Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- service nagle
- no service pad
- service tcp-keepalives-in
- service tcp-keepalives-out
- service timestamps debug datetime msec localtime show-timezone
- service timestamps log datetime msec localtime show-timezone
- service password-encryption
- service internal
- service sequence-numbers
- !
- hostname 887VA-M-NPC
- !
- boot-start-marker
- boot-end-marker
- !
- !
- security authentication failure rate 10 log
- security passwords min-length 6
- enable secret 5 $1$Toy8$5SD2H0A6Jt1n0T7l88I6D/
- !
- no aaa new-model
- memory-size iomem 10
- clock timezone ACST 9 30
- clock summer-time ACST recurring 1 Sun Oct 2:00 1 Sun Apr 2:00
- !
- !
- no ip source-route
- no ip gratuitous-arps
- ip icmp rate-limit unreachable 100
- ip icmp rate-limit unreachable DF 100
- !
- !
- ip dhcp excluded-address 192.168.0.1 192.168.0.2
- ip dhcp excluded-address 192.168.2.1
- !
- ip dhcp pool LAN
- network 192.168.0.0 255.255.255.0
- default-router 192.168.0.1
- dns-server 192.231.203.132 203.0.178.191 122.49.191.252 211.29.132.12
- lease infinite
- !
- ip dhcp pool VOICE
- network 192.168.2.0 255.255.255.0
- default-router 192.168.2.1
- dns-server 192.231.203.132 192.231.203.3
- lease infinite
- !
- !
- no ip bootp server
- ip domain name myrepublic.com.au
- ip name-server 192.231.203.132
- ip name-server 203.0.178.191
- ip name-server 122.49.191.252
- ip name-server 211.29.132.12
- ip inspect WAAS flush-timeout 10
- ip inspect udp idle-time 15
- ip inspect tcp idle-time 1800
- ip inspect tcp finwait-time 1
- ip inspect tcp synwait-time 15
- ip inspect name DEMONWALL icmp
- ip inspect name DEMONWALL dns
- ip inspect name DEMONWALL tcp
- ip inspect name DEMONWALL udp
- ip inspect name DEMONWALL https
- ip inspect name DEMONWALL imap reset
- ip inspect name DEMONWALL imaps
- ip inspect name DEMONWALL smtp
- ip inspect name DEMONWALL http
- ip cef
- login quiet-mode access-class 100
- login on-failure log
- login on-success log
- no ipv6 cef
- !
- !
- cts logging verbose
- license udi pid CISCO887M-K9 sn FGL152925U2
- !
- !
- username nutterpc privilege 15
- username flip privilege 15
- !
- !
- crypto ikev2 proposal Nutterpc-Flip
- encryption aes-cbc-256
- integrity sha256
- group 14
- !
- crypto ikev2 policy Nutterpc-Flip
- proposal Nutterpc-Flip
- !
- crypto ikev2 keyring Nutterpc-Flip
- peer FLIP
- address 150.101.17.85
- pre-shared-key local '^Wu%6^s296>&>rU-}YM%YTgY
- pre-shared-key remote '^Wu%6^s296>&>rU-}YM%YTgY
- !
- !
- crypto ikev2 profile Nutterpc-Flip
- match identity remote address 150.101.17.85 255.255.255.255
- identity local address 203.122.217.10
- authentication remote pre-share
- authentication local pre-share
- keyring local Nutterpc-Flip
- !
- !
- controller VDSL 0
- description **VDSL Chipset**
- operating mode vdsl2
- firmware filename flash:VA_A_39m_B_38h3_24h_o.bin
- sra
- shutdown
- no cdp run
- !
- ip tcp ecn
- ip tcp selective-ack
- ip tcp timestamp
- ip tcp window-size 262140
- ip tcp queuemax 16
- ip tcp synwait-time 10
- ip tcp path-mtu-discovery
- ip ssh time-out 60
- ip ssh authentication-retries 2
- ip ssh version 2
- ip ssh pubkey-chain
- username nutterpc
- key-hash ssh-rsa BC0D4043D25F1DAFC3853F6CFD32F863
- username flip
- key-hash ssh-rsa E0F7FFE70E283399352782B3A7E7AF5E
- username seth
- key-hash ssh-rsa 5431D7A9454BF88AD9C9EC897A2DD76E
- no ip ssh server authenticate user keyboard
- no ip ssh server authenticate user password
- !
- class-map match-any VOICE-MATCH-DSCP
- match ip dscp ef
- class-map match-any CORE
- match protocol dns
- match access-group name ESO
- class-map match-any CRITICAL-DATA
- match protocol imap
- match protocol smtp
- match protocol secure-imap
- match protocol ipsec
- class-map match-any CONTROL
- match protocol http
- match protocol secure-http
- class-map match-any VOICE-MATCH-ACL
- match access-group 120
- !
- policy-map VOICE-OUT
- class VOICE-MATCH-DSCP
- priority 128
- class CRITICAL-DATA
- bandwidth 96
- class CONTROL
- bandwidth 192
- class CORE
- priority 682
- class class-default
- fair-queue
- policy-map VOICE-IN
- class VOICE-MATCH-ACL
- set ip dscp ef
- !
- !
- crypto ipsec transform-set Nutterpc-Flip esp-aes 256 esp-sha256-hmac
- mode tunnel
- !
- crypto ipsec profile Nutterpc-Flip
- set transform-set Nutterpc-Flip
- set ikev2-profile Nutterpc-Flip
- !
- !
- buffers tune automatic
- !
- !
- interface Tunnel0
- ip address 192.168.1.1 255.255.255.0
- tunnel source 203.122.217.10
- tunnel mode ipsec ipv4
- tunnel destination 150.101.17.85
- tunnel protection ipsec profile Nutterpc-Flip
- !
- interface Null0
- no ip unreachables
- !
- interface Ethernet0
- description FTTN-Skyrepublic
- ip address dhcp
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip flow ingress
- ip nat outside
- shutdown
- ip virtual-reassembly in
- no mop enabled
- !
- interface ATM0
- description ***Internode DSLAM***
- no ip address
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- no atm ilmi-keepalive
- dsl operating-mode adsl2
- dsl gain-setting tx-offset 3
- dsl gain-setting rx-offset 3
- dsl bitswap both
- hold-queue 1024 in
- pvc 8/35
- vbr-rt 1100 1100 1
- tx-ring-limit 2
- encapsulation aal5snap
- service-policy out VOICE-OUT
- pppoe-client dial-pool-number 1
- !
- !
- interface FastEthernet0
- no ip address
- !
- interface FastEthernet1
- switchport access vlan 2
- no ip address
- !
- interface FastEthernet2
- no ip address
- !
- interface FastEthernet3
- no ip address
- !
- interface Vlan1
- description **DemonLAN**
- ip address 192.168.0.1 255.255.255.0
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip nat inside
- ip virtual-reassembly in
- !
- interface Vlan2
- description **NodePhone VoIP**
- ip address 192.168.2.1 255.255.255.0
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip nat inside
- ip virtual-reassembly in
- !
- interface Dialer1
- description ***Internode ADSL***
- ip address negotiated
- ip access-group ProtectRouter in
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip mtu 1492
- ip nat outside
- ip inspect DEMONWALL in
- ip inspect DEMONWALL out
- ip virtual-reassembly in
- ip verify unicast reverse-path
- encapsulation ppp
- ip tcp adjust-mss 1452
- dialer pool 1
- ppp chap hostname aliteric@internode.on.net
- ppp chap password 7 15300136511D097C0C6420
- no cdp enable
- service-policy input VOICE-IN
- hold-queue 1024 in
- !
