version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname java ! logging buffered 4096 debugging ! clock timezone est -5 clock summer-time est recurring ip subnet-zero no ip source-route ip cef ip cef accounting per-prefix ! ! ! ip inspect audit-trail ip inspect name ethernetin cuseeme timeout 3600 ip inspect name ethernetin ftp timeout 3600 ip inspect name ethernetin h323 timeout 3600 ip inspect name ethernetin http timeout 3600 ip inspect name ethernetin rcmd timeout 3600 ip inspect name ethernetin realaudio timeout 3600 ip inspect name ethernetin smtp timeout 3600 ip inspect name ethernetin sqlnet timeout 3600 ip inspect name ethernetin streamworks timeout 3600 ip inspect name ethernetin tcp timeout 3600 ip inspect name ethernetin tftp timeout 30 ip inspect name ethernetin udp timeout 15 ip inspect name ethernetin vdolive timeout 3600 ip audit notify log ip audit po max-events 100 ip audit name idsinfo info action alarm ip audit name idsattack attack action alarm drop reset ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface Loopback0 ip address 172.25.1.1 255.255.255.0 ip nat inside ! interface FastEthernet0/0 ip address dhcp ip access-group 110 in ip verify unicast reverse-path no ip proxy-arp ip nat outside ip inspect ethernetin in ip audit idsattack in ip route-cache flow duplex auto speed auto no cdp enable crypto map pix hold-queue 100 in ! interface BRI0/0 no ip address encapsulation hdlc shutdown ! interface FastEthernet0/1 ip address 10.5.1.1 255.252.0.0 ip nat inside speed 100 full-duplex ! ip nat inside source list 7 interface FastEthernet0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 permanent no ip http server ! logging history size 10 logging history debugging logging facility local4 logging 10.5.20.1 access-list 7 permit 10.4.0.0 0.3.255.255 access-list 10 permit 172.25.1.1 access-list 10 permit 10.4.0.0 0.3.255.255 access-list 13 permit 10.0.0.0 0.255.255.255 access-list 13 permit any access-list 20 permit 10.0.0.0 0.252.255.255 access-list 20 permit 10.0.0.0 0.255.255.255 access-list 110 deny udp any any eq bootps log access-list 110 deny udp any any eq netbios-dgm log access-list 110 deny udp any any eq netbios-ns log access-list 110 deny tcp any any eq 445 log access-list 110 deny udp any any eq 445 log access-list 110 deny udp any any eq tftp log access-list 110 deny tcp any any eq cmd log access-list 110 deny tcp any any eq exec log access-list 110 deny tcp any any eq finger log access-list 110 deny tcp any any eq irc log access-list 110 deny tcp any any eq login log access-list 110 deny tcp any any eq sunrpc log access-list 110 deny tcp any any eq uucp log access-list 110 deny icmp any any redirect log access-list 110 permit ip any any route-map nonat permit 10 match ip address 110 ! ! dial-peer cor custom ! ! ! ! ! line con 0 line 33 48 line aux 0 line vty 0 4 access-class 20 in exec-timeout 30 0 privilege level 15 login local transport input ssh ! ntp clock-period 17180283 ntp source FastEthernet0/0 ntp master 4 ntp server 128.9.176.30 prefer ntp server 199.212.17.35 end