more system:running-config
!
! Last configuration change at 08:39:59 pst Tue Mar 18 2014 by <removed>
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname PG-1921
!
boot-start-marker
boot-end-marker
!
logging buffered informational
logging monitor warnings
enable password <removed> <removed>
!
aaa new-model
!
!
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network VPNCLIENTGLIST local
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone pst -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 10.0.0.1 10.70.4.0
ip dhcp excluded-address 10.70.4.255 10.255.255.254
!
ip dhcp pool inside
   import all
   network 10.70.0.0 255.255.0.0
   dns-server <ip_5c1ebe928b> <ip_7d68a01dca> <ip_58414bee7b>
   default-router 10.70.1.1
!
ip dhcp pool res1
   host 10.70.4.100 255.255.0.0
   client-identifier <removed>
   client-name <removed>
!
ip dhcp pool res2
   host 10.70.4.220 255.255.0.0
   client-identifier <removed>
!
ip dhcp pool res3
   host 10.70.4.106 255.255.0.0
   client-identifier <removed>
   client-name <removed>
!
ip dhcp pool res4
   host 10.70.4.112 255.255.0.0
   client-identifier <removed>
!
ip dhcp pool res5
   host 10.70.4.131 255.255.0.0
   client-identifier <removed>
!
!
no ip domain lookup
ip domain name <removed>
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3078740036
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3078740036
 revocation-check none
 rsakeypair TP-self-signed-3078740036
!
!
crypto pki certificate chain TP-self-signed-3078740036
 certificate self-signed <removed>
        quit
license udi pid CISCO1921/K9 sn <removed>
!
!
object-group service servicegroup1
 tcp range 18000 18999
!
username <removed> privilege 15 password 7 <removed>
username <removed> privilege 15 password 7 <removed>
username <removed> privilege 15 password 7 <removed>
username <removed> password 7 <removed>
username <removed> password 7 <removed>
username <removed> password 7 <removed>
username <removed> password 7 <removed>
username <removed> password 7 <removed>
!
redundancy
!
!
ip ssh version 1
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key <removed> address <ip_86dd6b5ff7>
crypto isakmp key <removed> address <ip_75eb7dc982> no-xauth
crypto isakmp key <removed> address <ip_0a3f9cfdb0> no-xauth
crypto isakmp key <removed> address <ip_0ab4844cae> no-xauth
crypto isakmp key <removed> address <ip_afbae7f7ac> no-xauth
crypto isakmp keepalive 10
!
crypto isakmp client configuration group VPNCLIENTGROUP
 key <removed>
 dns <ip_69f263aeef>
 pool VPN_POOL
 acl VPN_ACL
!
!
crypto ipsec transform-set TUNNEL esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set AES_MD5 ah-md5-hmac esp-aes
crypto ipsec transform-set AES_SHA1 esp-aes esp-sha-hmac
!
crypto dynamic-map SDM_CMAP_1 1
 set transform-set AES_SHA1
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list VPNCLIENTXAUTH
crypto map SDM_CMAP_1 isakmp authorization list VPNCLIENTGLIST
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description <ip_0a3f9cfdb0>
 set peer <ip_0a3f9cfdb0>
 set peer <ip_86dd6b5ff7>
 set transform-set ESP-3DES-SHA
 match address 120
crypto map SDM_CMAP_1 2 ipsec-isakmp
 description <ip_75eb7dc982>
 set peer <ip_75eb7dc982>
 set transform-set ESP-3DES-SHA
 match address 121
crypto map SDM_CMAP_1 3 ipsec-isakmp
 description Tunnel to<removed>
 set peer <ip_0ab4844cae>
 set transform-set ESP-3DES-SHA1
 match address 101
crypto map SDM_CMAP_1 4 ipsec-isakmp dynamic SDM_CMAP_1
crypto map SDM_CMAP_1 5 ipsec-isakmp
 description SAM_TUNNEL
 set peer <ip_afbae7f7ac>
 set transform-set ESP-3DES-SHA
 match address 102
!
!
!
!
!
interface GigabitEthernet0/0
 description PRIMARY - ISP1
 ip address <ip_3eb62ab9db> 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
 !
