CISCO1841#show conf Using 7549 out of 196600 bytes ! version 12.4 service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname CISCO1841 ! boot-start-marker boot system flash boot-end-marker ! logging buffered 4096 no logging console no logging monitor enable secret 5 XXXXXXXXXXXXXXXXXXX ! aaa new-model ! ! aaa group server radius GRUPPO-RADIUS server 192.168.2.3 auth-port 1812 acct-port 1813 server 192.168.1.1 auth-port 1812 acct-port 1813 ! aaa authentication login LOCALE local ! ! aaa session-id common clock timezone GMT 1 clock summer-time GMT recurring ! dot11 ssid rete-protetta vlan 2 authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXXX ! dot11 ssid telefono vlan 3 max-associations 1 authentication open ! dot11 phone ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.2.129 ip dhcp excluded-address 192.168.2.1 ! ip dhcp pool WIRELESS network 192.168.2.128 255.255.255.192 default-router 192.168.2.129 dns-server 193.70.152.15 193.70.152.25 ! ip dhcp pool RETE-PROTETTA network 192.168.2.0 255.255.255.192 default-router 192.168.2.1 dns-server 193.70.152.15 193.70.152.25 ! ! ip name-server 193.70.152.15 ip name-server 193.70.152.25 ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! multilink bundle-name authenticated password encryption aes ! ! ! ! username XXXXXXXX privilege 15 password 7 XXXXXXXXXXX archive log config hidekeys ! ! interface FastEthernet0/0 description RETE P2P ip address 192.168.1.1 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly speed 100 full-duplex ! interface FastEthernet0/1 description RETE PROTETTA ip address 192.168.2.1 255.255.255.192 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly speed 100 full-duplex ! interface ATM0/0/0 bandwidth 8000 no ip address no atm ilmi-keepalive dsl operating-mode adsl2+ pvc 8/35 encapsulation aal5snap pppoe-client dial-pool-number 1 ! ! interface Dot11Radio0/1/0 description RETE WIRELESS no ip address no ip redirects no ip unreachables no ip proxy-arp ! encryption vlan 2 mode ciphers aes-ccm tkip ! broadcast-key vlan 2 change 300 ! ! ssid rete-protetta ! ssid telefono ! speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 channel 2457 station-role root ! interface Dot11Radio0/1/0.1 description WIRELESS PROTETTA encapsulation dot1Q 2 ip address 192.168.2.129 255.255.255.192 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ! interface Dot11Radio0/1/0.2 description WIRELESS TELEFONO VOIP encapsulation dot1Q 3 ip address 192.168.3.1 255.255.255.252 ip access-group TELEFONO-VOIP-INGRESSO in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ! interface Dialer1 mtu 1492 bandwidth 8000 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication chap callin ppp chap hostname XXXXXXXXXXXXXXXXX ppp chap password 7 XXXXXXXXXXXXXXXXXX ppp multilink interleave ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! no ip http server no ip http secure-server ip nat inside source list NATCLIENT-P2P interface Dialer1 overload ip nat inside source list NATCLIENT-RETE-PROTETTA interface Dialer1 overload ip nat inside source static tcp 192.168.1.4 10989 interface Dialer1 10989 ip nat inside source static udp 192.168.1.4 11633 interface Dialer1 11633 ip nat inside source static tcp 192.168.1.4 6463 interface Dialer1 6463 ip nat inside source static tcp 192.168.1.4 2234 interface Dialer1 2234 ip nat inside source static udp 192.168.3.2 3478 interface Dialer1 3478 ip nat inside source static udp 192.168.3.2 5060 interface Dialer1 5060 ip nat inside source static udp 192.168.3.2 8000 interface Dialer1 8000 ip nat inside source static udp 192.168.3.2 8001 interface Dialer1 8001 ip nat inside source static udp 192.168.3.2 8002 interface Dialer1 8002 ip nat inside source static 192.168.3.2 interface Dialer1 ! ip access-list standard NATCLIENT-P2P permit 192.168.1.0 0.0.0.7 ip access-list standard NATCLIENT-RETE-PROTETTA permit 192.168.2.0 0.0.0.255 ip access-list standard SICUREZZA-SNMP permit 192.168.2.3 ! ip access-list extended CONSENTI-RETI-INTERNE deny ip host 192.168.1.4 192.168.2.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255 deny ip host 192.168.3.2 192.168.2.0 0.0.0.255 deny tcp host 193.70.152.15 eq domain any deny udp host 193.70.152.15 eq domain any deny tcp host 193.70.152.25 eq domain any deny udp host 193.70.152.25 eq domain any permit ip any any ip access-list extended TELEFONO-VOIP-INGRESSO permit tcp host 192.168.2.3 eq www host 192.168.1.4 deny tcp any eq www any log deny tcp any any eq www log deny tcp any any eq 443 log deny udp any any eq 443 log deny tcp any any eq ftp log deny tcp any any eq ftp-data log deny tcp any any eq telnet log deny tcp any any eq pop3 log deny tcp any any eq smtp log permit icmp host 192.168.3.2 192.168.2.0 0.0.0.255 echo-reply permit icmp host 192.168.3.2 192.168.1.0 0.0.0.255 echo-reply deny ip any 192.168.2.0 0.0.0.255 log deny ip any 192.168.1.0 0.0.0.255 log permit ip host 192.168.3.2 any deny ip any any log ip access-list extended TELNET deny tcp host 192.168.1.4 any eq telnet permit ip any any log deny ip any any log ! no cdp run ! ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 session-timeout 5 login authentication LOCALE transport preferred telnet transport input telnet ! scheduler allocate 20000 1000 end