- router rip
- version 2
- network 10.0.0.0
- network 172.16.0.0
- network 192.168.0.0
- network 192.168.1.0
- network 192.168.2.0
- !
- ip forward-protocol nd
- no ip forward-protocol udp tftp
- no ip forward-protocol udp domain
- no ip forward-protocol udp time
- no ip forward-protocol udp netbios-ns
- no ip forward-protocol udp netbios-dgm
- no ip forward-protocol udp tacacs
- no ip http server
- no ip http secure-server
- !
- no ip nat service sip udp port 5060
- ip nat inside source list NAT interface Dialer1 overload
- ip nat inside source static tcp 192.168.2.2 5060 interface Dialer0 5060
- ip route 0.0.0.0 0.0.0.0 Dialer1
- #ip route 0.0.0.0 0.0.0.0 dhcp
- ip route 192.168.1.0 255.255.255.0 Tunnel0
- ip route 0.0.0.0 0.0.0.0 Null0 255
- !
- ip access-list extended ESO
- permit udp any any range 24100 24131
- permit tcp any any range 24100 24131
- permit tcp any any range 24500 24507
- permit udp any any range 24500 24507
- permit udp any any range 24300 24331
- permit tcp any any range 24300 24331
- ip access-list extended NAT
- permit ip 192.168.0.0 0.0.0.255 any
- permit ip 192.168.2.0 0.0.0.255 any
- permit ip 172.16.32.0 0.0.0.255 any
- permit ip 192.168.1.0 0.0.0.255 any
- ip access-list extended ProtectRouter
- permit udp any any eq isakmp
- permit esp any any
- permit udp any any eq non500-isakmp
- deny tcp any any fragments
- deny udp any any fragments
- deny icmp any any fragments
- deny icmp any any information-request
- deny icmp any any timestamp-request
- deny icmp any any mask-request
- deny ip any any fragments
- deny ip any any option any-options
- deny ip any any option traceroute
- deny icmp any any echo option any-options
- deny icmp any any information-request option any-options
- deny icmp any any timestamp-request option any-options
- deny icmp any any mask-request option any-options
- deny 113 any any option any-options
- deny tcp any any eq 465 option any-options
- deny ip any any ttl lt 16
- permit ip any any
- !
- logging trap debugging
- logging facility local2
- ipv6 route ::/0 Dialer1
- !
- access-list 1 permit 192.83.231.113
- access-list 1 permit 150.101.17.85
- access-list 1 permit 150.101.1.62
- access-list 1 permit 203.26.95.0 0.0.0.255
- access-list 1 permit 192.168.0.0 0.0.0.255
- access-list 1 deny any log
- access-list 120 permit ip host 192.168.0.7 any
- !
- !
- control-plane
- !
- access-list 120 permit ip host 192.168.2.2 any
- access-list 120 permit udp any any range 16384 16482
- access-list 120 permit tcp any any eq 1720
- !
- banner motd ^C
- Use of this network and computer systems is restricted to authorised users.
- User activity is monitored and recorded by system personnel. Anyone
- using the network expressly consents to such monitoring and recording.
- Unauthorised access to this system is a criminal offence under
- Australian law (Federal Crimes Act Part VIA).
- It is a criminal offence to:
- (1) Obtain access to data without authority.
- - Penalty of 2 years imprisonment
- (2) Damage, delete, alter or insert data without authority.
- - Penalty of 10 years imprisonment.
- If criminal activity is detected, system records, along with
- any relevant personal information, will be provided to law enforcement officials
- ^C
- !
- line con 0
- logging synchronous
- login local
- no modem enable
- terminal-type vt100
- length 25
- stopbits 1
- line aux 0
- line vty 0 4
- exec-timeout 60 0
- logging synchronous
- login local
- terminal-type vt100
- length 25
- transport input ssh
- transport output ssh
- !
- scheduler max-task-time 5000
- scheduler allocate 4000 400
- sntp server 192.231.203.132
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement