gangaskan#sh run
Building configuration...
Current configuration : 11535 bytes
!
! Last configuration change at 10:41:18 UTC Tue May 6 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname gangaskan
!
boot-start-marker
boot system flash:c2800nm-advipservicesk9-mz.151-4.M7.bin
boot-end-marker
!
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
enable password xxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool local
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
option 150 ip 172.21.0.10 172.21.2.10
dns-server 8.8.8.8 4.4.4.3
!
ip dhcp pool games
host 192.168.1.60 255.255.255.0
client-identifier xxxxxxxxxx
dns-server 8.8.8.8 4.4.4.3
default-router 192.168.1.1
!
!
!
no ip bootp server
ip domain name myftp.org
ip name-server 8.8.8.8
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp router-traffic timeout 3600
ip ddns update method ccp_ddns1
HTTP
add
http://[email protected]/nic/update?hostname=<h>&myip=<a>
remove
http://[email protected]/nic/update?hostname=<h>&myip=<a>
!
login block-for 30 attempts 10 within 5
ipv6 general-prefix MyPrefix 6rd Tunnel2
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-93888423
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-93888423
revocation-check none
rsakeypair TP-self-signed-93888423
!
!
crypto pki certificate chain TP-self-signed-93888423
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39333838 38343233 301E170D 31343031 31343032 30313034
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D393338 38383432
3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B291
1EFBDE88 6FD0DDC7 6EA13558 78E2342D BF10E8EB 422B478C 6CE558B3 4729EB73
2D6CC02F 37D68A7A A4356E93 BF5506B4 1697D818 D59085C6 6F34524A 257E8375
1724C936 64B43064 1915F812 6CDB9709 D0C774B9 EDE71068 54DB0120 F8565330
A3DD76E9 D4D031A1 C9D0F941 6783B3CF A49C5351 A664A63A 40E20CAC A1570203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14530DFD 823D7FA7 B0AF1A9C 862F33F1 D89813A7 4D301D06 03551D0E
04160414 530DFD82 3D7FA7B0 AF1A9C86 2F33F1D8 9813A74D 300D0609 2A864886
F70D0101 05050003 8181003E 99F06F49 0B2A9BD3 BA85183D 8BD3142A C17E518B
49711EFC 2FA50009 9DBE213E B0533A62 F33CF672 EB6DA364 AE2F1014 DB07B49D
E2EF545E 59EAA9E8 87370601 8E46C204 039338A5 AB2218CC FC5F52D7 9E51D1D6
4FCC76D2 9A72EE29 6A2DDEBA 66893A3B 12AB3309 74919CBE 28BF51AF A572E329
53E86F37 9C06DC22 E6F4BA
quit
!
!
license udi pid CISCO2821 sn FTX1445AH0T
username xxxxxx privilege 15 password 7 xxxxxxxxxxxx
!
redundancy
!
!
no ip ftp passive
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
connect acl 100
group tunnel1 key xxxxxxxxxxx
mode client
peer xxxxxxxxxxx
virtual-interface 1
username xxxxxxx password xxxxxxxx
xauth userid mode local
!
!
!
!
!
!
!
interface Tunnel2
no ip address
ip access-group BlockIN in
no ip redirects
ip mtu 1492
ipv6 address dhcp
ipv6 address autoconfig
ipv6 mtu 1472
tunnel source Dialer1
tunnel mode ipv6ip 6rd
tunnel 6rd prefix 2602::/24
tunnel 6rd br 205.171.2.64
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address dhcp
ipv6 address MyPrefix ::61:0:0:0:1/64
ipv6 enable
no mop enabled
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1 inside
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
atm ilmi-keepalive
ipv6 enable
hold-queue 240000 in
!
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ipv6 enable
snmp trap link-status
pvc 8/35
multiqueue
encapsulation aal5snap
protocol ip inarp
protocol ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
interface Dialer1
bandwidth inherit
ip ddns update ccp_ddns1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly in max-reassemblies 64
ip virtual-reassembly out max-reassemblies 64
encapsulation ppp
no ip route-cache
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxx
ppp chap password 7 xxxxxxx
ppp pap sent-username xxxxxxxx password 7 xxxxxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 192.168.1.50 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.1.45 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.45 443 interface Dialer1 443
ip nat inside source static udp 192.168.1.60 3074 interface Dialer1 3074
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 2
!
!
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 remark CCP_ACL Category=2
access-list 104 remark IPSec Rule
access-list 104 deny ip 192.168.1.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
ipv6 route 2602::/24 Tunnel2
ipv6 route ::/0 Tunnel2 2602:CD:AB02:4000::
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
snmp-server community L0ra!nNetM0n RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps adslline
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps vstack
snmp-server enable traps license
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bfd
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps firewall serverstatus
snmp-server enable traps ipmobile
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps mpls vpn
snmp-server enable traps voice
snmp-server enable traps dnis
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
exec-timeout 5 0
transport output telnet
line aux 0
exec-timeout 0 0
transport output telnet
line vty 0 4
access-class 10 in
transport input ssh
line vty 5 15
access-class 10 in
transport input ssh
!
scheduler allocate 20000 1000
end