Old Wan is 207.239.50.23, New WAN IP is 172.253.248.6, with another usable static IP of 172.253.248.7 Building configuration... Current configuration : 19409 bytes ! ! No configuration change since last restart version 15.1 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname isrfp01 ! boot-start-marker boot-end-marker ! ! security authentication failure rate 3 log security passwords min-length 6 no logging message-counter syslog logging buffered 1000000 enable secret 5 $1$VM4m$NOjxzjorslNhQvKmgt0R9. enable password 7 011A12020B2B35360F ! aaa new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! ! ! ! ! aaa session-id common ! clock timezone EST -5 0 clock summer-time EST recurring dot11 syslog no ip source-route ! ! ! ! ! ip cef no ip bootp server ip domain name synthesisofny.com ip name-server 10.0.32.2 ip name-server 10.0.0.2 ip name-server 10.0.64.2 ip name-server 10.0.96.2 ip name-server 10.0.128.2 ip ips config location flash:/ips retries 1 ip ips notify SDEE ! ip ips signature-category category all retired true category ios_ips advanced retired false ! ip inspect log drop-pkt no ipv6 cef ! multilink bundle-name authenticated ! parameter-map type inspect global log dropped-packets enable parameter-map type urlfpolicy local U-FILTER block-page message "This webpage is blocked." parameter-map type urlf-glob ALLOWED pattern * parameter-map type urlf-glob websites pattern *ebay.com pattern *twitter.com pattern *myspace.com pattern *linkedin.com pattern *.ru\r\n pattern *.ch\r\n pattern *.llnw.net pattern *facebook.com pattern *youtube.com parameter-map type urlf-glob anonymizers pattern *hidemyass.com pattern *anonymouse.org pattern *hideme.be pattern *work-surf.info pattern *ninjacloack.com pattern *nntime.com pattern *unblocker.com pattern *silversurf.info parameter-map type ooo global tcp reassembly queue length 64 tcp reassembly memory limit 4096 crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-661893450 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-661893450 revocation-check none rsakeypair TP-self-signed-661893450 ! ! crypto pki certificate chain TP-self-signed-661893450 certificate self-signed 01 30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 36363138 39333435 30301E17 0D313330 33323231 33353333 355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3636 31383933 34353030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 BFEFEE96 1F585FC6 71BADDD8 55CEF8DB 0708988D D0215BA0 D1F803AC FCF84E1F 4DA83E96 FD010822 AE311A59 3B19BB05 623A1F7F AC6B0C99 0854335A 97058248 D75132B0 FA320BD2 6750125A 42388304 C8A6DFC8 89EB0BA2 F8974A7B 11879035 0721405E 12B17E7A 00E816D5 92F485D8 1E317DF3 B3DA1B3A 7D9EE58F 8A395DD3 02030100 01A37B30 79300F06 03551D13 0101FF04 05300301 01FF3026 0603551D 11041F30 1D821B61 63726F70 6F6C6973 2E73796E 74686573 69736F66 6E792E63 6F6D301F 0603551D 23041830 16801457 57D1B10F 72470878 D8EE148F CF5E26C4 8515D830 1D060355 1D0E0416 04145757 D1B10F72 470878D8 EE148FCF 5E26C485 15D8300D 06092A86 4886F70D 01010405 00038181 0062E22F 5E12755F 4429031B 5C17D5AA 4BEECA79 821CF0EE 28961DAB E0B027D1 7DA722A9 877D9506 D84FE15E EB768FAB 421A7635 1D6A96A5 DC9F7795 AAA7CB75 F11C90BC 4D8B5BBC 7BD575B3 FCBF4CFD 20B6500D D76A8C35 2A3B9466 308A345F E09B7F76 3DE4058F ADD6E365 BA4F69D4 92FDF807 FA733FE9 EC186A04 327BF154 1F quit ! ! license udi pid CISCO1841 sn FTX0932W2AF archive log config hidekeys object-group network bb_phones description ip addresses for bb phones range 10.0.33.201 10.0.33.210 ! object-group network tmobile_ips description tmobile ip range range 208.54.0.1 208.54.159.254 ! username zzkulikauskaskzz