version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption service sequence-numbers ! hostname ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging enable secret 5 ! username xxxxx privilege 15 secret 5 clock timezone GMT 0 clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00 aaa new-model ! ! aaa group server radius rad_eap ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization ipmobile default group rad_pmip aaa accounting network acct_methods start-stop group rad_acct aaa session-id common ip subnet-zero no ip source-route ip cef ip dhcp excluded-address 192.168.123.151 192.168.123.254 ! ip dhcp pool sdm-pool1 import all network 192.168.123.0 255.255.255.0 dns-server w.x.y.z w.x.y.z default-router 192.168.123.1 ! ! ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 no ip bootp server ip name-server w.x.y.z ip name-server w.x.y.z ip ssh time-out 60 ip ssh authentication-retries 2 no ftp-server write-enable ! ! ! ! ! bridge irb ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode ansi-dmt ! interface ATM0.1 point-to-point description $ES_WAN$$FW_OUTSIDE$ pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 no ip address no cdp enable ! interface FastEthernet1 no ip address no cdp enable ! interface FastEthernet2 no ip address no cdp enable ! interface FastEthernet3 no ip address no cdp enable ! interface Dot11Radio0 no ip address ! ssid cisco vlan 1 authentication open guest-mode ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2412 no cdp enable bridge-group 1 ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ no ip address bridge-group 1 ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname xxxxxxxxx@isp.co.uk ppp chap password 7 xxxxxxxxxxxxxx ! interface BVI1 description $ES_LAN$$FW_INSIDE$ ip address 192.168.123.1 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http access-class 2 ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ! logging trap debugging access-list 1 remark INSIDE_IF=BVI1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.123.0 0.0.0.255 access-list 2 remark Auto generated by SDM Management Access feature access-list 2 remark SDM_ACL Category=1 access-list 2 permit 192.168.123.0 0.0.0.255 access-list 2 permit w.x.y.z 0.0.0.127 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 permit tcp 192.168.123.0 0.0.0.255 host 192.168.123.1 eq telnet access-list 100 permit tcp 192.168.123.0 0.0.0.255 host 192.168.123.1 eq 22 access-list 100 permit tcp w.x.y.z 0.0.0.127 host 192.168.123.1 eq 22 access-list 100 permit tcp 192.168.123.0 0.0.0.255 host 192.168.123.1 eq www access-list 100 permit tcp 192.168.123.0 0.0.0.255 host 192.168.123.1 eq 443 access-list 100 permit tcp w.x.y.z 0.0.0.127 host 192.168.123.1 eq 443 access-list 100 permit tcp 192.168.123.0 0.0.0.255 host 192.168.123.1 eq cmd access-list 100 permit tcp w.x.y.z 0.0.0.127 host 192.168.123.1 eq cmd access-list 100 deny tcp any host 192.168.123.1 eq telnet access-list 100 deny tcp any host 192.168.123.1 eq 22 access-list 100 deny tcp any host 192.168.123.1 eq www access-list 100 deny tcp any host 192.168.123.1 eq 443 access-list 100 deny tcp any host 192.168.123.1 eq cmd access-list 100 deny udp any host 192.168.123.1 eq snmp access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host w.x.y.z eq domain any access-list 101 permit udp host w.x.y.z eq domain any access-list 101 deny ip 192.168.123.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 102 remark Auto generated by SDM Management Access feature access-list 102 remark SDM_ACL Category=1 access-list 102 permit ip 192.168.123.0 0.0.0.255 any access-list 102 permit ip w.x.y.z 0.0.0.127 any dialer-list 1 protocol ip permit no cdp run radius-server attribute 32 include-in-access-req format %h radius-server vsa send accounting ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 no modem enable transport preferred all transport output telnet line aux 0 transport preferred all transport output telnet line vty 0 4 access-class 102 in privilege level 15 transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ntp peer w.x.y.z ntp peer w.x.y.z end