Advertisement
Guest User

Cisco config l2tp vpn to TMG 2010

a guest
Apr 24th, 2014
385
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.46 KB | None | 0 0
  1. !
  2. ! Last configuration change at 17:42:09 Moscow Fri Apr 18 2014 by sklad
  3. version 15.1
  4. no service pad
  5. service timestamps debug datetime msec
  6. service timestamps log datetime msec
  7. service password-encryption
  8. !
  9. hostname Cisco
  10. !
  11. boot-start-marker
  12. boot-end-marker
  13. !
  14. !
  15. no logging buffered
  16. enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  17. !
  18. aaa new-model
  19. !
  20. !
  21. aaa authorization exec default local
  22. !
  23. !
  24. !
  25. aaa session-id common
  26. !
  27. clock timezone Moscow 4 0
  28. dot11 syslog
  29. ip source-route
  30. !
  31. !
  32. !
  33. no ip dhcp use vrf connected
  34. ip dhcp excluded-address 192.168.25.1 192.168.25.64
  35. ip dhcp excluded-address 192.168.25.127 192.168.25.254
  36. !
  37. ip dhcp pool Sklad-DHCP
  38. network 192.168.25.0 255.255.255.0
  39. default-router 192.168.25.1
  40. dns-server 192.168.23.254 192.168.23.9 8.8.8.8
  41. domain-name domain.local
  42. !
  43. ip dhcp pool Sklad1
  44. host 192.168.25.193 255.255.255.0
  45. client-identifier 0148.5b39.1dea.f5
  46. !
  47. !
  48. ip cef
  49. no ip bootp server
  50. ip domain name domain.local
  51. ip accounting-list 123.123.123.123 0.0.0.0
  52. no ipv6 cef
  53. !
  54. multilink bundle-name authenticated
  55. !
  56. crypto pki token default removal timeout 0
  57. !
  58. crypto pki trustpoint TP-self-signed-1046460958
  59. enrollment selfsigned
  60. subject-name cn=IOS-Self-Signed-Certificate-1046460958
  61. revocation-check none
  62. rsakeypair TP-self-signed-1046460958
  63. !
  64. !
  65. crypto pki certificate chain TP-self-signed-1046460958
  66. certificate self-signed 01
  67. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  68. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  69. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  70. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  71. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  72. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  73. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  74. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  75. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  76. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  77. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  78. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  79. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  80. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  81. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  82. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  83. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  84. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  85. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  86. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  87. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  88. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  89. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  90. XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  91. quit
  92. !
  93. !
  94. license udi pid CISCO1841 sn XXXXXXXXX
  95. username Sklad privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXX
  96. !
  97. redundancy
  98. !
  99. !
  100. ip ssh version 1
  101. !
  102. !
  103. crypto isakmp policy 1
  104. encr 3des
  105. authentication pre-share
  106. group 2
  107. lifetime 28800
  108. crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 123.123.123.123
  109. crypto isakmp invalid-spi-recovery
  110. crypto isakmp keepalive 10 periodic
  111. !
  112. !
  113. crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  114. mode transport
  115. !
  116. crypto map Sklad_Crypto_Map 1 ipsec-isakmp
  117. description Transport to 123.123.123.123
  118. set peer 123.123.123.123
  119. set security-association lifetime seconds 28800
  120. set transform-set ESP-3DES-SHA
  121. set pfs group2
  122. match address 100
  123. reverse-route
  124. !
  125. !
  126. !
  127. !
  128. !
  129. interface FastEthernet0/0
  130. description === Internet ===
  131. ip address 456.456.456.2 255.255.255.252
  132. ip access-group FROM_INET in
  133. ip nat outside
  134. ip virtual-reassembly in
  135. duplex auto
  136. speed auto
  137. crypto map Sklad_Crypto_Map
  138. !
  139. interface FastEthernet0/0.2
  140. description === Internet 2 ===
  141. encapsulation dot1Q 2
  142. ip address 10.0.0.10 255.255.255.0
  143. ip access-group FROM_INET in
  144. ip nat outside
  145. ip virtual-reassembly in
  146. crypto map Sklad_Crypto_Map
  147. !
  148. !
