Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ip port-map user-protocol8 port tcp from 1435 to 1450
- ip port-map user-protocol9 port udp from 1400 to 1433
- ip port-map user-protocol--2 port tcp 1194
- ip port-map user-protocol--3 port tcp 1434
- ip port-map user-protocol--1 port tcp 499
- ip port-map user-protocol--6 port tcp 8082
- ip port-map user-protocol7 port tcp from 1400 to 1432
- ip port-map user-protocol--4 port tcp 5555
- ip port-map user-67-68 port tcp from 67 to 68
- ip port-map user-protocol--5 port tcp 8081
- ip port-map user-CCTV-Viewer port tcp 7800
- ip port-map user-protocol10 port udp from 1435 to 1450
- ip port-map user-4930 port tcp 4930
- ip port-map user-7080 port tcp 7080
- ip port-map user-8000 port tcp 8000
- ip port-map user-81 port tcp 81
- ip port-map user-74437447 port tcp from 7443 to 7447
- ip port-map user-9801 port tcp 9801
- ip port-map user-5554 port tcp 5554
- ip port-map user-9800 port tcp 9800
- ip port-map user-9802 port tcp 9802
- ip port-map user-tcp-587 port tcp 587 description SMTP-Relay
- ip port-map user-udp7080 port udp 7080
- ip port-map user-udp4930 port udp 4930
- ip port-map user-tcp-5000-5049 port tcp from 5000 to 5049 description Arcserve GDD
- ip port-map user-udp74437447 port udp from 7443 to 7447
- ip port-map user-tcp-5051-5060 port tcp from 5051 to 5059 description Arcserve GDD-2
- ip port-map user-tcp-8989 port tcp 8989
- ip port-map user-tcp-4449 port tcp 4449 description user-tcp-4449
- ip port-map user-tcp-8014 port tcp 8014 description Data-Transfer-ArcServe
- ip port-map user-tcp-83 port tcp 83
- !
- ip dhcp excluded-address 192.168.5.1
- ip dhcp excluded-address 192.168.5.2
- ip dhcp excluded-address 192.168.5.3
- ip dhcp excluded-address 192.168.5.4
- ip dhcp excluded-address 192.168.5.5
- ip dhcp excluded-address 192.168.5.6
- ip dhcp excluded-address 192.168.5.7
- ip dhcp excluded-address 192.168.5.8
- ip dhcp excluded-address 192.168.5.9
- !
- ip dhcp pool Wifi-VLAN13
- import all
- network 192.168.5.0 255.255.255.0
- dns-server 8.8.4.4 8.8.8.8
- default-router 192.168.5.1
- !
- !
- !
- ip domain name xxxxx.co.uk
- ip name-server 87.117.237.100
- ip name-server 8.8.4.4
- ip name-server 8.8.8.8
- ip cef
- no ipv6 cef
- !
- parameter-map type protocol-info yahoo-servers
- server name scs.msg.yahoo.com
- server name scsa.msg.yahoo.com
- server name scsb.msg.yahoo.com
- server name scsc.msg.yahoo.com
- server name scsd.msg.yahoo.com
- server name cs16.msg.dcn.yahoo.com
- server name cs19.msg.dcn.yahoo.com
- server name cs42.msg.dcn.yahoo.com
- server name cs53.msg.dcn.yahoo.com
- server name cs54.msg.dcn.yahoo.com
- server name ads1.vip.scd.yahoo.com
- server name radio1.launch.vip.dal.yahoo.com
- server name in1.msg.vip.re2.yahoo.com
- server name data1.my.vip.sc5.yahoo.com
- server name address1.pim.vip.mud.yahoo.com
- server name edit.messenger.yahoo.com
- server name messenger.yahoo.com
- server name http.pager.yahoo.com
- server name privacy.yahoo.com
- server name csa.yahoo.com
- server name csb.yahoo.com
- server name csc.yahoo.com
- parameter-map type protocol-info msn-servers
- server name messenger.hotmail.com
- server name gateway.messenger.hotmail.com
- server name webmessenger.msn.com
- parameter-map type protocol-info aol-servers
- server name login.oscar.aol.com
- server name toc.oscar.aol.com
- server name oam-d09a.blue.aol.com
- !
- !
- !
- !
- multilink bundle-name authenticated
- !
- !
- !
- !
- controller VDSL 0
- operating mode adsl2
- no cdp run
- !
- no ip ftp passive
- !
- class-map type inspect match-any SDM_BOOTPC
- match access-group name SDM_BOOTPC
- class-map type inspect match-all sdm-nat-http-4
- match access-group 108
- match protocol http
- class-map type inspect match-all sdm-nat-user-protocol--6-1
- match access-group 108
- match protocol user-protocol--6
- class-map type inspect match-all sdm-nat-user-protocol--5-2
- match access-group 108
- match protocol user-protocol--5
- class-map type inspect match-all sdm-nat-user-protocol--5-1
- match access-group 107
- match protocol user-protocol--5
- class-map type inspect match-all sdm-nat-user-protocol--4-1
- match access-group 103
- match protocol user-protocol--4
- class-map type inspect match-all sdm-nat-user-protocol--3-1
- match access-group 102
- match protocol user-protocol--3
- class-map type inspect imap match-any ccp-app-imap
- match invalid-command
- class-map type inspect match-all sdm-nat-user-protocol--2-1
- match access-group name dmz-traffic
- match protocol http
- class-map type inspect match-all sdm-nat-http-1
- match access-group 102
- match protocol http
- class-map type inspect match-all sdm-nat-user-protocol--1-2
- match access-group 103
- match protocol user-protocol--1
- class-map type inspect match-all sdm-nat-user-protocol--1-1
- match access-group name dmz-traffic
- match protocol https
- class-map type inspect match-all sdm-nat-user-protocol--2-2
- match access-group 103
- match protocol user-protocol--2
- class-map type inspect match-all sdm-nat-http-2
- match access-group 105
- match protocol http
- class-map type inspect match-all sdm-nat-http-3
- match access-group 106
- match protocol http
- class-map type inspect match-all CCP_SSLVPN
- match access-group 199
- class-map type inspect match-any SDM_AH
- match access-group name SDM_AH
- class-map type inspect match-any ccp-skinny-inspect
- match protocol skinny
- class-map type inspect match-all ccp-cls-ccp-permit-icmpreply-1
- match access-group name OutboundInternet
- class-map type inspect match-any sdm-cls-bootps
- match protocol bootps
- class-map type inspect match-all ccp-cls--2
- match access-group name Permit-LANInternet
- class-map type inspect match-all sdm-nat-rtsp-1
- match access-group 104
- match protocol rtsp
- class-map type inspect match-any sdm-service-sdm-pol-NATOutsideToInside-1
- match protocol https
- match protocol http
- match protocol ms-sql
- match protocol user-protocol10
- match protocol user-protocol7
- match protocol user-protocol8
- match protocol user-protocol9
- match protocol user-CCTV-Viewer
- match protocol user-9800
- match protocol user-9801
- match protocol user-9802
- class-map type inspect match-any SDM_WEBVPN
- match access-group name SDM_WEBVPN
- class-map type inspect match-any SMTP27
- match protocol smtp
- class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
- match service any
- class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
- match service any
- class-map type inspect match-any Arcserve
- match protocol ymsgr
- match protocol msrpc
- match protocol netbios-ns
- match protocol sip
- match protocol user-tcp-5000-5049
- match protocol user-tcp-5051-5060
- match protocol user-tcp-8014
- class-map type inspect match-any ccp-h323nxg-inspect
- match protocol h323-nxg
- class-map type inspect match-any ccp-cls-icmp-access
- match protocol icmp
- match protocol tcp
- match protocol udp
- class-map type inspect match-any ccp-cls-protocol-im
- match protocol ymsgr yahoo-servers
- match protocol msnmsgr msn-servers
- match protocol aol aol-servers
- class-map type inspect aol match-any ccp-app-aol-otherservices
- match service any
- class-map type inspect match-all ccp-protocol-pop3
- match protocol pop3
- class-map type inspect match-any ccp-h225ras-inspect
- match protocol h225ras
- class-map type inspect match-all ccp-cls-ccp-inspect-1
- match access-group name All
- class-map type inspect match-any SDM_ESP
- match access-group name SDM_ESP
- class-map type inspect match-any ccp-h323annexe-inspect
- match protocol h323-annexe
- class-map type inspect match-any SQL-Access
- match protocol ms-sql-m
- match protocol ms-sql
- match protocol user-protocol--2
- match protocol user-protocol--3
- match protocol user-protocol10
- match protocol user-protocol7
- match protocol user-protocol8
- match protocol user-protocol9
- match protocol tcp
- match protocol udp
- class-map type inspect match-any ccp-cls-insp-traffic
- match protocol dns
- match protocol ftp
- match protocol https
- match protocol icmp
- match protocol imap
- match protocol pop3
- match protocol netshow
- match protocol shell
- match protocol realmedia
- match protocol rtsp
- match protocol smtp
- match protocol sql-net
- match protocol streamworks
- match protocol tftp
- match protocol vdolive
- match protocol tcp
- match protocol udp
- class-map type inspect match-any TCP83
- match protocol user-tcp-83
- match protocol https
- class-map type inspect pop3 match-any ccp-app-pop3
- match invalid-command
- class-map type inspect match-any SQL
- match protocol user-4930
- match protocol user-udp4930
- match protocol user-protocol9
- match protocol user-protocol8
- match protocol user-protocol7
- match protocol user-protocol10
- match protocol user-protocol--3
- match protocol http
- match protocol ms-sql
- match protocol ms-sql-m
- class-map type inspect match-any DNS
- match protocol dns
- match protocol https
- match protocol http
- match protocol icmp
- match protocol smtp
- match protocol user-tcp-587
- class-map type inspect match-any SQL-Access-1
- match protocol ms-sql-m
- match protocol ms-sql
- match protocol icmp
- class-map type inspect match-any ccp-h323-inspect
- match protocol h323
- class-map type inspect ymsgr match-any ccp-app-yahoo
- match service text-chat
- class-map type inspect msnmsgr match-any ccp-app-msn
- match service text-chat
- class-map type inspect match-all ccp-invalid-src
- match access-group 100
- class-map type inspect match-all sdm-nat-x11-1
- match access-group 104
- match protocol x11
- class-map type inspect http match-any ccp-app-httpmethods
- match request method bcopy
- match request method bdelete
- match request method bmove
- match request method bpropfind
- match request method bproppatch
- match request method connect
- match request method copy
- match request method delete
