Building configuration...

  
  
Current configuration : 9218 bytes
!
! Last configuration change at 14:38:21 GMT Tue Mar 31 2020 by rick
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rtr
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authentication ppp VPDN_AUTH local
aaa authorization exec default local 
!
!
!
!
!
!
aaa session-id common
clock timezone GMT 1 0
!
crypto pki trustpoint TP-self-signed-1994429170
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1994429170
 revocation-check none
 rsakeypair TP-self-signed-1994429170
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
 subject-name e=sdmtest@sdmtest.com
 revocation-check crl
!
crypto pki trustpoint rtr_Certificate
 enrollment selfsigned
 serial-number none
 ip-address none
 revocation-check crl
 rsakeypair rtr_Certificate_RSAKey 512
!
!
crypto pki certificate chain TP-self-signed-1994429170
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain rtr_Certificate
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2 10.10.10.99
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.128
 default-router 10.10.10.1 
 dns-server 10.10.10.1 
 lease 0 2
!
!
!
ip domain name sahs.local
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
 match ipv4 source address
 match ipv4 destination address
 match application name
 collect interface output
 collect counter bytes
 collect counter packets
 collect timestamp absolute first
 collect timestamp absolute last
!
!
flow monitor application-mon
 cache timeout active 60
 record nbar-appmon
!
parameter-map type inspect global
 max-incomplete low 18000
 max-incomplete high 20000
 nbar-classify
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group L2TP
 ! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
!
!
!
!
voice service voip
!
!
!
!
license udi pid C897VA-K9 sn FCZ214991MD
!
!
object-group service INTERNAL_UTM_SERVICE 
!
object-group network Others_dst_net 
 any
!
object-group network Others_src_net 
 any
!
object-group service Others_svc 
 ip
!
object-group network Web_dst_net 
 any
!
object-group network Web_src_net 
 any
!
object-group service Web_svc 
 ip
!
object-group network all_dst_net 
 any
!
object-group network all_src_net 
 any
!
object-group service all_svc 
 ip
!
object-group network local_cws_net 
!
object-group network local_lan_subnets 
 10.10.10.0 255.255.255.128
!
object-group network vpn_remote_subnets 
 192.168.100.0 255.255.255.0
!
username xxx privilege 15 secret 5 $1$Zsps$HUAR1DrT92sEieelQc182/
username yyy password 0 $1$Zsps$HUAR1DrT92sEieelQc182/
!
redundancy
!
!
!
!
!
controller VDSL 0
 operating mode vdsl2
no cdp run
!
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
 match protocol msnmsgr
 match protocol ymsgr
class-map type inspect match-any Others_app
 match protocol https
 match protocol smtp
 match protocol pop3
 match protocol imap
 match protocol sip
 match protocol ftp
 match protocol dns
 match protocol icmp
class-map type inspect match-all all
 match access-group name all_acl
class-map type inspect match-any Web_app
 match protocol http
class-map type inspect match-all Others
 match class-map Others_app
 match access-group name Others_acl
class-map type inspect match-all Web
 match class-map Web_app
 match access-group name Web_acl
!
policy-map type inspect LAN-WAN-POLICY
 class type inspect all
  inspect 
 class type inspect Web
  inspect 
 class type inspect Others
  inspect 
 class type inspect INTERNAL_DOMAIN_FILTER
  inspect 
 class class-default
  drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
 service-policy type inspect LAN-WAN-POLICY
! 
crypto keyring L2TP  
  pre-shared-key address 0.0.0.0 0.0.0.0 key $1$Zsps$HUAR1DrT92sEieelQc182/
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set TS1 esp-aes esp-sha-hmac 
 mode transport
!
!
!
crypto dynamic-map DYN_MAP 10
 set nat demux
 set transform-set TS1 
!
!
crypto map CRYP_MAP 6000 ipsec-isakmp dynamic DYN_MAP 
!
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface Ethernet0
 no ip address
!
interface Ethernet0.1
 description PrimaryWANDesc_
 encapsulation dot1Q 835
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
!
interface GigabitEthernet2
 no ip address
!
interface GigabitEthernet3
 no ip address
!
interface GigabitEthernet4
 no ip address
!
interface GigabitEthernet5
 no ip address
!
interface GigabitEthernet6
 no ip address
!
interface GigabitEthernet7
 no ip address
!
interface GigabitEthernet8
 no ip address
 ip tcp adjust-mss 1412
 duplex auto
 speed auto
!
interface Virtual-Template1
 ip unnumbered Dialer1
 ip nbar protocol-discovery
 ip flow monitor application-mon input
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in
 load-interval 30
 peer default ip address pool vpn_pool
 ppp mtu adaptive
 ppp authentication ms-chap-v2 VPDN_AUTH
!
interface Vlan1
 description $ETH_LAN$
 ip address 10.10.10.1 255.255.255.128
 ip nbar protocol-discovery
 ip flow monitor application-mon input
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1412
 load-interval 30
!
interface Dialer1
 description PrimaryWANDesc__Ethernet0.1
 mtu 1492
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1412
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp mtu adaptive
 ppp authentication chap pap callin
 ppp chap hostname CP1841SA9B2-A491B1@alicebiz.routed
 ppp chap password 0 $1$Zsps$HUAR1DrT92sEieelQc182/
 ppp pap sent-username CP1841SA9B2-A491B1@alicebiz.routed password 0 $1$Zsps$HUAR1DrT92sEieelQc182/
 ppp ipcp dns request
 crypto map CRYP_MAP
!
ip local pool vpn_pool 192.168.100.10 192.168.100.20
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list nat-list interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended Others_acl
 permit object-group Others_svc object-group Others_src_net object-group Others_dst_net
ip access-list extended Web_acl
 permit object-group Web_svc object-group Web_src_net object-group Web_dst_net
ip access-list extended all_acl
 permit object-group all_svc object-group all_src_net object-group all_dst_net
ip access-list extended nat-list
 deny   ip object-group local_lan_subnets object-group vpn_remote_subnets
 permit ip object-group local_lan_subnets any
!
ipv6 ioam timestamp
!
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 transport input telnet ssh
line vty 5 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master
ntp server europe.pool.ntp.org
!
!
!
!
!
!
!
end