Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- version 12.4
- ...
- !
- ip dhcp pool WIFI
- network 192.168.2.0 255.255.255.0
- domain-name example.local
- default-router 192.168.2.1
- dns-server 192.168.0.151 8.8.8.8
- !
- ip dhcp pool LAN
- network 192.168.0.0 255.255.255.0
- bootfile pxelinux.0
- next-server 192.168.0.2
- domain-name example.local
- default-router 192.168.0.1
- dns-server 192.168.0.151 8.8.8.8
- option 66 ip 192.168.0.2
- option 150 ip 192.168.0.2
- lease infinite
- !
- ip dhcp pool ICS
- network 192.168.5.0 255.255.255.0
- bootfile pxelinux.0
- next-server 192.168.0.2
- domain-name example.local
- dns-server 192.168.0.151 8.8.8.8
- default-router 192.168.5.1
- option 66 ip 192.168.0.2
- option 150 ip 192.168.0.2
- lease infinite
- !
- ip name-server 192.168.0.151
- ip name-server 8.8.8.8
- !
- multilink bundle-name authenticated
- vpdn enable
- !
- vpdn-group vpnaccess
- ! Default PPTP VPDN group
- accept-dialin
- protocol pptp
- virtual-template 100
- l2tp tunnel receive-window 256
- !
- username ...
- !
- crypto isakmp policy 10
- encr 3des
- hash md5
- authentication pre-share
- group 2
- !
- crypto isakmp policy 15
- encr 3des
- authentication pre-share
- group 2
- crypto isakmp key blah-blah-blah address xxx.xxx.xxx.IPSEC1
- !
- crypto isakmp client configuration group NAS
- key blah-blah-blah
- dns 192.168.0.151 8.8.8.8
- domain example.local
- pool SDM_POOL_1
- acl 101
- netmask 255.255.255.0
- crypto isakmp profile ciscocp-ike-profile-1
- match identity group NAS
- client authentication list ciscocp_vpn_xauth_ml_1
- isakmp authorization list ciscocp_vpn_group_ml_1
- client configuration address respond
- virtual-template 1
- !
- crypto ipsec transform-set exampleset esp-3des esp-md5-hmac
- crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
- !
- crypto ipsec profile CiscoCP_Profile1
- set transform-set ESP-3DES-SHA
- set isakmp-profile ciscocp-ike-profile-1
- !
- crypto map example 10 ipsec-isakmp
- set peer xxx.xxx.xxx.IPSEC1
- set security-association lifetime seconds 86400
- set transform-set exampleset
- match address EXAMPLEIPSEC
- !
- archive
- log config
- hidekeys
- !
- track 100 rtr 100 reachability
- delay down 10 up 20
- pseudowire-class top
- encapsulation l2tpv3
- protocol none
- ip local interface Vlan11
- !
- interface FastEthernet0
- description internet-outside-ISP1
- ip address xxx.xxx.xxx.ISP1 255.255.255.192
- ip nat outside
- ip virtual-reassembly
- duplex auto
- speed auto
- crypto map example
- !
- interface FastEthernet1
- description internet-outside-ISP2
- no ip dhcp client request dns-nameserver
- ip address dhcp
- ip nat outside
- ip virtual-reassembly
- duplex auto
- speed auto
- crypto map example
- !
- interface FastEthernet2
- description office-wire
- switchport access vlan 11
- !
- interface FastEthernet3
- description office-wifi-linksys
- switchport access vlan 12
- !
- interface FastEthernet4
- description office-ics-wifi
- switchport access vlan 12
- !
- interface FastEthernet5
- description office-ics-wire
- switchport access vlan 15
- !
- interface FastEthernet6
- !
- interface FastEthernet7
- !
- interface FastEthernet8
- !
- interface FastEthernet9
- !
- interface Virtual-PPP1
- no ip address
- !
- interface Virtual-Template1 type tunnel
- ip unnumbered FastEthernet0
- tunnel mode ipsec ipv4
- tunnel protection ipsec profile CiscoCP_Profile1
- !
- interface Virtual-Template100
- ip unnumbered FastEthernet0
- ip broadcast-address 192.168.0.255
- ip nat inside
- ip virtual-reassembly
- peer default ip address pool DIAL-IN
- ppp encrypt mppe auto required
- ppp bridge ip
- ppp authentication ms-chap ms-chap-v2
- !
- interface Vlan1
- no ip address
- !
- interface Vlan11
- description office-wire
- ip address 192.168.1.2 255.255.255.0 secondary
- ip address 192.168.0.1 255.255.255.0
- no ip redirects
- ip nat inside
- ip virtual-reassembly
- ip tcp adjust-mss 1412
- !
- interface Vlan12
- description office_wifi
- ip address 192.168.2.1 255.255.255.0
- ip access-group wifi-in in
- ip access-group wifi-out out
- no ip redirects
- ip nat inside
- ip virtual-reassembly
- !
- interface Vlan15
- description office-ics-wire
- ip address 192.168.5.1 255.255.255.0
- ip access-group office-ics-wire in
- ip access-group office-ics-wire-out out
- no ip redirects
- ip nat inside
- ip virtual-reassembly
- !
- interface Vlan111
- no ip address
- !
- interface Async1
- no ip address
- encapsulation slip
- !
- ip local policy route-map MYIP
- ip local pool DIAL-IN 192.168.0.200 192.168.0.220
- ip local pool SDM_POOL_1 192.168.10.10 192.168.10.20
- ip forward-protocol nd
- ip route 0.0.0.0 0.0.0.0 FastEthernet0 xxx.xxx.xxx.ISP1GW track 100
- ip route 8.8.4.4 255.255.255.255 xxx.xxx.xxx.ISP1GW
- ip route 0.0.0.0 0.0.0.0 FastEthernet1 dhcp 20
- !
- ip http server
- ip http authentication local
- no ip http secure-server
- ...
- ip nat inside source route-map WORLD-ISP1 interface FastEthernet0 overload
- ip nat inside source route-map WORLD-ISP2 interface FastEthernet1 overload
- !
- ip access-list standard WORLD-PPPOE
- ...
- !
- ip access-list extended MYIP
- ...
- ip access-list extended NATNET
- ...
- ip access-list extended EXAMPLEIPSEC
- ...
- ip access-list extended ISP2
- ...
- ip access-list extended console-in
- ...
- ip access-list extended internet-in
- ...
- ip access-list extended office-ics-wire
- ...
- ip access-list extended office-ics-wire-out
- ...
- ip access-list extended wifi-in
- ...
- ip access-list extended wifi-out
- ...
- !
- ip sla 100
- icmp-echo 8.8.4.4 source-interface FastEthernet0
- timeout 500
- frequency 3
- ip sla schedule 100 life forever start-time now
- logging host xxx.xxx.xxx.xxx transport udp port 5145
- ...
- access-list compiled
- dialer-list 1 protocol ip permit
- dialer-list 2 protocol ip permit
- arp 192.168.2.100 0018.39c5.ccea ARPA
- !
- route-map IPSEC permit 10
- match ip address EXAMPLEIPSEC
- set ip next-hop xxx.xxx.xxx.IPSEC1NEXTHOP
- !
- route-map WORLD-ISP1 permit 10
- match ip address NATNET
- match interface FastEthernet0
- !
- route-map WORLD-ISP2 permit 10
- match ip address NATNET
- match interface FastEthernet1
- !
- control-plane
- !
- line con 0
- line 1
- modem InOut
- stopbits 1
- speed 115200
- flowcontrol hardware
- line aux 0
- line vty 0 4
- access-class console-in in
- !
- ntp clock-period 17180263
- ntp update-calendar
- ntp server 62.149.0.30
- ntp server 193.34.155.4 prefer
- !
- webvpn gateway gateway_1
- ip address xxx.xxx.xxx.ISP1 port 5000
- ssl trustpoint Router_Certificate
- inservice
- !
- webvpn context Default_context
- ssl authenticate verify all
- !
- no inservice
- !
- webvpn context nas
- secondary-color white
- title-color #CCCC66
- text-color black
- ssl authenticate verify all
- !
- nbns-list "nbns_list_1"
- nbns-server 192.168.10.160 master
- !
- policy group policy_1
- nbns-list "nbns_list_1"
- functions file-access
- functions file-browse
- functions file-entry
- functions svc-enabled
- svc address-pool "SDM_POOL_1"
- svc default-domain "example.local"
- svc keep-client-installed
- svc split include 192.168.10.160 255.255.255.255
- svc dns-server primary 192.168.0.151
- svc dns-server secondary 8.8.8.8
- default-group-policy policy_1
- aaa authentication list sdm_vpn_xauth_ml_1
- gateway gateway_1 domain nas
- max-users 10
- inservice
- !
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement