! NVRAM config last updated at 04:00:00 BST Sun Sep 24 2017 version 15.1 no service pad service timestamps debug datetime localtime show-timezone year service timestamps log datetime localtime show-timezone year service password-encryption ! hostname R1003951 ! boot-start-marker boot-end-marker ! logging buffered 4096 informational ! aaa new-model ! aaa authentication login default local aaa authentication ppp default local aaa authorization exec default local aaa authorization network default local ! aaa session-id common clock timezone GMT 0 0 clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00 crypto pki token default removal timeout 0 ! ! dot11 syslog ip source-route ! ip cef ip domain name somedomain.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 login on-failure log login on-success log ! archive path ftp://somedomain.com/upload/cisco/backup/BK1003951 write-memory time-period 1440 object-group network DNS-SERVERS host 8.8.8.8 host 8.8.4.4 ! object-group service EX-IN-ALL tcp eq ftp-data ! object-group network OGN_COMPANY host 1.1.1.1 ! no ip ftp passive ip ftp username sd_ftp_cisco ip ftp password 7 111111 ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key xxxx address 3.3.3.3 crypto isakmp key xxxx address 1.1.1.1 ! crypto ipsec transform-set CITS_1 esp-aes esp-sha512-hmac ! crypto ipsec profile CIP_1 set transform-set CITS_1 ! interface Loopback0 ip address 10.0.39.51 255.255.255.255 ! interface Tunnel1002 description to "L2L" ip address 10.144.226.4 255.255.255.254 ip mtu 1300 ip tcp adjust-mss 1260 tunnel source 2.2.2.2 tunnel mode ipsec ipv4 tunnel destination 1.1.1.1 tunnel protection ipsec profile CIP_1 ! interface Tunnel1005 description "L2L/R1003326/DSL1007952" ip address 10.144.226.10 255.255.255.254 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 2.2.2.2 tunnel mode ipsec ipv4 tunnel destination 3.3.3.3 tunnel protection ipsec profile CIP_1 ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 ip address 2.2.2.2 255.255.255.248 ip access-group F4-IN in ip access-group F4-OUT out duplex auto speed auto ! interface Vlan1 ip address 10.9.98.254 255.255.255.0 ! interface Dialer1 no ip address ! ip forward-protocol nd no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 82.118.127.233 ip route 10.1.10.0 255.255.255.0 10.9.98.192 permanent ip route 10.9.99.0 255.255.255.0 10.9.98.192 permanent ip route 10.11.4.0 255.255.255.0 10.9.98.192 permanent ip route 10.144.144.0 255.255.255.0 Tunnel1002 ip route 10.145.0.0 255.255.254.0 Tunnel1005 ip route 192.168.254.0 255.255.255.0 Tunnel1005 ! ip access-list extended F4-IN permit ip any any permit ip object-group OGN_COMPANY any permit udp object-group DNS-SERVERS eq domain any permit udp any eq ntp any eq ntp evaluate F4-REFLEX deny ip any any log ip access-list extended F4-OUT permit ip any any reflect F4-REFLEX timeout 300 ip access-list extended VTY-IN permit tcp object-group OGN_COMPANY any permit tcp 10.9.99.0 0.0.0.255 any permit tcp 10.9.98.0 0.0.0.255 any permit tcp 192.168.254.0 0.0.0.255 any permit tcp 192.168.252.0 0.0.0.255 any deny ip any any ! kron occurrence daily-backup at 4:00 recurring policy-list daily-backup ! kron policy-list daily-backup cli write ! logging facility local6 logging source-interface Vlan1 logging 10.9.99.1 logging host 10.9.99.1 transport tcp port 3951 ! snmp-server ifindex persist ! control-plane ! line con 0 no modem enable line aux 0 line vty 0 4 access-class VTY-IN in transport preferred ssh transport input ssh transport output ssh ! ntp server uk.pool.ntp.org end