Current configuration : 20480 bytes ! version 15.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service sequence-numbers ! hostname redacted ! boot-start-marker boot-end-marker ! aqm-register-fnf ! logging buffered 16386 logging rate-limit 100 except warnings no logging console no logging monitor enable secret 5 redacted enable password 7 redacted ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! ! ! ! ! aaa session-id common no process cpu extended history no process cpu autoprofile hog clock timezone EST -5 0 clock summer-time EDT recurring ! crypto pki trustpoint TP-self-signed-4237958739 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4237958739 revocation-check none rsakeypair TP-self-signed-4237958739 ! ! crypto pki certificate chain TP-self-signed-4237958739 certificate self-signed 01 redacted quit ! ! ! ! ! ip dhcp excluded-address 10.0.1.1 10.0.1.99 ! ip dhcp pool redacted network 10.0.1.0 255.255.255.0 default-router 10.0.1.1 dns-server 75.75.76.76 ! ip dhcp pool redacted network 172.16.1.0 255.255.255.0 default-router 172.16.1.1 dns-server 75.75.76.76 ! ! ! ip domain name redacted ip name-server 75.75.75.75 ip name-server 75.75.76.76 ip inspect name DEFAULT ftp ip inspect name DEFAULT h323 ip inspect name DEFAULT netshow ip inspect name DEFAULT rcmd ip inspect name DEFAULT realaudio ip inspect name DEFAULT rtsp ip inspect name DEFAULT smtp ip inspect name DEFAULT sqlnet ip inspect name DEFAULT streamworks ip inspect name DEFAULT tftp ip inspect name DEFAULT udp ip inspect name DEFAULT tcp ip inspect name DEFAULT vdolive ip inspect name DEFAULT icmp ip cef login block-for 3600 attempts 3 within 30 no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! license udi pid C881-K9 sn FJC2007E1KR ! ! username wwishart privilege 15 redacted username ct_admin privilege 15 secret redacted ! ! ! ! ! ! class-map match-any VoIP match ip dscp ef match ip dscp af41 ! policy-map VoIPQoS class VoIP priority 768 class class-default fair-queue random-detect dscp-based ! ! ! crypto isakmp policy 100 encr aes 256 authentication pre-share group 16 ! crypto isakmp policy 110 encr aes 256 authentication pre-share group 5 lifetime 28800 ! crypto isakmp policy 120 encr aes 256 hash md5 authentication pre-share group 2 crypto isakmp key redacted address 108.xxx.xxx.188 crypto isakmp key redacted address 64.xxx.xxx.250 crypto isakmp key redacted address 98.xxx.xxx.72 crypto isakmp key redacted address 72.xxx.xxx.5 crypto isakmp key redacted address 50.xxx.xxx.145 crypto isakmp key redacted address 66.xxx.xxx.138 crypto isakmp key redacted address 173.xxx.xxx.63 crypto isakmp key redacted address 50.xxx.xxx.154 crypto isakmp key redacted address 50.xxx.xxx.154 crypto isakmp key redacted address 73.xxx.xxx.114 crypto isakmp key redacted address 96.xxx.xxx.171 crypto isakmp key redacted address 50.xxx.xxx.53 crypto isakmp key redacted address 96.xxx.xxx.61 crypto isakmp key redacted address 108.xxx.xxx.201 crypto isakmp key redacted address 108.xxx.xxx.220 ! ! crypto ipsec transform-set redactedTransformSet1 esp-aes 256 esp-sha512-hmac mode transport crypto ipsec transform-set S2SVPN esp-aes 256 esp-sha-hmac mode tunnel crypto ipsec transform-set redactedTransformSet2 esp-aes 256 esp-sha-hmac mode transport crypto ipsec transform-set redacted-TSET esp-aes 256 esp-sha-hmac mode transport ! crypto ipsec profile redactedProfile set security-association lifetime seconds 86400 set transform-set redactedTransformSet1 ! crypto ipsec profile redactedProfile2 set security-association lifetime seconds 86400 set transform-set redactedTransformSet2 ! ! ! crypto map CMAP 10 ipsec-isakmp set peer 66.xxx.xxx.138 set transform-set redacted-TSET match