Current configuration : 23172 bytes ! ! Last configuration change at 17:36:35 UTC Thu Jul 1 2021 by admin ! version 16.12 service timestamps debug datetime msec service timestamps log datetime msec service call-home platform qfp utilization monitor load 80 platform punt-keepalive disable-kernel-core ! hostname netlab ! boot-start-marker boot-end-marker ! ! ! aaa new-model ! ! aaa authentication login default local aaa authentication login a-eap-authen-local local aaa authorization exec default local aaa authorization network a-eap-author-grp local ! ! aaa login success-track-conf-time 1 ! ! ! ! aaa session-id common clock timezone UTC 10 0 clock summer-time UTC recurring 1 Sun Oct 1:00 1 Sun Apr 1:00 call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http no destination transport-method email ! no ip domain lookup ip domain name sece.company.com ip dhcp excluded-address xxx.xxx.68.0 xxx.xxx.68.29 ip dhcp excluded-address xxx.xxx.68.50 xxx.xxx.68.255 ! ip dhcp pool VLAN68Pool network xxx.xxx.68.0 255.255.255.0 default-router xxx.xxx.68.254 dns-server xxx.xxx.68.254 8.8.8.8 lease 7 ! ! ! login on-success log ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! multilink bundle-name authenticated ! ! ! crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl ! crypto pki trustpoint quovadis.root enrollment terminal pem revocation-check none ! crypto pki trustpoint quovadis.inter enrollment terminal pem serial-number none fqdn netlab.sece.rmit.edu.au ip-address none subject-name C=xxxx subject-alt-name netlab.company.com chain-validation continue quovadis.inter2 revocation-check none rsakeypair netlab.company.com 2048 ! crypto pki trustpoint quovadis.inter2 enrollment terminal pem chain-validation continue quovadis.root revocation-check none ! ! crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 quit crypto pki certificate chain quovadis.root certificate ca 445734245B81899B35F2CEB82B3B5BA726F07528 30820560 30820348 A0030201 02021444 5734245B 81899B35 F2CEB82B 3B5BA726 quit crypto pki certificate chain quovadis.inter certificate 234A05CD947BCE0C6C755EE05B1447CEA6DD3E68 3082071C 30820504 A0030201 02021423 4A05CD94 7BCE0C6C 755EE05B 1447CEA6 quit certificate ca 2D2C802018B7907C4D2D79DF7FB1BD872727CC93 308206AB 30820493 A0030201 0202142D 2C802018 B7907C4D 2D79DF7F B1BD8727 quit crypto pki certificate chain quovadis.inter2 certificate ca 2D2C802018B7907C4D2D79DF7FB1BD872727CC93 308206AB 30820493 A0030201 0202142D 2C802018 B7907C4D 2D79DF7F B1BD8727 quit ! crypto pki certificate pool cabundle nvram:ios_core.p7b ! ! license feature hseck9 license udi pid C1161X-8P sn F license boot level securityk9 memory free low-watermark processor 70177 ! ! ! ! ! diagnostic bootup level minimal ! spanning-tree extend system-id ! username admin privilege 15 password 0 xx username Wb35lMa26ZzB password 0 xx ! redundancy mode none ! crypto ikev2 proposal netlab.company encryption aes-cbc-256 integrity sha256 group 14 ! ! ! ! vlan internal allocation policy ascending ! track 1 ip sla 1 reachability ! ! class-map type inspect match-all InsideToOutside description InsideToOutside match access-group name InsideToOutside_acl class-map type inspect match-all OutsideToInside description OutsideToInside match access-group name OutsideToInside_acl ! policy-map type inspect avc Web_app_policy policy-map type inspect INSIDE-OUTSIDE-POLICY class type inspect InsideToOutside inspect class class-default drop log policy-map type inspect OUTSIDE-INSIDE-POLICY class type inspect OutsideToInside inspect class class-default drop log ! zone security INSIDE description Zone for inside interfaces zone security OUTSIDE description Zone for outside interfaces zone security default zone-pair security INSIDE-OUTSIDE source INSIDE destination OUTSIDE service-policy type inspect INSIDE-OUTSIDE-POLICY zone-pair security OUTSIDE-INSIDE source OUTSIDE destination INSIDE service-policy type inspect OUTSIDE-INSIDE-POLICY ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0/0 description WAN GE 0/0/0 ip address xxx.xxx.253.10 255.255.255.240 ip access-group OutsideToInside_acl in zone-member security OUTSIDE negotiation auto ! interface GigabitEthernet0/0/1 description WAN GE 0/0/1 no ip address ip access-group OutsideToInside_acl in zone-member security OUTSIDE negotiation auto ! interface GigabitEthernet0/1/0 description VLAN68Port0 switchport mode access ip access-group InsideToOutside_acl in zone-member security INSIDE ! interface GigabitEthernet0/1/1 zone-member security INSIDE ! interface GigabitEthernet0/1/2 zone-member security INSIDE ! interface GigabitEthernet0/1/3 zone-member security INSIDE ! interface GigabitEthernet0/1/4 zone-member security INSIDE ! interface GigabitEthernet0/1/5 zone-member security INSIDE ! interface GigabitEthernet0/1/6 zone-member security INSIDE ! interface GigabitEthernet0/1/7 zone-member security INSIDE ! interface Vlan1 description VLAN68 ip address xxx.xxx.68.254 255.255.255.0 ip access-group InsideToOutside_acl in zone-member security INSIDE ! interface Vlan2 no ip address zone-member security INSIDE ! ip forward-protocol nd ip http server ip http authentication aaa ip http secure-server ip http timeout-policy idle 600 life 600 requests 25 ip route 0.0.0.0 0.0.0.0 xxx.xxx.253.13 ! ! ip access-list extended InsideToOutside_acl 10 permit ip any any ip access-list extended OutsideToInside_acl 10 permit ip any any ! ! ! ! ! ! ! control-plane ! ! line con 0 stopbits 1 line vty 0 4 exec-timeout 60 0 length 0 ! ! ! ! ! ! end