version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service password-encryption
service compress-config
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username xxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip dhcp excluded-address 10.10.0.255 10.255.255.254
ip dhcp excluded-address 10.10.0.1 10.10.0.9
!
ip dhcp pool sdm-pool1
import all
network 10.10.0.0 255.255.0.0
default-router 10.10.0.1
!
!
ip tcp synwait-time 10
ip domain name xxxxxxxx.com
ip name-server 4.2.2.4
no ip bootp server
ip cef
ip ids po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
ip address x.x.x.x x.x.x.x
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
no ip address
no cdp enable
!
interface Vlan1
ip address 10.10.0.1 255.255.0.0
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
ip default-gateway 10.10.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 10.10.0.10 80 interface FastEthernet0 80
ip nat inside source static tcp 10.10.0.10 443 interface FastEthernet0 443
!
!
!
logging trap debugging
access-list 1 permit 10.10.0.0 0.0.255.255
access-list 101 permit udp host 4.2.2.4 eq domain host x.x.x.x
access-list 101 deny ip 10.10.0.0 0.0.255.255 any
access-list 101 permit icmp any host x.x.x.x echo-reply
access-list 101 permit icmp any host x.x.x.x time-exceeded
access-list 101 permit icmp any host x.x.x.x unreachable
access-list 101 permit tcp any 10.10.0.10 255.255.0.0 eq www
access-list 101 permit tcp any 10.10.0.10 255.255.0.0 eq 443
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 169.254.92.0 0.0.0.255 any
access-list 102 deny ip any 192.168.0.0 0.0.255.255
access-list 102 deny ip any 172.16.0.0 0.15.255.255
access-list 102 deny ip any 169.254.92.0 0.0.0.255
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
access-list 102 permit ip any any
access-list 103 permit ip 10.10.0.0 0.0.255.255 any
access-list 103 deny ip any any
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
access-class 103 in
login local
transport input telnet ssh
transport output none
line vty 5 15
access-class 103 in
login local
transport input telnet ssh
transport output none
!
scheduler allocate 4000 1000
scheduler interval 500
end
