!Cisco 1760 12.4 AdvSec version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname CLV-VPN-1760 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging enable secret xxxx ! aaa new-model ! ! aaa authentication login default group radius local aaa authentication enable default group radius enable ! aaa session-id common clock timezone EST -5 clock summer-time DST recurring no ip source-route ip cef ! ! ip inspect name standard cuseeme ip inspect name standard ftp ip inspect name standard h323 ip inspect name standard http ip inspect name standard rcmd ip inspect name standard realaudio ip inspect name standard smtp ip inspect name standard sqlnet ip inspect name standard streamworks ip inspect name standard tcp ip inspect name standard tftp ip inspect name standard udp ip inspect name standard vdolive ip inspect name standard rtsp ip inspect name standard sip ip inspect name standard skinny ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! no ip bootp server ip domain name xxx.com ip name-server 10.1.1.89 ip name-server 10.1.1.87 ip name-server 10.1.1.43 ! ! ip tcp synwait-time 10 ip ssh source-interface Ethernet0/0 ! ! crypto isakmp policy 1 encr aes 256 authentication pre-share group 5 crypto isakmp key xxx address 208.x.x.x crypto isakmp key xxx address 207.x.x.x crypto isakmp key xxx address 207.x.x.x ! ! crypto ipsec transform-set myset esp-aes esp-sha-hmac ! crypto map myset 10 ipsec-isakmp set peer 207.x.x.x set peer 208.x.x.x set peer 207.x.x.x set transform-set myset match address 101 ! ! ! interface Ethernet0/0 description $FW_OUTSIDE$ ip address 98.x.x.x 255.255.255.252 ip access-group 103 in ip verify unicast reverse-path no ip redirects no ip unreachables ip nbar protocol-discovery ip inspect standard out ip nat outside ip virtual-reassembly ip route-cache flow full-duplex crypto map myset ! interface FastEthernet0/0 description CLV_LAN $FW_INSIDE$ ip address 10.75.1.1 255.255.255.0 ip helper-address 10.1.1.104 !ip access-group 102 in (removed for testing) no ip redirects no ip unreachables ip nbar protocol-discovery ip nat inside ip virtual-reassembly ip route-cache flow speed 100 full-duplex ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 98.x.x.x ip flow-export source FastEthernet0/0 ip flow-export version 5 ip flow-export destination 10.1.1.124 9996 ip flow-top-talkers top 10 sort-by bytes cache-timeout 10 ! no ip http server ip http access-class 1 ip http authentication local ip http secure-server ! ip radius source-interface FastEthernet0/0 logging trap errors logging source-interface FastEthernet0/0 logging 10.0.0.105 access-list 1 permit 10.1.1.0 0.0.0.255 access-list 1 deny any log access-list 3 permit 10.1.1.0 0.0.0.255 access-list 3 permit 208.x.x.x 0.0.0.255 access-list 3 permit 207.x.x.x 0.0.0.255 access-list 3 deny any log access-list 101 permit ip 10.75.1.0 0.0.0.255 10.99.0.0 0.0.255.255 access-list 101 permit ip 10.75.1.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 101 permit ip 10.75.1.0 0.0.0.255 10.0.0.0 0.0.1.255 access-list 101 permit ip 10.75.1.0 0.0.0.255 10.0.4.0 0.0.1.255 access-list 101 permit ip 10.75.1.0 0.0.0.255 10.0.254.0 0.0.1.255 access-list 101 permit ip 10.75.1.0 0.0.0.255 10.131.0.0 0.0.255.255 !acces-list 102 removed for testing access-list 103 remark FOR OUTSIDE INTERFACE (DSL/CABLE) access-list 103 deny tcp any any eq telnet access-list 103 permit ip 208.x.x.x 0.0.0.255 any access-list 103 permit ip 207.x.x.x 0.0.0.255 any access-list 103 deny ip any any log snmp-server community xxx RO radius-server host 10.1.1.25 auth-port 1812 acct-port 1813 radius-server key xxx ! control-plane ! banner login ^ WARNING**WARNING**WARNING* Access to this computer system and associated network, computer resou rces, all data is restricted to th ose authorized by thiscorporation ONLY. All data contained on these computer systems is owned by the this corporation and may be monito red,intercepted,recorded,read, cop ied, or captured in any manner and disclosed in any manner, by author ized personnel. THERE IS NO RIGHT OF PRIVACY IN THIS SYSTEM. System personnel may give to law en forcement officials any potential evidence of crime found on these computer systems and/or networks. USE OF THIS SYSTEM BY ANY USER, AUTHORIZED OR UNAUTHORIZED,CONSTIT UTES CONSENT TO THIS MONITORING, INTERCEPTION,RECORDING,READING, COPYING,OR CAPTURING and DISCLOSURE. Violators will be prosecuted. ***********************************^C ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 session-timeout 15 exec-timeout 0 0 password xxx logging synchronous modem Dialin transport input all stopbits 1 flowcontrol hardware line vty 0 4 access-class 3 in exec-timeout 0 0 logging synchronous transport input ssh ! scheduler allocate 4000 1000 scheduler interval 500 ntp clock-period 17208166 ntp source FastEthernet0/0 ntp server 10.1.1.122 end