Current configuration : 20839 bytes ! ! Last configuration change at 16:03:13 EDT Sun Sep 9 2018 version 15.1 service timestamps debug datetime msec localtime service timestamps log datetime localtime show-timezone service password-encryption ! hostname RandI_R1 ! boot-start-marker boot system flash:/c2800nm-advipservicesk9-mz.151-4.M8.bin boot-end-marker ! ! logging buffered 32768 ! aaa new-model ! ! ! ! ! ! aaa session-id common ! clock timezone EST -5 0 clock summer-time EDT recurring ! dot11 syslog ip source-route ! ! ip cef ip dhcp excluded-address 192.168.14.1 192.168.14.49 ip dhcp excluded-address 192.168.14.100 192.168.14.254 ip dhcp excluded-address 192.168.10.1 192.168.10.9 ip dhcp excluded-address 192.168.10.21 192.168.10.254 ! ip dhcp pool 14Iona import all network 192.168.14.0 255.255.255.0 domain-name dns-server 192.168.1.1 option 150 ip 192.168.1.1 default-router 192.168.14.29 lease 3 ! ! ! ! ip domain name ip name-server 8.8.8.8 ip name-server 8.8.4.4 no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! parameter-map type protocol-info yahoo-servers server name scs.msg.yahoo.com server name scsa.msg.yahoo.com server name scsb.msg.yahoo.com server name scsc.msg.yahoo.com server name scsd.msg.yahoo.com server name cs16.msg.dcn.yahoo.com server name cs19.msg.dcn.yahoo.com server name cs42.msg.dcn.yahoo.com server name cs53.msg.dcn.yahoo.com server name cs54.msg.dcn.yahoo.com server name ads1.vip.scd.yahoo.com server name radio1.launch.vip.dal.yahoo.com server name in1.msg.vip.re2.yahoo.com server name data1.my.vip.sc5.yahoo.com server name address1.pim.vip.mud.yahoo.com server name edit.messenger.yahoo.com server name messenger.yahoo.com server name http.pager.yahoo.com server name privacy.yahoo.com server name csa.yahoo.com server name csb.yahoo.com server name csc.yahoo.com parameter-map type protocol-info aol-servers server name login.oscar.aol.com server name toc.oscar.aol.com server name oam-d09a.blue.aol.com parameter-map type protocol-info msn-servers server name messenger.hotmail.com server name gateway.messenger.hotmail.com server name webmessenger.msn.com ! ! ! voice class codec 1 codec preference 1 g711ulaw ! ! ! ! ! ! voice-card 0 dsp services dspfarm ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-1283018798 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1283018798 revocation-check none rsakeypair TP-self-signed-1283018798 ! ! crypto pki certificate chain TP-self-signed-1283018798 certificate self-signed 01 quit ! ! license udi pid archive log config hidekeys ! redundancy ! ! ip ssh version 2 ! class-map type inspect imap match-any ccp-app-imap match invalid-command class-map type inspect match-any ccp-cls-protocol-p2p match protocol edonkey signature match protocol gnutella signature match protocol kazaa2 signature match protocol fasttrack signature match protocol bittorrent signature class-map type inspect match-any SDM_AH match access-group name SDM_AH class-map type inspect match-any ccp-skinny-inspect match protocol skinny class-map type inspect match-any ccp-cls-insp-traffic match protocol dns match protocol ftp match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all ccp-insp-traffic match class-map ccp-cls-insp-traffic class-map type inspect match-any SDM_IP match access-group name SDM_IP class-map type inspect gnutella match-any ccp-app-gnutella match file-transfer class-map type inspect match-any SDM_ESP match access-group name SDM_ESP class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC match protocol isakmp match protocol ipsec-msft match class-map SDM_AH match class-map SDM_ESP class-map type inspect match-all SDM_EASY_VPN_SERVER_PT match class-map SDM_EASY_VPN_SERVER_TRAFFIC class-map type inspect msnmsgr match-any ccp-app-msn-otherservices match service any class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices match service any class-map type inspect match-any ccp-h323nxg-inspect match protocol h323-nxg class-map type inspect match-any ccp-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any ccp-cls-protocol-im match protocol ymsgr yahoo-servers match protocol msnmsgr msn-servers match protocol aol aol-servers class-map type inspect aol match-any ccp-app-aol-otherservices match service any class-map type inspect match-all ccp-protocol-pop3 match protocol pop3 class-map type inspect match-any ccp-h225ras-inspect match protocol h225ras class-map type inspect match-any ccp-h323annexe-inspect match protocol h323-annexe