Spoke-Router#sho run Building configuration... Current configuration : 5624 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Spoke-Router ! boot-start-marker boot system flash:/c1841-advipservicesk9-mz.124-15.XY.bin boot-end-marker ! ! no aaa new-model clock summer-time CST recurring ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.42.59.1 10.42.59.99 ip dhcp excluded-address 10.42.59.200 10.42.59.254 ! ip dhcp pool CORP network 10.42.59.0 255.255.255.0 default-router 10.42.59.1 dns-server 10.4.4.102 10.4.4.17 domain-name community.com ! ip dhcp pool PUBLIC network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 dns-server x.x.x.x x.x.x.x lease 0 2 ! ip dhcp pool Printer host 10.42.59.200 255.255.255.0 hardware-address 0080.7708.6ff8 default-router 10.42.59.1 ! ip dhcp pool AP import all host 10.10.10.5 255.255.255.0 client-identifier 0100.1aa2.9688.74 ! ip dhcp pool BackOffice host 10.42.59.10 255.255.255.0 client-identifier 0100.2170.0ba0.ad dns-server 10.4.4.102 10.4.4.17 default-router 10.42.59.1 ! ip dhcp pool grill1 host 10.42.59.201 255.255.255.0 hardware-address 0000.4819.5c7b default-router 10.42.59.1 ! ! ip cef no ip domain lookup ip domain name community.com ip inspect name FW_OUT tcp ip inspect name FW_OUT udp ip inspect name FW_OUT http ip inspect name FW_OUT icmp ! no ipv6 cef multilink bundle-name authenticated ! ! ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key vpn.key.pita address 1.1.1.1 crypto isakmp aggressive-mode disable ! ! crypto ipsec transform-set STRONG esp-aes 256 esp-sha-hmac mode transport ! crypto ipsec profile DMVPN set transform-set STRONG ! ! ! ! username admin archive log config hidekeys ! ! ip ssh version 2 ! class-map match-any UNWELCOME match protocol gnutella match protocol kazaa2 match protocol edonkey match protocol winmx match protocol fasttrack match protocol bittorrent ! ! policy-map INBOUND_PUBLIC class UNWELCOME drop class class-default police rate 2048000 bps burst 10000 bytes conform-action transmit exceed-action drop violate-action drop policy-map OUTBOUND_PUBLIC class class-default police rate 2048000 bps burst 10000 bytes conform-action transmit exceed-action drop violate-action drop ! ! ! ! interface Tunnel0 ip address 172.16.17.59 255.255.252.0 no ip redirects ip mtu 1400 ip nhrp authentication CCCOFFEE ip nhrp map 172.16.16.1 1.1.1.1 ip nhrp map multicast 1.1.1.1 ip nhrp network-id 66 ip nhrp holdtime 300 ip nhrp nhs 172.16.16.1 ip nhrp cache non-authoritative ip tcp adjust-mss 1300 delay 1000 tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel key 100 tunnel protection ipsec profile DMVPN ! interface FastEthernet0/0 description *****WAN_CONNECTION***** ip address 2.2.2.2 0.0.0.0 ip access-group OUTSIDE_IN in ip nat outside ip inspect FW_OUT out ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 description *****TRUNK PORT***** no ip address duplex auto speed auto ! interface FastEthernet0/1.1 description *****NATIVE VLAN***** encapsulation dot1Q 1 native ! interface FastEthernet0/1.2 description *****VLAN42 PRIVATE NETWORK***** encapsulation dot1Q 42 ip address 10.42.59.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1300 ! interface FastEthernet0/1.3 description *****VLAN88 PUBLIC NETWORK***** encapsulation dot1Q 88 ip address 10.10.10.1 255.255.255.0 ip access-group PUBLIC_INTERNET in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1300 service-policy input INBOUND_PUBLIC service-policy output OUTBOUND_PUBLIC ! router eigrp 1 passive-interface default no passive-interface Tunnel0 network 10.42.0.0 0.0.255.255 network 172.16.16.0 0.0.3.255 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 3.3.3.3 ip route 10.82.1.0 255.255.255.0 10.4.0.4 ! ! no ip http server no ip http secure-server ip nat inside source route-map NAT_INSIDE interface FastEthernet0/0 overload ! ip access-list extended NAT_INSIDE permit ip 10.10.10.0 0.0.0.255 any permit ip 10.42.59.0 0.0.0.255 any ip access-list extended OUTSIDE_IN permit udp any any eq isakmp permit esp any any permit gre any any permit tcp any any eq 22 ip access-list extended PUBLIC_INTERNET permit udp any any eq bootpc deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 permit ip any any ! ! ! ! route-map NAT_INSIDE permit 10 match ip address NAT_INSIDE ! ! ! ! control-plane ! ! ^C ! line con 0 logging synchronous login local line aux 0 line vty 0 4 login local transport input ssh transport output ssh ! scheduler allocate 20000 1000 ! webvpn cef end