Advertisement
Guest User

Untitled

a guest
Nov 11th, 2016
21
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 41.62 KB | None | 0 0
  1.  
  2.  
  3. ip port-map user-protocol8 port tcp from 1435 to 1450
  4. ip port-map user-protocol9 port udp from 1400 to 1433
  5. ip port-map user-protocol--2 port tcp 1194
  6. ip port-map user-protocol--3 port tcp 1434
  7. ip port-map user-protocol--1 port tcp 499
  8. ip port-map user-protocol--6 port tcp 8082
  9. ip port-map user-protocol7 port tcp from 1400 to 1432
  10. ip port-map user-protocol--4 port tcp 5555
  11. ip port-map user-67-68 port tcp from 67 to 68
  12. ip port-map user-protocol--5 port tcp 8081
  13. ip port-map user-CCTV-Viewer port tcp 7800
  14. ip port-map user-protocol10 port udp from 1435 to 1450
  15. ip port-map user-4930 port tcp 4930
  16. ip port-map user-7080 port tcp 7080
  17. ip port-map user-8000 port tcp 8000
  18. ip port-map user-81 port tcp 81
  19. ip port-map user-74437447 port tcp from 7443 to 7447
  20. ip port-map user-9801 port tcp 9801
  21. ip port-map user-5554 port tcp 5554
  22. ip port-map user-9800 port tcp 9800
  23. ip port-map user-9802 port tcp 9802
  24. ip port-map user-tcp-587 port tcp 587 description SMTP-Relay
  25. ip port-map user-udp7080 port udp 7080
  26. ip port-map user-udp4930 port udp 4930
  27. ip port-map user-tcp-5000-5049 port tcp from 5000 to 5049 description Arcserve GDD
  28. ip port-map user-udp74437447 port udp from 7443 to 7447
  29. ip port-map user-tcp-5051-5060 port tcp from 5051 to 5059 description Arcserve GDD-2
  30. ip port-map user-tcp-8989 port tcp 8989
  31. ip port-map user-tcp-4449 port tcp 4449 description user-tcp-4449
  32. ip port-map user-tcp-8014 port tcp 8014 description Data-Transfer-ArcServe
  33. ip port-map user-tcp-83 port tcp 83
  34. !
  35. ip dhcp excluded-address 192.168.5.1
  36. ip dhcp excluded-address 192.168.5.2
  37. ip dhcp excluded-address 192.168.5.3
  38. ip dhcp excluded-address 192.168.5.4
  39. ip dhcp excluded-address 192.168.5.5
  40. ip dhcp excluded-address 192.168.5.6
  41. ip dhcp excluded-address 192.168.5.7
  42. ip dhcp excluded-address 192.168.5.8
  43. ip dhcp excluded-address 192.168.5.9
  44. !
  45. ip dhcp pool Wifi-VLAN13
  46. import all
  47. network 192.168.5.0 255.255.255.0
  48. dns-server 8.8.4.4 8.8.8.8
  49. default-router 192.168.5.1
  50. !
  51. !
  52. !
  53. ip domain name xxxxx.co.uk
  54. ip name-server 87.117.237.100
  55. ip name-server 8.8.4.4
  56. ip name-server 8.8.8.8
  57. ip cef
  58. no ipv6 cef
  59. !
  60. parameter-map type protocol-info yahoo-servers
  61. server name scs.msg.yahoo.com
  62. server name scsa.msg.yahoo.com
  63. server name scsb.msg.yahoo.com
  64. server name scsc.msg.yahoo.com
  65. server name scsd.msg.yahoo.com
  66. server name cs16.msg.dcn.yahoo.com
  67. server name cs19.msg.dcn.yahoo.com
  68. server name cs42.msg.dcn.yahoo.com
  69. server name cs53.msg.dcn.yahoo.com
  70. server name cs54.msg.dcn.yahoo.com
  71. server name ads1.vip.scd.yahoo.com
  72. server name radio1.launch.vip.dal.yahoo.com
  73. server name in1.msg.vip.re2.yahoo.com
  74. server name data1.my.vip.sc5.yahoo.com
  75. server name address1.pim.vip.mud.yahoo.com
  76. server name edit.messenger.yahoo.com
  77. server name messenger.yahoo.com
  78. server name http.pager.yahoo.com
  79. server name privacy.yahoo.com
  80. server name csa.yahoo.com
  81. server name csb.yahoo.com
  82. server name csc.yahoo.com
  83.  
  84. parameter-map type protocol-info msn-servers
  85. server name messenger.hotmail.com
  86. server name gateway.messenger.hotmail.com
  87. server name webmessenger.msn.com
  88.  
  89. parameter-map type protocol-info aol-servers
  90. server name login.oscar.aol.com
  91. server name toc.oscar.aol.com
  92. server name oam-d09a.blue.aol.com
  93.  
  94. !
  95. !
  96. !
  97. !
  98. multilink bundle-name authenticated
  99. !
  100. !
  101. !
  102. !
  103.  
  104. controller VDSL 0
  105. operating mode adsl2
  106. no cdp run
  107. !
  108. no ip ftp passive
  109. !