class-map type inspect pop3 match-any ccp-app-pop3 match invalid-command class-map type inspect kazaa2 match-any ccp-app-kazaa2 match file-transfer class-map type inspect match-all ccp-protocol-p2p match class-map ccp-cls-protocol-p2p class-map type inspect match-any ccp-h323-inspect match protocol h323 class-map type inspect msnmsgr match-any ccp-app-msn match service text-chat class-map type inspect ymsgr match-any ccp-app-yahoo match service text-chat class-map type inspect match-all ccp-protocol-im match class-map ccp-cls-protocol-im class-map type inspect match-all ccp-icmp-access match class-map ccp-cls-icmp-access class-map type inspect match-all ccp-invalid-src match access-group 100 class-map type inspect http match-any ccp-app-httpmethods match request method bcopy match request method bdelete match request method bmove match request method bpropfind match request method bproppatch match request method connect match request method copy match request method delete match request method edit match request method getattribute match request method getattributenames match request method getproperties match request method index match request method lock match request method mkcol match request method mkdir match request method move match request method notify match request method options match request method poll match request method propfind match request method proppatch match request method put match request method revadd match request method revlabel match request method revlog match request method revnum match request method save match request method search match request method setattribute match request method startrev match request method stoprev match request method subscribe match request method trace match request method unedit match request method unlock match request method unsubscribe class-map type inspect edonkey match-any ccp-app-edonkey match file-transfer match text-chat match search-file-name class-map type inspect match-any ccp-sip-inspect match protocol sip class-map type inspect http match-any ccp-http-blockparam match request port-misuse im match request port-misuse p2p match req-resp protocol-violation class-map type inspect edonkey match-any ccp-app-edonkeydownload match file-transfer class-map type inspect match-all ccp-protocol-imap match protocol imap class-map type inspect aol match-any ccp-app-aol match service text-chat class-map type inspect edonkey match-any ccp-app-edonkeychat match search-file-name match text-chat class-map type inspect fasttrack match-any ccp-app-fasttrack match file-transfer class-map type inspect http match-any ccp-http-allowparam match request port-misuse tunneling class-map type inspect match-all ccp-protocol-http match protocol http ! ! policy-map type inspect ccp-permit-icmpreply class type inspect ccp-icmp-access inspect class type inspect ccp-sip-inspect inspect class type inspect ccp-h323-inspect inspect class type inspect ccp-h323annexe-inspect inspect class type inspect ccp-h225ras-inspect inspect class type inspect ccp-h323nxg-inspect inspect class type inspect ccp-skinny-inspect inspect class class-default pass policy-map type inspect p2p ccp-action-app-p2p class type inspect edonkey ccp-app-edonkeychat log allow class type inspect edonkey ccp-app-edonkeydownload log allow class type inspect fasttrack ccp-app-fasttrack log allow class type inspect gnutella ccp-app-gnutella log allow class type inspect kazaa2 ccp-app-kazaa2 log allow policy-map type inspect im ccp-action-app-im class type inspect aol ccp-app-aol log allow class type inspect msnmsgr ccp-app-msn log allow class type inspect ymsgr ccp-app-yahoo log allow class type inspect aol ccp-app-aol-otherservices log reset class type inspect msnmsgr ccp-app-msn-otherservices log reset class type inspect ymsgr ccp-app-yahoo-otherservices log reset policy-map type inspect http ccp-action-app-http class type inspect http ccp-http-blockparam log allow class type inspect http ccp-app-httpmethods log allow class type inspect http ccp-http-allowparam log allow policy-map type inspect imap ccp-action-imap class type inspect imap ccp-app-imap log policy-map type inspect pop3 ccp-action-pop3 class type inspect pop3 ccp-app-pop3 log policy-map type inspect ccp-inspect class type inspect ccp-invalid-src drop log class type inspect ccp-protocol-http inspect service-policy http ccp-action-app-http class type inspect ccp-protocol-imap inspect service-policy imap ccp-action-imap class type inspect ccp-protocol-pop3 inspect service-policy pop3 ccp-action-pop3 class type inspect ccp-protocol-p2p inspect service-policy p2p ccp-action-app-p2p class type inspect ccp-protocol-im inspect service-policy im ccp-action-app-im class type inspect ccp-insp-traffic inspect class type inspect ccp-sip-inspect inspect class type inspect ccp-h323-inspect inspect class type inspect ccp-h323annexe-inspect inspect class type inspect ccp-h225ras-inspect inspect class type inspect ccp-h323nxg-inspect inspect class type inspect ccp-skinny-inspect inspect class class-default drop policy-map type inspect ccp-permit class type inspect SDM_EASY_VPN_SERVER_PT pass class type inspect ccp-sip-inspect inspect class type inspect ccp-h323-inspect inspect class type inspect ccp-h323annexe-inspect inspect class type inspect ccp-h225ras-inspect inspect class type inspect ccp-h323nxg-inspect inspect class type inspect ccp-skinny-inspect inspect class class-default drop policy-map type inspect sdm-permit-ip class type inspect SDM_IP pass class class-default drop log ! zone security in-zone zone security out-zone zone security ezvpn-zone zone-pair security ccp-zp-out-self source out-zone destination self service-policy type inspect ccp-permit zone-pair security ccp-zp-in-out source in-zone destination out-zone service-policy type inspect ccp-inspect zone-pair security ccp-zp-self-out source self destination out-zone service-policy type inspect ccp-permit-icmpreply zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone service-policy type inspect sdm-permit-ip ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr aes 256 authentication pre-share group 2 ! crypto isakmp client configuration group Easy_VPN_Group key dns 192.168.1.1 domain pool SDM_POOL_1 acl 101 include-local-lan split-dns pfs max-users 10 netmask 255.255.255.0 crypto isakmp profile ciscocp-ike-profile-1 match identity group Easy_VPN_Group client authentication list ciscocp_vpn_xauth_ml_1 isakmp authorization list ciscocp_vpn_group_ml_1 client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set ts esp-aes 256 esp-sha-hmac ! crypto ipsec profile CiscoCP_Profile1 set transform-set ts set pfs group2 set isakmp-profile ciscocp-ike-profile-1 ! ! ! ! ! ! ! interface Loopback0 description $FW_INSIDE$ ip address 192.168.1.1 255.255.255.255 ip nat inside ip virtual-reassembly in zone-member security in-zone ! interface FastEthernet0/0 description $ETH-WAN$ no ip address no ip redirects no ip unreachables no ip proxy-arp load-interval 30 duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface FastEthernet0/1 description $FW_INSIDE$ ip address 192.168.0.1 255.255.255.252 ip nat inside ip virtual-reassembly in zone-member security in-zone ip tcp adjust-mss 1412 duplex auto speed auto ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/1 zone-member security ezvpn-zone tunnel mode ipsec ipv4 tunnel protection ipsec profile CiscoCP_Profile1 ! interface Dialer0 description $FW_OUTSIDE$ bandwidth 6000 ip address negotiated ip mtu 1452 ip nbar protocol-discovery ip flow ingress ip flow egress ip nat outside ip virtual-reassembly in zone-member security out-zone encapsulation ppp load-interval 30 dialer pool 1 dialer-group 1 ppp authentication pap chap callin ppp chap hostname ppp chap password ppp pap sent-username ppp ipcp route default no cdp enable ! ! router eigrp 14 network 192.168.0.0 0.0.255.255 redistribute static passive-interface default no passive-interface Loopback0 no passive-interface FastEthernet0/1 ! ip local pool SDM_POOL_1 192.168.10.10 192.168.10.20 ip forward-protocol nd no ip http server ip http secure-server ! ip flow-top-talkers top 10 sort-by bytes ! ip dns server ip nat inside source list 1 interface Dialer0 overload ! ip access-list extended SDM_AH remark CCP_ACL Category=1 permit ahp any any ip access-list extended SDM_ESP remark CCP_ACL Category=1 permit esp any any ip access-list extended SDM_IP remark CCP_ACL Category=1 permit ip any any ! access-list 1 remark INSIDE_IF=FastEthernet0/1 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 192.168.14.0 0.0.0.255 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 100 remark CCP_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark CCP_ACL Category=4 access-list 101 permit ip host 192.168.1.1 any access-list 101 permit ip 192.168.14.0 0.0.0.255 any access-list 101 permit ip 192.168.0.0 0.0.255.255 any dialer-list 1 protocol ip permit ! ! ! ! ! ! ! ! control-plane ! end