Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- !
- ! Last configuration change at 17:42:09 Moscow Fri Apr 18 2014 by sklad
- version 15.1
- no service pad
- service timestamps debug datetime msec
- service timestamps log datetime msec
- service password-encryption
- !
- hostname Cisco
- !
- boot-start-marker
- boot-end-marker
- !
- !
- no logging buffered
- enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- !
- aaa new-model
- !
- !
- aaa authorization exec default local
- !
- !
- !
- aaa session-id common
- !
- clock timezone Moscow 4 0
- dot11 syslog
- ip source-route
- !
- !
- !
- no ip dhcp use vrf connected
- ip dhcp excluded-address 192.168.25.1 192.168.25.64
- ip dhcp excluded-address 192.168.25.127 192.168.25.254
- !
- ip dhcp pool Sklad-DHCP
- network 192.168.25.0 255.255.255.0
- default-router 192.168.25.1
- dns-server 192.168.23.254 192.168.23.9 8.8.8.8
- domain-name domain.local
- !
- ip dhcp pool Sklad1
- host 192.168.25.193 255.255.255.0
- client-identifier 0148.5b39.1dea.f5
- !
- !
- ip cef
- no ip bootp server
- ip domain name domain.local
- ip accounting-list 123.123.123.123 0.0.0.0
- no ipv6 cef
- !
- multilink bundle-name authenticated
- !
- crypto pki token default removal timeout 0
- !
- crypto pki trustpoint TP-self-signed-1046460958
- enrollment selfsigned
- subject-name cn=IOS-Self-Signed-Certificate-1046460958
- revocation-check none
- rsakeypair TP-self-signed-1046460958
- !
- !
- crypto pki certificate chain TP-self-signed-1046460958
- certificate self-signed 01
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
- quit
- !
- !
- license udi pid CISCO1841 sn XXXXXXXXX
- username Sklad privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXX
- !
- redundancy
- !
- !
- ip ssh version 1
- !
- !
- crypto isakmp policy 1
- encr 3des
- authentication pre-share
- group 2
- lifetime 28800
- crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 123.123.123.123
- crypto isakmp invalid-spi-recovery
- crypto isakmp keepalive 10 periodic
- !
- !
- crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
- mode transport
- !
- crypto map Sklad_Crypto_Map 1 ipsec-isakmp
- description Transport to 123.123.123.123
- set peer 123.123.123.123
- set security-association lifetime seconds 28800
- set transform-set ESP-3DES-SHA
- set pfs group2
- match address 100
- reverse-route
- !
- !
- !
- !
- !
- interface FastEthernet0/0
- description === Internet ===
- ip address 456.456.456.2 255.255.255.252
- ip access-group FROM_INET in
- ip nat outside
- ip virtual-reassembly in
- duplex auto
- speed auto
- crypto map Sklad_Crypto_Map
- !
- interface FastEthernet0/0.2
- description === Internet 2 ===
- encapsulation dot1Q 2
- ip address 10.0.0.10 255.255.255.0
- ip access-group FROM_INET in
- ip nat outside
- ip virtual-reassembly in
- crypto map Sklad_Crypto_Map
- !
- !
- interface FastEthernet0/1
- description === LAN ===
- ip address 192.168.25.1 255.255.255.0
- ip accounting output-packets
- ip nat inside
- ip virtual-reassembly in
- duplex auto
- speed auto
- !
- interface Serial0/0/0
- no ip address
- shutdown
- clock rate 2000000
- !
- ip default-gateway 456.456.456.1
- ip forward-protocol nd
- ip http server
- ip http secure-server
- !
- !
- ip dns server
- ip nat inside source list 101 interface FastEthernet0/0 overload
- ip nat inside source static tcp 192.168.25.193 5651 interface FastEthernet0/0 5651
- ip nat inside source static tcp 192.168.25.193 6999 interface FastEthernet0/0 6999
- ip nat inside source static tcp 192.168.25.193 18080 interface FastEthernet0/0 18080
- ip nat inside source static tcp 192.168.25.193 8000 interface FastEthernet0/0 8000
- ip nat inside source static tcp 192.168.25.193 554 interface FastEthernet0/0 554
- ip nat inside source static tcp 192.168.25.193 8080 interface FastEthernet0/0 8080
- ip nat inside source static tcp 192.168.25.193 8089 interface FastEthernet0/0 8089
- ip route 0.0.0.0 0.0.0.0 456.456.456.1
- !
- ip access-list extended FROM_INET
- remark Allow this connection FROM Internet
- permit tcp any any established
- permit udp any eq bootps any
- permit udp any eq domain any
- permit udp any eq ntp any
- permit icmp any any
- permit tcp any any eq 22
- permit ip host 123.123.123.123 any
- permit icmp any any echo-reply
- permit icmp any any time-exceeded
- permit icmp any any unreachable
- permit ahp any host 123.123.123.123
- permit esp any host 123.123.123.123
- permit udp any eq isakmp host 123.123.123.123
- permit udp any eq non500-isakmp host 123.123.123.123
- permit tcp any any eq 5651
- permit tcp any any eq 8080
- permit tcp any any eq 18080
- permit tcp any any eq 8000
- permit tcp any any eq 554
- permit tcp any any eq 6999
- deny ip any any
- ip access-list extended acl_from_Yota
- permit ip host 10.0.0.10 any
- !
- access-list 100 remark CCP_ACL Category=4
- access-list 100 remark IPSec Rule
- access-list 100 permit ip 192.168.25.0 0.0.0.255 192.168.23.0 0.0.0.255
- access-list 100 permit ip 192.168.23.0 0.0.0.255 192.168.25.0 0.0.0.255
- !
- !
- !
- access-list 101 remark Allow Internet for this hosts
- access-list 101 deny ip 192.168.25.0 0.0.0.255 192.168.23.0 0.0.0.255
- access-list 101 permit ip 192.168.25.192 0.0.0.63 any
- access-list 101 permit ip any host 123.123.123.123
- access-list 101 deny ip any any
- !
- !
- !
- access-list 102 remark Allow From Internet
- access-list 102 permit udp any eq bootps any
- access-list 102 permit tcp any any eq 22
- access-list 102 permit ip host 123.123.123.123 any
- access-list 102 permit ip host 109.188.66.79 any
- access-list 102 permit icmp any any
- access-list 102 deny ip any any
- !
- !
- !
- !
- !
- !
- control-plane
- !
- !
- !
- line con 0
- password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
- logging synchronous
- line aux 0
- line vty 0 3
- password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
- logging synchronous
- terminal-type monitor
- history size 100
- transport input telnet ssh
- line vty 4
- transport input all
- !
- scheduler allocate 20000 1000
- ntp update-calendar
- ntp server 192.43.244.18
- ntp server 129.6.15.28
- ntp server 85.114.26.194 prefer
- !
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement