Hi,

I have main router CISCO 3825 VO4 and main switch C3560 48P

and you will see here the running configuration in the router

Plz can you tell me your opinion in this scenario

and if you can give me any concepts or ideas to improve it

show run

Building configuration...

!

version 12.4

service config

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime

service password-encryption

service compress-config

!

hostname mainRouter

!

boot-start-marker

boot system flash c3825-advsecurityk9-mz.124-22.T.bin

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging message-counter syslog

no logging buffered

enable secret 5 ##############

!

aaa new-model

!

!

aaa authentication login TEMP group tacacs+ local enable

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default

action-type start-stop

group tacacs+

!

aaa accounting commands 1 default

action-type start-stop

group tacacs+

!

aaa accounting commands 15 default

action-type start-stop

group tacacs+

!

aaa accounting system default

action-type start-stop

group tacacs+

!

!

!

aaa session-id common

!

dot11 syslog

no ip source-route

!

!

ip cef

!

!

no ip bootp server

no ip domain lookup

ip domain name mydomain.com

ip name-server (IP of Internet Server)

!

multilink bundle-name authenticated

!

!

!

crypto pki trustpoint TP-self-signed-#########

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-#########

revocation-check none

rsakeypair TP-self-signed-#########

!

!

crypto pki certificate chain TP-self-signed-##########

certificate self-signed 01

  30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32343035 39353035 3533301E 170D3039 30323039 31303036

  34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  ets….

!

!

archive

log config

  logging enable

  hidekeys

!

!

crypto isakmp policy 10

encr aes

authentication pre-share

crypto isakmp key ############# address (Location2) no-xauth

!

!

crypto ipsec transform-set AES ah-sha-hmac esp-aes 256

!

crypto ipsec profile Main-location-to-location2-GRE-IPSec

set transform-set AES

!

!

!

ip tcp synwait-time 10

ip telnet source-interface GigabitEthernet0/1.8

ip ssh source-interface Tunnel0

ip ssh logging events

ip ssh version 2

ip scp server enable

!

!

!

interface Loopback0

ip address 10.0.0.254 255.255.255.248

!

interface Tunnel0

description - GRE/IPSec Tunnel to location2

ip address 10.0.0.15 255.255.255.252

tunnel source (Main-location-IP)

tunnel destination (location2-IP)

!

interface GigabitEthernet0/0

description - fibre link to My ISP

no ip address

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

no mop enabled

!

interface GigabitEthernet0/0.444

description - MPLS VLAN 444

encapsulation dot1Q 444

ip address (Real IP 1)

ip flow ingress

ip virtual-reassembly

no cdp enable

!

interface GigabitEthernet0/0.461

description - VPN VLAN 461

encapsulation dot1Q 461

ip address (Real IP 2)

!

interface GigabitEthernet0/1

description - Main Router to main Switch

no ip address

ip nbar protocol-discovery

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1.8

encapsulation dot1Q 8

ip address (Real IP)

!

interface GigabitEthernet0/1.10

encapsulation dot1Q 10

ip address 10.0.0.12 255.255.255.252

!

interface Group-Async0

physical-layer async

no ip address

encapsulation slip

no group-range

!

router eigrp 1

redistribute ospf 1 metric 1 1 1 1 1 route-map OSPF2EIGRP

passive-interface GigabitEthernet0/0.444

passive-interface GigabitEthernet0/1.8

network 10.0.0.14 0.0.0.3

auto-summary

!

router ospf 1

router-id 10.0.0.254

log-adjacency-changes

redistribute eigrp 1 metric 10 subnets route-map EIGRP2OSPF

redistribute bgp 64917 metric 10 subnets route-map BGP2OSPF

network 10.0.0.12 0.0.0.0 area 1

!

router bgp 64917

no synchronization

bgp log-neighbor-changes

redistribute ospf 1 route-map OSPF2BGP

neighbor (Real IP) remote-as 65000

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 (IP of ISP)

no ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip tacacs source-interface Tunnel0

!

ip access-list standard Group1

permit (Some IPs)

deny   any

ip access-list standard Group2

permit (Some IPs)

deny   any

ip access-list standard Group3

permit (Some IPs)

deny   any log

ip access-list standard Group4

permit (Some IPs)

deny   any log

!

logging trap debugging

logging facility local4

logging source-interface Tunnel0

!

!

!

route-map BGP2OSPF permit 10

match ip address Group1

!

route-map OSPF2BGP permit 10

match ip address Group3

!

route-map OSPF2EIGRP permit 10

match ip address Group3

!

route-map EIGRP2OSPF permit 10

match ip address Group2

!

!

tacacs-server host (tacacs-Server-IP) key 7 ###############

!

control-plane

!

!

line con 0

login authentication TEMP

transport output telnet

line aux 0

login authentication TEMP

transport output telnet

line vty 0 4

access-class Group4 in

login authentication TEMP

transport input telnet ssh

line vty 5 15

access-class Group4 in

login authentication TEMP

transport input telnet ssh

!

scheduler allocate 20000 1000

end