  149. interface FastEthernet0/1
  150. description === LAN ===
  151. ip address 192.168.25.1 255.255.255.0
  152. ip accounting output-packets
  153. ip nat inside
  154. ip virtual-reassembly in
  155. duplex auto
  156. speed auto
  157. !
  158. interface Serial0/0/0
  159. no ip address
  160. shutdown
  161. clock rate 2000000
  162. !
  163. ip default-gateway 456.456.456.1
  164. ip forward-protocol nd
  165. ip http server
  166. ip http secure-server
  167. !
  168. !
  169. ip dns server
  170. ip nat inside source list 101 interface FastEthernet0/0 overload
  171. ip nat inside source static tcp 192.168.25.193 5651 interface FastEthernet0/0 5651
  172. ip nat inside source static tcp 192.168.25.193 6999 interface FastEthernet0/0 6999
  173. ip nat inside source static tcp 192.168.25.193 18080 interface FastEthernet0/0 18080
  174. ip nat inside source static tcp 192.168.25.193 8000 interface FastEthernet0/0 8000
  175. ip nat inside source static tcp 192.168.25.193 554 interface FastEthernet0/0 554
  176. ip nat inside source static tcp 192.168.25.193 8080 interface FastEthernet0/0 8080
  177. ip nat inside source static tcp 192.168.25.193 8089 interface FastEthernet0/0 8089
  178. ip route 0.0.0.0 0.0.0.0 456.456.456.1
  179. !
  180. ip access-list extended FROM_INET
  181. remark Allow this connection FROM Internet
  182. permit tcp any any established
  183. permit udp any eq bootps any
  184. permit udp any eq domain any
  185. permit udp any eq ntp any
  186. permit icmp any any
  187. permit tcp any any eq 22
  188. permit ip host 123.123.123.123 any
  189. permit icmp any any echo-reply
  190. permit icmp any any time-exceeded
  191. permit icmp any any unreachable
  192. permit ahp any host 123.123.123.123
  193. permit esp any host 123.123.123.123
  194. permit udp any eq isakmp host 123.123.123.123
  195. permit udp any eq non500-isakmp host 123.123.123.123
  196. permit tcp any any eq 5651
  197. permit tcp any any eq 8080
  198. permit tcp any any eq 18080
  199. permit tcp any any eq 8000
  200. permit tcp any any eq 554
  201. permit tcp any any eq 6999
  202. deny ip any any
  203. ip access-list extended acl_from_Yota
  204. permit ip host 10.0.0.10 any
  205. !
  206. access-list 100 remark CCP_ACL Category=4
  207. access-list 100 remark IPSec Rule
  208. access-list 100 permit ip 192.168.25.0 0.0.0.255 192.168.23.0 0.0.0.255
  209. access-list 100 permit ip 192.168.23.0 0.0.0.255 192.168.25.0 0.0.0.255
  210. !
  211. !
  212. !
  213. access-list 101 remark Allow Internet for this hosts
  214. access-list 101 deny ip 192.168.25.0 0.0.0.255 192.168.23.0 0.0.0.255
  215. access-list 101 permit ip 192.168.25.192 0.0.0.63 any
  216. access-list 101 permit ip any host 123.123.123.123
  217. access-list 101 deny ip any any
  218. !
  219. !
  220. !
  221. access-list 102 remark Allow From Internet
  222. access-list 102 permit udp any eq bootps any
  223. access-list 102 permit tcp any any eq 22
  224. access-list 102 permit ip host 123.123.123.123 any
  225. access-list 102 permit ip host 109.188.66.79 any
  226. access-list 102 permit icmp any any
  227. access-list 102 deny ip any any
  228. !
  229. !
  230. !
  231. !
  232. !
  233. !
  234. control-plane
  235. !
  236. !
  237. !
  238. line con 0
  239. password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
  240. logging synchronous
  241. line aux 0
  242. line vty 0 3
  243. password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
  244. logging synchronous
  245. terminal-type monitor
  246. history size 100
  247. transport input telnet ssh
  248. line vty 4
  249. transport input all
  250. !
  251. scheduler allocate 20000 1000
  252. ntp update-calendar
  253. ntp server 192.43.244.18
  254. ntp server 129.6.15.28
  255. ntp server 85.114.26.194 prefer
  256. !
  257. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement