version 12.4 service timestamps debug datetime msec service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname CIA-VPN01 ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging enable secret 5 $1$yBtc$zfE/jsE8igGdzak67Bex/0 ! aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! aaa session-id common ! resource policy ! clock timezone CHILE -4 ! ! ip cef ! ! ip domain name e-contact.cl ip ssh version 2 ! ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! username admin privilege 15 secret 5 $1$29PP$IsYMY4j7SykqI8AS4G4c.1 archive log config logging enable logging size 200 notify syslog hidekeys ! ! ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp policy 3 hash md5 authentication pre-share group 2 crypto isakmp key R3c-18,C4ja. address 190.54.53.58 crypto isakmp key Bc13cont4ct2017 address 199.186.28.228 crypto isakmp key b4p5.3cnt9 address 200.75.23.190 ! ! crypto ipsec transform-set TS-LOCAL esp-3des esp-sha-hmac crypto ipsec transform-set BCI esp-3des esp-sha-hmac crypto ipsec transform-set CRUZBLANCA ah-md5-hmac esp-3des ! ! crypto map VPN_MAP-LOCAL 1 ipsec-isakmp set peer 190.54.53.58 set transform-set TS-LOCAL match address VPN-TRAFFIC-LOCAL crypto map VPN_MAP-LOCAL 2 ipsec-isakmp set peer 199.186.28.228 set transform-set BCI match address TRAFFIC-BCI crypto map VPN_MAP-LOCAL 3 ipsec-isakmp set peer 200.75.23.190 set transform-set CRUZBLANCA match address TRAFFIC-CRUZBLANCA ! ! ! ! interface FastEthernet0/0 description EXTERNA ip address 64.76.142.122 255.255.255.240 duplex auto speed auto crypto map VPN_MAP-LOCAL ! interface FastEthernet0/1 no ip address duplex full speed 100 ! interface FastEthernet0/1.111 description NAT-CRUZBLANCA encapsulation dot1Q 111 ip address 192.168.101.4 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/1.1108 description SUBRED_PASO-CIA_VPN01 encapsulation dot1Q 1108 ip address 10.10.10.10 255.255.255.248 no snmp trap link-status ! interface FastEthernet0/1.3000 encapsulation dot1Q 3000 ip address 10.32.0.99 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/1.3016 description CIA-IN-SVD-A(NAT BCI) encapsulation dot1Q 3016 ip address 10.32.16.251 255.255.255.0 no snmp trap link-status ! ip route 0.0.0.0 0.0.0.0 64.76.142.113 name INTERNET ip route 10.32.0.0 255.255.0.0 10.32.0.1 name REDES_CIA ip route 10.36.0.0 255.255.0.0 10.32.0.1 name REDES_AMU ip route 161.131.0.0 255.255.0.0 FastEthernet0/0 name Tunel-BCI ip route 192.168.102.0 255.255.255.0 10.32.0.1 name RED_NAGIOS50 ! ! no ip http server no ip http secure-server ! ip access-list extended TRAFFIC-BCI permit ip host 10.32.16.250 161.131.0.0 0.0.255.255 permit ip host 10.32.16.250 172.16.151.0 0.0.0.255 ip access-list extended TRAFFIC-CRUZBLANCA permit ip 192.168.101.0 0.0.0.63 172.31.10.0 0.0.0.255 ip access-list extended VPN-TRAFFIC-LOCAL permit ip 10.32.73.0 0.0.0.255 172.30.1.0 0.0.0.255 ! ip radius source-interface FastEthernet0/1.3000 logging source-interface FastEthernet0/1.3000 logging 10.36.16.29 snmp-server community e-contact RO ! ! ! radius-server host 10.36.0.254 auth-port 1645 acct-port 1646 key 7 0603422243401D180603405B5D51 ! control-plane ! ! ! ! ! ! ! ! ! privilege interface level 5 switchport privilege interface level 5 description privilege configure level 5 interface privilege exec level 5 configure terminal privilege exec level 5 configure ! line con 0 exec-timeout 30 0 line aux 0 line vty 0 4 exec-timeout 30 0 transport input ssh line vty 5 15 exec-timeout 30 0 transport input ssh ! scheduler allocate 20000 1000 ntp clock-period 17179895 ntp server 192.168.102.75 ! end