! ! Last configuration change at 07:36:01 UTC Sun May 21 2017 by mahin_admin ! version 15.5 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname INTERNET_ROUTER ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings enable secret 5 $1$Y1Da$LcQX.k7xACGIKX/J.pUT90 ! no aaa new-model bsd-client server url https://cloudsso.cisco.com/as/token.oauth2 ! ! ! ! ! ! ! ! ! ip dhcp excluded-address 10.10.10.1 ! ! ! ip domain name mahin.com ip cef no ipv6 cef ! multilink bundle-name authenticated ! vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! ! cts logging verbose ! crypto pki trustpoint TP-self-signed-2562467336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2562467336 revocation-check none rsakeypair TP-self-signed-2562467336 ! ! crypto pki certificate chain TP-self-signed-2562467336 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32353632 34363733 3336301E 170D3136 30373238 30373235 32335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35363234 36373333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B960 6EB283C6 3A000962 A7FC771D F35B827E 2BE7C4C8 C417E0CE 7950156B CA37C9AA 5F5B78FE CECB6CC9 E1998C21 BC68F673 95D35615 43AA5737 DC5F8992 E1F34765 F3165FF7 3E8BCB9C DD9DAF0D CA67BC30 87BA5B6F A71F1090 5E6659A5 80619897 3E01C06E 392418BA A2989BD0 723240AD 37AD6063 18958E3D 95EDB325 C1AB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 1406E9F8 5552A1C4 4E02A674 624DA7C0 2DFBD15A F5301D06 03551D0E 04160414 06E9F855 52A1C44E 02A67462 4DA7C02D FBD15AF5 300D0609 2A864886 F70D0101 05050003 81810087 9F6A513D E04E4FC4 A770915B 76AC30B7 26424D77 30FD427B 51569AAB 5B46A8A1 9D590189 F03AE812 182DAB3D 3403B331 266D9266 16843346 50F17189 52BAA6A5 9233AD9C 36813B29 3800FCB7 A41AF5EF D5ED641A AB1E6E2F 0EFE0969 87303406 69BBCDDC E01589D9 AA9C5C13 D4A6ED50 BCA63F7E 6BA1E2E0 D5E1D282 83FFD2 quit license udi pid CISCO2901/K9 sn FGL203111JC ! ! username mahin_admin privilege 15 password 7 011F03055F182602204447074E5D41 username mahin-vpn password 7 09414F01100B37041B0253727D ! redundancy ! ! ! ! ! ip ssh version 2 ! ! ! ! ! ! ! ! ! ! interface Tunnel1 ip address 10.12.10.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel destination 49.0.43.50 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description **WAN CONNECTION** ip address 49.0.43.51 255.255.255.248 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 description ** CONNECTED TO FIREWALL ** ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/0/0 no ip address ! interface GigabitEthernet0/0/1 no ip address ! interface GigabitEthernet0/0/2 no ip address ! interface GigabitEthernet0/0/3 no ip address ! interface Virtual-Template1 ip unnumbered GigabitEthernet0/0 ip mtu 1400 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1360 peer default ip address pool PPTP-Pool no keepalive ppp encrypt mppe 128 ppp authentication ms-chap ms-chap-v2 ! interface Vlan1 no ip address ! ip local pool PPTP-Pool 192.168.80.20 192.168.80.50 ip forward-protocol nd ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source list 100 interface GigabitEthernet0/0 overload ip nat inside source static tcp 192.168.1.250 88 49.0.43.52 88 extendable ip nat inside source static 192.168.100.20 49.0.43.53 ip route 0.0.0.0 0.0.0.0 49.0.43.49 ip route 10.10.10.8 255.255.255.248 10.10.10.2 ip route 10.10.20.0 255.255.255.0 10.12.10.2 ip route 192.168.0.0 255.255.254.0 10.10.10.2 ip route 192.168.2.0 255.255.255.0 10.12.10.2 ip route 192.168.4.0 255.255.254.0 10.10.10.2 ip route 192.168.6.0 255.255.254.0 10.12.10.2 ip route 192.168.10.0 255.255.255.0 10.10.10.2 ip route 192.168.20.0 255.255.255.0 10.12.10.2 ip route 192.168.30.0 255.255.255.0 10.10.10.2 ip route 192.168.40.0 255.255.255.0 10.12.10.2 ip route 192.168.100.0 255.255.255.0 10.10.10.2 ! ! ! snmp-server community mread RO snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps vrrp snmp-server enable traps transceiver all snmp-server enable traps ds1 snmp-server enable traps call-home message-send-fail server-fail snmp-server enable traps tty snmp-server enable traps eigrp snmp-server enable traps ospf state-change snmp-server enable traps ospf errors snmp-server enable traps ospf retransmit snmp-server enable traps ospf lsa snmp-server enable traps ospf cisco-specific state-change nssa-trans-change snmp-server enable traps ospf cisco-specific state-change shamlink interface snmp-server enable traps ospf cisco-specific state-change shamlink neighbor snmp-server enable traps ospf cisco-specific errors snmp-server enable traps ospf cisco-specific retransmit snmp-server enable traps ospf cisco-specific lsa snmp-server enable traps license snmp-server enable traps envmon snmp-server enable traps flash insertion removal low-space snmp-server enable traps auth-framework sec-violation auth-fail snmp-server enable traps c3g snmp-server enable traps LTE snmp-server enable traps ds3 snmp-server enable traps adslline snmp-server enable traps vdsl2line snmp-server enable traps icsudsu snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps isdn chan-not-avail snmp-server enable traps isdn ietf