Building configuration... Current configuration : 13695 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname smc-guangzhou-3745 ! boot-start-marker boot system flash c3745-adventerprisek9-mz.123-7.T.bin boot-end-marker ! logging buffered 51200 warnings enable password winet2004 ! clock timezone Beijing 8 no network-clock-participate slot 1 no network-clock-participate slot 2 no network-clock-participate slot 3 no network-clock-participate slot 4 no network-clock-participate wic 0 no network-clock-participate wic 1 no network-clock-participate wic 2 no network-clock-participate aim 0 no network-clock-participate aim 1 voice-card 1 dspfarm ! aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local aaa session-id common ip subnet-zero ip cef ! ! ! ! no ip domain lookup ip domain name xxxx.com.cn ip host aux 2161 10.58.37.163 ip audit po max-events 100 no ftp-server write-enable ! ! voice call carrier capacity active ! ! voice class codec 100 codec preference 1 g729r8 codec preference 2 g729br8 codec preference 3 g723r63 codec preference 4 g723ar63 codec preference 5 g711ulaw ! ! ! ! ! ! ! ! ! ! crypto pki server smc-gz issuer-name CN=xxx.com.cn L=Guangzhou C=CN lifetime certificate 1825 lifetime ca-certificate 1825 shutdown ! crypto pki trustpoint smc-gz revocation-check crl rsakeypair smc ! crypto pki trustpoint smc-ca-gz enrollment url http://29.13.2.24:80 usage ike serial-number revocation-check none auto-enroll ! ! crypto pki certificate chain smc-gz certificate ca 01 30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 04050030 26312430 22060355 0403131B 736D632E 636F6D2E 636E204C 3D477561 6E677A68 6F752043 3D434E30 1E170D30 36303531 31313231 3834395A 170D3131 30353130 31323138 34395A30 26312430 22060355 0403131B 736D632E 636F6D2E 636E204C 3D477561 6E677A68 6F752043 3D434E30 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B69627E0 565F61E4 D8FCEB0C 20D2A187 4C3842D2 DD2AA154 8C33A956 848FBB13 2A17DAB8 7C999066 86F7FFFE CA5C75DA 59B900A8 09A6DEBE 932224FC 1D110C46 50C4E86F 3F6FB4B1 BB91F95B 9FE7F4EE F3DC5D55 77082430 B19ADAA4 7E139BF0 9C0357E4 98400D91 04F9CD5A C4636DFB 30BEEB82 95FB6942 3B4F7919 7B2059C5 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 16801405 5C939074 208DBB7B 0AC749D3 0F8EC93E 7F7FED30 1D060355 1D0E0416 0414055C 93907420 8DBB7B0A C749D30F 8EC93E7F 7FED300D 06092A86 4886F70D 01010405 00038181 002B7981 1E29FD64 9DBAA6B4 3108D886 9A674F87 A3CE95C5 01E6CB89 9B3784E3 A213CDAD 748807A4 E520739E 5BF0C1EC AF605335 07B145F3 E58AA261 F56FAA35 7B5231E4 6C4399F5 7D402687 B3266E36 10A1B3EB 40F51487 D1F06BD0 1E303435 8A1BA7C4 55822530 DF95D6A8 0F36589C C37A7016 ECEBCDE4 BC3F2289 13890627 45 quit crypto pki certificate chain smc-ca-gz certificate ca 01 30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 04050030 26312430 22060355 0403131B 736D632E 636F6D2E 636E204C 3D477561 6E677A68 6F752043 3D434E30 1E170D30 36303531 31313231 3834395A 170D3131 30353130 31323138 34395A30 26312430 22060355 0403131B 736D632E 636F6D2E 636E204C 3D477561 6E677A68 6F752043 3D434E30 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B69627E0 565F61E4 D8FCEB0C 20D2A187 4C3842D2 DD2AA154 8C33A956 848FBB13 2A17DAB8 7C999066 86F7FFFE CA5C75DA 59B900A8 09A6DEBE 932224FC 1D110C46 50C4E86F 3F6FB4B1 BB91F95B 9FE7F4EE F3DC5D55 77082430 B19ADAA4 7E139BF0 9C0357E4 98400D91 04F9CD5A C4636DFB 30BEEB82 95FB6942 3B4F7919 7B2059C5 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 16801405 5C939074 208DBB7B 0AC749D3 0F8EC93E 7F7FED30 1D060355 1D0E0416 0414055C 93907420 8DBB7B0A C749D30F 8EC93E7F 7FED300D 06092A86 4886F70D 01010405 00038181 002B7981 1E29FD64 9DBAA6B4 3108D886 9A674F87 A3CE95C5 01E6CB89 9B3784E3 A213CDAD 748807A4 E520739E 5BF0C1EC AF605335 07B145F3 E58AA261 F56FAA35 7B5231E4 6C4399F5 7D402687 B3266E36 10A1B3EB 40F51487 D1F06BD0 1E303435 8A1BA7C4 55822530 DF95D6A8 0F36589C C37A7016 ECEBCDE4 BC3F2289 13890627 45 quit ! ! class-map match-any HTTP match protocol http class-map match-any Block-P2P match protocol fasttrack file-transfer "*" match protocol gnutella file-transfer "*" match protocol napster match protocol vdolive class-map match-all internet-traffic match access-group 102 ! ! policy-map Internet-POLICY class internet-traffic priority 1000 policy-map Block-P2P class Block-P2P drop class HTTP policy-map Block-P2P-HTTP class Block-P2P drop ! ! crypto keyring dmvpn pre-shared-key address 0.0.0.0 0.0.0.0 key dmvpnkey rsa-pubkey address 0.0.0.0 address 0.0.0.0 key-string quit no crypto xauth FastEthernet0/1 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key winet2004 address 28.29.26.94 no-xauth crypto isakmp key smcipsec_key address 19.41.228.22 no-xauth crypto isakmp keepalive 10 crypto isakmp nat keepalive 5 ! crypto isakmp client configuration group guangzhou-broker key broker-2005 dns 10.116.0.18 10.116.0.16 wins 10.116.0.16 pool broker-pool acl 135 save-password ! crypto isakmp client configuration group ezvpn key gzezvpn dns 10.116.192.4 pool vpn-pool acl 133 save-password crypto isakmp profile DMVPN keyring dmvpn match identity address 0.0.0.0 crypto isakmp profile Brokerlient match identity group guangzhou-broker client authentication list userauthen isakmp authorization list groupauthor client configuration address initiate client configuration address respond ! ! crypto ipsec transform-set dmvpnset esp-des esp-sha-hmac crypto ipsec transform-set smcipsec_set esp-3des esp-md5-hmac crypto ipsec transform-set myset esp-3des esp-md5-hmac ! crypto ipsec profile dmvpnprof set transform-set dmvpnset set isakmp-profile DMVPN ! ! crypto dynamic-map dynmap 10 reverse-route crypto dynamic-map dynmap 20 set isakmp-profile Brokerlient reverse-route crypto dynamic-map dynmap 30 match address 101 ! crypto dynamic-map dynma 10 set transform-set myset reverse-route ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynma ! crypto map smcipsec_map 9 ipsec-isakmp set peer 19.41.228.22 set transform-set smcipsec_set match address 133 ! ! ! ! interface Tunnel1 description MULTI-POINT GRE TUNNEL for BRANCHES bandwidth 1000 ip address 10.116.200.1 255.255.255.0 no ip redirects ip mtu 1300 ip nhrp authentication dmvpn ip nhrp map multicast dynamic ip nhrp network-id 99 ip nhrp holdtime 300 no ip route-cache cef no ip route-cache no ip mroute-cache ip ospf network broadcast ip ospf priority 255 delay 1000 tunnel source FastEthernet0/1 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile dmvpnprof ! interface Tunnel10 ip address 10.116.201.253 255.255.255.252 ip accounting output-packets ip ospf cost 10 tunnel source FastEthernet0/1 tunnel destination 29.142.9.54 ! interface Tunnel17 ip unnumbered FastEthernet0/1 ! interface Tunnel102 description to shenzhen ip address 10.116.202.253 255.255.255.252 no ip redirects ip mtu 1300 tunnel source 19.13.7.246 tunnel destination 21.15.29.137 ! interface Tunnel110 ip address 10.116.203.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 21.12.15.5 ! interface Tunnel111 ip address 10.116.204.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 27.151.116.89 ! interface Tunnel112 ip address 10.116.205.253 255.255.255.252 shutdown tunnel source 19.13.7.246 tunnel destination xxx.122.15.5 ! interface Tunnel113 ip address 10.116.206.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination xxx.122.15.5 ! interface Tunnel114 ip address 10.116.207.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 123.116.xxx.xxx ! interface Tunnel115 ip address 10.116.208.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 220.168.91.159 ! interface Tunnel117 ip address 10.116.209.