  110. class-map type inspect match-any SDM_BOOTPC
  111. match access-group name SDM_BOOTPC
  112. class-map type inspect match-all sdm-nat-http-4
  113. match access-group 108
  114. match protocol http
  115. class-map type inspect match-all sdm-nat-user-protocol--6-1
  116. match access-group 108
  117. match protocol user-protocol--6
  118. class-map type inspect match-all sdm-nat-user-protocol--5-2
  119. match access-group 108
  120. match protocol user-protocol--5
  121. class-map type inspect match-all sdm-nat-user-protocol--5-1
  122. match access-group 107
  123. match protocol user-protocol--5
  124. class-map type inspect match-all sdm-nat-user-protocol--4-1
  125. match access-group 103
  126. match protocol user-protocol--4
  127. class-map type inspect match-all sdm-nat-user-protocol--3-1
  128. match access-group 102
  129. match protocol user-protocol--3
  130. class-map type inspect imap match-any ccp-app-imap
  131. match invalid-command
  132. class-map type inspect match-all sdm-nat-user-protocol--2-1
  133. match access-group name dmz-traffic
  134. match protocol http
  135. class-map type inspect match-all sdm-nat-http-1
  136. match access-group 102
  137. match protocol http
  138. class-map type inspect match-all sdm-nat-user-protocol--1-2
  139. match access-group 103
  140. match protocol user-protocol--1
  141. class-map type inspect match-all sdm-nat-user-protocol--1-1
  142. match access-group name dmz-traffic
  143. match protocol https
  144. class-map type inspect match-all sdm-nat-user-protocol--2-2
  145. match access-group 103
  146. match protocol user-protocol--2
  147. class-map type inspect match-all sdm-nat-http-2
  148. match access-group 105
  149. match protocol http
  150. class-map type inspect match-all sdm-nat-http-3
  151. match access-group 106
  152. match protocol http
  153. class-map type inspect match-all CCP_SSLVPN
  154. match access-group 199
  155. class-map type inspect match-any SDM_AH
  156. match access-group name SDM_AH
  157. class-map type inspect match-any ccp-skinny-inspect
  158. match protocol skinny
  159. class-map type inspect match-all ccp-cls-ccp-permit-icmpreply-1
  160. match access-group name OutboundInternet
  161. class-map type inspect match-any sdm-cls-bootps
  162. match protocol bootps
  163. class-map type inspect match-all ccp-cls--2
  164. match access-group name Permit-LANInternet
  165. class-map type inspect match-all sdm-nat-rtsp-1
  166. match access-group 104
  167. match protocol rtsp
  168. class-map type inspect match-any sdm-service-sdm-pol-NATOutsideToInside-1
  169. match protocol https
  170. match protocol http
  171. match protocol ms-sql
  172. match protocol user-protocol10
  173. match protocol user-protocol7
  174. match protocol user-protocol8
  175. match protocol user-protocol9
  176. match protocol user-CCTV-Viewer
  177. match protocol user-9800
  178. match protocol user-9801
  179. match protocol user-9802
  180. class-map type inspect match-any SDM_WEBVPN
  181. match access-group name SDM_WEBVPN
  182. class-map type inspect match-any SMTP27
  183. match protocol smtp
  184. class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
  185. match service any
  186. class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
  187. match service any
  188. class-map type inspect match-any Arcserve
  189. match protocol ymsgr
  190. match protocol msrpc
  191. match protocol netbios-ns
  192. match protocol sip
  193. match protocol user-tcp-5000-5049
  194. match protocol user-tcp-5051-5060
  195. match protocol user-tcp-8014
  196. class-map type inspect match-any ccp-h323nxg-inspect
  197. match protocol h323-nxg
  198. class-map type inspect match-any ccp-cls-icmp-access
  199. match protocol icmp
  200. match protocol tcp
  201. match protocol udp
  202. class-map type inspect match-any ccp-cls-protocol-im
  203. match protocol ymsgr yahoo-servers
  204. match protocol msnmsgr msn-servers
  205. match protocol aol aol-servers
  206. class-map type inspect aol match-any ccp-app-aol-otherservices
  207. match service any
  208. class-map type inspect match-all ccp-protocol-pop3
  209. match protocol pop3
  210. class-map type inspect match-any ccp-h225ras-inspect
  211. match protocol h225ras
  212. class-map type inspect match-all ccp-cls-ccp-inspect-1
  213. match access-group name All
  214. class-map type inspect match-any SDM_ESP
  215. match access-group name SDM_ESP
  216. class-map type inspect match-any ccp-h323annexe-inspect
  217. match protocol h323-annexe
  218. class-map type inspect match-any SQL-Access
  219. match protocol ms-sql-m
  220. match protocol ms-sql
  221. match protocol user-protocol--2
  222. match protocol user-protocol--3
  223. match protocol user-protocol10
  224. match protocol user-protocol7
  225. match protocol user-protocol8
  226. match protocol user-protocol9
  227. match protocol tcp
  228. match protocol udp
  229. class-map type inspect match-any ccp-cls-insp-traffic
  230. match protocol dns
  231. match protocol ftp
  232. match protocol https
  233. match protocol icmp
  234. match protocol imap
  235. match protocol pop3
  236. match protocol netshow
  237. match protocol shell
  238. match protocol realmedia
  239. match protocol rtsp
  240. match protocol smtp
  241. match protocol sql-net
  242. match protocol streamworks
  243. match protocol tftp
  244. match protocol vdolive
  245. match protocol tcp
  246. match protocol udp
  247. class-map type inspect match-any TCP83
  248. match protocol user-tcp-83
  249. match protocol https
  250. class-map type inspect pop3 match-any ccp-app-pop3
  251. match invalid-command
  252. class-map type inspect match-any SQL
  253. match protocol user-4930
  254. match protocol user-udp4930
  255. match protocol user-protocol9
  256. match protocol user-protocol8
  257. match protocol user-protocol7
  258. match protocol user-protocol10
  259. match protocol user-protocol--3
  260. match protocol http
  261. match protocol ms-sql
  262. match protocol ms-sql-m
  263. class-map type inspect match-any DNS
  264. match protocol dns
  265. match protocol https
  266. match protocol http
  267. match protocol icmp
  268. match protocol smtp
  269. match protocol user-tcp-587
  270. class-map type inspect match-any SQL-Access-1
  271. match protocol ms-sql-m
  272. match protocol ms-sql
  273. match protocol icmp
  274. class-map type inspect match-any ccp-h323-inspect
  275. match protocol h323
  276. class-map type inspect ymsgr match-any ccp-app-yahoo
  277. match service text-chat
  278. class-map type inspect msnmsgr match-any ccp-app-msn
  279. match service text-chat
  280. class-map type inspect match-all ccp-invalid-src
  281. match access-group 100
  282. class-map type inspect match-all sdm-nat-x11-1
  283. match access-group 104
  284. match protocol x11
  285. class-map type inspect http match-any ccp-app-httpmethods
  286. match request method bcopy
  287. match request method bdelete
  288. match request method bmove
  289. match request method bpropfind
  290. match request method bproppatch
  291. match request method connect
  292. match request method copy
  293. match request method delete
  294. match request method edit
  295. match request method getattribute
  296. match request method getattributenames
  297. match request method getproperties
  298. match request method index
  299. match request method lock
  300. match request method mkcol
  301. match request method mkdir
  302. match request method move
  303. match request method notify
  304. match request method options
  305. match request method poll
  306. match request method propfind
  307. match request method proppatch
  308. match request method put
  309. match request method revadd
  310. match request method revlabel
  311. match request method revlog
  312. match request method revnum
  313. match request method save
  314. match request method search
  315. match request method setattribute
  316. match request method startrev
  317. match request method stoprev
  318. match request method subscribe
  319. match request method trace
  320. match request method unedit
  321. match request method unlock
  322. match request method unsubscribe
  323. class-map type inspect match-any ccp-dmz-protocols
  324. match protocol http
  325. class-map type inspect match-any tcp
  326. match protocol tcp
  327. class-map type inspect match-any Arcserve-Server-to-DMZ
  328. match protocol ymsgr
  329. match protocol user-tcp-8014
  330. match protocol user-tcp-5051-5060
  331. match protocol user-tcp-5000-5049
  332. match protocol sip
  333. match protocol netbios-ns
  334. match protocol msrpc
  335. match protocol netbios-dgm
  336. match protocol netbios-ssn
  337. match protocol tcp
  338. match protocol udp
  339. class-map type inspect match-any https
  340. match protocol https
  341. match protocol http
  342. match protocol icmp
  343. match protocol dns
  344. class-map type inspect match-any ccp-sip-inspect
  345. match protocol sip
  346. class-map type inspect match-all sdm-nat-telnets-1
  347. match access-group 103
  348. match protocol telnets
  349. class-map type inspect http match-any ccp-http-blockparam
  350. match request port-misuse im
  351. match request port-misuse p2p
  352. match req-resp protocol-violation
  353. class-map type inspect match-any sdm-service-ccp-permit-dmzservice-3
  354. match protocol rtsp
  355. match protocol user-5554
  356. class-map type inspect match-any aaweb
  357. match protocol http
  358. match protocol https
  359. class-map type inspect match-any sdm-service-ccp-permit-dmzservice-2
  360. match protocol user-protocol--1
  361. match protocol ipsec-msft
  362. match protocol isakmp
  363. class-map type inspect match-any sdm-service-ccp-permit-dmzservice-1
  364. match protocol ms-sql
  365. match protocol user-protocol9
  366. match protocol user-protocol7
  367. match protocol user-protocol8
  368. match protocol user-protocol10
  369. class-map type inspect match-all ccp-protocol-imap
  370. match protocol imap
  371. class-map type inspect aol match-any ccp-app-aol
  372. match service text-chat
  373. class-map type inspect match-any ArcServer-Backup
  374. match protocol ymsgr
  375. match protocol sip
  376. match protocol msrpc
  377. match protocol netbios-ns
  378. match protocol user-tcp-8014
  379. match protocol user-tcp-5000-5049
  380. match protocol user-tcp-5051-5060
  381. match protocol microsoft-ds
  382. match protocol netbios-ssn
  383. match protocol netbios-dgm
  384. match protocol tcp
  385. match protocol udp
  386. class-map type inspect match-all ccp-protocol-http
  387. match protocol http
  388. class-map type inspect http match-any ccp-http-allowparam
  389. match request port-misuse tunneling
  390. class-map type inspect match-all sdm-nat-http-5
  391. match access-group 105
  392. match class-map sdm-service-sdm-pol-NATOutsideToInside-1
  393. class-map type inspect match-all sdm-nat-http-6
  394. match access-group 108
  395. match class-map sdm-service-sdm-pol-NATOutsideToInside-1
  396. class-map type inspect match-all sdm-nat-user-protocol--1-3
  397. match access-group 103
  398. match class-map sdm-service-ccp-permit-dmzservice-2
  399. class-map type inspect match-any SDM_DHCP_CLIENT_PT
  400. match class-map SDM_BOOTPC
  401. class-map type inspect match-all ccp-cls-sdm-pol-NATOutsideToInside-1-1
  402. match access-group name Permit_Temp
  403. match class-map SQL
  404. class-map type inspect match-all SDM_WEBVPN_TRAFFIC
  405. match class-map SDM_WEBVPN
  406. match access-group 109
  407. class-map type inspect match-all ccp-cls--1
  408. match class-map SQL-Access
  409. match access-group name SQL
  410. class-map type inspect match-all ccp-cls--3
  411. match class-map SQL-Access-1
  412. match access-group name SQL
  413. class-map type inspect match-all ccp-cls--4
  414. match access-group name webout
  415. match class-map aaweb
  416. class-map type inspect match-all ccp-insp-traffic
  417. match class-map ccp-cls-insp-traffic
  418. class-map type inspect match-all sdm-nat-rtsp-2
  419. match access-group 104
  420. match class-map sdm-service-ccp-permit-dmzservice-3
  421. class-map type inspect match-all ccp-cls-ccp-inspect-2
  422. match class-map Arcserve
  423. match access-group name Arcserve
  424. class-map type inspect match-all sdm-nat-ms-sql-1
  425. match access-group 102
  426. match class-map sdm-service-sdm-pol-NATOutsideToInside-1
  427. class-map type inspect match-all sdm-nat-ms-sql-2
  428. match access-group 102
  429. match class-map sdm-service-ccp-permit-dmzservice-1
  430. class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
  431. match protocol isakmp
  432. match protocol ipsec-msft
  433. match class-map SDM_AH
  434. match class-map SDM_ESP
  435. class-map type inspect match-all ccp-protocol-im
  436. match class-map ccp-cls-protocol-im
  437. class-map type inspect match-all ccp-icmp-access
  438. match class-map ccp-cls-icmp-access
  439. class-map type inspect match-all ccp-dmz-traffic
  440. match access-group name dmz-traffic
  441. match class-map ccp-dmz-protocols
  442. class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--1-1
  443. match class-map SMTP27
  444. match access-group name SMTP
  445. class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--1-2
  446. match class-map ArcServer-Backup
  447. match access-group name Arcserve-DMZ-Backup
  448. class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--4-1
  449. match class-map DNS
  450. match access-group name DNS-Lookups
  451. class-map type inspect match-all sdm-nat-https-1
  452. match access-group name dmz-traffic
  453. match class-map sdm-service-sdm-pol-NATOutsideToInside-1
  454. class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-1
  455. match class-map tcp
  456. match access-group name RDP-to-DMZ
  457. class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-2
  458. match class-map TCP83
  459. match access-group name TCP83
  460. class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-3
  461. match class-map Arcserve-Server-to-DMZ
  462. match access-group name Arcserve-Server-to-DMZ
  463. class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
  464. match class-map SDM_EASY_VPN_SERVER_TRAFFIC
  465. !
  466. policy-map type inspect im ccp-action-app-im
  467. class type inspect aol ccp-app-aol
  468. log
  469. allow
  470. class type inspect msnmsgr ccp-app-msn
  471. log
  472. allow
  473. class type inspect ymsgr ccp-app-yahoo
  474. log
  475. allow
  476. class type inspect aol ccp-app-aol-otherservices
  477. log
  478. reset
  479. class type inspect msnmsgr ccp-app-msn-otherservices
  480. log
  481. reset
  482. class type inspect ymsgr ccp-app-yahoo-otherservices
  483. log
  484. reset
  485. policy-map type inspect pop3 ccp-action-pop3
  486. class type inspect pop3 ccp-app-pop3
  487. log
  488. policy-map type inspect imap ccp-action-imap
  489. class type inspect imap ccp-app-imap
  490. log
  491. policy-map type inspect http ccp-action-app-http
  492. class type inspect http ccp-http-blockparam
  493. log
  494. reset
  495. class type inspect http ccp-app-httpmethods
  496. log
  497. reset
  498. class type inspect http ccp-http-allowparam
  499. log
  500. allow
  501. policy-map type inspect ccp-inspect
  502. class type inspect ccp-cls-ccp-inspect-2
  503. inspect
  504. class type inspect ccp-invalid-src
  505. inspect
  506. class type inspect ccp-protocol-http
  507. inspect
  508. service-policy http ccp-action-app-http
  509. class type inspect ccp-protocol-imap
  510. inspect
  511. service-policy imap ccp-action-imap
  512. class type inspect ccp-protocol-pop3
  513. inspect
  514. service-policy pop3 ccp-action-pop3
  515. class type inspect ccp-protocol-im
  516. inspect
  517. service-policy im ccp-action-app-im
  518. class type inspect ccp-insp-traffic
  519. inspect
  520. class type inspect ccp-sip-inspect
  521. inspect
  522. class type inspect ccp-h323-inspect
  523. inspect
  524. class type inspect ccp-h323annexe-inspect
  525. inspect
  526. class type inspect ccp-h225ras-inspect
  527. inspect
  528. class type inspect ccp-h323nxg-inspect
  529. inspect
  530. class type inspect ccp-skinny-inspect
  531. inspect
  532. class class-default
  533. drop
  534. policy-map type inspect ccp-policy-ccp-cls--4
  535. class type inspect ccp-cls-ccp-policy-ccp-cls--4-1
  536. inspect
  537. class type inspect ccp-cls--4
  538. pass
  539. class class-default
  540. drop
  541. policy-map type inspect ccp-policy-ccp-cls--1
  542. class type inspect ccp-cls-ccp-policy-ccp-cls--1-2
  543. inspect
  544. class type inspect ccp-cls-ccp-policy-ccp-cls--1-1
  545. pass
  546. class type inspect ccp-cls--1
  547. inspect
  548. class class-default
  549. drop
  550. policy-map type inspect ccp-permit-dmzservice
  551. class type inspect ccp-cls-ccp-permit-dmzservice-3
  552. inspect
  553. class type inspect ccp-cls-ccp-permit-dmzservice-2
  554. inspect
  555. class type inspect ccp-cls-ccp-permit-dmzservice-1
  556. inspect
  557. class type inspect ccp-dmz-traffic
  558. inspect
  559. class type inspect sdm-nat-user-protocol--2-1
  560. inspect
  561. class type inspect sdm-nat-http-1
  562. inspect
  563. class type inspect sdm-nat-user-protocol--1-3
  564. inspect
  565. class type inspect sdm-nat-telnets-1
  566. inspect
  567. class type inspect sdm-nat-user-protocol--2-2
  568. inspect
  569. class type inspect sdm-nat-ms-sql-2
  570. inspect
  571. class type inspect sdm-nat-user-protocol--3-1
  572. inspect
  573. class type inspect sdm-nat-rtsp-2
  574. inspect
  575. class type inspect sdm-nat-user-protocol--4-1
  576. inspect
  577. class type inspect sdm-nat-x11-1
  578. inspect
  579. class type inspect sdm-nat-http-2
  580. inspect
  581. class type inspect sdm-nat-http-3
  582. inspect
  583. class type inspect sdm-nat-user-protocol--5-1
  584. inspect
  585. class type inspect sdm-nat-http-4
  586. inspect
  587. class type inspect sdm-nat-user-protocol--5-2
  588. inspect
  589. class type inspect sdm-nat-user-protocol--6-1
  590. inspect
  591. class class-default
  592. drop
  593. policy-map type inspect sdm-pol-NATOutsideToInside-1
  594. class type inspect ccp-cls-sdm-pol-NATOutsideToInside-1-1
  595. inspect
  596. class type inspect sdm-nat-https-1
  597. inspect
  598. class type inspect sdm-nat-user-protocol--1-1
  599. inspect
  600. class type inspect sdm-nat-user-protocol--2-1
  601. inspect
  602. class type inspect sdm-nat-http-1
  603. inspect
  604. class type inspect sdm-nat-user-protocol--1-2
  605. inspect
  606. class type inspect sdm-nat-telnets-1
  607. inspect
  608. class type inspect sdm-nat-user-protocol--2-2
  609. inspect
  610. class type inspect sdm-nat-ms-sql-1
  611. inspect
  612. class type inspect sdm-nat-user-protocol--3-1
  613. inspect
  614. class type inspect sdm-nat-rtsp-1
  615. inspect
  616. class type inspect sdm-nat-user-protocol--4-1
  617. inspect
  618. class type inspect sdm-nat-x11-1
  619. inspect
  620. class type inspect sdm-nat-http-5
  621. inspect
  622. class type inspect sdm-nat-http-3
  623. inspect
  624. class type inspect sdm-nat-user-protocol--5-1
  625. inspect
  626. class type inspect sdm-nat-http-6
  627. inspect
  628. class type inspect sdm-nat-user-protocol--5-2
  629. inspect
  630. class type inspect sdm-nat-user-protocol--6-1
  631. inspect
  632. class class-default
  633. drop
  634. policy-map type inspect ccp-permit
  635. class type inspect SDM_WEBVPN_TRAFFIC
  636. inspect
  637. class type inspect ccp-sip-inspect
  638. inspect
  639. class type inspect ccp-h323-inspect
  640. inspect
  641. class type inspect ccp-h323annexe-inspect
  642. inspect
  643. class type inspect ccp-h225ras-inspect
  644. inspect
  645. class type inspect ccp-h323nxg-inspect
  646. inspect
  647. class type inspect ccp-skinny-inspect
  648. inspect
  649. class class-default
  650. drop
  651. policy-map type inspect ccp-sslvpn-pol
  652. class type inspect CCP_SSLVPN
  653. pass
  654. class class-default
  655. drop
  656. policy-map type inspect ccp-permit-icmpreply
  657. class type inspect ccp-icmp-access
  658. inspect
  659. class type inspect ccp-sip-inspect
  660. inspect
  661. class type inspect ccp-h323-inspect
  662. inspect
  663. class type inspect ccp-h323annexe-inspect
  664. inspect
  665. class type inspect ccp-h225ras-inspect
  666. inspect
  667. class type inspect ccp-h323nxg-inspect
  668. inspect
  669. class type inspect ccp-skinny-inspect
  670. inspect
  671. class class-default
  672. pass
  673. !
