エクスポートしたConfigは下記になります。
=================
Building configuration...
Current configuration : 9716 bytes
!
! Last configuration change at 21:25:04 GMT Sat Jun 10 2017 by admin
! NVRAM config last updated at 20:34:03 GMT Sat Jun 10 2017 by admin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rt01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login local_access local
aaa authentication ppp default local
aaa authentication ppp VPDN_AUTH local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone GMT 9 0
!
crypto pki trustpoint TP-self-signed-4108791233
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4108791233
revocation-check none
rsakeypair TP-self-signed-4108791233
!
!
crypto pki certificate chain TP-self-signed-4108791233
certificate self-signed 01
***削除***
quit
!
!
!
ip nbar http-services
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
dns-server 8.8.8.8
lease 0 2
!
!
!
ip domain name ***削除***
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
parameter-map type inspect global
max-incomplete low 18000
max-incomplete high 20000
nbar-classify
!
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
license udi pid C841M-4X-JSEC/K9 sn ***削除***
!
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network Others_dst_net
any
!
object-group network Others_src_net
any
!
object-group service Others_svc
ip
!
object-group network Web_dst_net
any
!
object-group network Web_src_net
any
!
object-group service Web_svc
ip
!
object-group network local_cws_net
!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
10.0.1.0 255.255.255.0
!
object-group network vpn_remote_subnets
any
!
username admin privilege 15 secret 5 $1$***削除***
username vpnuser privilege 0 password 7 ***削除***
!
redundancy
!
!
!
!
no cdp run
!
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
match protocol msnmsgr
match protocol ymsgr
class-map type inspect match-any Others_app
match protocol https
match protocol smtp
match protocol pop3
match protocol imap
match protocol sip
match protocol ftp
match protocol dns
match protocol icmp
class-map type inspect match-any Web_app
match protocol http
class-map type inspect match-all Others
match class-map Others_app
match access-group name Others_acl
class-map type inspect match-all Web
match class-map Web_app
match access-group name Web_acl
!
policy-map type inspect LAN-WAN-POLICY
class type inspect Web
inspect
class type inspect Others
inspect
class class-default
drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect LAN-WAN-POLICY
!
crypto keyring L2TP
pre-shared-key address 0.0.0.0 0.0.0.0 key ***削除***
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set TS1 esp-aes esp-sha-hmac
mode transport
!
!
!
crypto dynamic-map DYN_MAP 10
set nat demux
set transform-set TS1
!
!
crypto map CRYP_MAP 6000 ipsec-isakmp dynamic DYN_MAP
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
!
interface GigabitEthernet0/1
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/2
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/3
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/4
description PrimaryWANDesc_
no ip address
ip nbar protocol-discovery
ip tcp adjust-mss 1414
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/5
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Dialer1
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
zone-member security LAN
load-interval 30
peer default ip address pool vpnpool
ppp mtu adaptive
ppp authentication ms-chap-v2 VPDN_AUTH
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
ip tcp adjust-mss 1414
load-interval 30
!
interface Vlan10
ip address 10.0.1.1 255.255.255.0
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
load-interval 30
!
interface Dialer1
description PrimaryWANDesc__GigabitEthernet0/4
mtu 1454
ip address negotiated
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly in
zone-member security WAN
encapsulation ppp
dialer pool 1
dialer-group 1
ppp mtu adaptive
ppp authentication chap callin
ppp chap hostname ***削除***
ppp chap password 7 ***削除***
no cdp enable
crypto map CRYP_MAP
!
ip local pool vpnpool 10.0.1.200 10.0.1.220
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended Others_acl
permit object-group Others_svc object-group Others_src_net object-group Others_dst_net
ip access-list extended Web_acl
permit object-group Web_svc object-group Web_src_net object-group Web_dst_net
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
deny ip object-group local_lan_subnets object-group vpn_remote_subnets
!
dialer-list 1 protocol ip permit
!
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to
http://www.cisco.com/go/ciscocp -----------------------------------------------------------------------
^C
!
line con 0
login authentication local_access
no modem enable
line vty 0 4
access-class 23 in
privilege level 15
login authentication local_access
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server ntp.nict.jp
!
end
==================