version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname USLABRAD ! boot-start-marker boot-end-marker ! logging buffered 52000 debugging enable secret 5 $1$n80L$usggbN66dBE3Ss5LfQ0MX/ enable password 7 11081A0618000F555C ! no aaa new-model ip cef ! ! ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ! ! no ip domain lookup ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des hash md5 authentication pre-share ! crypto isakmp policy 4 encr 3des authentication pre-share ! crypto isakmp policy 5 encr 3des hash md5 authentication pre-share crypto isakmp key x crypto isakmp key x crypto isakmp key x crypto isakmp key x ! crypto isakmp client configuration group Owners key x pool SDM_POOL_1 max-users 5 netmask 255.255.255.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac crypto ipsec transform-set CareEveolve esp-3des esp-md5-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel tox set peer xx set transform-set ESP-3DES-SHA match address 100 crypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel toxx set peer xx set transform-set ESP-3DES-SHA1 match address 101 crypto map SDM_CMAP_1 6 ipsec-isakmp description Tunnel toxx set peer xx set transform-set ESP-3DES-SHA3 match address 107 crypto map SDM_CMAP_1 7 ipsec-isakmp description Tunnel to2xx set peer 2xx set security-association lifetime seconds 28800 set transform-set CareEveolve match address 110 ! ! ! interface FastEthernet0/0 description $ETH-LAN$$FW_OUTSIDE$ ip address xxxxx ip access-group 109 in ip verify unicast reverse-path ip inspect SDM_LOW out ip nat outside ip virtual-reassembly duplex auto speed auto crypto map SDM_CMAP_1 ! interface FastEthernet0/1 description $ETH-LAN$$FW_INSIDE$ ip address 10.51.44.1 255.255.252.0 ip access-group 108 in ip nat inside ip virtual-reassembly speed auto full-duplex no mop enabled ! interface Serial0/0/0 no ip address shutdown ! interface BRI0/1/0 no ip address encapsulation hdlc shutdown ! ip local pool SDM_POOL_1 192.168.1.45 192.168.1.55 ip route 0.0.0.0 0.0.0.0 74.9.50.1 ip route 10.51.48.0 255.255.255.0 10.51.44.4 ! ip http server ip http access-class 1 ip http secure-server ip nat inside source static tcp 10.51.44.31 5632 interface FastEthernet0/0 5632 ip nat inside source static tcp 10.51.44.31 5631 interface FastEthernet0/0 5631 ip nat inside source static tcp 10.51.44.29 1570 interface FastEthernet0/0 1570 ip nat inside source static tcp 10.51.44.29 1537 interface FastEthernet0/0 1537 ip nat inside source static tcp 10.51.44.29 23 interface FastEthernet0/0 23 ip nat inside source static tcp 10.51.44.18 3391 interface FastEthernet0/0 3391 ip nat inside source static tcp 10.51.44.9 20 interface FastEthernet0/0 20 ip nat inside source static tcp 10.51.44.9 21 interface FastEthernet0/0 21 ip nat inside source static tcp 10.51.44.9 110 interface FastEthernet0/0 110 ip nat inside source static udp 10.51.44.9 53 interface FastEthernet0/0 53 ip nat inside source static tcp 10.51.44.10 3390 interface FastEthernet0/0 3390 ip nat inside source static tcp 10.51.44.9 3389 interface FastEthernet0/0 3389 ip nat inside source static tcp 10.51.44.9 25 interface FastEthernet0/0 25 ip nat inside source static tcp 10.51.44.9 80 interface FastEthernet0/0 80 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload ! access-list 1 remark Auto generated by SDM Management Access feature access-list 1 remark SDM_ACL Category=1 access-list 1 permit 0.0.0.0 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 10.51.44.0 0.0.3.255 10.51.100.0 0.0.0.255 access-list 101 remark SDM_ACL Category=4 access-list 101 remark IPSec Rule access-list 101 permit ip 10.51.44.24 0.0.0.3 xx access-list 102 remark SDM_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip 10.51.44.24 0.0.0.3 xx access-list 103 remark SDM_ACL Category=4 access-list 103 remark IPSec Rule access-list 103 permit ip 10.51.44.24 0.0.0.3 host xx access-list 104 remark SDM_ACL Category=4 access-list 104 remark IPSec Rule access-list 104 permit ip 10.51.44.24 0.0.0.3 host xx access-list 105 remark SDM_ACL Category=2 access-list 105 remark IPSec Rule access-list 105 deny ip 10.51.44.24 0.0.0.3 host xx access-list 105 remark IPSec Rule access-list 105 deny ip 10.51.44.24 0.0.0.3 xx access-list 105 deny ip any host 192.168.1.45 access-list 105 deny ip any host 192.168.1.46 access-list 105 deny ip any host 192.168.1.47 access-list 105 deny ip any host 192.168.1.48 access-list 105 deny ip any host 192.168.1.49 access-list 105 deny ip any host 192.168.1.50 access-list 105 deny ip any host 192.168.1.51 access-list 