Building configuration... Current configuration : 7303 bytes ! ! Last configuration change at 13:31:42 PCTime Tue Sep 26 2017 by ciscouser version 15.1 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname ###### ! boot-start-marker boot-end-marker ! ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 logging console critical enable secret 5 $1$.EcT$Qu1.IDK368c/IL32EcKd21 ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authentication login sdm_vpn_xauth_ml_2 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local aaa authorization network sdm_vpn_group_ml_2 local ! ! ! ! ! aaa session-id common memory-size iomem 10 clock timezone PCTime 3 0 crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-4067375977 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4067375977 revocation-check none rsakeypair TP-self-signed-4067375977 ! ! crypto pki certificate chain TP-self-signed-4067375977 certificate self-signed 01 quit no ip source-route ! ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.100 ip dhcp excluded-address 192.168.1.200 192.168.1.254 ! ip dhcp pool LAN network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 212.77.192.59 8.8.8.8 lease 0 1 ! ! ip cef no ip bootp server ip domain name yourdomain.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 ip ddns update method myddns HTTP add http://######:######@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= interval maximum 0 0 8 0 ! no ipv6 cef ! ! license udi pid CISCO887-K9 sn FCZ1515938P ! ! archive log config hidekeys username ciscouser privilege 15 secret 5 $1$7MwD$RWkXF0DP4wscIxcB2Ukn3. username remote1 secret 5 $1$Kpn.$YGF2gugYI95K9G1IPPdDZ. ! ! ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 ! crypto ctcp keepalive 30 crypto ctcp port 400 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp keepalive 30 periodic ! crypto isakmp client configuration group remote1 key remote1 pool SDM_POOL_1 acl 101 save-password ! crypto isakmp client configuration group remote2 key remote1 pool SDM_POOL_2 acl 101 save-password crypto isakmp profile sdm-ike-profile-1 match identity group remote1 match identity group remote2 client authentication list sdm_vpn_xauth_ml_2 isakmp authorization list sdm_vpn_group_ml_2 client configuration address respond virtual-template 2 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA1 set isakmp-profile sdm-ike-profile-1 ! ! ! ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown no atm ilmi-keepalive ! interface ATM0.1 point-to-point description $ES_WAN$$FW_OUTSIDE$ ip flow ingress pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 switchport access vlan 2 no ip address ! interface Virtual-Template2 type tunnel ip unnumbered Vlan2 tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1340 ! interface Vlan2 ip ddns update myddns ip address 192.168.200.222 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1412 ip flow ingress ip nat outside ip virtual-reassembly in ip tcp adjust-mss 1412 pppoe-client dial-pool-number 1 ! ip local pool SDM_POOL_2 10.10.100.1 ip local pool SDM_POOL_1 10.10.10.1 10.10.10.10 ip default-gateway 192.168.200.1 ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip dns server ip nat inside source list 1 interface Vlan2 overload ip nat inside source static tcp 192.168.1.199 3389 interface Vlan2 4321 ip nat inside source static udp 192.168.1.199 3389 interface Vlan2 4321 ip route 0.0.0.0 0.0.0.0 192.168.200.1 ! ip access-list extended myacl permit udp any any eq bootps permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 permit tcp any any eq domain permit tcp any host 206.222.14.163 eq pop3 permit tcp any host 206.222.14.163 eq smtp permit tcp host 192.168.1.200 any permit ip any host 212.77.192.59 permit ip any host 212.77.192.60 permit tcp any host 94.23.4.89 eq pop3 permit tcp any host 94.23.4.89 eq smtp ! logging esm config logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 permit ip 192.168.1.0 0.0.0.255 any access-list 101 remark SDM_ACL Category=4 access-list 101 permit ip 192.168.1.0 0.0.0.255 any dialer-list 1 protocol ip permit no cdp run ! ! ! ! ! ! banner exec ^CC % Password expiration warning. ----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username privilege 15 secret 0 Replace and with the username and password you want to use. ----------------------------------------------------------------------- ^C banner login ^CCAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 transport output telnet line aux 0 transport output telnet line vty 0 4 privilege level 15 transport input telnet ssh ! scheduler interval 500 end