Hope this helps, the network set up is such that we are connected to an larger building network with other companies. this router is our gateway to the internet.
I have censored alot of addresses and information to protect our network.
Configuration:
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit gre host ### host ###
access-list 150 permit udp any any eq isakmp
access-list 150 permit ahp any any
access-list 150 permit esp any any
access-list 150 permit icmp any any echo-reply
access-list 150 permit tcp any host <Public IP> eq smtp
access-list 150 permit tcp any host <Public IP> eq domain
access-list 150 permit udp any host <Public IP> eq domain
access-list 150 permit tcp any host <Public IP> eq 443
access-list 150 permit udp any host <Public IP> eq 443
access-list 150 permit tcp any host <Public IP> eq 993
access-list 150 deny tcp any any
access-list 150 deny udp any any
access-list 150 deny ip any any
show ip interface
FastEthernet0 is up, line protocol is up
Internet protocol processing disabled
FastEthernet1 is down, line protocol is down
Internet protocol processing disabled
FastEthernet2 is up, line protocol is up
Internet protocol processing disabled
FastEthernet3 is up, line protocol is up
Internet protocol processing disabled
FastEthernet4 is up, line protocol is up
Internet address is <Public IP>/26
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 150
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Access List, IPSec input classification, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
Output features: Post-routing NAT Outside, Common Flow Table, Stateful Inspection, IPSec output classification, Firewall (NAT), Firewall (inspect), NAT ALG proxy, IPSec: to crypto engine, Post-encryption output features
Outgoing inspection rule is fire-rules
Loopback0 is up, line protocol is up
Internet address is ####/32
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Firewall (NAT), Firewall (inspect)
NVI0 is up, line protocol is up
Interface is unnumbered. Using address of FastEthernet4 (<Public IP>)
Broadcast address is 255.255.255.255
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Post-routing NAT NVI Output, Firewall (NAT), Firewall (inspect)
Tunnel0 is up, line protocol is up
Internet address is ###/30
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1476 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Firewall (NAT), Firewall (inspect)
Vlan1 is up, line protocol is up
Internet address is 192.168.1.254/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check, TCP Adjust MSS
Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), TCP Adjust MSS, NAT ALG proxy
Vlan2 is down, line protocol is down
Internet address is ###/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: NAT Inside, Common Flow Table, Stateful Inspection, Firewall (NAT), Firewall (inspect), NAT ALG proxy
show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.35.254 0 0030.18a8.2848 ARPA FastEthernet4
...
Internet 192.168.1.30 0 3085.a93f.3900 ARPA Vlan1
...
Internet 192.168.1.254 - 2c54.2ded.53c4 ARPA Vlan1
Internet <Next Hop IP> 196 0030.18a8.2848 ARPA FastEthernet4
Internet <Public IP> - 2c54.2ded.53c8 ARPA FastEthernet4
Internet #### 8 0030.18a8.2848 ARPA FastEthernet4