  674. zone security in-zone
  675. zone security out-zone
  676. zone security dmz-zone
  677. zone security sslvpn-zone
  678. zone-pair security ccp-zp-self-out source self destination out-zone
  679. service-policy type inspect ccp-permit-icmpreply
  680. zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
  681. service-policy type inspect sdm-pol-NATOutsideToInside-1
  682. zone-pair security ccp-zp-in-out source in-zone destination out-zone
  683. service-policy type inspect ccp-inspect
  684. zone-pair security ccp-zp-out-self source out-zone destination self
  685. service-policy type inspect ccp-permit
  686. zone-pair security ccp-zp-in-dmz source in-zone destination dmz-zone
  687. service-policy type inspect ccp-permit-dmzservice
  688. zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone
  689. service-policy type inspect ccp-permit-dmzservice
  690. zone-pair security zp-out-zone-sslvpn-zone source out-zone destination sslvpn-zone
  691. service-policy type inspect ccp-sslvpn-pol
  692. zone-pair security zp-in-zone-sslvpn-zone source in-zone destination sslvpn-zone
  693. service-policy type inspect ccp-sslvpn-pol
  694. zone-pair security zp-sslvpn-zone-in-zone source sslvpn-zone destination in-zone
  695. service-policy type inspect ccp-sslvpn-pol
  696. zone-pair security zp-sslvpn-zone-out-zone source sslvpn-zone destination out-zone
  697. service-policy type inspect ccp-sslvpn-pol
  698. zone-pair security sdm-zp-dmz-zone-in-zone source dmz-zone destination in-zone
  699. service-policy type inspect ccp-policy-ccp-cls--1
  700. zone-pair security sdm-zp-dmz-zone-out-zone source dmz-zone destination out-zone
  701. service-policy type inspect ccp-policy-ccp-cls--4
  702. !
  703. !
  704. crypto isakmp policy 1
  705. encr 3des
  706. authentication pre-share
  707. group 2
  708. !
  709. crypto isakmp client configuration group jba
  710. key KEY##
  711. dns 192.168.0.8 192.168.0.10
  712. domain xxxxx.co.uk
  713. pool SDM_POOL_1
  714. netmask 255.255.255.0
  715. crypto isakmp profile ciscocp-ike-profile-1
  716. match identity group jba
  717. client authentication list ciscocp_vpn_xauth_ml_1
  718. isakmp authorization list ciscocp_vpn_group_ml_1
  719. client configuration address respond
  720. virtual-template 1
  721. !
  722. !
  723. crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  724. mode tunnel
  725. !
  726. crypto ipsec profile CiscoCP_Profile1
  727. set transform-set ESP-3DES-SHA
  728. set isakmp-profile ciscocp-ike-profile-1
  729. !
  730. !
  731. !
  732. !
  733. !
  734. !
  735. !
  736. !
  737. interface Loopback0
  738. description Do not delete - SDM WebVPN generated interface
  739. ip address 192.168.1.1 255.255.255.252
  740. ip nat inside
  741. ip virtual-reassembly in
  742. !
  743. interface ATM0
  744. no ip address
  745. shutdown
  746. no atm ilmi-keepalive
  747. !
  748. interface Ethernet0
  749. no ip address
  750. shutdown
  751. !
  752. interface GigabitEthernet0
  753. switchport access vlan 10
  754. no ip address
  755. !
  756. interface GigabitEthernet1
  757. no ip address
  758. spanning-tree portfast
  759. !
  760. interface GigabitEthernet2
  761. switchport access vlan 11
  762. no ip address
  763. spanning-tree portfast
  764. !
  765. interface GigabitEthernet3
  766. switchport access vlan 12
  767. no ip address
  768. spanning-tree portfast
  769. !
  770. interface GigabitEthernet4
  771. switchport access vlan 13
  772. no ip address
  773. spanning-tree portfast
  774. !
  775. interface GigabitEthernet5
  776. switchport access vlan 99
  777. no ip address
  778. spanning-tree portfast
  779. !
  780. interface GigabitEthernet6
  781. no ip address
  782. spanning-tree portfast
  783. !
  784. interface GigabitEthernet7
  785. no ip address
  786. spanning-tree portfast
  787. !
  788. interface GigabitEthernet8
  789. description PrimaryWANDesc_253 wanFW$FW$FW_OUTSIDE$$ETH-WAN$
  790. ip address 192.168.10.86 255.255.255.0 secondary
  791. ip address EXTERNALIP x.x.x.x 255.255.255.0
  792. ip access-group InboundServices in
  793. ip nat outside
  794. ip virtual-reassembly in
  795. zone-member security out-zone
  796. duplex auto
  797. speed auto
  798. media-type rj45
  799. !
  800. interface Virtual-Template1
  801. ip unnumbered GigabitEthernet8
  802. zone-member security sslvpn-zone
  803. !
  804. interface Vlan1
  805. ip address 172.16.1.1 255.255.255.0
  806. !
  807. interface Vlan10
  808. description $FW_INSIDE$
  809. ip address 192.168.0.253 255.255.255.0
  810. ip nat inside
  811. ip virtual-reassembly in
  812. zone-member security in-zone
  813. !
  814. interface Vlan11
  815. description $FW_DMZ$
  816. ip address 192.168.6.1 255.255.255.248
  817. ip access-group Web_Traffic_IN in
  818. ip nat inside
  819. ip virtual-reassembly in
  820. zone-member security dmz-zone
  821. !
  822. interface Vlan12
  823. description $FW_DMZ$
  824. ip address 192.168.6.9 255.255.255.248
  825. ip access-group dmz-traffic in
  826. ip nat inside
  827. ip virtual-reassembly in
  828. zone-member security dmz-zone
  829. !
  830. interface Vlan13
  831. description $FW_INSIDE$
  832. ip address 192.168.5.1 255.255.255.0
  833. ip nat inside
  834. ip virtual-reassembly in
  835. zone-member security in-zone
  836. !
  837. interface Vlan99
  838. description TRANSIT_VLAN
  839. ip address 192.168.99.1 255.255.255.0
  840. ip nat inside
  841. ip virtual-reassembly in
  842. zone-member security in-zone
  843. !
  844. interface Dialer1
  845. no ip address
  846. !
  847. ip forward-protocol nd
  848. ip http server
  849. ip http access-class 23
  850. ip http authentication local
  851. ip http secure-server
  852. ip http timeout-policy idle 60 life 86400 requests 10000
  853. !
  854. !
