ! ! ntp authentication-key 1234 md5 0822455D0A16 7 ntp authenticate ntp server 192.168.50.2 key 0 ! end