105 deny ip any host 192.168.1.52 access-list 105 deny ip any host 192.168.1.53 access-list 105 deny ip any host 192.168.1.54 access-list 105 deny ip any host 192.168.1.55 access-list 105 remark IPSec Rule access-list 105 deny ip 10.51.44.0 0.0.3.255 10.51.100.0 0.0.0.255 access-list 105 remark IPSec Rule access-list 105 deny ip 10.51.44.24 0.0.0.3 xx 0.0.0.7 access-list 105 permit ip 10.51.44.0 0.0.3.255 any access-list 106 remark SDM_ACL Category=4 access-list 106 remark IPSec Rule access-list 106 permit ip 0.0.0.0 255.255.255.252 xx0.0.0.15 access-list 107 remark SDM_ACL Category=4 access-list 107 remark IPSec Rule access-list 107 permit ip 10.51.44.24 0.0.0.3 xx 0.0.0.15 access-list 108 remark auto generated by SDM firewall configuration access-list 108 remark SDM_ACL Category=1 access-list 108 deny ip xx0.0.0.15 any access-list 108 deny ip host 255.255.255.255 any access-list 108 deny ip 127.0.0.0 0.255.255.255 any access-list 108 permit ip any any access-list 109 remark auto generated by SDM firewall configuration access-list 109 remark SDM_ACL Category=1 access-list 109 permit tcp host 0.0.0.0 host xx eq telnet access-list 109 permit tcp host 0.0.0.0 host xx eq 22 access-list 109 permit tcp host 0.0.0.0 host xx eq www access-list 109 permit tcp host 0.0.0.0 host xx eq 443 access-list 109 permit tcp host 0.0.0.0 host xx eq cmd access-list 109 deny udp any host xx eq snmp access-list 109 remark IPSec Rule access-list 109 permit ip host 192.168.55.144 10.51.44.24 0.0.0.3 access-list 109 permit udp host 216.150.132.46 host xx eq non500-isakmp access-list 109 permit udp host 216.150.132.46 host xx eq isakmp access-list 109 permit esp host 216.150.132.46 host xx access-list 109 permit ahp host 216.150.132.46 host xx access-list 109 permit tcp any host xx eq 5632 access-list 109 permit tcp any host xx eq 5631 access-list 109 permit tcp any host xx eq 1570 access-list 109 permit tcp any host xx eq 1537 access-list 109 permit tcp any host xx eq telnet access-list 109 permit tcp any host xx eq 3391 access-list 109 permit tcp any host xx eq ftp-data access-list 109 permit tcp any host xx eq ftp access-list 109 permit tcp any host xx eq pop3 access-list 109 permit udp any host xx eq domain access-list 109 permit tcp any host xx eq 3390 access-list 109 permit tcp any host xx eq 3389 access-list 109 permit tcp any host xx eq smtp access-list 109 permit tcp any host xx eq www access-list 109 permit udp host 192.168.1.1 eq domain host xx access-list 109 permit ahp host xx host xx access-list 109 permit esp host xx host xx access-list 109 permit udp xx host xx eq isakmp access-list 109 permit udp host xxhost xx eq non500-isakmp access-list 109 remark IPSec Rule access-list 109 permit xx 10.51.44.24 0.0.0.3 access-list 109 permit ahp host xx host xx access-list 109 permit esp host xx host xx access-list 109 permit udp host xx host xx eq isakmp access-list 109 permit udp host xx host xx eq non500-isakmp access-list 109 remark IPSec Rule access-list 109 permit ip xx 10.51.44.24 0.0.0.3 access-list 109 permit ahp host xx host xx access-list 109 permit esp host xx host xx access-list 109 permit udp host xx host xx eq isakmp access-list 109 permit udp host xx host xx eq non500-isakmp access-list 109 remark IPSec Rule access-list 109 permit ip 10.51.100.0 0.0.0.255 10.51.44.0 0.0.3.255 access-list 109 deny ip 10.51.44.0 0.0.3.255 any access-list 109 permit icmp any host xx echo-reply access-list 109 permit icmp any host xx time-exceeded access-list 109 permit icmp any host xx unreachable access-list 109 permit tcp any host xx eq 443 access-list 109 permit tcp any host xx eq 22 access-list 109 permit tcp any host xx eq cmd access-list 109 deny ip 10.0.0.0 0.255.255.255 any access-list 109 deny ip 172.16.0.0 0.15.255.255 any access-list 109 deny ip 192.168.0.0 0.0.255.255 any access-list 109 deny ip 127.0.0.0 0.255.255.255 any access-list 109 deny ip host 255.255.255.255 any access-list 109 deny ip host 0.0.0.0 any access-list 109 deny ip any any log access-list 110 remark SDM_ACL Category=4 access-list 110 remark IPSec Rule access-list 110 permit ip 10.51.44.24 0.0.0.3 host 192.168.55.144 access-list 111 remark Auto generated by SDM Management Access feature access-list 111 remark SDM_ACL Category=1 access-list 111 permit ip host 0.0.0.0 any route-map SDM_RMAP_1 permit 1 match ip address 105 ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 access-class 111 in privilege level 15 login local transport input telnet transport output telnet ! scheduler allocate 20000 1000 end