SR520#show running-config Building configuration... Current configuration : 8003 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname SR520 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging message-counter syslog logging buffered 51200 logging console critical enable secret 5 XXX ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! ! aaa session-id common clock timezone GMT 1 clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00 ! crypto pki trustpoint TP-self-signed-3900566622 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3900566622 revocation-check none rsakeypair TP-self-signed-3900566622 ! ! crypto pki certificate chain TP-self-signed-3900566622 certificate self-signed 01 3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33393030 35363636 3232301E 170D3039 30333033 31323133 32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39303035 36363632 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81009C37 BD5C3E92 DA761CB4 1C69B624 87F07593 5CDDDEEC 06361C9B 176C5544 1CCEC175 7E608244 2C09D930 BE9A5EC5 F889F0F3 D7C0488B 0F6476FE 9224C3A8 3C30404E BD355C67 1BCB4E52 E7A1EE51 6017748F 2D812CDE B3406370 72B2D40F 20C1027D CD291B83 D1025431 B01C4D91 58B0965D 1461F3EC 54650B9A 2E899330 D9830203 010001A3 65306330 0F060355 1D130101 FF040530 030101FF 30100603 551D1104 09300782 05535235 3230301F 0603551D 23041830 16801468 45411025 D1579C14 CFEFAB66 09114E75 1E444930 1D060355 1D0E0416 04146845 411025D1 579C14CF EFAB6609 114E751E 4449300D 06092A86 4886F70D 01010405 00038181 005AEC72 33C666B5 90232F4F B0948A3D 87125509 39258DF3 600975A2 E7DC80DD 97F44466 2CA379DE A93137D8 17C24EA5 F74A970A EB4D1049 13A59DF6 70141682 A3F5B4BE A31ABE06 C4395F57 A2DE4CDE 800A3C90 B1CD78AB F607583D 8BB35E72 DED935A8 73704863 41DE2820 30A14446 BC2DE4E8 71625024 620E98C6 F1E53063 53 quit dot11 syslog no ip source-route ! ! ip dhcp excluded-address 192.168.75.1 192.168.75.10 ! ip dhcp pool inside import all network 192.168.75.0 255.255.255.0 default-router 192.168.75.1 dns-server 194.109.6.66 194.109.9.99 ! ! ip cef no ip bootp server ip name-server 194.109.9.99 ! no ipv6 cef multilink bundle-name authenticated ! ! username cisco privilege 15 secret 5 XXX ! ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ! class-map type inspect match-all sdm-nat-http-1 match access-group 101 match protocol http class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all dhcp_out_self match access-group name dhcp-resp-permit class-map type inspect match-all dhcp_self_out match access-group name dhcp-req-permit class-map type inspect match-all sdm-protocol-http match protocol http class-map type inspect match-all sdm-nat-ssh-1 match access-group 102 match protocol ssh ! ! policy-map type inspect sdm-permit-icmpreply class type inspect dhcp_self_out pass class type inspect sdm-cls-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-cls-insp-traffic inspect class type inspect SDM-Voice-permit pass class type inspect sdm-invalid-src drop log class type inspect sdm-protocol-http inspect class class-default drop policy-map type inspect sdm-inspect-voip-in class type inspect SDM-Voice-permit pass class type inspect sdm-nat-http-1 pass class type inspect sdm-nat-ssh-1 pass class class-default drop policy-map type inspect sdm-permit class type inspect dhcp_out_self pass class class-default drop ! zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-in source out-zone destination in-zone service-policy type inspect sdm-inspect-voip-in zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect ! ! ! interface Null0 no ip unreachables ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive pvc 8/48 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0 switchport access vlan 75 ! interface FastEthernet1 switchport access vlan 75 ! interface FastEthernet2 switchport access vlan 75 ! interface FastEthernet3 switchport access vlan 75 ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ! interface Vlan75 description $FW_INSIDE$ ip address 192.168.75.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly zone-member security in-zone ip tcp adjust-mss 1412 ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside ip virtual-reassembly zone-member security out-zone encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp chap hostname cisco ppp chap password 7 XXXX ppp pap sent-username XXXX password 7 XXXX ppp ipcp dns request ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 10.1.0.0 255.255.0.0 192.168.75.9 ip route 192.168.10.0 255.255.255.0 192.168.75.9 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.75.3 80 interface Dialer0 80 ip nat inside source static tcp 192.168.75.3 22 interface Dialer0 22 ! ip access-list extended dhcp-req-permit remark SDM_ACL Category=1 permit udp any eq bootpc any eq bootps ip access-list extended dhcp-resp-permit remark SDM_ACL Category=1 permit udp any eq bootps any eq bootpc ! logging trap debugging access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.75.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=0 access-list 101 permit ip any host 192.168.75.3 access-list 102 remark SDM_ACL Category=0 access-list 102 permit ip any host 192.168.75.3 dialer-list 1 protocol ip permit ! ! ! ! ! control-plane ! banner login ^CSR520 Base Config - MFG 1.0 ^C ! line con 0 no modem enable transport output telnet line aux 0 transport output telnet line vty 0 4 transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ntp server 194.109.22.18 prefer end