!
interface GigabitEthernet0/1
 description inside
 ip address 10.70.1.1 255.255.0.0
 ip access-group 100 out
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface FastEthernet0/0/0
 description BACKUP - ISP2
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
 !
!
ip local pool VPN_POOL 10.99.99.1 10.99.99.50
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source route-map ISP1 interface GigabitEthernet0/0 overload
ip nat inside source route-map ISP2 interface FastEthernet0/0/0 overload
ip nat inside source static tcp 10.70.7.1 80 <ip_3eb62ab9db> 80 extendable
ip nat inside source static udp 10.70.8.1 3081 <ip_3eb62ab9db> 3081 extendable
ip nat inside source static udp 10.70.8.2 3082 <ip_3eb62ab9db> 3082 extendable
ip nat inside source static tcp 10.70.2.5 3389 <ip_3eb62ab9db> 3389 extendable
ip nat inside source static tcp 10.70.3.101 4999 <ip_3eb62ab9db> 4999 extendable
ip nat inside source static tcp 10.70.7.102 6001 <ip_3eb62ab9db> 6001 extendable
ip nat inside source static tcp 10.70.7.102 6002 <ip_3eb62ab9db> 6002 extendable
ip nat inside source static tcp 10.70.2.1 7070 <ip_3eb62ab9db> 7070 extendable
ip nat inside source static tcp 10.70.7.102 8085 <ip_3eb62ab9db> 8085 extendable
ip nat inside source static tcp 10.70.6.3 10000 <ip_3eb62ab9db> 10000 extendable
ip nat inside source static tcp 10.70.2.10 18000 <ip_3eb62ab9db> 18000 extendable
ip nat inside source static tcp 10.70.2.10 18101 <ip_3eb62ab9db> 18101 extendable
ip nat inside source static tcp 10.70.2.10 18112 <ip_3eb62ab9db> 18112 extendable
ip nat inside source static tcp 10.70.7.1 22609 <ip_3eb62ab9db> 22609 extendable
ip nat inside source static tcp 10.70.6.1 35300 <ip_3eb62ab9db> 35300 extendable
ip route 0.0.0.0 0.0.0.0 <ip_a95df0e345>
ip route 0.0.0.0 0.0.0.0 <ip_0fbc0b552e> 10
!
ip access-list extended VPN_ACL
 remark ### SPLIT TUNNEL ACL ###
 permit ip 10.70.0.0 0.0.255.255 any
!
access-list 23 permit any
access-list 100 deny   udp any any eq bootpc log
access-list 100 deny   udp any any eq bootps log
access-list 100 permit ip any any
access-list 101 remark CCP_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 10.70.0.0 0.0.255.255 10.20.0.0 0.0.255.255
access-list 102 permit ip 10.70.0.0 0.0.255.255 10.45.0.0 0.0.255.255
access-list 120 permit ip 10.70.0.0 0.0.255.255 10.80.0.0 0.0.255.255
access-list 120 permit ip 10.70.0.0 0.0.255.255 <ip_131a232c9d> 0.255.255.255
access-list 121 permit ip 10.70.0.0 0.0.255.255 10.40.0.0 0.0.255.255
access-list 130 deny   ip 10.70.2.0 0.0.0.255 10.70.12.0 0.0.0.255
access-list 130 deny   ip 10.70.2.0 0.0.0.255 10.99.99.0 0.0.0.255
access-list 130 deny   ip 10.70.0.0 0.0.255.255 10.20.0.0 0.0.255.255
access-list 130 deny   ip 10.70.0.0 0.0.255.255 <ip_131a232c9d> 0.255.255.255
access-list 130 deny   ip 10.70.0.0 0.0.255.255 10.80.0.0 0.0.255.255
access-list 130 deny   ip 10.70.0.0 0.0.255.255 10.40.0.0 0.0.255.255
access-list 130 permit ip 10.70.0.0 0.0.255.255 any
!
!
!
!
route-map ISP1 permit 10
 match ip address 130
 match interface GigabitEthernet0/0
!
route-map ISP2 permit 10
 match ip address 130
 match interface FastEthernet0/0/0
!
!
!
control-plane
 !
!
!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 password 7 <removed>
 transport input telnet ssh
line vty 5 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
end