address 172 ! interface Tunnel1 ip address 192.168.100.1 255.255.255.0 ip mtu 1400 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1360 tunnel source 50.xxx.xxx.148 tunnel destination 98.xxx.xxx.72 tunnel protection ipsec profile redactedProfile ! interface Tunnel2 ip address 192.168.14.2 255.255.255.252 ip nat inside ip virtual-reassembly in tunnel source 50.xxx.xxx.148 tunnel destination 66.xxx.xxx.138 ! interface FastEthernet0 switchport access vlan 201 no ip address ! interface FastEthernet1 switchport mode trunk no ip address ! interface FastEthernet2 switchport mode trunk no ip address ! interface FastEthernet3 switchport mode trunk no ip address ! interface FastEthernet4 ip address 50.xxx.xxx.148 255.255.255.248 ip access-group 101 in ip access-group 102 out no ip redirects ip nat outside ip inspect DEFAULT out ip virtual-reassembly in ip tcp adjust-mss 1460 duplex auto speed auto no cdp enable crypto map CMAP ! interface Vlan1 ip address 10.0.0.1 255.255.255.0 ip access-group 102 in ip nat inside ip virtual-reassembly in ! interface Vlan200 ip address 172.16.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Vlan201 ip address 10.0.1.1 255.255.255.0 ip access-group 102 in ip nat inside ip virtual-reassembly in ! ! router eigrp 10 network 10.0.0.0 0.0.7.255 network 10.0.104.0 0.0.7.255 network 10.1.0.0 0.0.127.255 network 172.16.0.0 network 172.16.120.0 0.0.7.255 network 192.168.100.0 network 192.168.101.0 ! router bgp 65505 bgp log-neighbor-changes neighbor 192.168.14.1 remote-as 6167 neighbor 192.168.14.1 default-originate ! ip forward-protocol nd no ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip dns server no ip nat service sip tcp port 5060 no ip nat service sip udp port 5060 no ip nat service allow-sip-even-rtp-port ip nat inside source route-map Comcast interface FastEthernet4 overload ip route 0.0.0.0 0.0.0.0 50.xxx.xxx.150 ip route 172.16.1.0 255.255.255.0 FastEthernet4 ip route 172.16.17.0 255.255.255.0 FastEthernet4 ! ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 192.168.184.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 172.16.2.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 192.168.183.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 172.16.17.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 192.168.3.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 192.168.43.0 0.0.0.255 permit ip 10.0.2.0 0.0.0.255 192.168.43.0 0.0.0.255 permit ip 172.16.126.0 0.0.0.255 192.168.43.0 0.0.0.255 permit ip 192.168.43.0 0.0.0.255 10.0.1.0 0.0.0.255 permit ip 192.168.43.0 0.0.0.255 10.0.2.0 0.0.0.255 permit ip 192.168.43.0 0.0.0.255 172.17.126.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 10.1.1.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 10.1.2.0 0.0.0.255 ip access-list extended VPN_Traffic_redacted permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 ip access-list extended VPN_redacted permit ip 10.0.1.0 0.0.0.255 192.168.147.0 0.0.0.255 ip access-list extended VPN_VanNest2 permit ip 10.0.1.0 0.0.0.255 172.16.1.0 0.0.0.255 ip access-list extended VTYACL permit ip any any ! ip access-list logging interval 300000 logging facility daemon logging host 10.0.1.10 ! route-map Comcast permit 10 match ip address 100 ! snmp-server community EpicSystemsGroup RW access-list 100 deny ip 10.0.1.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 100 deny ip 10.0.1.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 100 deny ip 10.0.1.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 100 deny ip 10.0.1.0 0.0.0.255 172.16.2.0 0.0.0.255 access-list 100 deny ip 10.0.1.0 0.0.0.255 172.16.17.0 0.0.0.255 access-list 100 deny ip 10.0.1.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 100 deny ip 172.16.1.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 100 permit ip 10.0.1.0 0.0.0.255 any access-list 100 permit ip 10.1.1.0 0.0.0.7 any access-list 100 permit ip 10.0.104.0 0.0.7.255 any access-list 100 permit ip 172.16.1.0 0.0.0.255 any access-list 101 remark IPS Protection for Router (08/08/2019) access-list 101 remark CCP_ACL Category=17 access-list 101 remark Auto generated by CCP for NTP (123) 64.90.182.55 access-list 101 permit udp host 64.90.182.55 eq ntp host 50.195.108.148 eq ntp access-list 101 deny tcp any any eq 22 access-list 101 deny tcp any any eq telnet access-list 101 deny tcp any any eq 445 access-list 101 deny tcp any any eq 2002 access-list 101 deny udp any any eq 1645 access-list 101 deny udp any any eq 1646 access-list 101 deny udp any any eq 1812 access-list 101 deny udp any any eq 1813 access-list 101 deny udp any any eq 1978 access-list 101 deny udp any any eq 2002 access-list 101 deny udp any any eq 4156 access-list 101 deny ip 1.0.32.0 0.0.31.255 any access-list 101 deny ip 1.1.16.0 0.0.15.255 any access-list 101 deny ip 1.1.32.0 0.0.31.255 any access-list 101 deny ip 1.2.16.0 0.0.15.255 any access-list 101 deny ip 1.2.64.0 0.0.63.255 any access-list 101 deny ip 1.3.0.0 0.0.255.255 any access-list 101 deny ip 14.0.0.0 0.255.255.255 any access-list 101 deny ip host 20.249.106.170 any access-list 101 deny ip 23.95.27.0 0.0.0.255 any access-list 101 deny ip host 45.79.106.170 any access-list 101 deny ip 50.21.180.0 0.0.0.255 any access-list 101 deny ip 58.147.128.0 0.0.31.255 any access-list 101 deny ip 61.5.192.0 0.0.15.255 any access-list 101 deny ip 61.147.107.0 0.0.0.255 any access-list 101 deny ip 61.174.51.0 0.0.0.255 any access-list 101 deny ip 69.50.64.0 0.0.15.255 any access-list 101 deny ip 69.57.224.0 0.0.31.255 any access-list 101 deny ip 76.76.160.0 0.0.31.255 any access-list 101 deny ip 78.188.103.0 0.0.0.255 any access-list 101 deny ip host 89.248.172.16 any access-list 101 deny ip 92.247.120.0 0.0.0.255 any access-list 101 deny ip 93.174.93.0 0.0.0.255 any access-list 101 deny ip host 93.174.195.106 any access-list 101 deny ip 103.224.165.0 0.0.0.255 any access-list 101 deny ip 112.220.192.0 0.0.0.255 any access-list 101 deny ip 116.10.191.0 0.0.0.255 any access-list 101 deny ip 117.55.192.0 0.0.15.255 any access-list 101 deny ip 118.161.78.0 0.0.0.255 any access-list 101 deny ip 118.161.66.0 0.0.0.255 any access-list 101 deny ip 121.127.32.0 0.0.31.255 any access-list 101 deny ip 122.228.207.0 0.0.0.255 any access-list 101 deny ip 123.0.0.0 0.0.0.255 any access-list 101 deny ip 124.199.112.0 0.0.15.255 any access-list 101 deny ip 125.213.192.0 0.0.31.255 any access-list 101 deny ip 125.227.158.0 0.0.0.255 any access-list 101 deny ip 149.54.0.0 0.0.127.255 any access-list 101 deny ip 173.208.200.0 0.0.0.255 any access-list 101 deny ip 175.106.32.0 0.0.31.255 any access-list 101 deny ip 180.94.64.0 0.0.31.255 any access-list 101 deny ip 183.136.216.0 0.0.0.255 any access-list 101 deny ip 187.0.0.0 0.255.255.255 any access-list 101 deny ip 195.154.7.0 0.0.0.255 any access-list 101 deny ip 198.20.69.0 0.0.0.255 any access-list 101 deny ip 201.0.0.0 0.255.255.255 any access-list 101 deny ip 202.56.176.0 0.0.15.255 any access-list 101 deny ip 202.70.112.0 0.0.15.255 any access-list 101 deny ip 202.86.16.0 0.0.15.255 any access-list 101 deny ip 203.215.32.0 0.0.15.255 any access-list 101 deny ip 205.217.224.0 0.0.31.255 any access-list 101 deny ip 206.214.0.0 0.0.31.255 any access-list 101 deny ip 209.59.64.0 0.0.63.255 any access-list 101 deny ip 210.0.0.0 0.255.255.255 any access-list 101 deny ip 213.136.78.0 0.0.0.255 any access-list 101 deny ip 217.0.0.0 0.255.255.255 any access-list 101 deny ip 218.0.0.0 0.255.255.255 any access-list 101 permit ip any any access-list 102 remark IPS Protection for Router (08/08/2019) access-list 102 deny ip any 1.0.32.0 0.0.31.255 log access-list 102 deny ip any 1.1.16.0 0.0.15.255 log access-list 102 deny ip any 1.1.32.0 0.0.31.255 log access-list 102 deny ip any 1.2.16.0 0.0.15.255 log access-list 102 deny ip any 1.2.64.0 0.0.63.255 log access-list 102 deny ip any 1.3.0.0 0.0.255.255 log access-list 102 deny ip any 14.0.0.0 0.255.255.255 log access-list 102 deny ip any host 20.249.80.154 log access-list 102 deny ip any 23.95.27.0 0.0.0.255 log access-list 102 deny ip any host 45.79.106.170 log access-list 102 deny ip any 50.21.180.0 0.0.0.255 log access-list 102 deny ip any 58.147.128.0 0.0.31.255 log access-list 102 deny ip any 61.5.192.0 0.0.15.255 log access-list 102 deny ip any 61.147.107.0 0.0.0.255 log access-list 102 deny ip any 61.174.51.0 0.0.0.255 log access-list 102 deny ip any 69.50.64.0 0.0.15.255 log access-list 102 deny ip any 69.57.224.0 0.0.31.255 log access-list 102 deny ip any 76.76.160.0 0.0.31.255 log access-list 102 deny ip any 78.188.103.0 0.0.0.255 log access-list 102 deny ip any host 89.248.172.16 log access-list 102 deny ip any 92.247.120.0 0.0.0.255 log access-list 102 deny ip any 93.174.93.0 0.0.0.255 log access-list 102 deny ip any host 93.174.95.106 log access-list 102 deny ip any 103.224.165.0 0.0.0.255 log access-list 102 deny ip any 112.220.192.0 0.0.0.255 log access-list 102 deny ip any 116.10.191.0 0.0.0.255 log access-list 102 deny ip any 117.55.192.0 0.0.15.255 log access-list 102 deny ip any 118.161.78.0 0.0.0.255 log access-list 102 deny ip any 118.161.66.0 0.0.0.255 log access-list 102 deny ip any 121.127.32.0 0.0.31.255 log access-list 102 deny ip any 122.228.207.0 0.0.0.255 log access-list 102 deny ip any 123.0.0.0 0.0.0.255 log access-list 102 deny ip any 124.199.112.0 0.0.15.255 log access-list 102 deny ip any 125.213.192.0 0.0.31.255 log access-list 102 deny ip any 125.227.158.0 0.0.0.255 log access-list 102 deny ip any 149.54.0.0 0.0.127.255 log access-list 102 deny ip any 173.208.200.0 0.0.0.255 log access-list 102 deny ip any 175.106.32.0 0.0.31.255 log access-list 102 deny ip any 180.94.64.0 0.0.31.255 log access-list 102 deny ip any 183.136.216.0 0.0.0.255 log access-list 102 deny ip any 187.0.0.0 0.255.255.255 log access-list 102 deny ip any 195.154.7.0 0.0.0.255 log access-list 102 deny ip any 198.20.69.0 0.0.0.255 log access-list 102 deny ip any 201.0.0.0 0.255.255.255 log access-list 102 deny ip any 202.56.176.0 0.0.15.255 log access-list 102 deny ip any 202.70.112.0 0.0.15.255 log access-list 102 deny ip any 202.86.16.0 0.0.15.255 log access-list 102 deny ip any 203.215.32.0 0.0.15.255 log access-list 102 deny ip any 205.217.224.0 0.0.31.255 log access-list 102 deny ip any 206.214.0.0 0.0.31.255 log access-list 102 deny ip any 209.59.64.0 0.0.63.255 log access-list 102 deny ip any 210.0.0.0 0.255.255.255 log access-list 102 deny ip any 213.136.78.0 0.0.0.255 log access-list 102 deny ip any 217.0.0.0 0.255.255.255 log access-list 102 deny ip any 218.0.0.0 0.255.255.255 log access-list 102 permit ip any any access-list 172 permit gre host 50.xxx.xxx.148 host 66.xxx.xxx.138 ! ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! line con 0 no modem enable line aux 0 access-class VTYACL in line vty 0 4 access-class VTYACL in password 7 redacted transport input telnet ssh line vty 5 15 access-class VTYACL in transport input telnet ssh ! scheduler allocate 20000 1000 scheduler interval 500 ntp update-calendar ntp server 129.6.15.28 source FastEthernet4 ntp server 64.90.182.55 source FastEthernet4 ! end