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 11.180.111.88 ! interface Loopback0 ip address 10.58.37.222 255.255.255.255 ip ospf network point-to-point h323-gateway voip interface h323-gateway voip id smc-gk ipaddr 10.116.0.5 1719 h323-gateway voip tech-prefix 82 ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FastEthernet 0/0$ ip address 61.14.183.10 255.255.255.248 secondary ip address 59.141.225.126 255.255.255.248 ip accounting output-packets duplex auto speed auto ! interface Serial0/0 no ip address shutdown clockrate 2000000 ! interface FastEthernet0/1 ip address 19.13.7.246 255.255.255.252 ip accounting output-packets ip nbar protocol-discovery duplex auto speed auto crypto map clientmap ! interface Virtual-Template1 no ip address ! router ospf 1 log-adjacency-changes redistribute static metric 100 metric-type 1 subnets network 10.0.0.0 0.0.0.0 area 0 network 10.0.0.0 0.255.255.255 area 0 ! ip local pool ezvpn-pool 10.116.201.1 10.116.201.63 ip local pool broker-pool 10.116.201.64 10.116.201.127 ip local pool vpn-pool 10.1.1.1 10.1.1.63 ip classless ip route 0.0.0.0 0.0.0.0 219.137.27.245 ip route 10.1.1.0 255.255.255.0 FastEthernet0/1 ip route 10.116.192.0 255.255.252.0 59.41.215.225 ip route 10.116.193.0 255.255.255.0 59.41.215.225 ip route 10.116.196.0 255.255.255.0 172.16.1.2 ip route 10.116.197.0 255.255.255.0 Tunnel102 ip route 10.116.198.0 255.255.255.0 Tunnel110 ip route 10.116.199.0 255.255.255.0 Tunnel111 ip route 10.116.200.0 255.255.255.0 Tunnel112 ip route 10.116.201.0 255.255.255.0 Tunnel113 ip route 10.116.222.0 255.255.255.0 Tunnel114 ip route 10.116.223.0 255.255.255.0 Tunnel115 ip route 10.116.224.0 255.255.255.0 Tunnel117 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! ! access-list 101 permit ip host 19.13.7.246 host 29.142.9.54 access-list 101 permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 102 permit udp any any range 16384 32767 access-list 102 permit ip host 10.116.48.16 host 10.116.32.17 access-list 102 permit ip host 10.116.32.17 host 10.116.48.16 access-list 102 permit ip host 10.116.48.39 host 10.116.32.17 access-list 102 permit ip host 10.116.32.17 host 10.116.48.39 access-list 102 permit tcp any eq 1720 any access-list 102 permit tcp any any eq 1720 access-list 102 permit udp any eq 1719 any access-list 102 permit udp any any eq 1719 access-list 133 permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 135 permit ip host 10.116.32.20 any access-list 135 permit ip host 10.58.37.163 any snmp-server community winet2005 RW snmp-server enable traps tty ! ! ! ! control-plane ! ! ! voice-port 1/0/0 ! voice-port 1/0/1 ! voice-port 1/0/2 ! voice-port 1/0/3 shutdown ! ! ! ! dial-peer cor custom ! ! ! dial-peer voice 301 voip destination-pattern .T voice-class codec 100 session target ras dtmf-relay cisco-rtp h245-signal h245-alphanumeric ! dial-peer voice 1000 pots preference 1 destination-pattern 82001 port 1/0/0 ! dial-peer voice 1005 pots preference 2 destination-pattern 82002 port 1/0/1 ! dial-peer voice 1010 pots preference 3 destination-pattern 82003 port 1/0/2 ! dial-peer voice 1015 pots preference 4 destination-pattern 82004 port 1/0/3 ! dial-peer voice 401 voip destination-pattern 83T session target ipv4:10.116.197.254 ! dial-peer voice 402 voip destination-pattern 86T session target ipv4:10.116.199.254 ! dial-peer voice 403 voip destination-pattern 84T session target ipv4:10.116.198.254 ! dial-peer voice 404 voip destination-pattern 87T session target ipv4:10.116.222.254 ! dial-peer voice 405 voip destination-pattern 89T session target ipv4:10.116.224.254 ! dial-peer voice 406 voip destination-pattern 88T session target ipv4:10.116.223.254 ! dial-peer voice 407 voip destination-pattern 85T session target ipv4:10.116.206.254 ! ! banner login ^C ----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". Please change these publicly known initial credentials using SDM or the IOS CLI. Here are the Cisco IOS commands. username privilege 15 secret 0 no username cisco Replace and with the username and password you want to use. For more information about SDM please follow the instructions in the QUICK START GUIDE for your router or go to http://www.cisco.com/go/sdm ----------------------------------------------------------------------- ^C ! line con 0 line aux 0 no exec transport input all line vty 0 4 line vty 5 15 privilege level 15 transport input telnet ssh ! ntp clock-period 17176873 ntp source Loopback0 ntp master ntp server 10.116.16.4 ! end