Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- headoffice Cisco Running config
- =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.11.11 22:52:33 =~=~=~=~=~=~=~=~=~=~=~=
- show runn
- AMBLIB-RTR-1#show running-config
- Building configuration...
- Current configuration : 12557 bytes
- !
- ! Last configuration change at 15:16:53 UTC Thu Nov 11 2010 by epicsupport
- ! NVRAM config last updated at 12:22:51 UTC Tue Nov 9 2010 by epicsupport
- !
- version 12.4
- no service pad
- service tcp-keepalives-in
- service tcp-keepalives-out
- service timestamps debug datetime msec localtime show-timezone
- service timestamps log datetime msec localtime show-timezone
- service password-encryption
- service sequence-numbers
- !
- hostname AMBLIB-RTR-1
- !
- boot-start-marker
- boot-end-marker
- !
- security authentication failure rate 3 log
- logging buffered 30000 informational
- enable secret 5 $1$bhvM$EAslD0FXdOXj6SzrmrUbZ/
- --More-- !
- aaa new-model
- !
- !
- aaa authentication password-prompt "Enter your Password:"
- aaa authentication username-prompt "Enter your Username:"
- aaa authentication login default local
- aaa authentication login remote group radius
- aaa authorization network default local
- aaa authorization network remote local
- !
- aaa session-id common
- !
- resource policy
- !
- memory-size iomem 25
- clock summer-time bst recurring last Sun Mar 2:00 last Sun Oct 2:00
- no ip source-route
- ip cef
- !
- !
- !
- !
- --More-- no ip bootp server
- ip domain name am-lib.local
- ip name-server 194.72.6.57
- ip name-server 194.73.82.242
- ip ssh time-out 30
- ip ssh version 2
- ip inspect name FW cuseeme timeout 3600
- ip inspect name FW ftp timeout 3600
- ip inspect name FW rcmd timeout 3600
- ip inspect name FW realaudio timeout 3600
- ip inspect name FW tftp timeout 30
- ip inspect name FW udp timeout 3600
- ip inspect name FW tcp timeout 3600
- ip inspect name FW h323 timeout 3600
- ip inspect name FW sip timeout 3600
- login block-for 100 attempts 3 within 100
- login delay 3
- login quiet-mode access-class LOGIN-ACL
- login on-failure log
- login on-success log
- !
- !
- crypto pki trustpoint TP-self-signed-1379823495
- --More-- enrollment selfsigned
- subject-name cn=IOS-Self-Signed-Certificate-1379823495
- revocation-check none
- rsakeypair TP-self-signed-1379823495
- !
- !
- crypto pki certificate chain TP-self-signed-1379823495
- certificate self-signed 01
- 30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
- 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
- 69666963 6174652D 31333739 38323334 3935301E 170D3032 30333031 30303239
- 35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
- 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33373938
- 32333439 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
- 8100B183 C3306E39 2F284B30 19A86844 85DA6AAA CCCD6AB0 8A725712 C8F8AE7D
- 6C556F92 5D264AF0 FEF3A675 BC4B6405 8785C502 FFB26B26 14E8C1A0 0ABC07D1
- 1EFB3903 82D8E846 2993E8A5 C7C6C466 8D8B92A6 FD94111B 7EA832FA 2B5CFE10
- CE3EEA56 3778AC93 DE4DB1B7 F45F599B E6595817 65A3D34D E5EAFBDB 7B40D4C6
- F7470203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
- 551D1104 1D301B82 19414D42 4C49422D 5254522D 312E616D 2D6C6962 2E6C6F63
- 616C301F 0603551D 23041830 1680144C BCD76DA0 027E04F1 EA61BC9D C769A052
- C6851F30 1D060355 1D0E0416 04144CBC D76DA002 7E04F1EA 61BC9DC7 69A052C6
- 851F300D 06092A86 4886F70D 01010405 00038181 0057F904 D3930374 D0FC1007
- --More-- CC01033A FEC49D5E CF56A680 BC0E9E68 B1BCAD55 E32E8033 C703583D 8C33B8A3
- 53DC86E0 692FE324 21AA3585 83FB0826 8E8756C4 78D5A772 7B33DC75 EEE69FD4
- 420D2AB6 82798C67 141C989A 0CC69D6B 5932E0F9 E37C22CE D8FA51EC 2A7C2CE7
- 913BB018 C03447A9 493C4005 C150763E 92A45A5B AE
- quit
- username epicit privilege 15 secret 5 $1$qeJm$pjO/4.1NfZX2EsOFtJPfw0
- username epicsupport privilege 15 secret 5 $1$Vfe.$GmaO6JeorN/Os05FceIoa1
- !
- !
- !
- crypto isakmp policy 10
- encr 3des
- authentication pre-share
- group 2
- lifetime 28800
- !
- crypto isakmp policy 20
- encr 3des
- authentication pre-share
- crypto isakmp key LR-ZERO1 address 193.220.61.149
- crypto isakmp key LR-ZERO1 address 193.220.61.164
- !
