Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Current configuration : 10725 bytes
- !
- ! No configuration change since last restart
- !
- version 12.4
- no service pad
- service timestamps debug uptime
- service timestamps log datetime msec
- service password-encryption
- !
- !
- boot-start-marker
- boot-end-marker
- !
- logging message-counter syslog
- logging userinfo
- logging buffered 4096
- !
- aaa new-model
- !
- !
- aaa authentication password-prompt Password:
- aaa authentication username-prompt Username:
- aaa authentication login default local group tacacs+ enable
- aaa accounting send stop-record authentication failure
- aaa accounting exec default start-stop broadcast group tacacs+
- aaa accounting commands 3 default start-stop broadcast group tacacs+
- aaa accounting network default start-stop group tacacs+
- aaa accounting system default start-stop broadcast group tacacs+
- !
- !
- aaa session-id common
- clock timezone GMT 0
- !
- !
- dot11 syslog
- no ip source-route
- !
- !
- !
- !
- !
- ip cef
- ip domain name ********
- ip name-server ********
- ip dhcp-server ********
- ip dhcp-server ********
- ip dhcp-server ********
- l2tp-class l2tpclass2
- !
- !
- ipv6 unicast-routing
- no ipv6 source-route
- ipv6 cef
- ipv6 dhcp pool ipv6-1
- dns-server ******
- dns-server ******
- dns-server ******
- domain-name ******
- sntp address xxxx:xxxx:xxxx::x
- information refresh infinite
- !
- multilink bundle-name authenticated
- !
- xconnect logging pseudowire status
- !
- !
- !
- no spanning-tree vlan 3
- vtp mode transparent
- !
- crypto logging session
- !
- crypto isakmp policy 1
- encr 3des
- authentication pre-share
- crypto isakmp key ******* address ******
- crypto isakmp invalid-spi-recovery
- !
- !
- crypto ipsec transform-set ****** esp-3des esp-md5-hmac
- !
- crypto ipsec profile SEC
- set transform-set ******
- !
- !
- crypto map STATIC-MAP 1 ipsec-isakmp
- set peer *******
- set transform-set *****
- match address 175
- !
- archive
- log config
- hidekeys
- !
- !
- vlan 2
- name HOME
- !
- vlan 3
- name FREEBOX
- !
- ip ssh authentication-retries 2
- ip ssh version 2
- !
- class-map match-any voice-signalling
- match access-group name VOIP-SIGNALLING
- class-map match-any voice
- match access-group name VOIP
- !
- !
- policy-map voice-out
- class voice
- police cir 350000
- conform-action set-dscp-transmit ef
- exceed-action drop
- violate-action drop
- priority 350
- class voice-signalling
- bandwidth 24
- random-detect dscp-based
- random-detect dscp 26 92 147 10
- random-detect dscp 28 28 74 5
- random-detect dscp 30 28 74 5
- police cir 24000 bc 24000 be 1200
- conform-action set-dscp-transmit af31
- exceed-action set-dscp-transmit af32
- violate-action set-dscp-transmit af33
- class class-default
- bandwidth 12
- random-detect
- random-detect precedence 0 9 25 5
- random-detect precedence 1 9 25 5
- random-detect precedence 2 9 25 5
- random-detect precedence 3 9 25 5
- random-detect precedence 4 9 25 5
- random-detect precedence 5 9 25 5
- random-detect precedence 6 31 50 10
- random-detect precedence 7 9 25 5
- !
- !
- !
- !
- !
- interface Loopback0
- ip address 192.168.0.1 255.255.255.255
- !
- interface Loopback1
- ip address 10.0.0.1 255.255.255.255
- !
- interface Tunnel500
- ip address 10.100.100.2 255.255.255.252
- ip virtual-reassembly
- ip tcp adjust-mss 900
- ipv6 address xxxx:xxxx:D15C::2/120
- ipv6 enable
- ipv6 traffic-filter PACKET_FILTER in
- ipv6 mtu 1280
- ipv6 virtual-reassembly
- cdp enable
- tunnel source Vlan3
- tunnel destination *****
- !
- interface ATM0
- no ip address
- load-interval 30
- shutdown
- no atm ilmi-keepalive
- pvc 8/35
- encapsulation aal5mux ppp dialer
- dialer pool-member 40
- !
- dsl operating-mode auto
- !
- interface FastEthernet0
- switchport access vlan 3
- !
- interface FastEthernet1
- switchport access vlan 2
- !
- interface FastEthernet2
- switchport access vlan 2
- !
- interface FastEthernet3
- switchport access vlan 3
- shutdown
- no cdp enable
- !
- !
- interface Vlan3
- description freebox
- ip dhcp client client-id Vlan3
- ip address dhcp
- no ip proxy-arp
- ip flow ingress
- ip nat outside
- ip virtual-reassembly
- ip tcp adjust-mss 900
- ipv6 address xxxx:xxxx:xxxx:xxxx::C:15C0/64
- ipv6 address autoconfig
- ipv6 enable
- ipv6 traffic-filter PACKET_FILTER in
- ipv6 nd ra suppress
- crypto map STATIC-MAP
- !
- interface Vlan2
- description private LAN - require VPN to gateway
- ip address 10.101.1.1 255.255.255.0
- ip helper-address ******
- ip mtu 1400
- ip flow ingress
- ip nat inside
- ip virtual-reassembly
- ip tcp adjust-mss 900
- ipv6 address xxxx:xxxx:xxxx:A::1/64
- ipv6 mtu 1280
- ipv6 nd other-config-flag
- ipv6 dhcp server ipv6-1
- ipv6 virtual-reassembly
- !
- interface Vlan801
- no ip address
- !
- interface Dialer40
- description BACKUP-ADSL-IN-CASE-OF-FREE-FAIL
- ip address negotiated
- ip nat outside
- ip virtual-reassembly
- encapsulation ppp
- ip tcp adjust-mss 900
- shutdown
- dialer pool 40
- no cdp enable
- ppp chap hostname **********
- ppp chap password 7 **********
- !
- ip forward-protocol nd
- ip route 0.0.0.0 0.0.0.0 ****** 100 name FREEBOX
- ip route ****** 255.255.255.255 ****** name IPSEC_TUNNEL_BINDING
- ip route ****** 255.255.255.240 10.100.100.1 200 name INTERNAL
- no ip http server
- no ip http secure-server
- !
- ip flow-export source Vlan2
- ip flow-export version 9
- ip flow-export destination ********
- !
- ip nat inside source list 140 interface Vlan3 overload
- !
- ip access-list extended FILTER
- permit tcp any any established
- permit icmp any any
- !
- ip sla responder
- ip sla 1
- icmp-echo ****** source-interface Vlan3
- timeout 3000
- threshold 2000
- owner VPN
- frequency 30
- ip sla schedule 1 life forever start-time now
- logging trap debugging
- logging facility local0
- logging **************
- access-list 140 deny ip 10.101.1.0 0.0.0.255 **********
- access-list 140 deny ip 10.111.111.0 0.0.0.255 ************
- access-list 140 permit ip 10.101.1.0 0.0.0.255 any
- access-list 175 permit gre host ****** host ********
- access-list 180 permit ip any any
- access-list 198 permit ip any any
- dialer-list 40 protocol ip permit
- dialer-list 90 protocol ip permit
- ipv6 route ::/0 xxxx:xxxx:xxxx::1
- ipv6 route ::/0 xxxx:xxxx:xxxx::1 250
- ipv6 local policy route-map PUBLIC_V6_VIA_FREE
- ipv6 router nemo
- distance 10
- !
- !
- !
- ipv6 prefix-list LOCAL seq 5 permit xxxx:xxxx:xxxx:A::/64
- !
- !
- !
- route-map SMTP-TO-WAN-ALWAYS permit 10
- match ip address 199
- !
- route-map PUBLIC_V6_VIA_FREE permit 10
- match ipv6 address FREE_V6_SPACE
- set ipv6 next-hop xxxx:xxxx:xxxx:xxxx::1
- !
- tacacs-server host x.x.x.x
- !
- !
- !
- control-plane
- !
- !
- scheduler max-task-time 5000
- ntp server 10.111.111.1 prefer source Tunnel500
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement