version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname XXXXX ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ip name-server 217.21.244.66 ip name-server 217.21.244.7 ! crypto pki trustpoint TP-self-signed-xxxxxx enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-xxxxxx revocation-check none rsakeypair TP-self-signed-xxxxxx ! ! crypto pki certificate chain TP-self-signed-xxxxxx certificate self-signed 01 nvram:IOS-Self-Sigxxx.cer ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key xxxxx address 84.12.12.xxx no-xauth crypto isakmp key xxxx address 84.12.134.xxx no-xauth crypto isakmp key xxxx address 81.193.248.xxx no-xauth crypto isakmp key xxxx address 84.12.90.xxx no-xauth ! crypto ipsec security-association lifetime seconds 28800 ! crypto ipsec transform-set SECURE esp-3des esp-md5-hmac crypto map xxx 10 ipsec-isakmp set peer 84.12.12.xxx set peer 84.12.134.xxx set peer 81.193.248.xxx set peer 84.12.90.xxx set transform-set SECURE match address VPN ! interface FastEthernet0/0 description DebBenelux LAN ip address 172.16.164.21 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 description DebBenelux WAN ip address 80.255.249.xxx 255.255.255.xxx ip nat outside ip virtual-reassembly duplex auto speed auto crypto map DebCrypto ! ip classless ip route 0.0.0.0 0.0.0.0 80.255.249.xxx ip route 10.0.0.0 255.255.255.0 84.12.12.xxx ip route 10.10.10.0 255.255.255.0 84.12.134.xxx ip route 172.16.0.0 255.255.0.0 84.12.134.xxx ip route 192.168.0.0 255.255.255.0 84.12.90.xxx ip route 192.168.8.0 255.255.255.0 81.193.248.xxx ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 150 interface FastEthernet0/1 overload ip nat inside source static tcp 172.16.164.11 1723 interface FastEthernet0/1 1723 ! ip access-list extended VPN permit ip 172.16.164.0 0.0.0.255 10.0.0.0 0.0.0.255 permit ip 172.16.164.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 172.16.164.0 0.0.0.255 172.16.0.0 0.0.255.255 permit ip 172.16.164.0 0.0.0.255 192.168.8.0 0.0.0.255 permit ip 172.16.164.0 0.0.0.255 192.168.0.0 0.0.0.255 ! access-list 23 permit 172.16.164.0 0.0.0.255 access-list 102 permit ip 172.16.164.0 0.0.0.255 any access-list 111 permit tcp any any established access-list 111 permit tcp any any eq smtp access-list 111 permit tcp any any eq pop3 access-list 111 permit tcp any any eq 443 access-list 111 permit tcp any any eq ftp access-list 111 permit tcp any any eq telnet access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq non500-isakmp access-list 111 permit udp any any eq 10000 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 deny ip any any access-list 150 deny ip 172.16.164.0 0.0.0.255 10.0.0.0 0.0.0.255 access-list 150 deny ip 172.16.164.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 150 deny ip 172.16.164.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 150 deny ip 172.16.164.0 0.0.0.255 192.168.8.0 0.0.0.255 access-list 150 deny ip 172.16.164.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 150 permit ip 172.16.164.0 0.0.0.255 any