cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1420
Views
0
Helpful
0
Replies

Cisco ISR 4321

Shawn Munster
Level 1
Level 1

Hi,

 

Can someone check this configuration for me?

 

Thanks

Shawn.

 

show run
Building configuration...

 


Current configuration : 10504 bytes
!
! Last configuration change at 17:07:26 UTC Wed Aug 5 2015
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
no logging buffered
enable secret 5 $1$3/2N$8zCo.YowG4V5sG9Vus.WD1
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!


ip name-server 139.130.4.4 203.50.2.71

ip domain name ers.local
ip dhcp excluded-address 192.168.1.1 192.168.1.49
!
ip dhcp pool ccp-pool
 import all
 network 192.168.1.0 255.255.255.0
 dns-server 139.130.4.4 203.50.2.71
 default-router 192.168.1.1
 lease infinite
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!

!
spanning-tree extend system-id
!
username Shawn privilege 15 secret 5 $1$h2LY$eGSGUFvD/PYc3Rdz4yTFJ1
!
redundancy
 mode none
!
!
!
!
controller VDSL 0/1/0
 operating mode adsl2+
!
!
vlan internal allocation policy ascending
!
!
class-map type inspect match-all sdm-nat-user-protocol--7-1
 match access-group 104
class-map type inspect match-all sdm-nat-user-protocol--6-1
 match access-group 103
class-map type inspect match-all sdm-nat-user-protocol--5-1
 match access-group 103
class-map type inspect match-all sdm-nat-user-protocol--4-1
 match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--7-2
 match access-group 105
class-map type inspect match-all sdm-nat-user-protocol--3-1
 match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--2-1
 match access-group 101
class-map type inspect match-all sdm-nat-user-protocol--1-1
 match access-group 101
class-map type inspect match-all sdm-nat-user-protocol--8-2
 match access-group 105
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--8-1
 match access-group 104
class-map type inspect match-any ccp-h323nxg-inspect
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol pptp
 match protocol dns
 match protocol ftp
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all SDM_GRE
 match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect match-all ccp-protocol-http
 match protocol http
class-map type inspect match-all sdm-nat-ftp-1
 match access-group 103
 match protocol ftp
class-map type inspect match-any CCP_PPTP
 match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
!
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class type inspect ccp-sip-inspect
  inspect
 class type inspect ccp-h323-inspect
  inspect
 class type inspect ccp-h323annexe-inspect
  inspect
 class type inspect ccp-h225ras-inspect
  inspect
 class type inspect ccp-h323nxg-inspect
  inspect
 class type inspect ccp-skinny-inspect
  inspect
 class type inspect sdm-nat-user-protocol--2-1
  inspect
 class type inspect sdm-nat-user-protocol--3-1
  inspect
 class type inspect sdm-nat-user-protocol--4-1
  inspect
 class type inspect sdm-nat-user-protocol--8-2
  inspect
 class class-default
  drop log
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class type inspect sdm-nat-user-protocol--2-1
  inspect
 class type inspect sdm-nat-user-protocol--3-1
  inspect
 class type inspect sdm-nat-user-protocol--4-1
  inspect
 class type inspect sdm-nat-user-protocol--5-1
  inspect
 class type inspect sdm-nat-user-protocol--6-1
  inspect
 class type inspect sdm-nat-user-protocol--7-1
  inspect
 class type inspect sdm-nat-user-protocol--8-1
  inspect
 class type inspect sdm-nat-ftp-1
  inspect
 class type inspect CCP_PPTP
  pass
 class type inspect sdm-nat-user-protocol--7-2
  inspect
 class type inspect sdm-nat-user-protocol--8-2
  inspect
 class class-default
  drop log
policy-map type inspect ccp-permit
 class class-default
  drop
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 description $ETH-LAN$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 zone-member security in-zone
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
!
interface ATM0/1/0
 no ip address
 no atm enable-ilmi-trap
!
interface ATM0/1/0.1 point-to-point
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm enable-ilmi-trap
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Ethernet0/1/0
 no ip address
 no negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Vlan1
 no ip address
 shutdown
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1

 ppp chap hostname good@direct.telstra.net
 ppp chap password 7 1C

 
!
interface Dialer1
!
ip nat inside source static udp 192.168.1.10 14100 interface Dialer1 14100
ip nat inside source static tcp 192.168.1.10 14000 interface Dialer1 14000
ip nat inside source static udp 192.168.1.15 3394 interface Dialer1 3394
ip nat inside source static tcp 192.168.1.15 3394 interface Dialer1 3394
ip nat inside source static udp 192.168.1.35 3391 interface Dialer1 3391
ip nat inside source static tcp 192.168.1.35 3391 interface Dialer1 3391
ip nat inside source static udp 192.168.1.5 3392 interface Dialer1 3392
ip nat inside source static tcp 192.168.1.5 3392 interface Dialer1 3392
ip nat inside source list 1 interface Dialer0 overload
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip access-list extended SDM_GRE
 remark CCP_ACL Category=1
 permit gre any any
!
logging trap debugging
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 remark INSIDE_IF=Vlan1
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.5
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.35
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.15
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.10
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip any host 192.168.1.10
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
!
end

0 Replies 0
Review Cisco Networking for a $25 gift card