snmp-server enable traps ds0-busyout snmp-server enable traps ds1-loopback snmp-server enable traps energywise snmp-server enable traps vstack snmp-server enable traps mac-notification snmp-server enable traps trustsec-sxp conn-srcaddr-err msg-parse-err conn-config-err binding-err conn-up conn-down binding-expn-fail oper-nodeid-change binding-conflict snmp-server enable traps bgp cbgp2 snmp-server enable traps isis snmp-server enable traps ospfv3 state-change snmp-server enable traps ospfv3 errors snmp-server enable traps aaa_server snmp-server enable traps atm subif snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency snmp-server enable traps memory bufferpeak snmp-server enable traps cnpd snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps entity-ext snmp-server enable traps entity snmp-server enable traps fru-ctrl snmp-server enable traps resource-policy snmp-server enable traps event-manager snmp-server enable traps frame-relay multilink bundle-mismatch snmp-server enable traps frame-relay snmp-server enable traps frame-relay subif snmp-server enable traps hsrp snmp-server enable traps ipmulticast snmp-server enable traps mempool snmp-server enable traps msdp snmp-server enable traps mvpn snmp-server enable traps nhrp nhs snmp-server enable traps nhrp nhc snmp-server enable traps nhrp nhp snmp-server enable traps nhrp quota-exceeded snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps pppoe snmp-server enable traps cpu threshold snmp-server enable traps rsvp snmp-server enable traps syslog snmp-server enable traps l2tun session snmp-server enable traps l2tun pseudowire status snmp-server enable traps vtp snmp-server enable traps waas snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up snmp-server enable traps ipsla snmp-server enable traps bfd snmp-server enable traps gdoi gm-start-registration snmp-server enable traps gdoi gm-registration-complete snmp-server enable traps gdoi gm-re-register snmp-server enable traps gdoi gm-rekey-rcvd snmp-server enable traps gdoi gm-rekey-fail snmp-server enable traps gdoi ks-rekey-pushed snmp-server enable traps gdoi gm-incomplete-cfg snmp-server enable traps gdoi ks-no-rsa-keys snmp-server enable traps gdoi ks-new-registration snmp-server enable traps gdoi ks-reg-complete snmp-server enable traps firewall serverstatus snmp-server enable traps ike policy add snmp-server enable traps ike policy delete snmp-server enable traps ike tunnel start snmp-server enable traps ike tunnel stop snmp-server enable traps ipsec cryptomap add snmp-server enable traps ipsec cryptomap delete snmp-server enable traps ipsec cryptomap attach snmp-server enable traps ipsec cryptomap detach snmp-server enable traps ipsec tunnel start snmp-server enable traps ipsec tunnel stop snmp-server enable traps ipsec too-many-sas snmp-server enable traps rf snmp-server enable traps bulkstat collection transfer snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down snmp-server enable traps ethernet cfm alarm access-list 10 permit 192.168.100.0 0.0.0.255 access-list 10 permit 192.168.4.0 0.0.1.255 access-list 10 permit 192.168.6.0 0.0.1.255 access-list 10 permit 192.168.10.0 0.0.0.255 access-list 10 permit 192.168.15.0 0.0.0.255 access-list 10 permit 192.168.20.0 0.0.1.255 access-list 10 permit 192.168.30.0 0.0.0.255 access-list 10 permit 192.168.0.0 0.0.1.255 access-list 10 permit 10.10.10.0 0.0.0.7 access-list 10 permit 10.10.10.8 0.0.0.7 access-list 10 permit 192.168.80.0 0.0.0.255 access-list 100 remark Deny NAT for VPN Clients access-list 100 deny ip 192.168.80.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 100 remark Allow NAT for VPN Clients access-list 100 permit ip 192.168.80.0 0.0.0.255 any ! control-plane ! ! banner exec  % Password expiration warning. ----------------------------------------------------------------------- Cisco Configuration Professional (Cisco CP) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username privilege 15 secret 0 Replace and with the username and password you want to use. -----------------------------------------------------------------------  banner login  ----------------------------------------------------------------------- Cisco Configuration Professional (Cisco CP) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". These default credentials have a privilege level of 15. YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN CREDENTIALS Here are the Cisco IOS commands. username privilege 15 secret 0 no username cisco Replace and with the username and password you want to use. IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF. For more information about Cisco CP please follow the instructions in the QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp -----------------------------------------------------------------------  ! line con 0 login local line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 access-class 23 in privilege level 15 login local transport input ssh line vty 5 15 access-class 23 in privilege level 15 login local transport input telnet ssh ! scheduler allocate 20000 1000 ! end