! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! logging message-counter syslog no logging buffered ! no aaa new-model clock timezone gmt 0 clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00 ! dot11 syslog ! dot11 ssid xxxxxxx authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 xxxxxxx ! ip source-route no ip dhcp use vrf connected ip dhcp excluded-address 192.168.200.1 ! ip dhcp pool internal network 192.168.200.0 255.255.255.0 default-router 192.168.200.1 dns-server 192.168.200.1 lease 0 2 ! ! ip cef ip name-server xxxxxxxxx ip name-server xxxxxxxx ! ! ! ! username xxxxx privilege 15 secret 5 xxxxxxxxxxx ! ! ! archive log config hidekeys ! ! ! class-map type inspect match-any uuh match protocol l2tp class-map type inspect match-all sdm-cls-sdm-permit-icmpreply-1 match class-map uuh match access-group name VPN class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol tcp match protocol udp match protocol icmp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-insp-traffic inspect class type inspect sdm-protocol-http inspect class type inspect SDM-Voice-permit inspect class class-default pass policy-map type inspect sdm-permit class class-default drop ! zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect ! bridge irb ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode adsl2+ ! interface ATM0.1 point-to-point description Broadband$FW_OUTSIDE$ ip address xxxxxxxxxxx ip nat outside ip virtual-reassembly zone-member security out-zone atm route-bridged ip pvc 0/101 oam-pvc manage encapsulation aal5snap ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Dot11Radio0 no ip address ! encryption mode ciphers tkip ! ssid xxxx ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 no ip address bridge-group 1 ! interface BVI1 description $FW_INSIDE$ ip address 192.168.200.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 xxxxxxxxx ip http server ip http authentication local ip http secure-server ! ip dns server ip nat inside source list 1 interface ATM0.1 overload ! ip access-list extended VPN remark SDM_ACL Category=128 permit ip any any ! access-list 1 permit 192.168.200.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip xxxxxxxxx 0.0.3.255 any ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 login local no modem enable line aux 0 line vty 0 4 login local ! scheduler max-task-time 5000 ntp server 192.43.244.18 end