Untitled

service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
!
hostname 887VA-M-NPC
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 10 log
security passwords min-length 6
enable secret 5 $1$Toy8$5SD2H0A6Jt1n0T7l88I6D/
!
no aaa new-model
memory-size iomem 10
clock timezone ACST 9 30
clock summer-time ACST recurring 1 Sun Oct 2:00 1 Sun Apr 2:00
!
!
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 100
ip icmp rate-limit unreachable DF 100
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.2
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool LAN
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 192.231.203.132 203.0.178.191 122.49.191.252 211.29.132.12
 lease infinite
!
ip dhcp pool VOICE
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1
 dns-server 192.231.203.132 192.231.203.3
 lease infinite
!
!
no ip bootp server
ip domain name myrepublic.com.au
ip name-server 192.231.203.132
ip name-server 203.0.178.191
ip name-server 122.49.191.252
ip name-server 211.29.132.12
ip inspect WAAS flush-timeout 10
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name DEMONWALL icmp
ip inspect name DEMONWALL dns
ip inspect name DEMONWALL tcp
ip inspect name DEMONWALL udp
ip inspect name DEMONWALL https
ip inspect name DEMONWALL imap reset
ip inspect name DEMONWALL imaps
ip inspect name DEMONWALL smtp
ip inspect name DEMONWALL http
ip cef
login quiet-mode access-class 100
login on-failure log
login on-success log
no ipv6 cef
!
!
cts logging verbose
license udi pid CISCO887M-K9 sn FGL152925U2
!
!
username nutterpc privilege 15
username flip privilege 15
!
!
crypto ikev2 proposal Nutterpc-Flip
 encryption aes-cbc-256
 integrity sha256
 group 14
!
crypto ikev2 policy Nutterpc-Flip
 proposal Nutterpc-Flip
!
crypto ikev2 keyring Nutterpc-Flip
 peer FLIP
  address 150.101.17.85
  pre-shared-key local '^Wu%6^s296>&>rU-}YM%YTgY
  pre-shared-key remote '^Wu%6^s296>&>rU-}YM%YTgY
 !
!
crypto ikev2 profile Nutterpc-Flip
 match identity remote address 150.101.17.85 255.255.255.255
 identity local address 203.122.217.10
 authentication remote pre-share
 authentication local pre-share
 keyring local Nutterpc-Flip
!
!
controller VDSL 0
 description **VDSL Chipset**
 operating mode vdsl2
 firmware filename flash:VA_A_39m_B_38h3_24h_o.bin
 sra
 shutdown
 no cdp run
!
ip tcp ecn
ip tcp selective-ack
ip tcp timestamp
ip tcp window-size 262140
ip tcp queuemax 16
ip tcp synwait-time 10
ip tcp path-mtu-discovery
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip ssh pubkey-chain
  username nutterpc
   key-hash ssh-rsa BC0D4043D25F1DAFC3853F6CFD32F863
  username flip
   key-hash ssh-rsa E0F7FFE70E283399352782B3A7E7AF5E
  username seth
   key-hash ssh-rsa 5431D7A9454BF88AD9C9EC897A2DD76E
no ip ssh server authenticate user keyboard
no ip ssh server authenticate user password
!
class-map match-any VOICE-MATCH-DSCP
 match ip dscp ef
class-map match-any CORE
 match protocol dns
 match access-group name ESO
class-map match-any CRITICAL-DATA
 match protocol imap
 match protocol smtp
 match protocol secure-imap
 match protocol ipsec
class-map match-any CONTROL
 match protocol http
 match protocol secure-http
class-map match-any VOICE-MATCH-ACL
 match access-group 120
!
policy-map VOICE-OUT
 class VOICE-MATCH-DSCP
  priority 128
 class CRITICAL-DATA
  bandwidth 96
 class CONTROL
  bandwidth 192
 class CORE
  priority 682
 class class-default
  fair-queue
policy-map VOICE-IN
 class VOICE-MATCH-ACL
  set ip dscp ef
!
!
crypto ipsec transform-set Nutterpc-Flip esp-aes 256 esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile Nutterpc-Flip
 set transform-set Nutterpc-Flip
 set ikev2-profile Nutterpc-Flip
!
!
buffers tune automatic
!
!
interface Tunnel0
 ip address 192.168.1.1 255.255.255.0
 tunnel source 203.122.217.10
 tunnel mode ipsec ipv4
 tunnel destination 150.101.17.85
 tunnel protection ipsec profile Nutterpc-Flip
!
interface Null0
 no ip unreachables
!
interface Ethernet0
description FTTN-Skyrepublic
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
shutdown
ip virtual-reassembly in
no mop enabled
!
interface ATM0
description ***Internode DSLAM***
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode adsl2
 dsl gain-setting tx-offset 3
 dsl gain-setting rx-offset 3
 dsl bitswap both
 hold-queue 1024 in
 pvc 8/35
  vbr-rt 1100 1100 1
  tx-ring-limit 2
  encapsulation aal5snap
  service-policy out VOICE-OUT
  pppoe-client dial-pool-number 1

