Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Current configuration : 7797 bytes
- !
- version 12.4
- no service pad
- service tcp-keepalives-in
- service tcp-keepalives-out
- service timestamps debug datetime msec localtime show-timezone
- service timestamps log datetime localtime
- service password-encryption
- service sequence-numbers
- !
- hostname SAE
- !
- boot-start-marker
- boot system flash:c850-advsecurityk9-mz.124-15.T9.bin
- boot-end-marker
- !
- logging buffered 512000
- logging console critical
- enable secret 5 <removed>
- !
- no aaa new-model
- clock timezone EST -4
- !
- crypto pki trustpoint TP-self-signed-1161593293
- enrollment selfsigned
- subject-name cn=IOS-Self-Signed-Certificate-1161593293
- revocation-check none
- rsakeypair TP-self-signed-1161593293
- !
- !
- crypto pki certificate chain TP-self-signed-1161593293
- certificate self-signed 01
- 30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
- 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
- 69666963 6174652D 31313631 35393332 3933301E 170D3032 30333031 30303335
- 32315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
- 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31363135
- 39333239 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
- 81009F12 2EB21D3D 200AD212 F5BC5422 530BEB7D 4D5788B3 C935EB69 F849D0A5
- 52D6EC2C 34F25BA4 B9371E40 39418CBB 62EC8960 6F30A70B C3C8CF34 B488DB4A
- CB2A4412 7FCF84C5 9C7B749A D3F7DC8F 7447E79B 7F468237 D1A67485 BC7E923C
- 965DF38D 1DB1CCF0 4C7BD5D3 64E98EEF C8D7831D B494BD6E 1D205728 F6FF5EF2
- 411F0203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
- 551D1104 1D301B82 19534145 4E594570 73696C6F 6E2E6E79 6361702E 72722E63
- 6F6D301F 0603551D 23041830 16801480 F68657E1 A04B4FDA CCA5320F CB940CC4
- C1B8E130 1D060355 1D0E0416 041480F6 8657E1A0 4B4FDACC A5320FCB 940CC4C1
- B8E1300D 06092A86 4886F70D 01010405 00038181 004108C7 A86F3E68 6B34BBA9
- 51FA4E54 2E8D5700 884E8E9D A95B0F4E 0C0EBB79 5FC3B48E D38D7752 5F6637DE
- ACA5B62F F764A7A8 78F2E3B0 9A20CA9F 0268EE59 AC6C65E1 DCEE3EA8 929D0AA1
- CF16E01B E6C7695E B1E21C4E 8F066ADF 9F1FBB4B F40FE77C F24779AB 51EAF930
- 30622F6D 113727EA 71F5D2C0 9B468800 8D2BB8B9 D5
- quit
- dot11 syslog
- no ip source-route
- no ip dhcp use vrf connected
- ip dhcp excluded-address 192.168.1.1 192.168.1.9
- !
- ip dhcp pool sdm-pool1
- import all
- network 192.168.1.0 255.255.255.0
- default-router 192.168.1.1
- lease 0 12
- !
- !
- ip cef
- no ip bootp server
- ip domain name nycap.rr.com
- ip name-server 64.209.89.250
- !
- !
- !
- username SAE privilege 15 secret 5 <removed>
- username csteifel privilege 15 password 7 <removed>
- !
- !
- archive
- log config
- hidekeys
- !
- !
- ip tcp synwait-time 10
- ip ssh time-out 60
- ip ssh authentication-retries 2
- !
- !
- !
- interface FastEthernet0
- load-interval 30
- !
- interface FastEthernet1
- load-interval 30
- !
- interface FastEthernet2
- load-interval 30
- !
- interface FastEthernet3
- load-interval 30
- !
- interface FastEthernet4
- description $FW_OUTSIDE$$ETH-WAN$$ES_WAN$
- ip address dhcp client-id FastEthernet4 hostname nycap.rr.com
- ip access-group 106 in
- ip access-group 105 out
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip nat outside
- ip virtual-reassembly
- load-interval 30
- duplex auto
- speed auto
- fair-queue
- !
- interface Vlan1
- description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
- ip address 192.168.1.1 255.255.255.0
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip flow ingress
- ip flow egress
- ip nat inside
- ip virtual-reassembly
- ip tcp adjust-mss 1452
- load-interval 30
- fair-queue
- !
- no ip forward-protocol nd
- ip route 192.168.1.1 255.255.255.255 Null0
- ip route 216.18.237.18 255.255.255.255 Null0
- ip flow-top-talkers
- top 20
- sort-by bytes
- !
- no ip http server
- ip http authentication local
- ip http secure-server
- ip http timeout-policy idle 60 life 86400 requests 10000
- ip nat translation tcp-timeout 3600
- ip nat inside source list 1 interface FastEthernet4 overload
- ip nat inside source static tcp 192.168.1.150 55000 interface FastEthernet4 55000
- ip nat inside source static tcp 192.168.1.222 6110 interface FastEthernet4 6110
- ip nat inside source static udp 192.168.1.222 6110 interface FastEthernet4 6110
- ip nat inside source static tcp 192.168.1.222 6113 interface FastEthernet4 6113
- ip nat inside source static udp 192.168.1.222 6113 interface FastEthernet4 6113
- ip nat inside source static tcp 192.168.1.254 445 interface FastEthernet4 445
- !
- logging trap debugging
- access-list 1 remark INSIDE_IF=Vlan1
- access-list 1 remark SDM_ACL Category=2
- access-list 1 permit 192.168.1.0 0.0.0.255
- access-list 100 remark auto generated by Cisco SDM Express firewall configuration
- access-list 100 remark SDM_ACL Category=1
- access-list 100 deny ip host 255.255.255.255 any
- access-list 100 deny ip 127.0.0.0 0.255.255.255 any
- access-list 100 permit ip any any
- access-list 101 permit udp any any eq isakmp
- access-list 101 permit udp any any eq non500-isakmp
- access-list 101 permit udp any eq isakmp any
- access-list 101 permit udp any eq non500-isakmp any
- access-list 101 permit ahp any any
- access-list 101 permit esp any any
- access-list 101 permit gre any any
- access-list 101 permit udp any any eq domain
- access-list 101 permit udp any eq domain any
- access-list 101 permit tcp any any eq domain
- access-list 101 permit tcp any eq domain any
- access-list 101 permit tcp any any established
- access-list 101 permit udp any eq bootps any eq bootpc
- access-list 101 permit icmp any any echo-reply
- access-list 101 permit icmp any any time-exceeded
- access-list 101 permit icmp any any unreachable
- access-list 101 permit ip any any
- access-list 101 permit tcp any host 192.168.1.254 eq 445
- access-list 101 permit tcp any any eq 445
- access-list 102 remark Livepermit
- access-list 102 remark SDM_ACL Category=1
- access-list 102 deny ip host 192.168.1.251 host 192.168.1.251 log
- access-list 102 deny tcp host 192.168.1.251 host 192.168.1.251 log
- access-list 102 deny udp host 192.168.1.251 host 192.168.1.251 log
- access-list 102 deny udp host 192.168.1.31 host 192.168.1.31
- access-list 102 deny ip host 192.168.1.49 host 192.168.1.49
- access-list 102 deny ip host 192.168.1.42 host 192.168.1.42
- access-list 102 deny tcp host 192.168.1.42 eq www host 192.168.1.42 eq www log
- access-list 102 permit udp any any eq 88
- access-list 102 permit udp any any eq 3074
- access-list 102 permit tcp any any eq 3074
- access-list 102 permit ip any any
- access-list 103 remark blocks
- access-list 103 remark SDM_ACL Category=1
- access-list 103 deny tcp any range 11000 26999 any range 11000 26999
- access-list 103 deny udp any range 11000 26999 any range 11000 26999
- access-list 103 deny tcp any range 28000 65534 any range 28000 65534
- access-list 103 deny udp any range 28000 65534 any range 28000 65534
- access-list 103 deny ip any host 192.168.1.252
- access-list 103 permit tcp any any
- access-list 103 permit udp any any
- access-list 103 permit icmp any any
- access-list 103 permit ip any any
- access-list 105 permit ip any any
- access-list 105 permit tcp any any established
- access-list 105 permit udp any any
- access-list 106 permit tcp any any established
- access-list 106 permit udp any any
- access-list 106 permit tcp any any eq 445
- access-list 106 permit tcp any any eq ftp
- access-list 106 permit tcp any any eq 22
- access-list 106 permit tcp any any eq telnet
- snmp-server community SAE RO
- no cdp run
- !
- control-plane
- !
- banner login ^CAuthorized access only!
- Disconnect IMMEDIATELY if you are not an authorized user!^C
- !
- line con 0
- login local
- no modem enable
- transport output telnet
- line aux 0
- login local
- transport output telnet
- line vty 0 4
- exec-timeout 60 0
- privilege level 15
- password 7 <removed>
- login
- length 0
- transport input telnet ssh
- !
- scheduler max-task-time 5000
- scheduler allocate 4000 1000
- scheduler interval 500
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement