xxxxxxxxxxx-router#sh run Building configuration... Current configuration : 3948 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname xxxxxxxxxxx-router ! logging queue-limit 100 ! ip subnet-zero ip domain name xxxxx.nl ip name-server 194.109.6.66 ip name-server 194.109.9.99 ip name-server 194.109.104.104 ! ! ip inspect max-incomplete high 1100 ip inspect one-minute high 1100 ip inspect dns-timeout 10 ip inspect name FIREWALL tcp ip inspect name FIREWALL udp ip inspect name FIREWALL ftp ip inspect name FIREWALL http ip inspect name FIREWALL smtp ip inspect name FIREWALL icmp ip audit notify log ip audit po max-events 100 ip audit name AUDIT_RULE info action alarm ip audit name AUDIT_RULE attack action alarm drop reset no ftp-server write-enable ! ! ! ! crypto isakmp policy 5 hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group xxxxxxxxxxx key 0 xxxxxxxxxx pool xxxxxxxxxxx_pool ! ! crypto ipsec transform-set xxxxxxx_set esp-des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set xxxxxxxxxxx_set ! ! crypto map xxxxxxxxxxx_map client authentication list userauthen crypto map xxxxxxxxxxx_map isakmp authorization list groupauthor crypto map xxxxxxxxxxx_map client configuration address respond crypto map xxxxxxxxxxx_map 10 ipsec-isakmp dynamic dynmap ! ! ! ! interface Ethernet0 ip address 10.0.1.254 255.255.255.0 ip nat inside hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive pvc 8/48 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto hold-queue 224 in ! interface Dialer0 ip address negotiated ip access-group 102 in ip nat outside ip inspect FIREWALL out ip audit AUDIT_RULE in encapsulation ppp dialer pool 1 dialer-group 1 no peer default ip address ppp authentication pap callin ppp pap sent-username xxxxxx password xxxxxxx crypto map xxxxxxxxxxx_map ! ip local pool xxxxxxxxxxx_pool 192.168.5.1 192.168.5.254 ip nat inside source route-map nonat interface Dialer0 overload ip nat inside source static tcp 10.0.1.1 25 EXTERNAL_IP 25 extendable ip nat inside source static tcp 10.0.1.1 80 EXTERNAL_IP 80 extendable ip nat inside source static tcp 10.0.1.1 443 EXTERNAL_IP 443 extendable ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 permanent no ip http server no ip http secure-server ! ! ip access-list extended group-lock ip access-list extended inacl ip access-list extended save-password ip access-list extended service access-list 1 remark Permit for Dialup access-list 1 permit 192.168.1.0 0.0.0.255 access-list 102 remark Incoming Internet via dialer 0 access-list 102 remark Permit IP Range VPN Client access-list 102 permit ip 192.168.5.0 0.0.0.255 any access-list 102 permit esp any any access-list 102 remark open VPN Port & Others access-list 102 permit udp any host EXTERNAL_IP eq isakmp log access-list 102 permit tcp any host EXTERNAL_IP eq 22 access-list 102 permit tcp any host EXTERNAL_IP eq smtp access-list 102 permit tcp any host EXTERNAL_IP eq www access-list 102 permit tcp any host EXTERNAL_IP eq 443 access-list 102 remark Permit FTP access-list 102 permit tcp any eq ftp any access-list 102 permit tcp any eq ftp-data any access-list 102 remark Permit all incoming ICMP access-list 102 permit icmp any any access-list 120 remark Except Private to Private from NAT access-list 120 deny ip 10.0.1.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 120 permit ip 10.0.1.0 0.0.0.255 any dialer-list 1 protocol ip list 101 route-map nonat permit 10 match ip address 120 ! ! line con 0 exec-timeout 120 0 login local no modem enable stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class 23 in exec-timeout 120 0 login local ! scheduler max-task-time 5000 ! end