#sh run Building configuration... Current configuration : 6329 bytes ! ! Last configuration change at 00:45:51 UTC Thu Nov 20 2014 by version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ! boot-start-marker boot-end-marker ! ! ! no aaa new-model memory-size iomem 10 ! ! ! ! ! ! ! ! ip flow-cache timeout active 1 ip cef no ipv6 cef ! ! license udi pid CISCO887VA-K9 sn FGL181120X7 ! ! username privilege 15 secret 5 $1$/a0M$ftw8jxclNnMHaMEsiEySd0 ! ! ! ! ! controller VDSL 0 ! ! class-map type inspect match-any inspect-outbound-protocols match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol shell match protocol realmedia match protocol rtsp match protocol smtp match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-any permit-self match access-group 100 class-map type inspect match-any server-access-traffic match access-group 101 class-map type inspect match-any vpn-access-protocol match protocol isakmp match protocol ipsec-msft match access-group 125 class-map type inspect match-any self-access-protocols match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all inspect-outbound-traffic match class-map inspect-outbound-protocols class-map type inspect match-all self-access-traffic match class-map self-access-protocols ! policy-map type inspect permit-server-traffic class type inspect server-access-traffic inspect class class-default drop policy-map type inspect inspect-traffic class type inspect inspect-outbound-traffic inspect class class-default pass policy-map type inspect permit-traffic class type inspect permit-self inspect class type inspect vpn-access-protocol pass class class-default drop policy-map type inspect self-traffic class type inspect self-access-traffic inspect class class-default pass ! zone security in-zone zone security out-zone zone-pair security zp-self-out source self destination out-zone service-policy type inspect self-traffic zone-pair security zp-in-out source in-zone destination out-zone service-policy type inspect inspect-traffic zone-pair security zp-out-in source out-zone destination in-zone service-policy type inspect permit-server-traffic zone-pair security zp-out-self source out-zone destination self service-policy type inspect permit-traffic ! ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key xxxc$ address xxx.xx.xx.xxx crypto isakmp key xxxc$ address xxx.xxx.xxx.xxx no-xauth ! ! crypto ipsec transform-set VPN esp-des esp-md5-hmac mode tunnel ! ! ! crypto map mymap 10 ipsec-isakmp set peer xxx.xx.xx.xxx set transform-set VPN match address VPN-TRAFFIC crypto map mymap 20 ipsec-isakmp set peer xxx.xxx.xxx.xxx set transform-set VPN match address VPN-TRAFFIC1 ! ! ! ! ! interface Ethernet0 no ip address shutdown ! interface ATM0 no ip address no atm ilmi-keepalive pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface Virtual-Template1 no ip address ip flow ingress ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 ip flow ingress ip flow egress ip nat inside ip virtual-reassembly in zone-member security in-zone ip tcp adjust-mss 1452 ! interface Dialer1 ip address negotiated ip flow ingress ip flow egress ip nat outside ip virtual-reassembly in zone-member security out-zone encapsulation ppp dialer pool 1 ppp authentication chap callin ppp chap hostname xxxx.xxxx.net ppp chap password 0 xxxxxx crypto map mymap ! ip forward-protocol nd no ip http server no ip http secure-server ip flow-export source Vlan1 ip flow-export version 5 ip flow-export destination 192.168.1.7 9996 ! ip nat inside source route-map nonat interface Dialer1 overload ip nat inside source static tcp 192.168.1.7 25 xxx.xx.xx.xxx 25 route-map nonat extendable ip nat inside source static tcp 192.168.1.4 80 xxx.xx.xx.xxx 80 extendable ip nat inside source static tcp 192.168.1.7 110 xxx.xx.xx.xxx 110 extendable ip nat inside source static tcp 192.168.1.7 443 xxx.xx.xx.xxx 443 route-map nonat extendable ip nat inside source static tcp 192.168.1.4 20851 xxx.xx.xx.xxx 20851 extendable ip nat inside source static tcp 192.168.1.4 3389 xxx.xx.xx.xxx 33891 extendable ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip access-list extended VPN-TRAFFIC permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255 ip access-list extended VPN-TRAFFIC1 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ! access-list 100 permit tcp xxx.xx.xxx.xxx 0.0.0.63 host xxx.xx.xx.xxx eq telnet access-list 100 permit tcp xxx.xx.xxx.xxx 0.0.0.63 host xxx.xx.xx.xxx eq 22 access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any packet-too-big access-list 100 permit icmp any any unreachable access-list 100 permit icmp any any traceroute access-list 100 permit icmp any any echo access-list 100 permit udp any host xxx.xx.xx.xxx eq isakmp access-list 100 permit udp any host xxx.xx.xx.xxx eq non500-isakmp access-list 100 permit esp any host xxx.xx.xx.xxx access-list 101 permit tcp any host 192.168.1.7 eq smtp access-list 101 permit tcp any host 192.168.1.7 eq pop3 access-list 101 permit tcp any host 192.168.1.4 eq 3389 access-list 101 permit tcp any host 192.168.1.7 eq 443 access-list 101 permit tcp any host 192.168.1.4 eq 20851 access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 101 permit tcp any host 192.168.1.4 eq www access-list 125 permit esp any any access-list 150 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 150 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 150 permit ip 192.168.1.0 0.0.0.255 any ! route-map nonat permit 10 match ip address 150 ! snmp-server community public RO snmp-server ifindex persist ! ! line con 0 no modem enable line aux 0 line vty 0 4 login local transport input all ! ! end