! ! Last configuration change at 22:08:32 CDT Sun Oct 22 2017 ! NVRAM config last updated at 22:13:20 CDT Sun Oct 22 2017 by XXXXXXXX ! NVRAM config last updated at 22:13:20 CDT Sun Oct 22 2017 by XXXXXXXX version 15.1 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec show-timezone service password-encryption service sequence-numbers ! hostname XXXXXXXX ! boot-start-marker boot-end-marker ! ! security authentication failure rate 3 log security passwords min-length 6 logging count no logging buffered no logging rate-limit enable secret 5 XXXXXXXX enable password 7 XXXXXXXX ! aaa new-model ! ! aaa authentication login default local ! ! ! ! ! aaa session-id common ! no process cpu extended history no process cpu autoprofile hog clock timezone CST -6 0 clock summer-time CDT recurring ! dot11 syslog ip source-route no ip gratuitous-arps ! ! ip cef ! ! ! no ip bootp server ip domain name XXXXXXXX ip host XXXXXXXX 192.168.0.15 ip name-server 129.250.35.250 ip name-server 64.94.33.1 ip name-server 192.250.35.251 ip name-server 205.171.2.65 ip inspect name protocol dns ip inspect name protocol ftp ip inspect name protocol https ip inspect name protocol icmp ip inspect name protocol tcp ip inspect name protocol udp ip ddns update method DYNDNS HTTP add http://XXXXXXXX@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= remove http://XXXXXXXX@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= interval maximum 0 2 0 0 ! no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! voice-card 0 ! crypto pki token default removal timeout 0 ! ! ! ! license udi pid CISCO2851 sn XXXXXXXX username XXXXXXXX privilege 15 view root secret 5 XXXXXXXX ! redundancy ! ! ip tcp synwait-time 10 ip ssh authentication-retries 5 ip ssh port 8500 rotary 1 ip ssh rsa keypair-name SSH-KEY ip ssh logging events ip ssh version 2 ip ssh dh min size 4096 ! ! ! buffers tune automatic ! ! ! ! ! interface GigabitEthernet0/0 description XXXXXXXX$FW_INSIDE$$ETH-LAN$ ip address 192.168.0.50 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip flow ingress ip flow egress ip nat inside ip virtual-reassembly in duplex auto speed auto no cdp enable no mop enabled ! interface GigabitEthernet0/1 description SPECTRUM$FW_OUTSIDE$$ETH-WAN$ mac-address XXXXXXXX ip ddns update hostname XXXXXXXX ip ddns update DYNDNS ip address dhcp client-id GigabitEthernet0/1 ip access-group 101 in ip mask-reply no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip flow ingress ip flow egress ip nat outside ip inspect protocol out ip virtual-reassembly in duplex auto speed auto ntp disable no cdp enable no mop enabled ! ! ! ! ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive ! ! ! ! ip forward-protocol nd ip http server ip http access-class 2 ip http authentication local no ip http secure-server ! ip flow-export version 5 ip flow-export destination 192.168.0.15 2055 ! ip nat inside source list 1 interface GigabitEthernet0/1 overload ip nat inside source static tcp 192.168.0.15 35878 interface GigabitEthernet0/1 35878 ip nat inside source static tcp 192.168.0.15 55368 interface GigabitEthernet0/1 55368 ip nat inside source static tcp 192.168.0.15 55350 interface GigabitEthernet0/1 55350 ip nat inside source static tcp 192.168.0.15 40000 interface GigabitEthernet0/1 40000 ip nat inside source static tcp 192.168.0.15 40001 interface GigabitEthernet0/1 40001 ip nat inside source static tcp 192.168.0.15 40002 interface GigabitEthernet0/1 40002 ip nat inside source static tcp 192.168.0.15 40003 interface GigabitEthernet0/1 40003 ip nat inside source static tcp 192.168.0.15 40004 interface GigabitEthernet0/1 40004 ip nat inside source static tcp 192.168.0.15 40005 interface GigabitEthernet0/1 40005 ip nat inside source static tcp 192.168.0.15 55150 interface GigabitEthernet0/1 55150 ! ip access-list extended DenyStdSSH deny tcp any any eq 22 permit tcp any any eq 8500 log ! logging trap debugging logging source-interface GigabitEthernet0/0 logging 192.168.0.15 access-list 1 remark INSIDE_IF=GigabitEthernet0/0 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark *** GigabitEthernet0/0 XXXXXXXX *** access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 100 remark ******************************* access-list 101 remark *** GigabitEthernet0/1 SPECTRUM *** access-list 101 remark --- SPECTRUM DHCP --- access-list 101 permit udp any eq bootps any eq bootpc log access-list 101 remark --- DNS --- access-list 101 permit udp any eq domain any access-list 101 remark --- DYNDNS_HTTP --- access-list 101 permit tcp any eq www any log access-list 101 remark --- DNSCRYPT --- access-list 101 permit tcp any host 192.168.0.15 eq 443 log access-list 101 permit udp any host 192.168.0.15 eq 443 log access-list 101 remark --- FTPS Explicit (Passive) --- access-list 101 permit tcp any host 192.168.0.15 eq 55150 log access-list 101 permit tcp any host 192.168.0.15 eq 40000 access-list 101 permit tcp any host 192.168.0.15 eq 40001 access-list 101 permit tcp any host 192.168.0.15 eq 40002 access-list 101 permit tcp any host 192.168.0.15 eq 40004 access-list 101 permit tcp any host 192.168.0.15 eq 40005 access-list 101 remark --- SOFTETHER VPN --- access-list 101 permit tcp any host 192.168.0.15 eq 55350 log access-list 101 remark --- PLEX MEDIA SERVER --- access-list 101 permit tcp any host 192.168.0.15 eq 35878 log access-list 101 remark --- DAMEWARE --- access-list 101 permit tcp any host 192.168.0.15 eq 55368 log access-list 101 remark --- ICMP --- access-list 101 permit icmp any any parameter-problem access-list 101 permit icmp any any net-unreachable access-list 101 permit icmp any any host-unreachable access-list 101 permit icmp any any port-unreachable access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any administratively-prohibited access-list 101 permit icmp any any ttl-exceeded access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any echo access-list 101 deny icmp any any log access-list 101 remark --- DENY SNMP --- access-list 101 deny udp any any eq snmp access-list 101 remark --- DENY NTP --- access-list 101 deny udp any any eq ntp access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 224.0.0.0 31.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip any any log no cdp run ! ! ! ! snmp-server community XXXXXXXX RW snmp-server chassis-id XXXXXXXX snmp-server enable traps syslog ! ! ! ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 5 0 transport preferred none transport output telnet line aux 0 line vty 0 4 access-class DenyStdSSH in exec-timeout 20 0 privilege level 15 password 7 XXXXXXXX login authentication local rotary 1 transport preferred ssh transport input ssh transport output ssh ! scheduler allocate 20000 1000 ntp logging ntp source GigabitEthernet0/0 ntp update-calendar ntp server 192.168.0.15 prefer end