 !
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 switchport access vlan 2
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 description **DemonLAN**
 ip address 192.168.0.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan2
 description **NodePhone VoIP**
 ip address 192.168.2.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer1
 description ***Internode ADSL***
 ip address negotiated
 ip access-group ProtectRouter in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip inspect DEMONWALL in
 ip inspect DEMONWALL out
 ip virtual-reassembly in
 ip verify unicast reverse-path
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 ppp chap hostname aliteric@internode.on.net
 ppp chap password 7 15300136511D097C0C6420
 no cdp enable
 service-policy input VOICE-IN
 hold-queue 1024 in
!
router rip
 version 2
 network 10.0.0.0
 network 172.16.0.0
 network 192.168.0.0
 network 192.168.1.0
 network 192.168.2.0
!
ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
!
no ip nat service sip udp port 5060
ip nat inside source list NAT interface Dialer1 overload
ip nat inside source static tcp 192.168.2.2 5060 interface Dialer0 5060
ip route 0.0.0.0 0.0.0.0 Dialer1
#ip route 0.0.0.0 0.0.0.0 dhcp
ip route 192.168.1.0 255.255.255.0 Tunnel0
ip route 0.0.0.0 0.0.0.0 Null0 255
!
ip access-list extended ESO
 permit udp any any range 24100 24131
 permit tcp any any range 24100 24131
 permit tcp any any range 24500 24507
 permit udp any any range 24500 24507
 permit udp any any range 24300 24331
 permit tcp any any range 24300 24331
ip access-list extended NAT
 permit ip 192.168.0.0 0.0.0.255 any
 permit ip 192.168.2.0 0.0.0.255 any
 permit ip 172.16.32.0 0.0.0.255 any
 permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended ProtectRouter
 permit udp any any eq isakmp
 permit esp any any
 permit udp any any eq non500-isakmp
 deny   tcp any any fragments
 deny   udp any any fragments
 deny   icmp any any fragments
 deny   icmp any any information-request
 deny   icmp any any timestamp-request
 deny   icmp any any mask-request
 deny   ip any any fragments
 deny   ip any any option any-options
 deny   ip any any option traceroute
 deny   icmp any any echo option any-options
 deny   icmp any any information-request option any-options
 deny   icmp any any timestamp-request option any-options
 deny   icmp any any mask-request option any-options
 deny   113 any any option any-options
 deny   tcp any any eq 465 option any-options
 deny   ip any any ttl lt 16
 permit ip any any

!
logging trap debugging
logging facility local2
ipv6 route ::/0 Dialer1
!
access-list 1 permit 192.83.231.113
access-list 1 permit 150.101.17.85
access-list 1 permit 150.101.1.62
access-list 1 permit 203.26.95.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 deny   any log
access-list 120 permit ip host 192.168.0.7 any
!
!
control-plane
!
access-list 120 permit ip host 192.168.2.2 any
access-list 120 permit udp any any range 16384 16482
access-list 120 permit tcp any any eq 1720
!
banner motd ^C
Use of this network and computer systems is restricted to authorised users.
User activity is monitored and recorded by system personnel. Anyone
using the network expressly consents to such monitoring and recording.


Unauthorised access to this system is a criminal offence under
Australian law (Federal Crimes Act Part VIA).


        It is a criminal offence to:
        (1) Obtain access to data without authority.
                - Penalty of 2 years imprisonment
        (2) Damage, delete, alter or insert data without authority.
                - Penalty of 10 years imprisonment.


If criminal activity is detected, system records, along with
any relevant personal information, will be provided to law enforcement officials


^C
!
line con 0
 logging synchronous
 login local
 no modem enable
 terminal-type vt100
 length 25
 stopbits 1
line aux 0
line vty 0 4
 exec-timeout 60 0
 logging synchronous
 login local
 terminal-type vt100
 length 25
 transport input ssh
 transport output ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 400
sntp server 192.231.203.132
end