Building configuration...

Current configuration : 6970 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxx-DEMOLAB-2811
!
boot-start-marker
boot system flash flash:c2600-ipbase-mz.123-26.bin
boot-end-marker
!
enable secret 5 $1$2ctY$HeLL2c4io7BkUcXc6sJUF.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local 
!
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
!
!
ip cef
!
!
ip domain lookup source-interface Dialer0
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin secret 5 $1$mZ2u$Uc20QoVEw2NdX/hgdUGtS0
!
!
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group TEST-VPN
 key test123
 dns 192.168.1.202
 domain wr
 pool VPN-Pool
 acl 120
 access-restrict FastEthernet0/0
 include-local-lan
 max-users 5
 max-logins 2
crypto isakmp profile vpn-ike-profile-1
   match identity group TEST-VPN
   client authentication list vpn_xauth_ml_1
   isakmp authorization list vpn_group_ml_1
   client configuration address respond
   virtual-template 2
!
crypto ipsec security-association idle-time 60
!
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac 
!
crypto ipsec profile VPN-Profile-1
 set transform-set encrypt-method-1 
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.199 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/1/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0/1/0.1 point-to-point
 no snmp trap link-status
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Virtual-Template2 type tunnel
 ip unnumbered FastEthernet0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile VPN-Profile-1
!
interface Async0/0/0
 no ip address
 encapsulation slip
!
interface Dialer0
 description "WAN link to xx"
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxx.com
 ppp chap password 7 <removed>
 ppp pap sent-username <removed> password 7 <removed>
!
ip local pool VPN-Pool 192.168.1.100 192.168.1.105
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat pool dialer0 81.142.xx.xx 81.142.xx.xx netmask 255.255.255.248
ip nat source static udp 192.168.1.199 500 81.139.xx.xx 500 extendable
ip nat source static udp 192.168.1.199 4500 81.139.xx.xx 4500 extendable
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.10 443 81.142.xx.xx 443 extendable
ip nat inside source static tcp 192.168.1.10 8080 81.142.xx.xx 8080 extendable
ip nat inside source static tcp 192.168.1.10 9997 81.142.xx.xx 9997 extendable
ip nat inside source static tcp 192.168.1.11 443 81.142.xx.xx 443 extendable
!
access-list 100 remark 'Deny NAT for VPN Clients'
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 192.168.1.100
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 192.168.1.101
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 192.168.1.102
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 192.168.1.103
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 192.168.1.104
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 192.168.1.105
access-list 100 remark 'Internal NAT Service'
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit tcp any any
access-list 100 permit udp any any
access-list 120 permit ip host 192.168.1.211 host 192.168.1.101
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^CC


		  
							  
 #########################################################################
 # THE PROGRAMS, DATA, AND COMPUTER SYSTEMS HELD ON THIS NETWORK ARE     #
 # THE PROPERTY OF ACME LTD. AND ARE LAWFULLY AVAILABLE TO AUTHORISED      #
 # USERS FOR AUTHORISED COMPANY PURPOSES ONLY.  ACCESS TO ANY DATA OR    #
 # PROGRAM MUST BE AUTHORISED BY THE COMPANY.                            #
 #                                                                       #
 # IT IS A CRIMINAL OFFENCE TO ATTEMPT OR OBTAIN UNAUTHORISED ACCESS TO  #
 # ANY COMPUTER SYSTEM, PROGRAM OR DATA OR MAKE ANY UNAUTHORISED         #
 # MODIFICATION TO THE CONTENTS OF THIS NETWORK INFRASTRUCTURE. OFFENDERS#
 # ARE LIABLE TO CRIMINAL PROSECUTION UNDER THE COMPUTER MISUSE ACT.     #
 # PASSING THIS POINT IMPLIES THAT YOU HAVE READ AND UNDERSTOOD THIS     #
 # NOTICE. IF YOU ARE NOT AN AUTHORISED USER, DISCONNECT IMMEDIATELY!    #
 #########################################################################
^C
!
line con 0
 exec-timeout 30 0
line 0/0/0
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 exec-timeout 60 0
 logging synchronous
 transport input telnet ssh
line vty 5 15
 exec-timeout 60 0
 logging synchronous
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end