! ! Last configuration change at 20:03:28 UTC Fri Dec 28 2007 by adm1n2 ! NVRAM config last updated at 19:52:50 UTC Fri Dec 28 2007 ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname H0m3 ! boot-start-marker boot-end-marker ! memory-size iomem 5 logging buffered 8192 debugging enable password 7 *** ! no aaa new-model ! resource policy ! clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00 no ip dhcp use vrf connected ip dhcp excluded-address 192.168.2.1 192.168.2.10 ! ip dhcp pool client import all network 192.168.2.0 255.255.255.0 default-router 192.168.2.100 dns-server 87.86.18.1 90.20.23.9 190.72.0.9 lease 0 2 ! ! ip cef ip tftp source-interface Ethernet0 ip domain name ***.gotdns.com ip host members.dyndns.org 63.208.196.95 ip name-server 87.86.18.1 ip name-server 90.20.23.9 ip name-server 190.72.0.9 ip flow-cache timeout active 1 ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp router-traffic ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ip ssh version 2 ip ddns update method MyDDNS HTTP add http://***:***@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= interval maximum 28 0 0 0 ! login block-for 100 attempts 5 within 100 login quiet-mode access-class 50 login on-failure log login on-success log ! ! crypto pki trustpoint TP-self-signed-17323 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-17323 revocation-check none rsakeypair TP-self-signed-17323 ! ! crypto pki certificate chain TP-self-signed-17323 certificate self-signed 01 3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31373335 31303534 3233301E 170D3037 31313138 30383337 34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37333531 30353432 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100DE0B 450BBEEB C9F6F123 135B74F4 C2FC573A E6DF2726 81CBCB9C CCC12EAA 2F2FD372 67C30C82 C51B0184 D54EB709 AC3AD843 8B3AFCD0 EF83F665 0950260B 3912F28A 3AC638FD C9A605C5 A0546B11 A914620C 920F2D1C FDB6418D DE5530C9 E011F261 763D9CF3 EAAA3112 1517EBE0 426B9CA1 5824FA2C 201FF769 0DCC73C2 79B90203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603 551D1104 19301782 1548306D 332E616E 6479734E 676F7464 6E732E63 6F6D301F 0603551D 23041830 16801484 F7483533 9F2052C6 D667E2D0 D3771673 4739E630 1D060355 1D0E0416 041484F7 4835339F 2052C346 67E2D0D3 77167347 39E6300D 06092A86 4886F70D 01010405 00038181 0019441E 782053E1 2E91288E 312CBFB0 60AE0B5E 0E35337B FBB26312 C788E8BA 3C339635 751A0391 E2C2157D 6E4307F6 3CC8383F 636CD593 9F352442 36767D0E E2267AB1 570FBA15 139A3E6B A83151FA 6BE22EB1 C093D501 BF27756B DCEDD073 A2B5E345 D1A120D5 3764CC55 F132D9EB CEC7B7D0 C7165910 81468BD8 36C9E63E 91 quit username *** privilege 7 password 7 *** username *** privilege 15 password 7 *** ! ! ! ! ! ! interface Ethernet0 description Inside FW$FW_INSIDE$ ip address 192.168.2.100 255.255.255.0 ip access-group 100 in no ip unreachables ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 hold-queue 100 out ! interface Ethernet2 no ip address shutdown hold-queue 100 out ! interface ATM0 no ip address no ip unreachables no ip mroute-cache atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto cdp enable pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Dialer1 description Outside FW$FW_OUTSIDE$ ip ddns update hostname ***.gotdns.com ip ddns update MyDDNS host members.dyndns.org ip address negotiated ip access-group 101 in no ip unreachables ip mtu 1492 ip nat outside ip inspect SDM_LOW out ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname *** ppp chap password 7 *** ppp pap sent-username *** password 7 *** ppp ipcp dns request ppp ipcp wins request ! ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server ip http access-class 50 ip http authentication local ip http secure-server ip dns server ip flow-export source Ethernet0 ip flow-export version 5 ip flow-export destination 192.168.2.13 9996 ip flow-export destination 192.168.2.16 9996 ! ip nat inside source list 102 interface Dialer1 overload ! ! logging trap debugging logging facility local4 logging source-interface Ethernet0 access-list 50 permit 192.168.2.10 access-list 50 permit 192.168.2.11 access-list 50 permit 192.168.2.14 access-list 50 permit 192.168.2.15 access-list 50 permit 192.168.2.12 access-list 50 permit 192.168.2.13 access-list 50 permit 192.168.2.16 access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 remark Auto generated by SDM for NTP (123) 158.43.128.33 access-list 100 permit udp host 158.43.128.33 eq ntp host 192.168.2.100 eq ntp access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 remark Auto generated by SDM for NTP (123) 158.43.128.33 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host 87.86.189.16 eq domain any access-list 101 permit udp host 90.20.23.9 eq domain any access-list 101 permit udp host 194.72.0.98 eq domain any access-list 101 permit tcp host 1.2.3.4 any eq 22 log access-list 101 permit esp host 1.2.3.5 any log access-list 101 remark Auto generated by SDM for NTP (123) 158.43.128.33 access-list 101 permit udp host 158.43.128.33 eq ntp any eq ntp access-list 101 deny ip 192.168.2.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log access-list 102 permit ip 192.168.2.0 0.0.0.255 any dialer-list 1 protocol ip permit snmp-server community *** RO snmp-server ifindex persist ! control-plane ! banner login Authorised access only! Disconnect IMMEDIATELY if you are not an authorised user! ! line con 0 no modem enable transport output telnet line aux 0 access-class 50 in line vty 0 4 access-class 50 in exec-timeout 30 0 privilege level 15 login local transport input ssh transport output all ! scheduler max-task-time 5000 sntp server 158.43.128.33 end