- crypto isakmp client configuration group VPNCLIENT
- --More-- key L3kk3rVPNCLIENT
- dns 10.0.50.1 10.0.50.254
- wins 10.0.50.1
- domain am-lib.local
- pool VPNCLIENTPOOL
- acl 140
- crypto isakmp profile VPNclient
- description VPN clients profile
- match identity group VPNCLIENT
- client authentication list remote
- isakmp authorization list remote
- client configuration address respond
- !
- !
- crypto ipsec transform-set MainSet esp-3des esp-sha-hmac
- !
- crypto dynamic-map DYNMAP 5
- set transform-set MainSet
- set isakmp-profile VPNclient
- !
- !
- crypto map MYMAP local-address Vlan2
- crypto map MYMAP 10 ipsec-isakmp
- --More-- set peer 193.220.61.149
- set transform-set MainSet
- match address 160
- crypto map MYMAP 20 ipsec-isakmp
- set peer 193.220.61.164
- set transform-set MainSet
- match address 170
- crypto map MYMAP 100 ipsec-isakmp dynamic DYNMAP
- !
- bridge irb
- !
- !
- !
- interface ATM0
- no ip address
- shutdown
- no atm ilmi-keepalive
- dsl operating-mode auto
- !
- interface FastEthernet0
- switchport access vlan 2
- !
- interface FastEthernet1
- --More-- !
- interface FastEthernet2
- !
- interface FastEthernet3
- !
- interface Dot11Radio0
- no ip address
- !
- broadcast-key change 45
- !
- !
- encryption mode ciphers tkip
- !
- ssid AMWLAN
- authentication open
- authentication key-management wpa
- guest-mode
- infrastructure-ssid optional
- wpa-psk ascii 7 123828203E2A22137B2D75
- !
- speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
- channel 2462
- station-role root
- --More-- bridge-group 1
- bridge-group 1 subscriber-loop-control
- bridge-group 1 spanning-disabled
- bridge-group 1 block-unknown-source
- no bridge-group 1 source-learning
- no bridge-group 1 unicast-flooding
- !
- interface Vlan1
- no ip address
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip virtual-reassembly
- bridge-group 1
- !
- interface Vlan2
- description Connected to Shared Internet Connection
- ip address 94.185.232.3 255.255.255.240
- ip access-group 100 in
- ip verify unicast reverse-path
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- --More-- ip nat outside
- ip inspect FW out
- ip virtual-reassembly
- ip tcp adjust-mss 1375
- no snmp trap link-status
- crypto map MYMAP
- !
- interface BVI1
- description Connected to internal LAN
- ip address 10.0.50.254 255.255.255.0
- ip access-group 110 in
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip nat inside
- ip virtual-reassembly
- !
- ip local pool VPNCLIENTPOOL 10.0.51.1 10.0.51.60
- ip route 0.0.0.0 0.0.0.0 94.185.232.1
- !
- ip dns server
- !
- no ip http server
- --More-- ip http authentication local
- ip http secure-server
- ip nat inside source route-map NONAT interface Vlan2 overload
- ip nat inside source static tcp 10.0.50.1 25 94.185.232.3 25 route-map STATIC extendable
- ip nat inside source static tcp 10.0.50.1 80 94.185.232.3 80 route-map STATIC extendable
- ip nat inside source static tcp 10.0.50.1 110 94.185.232.3 110 route-map STATIC extendable
- ip nat inside source static tcp 10.0.50.1 443 94.185.232.3 443 route-map STATIC extendable
- ip nat inside source static tcp 10.0.50.1 3389 94.185.232.3 3389 route-map STATIC extendable
- ip nat inside source static tcp 10.0.50.1 5060 94.185.232.3 5060 route-map STATIC extendable
- ip nat inside source static tcp 10.0.50.1 5061 94.185.232.3 5061 route-map STATIC extendable
- !
- !
