router#sh log
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 79 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 79 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 82 message lines logged
Logging Source-Interface: VRF Name:
Log Buffer (800000 bytes):
*Jan 2 00:00:02.239: %LICENSE-6-EULA_ACCEPT_ALL: The Right to Use End User License Agreement is accepted
*Jan 2 00:00:02.383: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = ipbasek9 and License = ipbasek9
*Jan 2 00:00:02.639: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = securityk9 and License = securityk9
*Jan 2 00:00:02.851: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = datak9 and License = datak9
*Mar 20 09:23:55.127: c3600_scp_set_dstaddr2_idb(184)add = 80 name is Embedded-Service-Engine0/0
*Mar 20 09:23:59.975: %CTS-6-ENV_DATA_START_STATE: Environment Data Download in start state
*Mar 20 09:24:03.419: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Mar 20 09:24:03.423: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Mar 20 09:24:10.079: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Mar 20 09:24:10.079: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
*Mar 20 09:24:11.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Mar 20 09:24:11.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Mar 20 09:24:15.171: %USBFLASH-5-CHANGE: usbflash0 has been inserted!
%SYS-5-LOG_CONFIG_CHANGE: Buffer logging: level debugging, xml disabled, filtering disabled, size (800000)
%SYS-6-CLOCKUPDATE: System clock has been updated from 09:24:17 UTC Fri Mar 20 2020 to 10:24:17 CET Fri Mar 20 2020, configured from console by console.
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
%SYS-5-CONFIG_I: Configured from memory by console
%LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
%LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Template2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
%SYS-5-RESTART: System restarted --
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 09-Feb-16 02:36 by prod_rel_team
%CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
%CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
%CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
%CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
%CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
%LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Template3, changed state to down
%SYS-5-CONFIG_I: Configured from console by coiae on console
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
%LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
%DIALER-6-BIND: Interface Vi3 bound to profile Di1
%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
%SYS-5-CONFIG_I: Configured from console by coiae on console
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
%DIALER-6-UNBIND: Interface Vi3 unbound from profile Di1
%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
%LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
%DIALER-6-BIND: Interface Vi3 bound to profile Di1
%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
%DIALER-6-UNBIND: Interface Vi3 unbound from profile Di1
%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%SYS-5-CONFIG_I: Configured from console by coiae on console
%LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
%LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
%DIALER-6-BIND: Interface Vi3 bound to profile Di1
%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
router#
router#sh run
Building configuration...
Current configuration : 6710 bytes
!
! Last configuration change at 17:27:23 CET Fri Mar 20 2020 by coiae
!
version 15.4
no service pad
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 800000
enable secret 5 $1$7BpV$4AsIoheNH.PLqFR4KDJ
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login vpn_xauth_ml_2 local
aaa authorization console
aaa authorization exec default local
aaa authorization network vpn_group_ml_1 local
aaa authorization network vpn_group_ml_2 local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone CET 1 0
!
!
!
!
!
!
ip auth-proxy max-nodata-conns 1
ip admission max-nodata-conns 1
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.20
ip dhcp excluded-address 192.168.255.1 192.168.255.20
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
dns-server 80.58.61.254 80.58.61.250
default-router 192.168.1.1
lease 0 2
!
ip dhcp pool IP_LAN_VoIP
import all
network 192.168.255.0 255.255.255.0
default-router 192.168.255.1
lease 0 2
!
!
!
ip name-server 80.58.61.250
ip name-server 80.58.61.254
ip ddns update method MYUPDATE
HTTP
interval maximum 0 0 30 0
interval minimum 0 0 25 0
!
ip cef
ipv6 spd queue min-threshold 62
ipv6 spd queue max-threshold 63
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
vpdn-group 2
accept-dialin
protocol pptp
virtual-template 2
!
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FCZ162720Y3
license accept end user agreement
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
!
!
username coiae secret 5 $1$6WPj$oD6nSoS/u4r7A2/pxM.
username qatar secret 5 $1$4gVO$JT63RJqvzY4jfw.Voq.
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group MANTECON
key mantec0n
dns 80.58.61.250 80.58.61.254
pool IP_LAN_MANTECON
include-local-lan
max-users 3
max-logins 3
netmask 255.255.255.0
!
crypto isakmp client configuration group VoIP
key mantec0nes
dns 80.58.61.250 80.58.61.254
pool IP_LAN_VoIP
include-local-lan
max-users 3
max-logins 3
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
description Tunnels to MANTECON
match identity group MANTECON
client authentication list vpn_xauth_ml_1
isakmp authorization list vpn_group_ml_1
client configuration address respond
virtual-template 2
crypto isakmp profile sdm-ike-profile-2
description Tunnels to VoIP
match identity group VoIP
client authentication list vpn_xauth_ml_2
isakmp authorization list vpn_group_ml_2
client configuration address respond
virtual-template 3
!
!
crypto ipsec transform-set ccsp esp-3des esp-sha-hmac
mode tunnel
!
crypto ipsec profile SDM_Profile1
set transform-set ccsp
set isakmp-profile sdm-ike-profile-1
!
crypto ipsec profile SDM_Profile2
set transform-set ccsp
set isakmp-profile sdm-ike-profile-2
!
!
!
!
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ## Puerto para Datos LAN ##
no ip address
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/0.1
description ## VLAN1 Ethernet LAN Datos ##
encapsulation dot1Q 1
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.2
description ## VLAN2 Ethernet LAN VoIP ##
encapsulation dot1Q 2 native
ip address 192.168.255.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description ## Conexion Ethernet WAN FTTH ##
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1.3
description ## Conexion VoIP FTTH DOT1Q 3 ##
encapsulation dot1Q 3
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nat enable
ip virtual-reassembly in
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1.6
description ## Conexion Ethernet FTTH DOT1Q 6 ##
encapsulation dot1Q 6
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nat enable
ip virtual-reassembly in
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Virtual-Template1
no ip address
peer default ip address pool DIAL-IN
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Virtual-Template2 type tunnel
description TUNNELS to MANTECON
ip unnumbered Loopback1
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Virtual-Template3 type tunnel
description TUNNELS to VoIP
ip unnumbered Loopback1
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile2
!
interface Dialer1
ip ddns update MYUPDATE
ip address negotiated
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname adslppp@telefonicanetpa
ppp chap password 7 070E255F42190915
no cdp enable
hold-queue 224 in
!
ip local pool IP_LAN_MANTECON 192.168.1.250 192.168.1.254
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.10 3389 interface Dialer1 3389
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 111 deny ip 127.0.0.0 0.255.255.255 any
access-list 111 deny ip 192.168.0.0 0.0.0.255 any
access-list 111 deny ip 172.16.0.0 0.0.255.255 any
access-list 111 deny ip 10.0.0.0 0.255.255.255 any
access-list 111 deny ip host 0.0.0.0 any
access-list 111 deny ip 224.0.0.0 31.255.255.255 any
access-list 111 deny icmp any any
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
transport input all
!
scheduler allocate 20000 1000
ntp server 150.214.94.5
!
end
router#