- match request method edit
- match request method getattribute
- match request method getattributenames
- match request method getproperties
- match request method index
- match request method lock
- match request method mkcol
- match request method mkdir
- match request method move
- match request method notify
- match request method options
- match request method poll
- match request method propfind
- match request method proppatch
- match request method put
- match request method revadd
- match request method revlabel
- match request method revlog
- match request method revnum
- match request method save
- match request method search
- match request method setattribute
- match request method startrev
- match request method stoprev
- match request method subscribe
- match request method trace
- match request method unedit
- match request method unlock
- match request method unsubscribe
- class-map type inspect match-any ccp-dmz-protocols
- match protocol http
- class-map type inspect match-any tcp
- match protocol tcp
- class-map type inspect match-any Arcserve-Server-to-DMZ
- match protocol ymsgr
- match protocol user-tcp-8014
- match protocol user-tcp-5051-5060
- match protocol user-tcp-5000-5049
- match protocol sip
- match protocol netbios-ns
- match protocol msrpc
- match protocol netbios-dgm
- match protocol netbios-ssn
- match protocol tcp
- match protocol udp
- class-map type inspect match-any https
- match protocol https
- match protocol http
- match protocol icmp
- match protocol dns
- class-map type inspect match-any ccp-sip-inspect
- match protocol sip
- class-map type inspect match-all sdm-nat-telnets-1
- match access-group 103
- match protocol telnets
- class-map type inspect http match-any ccp-http-blockparam
- match request port-misuse im
- match request port-misuse p2p
- match req-resp protocol-violation
- class-map type inspect match-any sdm-service-ccp-permit-dmzservice-3
- match protocol rtsp
- match protocol user-5554
- class-map type inspect match-any aaweb
- match protocol http
- match protocol https
- class-map type inspect match-any sdm-service-ccp-permit-dmzservice-2
- match protocol user-protocol--1
- match protocol ipsec-msft
- match protocol isakmp
- class-map type inspect match-any sdm-service-ccp-permit-dmzservice-1
- match protocol ms-sql
- match protocol user-protocol9
- match protocol user-protocol7
- match protocol user-protocol8
- match protocol user-protocol10
- class-map type inspect match-all ccp-protocol-imap
- match protocol imap
- class-map type inspect aol match-any ccp-app-aol
- match service text-chat
- class-map type inspect match-any ArcServer-Backup
- match protocol ymsgr
- match protocol sip
- match protocol msrpc
- match protocol netbios-ns
- match protocol user-tcp-8014
- match protocol user-tcp-5000-5049
- match protocol user-tcp-5051-5060
- match protocol microsoft-ds
- match protocol netbios-ssn
- match protocol netbios-dgm
- match protocol tcp
- match protocol udp
- class-map type inspect match-all ccp-protocol-http
- match protocol http
- class-map type inspect http match-any ccp-http-allowparam
- match request port-misuse tunneling
- class-map type inspect match-all sdm-nat-http-5
- match access-group 105
- match class-map sdm-service-sdm-pol-NATOutsideToInside-1
- class-map type inspect match-all sdm-nat-http-6
- match access-group 108
- match class-map sdm-service-sdm-pol-NATOutsideToInside-1
- class-map type inspect match-all sdm-nat-user-protocol--1-3
- match access-group 103
- match class-map sdm-service-ccp-permit-dmzservice-2
- class-map type inspect match-any SDM_DHCP_CLIENT_PT
- match class-map SDM_BOOTPC
- class-map type inspect match-all ccp-cls-sdm-pol-NATOutsideToInside-1-1
- match access-group name Permit_Temp
- match class-map SQL
- class-map type inspect match-all SDM_WEBVPN_TRAFFIC
- match class-map SDM_WEBVPN
- match access-group 109
- class-map type inspect match-all ccp-cls--1
- match class-map SQL-Access
- match access-group name SQL
- class-map type inspect match-all ccp-cls--3
- match class-map SQL-Access-1
- match access-group name SQL
- class-map type inspect match-all ccp-cls--4
- match access-group name webout
- match class-map aaweb
- class-map type inspect match-all ccp-insp-traffic
- match class-map ccp-cls-insp-traffic
- class-map type inspect match-all sdm-nat-rtsp-2
- match access-group 104
- match class-map sdm-service-ccp-permit-dmzservice-3
- class-map type inspect match-all ccp-cls-ccp-inspect-2
- match class-map Arcserve
- match access-group name Arcserve
- class-map type inspect match-all sdm-nat-ms-sql-1
- match access-group 102
- match class-map sdm-service-sdm-pol-NATOutsideToInside-1
- class-map type inspect match-all sdm-nat-ms-sql-2
- match access-group 102
- match class-map sdm-service-ccp-permit-dmzservice-1
- class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
- match protocol isakmp
- match protocol ipsec-msft
- match class-map SDM_AH
- match class-map SDM_ESP
- class-map type inspect match-all ccp-protocol-im
- match class-map ccp-cls-protocol-im
- class-map type inspect match-all ccp-icmp-access
- match class-map ccp-cls-icmp-access
- class-map type inspect match-all ccp-dmz-traffic
- match access-group name dmz-traffic
- match class-map ccp-dmz-protocols
- class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--1-1
- match class-map SMTP27
- match access-group name SMTP
- class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--1-2
- match class-map ArcServer-Backup
- match access-group name Arcserve-DMZ-Backup
- class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--4-1
- match class-map DNS
- match access-group name DNS-Lookups
- class-map type inspect match-all sdm-nat-https-1
- match access-group name dmz-traffic
- match class-map sdm-service-sdm-pol-NATOutsideToInside-1
- class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-1
- match class-map tcp
- match access-group name RDP-to-DMZ
- class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-2
- match class-map TCP83
- match access-group name TCP83
- class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-3
- match class-map Arcserve-Server-to-DMZ
- match access-group name Arcserve-Server-to-DMZ
- class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
- match class-map SDM_EASY_VPN_SERVER_TRAFFIC
- !
- policy-map type inspect im ccp-action-app-im
- class type inspect aol ccp-app-aol
- log
- allow
- class type inspect msnmsgr ccp-app-msn
- log
- allow
- class type inspect ymsgr ccp-app-yahoo
- log
- allow
- class type inspect aol ccp-app-aol-otherservices
- log
- reset
- class type inspect msnmsgr ccp-app-msn-otherservices
- log
- reset
- class type inspect ymsgr ccp-app-yahoo-otherservices
- log
- reset
- policy-map type inspect pop3 ccp-action-pop3
- class type inspect pop3 ccp-app-pop3
- log
- policy-map type inspect imap ccp-action-imap
- class type inspect imap ccp-app-imap
- log
- policy-map type inspect http ccp-action-app-http
- class type inspect http ccp-http-blockparam
- log
- reset
- class type inspect http ccp-app-httpmethods
- log
- reset
- class type inspect http ccp-http-allowparam
- log
- allow
- policy-map type inspect ccp-inspect
- class type inspect ccp-cls-ccp-inspect-2
- inspect
- class type inspect ccp-invalid-src
- inspect
- class type inspect ccp-protocol-http
- inspect
- service-policy http ccp-action-app-http
- class type inspect ccp-protocol-imap
- inspect
- service-policy imap ccp-action-imap
- class type inspect ccp-protocol-pop3
- inspect
- service-policy pop3 ccp-action-pop3
- class type inspect ccp-protocol-im
- inspect
- service-policy im ccp-action-app-im
- class type inspect ccp-insp-traffic
- inspect
- class type inspect ccp-sip-inspect
- inspect
- class type inspect ccp-h323-inspect
- inspect
- class type inspect ccp-h323annexe-inspect
- inspect
- class type inspect ccp-h225ras-inspect
- inspect
- class type inspect ccp-h323nxg-inspect
- inspect
- class type inspect ccp-skinny-inspect
- inspect
- class class-default
- drop
- policy-map type inspect ccp-policy-ccp-cls--4
- class type inspect ccp-cls-ccp-policy-ccp-cls--4-1
- inspect
- class type inspect ccp-cls--4
- pass
- class class-default
- drop
- policy-map type inspect ccp-policy-ccp-cls--1
- class type inspect ccp-cls-ccp-policy-ccp-cls--1-2
- inspect
- class type inspect ccp-cls-ccp-policy-ccp-cls--1-1
- pass
- class type inspect ccp-cls--1
- inspect
- class class-default
- drop
- policy-map type inspect ccp-permit-dmzservice
- class type inspect ccp-cls-ccp-permit-dmzservice-3
- inspect
- class type inspect ccp-cls-ccp-permit-dmzservice-2
- inspect
- class type inspect ccp-cls-ccp-permit-dmzservice-1
- inspect
- class type inspect ccp-dmz-traffic
- inspect
- class type inspect sdm-nat-user-protocol--2-1
- inspect
- class type inspect sdm-nat-http-1
- inspect
- class type inspect sdm-nat-user-protocol--1-3
- inspect
- class type inspect sdm-nat-telnets-1
- inspect
- class type inspect sdm-nat-user-protocol--2-2
- inspect
- class type inspect sdm-nat-ms-sql-2
- inspect
- class type inspect sdm-nat-user-protocol--3-1
- inspect
- class type inspect sdm-nat-rtsp-2
- inspect
- class type inspect sdm-nat-user-protocol--4-1
- inspect
- class type inspect sdm-nat-x11-1
- inspect
- class type inspect sdm-nat-http-2
- inspect
- class type inspect sdm-nat-http-3
- inspect
- class type inspect sdm-nat-user-protocol--5-1
- inspect
- class type inspect sdm-nat-http-4
- inspect
- class type inspect sdm-nat-user-protocol--5-2
- inspect
- class type inspect sdm-nat-user-protocol--6-1
- inspect
- class class-default
- drop
- policy-map type inspect sdm-pol-NATOutsideToInside-1
- class type inspect ccp-cls-sdm-pol-NATOutsideToInside-1-1
- inspect
- class type inspect sdm-nat-https-1
- inspect
- class type inspect sdm-nat-user-protocol--1-1
- inspect
- class type inspect sdm-nat-user-protocol--2-1
- inspect
- class type inspect sdm-nat-http-1
- inspect
- class type inspect sdm-nat-user-protocol--1-2
- inspect
- class type inspect sdm-nat-telnets-1
- inspect
- class type inspect sdm-nat-user-protocol--2-2
- inspect
- class type inspect sdm-nat-ms-sql-1
- inspect
- class type inspect sdm-nat-user-protocol--3-1
- inspect
- class type inspect sdm-nat-rtsp-1
- inspect
- class type inspect sdm-nat-user-protocol--4-1
- inspect
- class type inspect sdm-nat-x11-1
- inspect
- class type inspect sdm-nat-http-5
- inspect
- class type inspect sdm-nat-http-3
- inspect
- class type inspect sdm-nat-user-protocol--5-1
- inspect
- class type inspect sdm-nat-http-6
- inspect
- class type inspect sdm-nat-user-protocol--5-2
- inspect
- class type inspect sdm-nat-user-protocol--6-1
- inspect
- class class-default
- drop
- policy-map type inspect ccp-permit
- class type inspect SDM_WEBVPN_TRAFFIC
- inspect
- class type inspect ccp-sip-inspect
- inspect
- class type inspect ccp-h323-inspect
- inspect
- class type inspect ccp-h323annexe-inspect
- inspect
- class type inspect ccp-h225ras-inspect
- inspect
- class type inspect ccp-h323nxg-inspect
- inspect
- class type inspect ccp-skinny-inspect
- inspect
- class class-default
- drop
- policy-map type inspect ccp-sslvpn-pol
- class type inspect CCP_SSLVPN
- pass
- class class-default
- drop
- policy-map type inspect ccp-permit-icmpreply
- class type inspect ccp-icmp-access
- inspect
- class type inspect ccp-sip-inspect
- inspect
- class type inspect ccp-h323-inspect
- inspect
- class type inspect ccp-h323annexe-inspect
- inspect
- class type inspect ccp-h225ras-inspect
- inspect
- class type inspect ccp-h323nxg-inspect
- inspect
- class type inspect ccp-skinny-inspect
- inspect
- class class-default
- pass
- !
- zone security in-zone
- zone security out-zone
- zone security dmz-zone
- zone security sslvpn-zone
- zone-pair security ccp-zp-self-out source self destination out-zone
- service-policy type inspect ccp-permit-icmpreply
- zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
- service-policy type inspect sdm-pol-NATOutsideToInside-1
- zone-pair security ccp-zp-in-out source in-zone destination out-zone
- service-policy type inspect ccp-inspect
- zone-pair security ccp-zp-out-self source out-zone destination self
- service-policy type inspect ccp-permit
- zone-pair security ccp-zp-in-dmz source in-zone destination dmz-zone
- service-policy type inspect ccp-permit-dmzservice
- zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone
- service-policy type inspect ccp-permit-dmzservice
- zone-pair security zp-out-zone-sslvpn-zone source out-zone destination sslvpn-zone
- service-policy type inspect ccp-sslvpn-pol
- zone-pair security zp-in-zone-sslvpn-zone source in-zone destination sslvpn-zone
- service-policy type inspect ccp-sslvpn-pol
- zone-pair security zp-sslvpn-zone-in-zone source sslvpn-zone destination in-zone
- service-policy type inspect ccp-sslvpn-pol
- zone-pair security zp-sslvpn-zone-out-zone source sslvpn-zone destination out-zone
- service-policy type inspect ccp-sslvpn-pol
- zone-pair security sdm-zp-dmz-zone-in-zone source dmz-zone destination in-zone
- service-policy type inspect ccp-policy-ccp-cls--1
- zone-pair security sdm-zp-dmz-zone-out-zone source dmz-zone destination out-zone
- service-policy type inspect ccp-policy-ccp-cls--4
- !
- !
- crypto isakmp policy 1
- encr 3des
- authentication pre-share
- group 2
- !
- crypto isakmp client configuration group jba
- key KEY##
- dns 192.168.0.8 192.168.0.10
- domain xxxxx.co.uk
- pool SDM_POOL_1
- netmask 255.255.255.0
- crypto isakmp profile ciscocp-ike-profile-1
- match identity group jba
- client authentication list ciscocp_vpn_xauth_ml_1
- isakmp authorization list ciscocp_vpn_group_ml_1
- client configuration address respond
- virtual-template 1
- !
- !
- crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
- mode tunnel
- !
- crypto ipsec profile CiscoCP_Profile1
- set transform-set ESP-3DES-SHA
- set isakmp-profile ciscocp-ike-profile-1
- !
- !
- !
- !
- !
- !
- !
- !
- interface Loopback0
- description Do not delete - SDM WebVPN generated interface
- ip address 192.168.1.1 255.255.255.252
- ip nat inside
- ip virtual-reassembly in
- !
- interface ATM0
- no ip address
- shutdown
- no atm ilmi-keepalive
- !
- interface Ethernet0
- no ip address
- shutdown
- !
- interface GigabitEthernet0
- switchport access vlan 10
- no ip address
- !
- interface GigabitEthernet1
- no ip address
- spanning-tree portfast
- !
- interface GigabitEthernet2
- switchport access vlan 11
- no ip address
- spanning-tree portfast
- !
- interface GigabitEthernet3
- switchport access vlan 12
- no ip address
- spanning-tree portfast
- !
- interface GigabitEthernet4
- switchport access vlan 13
- no ip address
- spanning-tree portfast
- !
- interface GigabitEthernet5
- switchport access vlan 99
- no ip address
- spanning-tree portfast
- !
- interface GigabitEthernet6
- no ip address
- spanning-tree portfast
- !
- interface GigabitEthernet7
- no ip address
- spanning-tree portfast
- !
- interface GigabitEthernet8
- description PrimaryWANDesc_253 wanFW$FW$FW_OUTSIDE$$ETH-WAN$
- ip address 192.168.10.86 255.255.255.0 secondary
- ip address EXTERNALIP x.x.x.x 255.255.255.0
- ip access-group InboundServices in
- ip nat outside
- ip virtual-reassembly in
- zone-member security out-zone
- duplex auto
- speed auto
- media-type rj45
- !
- interface Virtual-Template1
- ip unnumbered GigabitEthernet8
- zone-member security sslvpn-zone
- !
- interface Vlan1
- ip address 172.16.1.1 255.255.255.0
- !
- interface Vlan10
- description $FW_INSIDE$
- ip address 192.168.0.253 255.255.255.0
- ip nat inside
- ip virtual-reassembly in
- zone-member security in-zone
- !
- interface Vlan11
- description $FW_DMZ$
- ip address 192.168.6.1 255.255.255.248
- ip access-group Web_Traffic_IN in
- ip nat inside
- ip virtual-reassembly in
- zone-member security dmz-zone
- !
- interface Vlan12
- description $FW_DMZ$
- ip address 192.168.6.9 255.255.255.248
- ip access-group dmz-traffic in
- ip nat inside
- ip virtual-reassembly in
- zone-member security dmz-zone
- !
- interface Vlan13
- description $FW_INSIDE$
- ip address 192.168.5.1 255.255.255.0
- ip nat inside
- ip virtual-reassembly in
- zone-member security in-zone
- !
- interface Vlan99
- description TRANSIT_VLAN
- ip address 192.168.99.1 255.255.255.0
- ip nat inside
- ip virtual-reassembly in
- zone-member security in-zone
- !
- interface Dialer1
- no ip address
- !
- ip forward-protocol nd
- ip http server
- ip http access-class 23
- ip http authentication local
- ip http secure-server
- ip http timeout-policy idle 60 life 86400 requests 10000
- !
- !