- access-list 100 remark ###Allow SSH
- access-list 100 permit tcp host 62.3.203.35 host 94.185.232.3 eq 22
- access-list 100 permit tcp host 83.244.252.130 host 94.185.232.3 eq 22
- access-list 100 permit tcp host 78.86.118.156 host 94.185.232.3 eq 22
- --More-- access-list 100 remark ###Allow GRE, ESP, ISAKMP & PPTP for VPN
- access-list 100 permit tcp any host 94.185.232.3 eq 1723
- access-list 100 permit gre any host 94.185.232.3
- access-list 100 permit esp any any
- access-list 100 permit udp any any eq isakmp
- access-list 100 permit udp any any eq non500-isakmp
- access-list 100 remark ###Allow POP3/SMTP to server
- access-list 100 permit tcp 89.167.219.0 0.0.0.255 host 94.185.232.3 eq smtp
- access-list 100 permit tcp 80.169.59.0 0.0.0.255 host 94.185.232.3 eq smtp
- access-list 100 permit tcp host 212.147.136.149 host 94.185.232.3 eq smtp
- access-list 100 permit tcp host 89.149.149.67 host 94.185.232.3 eq smtp
- access-list 100 permit tcp any host 94.185.232.3 eq smtp
- access-list 100 permit tcp any host 94.185.232.3 eq pop3
- access-list 100 remark ###Allow HTTP/HTTPS to server
- access-list 100 permit tcp any host 94.185.232.3 eq 443
- access-list 100 permit tcp any host 94.185.232.3 eq www
- access-list 100 remark ###Allow FTP to server
- access-list 100 permit tcp any host 94.185.232.3 eq ftp
- access-list 100 permit tcp any host 94.185.232.3 eq 8090
- access-list 100 permit tcp any host 94.185.232.3 eq ftp-data
- access-list 100 remark ###Allow RDP to server
- access-list 100 permit tcp host 62.3.203.35 host 94.185.232.3 eq 3389
- access-list 100 permit tcp host 78.86.118.156 host 94.185.232.3 eq 3389
- --More-- access-list 100 permit tcp any host 94.185.232.3 eq 3389
- access-list 100 remark ###Allow SNMP to router
- access-list 100 permit udp host 62.3.203.35 host 94.185.232.3 eq snmp
- access-list 100 permit udp host 78.86.118.156 host 94.185.232.3 eq snmp
- access-list 100 remark ###Allow SIP to server for OCS
- access-list 100 permit tcp any host 94.185.232.3 eq 5060
- access-list 100 permit udp any host 94.185.232.3 eq 5060
- access-list 100 permit tcp any host 94.185.232.3 eq 5061
- access-list 100 permit udp any host 94.185.232.3 eq 5061
- access-list 100 remark ###Allow DNS lookups
- access-list 100 permit udp host 194.72.6.57 eq domain host 94.185.232.3
- access-list 100 permit udp host 194.73.82.242 eq domain host 94.185.232.3
- access-list 100 remark ###Allow NTP time synch
- access-list 100 permit udp host 158.43.128.33 host 94.185.232.3 eq ntp
- access-list 100 permit udp host 158.43.128.66 host 94.185.232.3 eq ntp
- access-list 100 permit udp host 158.43.192.66 host 94.185.232.3 eq ntp
- access-list 100 remark ###Allow ICMP
- access-list 100 permit icmp any any
- access-list 100 remark ###Explicit deny all
- access-list 100 deny ip any any log
- access-list 110 permit ip 10.0.50.0 0.0.0.255 10.0.51.0 0.0.0.255
- access-list 110 permit ip 10.0.50.0 0.0.0.255 10.10.1.0 0.0.0.255
- access-list 110 remark ###Anti-spoof Internally
- --More-- access-list 110 deny udp any eq netbios-dgm any
- access-list 110 deny udp any eq netbios-ns any
- access-list 110 deny udp any eq netbios-ss any
- access-list 110 deny udp any eq 445 any
- access-list 110 deny tcp any eq 137 any
- access-list 110 deny tcp any eq 138 any
- access-list 110 deny tcp any eq 139 any
- access-list 110 deny tcp any eq 445 any
- access-list 110 permit udp any eq bootpc any eq bootps
- access-list 110 permit ip 10.0.50.0 0.0.0.255 any
- access-list 110 deny ip any any log
- access-list 110 permit ip 10.0.50.0 0.0.0.255 10.10.20.0 0.0.0.255
- access-list 140 remark ###VPN Client Split Tunneling
- access-list 140 permit ip 10.0.50.0 0.0.0.255 any
- access-list 140 permit ip 10.0.51.0 0.0.0.255 any
- access-list 150 deny ip 10.0.50.0 0.0.0.255 10.0.51.0 0.0.0.255
- access-list 150 deny ip 10.0.50.0 0.0.0.255 10.10.1.0 0.0.0.255
- access-list 150 permit ip 10.0.50.0 0.0.0.255 any
- access-list 160 remark ###Match traffic for Liberia
- access-list 160 permit ip 10.0.50.0 0.0.0.255 10.10.1.0 0.0.0.255
- access-list 170 permit ip 10.0.50.0 0.0.0.255 10.10.20.0 0.0.0.255
- snmp-server community EpicIT-RO RO
- snmp-server community EpicIT-RW RW
- --More-- !
- !
- !
- route-map STATIC permit 10
- match ip address 150
- !
- route-map NONAT permit 10
- match ip address 150
- !
- radius-server host 10.0.50.1 auth-port 1645 acct-port 1646
- radius-server retransmit 1
- radius-server timeout 1
- radius-server key 7 00281C0800540557
- !
- control-plane
- !
- bridge 1 protocol ieee
- bridge 1 route ip
- privilege exec level 2 enable
- !
- line con 0
- exec-timeout 0 0
- privilege level 15
- no modem enable
- transport output all
- stopbits 1
- line aux 0
- transport output all
- stopbits 1
- line vty 0 4
- --More-- privilege level 15
- length 0
- transport input ssh
- !
- scheduler max-task-time 5000
- ntp clock-period 17208153
- ntp server 158.43.128.33
- ntp server 158.43.128.66
- ntp server 158.43.192.66
- !
- webvpn context Default_context
- ssl authenticate verify all
- !
- no inservice
- !
- end
- AMBLIB-RTR-1#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement