=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.08.24 11:48:20 =~=~=~=~=~=~=~=~=~=~=~= sh run Building configuration... Current configuration : 7762 bytes ! ! Last configuration change at 20:50:57 GMT Sun Aug 23 2015 by rts.admin version 15.1 service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption ! hostname RTS01 ! boot-start-marker boot-end-marker ! ! logging buffered 4096 logging console alerts ! aaa new-model ! ! aaa authentication login default local aaa authentication login remote local --More--  aaa authorization exec default local aaa authorization network netauth local aaa authorization network remote local ! ! ! ! ! aaa session-id common ! clock timezone GMT -6 0 dot11 syslog ip source-route ! ! ! ! ip dhcp pool internal import all network 10.0.0.0 255.255.255.0 dns-server 8.8.8.8 default-router 10.0.0.1 ! --More--  ip dhcp pool admin host 10.0.0.50 255.255.255.0 ! ip dhcp pool PC host 10.0.0.60 255.255.255.0 client-identifier 0174.d435.1fc7.03 client-name Richard-PC ! ip dhcp pool Phone host 10.0.0.61 255.255.255.0 client-identifier 0190.b686.224e.7d dns-server 8.8.8.8 ! ip dhcp pool Richard Laptop host 10.0.0.62 255.255.255.0 client-identifier ff10.a561.5400.0100.011d.4d62.2900.2710.a561.54 client-name Richard ! ! ip cef ip domain name rts.local ip name-server 8.8.8.8 ip name-server 8.8.4.4 --More--  ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall ftp ip inspect name firewall tftp ip inspect name firewall ssh ip inspect name firewall smtp ip inspect name firewall icmp ip inspect name firewall isakmp no ipv6 cef ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-1011498006 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1011498006 revocation-check none rsakeypair TP-self-signed-1011498006 ! ! crypto pki certificate chain TP-self-signed-1011498006 certificate self-signed 01 --More--   3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31303131 34393830 3036301E 170D3135 30373331 30303037 35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30313134 39383030 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100F03D 3A61CADC 73D39EE0 A21D90EE 64A804A6 FA9F784D 12633F7F 18D473E9 0A6AED79 26BCED65 6673342B 490410D4 31AEB270 93BB0D5D DC8DE576 2E20E1CC F9004E8C B74F1667 B70A004B F57037D2 AA723EA6 6F908CB2 6ABEC289 7455F57A 0769495A 6649AC9A 080CE728 60C30183 4C7DE2A2 B3E86A8A DED05E74 72FE5372 499F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14EB5071 2BBF5A65 0750A261 512548BE 31BC011B 52301D06 03551D0E 04160414 EB50712B BF5A6507 50A26151 2548BE31 BC011B52 300D0609 2A864886 F70D0101 05050003 81810075 F0230B14 CF75262A 45756AC4 21B9C429 41CAF92D 3EDEA457 1A023526 DDE04EE0 A4526E91 72467D10 17E8F206 14724143 5814E4A3 5CEE9DF6 DBED4C9D C2F203EC 80D85EBD A1BEE17A 05A32583 D3168E3B 8B97882E B8C216AC 1E780EC7 94C0955E C9BF45DD F3E3F94A F8C947B1 174A217B AF8ABD80 014C8218 54351F0A F01713 quit ! ! license udi pid CISCO1841 sn FTX1039Z0U4 object-group network admin --More--   host 10.0.0.60 host 10.0.0.61 host 10.0.0.62 ! redundancy ! ! ip ssh version 2 ! crypto keyring vpn pre-shared-key address 0.0.0.0 0.0.0.0 key P71@qu ! crypto isakmp policy 10 encr aes 256 hash sha512 authentication pre-share group 2 --More--   lifetime 28800 ! crypto isakmp policy 20 encr 3des hash md5 authentication pre-share group 2 crypto isakmp keepalive 90 12 ! crypto isakmp client configuration group vpngroup key rts1676 dns 8.8.8.8 domain richard.local pool ippool acl 110 ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set vpn1 ah-sha256-hmac esp-3des esp-sha256-hmac crypto ipsec transform-set vpn esp-3des esp-md5-hmac ! ! crypto dynamic-map dynmap 10 --More--   set transform-set vpn reverse-route ! ! ! crypto map clientmap client authentication list remote crypto map clientmap isakmp authorization list remote crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! ! ! ! interface FastEthernet0/0 description Outside via Dialer0 no ip address speed auto full-duplex pppoe enable group global pppoe-client dial-pool-number 1 --More--   no cdp enable ! interface FastEthernet0/1 description Inside ip address 10.0.0.1 255.255.255.0 ip accounting output-packets ip nat inside ip inspect firewall in ip virtual-reassembly in speed 100 full-duplex no cdp enable ! interface FastEthernet0/0/0 description admin network switchport access vlan 40 no ip address ! interface FastEthernet0/0/1 no ip address ! interface FastEthernet0/0/2 no ip address --More--  ! interface FastEthernet0/0/3 no ip address ! interface Vlan1 no ip address ! interface Vlan40 description Admin VLAN ip address 192.168.20.0 255.255.0.0 ! interface Dialer0 ip address negotiated ip access-group Outside_Access in ip accounting output-packets ip mtu 1454 ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1414 dialer pool 1 dialer idle-timeout 0 dialer-group 1 --More--   ppp authentication chap callin crypto map clientmap ! ip local pool dynpool 20.20.20.20 20.20.20.40 ip local pool vpnpool 192.168.50.1 192.168.50.10 ip local pool ippool 192.168.120.1 192.168.120.25 ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 101 interface Dialer0 overload ip nat inside source list 102 interface Dialer0 overload ip nat inside source list 111 interface Dialer0 overload ip nat inside source list VPNNAT-ACL interface Dialer0 overload ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip access-list extended Inside_Access permit ip 10.0.0.0 0.0.0.255 any deny ip any any log ip access-list extended Outside_Access --More--   permit ip host 72.133.226.130 any permit ip host 156.98.25.41 any permit ip host 96.2.52.212 any permit udp any any eq isakmp permit udp any any eq non500-isakmp permit esp any any deny ip any any log ip access-list extended ssh_access permit ip host 10.0.0.60 any permit ip host 156.98.25.41 any permit ip host 72.133.226.130 any permit ip host 96.2.52.212 any permit ip object-group admin any deny ip any any log ! logging trap debugging logging source-interface FastEthernet0/1 logging 10.0.0.26 access-list 1 permit any access-list 15 permit 10.0.0.60 access-list 101 permit ip 10.0.0.0 0.0.0.255 any access-list 102 permit ip 0.0.20.0 255.255.0.0 any access-list 103 deny ip any any --More--  access-list 104 permit ip any any access-list 110 permit ip 10.0.0.0 0.0.0.255 192.168.120.0 0.0.0.255 access-list 111 deny ip 10.0.0.0 0.0.0.255 192.168.120.0 0.0.0.255 access-list 111 permit ip any any ! ! ! ! snmp-server community dirtyd RO 15 snmp-server community dirtyd12 RW 15 snmp-server enable traps snmp linkdown linkup coldstart snmp-server enable traps envmon snmp-server enable traps cpu threshold snmp-server enable traps ipsec tunnel start snmp-server enable traps ipsec tunnel stop ! ! ! ! control-plane ! ! ! --More--  line con 0 password 7 06055E324F41 line aux 0 line vty 0 4 access-class ssh_access in access-class ssh_access out transport input ssh line vty 5 15 access-class ssh_access in access-class ssh_access out transport input ssh ! scheduler allocate 20000 1000 end RTS01#