- ip nat inside source list 100 interface GigabitEthernet8 overload
- ip nat inside source static tcp 192.168.0.109 80 interface GigabitEthernet8 81
- ip nat inside source static tcp 192.168.0.13 499 interface GigabitEthernet8 499
- ip nat inside source static tcp 192.168.0.13 992 interface GigabitEthernet8 992
- ip nat inside source static tcp 192.168.0.13 1194 interface GigabitEthernet8 1194
- ip nat inside source static tcp 192.168.0.109 1433 interface GigabitEthernet8 1433
- ip nat inside source static tcp 192.168.0.12 554 interface GigabitEthernet8 5554
- ip nat inside source static tcp 192.168.0.13 5555 interface GigabitEthernet8 5555
- ip nat inside source static tcp 192.168.0.12 6200 interface GigabitEthernet8 6200
- ip nat inside source static tcp 192.168.0.220 80 interface GigabitEthernet8 7800
- ip nat inside source static tcp 192.168.0.27 80 interface GigabitEthernet8 8000
- ip nat inside source static tcp 192.168.0.11 8081 interface GigabitEthernet8 8081
- ip nat inside source static tcp 192.168.0.152 80 interface GigabitEthernet8 9800
- ip nat inside source static tcp 192.168.0.152 8081 interface GigabitEthernet8 9801
- ip nat inside source static tcp 192.168.0.152 8082 interface GigabitEthernet8 9802
- ip nat inside source static udp 192.168.0.13 500 interface GigabitEthernet8 500
- ip nat inside source static udp 192.168.0.13 1194 interface GigabitEthernet8 1194
- ip nat inside source static udp 192.168.0.13 4500 interface GigabitEthernet8 4500
- ip nat inside source static tcp 192.168.0.108 554 interface GigabitEthernet8 554
- ip nat inside source static udp 192.168.0.108 554 interface GigabitEthernet8 554
- ip nat inside source static udp 192.168.0.108 6666 interface GigabitEthernet8 6666
- ip nat inside source static tcp 192.168.0.108 7080 interface GigabitEthernet8 7080
- ip nat inside source static tcp 192.168.0.108 6666 interface GigabitEthernet8 6666
- ip nat inside source static udp 192.168.0.108 7080 interface GigabitEthernet8 7080
- ip nat inside source static udp 192.168.0.108 67 interface GigabitEthernet8 67
- ip nat inside source static tcp 192.168.0.108 67 interface GigabitEthernet8 67
- ip nat inside source static tcp 192.168.0.108 68 interface GigabitEthernet8 68
- ip nat inside source static udp 192.168.0.108 68 interface GigabitEthernet8 68
- ip nat inside source static udp 192.168.0.108 7443 interface GigabitEthernet8 7443
- ip nat inside source static udp 192.168.0.108 7444 interface GigabitEthernet8 7444
- ip nat inside source static udp 192.168.0.108 7445 interface GigabitEthernet8 7445
- ip nat inside source static udp 192.168.0.108 7446 interface GigabitEthernet8 7446
- ip nat inside source static udp 192.168.0.108 7447 interface GigabitEthernet8 7447
- ip nat inside source static tcp 192.168.0.108 7447 interface GigabitEthernet8 7447
- ip nat inside source static tcp 192.168.0.108 7446 interface GigabitEthernet8 7446
- ip nat inside source static tcp 192.168.0.108 7445 interface GigabitEthernet8 7445
- ip nat inside source static tcp 192.168.0.108 7444 interface GigabitEthernet8 7444
- ip nat inside source static tcp 192.168.0.108 7443 interface GigabitEthernet8 7443
- ip nat inside source static tcp 192.168.0.109 4930 interface GigabitEthernet8 4930
- ip nat inside source static udp 192.168.0.109 4930 interface GigabitEthernet8 4930
- ip nat inside source static tcp 192.168.0.109 1400 interface GigabitEthernet8 1400
- ip nat inside source static tcp 192.168.0.109 1401 interface GigabitEthernet8 1401
- ip nat inside source static tcp 192.168.0.109 1402 interface GigabitEthernet8 1402
- ip nat inside source static tcp 192.168.0.109 1403 interface GigabitEthernet8 1403
- ip nat inside source static tcp 192.168.0.109 1404 interface GigabitEthernet8 1404
- ip nat inside source static tcp 192.168.0.109 1405 interface GigabitEthernet8 1405
- ip nat inside source static tcp 192.168.0.109 1406 interface GigabitEthernet8 1406
- ip nat inside source static tcp 192.168.0.109 1407 interface GigabitEthernet8 1407
- ip nat inside source static tcp 192.168.0.109 1408 interface GigabitEthernet8 1408
- ip nat inside source static tcp 192.168.0.109 1409 interface GigabitEthernet8 1409
- ip nat inside source static tcp 192.168.0.109 1410 interface GigabitEthernet8 1410
- ip nat inside source static tcp 192.168.0.109 1411 interface GigabitEthernet8 1411
- ip nat inside source static tcp 192.168.0.109 1412 interface GigabitEthernet8 1412
- ip nat inside source static tcp 192.168.0.109 1413 interface GigabitEthernet8 1413
- ip nat inside source static tcp 192.168.0.109 1414 interface GigabitEthernet8 1414
- ip nat inside source static tcp 192.168.0.109 1415 interface GigabitEthernet8 1415
- ip nat inside source static tcp 192.168.0.109 1417 interface GigabitEthernet8 1417
- ip nat inside source static tcp 192.168.0.109 1416 interface GigabitEthernet8 1416
- ip nat inside source static tcp 192.168.0.109 1418 interface GigabitEthernet8 1418
- ip nat inside source static tcp 192.168.0.109 1419 interface GigabitEthernet8 1419
- ip nat inside source static tcp 192.168.0.109 1420 interface GigabitEthernet8 1420
- ip nat inside source static tcp 192.168.0.109 1421 interface GigabitEthernet8 1421
- ip nat inside source static tcp 192.168.0.109 1422 interface GigabitEthernet8 1422
- ip nat inside source static tcp 192.168.0.109 1423 interface GigabitEthernet8 1423
- ip nat inside source static tcp 192.168.0.109 1424 interface GigabitEthernet8 1424
- ip nat inside source static tcp 192.168.0.109 1425 interface GigabitEthernet8 1425
- ip nat inside source static tcp 192.168.0.109 1426 interface GigabitEthernet8 1426
- ip nat inside source static tcp 192.168.0.109 1427 interface GigabitEthernet8 1427
- ip nat inside source static tcp 192.168.0.109 1428 interface GigabitEthernet8 1428
- ip nat inside source static tcp 192.168.0.109 1429 interface GigabitEthernet8 1429
- ip nat inside source static tcp 192.168.0.109 1430 interface GigabitEthernet8 1430
- ip nat inside source static tcp 192.168.0.109 1431 interface GigabitEthernet8 1431
- ip nat inside source static tcp 192.168.0.109 1432 interface GigabitEthernet8 1432
- ip nat inside source static tcp 192.168.0.109 1435 interface GigabitEthernet8 1435
- ip nat inside source static tcp 192.168.0.109 1436 interface GigabitEthernet8 1436
- ip nat inside source static tcp 192.168.0.109 1437 interface GigabitEthernet8 1437
- ip nat inside source static tcp 192.168.0.109 1438 interface GigabitEthernet8 1438
- ip nat inside source static tcp 192.168.0.109 1439 interface GigabitEthernet8 1439
- ip nat inside source static tcp 192.168.0.109 1440 interface GigabitEthernet8 1440
- ip nat inside source static tcp 192.168.0.109 1441 interface GigabitEthernet8 1441
- ip nat inside source static tcp 192.168.0.109 1442 interface GigabitEthernet8 1442
- ip nat inside source static tcp 192.168.0.109 1443 interface GigabitEthernet8 1443
- ip nat inside source static tcp 192.168.0.109 1444 interface GigabitEthernet8 1444
- ip nat inside source static tcp 192.168.0.109 1445 interface GigabitEthernet8 1445
- ip nat inside source static tcp 192.168.0.109 1446 interface GigabitEthernet8 1446
- ip nat inside source static tcp 192.168.0.109 1447 interface GigabitEthernet8 1447
- ip nat inside source static tcp 192.168.0.109 1448 interface GigabitEthernet8 1448
- ip nat inside source static tcp 192.168.0.109 1449 interface GigabitEthernet8 1449
- ip nat inside source static tcp 192.168.0.109 1450 interface GigabitEthernet8 1450
- ip nat inside source static udp 192.168.0.109 1450 interface GigabitEthernet8 1450
- ip nat inside source static udp 192.168.0.109 1400 interface GigabitEthernet8 1400
- ip nat inside source static udp 192.168.0.109 1401 interface GigabitEthernet8 1401
- ip nat inside source static udp 192.168.0.109 1402 interface GigabitEthernet8 1402
- ip nat inside source static udp 192.168.0.109 1403 interface GigabitEthernet8 1403
- ip nat inside source static udp 192.168.0.109 1404 interface GigabitEthernet8 1404
- ip nat inside source static udp 192.168.0.109 1405 interface GigabitEthernet8 1405
- ip nat inside source static udp 192.168.0.109 1406 interface GigabitEthernet8 1406
- ip nat inside source static udp 192.168.0.109 1407 interface GigabitEthernet8 1407
- ip nat inside source static udp 192.168.0.109 1408 interface GigabitEthernet8 1408
- ip nat inside source static udp 192.168.0.109 1409 interface GigabitEthernet8 1409
- ip nat inside source static udp 192.168.0.109 1410 interface GigabitEthernet8 1410
- ip nat inside source static udp 192.168.0.109 1411 interface GigabitEthernet8 1411
- ip nat inside source static udp 192.168.0.109 1412 interface GigabitEthernet8 1412
- ip nat inside source static udp 192.168.0.109 1413 interface GigabitEthernet8 1413
- ip nat inside source static udp 192.168.0.109 1414 interface GigabitEthernet8 1414
- ip nat inside source static udp 192.168.0.109 1415 interface GigabitEthernet8 1415
- ip nat inside source static udp 192.168.0.109 1416 interface GigabitEthernet8 1416
- ip nat inside source static udp 192.168.0.109 1417 interface GigabitEthernet8 1417
- ip nat inside source static udp 192.168.0.109 1418 interface GigabitEthernet8 1418
- ip nat inside source static udp 192.168.0.109 1419 interface GigabitEthernet8 1419
- ip nat inside source static udp 192.168.0.109 1420 interface GigabitEthernet8 1420
- ip nat inside source static udp 192.168.0.109 1421 interface GigabitEthernet8 1421
- ip nat inside source static udp 192.168.0.109 1422 interface GigabitEthernet8 1422
- ip nat inside source static udp 192.168.0.109 1423 interface GigabitEthernet8 1423
- ip nat inside source static udp 192.168.0.109 1424 interface GigabitEthernet8 1424
- ip nat inside source static udp 192.168.0.109 1425 interface GigabitEthernet8 1425
- ip nat inside source static udp 192.168.0.109 1426 interface GigabitEthernet8 1426
- ip nat inside source static udp 192.168.0.109 1427 interface GigabitEthernet8 1427
- ip nat inside source static udp 192.168.0.109 1428 interface GigabitEthernet8 1428
- ip nat inside source static udp 192.168.0.109 1429 interface GigabitEthernet8 1429
- ip nat inside source static udp 192.168.0.109 1430 interface GigabitEthernet8 1430
- ip nat inside source static udp 192.168.0.109 1431 interface GigabitEthernet8 1431
- ip nat inside source static udp 192.168.0.109 1432 interface GigabitEthernet8 1432
- ip nat inside source static udp 192.168.0.109 1433 interface GigabitEthernet8 1433
- ip nat inside source static udp 192.168.0.109 1434 interface GigabitEthernet8 1434
- ip nat inside source static udp 192.168.0.109 1435 interface GigabitEthernet8 1435
- ip nat inside source static udp 192.168.0.109 1436 interface GigabitEthernet8 1436
- ip nat inside source static udp 192.168.0.109 1437 interface GigabitEthernet8 1437
- ip nat inside source static udp 192.168.0.109 1438 interface GigabitEthernet8 1438
- ip nat inside source static udp 192.168.0.109 1439 interface GigabitEthernet8 1439
- ip nat inside source static udp 192.168.0.109 1440 interface GigabitEthernet8 1440
- ip nat inside source static udp 192.168.0.109 1441 interface GigabitEthernet8 1442
- ip nat inside source static udp 192.168.0.109 1443 interface GigabitEthernet8 1443
- ip nat inside source static udp 192.168.0.109 1444 interface GigabitEthernet8 1444
- ip nat inside source static udp 192.168.0.109 1445 interface GigabitEthernet8 1445
- ip nat inside source static udp 192.168.0.109 1446 interface GigabitEthernet8 1446
- ip nat inside source static udp 192.168.0.109 1447 interface GigabitEthernet8 1447
- ip nat inside source static udp 192.168.0.109 1448 interface GigabitEthernet8 1448
- ip nat inside source static udp 192.168.0.109 1449 interface GigabitEthernet8 1449
- ip nat inside source static tcp 192.168.1.1 443 EXTERNALIP x.x.x.x 4443 extendable
- ip nat inside source static tcp 192.168.6.10 443 EXTERNALIP x.x.x.x 4449 extendable
- ip nat inside source static tcp 192.168.6.10 83 192.168.10.86 83 extendable
- ip nat inside source static tcp 192.168.6.10 443 192.168.10.86 443 extendable
- ip nat inside source static tcp 192.168.6.10 81 192.168.10.86 8989 extendable
- ip route 0.0.0.0 0.0.0.0 ISP IP x.x.x.x
- ip route 185.46.211.0 255.255.255.0 GigabitEthernet8 permanent
- ip route 192.168.0.0 255.255.255.0 Vlan10 permanent
- ip route 192.168.5.0 255.255.255.0 Vlan13
- ip route 192.168.6.0 255.255.255.248 Vlan11 permanent
- ip route 192.168.6.8 255.255.255.248 Vlan12 permanent
- ip route 192.168.99.0 255.255.255.248 Vlan99 permanent
- !