privilege 15 secret 5 $1$AG3p$W/V7dOhXrpQSBS7zmBrCS. ! redundancy ! crypto key pubkey-chain rsa named-key realm-cisco.pub key-string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E 5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85 50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36 006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE 2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3 F3020301 0001 quit ! ! ip tcp synwait-time 10 no ip ftp passive ip ssh version 2 ! track 1 ip sla 1 reachability delay down 5 up 5 ! class-map type inspect match-any VPN-class match access-group 150 class-map type inspect match-any SELF-service-class match protocol tcp match protocol udp match protocol icmp class-map type inspect match-any HTTP match protocol http class-map match-any CCP-Transactional-1 match dscp af21 match dscp af22 match dscp af23 class-map type inspect match-all TFTP-OUT-class match access-group 122 class-map match-any CCP-Voice-1 match dscp ef class-map match-any CCP-Routing-1 match dscp cs6 class-map match-any CCP-Signaling-1 match dscp cs3 match dscp af31 class-map type inspect match-all crypto-class match access-group 123 class-map type urlfilter match-any BLOCK match server-domain urlf-glob anonymizers match server-domain urlf-glob websites class-map match-any CCP-Management-1 match dscp cs2 class-map type urlfilter match-any ALLOWED match server-domain urlf-glob ALLOWED class-map type inspect match-all FROM-SELF-class match class-map SELF-service-class match access-group 124 class-map type inspect match-all TO-SELF-class match access-group 120 match class-map SELF-service-class class-map type inspect match-any LAN-WAN-class match protocol https match protocol ssh match protocol ftp match protocol ftps match protocol dns match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any WAN-LAN-class match access-group 106 class-map type inspect match-all TFTP-IN-class match access-group 121 ! ! policy-map CCP-QoS-Policy-1 class CCP-Voice-1 priority percent 33 class CCP-Signaling-1 bandwidth percent 5 class CCP-Routing-1 bandwidth percent 5 class CCP-Management-1 bandwidth percent 5 class CCP-Transactional-1 bandwidth percent 5 class class-default fair-queue random-detect policy-map type inspect TO-SELF-policy class type inspect crypto-class pass class type inspect TFTP-IN-class pass class type inspect TO-SELF-class inspect class class-default drop policy-map type inspect vpn-lan-pmap class type inspect VPN-class pass class class-default drop policy-map type inspect lan-vpn-pmap class type inspect VPN-class pass class class-default drop policy-map type inspect FROM-SELF-policy class type inspect crypto-class pass class type inspect FROM-SELF-class inspect class type inspect TFTP-OUT-class pass class class-default drop policy-map type inspect WAN-LAN-pmap class type inspect WAN-LAN-class inspect class class-default drop policy-map type inspect urlfilter BLOCK parameter type urlfpolicy local U-FILTER class type urlfilter BLOCK log reset class type urlfilter ALLOWED allow policy-map type inspect LAN-WAN-policy class type inspect HTTP inspect service-policy urlfilter BLOCK class type inspect LAN-WAN-class inspect class class-default drop policy-map CCP-QoS-Policy-1-PARENT class class-default shape average 2500000 service-policy CCP-QoS-Policy-1 ! zone security LAN zone security WAN zone security VPN zone-pair security LAN-WAN source LAN destination WAN service-policy type inspect LAN-WAN-policy zone-pair security WAN-SELF source WAN destination self service-policy type inspect TO-SELF-policy zone-pair security SELF-WAN source self destination WAN service-policy type inspect FROM-SELF-policy zone-pair security LAN-SELF source LAN destination self service-policy type inspect TO-SELF-policy zone-pair security SELF-LAN source self destination LAN service-policy type inspect FROM-SELF-policy zone-pair security LAN-VPN source LAN destination VPN service-policy type inspect lan-vpn-pmap zone-pair security VPN-LAN source VPN destination LAN service-policy type inspect vpn-lan-pmap zone-pair security WAN-LAN source WAN destination LAN service-policy type inspect WAN-LAN-pmap ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr aes 256 authentication pre-share crypto isakmp key Synthe$1$INC,vtivpn address 207.239.50.123 crypto isakmp key Synthe$1$INC,vtivpn address 207.77.175.196 crypto isakmp key Synthe$1$INC,vtivpn address 24.103.27.122 crypto isakmp key Synthe$1$INC,vtivpn address 0.0.0.0 0.0.0.0 crypto isakmp invalid-spi-recovery ! crypto ipsec security-association replay window-size 1024 ! crypto ipsec transform-set ipsec_transform_set esp-aes 256 esp-sha-hmac ! crypto ipsec profile P1 set transform-set ipsec_transform_set ! ! ! ! ! ! interface Tunnel0 description Tunnel to BR ip address 192.168.10.2 255.255.255.252 ip mtu 1438 ip virtual-reassembly in zone-member security VPN ip tcp adjust-mss 1380 ip ospf mtu-ignore qos pre-classify tunnel source 207.239.50.23 tunnel mode ipsec ipv4 tunnel destination 207.239.25.126 tunnel protection ipsec profile P1 ! interface Tunnel1 description Tunnel to VS ip address 192.168.40.1 255.255.255.252 ip mtu 1438 ip virtual-reassembly in zone-member security VPN ip tcp adjust-mss 1380 ip ospf mtu-ignore qos pre-classify tunnel source 207.239.50.23 tunnel mode ipsec ipv4 tunnel destination 207.87.170.196 tunnel protection ipsec profile P1 ! interface Tunnel2 description Tunnel to LI ip address 192.168.50.1 255.255.255.252 ip mtu 1422 ip virtual-reassembly in zone-member security VPN ip tcp adjust-mss 1380 ip ospf mtu-ignore qos pre-classify tunnel source 207.239.50.23 tunnel mode ipsec ipv4 tunnel destination 173.77.162.129 tunnel protection ipsec profile P1 ! interface Tunnel3 description Tunnel to LI2 ip address 192.168.70.1 255.255.255.252 ip mtu 1422 ip virtual-reassembly in zone-member security VPN ip tcp adjust-mss 1380 ip ospf mtu-ignore qos pre-classify tunnel source 207.239.50.23 tunnel mode ipsec ipv4 tunnel destination 24.103.27.125 tunnel protection ipsec profile P1 ! interface Tunnel10 description Tunnel 2 to BR ip address 192.168.11.2 255.255.255.252 ip mtu 1438 ip virtual-reassembly in zone-member security VPN ip tcp adjust-mss 1380 ip ospf mtu-ignore qos pre-classify tunnel source 207.239.50.23 tunnel mode ipsec ipv4 tunnel destination 24.103.25.123 tunnel protection ipsec profile P1 ! interface Null0 no ip unreachables ! interface FastEthernet0/0 description WAN bandwidth 2500 ip address 207.239.50.23 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat outside ip virtual-reassembly in zone-member security WAN duplex auto speed auto no mop enabled service-policy output CCP-QoS-Policy-1-PARENT ! interface FastEthernet0/1 description LAN ip address 10.0.32.1 255.255.224.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat inside ip virtual-reassembly in zone-member security LAN speed auto full-duplex no keepalive no mop enabled ! ip forward-protocol nd no ip http server ip http authentication local ip http secure-server ! ip flow-export source FastEthernet0/0 ip flow-export version 9 ip flow-export destination 10.0.0.18 9932 ip flow-top-talkers top 50 sort-by bytes ! ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload ip nat inside source static tcp 10.0.33.101 12061 207.239.115.132 12061 extendable ip nat inside source static tcp 10.0.33.102 12062 207.239.115.132 12062 extendable ip nat inside source static tcp 10.0.33.103 12063 207.239.115.132 12063 extendable ip nat inside source static tcp 10.0.33.104 12064 207.239.115.132 12064 extendable ip nat inside source static tcp 10.0.33.105 12065 207.239.115.132 12065 extendable ip nat inside source static udp 10.0.33.101 14010 207.239.115.132 14010 extendable ip nat inside source static udp 10.0.33.101 14011 207.239.115.132 14011 extendable ip nat inside source static udp 10.0.33.101 14012 207.239.115.132 14012 extendable ip nat inside source static udp 10.0.33.101 14013 207.239.115.132 14013 extendable ip nat inside source static udp 10.0.33.101 14014 207.239.115.132 14014 extendable ip nat inside source static udp 10.0.33.101 14015 207.239.115.132 14015 extendable ip nat inside source static udp 10.0.33.102 14020 207.239.115.132 14020 extendable ip nat inside source static udp 10.0.33.102 14021 207.239.115.132 14021 extendable ip nat inside source static udp 10.0.33.102 14022 207.239.115.132 14022 extendable ip nat inside source static udp 10.0.33.102 14023 207.239.115.132 14023 extendable ip nat inside source static udp 10.0.33.102 14024 207.239.115.132 14024 extendable ip nat inside source static udp 10.0.33.102 14025 207.239.115.132 14025 extendable ip nat inside source static udp 10.0.33.103 14030 207.239.115.132 14030 extendable ip nat inside source static udp 10.0.33.103 14031 207.239.115.132 14031 extendable ip nat inside source static udp 10.0.33.103 14032 207.239.115.132 14032 extendable ip nat inside source static udp 10.0.33.103 14033 207.239.115.132 14033 extendable ip nat inside source static udp 10.0.33.103 14034 207.239.115.132 14034 extendable ip nat inside source static udp 10.0.33.103 14035 207.239.115.132 14035 extendable ip nat inside source static udp 10.0.33.104 14040 207.239.115.132 14040 extendable ip nat inside source static udp 10.0.33.104 14041 207.239.115.132 14041 extendable ip nat inside source static udp 10.0.33.104 14042 207.239.115.132 14042 extendable ip nat inside source static udp 10.0.33.104 14043 207.239.115.132 14043 extendable ip nat inside source static udp 10.0.33.104 14044 207.239.115.132 14044 extendable ip nat inside source static udp 10.0.33.104 14045 207.239.115.132 14045 extendable ip nat inside source static udp 10.0.33.105 14050 207.239.115.132 14050 extendable ip nat inside source static udp 10.0.33.105 14051 207.239.115.132 14051 extendable ip nat inside source static udp 10.0.33.105 14052 207.239.115.132 14052 extendable ip nat inside source static udp 10.0.33.105 14053 207.239.115.132 14053 extendable ip nat inside source static udp 10.0.33.105 14054 207.239.115.132 14054 extendable ip nat inside source static udp 10.0.33.105 14055 207.239.115.132 14055 extendable ip route 10.0.0.0 255.255.224.0 Tunnel0 track 1 ip route 0.0.0.0 0.0.0.0 207.239.116.129 ip route 0.0.0.0 0.0.0.0 207.239.49.22 ip route 10.0.0.0 255.255.224.0 Tunnel10 10 ip route 10.0.64.0 255.255.224.0 Tunnel1 ip route 10.0.96.0 255.255.252.0 Tunnel2 ip route 10.0.128.0 255.255.252.0 Tunnel3 ! ip sla 1 icmp-echo 207.239.92.196 source-interface FastEthernet0/0 frequency 5 ip sla schedule 1 life forever start-time now logging facility syslog logging 10.0.0.18 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 10.0.32.0 0.0.31.255 access-list 100 remark CCP_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 10.0.32.0 0.0.31.255 10.0.64.0 0.0.31.255 access-list 101 deny ip 10.0.32.0 0.0.31.255 10.0.0.0 0.0.31.255 access-list 101 deny ip 10.0.32.0 0.0.31.255 10.0.64.0 0.0.31.255 access-list 101 deny ip 10.0.32.0 0.0.31.255 10.0.96.0 0.0.3.255 access-list 101 deny ip 10.0.32.0 0.0.31.255 10.0.128.0 0.0.3.255 access-list 101 remark CCP_ACL Category=2 access-list 101 permit ip 10.0.32.0 0.0.31.255 any access-list 102 remark CCP_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip 10.0.32.0 0.0.31.255 10.0.0.0 0.0.31.255 access-list 106 permit udp object-group tmobile_ips eq non500-isakmp object-group bb_phones eq non500-isakmp access-list 106 permit tcp any host 10.0.33.101 eq 12261 access-list 106 permit udp any host 10.0.33.101 range 14010 14015 access-list 106 permit tcp any host 10.0.33.102 eq 12262 access-list 106 permit udp any host 10.0.33.102 range 14020 14025 access-list 106 permit tcp any host 10.0.33.103 eq 12263 access-list 106 permit udp any host 10.0.33.103 range 14030 14035 access-list 106 permit tcp any host 10.0.33.104 eq 12264 access-list 106 permit udp any host 10.0.33.104 range 14040 14045 access-list 106 permit tcp any host 10.0.33.105 eq 12265 access-list 106 permit udp any host 10.0.33.105 range 14050 14055 access-list 120 permit tcp any host 10.0.32.1 eq 22 access-list 120 permit tcp any host 10.0.32.1 eq 443 access-list 120 permit tcp host 10.0.32.99 host 10.0.32.1 eq 443 access-list 120 permit tcp 10.0.0.0 0.0.31.255 host 10.0.32.1 eq 443 access-list 120 permit tcp 10.0.32.0 0.0.31.255 host 10.0.32.1 eq 443 access-list 120 permit tcp 10.0.64.0 0.0.31.255 host 10.0.32.1 eq 443 access-list 120 permit icmp 10.0.32.0 0.0.31.255 any access-list 120 permit icmp any host 10.0.32.1 echo access-list 120 deny icmp any any access-list 120 permit tcp host 10.0.0.99 host 10.0.32.1 access-list 120 permit tcp host 10.0.32.99 host 10.0.32.1 access-list 120 permit tcp host 10.0.64.99 host 10.0.32.1 access-list 120 permit tcp host 10.0.0.99 any eq 22 access-list 120 permit tcp host 10.0.0.99 host 10.0.32.1 eq 22 access-list 120 permit tcp 10.0.0.0 0.0.95.255 any eq 22 access-list 120 permit tcp any any eq 12062 access-list 120 permit udp any any range 14020 14029 access-list 120 permit udp any any eq 5060 access-list 121 permit udp host 10.0.0.99 host 10.0.32.1 access-list 122 permit udp host 10.0.32.1 host 10.0.0.99 access-list 123 permit esp any any access-list 123 permit udp any any eq non500-isakmp access-list 123 permit ahp any any access-list 123 permit udp any any eq isakmp access-list 124 permit tcp host 10.0.32.1 any access-list 124 permit tcp any any eq domain access-list 124 permit udp any any eq domain access-list 124 permit udp any any eq ntp access-list 124 permit icmp any any access-list 150 permit ip any any no cdp run ! ! ! ! route-map SDM_RMAP_1 permit 1 match ip address 101 ! snmp-server group cisco v3 auth read readview snmp-server group readgroup v3 priv read readview snmp-server group writegroup v3 priv write writeview snmp-server view readview iso included snmp-server view readview internet included snmp-server view writeview internet included snmp-server community public RO snmp-server host 10.0.0.18 v3 ! ! ! ! control-plane ! ! banner login ^C ********************************** * Unauthorized access prohibited * ********************************** ^C ! line con 0 login authentication local_authen line aux 0 login authentication local_authen line vty 0 4 exec-timeout 6 50 password 7 011A12020B2B35360F authorization exec local_author login authentication local_authen transport input ssh ! scheduler allocate 20000 1000 ntp server 128.138.141.172 event manager session cli username "zzkulikauskaskzz" end