sho ver Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Mon 25-Jun-07 19:25 by prod_rel_team ROM: System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2) RainingRose uptime is 4 weeks, 4 days, 2 hours, 40 minutes System returned to ROM by reload at 15:07:14 Chicago Fri Dec 28 2007 System restarted at 15:08:47 Chicago Fri Dec 28 2007 System image file is "flash:c181x-advipservicesk9-mz.124-15.T.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 1811W (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of memory. Processor board ID FTX1119Z0AY, with hardware revision 0000 10 FastEthernet interfaces 1 Serial interface 1 terminal line 2 802.11 Radios 31360K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102 RainingRose#sho flash -#- --length-- -----date/time------ path 1 20315448 Dec 16 2007 09:33:46 -06:00 c181x-advipservicesk9-mz.124-15.T.bin 2 2374 May 7 2007 15:47:26 -06:00 sdmconfig-1811-1812.cfg 3 833024 May 7 2007 15:48:14 -06:00 es.tar 4 1052160 May 7 2007 15:48:32 -06:00 common.tar 5 1038 May 7 2007 15:48:48 -06:00 home.shtml 6 102400 May 7 2007 15:49:06 -06:00 home.tar 7 491213 May 7 2007 15:49:26 -06:00 128MB.sdf 8 1959936 May 7 2007 15:49:48 -06:00 wlanui.tar 9 1684577 May 7 2007 15:50:14 -06:00 securedesktop-ios-3.1.1.27-k9.pkg 10 398305 May 7 2007 15:50:36 -06:00 sslclient-win-1.1.0.154.pkg 5079040 bytes available (26857472 bytes used) RainingRose#show run Building configuration... Current configuration : 11490 bytes ! ! Last configuration change at 17:43:43 Chicago Tue Jan 29 2008 by admin ! NVRAM config last updated at 17:07:51 Chicago Sun Dec 30 2007 by admin ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname RainingRose ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 logging console critical enable secret 5 $1$Dzj7$R/Eb9I7UBXl3ee56U6DCN/ ! no aaa new-model clock timezone Chicago -6 clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00 ! crypto pki trustpoint TP-self-signed-3789276459 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3789276459 revocation-check none rsakeypair TP-self-signed-3789276459 ! ! crypto pki certificate chain TP-self-signed-3789276459 certificate self-signed 01 ! ! ! dot11 ssid RR-WLAN authentication open ! no ip source-route ! ! ip cef ! ! no ip bootp server ip domain name rainingrose.com ip name-server 10.2.1.6 ip name-server 216.203.115.234 ip name-server 205.171.3.65 ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ! multilink bundle-name authenticated ! ! username Admin privilege 15 secret 5 $1$1GgO$Xj1dqpZPN5yPEH.o9a27X. archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 track timer interface 5 ! track 1 rtr 1 reachability delay down 10 up 5 ! track 20 rtr 2 reachability delay down 10 up 5 bridge irb ! ! ! interface FastEthernet0 description DYBB WIRELESS ip address 216.203.117.82 255.255.255.248 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet1 description QWEST DSL ip dhcp client route track 20 ip address dhcp ip access-group 102 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Dot11Radio0 no ip address ! ssid RR-WLAN ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address ! ssid RR-WLAN ! speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 spanning-disabled ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$ no ip address ip tcp adjust-mss 1452 bridge-group 1 ! interface Async1 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation slip ! interface BVI1 description $ES_LAN$$FW_INSIDE$ ip address 10.2.1.254 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1412 ! ip route 0.0.0.0 0.0.0.0 216.203.117.81 254 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet0 overload ip nat inside source static tcp 10.2.1.4 1494 interface FastEthernet1 1494 ip nat inside source static tcp 10.2.1.4 3389 interface FastEthernet1 3389 ip nat inside source static tcp 10.2.1.2 5360 interface FastEthernet1 5360 ip nat inside source static tcp 10.2.1.3 5361 interface FastEthernet1 5361 ip nat inside source static tcp 10.2.1.74 5364 interface FastEthernet1 5364 ip nat inside source static tcp 10.2.1.77 5365 interface FastEthernet1 5365 ip nat inside source static tcp 10.2.1.78 5366 interface FastEthernet1 5366 ip nat inside source static tcp 10.2.1.100 5367 interface FastEthernet1 5367 ip nat inside source static tcp 10.2.1.6 25 interface FastEthernet1 25 ip nat inside source static tcp 10.2.1.6 80 interface FastEthernet1 80 ip nat inside source static tcp 10.2.1.6 443 interface FastEthernet1 443 ip nat inside source static tcp 10.2.1.6 5362 interface FastEthernet1 5362 ip nat inside source static tcp 10.2.1.4 1494 216.203.117.83 1494 extendable ip nat inside source static tcp 10.2.1.4 3389 216.203.117.83 3389 extendable ip nat inside source static tcp 10.2.1.2 5360 216.203.117.83 5360 extendable ip nat inside source static tcp 10.2.1.3 5361 216.203.117.83 5361 extendable ip nat inside source static tcp 10.2.1.74 5364 216.203.117.83 5364 extendable ip nat inside source static tcp 10.2.1.77 5365 216.203.117.83 5365 extendable ip nat inside source static tcp 10.2.1.78 5366 216.203.117.83 5366 extendable ip nat inside source static tcp 10.2.1.100 5367 216.203.117.83 5367 extendable ip nat inside source static tcp 10.2.1.6 25 216.203.117.85 25 extendable ip nat inside source static tcp 10.2.1.6 80 216.203.117.85 80 extendable ip nat inside source static tcp 10.2.1.6 443 216.203.117.85 443 extendable ip nat inside source static tcp 10.2.1.6 5362 216.203.117.85 5362 extendable ! ip sla 1 icmp-echo 10.13.2.5 source-interface FastEthernet0 frequency 5 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 209.181.206.195 source-interface FastEthernet1 frequency 5 ip sla schedule 2 life forever start-time now logging trap debugging access-list 1 remark INSIDE_IF=BVI1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.2.1.