Building configuration... Current configuration : 7518 bytes ! ! Last configuration change at 20:32:16 GMT Sun Mar 29 2020 by xxx ! NVRAM config last updated at 19:53:51 GMT Sun Mar 29 2020 by xxx ! version 15.7 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname rtr_sahs ! ! ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login local_access local aaa authentication ppp default local aaa authentication ppp VPDN_AUTH local ! ! ! ! ! ! aaa session-id common clock timezone GMT 1 0 ! crypto pki trustpoint TP-self-signed-1994429170 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1994429170 revocation-check none rsakeypair TP-self-signed-1994429170 ! ! crypto pki certificate chain TP-self-signed-1994429170 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 10.10.10.2 10.10.10.99 ! ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.128 default-router 10.10.10.1 dns-server 10.10.10.1 lease 0 2 ! ! ! ip domain name sahs.local ip cef no ipv6 cef ! ! flow record nbar-appmon match ipv4 source address match ipv4 destination address match application name collect interface output collect counter bytes collect counter packets collect timestamp absolute first collect timestamp absolute last ! ! flow monitor application-mon cache timeout active 60 record nbar-appmon ! parameter-map type inspect global max-incomplete low 18000 max-incomplete high 20000 nbar-classify ! ! ! ! multilink bundle-name authenticated vpdn enable ! vpdn-group L2TP ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 no l2tp tunnel authentication ! ! ! ! ! voice service voip ! ! ! ! license udi pid C897VA-K9 sn FCZ214991MD ! ! object-group service INTERNAL_UTM_SERVICE ! object-group network Others_dst_net any ! object-group network Others_src_net any ! object-group service Others_svc ip ! object-group network Web_dst_net any ! object-group network Web_src_net any ! object-group service Web_svc ip ! object-group network all_dst_net any ! object-group network all_src_net any ! object-group service all_svc ip ! object-group network local_cws_net ! object-group network local_lan_subnets 10.10.10.0 255.255.255.128 ! object-group network vpn_remote_subnets any ! username cisco privilege 15 secret 5 $1$PmfM$uQz9rRnGz29v1jHhBbz/h0 username xxx privilege 15 secret 5 $1$7UYg$qYwNhi1FFGv9/3/UGr5on1 username yyy password 7 101F5B4A514244 ! redundancy ! ! ! ! ! controller VDSL 0 operating mode vdsl2 no cdp run ! ! class-map type inspect match-any INTERNAL_DOMAIN_FILTER match protocol msnmsgr match protocol ymsgr class-map type inspect match-any Others_app match protocol https match protocol smtp match protocol pop3 match protocol imap match protocol sip match protocol ftp match protocol dns match protocol icmp class-map type inspect match-all all match access-group name all_acl class-map type inspect match-any Web_app match protocol http class-map type inspect match-all Others match class-map Others_app match access-group name Others_acl class-map type inspect match-all Web match class-map Web_app match access-group name Web_acl ! policy-map type inspect LAN-WAN-POLICY class type inspect all inspect class type inspect Web inspect class type inspect Others inspect class type inspect INTERNAL_DOMAIN_FILTER inspect class class-default drop log ! zone security LAN zone security WAN zone security VPN zone security DMZ zone-pair security LAN-WAN source LAN destination WAN service-policy type inspect LAN-WAN-POLICY ! crypto keyring L2TP pre-shared-key address 0.0.0.0 0.0.0.0 key 35289678 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 28800 crypto isakmp keepalive 3600 ! ! crypto ipsec transform-set TS1 esp-aes esp-sha-hmac mode transport ! ! ! crypto dynamic-map DYN_MAP 10 set nat demux set transform-set TS1 ! ! crypto map CRYP_MAP 6000 ipsec-isakmp dynamic DYN_MAP ! ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface Ethernet0 no ip address ! interface Ethernet0.1 description PrimaryWANDesc_ encapsulation dot1Q 835 pppoe enable group global pppoe-client dial-pool-number 1 ! interface GigabitEthernet0 no ip address ! interface GigabitEthernet1 no ip address ! interface GigabitEthernet2 no ip address ! interface GigabitEthernet3 no ip address ! interface GigabitEthernet4 no ip address ! interface GigabitEthernet5 no ip address ! interface GigabitEthernet6 no ip address ! interface GigabitEthernet7 no ip address ! interface GigabitEthernet8 no ip address duplex auto speed auto ! interface Virtual-Template1 ip unnumbered Dialer1 peer default ip address pool vpn_pool ppp mtu adaptive ppp authentication ms-chap-v2 VPDN_AUTH ! interface Vlan1 description Vlan-uno ip address 10.10.10.1 255.255.255.128 ip nbar protocol-discovery ip flow monitor application-mon input ip flow ingress ip flow egress ip nat inside ip virtual-reassembly in zone-member security LAN ip tcp adjust-mss 1452 load-interval 30 ! interface Dialer1 description PrimaryWANDesc__Ethernet0 mtu 1492 ip address negotiated ip mtu 1452 ip nbar protocol-discovery ip nat outside ip virtual-reassembly in zone-member security WAN encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname xxxxxxxxxxxxx ppp chap password 7 02070852080301245B4F0E ppp pap sent-username xxxxxxxxxxxxxx password 7 082040470A1C0B12050A0B ppp ipcp dns request crypto map CRYP_MAP ! ip local pool vpn_pool 192.168.100.2 192.168.100.126 ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip dns server ip nat inside source list nat-list interface Dialer1 overload ip nat inside source static udp 10.10.10.0 1701 interface Dialer1 4500 ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip access-list extended Others_acl permit object-group Others_svc object-group Others_src_net object-group Others_dst_net ip access-list extended Web_acl permit object-group Web_svc object-group Web_src_net object-group Web_dst_net ip access-list extended all_acl permit object-group all_svc object-group all_src_net object-group all_dst_net ip access-list extended nat-list permit ip object-group local_lan_subnets any deny ip object-group local_lan_subnets object-group vpn_remote_subnets ! dialer-list 1 protocol ip permit ipv6 ioam timestamp ! access-list 23 permit 10.10.10.0 0.0.0.127 ! ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! line con 0 login authentication local_access no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 login authentication local_access transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ntp master ntp server europe.pool.ntp.org ! ! ! ! ! ! ! end