  855. ip nat inside source list 100 interface GigabitEthernet8 overload
  856. ip nat inside source static tcp 192.168.0.109 80 interface GigabitEthernet8 81
  857. ip nat inside source static tcp 192.168.0.13 499 interface GigabitEthernet8 499
  858. ip nat inside source static tcp 192.168.0.13 992 interface GigabitEthernet8 992
  859. ip nat inside source static tcp 192.168.0.13 1194 interface GigabitEthernet8 1194
  860. ip nat inside source static tcp 192.168.0.109 1433 interface GigabitEthernet8 1433
  861. ip nat inside source static tcp 192.168.0.12 554 interface GigabitEthernet8 5554
  862. ip nat inside source static tcp 192.168.0.13 5555 interface GigabitEthernet8 5555
  863. ip nat inside source static tcp 192.168.0.12 6200 interface GigabitEthernet8 6200
  864. ip nat inside source static tcp 192.168.0.220 80 interface GigabitEthernet8 7800
  865. ip nat inside source static tcp 192.168.0.27 80 interface GigabitEthernet8 8000
  866. ip nat inside source static tcp 192.168.0.11 8081 interface GigabitEthernet8 8081
  867. ip nat inside source static tcp 192.168.0.152 80 interface GigabitEthernet8 9800
  868. ip nat inside source static tcp 192.168.0.152 8081 interface GigabitEthernet8 9801
  869. ip nat inside source static tcp 192.168.0.152 8082 interface GigabitEthernet8 9802
  870. ip nat inside source static udp 192.168.0.13 500 interface GigabitEthernet8 500
  871. ip nat inside source static udp 192.168.0.13 1194 interface GigabitEthernet8 1194
  872. ip nat inside source static udp 192.168.0.13 4500 interface GigabitEthernet8 4500
  873. ip nat inside source static tcp 192.168.0.108 554 interface GigabitEthernet8 554
  874. ip nat inside source static udp 192.168.0.108 554 interface GigabitEthernet8 554
  875. ip nat inside source static udp 192.168.0.108 6666 interface GigabitEthernet8 6666
  876. ip nat inside source static tcp 192.168.0.108 7080 interface GigabitEthernet8 7080
  877. ip nat inside source static tcp 192.168.0.108 6666 interface GigabitEthernet8 6666
  878. ip nat inside source static udp 192.168.0.108 7080 interface GigabitEthernet8 7080
  879. ip nat inside source static udp 192.168.0.108 67 interface GigabitEthernet8 67
  880. ip nat inside source static tcp 192.168.0.108 67 interface GigabitEthernet8 67
  881. ip nat inside source static tcp 192.168.0.108 68 interface GigabitEthernet8 68
  882. ip nat inside source static udp 192.168.0.108 68 interface GigabitEthernet8 68
  883. ip nat inside source static udp 192.168.0.108 7443 interface GigabitEthernet8 7443
  884. ip nat inside source static udp 192.168.0.108 7444 interface GigabitEthernet8 7444
  885. ip nat inside source static udp 192.168.0.108 7445 interface GigabitEthernet8 7445
  886. ip nat inside source static udp 192.168.0.108 7446 interface GigabitEthernet8 7446
  887. ip nat inside source static udp 192.168.0.108 7447 interface GigabitEthernet8 7447
  888. ip nat inside source static tcp 192.168.0.108 7447 interface GigabitEthernet8 7447
  889. ip nat inside source static tcp 192.168.0.108 7446 interface GigabitEthernet8 7446
  890. ip nat inside source static tcp 192.168.0.108 7445 interface GigabitEthernet8 7445
  891. ip nat inside source static tcp 192.168.0.108 7444 interface GigabitEthernet8 7444
  892. ip nat inside source static tcp 192.168.0.108 7443 interface GigabitEthernet8 7443
  893. ip nat inside source static tcp 192.168.0.109 4930 interface GigabitEthernet8 4930
  894. ip nat inside source static udp 192.168.0.109 4930 interface GigabitEthernet8 4930
  895. ip nat inside source static tcp 192.168.0.109 1400 interface GigabitEthernet8 1400
  896. ip nat inside source static tcp 192.168.0.109 1401 interface GigabitEthernet8 1401
  897. ip nat inside source static tcp 192.168.0.109 1402 interface GigabitEthernet8 1402
  898. ip nat inside source static tcp 192.168.0.109 1403 interface GigabitEthernet8 1403
  899. ip nat inside source static tcp 192.168.0.109 1404 interface GigabitEthernet8 1404
  900. ip nat inside source static tcp 192.168.0.109 1405 interface GigabitEthernet8 1405
  901. ip nat inside source static tcp 192.168.0.109 1406 interface GigabitEthernet8 1406
  902. ip nat inside source static tcp 192.168.0.109 1407 interface GigabitEthernet8 1407
  903. ip nat inside source static tcp 192.168.0.109 1408 interface GigabitEthernet8 1408
  904. ip nat inside source static tcp 192.168.0.109 1409 interface GigabitEthernet8 1409
  905. ip nat inside source static tcp 192.168.0.109 1410 interface GigabitEthernet8 1410
  906. ip nat inside source static tcp 192.168.0.109 1411 interface GigabitEthernet8 1411
  907. ip nat inside source static tcp 192.168.0.109 1412 interface GigabitEthernet8 1412
  908. ip nat inside source static tcp 192.168.0.109 1413 interface GigabitEthernet8 1413
  909. ip nat inside source static tcp 192.168.0.109 1414 interface GigabitEthernet8 1414
  910. ip nat inside source static tcp 192.168.0.109 1415 interface GigabitEthernet8 1415
  911. ip nat inside source static tcp 192.168.0.109 1417 interface GigabitEthernet8 1417
  912. ip nat inside source static tcp 192.168.0.109 1416 interface GigabitEthernet8 1416
  913. ip nat inside source static tcp 192.168.0.109 1418 interface GigabitEthernet8 1418
  914. ip nat inside source static tcp 192.168.0.109 1419 interface GigabitEthernet8 1419
  915. ip nat inside source static tcp 192.168.0.109 1420 interface GigabitEthernet8 1420
  916. ip nat inside source static tcp 192.168.0.109 1421 interface GigabitEthernet8 1421
  917. ip nat inside source static tcp 192.168.0.109 1422 interface GigabitEthernet8 1422
  918. ip nat inside source static tcp 192.168.0.109 1423 interface GigabitEthernet8 1423
  919. ip nat inside source static tcp 192.168.0.109 1424 interface GigabitEthernet8 1424
  920. ip nat inside source static tcp 192.168.0.109 1425 interface GigabitEthernet8 1425
  921. ip nat inside source static tcp 192.168.0.109 1426 interface GigabitEthernet8 1426
  922. ip nat inside source static tcp 192.168.0.109 1427 interface GigabitEthernet8 1427
  923. ip nat inside source static tcp 192.168.0.109 1428 interface GigabitEthernet8 1428
  924. ip nat inside source static tcp 192.168.0.109 1429 interface GigabitEthernet8 1429
  925. ip nat inside source static tcp 192.168.0.109 1430 interface GigabitEthernet8 1430
  926. ip nat inside source static tcp 192.168.0.109 1431 interface GigabitEthernet8 1431
  927. ip nat inside source static tcp 192.168.0.109 1432 interface GigabitEthernet8 1432
  928. ip nat inside source static tcp 192.168.0.109 1435 interface GigabitEthernet8 1435
  929. ip nat inside source static tcp 192.168.0.109 1436 interface GigabitEthernet8 1436
