*Building configuration...

Current configuration : 11113 bytes
!
! Last configuration change at 16:55:57 GMT Wed Sep 8 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone GMT -6 0
!
!
!
!
!
!
!
ip name-server 8.8.8.8 8.8.4.4
no ip domain lookup
ip domain name local
ip dhcp excluded-address 10.10.10.1 10.10.10.99
!
ip dhcp pool mypool
 import all
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1
 dns-server 8.8.8.8
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
[crypto]
!
!
license feature hseck9
license udi pid C1111-8P sn []
license boot level securityk9
license smart reservation
memory free low-watermark processor 71820
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username [] privilege 15 secret 9 []
!
redundancy
 mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
no lldp tlv-select management-address
no lldp tlv-select port-description
no lldp tlv-select system-capabilities
no lldp tlv-select system-description
no lldp tlv-select system-name
no lldp tlv-select port-vlan
no lldp tlv-select mac-phy-cfg
no lldp tlv-select power-management
no lldp tlv-select 4-wire-power-management
!
class-map type inspect match-any DMZ-TO-OUTSIDE-CM
 match protocol https
 match protocol smtp
 match protocol icmp
 match protocol udp
 match protocol dns
 match protocol tcp
class-map type inspect match-any OUTSIDE-TO-DMZ-CM
 match access-group name OUTSIDE-TO-DMZ-ACL
 match protocol https
 match protocol dns
class-map type inspect match-any INSIDE-TO-OUTSIDE-CM
 match protocol https
 match protocol dns
 match protocol udp
 match protocol tcp
 match protocol imap
 match protocol smtp
 match protocol icmp
class-map type inspect match-all OUTSIDE-TO-INSIDE-CM
 match access-group name OUTSIDE-TO-INSIDE-ACL
class-map type inspect match-any SELF-TO-OUTSIDE-CM
 match access-group 111
class-map type inspect match-any OUTSIDE-TO-SELF-CM
 match access-group 112
class-map type inspect match-any DMZ-TO-INSIDE-CM
 match access-group name INSIDE-TO-DMZ-ACL
class-map type inspect match-any INSIDE-TO-DMZ-CM
 match access-group name INSIDE-TO-DMZ-ACL
!
policy-map type inspect OUTSIDE-TO-INSIDE-PM
 class type inspect OUTSIDE-TO-INSIDE-CM
  pass
 class class-default
  drop log
policy-map type inspect INSIDE-TO-DMZ-PM
 class type inspect INSIDE-TO-DMZ-CM
  pass
 class class-default
  drop log
policy-map type inspect DMZ-TO-OUTSIDE-PM
 class type inspect DMZ-TO-OUTSIDE-CM
  pass
 class class-default
  drop log
policy-map type inspect SELF-TO-OUTSIDE-PM
 class type inspect SELF-TO-OUTSIDE-CM
  pass
 class class-default
  drop
policy-map type inspect INSIDE-TO-OUTSIDE-PM
 class type inspect INSIDE-TO-OUTSIDE-CM
  inspect
 class class-default
  drop log
policy-map type inspect DMZ-TO-INSIDE-PM
 class type inspect DMZ-TO-INSIDE-CM
  pass
 class class-default
  drop
policy-map type inspect OUTSIDE-TO-SELF-PM
 class type inspect OUTSIDE-TO-SELF-CM
  pass
 class class-default
  drop
policy-map type inspect OUTSIDE-TO-DMZ-PM
 class type inspect OUTSIDE-TO-DMZ-CM
  pass
 class class-default
  drop log
!
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security DMZ-TO-IN-ZP source DMZ destination INSIDE
 service-policy type inspect DMZ-TO-INSIDE-PM
zone-pair security DMZ-TO-OUT-ZP source DMZ destination OUTSIDE
 service-policy type inspect DMZ-TO-OUTSIDE-PM
zone-pair security IN-TO-DMZ-ZP source INSIDE destination DMZ
 service-policy type inspect INSIDE-TO-DMZ-PM
zone-pair security IN-TO-OUT-ZP source INSIDE destination OUTSIDE
 service-policy type inspect INSIDE-TO-OUTSIDE-PM
zone-pair security OUT-TO-DMZ-ZP source OUTSIDE destination DMZ
 service-policy type inspect OUTSIDE-TO-DMZ-PM
zone-pair security OUT-TO-IN-ZP source OUTSIDE destination INSIDE
 service-policy type inspect OUTSIDE-TO-INSIDE-PM
zone-pair security OUTSIDE-TO-SELF-ZP source OUTSIDE destination self
 service-policy type inspect OUTSIDE-TO-SELF-PM
zone-pair security SELF-TO-OUTSIDE-ZP source self destination OUTSIDE
 service-policy type inspect SELF-TO-OUTSIDE-PM
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 description Comcast WAN
 ip address dhcp
 ip nat outside
 zone-member security OUTSIDE
 negotiation auto
!
interface GigabitEthernet0/0/1
 ip address dhcp
 shutdown
 negotiation auto
!
interface GigabitEthernet0/1/0
 description Atlas
 spanning-tree portfast
!
interface GigabitEthernet0/1/1
 spanning-tree portfast
!
interface GigabitEthernet0/1/2
 spanning-tree portfast
!
interface GigabitEthernet0/1/3
 spanning-tree portfast
!
interface GigabitEthernet0/1/4
 spanning-tree portfast
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
 description QB
 switchport access vlan 2
 spanning-tree portfast
!
interface Vlan1
 description Internal VLAN
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 zone-member security INSIDE
!
interface Vlan2
 description DMZ VLAN
 ip address 20.20.20.1 255.255.255.0
 ip nat inside
 zone-member security DMZ
!
no ip http server
no ip http authentication local
no ip http secure-server
ip forward-protocol nd
ip nat inside source static tcp 20.20.20.1 3389 interface GigabitEthernet0/0/0 3389
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
!
!
ip access-list extended INSIDE-TO-DMZ-ACL
 10 permit ip any any
ip access-list extended OUTSIDE-TO-DMZ-ACL
 20 permit tcp any host 20.20.20.2 eq 3389
 30 permit udp any eq domain any
 40 permit tcp any any
 50 permit ip any any
ip access-list extended OUTSIDE-TO-INSIDE-ACL
 10 permit icmp any 10.10.10.0 0.0.0.255
!
ip access-list standard 1
 10 permit 10.10.10.0 0.0.0.255
ip access-list standard 2
 10 permit 20.20.20.0 0.0.0.255
ip access-list extended 111
 10 permit udp any any eq bootps
ip access-list extended 112
 10 permit udp any any eq bootpc
!
!
!
control-plane
!
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 login
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
ntp server time-a.nist.gov source GigabitEthernet0/0/0
!
!
!
!
!
!
end