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 permit udp host 10.2.1.6 eq domain any access-list 100 deny ip 216.203.117.80 0.0.0.7 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host 205.171.3.65 eq domain any access-list 101 permit udp host 216.203.115.234 eq domain any access-list 101 remark Auto generated by SDM for NTP (123) 132.163.4.102 access-list 101 permit udp host 132.163.4.102 eq ntp host 192.168.0.10 eq ntp access-list 101 remark Auto generated by SDM for NTP (123) 132.163.4.102 access-list 101 permit udp host 132.163.4.102 eq ntp host 216.203.117.82 eq ntp access-list 101 permit udp host 10.2.1.6 eq domain host 216.203.117.82 access-list 101 permit tcp any host 216.203.117.83 eq 1494 access-list 101 permit tcp any host 216.203.117.83 eq 5367 access-list 101 permit tcp any host 216.203.117.83 eq 5366 access-list 101 permit tcp any host 216.203.117.83 eq 5365 access-list 101 permit tcp any host 216.203.117.83 eq 5364 access-list 101 remark Soap server access-list 101 permit tcp any host 216.203.117.83 eq 3389 access-list 101 remark Sunscreen server access-list 101 permit tcp any host 216.203.117.83 eq 5360 access-list 101 remark Lotion server access-list 101 permit tcp any host 216.203.117.83 eq 5361 access-list 101 remark Shampoo server access-list 101 permit tcp any host 216.203.117.85 eq 5362 access-list 101 permit tcp any host 216.203.117.85 eq 443 access-list 101 permit tcp any host 216.203.117.85 eq www access-list 101 permit tcp any host 216.203.117.85 eq smtp access-list 101 deny ip 10.2.1.0 0.0.0.255 any access-list 101 permit icmp any host 216.203.117.82 echo-reply access-list 101 permit icmp any host 216.203.117.82 time-exceeded access-list 101 permit icmp any host 216.203.117.82 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 102 permit udp any eq domain any access-list 102 permit udp host 132.163.4.102 eq ntp any access-list 102 permit tcp any any eq 1494 access-list 102 permit tcp any any eq 5367 access-list 102 permit tcp any any eq 5366 access-list 102 permit tcp any any eq 5365 access-list 102 permit tcp any any eq 5364 access-list 102 permit tcp any any eq 3389 access-list 102 permit tcp any any eq 5360 access-list 102 permit tcp any any eq 5361 access-list 102 permit tcp any any eq 5362 access-list 102 permit tcp any any eq 443 access-list 102 permit tcp any any eq www access-list 102 permit tcp any any eq smtp access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable no cdp run ! ! ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local transport output telnet line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler allocate 4000 1000 scheduler interval 500 ntp clock-period 17180286 ntp update-calendar ntp server 132.163.4.102 ! webvpn cef ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end RainingRose#show ip interfc ace brief | ex una Interface IP-Address OK? Method Status Protocol FastEthernet0 216.203.117.82 YES NVRAM up up BVI1 10.2.1.254 YES NVRAM up up RainingRose#sho ip inter FastEthernet0 is up, line protocol is up Internet address is 216.203.117.82/29 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 101 Proxy ARP is disabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are never sent ICMP unreachables are never sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is enabled IP CEF switching is enabled IP CEF Flow Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, Flow cache, CEF, Full Flow Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is enabled, interface in domain outside BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled IP verify source reachable-via RX, allow default 250 verification drops 0 suppressed verification drops Outgoing inspection rule is DEFAULT100 FastEthernet1 is up, line protocol is up Internet address will be negotiated using DHCP Broadcast address is 255.255.255.255 MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 102 Proxy ARP is disabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are never sent ICMP unreachables are never sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is enabled IP CEF switching is enabled IP CEF Flow Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, Flow cache, CEF, Full Flow Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is enabled, interface in domain outside BGP Policy Mapping is disable WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled Outgoing inspection rule is DEFAULT100