- ip access-list extended All
- remark CCP_ACL Category=128
- permit ip any any
- ip access-list extended Arcserve
- remark CCP_ACL Category=128
- permit ip host 192.168.0.234 any
- ip access-list extended Arcserve-DMZ-Backup
- remark CCP_ACL Category=128
- permit ip host 192.168.6.10 host 192.168.0.234
- ip access-list extended Arcserve-Server-to-DMZ
- remark CCP_ACL Category=128
- permit ip host 192.168.0.234 host 192.168.6.10
- ip access-list extended DNS-Lookups
- remark CCP_ACL Category=128
- permit ip host 192.168.6.10 any
- ip access-list extended InboundServices
- remark CCP_ACL Category=1
- permit udp host 8.8.8.8 eq domain any
- permit udp host 8.8.4.4 eq domain any
- permit udp host 87.117.237.100 eq domain any
- remark HTTPS
- permit ip any any log
- ip access-list extended Permit-LANInternet
- remark CCP_ACL Category=128
- permit ip any any
- ip access-list extended Permit_Temp
- remark CCP_ACL Category=128
- permit ip any host 192.168.0.109
- ip access-list extended RDP-to-DMZ
- remark CCP_ACL Category=128
- permit ip 192.168.0.0 0.0.255.255 any
- ip access-list extended SDM_ESP
- remark CCP_ACL Category=1
- permit esp any any
- ip access-list extended SDM_WEBVPN
- remark CCP_ACL Category=1
- permit tcp any any eq 443
- ip access-list extended SMTP
- remark CCP_ACL Category=128
- permit ip host 192.168.6.10 any
- ip access-list extended SQL
- remark CCP_ACL Category=128
- permit ip host 192.168.6.10 host 192.168.0.29
- ip access-list extended TCP83
- remark CCP_ACL Category=128
- permit ip any host 192.168.6.10
- ip access-list extended WebOUT
- remark CCP_ACL Category=1
- permit ip any any log
- ip access-list extended Web_Traffic_IN
- remark Permitting-Web-TrafficInbound
- remark CCP_ACL Category=1
- permit tcp any any eq www log
- ip access-list extended dmz-traffic
- remark CCP_ACL Category=1
- permit tcp any host 192.168.6.10 eq www log
- remark HTTPS
- permit tcp any any log
- remark AccessACloud
- permit ip host 192.168.6.10 host 212.54.130.138
- remark GooglePubDns
- permit ip host 192.168.6.10 host 8.8.4.4
- permit tcp any any eq www
- remark Permit-All-for SQL
- permit ip any any log
- ip access-list extended webout
- remark CCP_ACL Category=128
- permit ip host 192.168.6.10 any
- permit ip host 82.163.247.156 any
- permit ip host 185.46.211.197 any
- permit ip host 192.168.0.9 any
- !
- logging trap notifications
- !
- access-list 100 remark CCP_ACL Category=130
- access-list 100 permit ip 127.0.0.0 0.255.255.255 any
- access-list 100 permit ip 185.46.211.0 0.0.0.255 any
- access-list 100 permit ip host 255.255.255.255 any
- access-list 100 permit ip 192.168.6.8 0.0.0.7 any
- access-list 100 permit ip 192.168.6.0 0.0.0.7 any
- access-list 100 remark DMZ-TCP
- access-list 100 permit tcp host 192.168.6.10 any log
- access-list 100 remark DMZ-UDP
- access-list 100 permit udp host 192.168.6.10 any log
- access-list 100 permit ip any any
- access-list 101 remark CCP_ACL Category=0
- access-list 101 permit ip any host 192.168.6.2
- access-list 102 remark CCP_ACL Category=0
- access-list 102 permit ip any host 192.168.0.109
- access-list 103 remark CCP_ACL Category=0
- access-list 103 permit ip any host 192.168.0.13
- access-list 104 remark CCP_ACL Category=0
- access-list 104 permit ip any host 192.168.0.12
- access-list 105 remark CCP_ACL Category=0
- access-list 105 permit ip any host 192.168.0.220
- access-list 106 remark CCP_ACL Category=0
- access-list 106 permit ip any host 192.168.0.27
- access-list 107 remark CCP_ACL Category=0
- access-list 107 permit ip any host 192.168.0.11
- access-list 108 remark CCP_ACL Category=0
- access-list 108 permit ip any host 192.168.0.152
- access-list 109 remark CCP_ACL Category=128
- access-list 109 permit ip any host EXTERNALIP x.x.x.x
- access-list 199 remark NATOutbound
- access-list 199 remark CCP_ACL Category=2
- access-list 199 permit ip any any log
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement