08-04-2016 02:49 PM
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <removed>
!
boot-start-marker
boot-end-marker
!
no logging console
no logging monitor
enable secret 5 <removed>
!
aaa new-model
!
!
aaa authentication login AUTHEN local
aaa authorization network AUTHOR local
!
!
aaa session-id common
!
dot11 syslog
!
dot11 ssid <removed>
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 <removed>
!
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.0.1 10.10.0.50
ip dhcp excluded-address 10.10.0.240 10.10.0.254
!
ip dhcp pool LAN_Pool
network 10.10.0.0 255.255.255.0
default-router 10.10.0.254
domain-name <removed>
dns-server 8.8.8.8
lease 5
!
!
ip cef
ip inspect name FW_SI icmp
ip inspect name FW_SI http
ip inspect name FW_SI https
ip inspect name FW_SI tcp
ip inspect name FW_SI udp
ip domain name <removed>
ip name-server 8.8.8.8
!
!
!
!
spanning-tree vlan 1 priority 1
username <removed> privilege 15 password 7 <removed>
username <removed> password 7 <removed>
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local EZVPN_POOL
crypto isakmp xauth timeout 60
!
crypto isakmp client configuration group <removed>
key <removed>
dns 8.8.8.8
domain <removed>
pool EZVPN_POOL
acl 150
!
!
crypto ipsec transform-set EZVPN_TSET1 esp-3des esp-sha-hmac
!
crypto dynamic-map EVPN_MAP1 1
set transform-set EZVPN_TSET1
reverse-route
!
!
crypto map EVPN_MAP1 client authentication list AUTHEN
crypto map EVPN_MAP1 isakmp authorization list AUTHOR
crypto map EVPN_MAP1 client configuration address respond
crypto map EVPN_MAP1 1 ipsec-isakmp dynamic EVPN_MAP1
!
archive
log config
hidekeys
!
!
ip ssh time-out 5
ip ssh logging events
ip ssh version 2
!
bridge irb
!
!
interface ATM0
description ## Sky ADSL Interface ##
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
description ## Home LAN Port ##
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet1
description ## Home LAN Port ##
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet2
description ## Home LAN Port ##
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet3
description ## Downlink trunk to JETSTREAM_SW_01 ##
shutdown
duplex full
speed 100
!
interface Dot11Radio0
description ## WLAN Interface ##
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid <removed>
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
description ## WLAN VLAN Interface ##
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description ## VLAN1 Interface ##
no ip address
bridge-group 1
!
interface Dialer0
description ## Sky ADSL Dialer ##
ip address negotiated
ip access-group OUTSIDE_ACCESS_IN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect FW_SI out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname <removed>
ppp chap password 7 <removed>
crypto map EVPN_MAP1
!
interface BVI1
description ## IP Bridge ##
ip address 10.10.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool EZVPN_POOL 172.10.1.10 172.10.1.15
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
ip access-list extended OUTSIDE_ACCESS_IN
permit tcp any any eq 22
permit udp any any eq isakmp
permit esp any any
permit udp any any eq non500-isakmp
permit udp any any eq 10000
permit tcp any any eq 10000
!
access-list 100 permit ip 10.10.0.0 0.0.0.255 any
access-list 150 permit ip 172.10.1.0 0.0.0.255 any
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
exec-timeout 0 0
privilege level 15
no modem enable
length 25
history size 15
full-help
line aux 0
exec-timeout 5 0
privilege level 15
length 25
history size 15
full-help
line vty 0 4
exec-timeout 5 0
login authentication AUTHEN
length 25
history size 15
full-help
transport preferred ssh
transport input ssh
transport output telnet ssh
!
scheduler max-task-time 5000
sntp server 143.210.16.201
sntp broadcast client
end
08-04-2016 09:00 PM
Interface Dialer0
no ip access-group OUTSIDE_ACCESS_IN in
access-list 100 permit ip 10.10.0.0 0.0.0.255 any
access-list 100 deny ip 10.10.0.0 0.0.0.255 172.10.1.0 0.0.0.255
access-list 150 permit ip 10.10.0.0 0.0.0.255 172.10.1.0 0.0.0.255
08-04-2016 09:00 PM
no access-list 100
access-list 100 deny ip 10.10.0.0 0.0.0.255 172.10.1.0 0.0.0.255
access-list 100 permit ip 10.10.0.0 0.0.0.255 any
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: