
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Afdis_HeadOffice
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication ppp use-radius group radius
aaa authorization network default group radius 
aaa session-id common
ip subnet-zero
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.0.1 192.168.0.20
!
!
no ip domain lookup
ip domain name afdisgl
ip name-server 196.201.1.6
ip name-server 196.201.1.7
ip name-server 192.168.0.1
ip cef
ip ids po max-events 100
ip ssh version 2
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
 description VPN Dialin
 accept-dialin
  protocol l2tp
  virtual-template 1
 l2tp security crypto-profile l2tpprof
 no l2tp tunnel authentication
!
vpdn-group 2
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
async-bootp dns-server 192.168.0.7
no ftp-server write-enable
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key xxxxx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set l2tptrans esp-des esp-md5-hmac 
 mode transport
!
!
crypto map l2tpmap 10 ipsec-isakmp profile l2tpprof 
 set transform-set l2tptrans 
!
!
!
interface FastEthernet0
 ip address 196.27.96.42 255.255.255.0 secondary
 ip address 196.27.108.49 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map l2tpmap
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
 shutdown
!
interface FastEthernet3
 no ip address
 shutdown
!
interface FastEthernet4
 no ip address
 shutdown
!
interface Virtual-Template1
 ip unnumbered FastEthernet0
 ip nat inside
 ip virtual-reassembly
 peer default ip address pool vpn
 ppp encrypt mppe auto
 ppp authentication ms-chap ms-chap-v2 callin use-radius
!
interface Vlan1
 description Link to Afdis LAN
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
!
ip local pool vpn 192.168.0.11 192.168.0.14
ip classless
ip route 0.0.0.0 0.0.0.0 196.27.108.1
ip route 192.168.1.0 255.255.255.0 192.168.0.11
ip http server
ip http authentication local
no ip http secure-server
ip nat translation timeout 30
ip nat pool ssh 196.27.108.49 196.27.108.49 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.0.1 22 196.27.108.49 22 extendable
ip nat inside source static tcp 192.168.0.1 25 196.27.108.49 25 extendable
ip nat inside source static tcp 192.168.0.1 80 196.27.108.49 80 extendable
ip nat inside source static tcp 192.168.0.1 8080 196.27.108.49 8080 extendable
ip nat inside source static tcp 192.168.0.25 62070 196.27.108.49 62070 extendable
!
!
!
logging trap debugging
logging facility local5
logging 192.168.0.4
access-list 1 remark Permit NAT traffic from 192.168.254.0/24
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
!
radius-server host 192.168.0.4 auth-port 1645 acct-port 1646
radius-server key 7 
radius-server vsa send authentication
!
control-plane
!
banner login 
*******************************************************************

AFDIS Authorised Personnel Only.  Unauthorised Login Prohibited!!!!!

*******************************************************************
!
line con 0
 password 7 
 speed 115200
 flowcontrol hardware
line aux 0
end