  930. ip nat inside source static tcp 192.168.0.109 1437 interface GigabitEthernet8 1437
  931. ip nat inside source static tcp 192.168.0.109 1438 interface GigabitEthernet8 1438
  932. ip nat inside source static tcp 192.168.0.109 1439 interface GigabitEthernet8 1439
  933. ip nat inside source static tcp 192.168.0.109 1440 interface GigabitEthernet8 1440
  934. ip nat inside source static tcp 192.168.0.109 1441 interface GigabitEthernet8 1441
  935. ip nat inside source static tcp 192.168.0.109 1442 interface GigabitEthernet8 1442
  936. ip nat inside source static tcp 192.168.0.109 1443 interface GigabitEthernet8 1443
  937. ip nat inside source static tcp 192.168.0.109 1444 interface GigabitEthernet8 1444
  938. ip nat inside source static tcp 192.168.0.109 1445 interface GigabitEthernet8 1445
  939. ip nat inside source static tcp 192.168.0.109 1446 interface GigabitEthernet8 1446
  940. ip nat inside source static tcp 192.168.0.109 1447 interface GigabitEthernet8 1447
  941. ip nat inside source static tcp 192.168.0.109 1448 interface GigabitEthernet8 1448
  942. ip nat inside source static tcp 192.168.0.109 1449 interface GigabitEthernet8 1449
  943. ip nat inside source static tcp 192.168.0.109 1450 interface GigabitEthernet8 1450
  944. ip nat inside source static udp 192.168.0.109 1450 interface GigabitEthernet8 1450
  945. ip nat inside source static udp 192.168.0.109 1400 interface GigabitEthernet8 1400
  946. ip nat inside source static udp 192.168.0.109 1401 interface GigabitEthernet8 1401
  947. ip nat inside source static udp 192.168.0.109 1402 interface GigabitEthernet8 1402
  948. ip nat inside source static udp 192.168.0.109 1403 interface GigabitEthernet8 1403
  949. ip nat inside source static udp 192.168.0.109 1404 interface GigabitEthernet8 1404
  950. ip nat inside source static udp 192.168.0.109 1405 interface GigabitEthernet8 1405
  951. ip nat inside source static udp 192.168.0.109 1406 interface GigabitEthernet8 1406
  952. ip nat inside source static udp 192.168.0.109 1407 interface GigabitEthernet8 1407
  953. ip nat inside source static udp 192.168.0.109 1408 interface GigabitEthernet8 1408
  954. ip nat inside source static udp 192.168.0.109 1409 interface GigabitEthernet8 1409
  955. ip nat inside source static udp 192.168.0.109 1410 interface GigabitEthernet8 1410
  956. ip nat inside source static udp 192.168.0.109 1411 interface GigabitEthernet8 1411
  957. ip nat inside source static udp 192.168.0.109 1412 interface GigabitEthernet8 1412
  958. ip nat inside source static udp 192.168.0.109 1413 interface GigabitEthernet8 1413
  959. ip nat inside source static udp 192.168.0.109 1414 interface GigabitEthernet8 1414
  960. ip nat inside source static udp 192.168.0.109 1415 interface GigabitEthernet8 1415
  961. ip nat inside source static udp 192.168.0.109 1416 interface GigabitEthernet8 1416
  962. ip nat inside source static udp 192.168.0.109 1417 interface GigabitEthernet8 1417
  963. ip nat inside source static udp 192.168.0.109 1418 interface GigabitEthernet8 1418
  964. ip nat inside source static udp 192.168.0.109 1419 interface GigabitEthernet8 1419
  965. ip nat inside source static udp 192.168.0.109 1420 interface GigabitEthernet8 1420
  966. ip nat inside source static udp 192.168.0.109 1421 interface GigabitEthernet8 1421
  967. ip nat inside source static udp 192.168.0.109 1422 interface GigabitEthernet8 1422
  968. ip nat inside source static udp 192.168.0.109 1423 interface GigabitEthernet8 1423
  969. ip nat inside source static udp 192.168.0.109 1424 interface GigabitEthernet8 1424
  970. ip nat inside source static udp 192.168.0.109 1425 interface GigabitEthernet8 1425
  971. ip nat inside source static udp 192.168.0.109 1426 interface GigabitEthernet8 1426
  972. ip nat inside source static udp 192.168.0.109 1427 interface GigabitEthernet8 1427
  973. ip nat inside source static udp 192.168.0.109 1428 interface GigabitEthernet8 1428
  974. ip nat inside source static udp 192.168.0.109 1429 interface GigabitEthernet8 1429
  975. ip nat inside source static udp 192.168.0.109 1430 interface GigabitEthernet8 1430
  976. ip nat inside source static udp 192.168.0.109 1431 interface GigabitEthernet8 1431
  977. ip nat inside source static udp 192.168.0.109 1432 interface GigabitEthernet8 1432
  978. ip nat inside source static udp 192.168.0.109 1433 interface GigabitEthernet8 1433
  979. ip nat inside source static udp 192.168.0.109 1434 interface GigabitEthernet8 1434
  980. ip nat inside source static udp 192.168.0.109 1435 interface GigabitEthernet8 1435
  981. ip nat inside source static udp 192.168.0.109 1436 interface GigabitEthernet8 1436
  982. ip nat inside source static udp 192.168.0.109 1437 interface GigabitEthernet8 1437
  983. ip nat inside source static udp 192.168.0.109 1438 interface GigabitEthernet8 1438
  984. ip nat inside source static udp 192.168.0.109 1439 interface GigabitEthernet8 1439
  985. ip nat inside source static udp 192.168.0.109 1440 interface GigabitEthernet8 1440
  986. ip nat inside source static udp 192.168.0.109 1441 interface GigabitEthernet8 1442
  987. ip nat inside source static udp 192.168.0.109 1443 interface GigabitEthernet8 1443
  988. ip nat inside source static udp 192.168.0.109 1444 interface GigabitEthernet8 1444
  989. ip nat inside source static udp 192.168.0.109 1445 interface GigabitEthernet8 1445
  990. ip nat inside source static udp 192.168.0.109 1446 interface GigabitEthernet8 1446
  991. ip nat inside source static udp 192.168.0.109 1447 interface GigabitEthernet8 1447
  992. ip nat inside source static udp 192.168.0.109 1448 interface GigabitEthernet8 1448
  993. ip nat inside source static udp 192.168.0.109 1449 interface GigabitEthernet8 1449
  994. ip nat inside source static tcp 192.168.1.1 443 EXTERNALIP x.x.x.x 4443 extendable
  995. ip nat inside source static tcp 192.168.6.10 443 EXTERNALIP x.x.x.x 4449 extendable
  996. ip nat inside source static tcp 192.168.6.10 83 192.168.10.86 83 extendable
  997. ip nat inside source static tcp 192.168.6.10 443 192.168.10.86 443 extendable
  998. ip nat inside source static tcp 192.168.6.10 81 192.168.10.86 8989 extendable
  999. ip route 0.0.0.0 0.0.0.0 ISP IP x.x.x.x
  1000. ip route 185.46.211.0 255.255.255.0 GigabitEthernet8 permanent
  1001. ip route 192.168.0.0 255.255.255.0 Vlan10 permanent
  1002. ip route 192.168.5.0 255.255.255.0 Vlan13
  1003. ip route 192.168.6.0 255.255.255.248 Vlan11 permanent
  1004. ip route 192.168.6.8 255.255.255.248 Vlan12 permanent
  1005. ip route 192.168.99.0 255.255.255.248 Vlan99 permanent
  1006. !
  1007. ip access-list extended All
  1008. remark CCP_ACL Category=128
  1009. permit ip any any
  1010. ip access-list extended Arcserve
  1011. remark CCP_ACL Category=128
  1012. permit ip host 192.168.0.234 any
  1013. ip access-list extended Arcserve-DMZ-Backup
  1014. remark CCP_ACL Category=128
  1015. permit ip host 192.168.6.10 host 192.168.0.234
  1016. ip access-list extended Arcserve-Server-to-DMZ
  1017. remark CCP_ACL Category=128
  1018. permit ip host 192.168.0.234 host 192.168.6.10
  1019. ip access-list extended DNS-Lookups
  1020. remark CCP_ACL Category=128
  1021. permit ip host 192.168.6.10 any
  1022. ip access-list extended InboundServices
  1023. remark CCP_ACL Category=1
  1024. permit udp host 8.8.8.8 eq domain any
  1025. permit udp host 8.8.4.4 eq domain any
  1026. permit udp host 87.117.237.100 eq domain any
  1027. remark HTTPS
  1028. permit ip any any log
  1029. ip access-list extended Permit-LANInternet
  1030. remark CCP_ACL Category=128
  1031. permit ip any any
  1032. ip access-list extended Permit_Temp
  1033. remark CCP_ACL Category=128
  1034. permit ip any host 192.168.0.109
  1035. ip access-list extended RDP-to-DMZ
  1036. remark CCP_ACL Category=128
  1037. permit ip 192.168.0.0 0.0.255.255 any
  1038. ip access-list extended SDM_ESP
  1039. remark CCP_ACL Category=1
  1040. permit esp any any
  1041. ip access-list extended SDM_WEBVPN
  1042. remark CCP_ACL Category=1
  1043. permit tcp any any eq 443
  1044. ip access-list extended SMTP
  1045. remark CCP_ACL Category=128
  1046. permit ip host 192.168.6.10 any
  1047. ip access-list extended SQL
  1048. remark CCP_ACL Category=128
  1049. permit ip host 192.168.6.10 host 192.168.0.29
  1050. ip access-list extended TCP83
  1051. remark CCP_ACL Category=128
  1052. permit ip any host 192.168.6.10
  1053. ip access-list extended WebOUT
  1054. remark CCP_ACL Category=1
  1055. permit ip any any log
  1056. ip access-list extended Web_Traffic_IN
  1057. remark Permitting-Web-TrafficInbound
  1058. remark CCP_ACL Category=1
  1059. permit tcp any any eq www log
  1060. ip access-list extended dmz-traffic
  1061. remark CCP_ACL Category=1
  1062. permit tcp any host 192.168.6.10 eq www log
  1063. remark HTTPS
  1064. permit tcp any any log
  1065. remark AccessACloud
  1066. permit ip host 192.168.6.10 host 212.54.130.138
  1067. remark GooglePubDns
  1068. permit ip host 192.168.6.10 host 8.8.4.4
  1069. permit tcp any any eq www
  1070. remark Permit-All-for SQL
  1071. permit ip any any log
  1072. ip access-list extended webout
  1073. remark CCP_ACL Category=128
  1074. permit ip host 192.168.6.10 any
  1075. permit ip host 82.163.247.156 any
  1076. permit ip host 185.46.211.197 any
  1077. permit ip host 192.168.0.9 any
  1078. !
  1079. logging trap notifications
  1080. !
  1081. access-list 100 remark CCP_ACL Category=130
  1082. access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  1083. access-list 100 permit ip 185.46.211.0 0.0.0.255 any
  1084. access-list 100 permit ip host 255.255.255.255 any
  1085. access-list 100 permit ip 192.168.6.8 0.0.0.7 any
  1086. access-list 100 permit ip 192.168.6.0 0.0.0.7 any
  1087. access-list 100 remark DMZ-TCP
  1088. access-list 100 permit tcp host 192.168.6.10 any log
  1089. access-list 100 remark DMZ-UDP
  1090. access-list 100 permit udp host 192.168.6.10 any log
  1091. access-list 100 permit ip any any
  1092. access-list 101 remark CCP_ACL Category=0
  1093. access-list 101 permit ip any host 192.168.6.2
  1094. access-list 102 remark CCP_ACL Category=0
  1095. access-list 102 permit ip any host 192.168.0.109
  1096. access-list 103 remark CCP_ACL Category=0
  1097. access-list 103 permit ip any host 192.168.0.13
  1098. access-list 104 remark CCP_ACL Category=0
  1099. access-list 104 permit ip any host 192.168.0.12
  1100. access-list 105 remark CCP_ACL Category=0
  1101. access-list 105 permit ip any host 192.168.0.220
  1102. access-list 106 remark CCP_ACL Category=0
  1103. access-list 106 permit ip any host 192.168.0.27
  1104. access-list 107 remark CCP_ACL Category=0
  1105. access-list 107 permit ip any host 192.168.0.11
  1106. access-list 108 remark CCP_ACL Category=0
  1107. access-list 108 permit ip any host 192.168.0.152
  1108. access-list 109 remark CCP_ACL Category=128
  1109. access-list 109 permit ip any host EXTERNALIP x.x.x.x
  1110. access-list 199 remark NATOutbound
  1111. access-list 199 remark CCP_ACL Category=2
  1112. access-list 199 permit ip any any log
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement