Building configuration... Current configuration : 16690 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname hub1 ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization network ciscocp_vpn_group_ml_1 local ! ! aaa session-id common clock timezone Paris 1 clock summer-time Paris date Mar 30 2003 2:00 Oct 26 2003 3:00 dot11 syslog ! ! ip cef ! ! ip inspect WAAS enable ip domain name BETEREM ip name-server 195.68.0.2 ip name-server 195.68.0.1 ! multilink bundle-name authenticated parameter-map type protocol-info msn-servers server name messenger.hotmail.com server name gateway.messenger.hotmail.com server name webmessenger.msn.com parameter-map type protocol-info aol-servers server name login.oscar.aol.com server name toc.oscar.aol.com server name oam-d09a.blue.aol.com parameter-map type protocol-info yahoo-servers server name scs.msg.yahoo.com server name scsa.msg.yahoo.com server name scsb.msg.yahoo.com server name scsc.msg.yahoo.com server name scsd.msg.yahoo.com server name cs16.msg.dcn.yahoo.com server name cs19.msg.dcn.yahoo.com server name cs42.msg.dcn.yahoo.com server name cs53.msg.dcn.yahoo.com server name cs54.msg.dcn.yahoo.com server name ads1.vip.scd.yahoo.com server name radio1.launch.vip.dal.yahoo.com server name in1.msg.vip.re2.yahoo.com server name data1.my.vip.sc5.yahoo.com server name address1.pim.vip.mud.yahoo.com server name edit.messenger.yahoo.com server name messenger.yahoo.com server name http.pager.yahoo.com server name privacy.yahoo.com server name csa.yahoo.com server name csb.yahoo.com server name csc.yahoo.com ! ! crypto pki trustpoint TP-self-signed-2051073821 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2051073821 revocation-check none rsakeypair TP-self-signed-2051073821 ! ! crypto pki certificate chain TP-self-signed-2051073821 certificate self-signed 01 30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32303531 30373338 3231301E 170D3039 30373237 31343134 35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30353130 37333832 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AF9D BACBA4B9 6EAEA1CC 0EEFC1BB D7BB5FDD D0EBB224 B79C4E06 92C614CD 81DCADBE 4B2D16EC 00C04DD8 5246EA02 6A181DFD 0505148F 05C59904 D16F68EE C1A95B3B 5E8F7A4A 4735C49D 5161A025 E919CC1F 450DE8C9 0D1511E4 324E2D4B 10142B42 B51D7E17 16C38F42 C25D632E 4B50BB86 E4F1B579 7AA12E03 D7FD0032 748F0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603 551D1104 15301382 1152744D 6172732D 30312E42 45544552 454D301F 0603551D 23041830 168014A7 FC7914DA 29DC9455 2ECEBAD4 845600CC 9DF37330 1D060355 1D0E0416 0414A7FC 7914DA29 DC94552E CEBAD484 5600CC9D F373300D 06092A86 4886F70D 01010405 00038181 006F3F43 F24F1EDE A376BEAE CA0AFCA6 3E9A7A9B 73165013 BED504D7 5313262A B48C6D33 29B6E871 02891884 34B2D9C8 7A9A65A5 5B5CE6C2 D96FD73A 144319EF 0B864C3A 2CCB8C9E 4861A5FA D9457B7E 6D31CA14 E70E4F5D 01971B8C CF6AD8A3 F6329B50 4EA36BFA E56074AC 27D5C1E1 A667E457 6FAA069F 52FBE0AF C8A12F1F 20 quit ! ! username ????? privilege 15 secret 5 ?????? archive log config hidekeys ! ! crypto isakmp policy 5 authentication pre-share group 2 crypto isakmp key ????? address 0.0.0.0 0.0.0.0 crypto isakmp profile ciscocp-ike-profile-1 match identity group ????? isakmp authorization list ciscocp_vpn_group_ml_1 client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set dmvpnset esp-3des esp-sha-hmac mode transport crypto ipsec transform-set dmvpnset2 esp-3des esp-sha-hmac mode transport ! crypto ipsec profile CiscoCP_Profile1 set transform-set ESP-3DES-SHA set isakmp-profile ciscocp-ike-profile-1 ! crypto ipsec profile dmvpnpoc set transform-set dmvpnset ! crypto ipsec profile dmvpnpoc2 set transform-set dmvpnset2 ! ! ! ! ! class-map type inspect match-any SDM_HTTPS match access-group name SDM_HTTPS class-map type inspect match-any SDM_SSH match access-group name SDM_SSH class-map type inspect match-any SDM_SHELL match access-group name SDM_SHELL class-map type inspect match-any sdm-cls-access match class-map SDM_HTTPS match class-map SDM_SSH match class-map SDM_SHELL class-map type inspect imap match-any ccp-app-imap match invalid-command class-map type inspect match-any ccp-cls-protocol-p2p match protocol edonkey signature match protocol gnutella signature match protocol kazaa2 signature match protocol fasttrack signature match protocol bittorrent signature class-map type inspect match-any SDM_AH match access-group name SDM_AH class-map type inspect match-any CCP-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any ccp-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all ccp-insp-traffic match class-map ccp-cls-insp-traffic class-map type inspect match-any SDM_IP match access-group name SDM_IP class-map type inspect gnutella match-any ccp-app-gnutella match file-transfer class-map type inspect match-any SDM_ESP match access-group name SDM_ESP class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC match protocol isakmp match protocol ipsec-msft match class-map SDM_AH match class-map SDM_ESP class-map type inspect match-all SDM_EASY_VPN_SERVER_PT match class-map SDM_EASY_VPN_SERVER_TRAFFIC class-map type inspect msnmsgr match-any ccp-app-msn-otherservices match service any class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices match service any class-map type inspect match-any ccp-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any ccp-cls-protocol-im match protocol ymsgr yahoo-servers match protocol msnmsgr msn-servers match protocol aol aol-servers class-map type inspect aol match-any ccp-app-aol-otherservices match service any class-map type inspect match-all ccp-protocol-pop3 match protocol pop3 class-map type inspect pop3 match-any ccp-app-pop3 match invalid-command class-map type inspect match-all sdm-access match class-map sdm-cls-access match access-group 101 class-map type inspect kazaa2 match-any ccp-app-kazaa2 match file-transfer class-map type inspect match-all ccp-protocol-p2p match class-map ccp-cls-protocol-p2p class-map type inspect msnmsgr match-any ccp-app-msn match service text-chat class-map type inspect ymsgr match-any ccp-app-yahoo match service text-chat class-map type inspect match-all ccp-protocol-im match class-map ccp-cls-protocol-im class-map type inspect match-all ccp-invalid-src match access-group 100 class-map type inspect match-all ccp-icmp-access match class-map ccp-cls-icmp-access class-map type inspect http match-any ccp-app-httpmethods match request method bcopy match request method bdelete match request method bmove match request method bpropfind match request method bproppatch match request method connect match request method copy match request method delete match request method edit match request method getattribute match request method getattributenames match request method getproperties match request method index match request method lock match request method mkcol match request method mkdir match request method move match request method notify match request method options match request method poll match request method propfind match request method proppatch match request method put match request method revadd match request method revlabel match request method revlog match request method revnum match request method save match request method search match request method setattribute match request method startrev match request method stoprev match request method subscribe match request method trace match request method unedit match request method unlock match request method unsubscribe class-map type inspect edonkey match-any ccp-app-edonkey match file-transfer match text-chat match search-file-name class-map type inspect http match-any ccp-http-blockparam match request port-misuse im match request port-misuse p2p match req-resp protocol-violation class-map type inspect edonkey match-any ccp-app-edonkeydownload match file-transfer class-map type inspect match-all ccp-protocol-imap match protocol imap class-map type inspect aol match-any ccp-app-aol match service text-chat class-map type inspect edonkey match-any ccp-app-edonkeychat match search-file-name match text-chat class-map type inspect http match-any ccp-http-allowparam match request port-misuse tunneling class-map type inspect match-all ccp-protocol-http match protocol http class-map type inspect fasttrack match-any ccp-app-fasttrack match file-transfer ! ! policy-map type inspect ccp-permit-icmpreply class type inspect ccp-icmp-access inspect class class-default pass policy-map type inspect p2p ccp-action-app-p2p class type inspect edonkey ccp-app-edonkeychat log allow class type inspect edonkey ccp-app-edonkeydownload log allow class type inspect fasttrack ccp-app-fasttrack log allow class type inspect gnutella ccp-app-gnutella log allow class type inspect kazaa2 ccp-app-kazaa2 log allow class class-default policy-map type inspect im ccp-action-app-im class type inspect aol ccp-app-aol log allow class type inspect msnmsgr ccp-app-msn log allow class type inspect ymsgr ccp-app-yahoo log allow class type inspect aol ccp-app-aol-otherservices log reset class type inspect msnmsgr ccp-app-msn-otherservices log reset class type inspect ymsgr ccp-app-yahoo-otherservices log reset class class-default policy-map type inspect http ccp-action-app-http class type inspect http ccp-http-blockparam log reset class type inspect http ccp-app-httpmethods log reset class type inspect http ccp-http-allowparam log allow class class-default policy-map type inspect imap ccp-action-imap class type inspect imap ccp-app-imap log class class-default policy-map type inspect pop3 ccp-action-pop3 class type inspect pop3 ccp-app-pop3 log class class-default policy-map type inspect ccp-inspect class type inspect ccp-invalid-src drop log class type inspect ccp-protocol-http inspect service-policy http ccp-action-app-http class type inspect ccp-protocol-imap inspect service-policy imap ccp-action-imap class type inspect ccp-protocol-pop3 inspect service-policy pop3 ccp-action-pop3 class type inspect ccp-protocol-p2p inspect service-policy p2p ccp-action-app-p2p class type inspect ccp-protocol-im inspect service-policy im ccp-action-app-im class type inspect ccp-insp-traffic inspect class type inspect CCP-Voice-permit inspect class class-default pass policy-map type inspect ccp-permit class type inspect SDM_EASY_VPN_SERVER_PT pass class type inspect sdm-access inspect class class-default policy-map type inspect sdm-permit-ip class type inspect SDM_IP pass class class-default drop log ! zone security out-zone zone security in-zone zone security ezvpn-zone zone-pair security ccp-zp-self-out source self destination out-zone service-policy type inspect ccp-permit-icmpreply zone-pair security ccp-zp-in-out source in-zone destination out-zone service-policy type inspect ccp-inspect zone-pair security ccp-zp-out-self source out-zone destination self service-policy type inspect ccp-permit zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone service-policy type inspect sdm-permit-ip ! ! ! interface Tunnel0 description MULTI-POINT GRE TUNNEL for BRANCHES bandwidth 1000 ip address 192.168.142.101 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication ???? ip nhrp map multicast dynamic ip nhrp network-id 100000 ip nhrp holdtime 600 no ip split-horizon eigrp 1 no ip mroute-cache delay 1000 tunnel source FastEthernet0/1 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile dmvpnpoc ! interface Tunnel1 description MULTI-POINT GRE TUNNEL for BRANCHES bandwidth 1000 ip address 192.168.2.101 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication ???? ip nhrp map multicast dynamic ip nhrp network-id 100003 ip nhrp holdtime 600 no ip split-horizon eigrp 1 no ip mroute-cache delay 1050 tunnel source FastEthernet0/1 tunnel mode gre multipoint tunnel key 100003 tunnel protection ipsec profile dmvpnpoc2 ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description $ETH-WAN$$FW_OUTSIDE$ ip address IPWANHUB1 255.255.255.240 ip access-group 108 in ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/1 zone-member security ezvpn-zone tunnel mode ipsec ipv4 tunnel protection ipsec profile CiscoCP_Profile1 ! interface Vlan1 description $FW_INSIDE$ ip address 192.168.100.251 255.255.255.0 ip nat inside ip virtual-reassembly no glbp 10 load-balancing ! router eigrp 1 network 192.168.2.0 network 192.168.100.0 network 192.168.142.0 no auto-summary ! ip local pool SDM_POOL_1 192.168.100.20 192.168.100.30 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 ????? ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet0/1 overload ! ip access-list extended SDM_AH remark CCP_ACL Category=1 remark SDM_ACL Category=17 permit ahp any any ip access-list extended SDM_ESP remark CCP_ACL Category=1 remark SDM_ACL Category=17 permit esp any any ip access-list extended SDM_HTTPS remark CCP_ACL Category=1 permit tcp any any eq 443 ip access-list extended SDM_IP remark CCP_ACL Category=1 remark SDM_ACL Category=17 permit ip any any ip access-list extended SDM_SHELL remark CCP_ACL Category=1 permit tcp any any eq cmd ip access-list extended SDM_SSH remark CCP_ACL Category=1 permit tcp any any eq 22 ! access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 192.168.100.0 0.0.0.255 access-list 100 remark CCP_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 84.14.47.32 0.0.0.15 any access-list 101 remark CCP_ACL Category=128 access-list 101 permit ip 212.234.49.0 0.0.0.255 any access-list 101 permit ip host 193.251.87.204 any access-list 102 remark CCP_ACL Category=4 access-list 102 permit ip 192.168.100.0 0.0.0.255 any access-list 108 permit ip any any access-list 108 permit esp any any access-list 108 permit gre any any access-list 108 permit icmp any any access-list 110 permit ip 10.10.10.0 0.0.0.255 any ! ! ! ! control-plane ! banner login ^C ----------------------------------------------------------------------- Authorized access only! Disconnect IMMEDIATELY if you are not an authorized user! ----------------------------------------------------------------------- ^C ! line con 0 line aux 0 line vty 0 4 privilege level 15 transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ! end