version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname xyz ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 logging console critical enable secret 5 $1$D8yg$SZTcMxyQZY9V0HfO0NqsV0 ! no aaa new-model clock timezone PCTime 8 ! crypto pki trustpoint TP-self-signed-2939943347 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2939943347 revocation-check none rsakeypair TP-self-signed-2939943347 ! ! crypto pki certificate chain TP-self-signed-2939943347 certificate self-signed 01 3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32393339 39343333 3437301E 170D3038 30333139 30323332 31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39333939 34333334 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C368 D74C5EC2 2CD001A2 AEBFBCA4 1D7832AF 660A9116 901E63B3 3EC2D4A0 7363AD97 76E6657C 27B6741A BE2EB95B 26BB5DA8 4A339A61 AAD71E8A EBDAD8A7 9017E52A BF403005 97CA7E09 DB4A8780 8F6A8660 1ED1231B BE8ECEB3 D96EE341 DB9E1D5F FB539A7C A88B51F4 0ACE03C0 58AA2606 097107E1 9CCE50A0 D5B211ED 9D4B0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104 1A301882 1667616C 696C656F 2E547261 76656C70 6F72742E 636F6D30 1F060355 1D230418 30168014 5866D3B8 A33B80D9 73B13084 740A9B81 5F20332F 301D0603 551D0E04 16041458 66D3B8A3 3B80D973 B1308474 0A9B815F 20332F30 0D06092A 864886F7 0D010104 05000381 8100AB99 6731EDB6 261535CE 7ECB4C59 81CE920E 7DD4FA2F CD8E57CA 4C330DA8 08690B41 3BF1F51F D6C6CFAB FF2A2093 B7B092EB B54E4DAA 35767ED4 E25EA82A 5F5B9873 EC9D48C3 2B2D7DDD DD5C1B48 3CF3C749 8A2A5DBD 91E04B10 DBD06F00 BEE7AF1B 0D11EE08 49E31AB0 A4EBFFFA BCB1DB25 E295C0DC 6DEBD9F9 00C56691 52F9 quit ! ! crypto isakmp policy 100 encr 3des authentication pre-share group 2 crypto isakmp key ************************ crypto isakmp keepalive 180 60 ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set cisco esp-3des esp-sha-hmac ! crypto map ******** 10 ipsec-isakmp set peer ************ set transform-set cisco match address 101 reverse-route ! ! dot11 ssid cs871w authentication open guest-mode infrastructure-ssid ! no ip source-route ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.1 192.168.0.30 ip dhcp excluded-address 192.168.0.254 ! ip dhcp pool CLIENT import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.254 dns-server ********************** lease 0 2 ! ! no ip bootp server ip domain name ******************* ip name-server ****************** ip name-server ****************** ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ! multilink bundle-name authenticated ! ! username ******** privilege 15 secret ***************************** archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 ! bridge irb ! ! interface Loopback0 description ******** Management Interface$FW_INSIDE$ ip address ******************************* ip access-group 104 in ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ ip address **************************** ip access-group 106 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect SDM_LOW out ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto map ******** ! interface Dot11Radio0 no ip address ! encryption key *************************** transmit-key encryption mode wep mandatory ! ssid cs871w ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ no ip address ip tcp adjust-mss 1452 bridge-group 1 ! interface BVI1 description $ES_LAN$$FW_INSIDE$ ip address 192.168.0.254 255.255.255.0 ip access-group 105 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip route 0.0.0.0 0.0.0.0 *************************** ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat pool DYNAMIC ******************** netmask 255.255.255.128 ip nat inside source list 100 interface FastEthernet4 overload ip nat inside source route-map MAPDYNAMIC pool DYNAMIC ip nat inside source static 192.168.0.1 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.2 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.3 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.4 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.5 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.6 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.7 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.8 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.9 ************** route-map MAPSTATIC ip nat inside source static 192.168.0.10 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.11 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.12 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.13 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.14 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.15 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.16 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.17 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.18 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.19 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.20 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.21 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.22 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.23 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.24 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.25 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.26 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.27 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.28 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.29 ************* route-map MAPSTATIC ip nat inside source static 192.168.0.30 ************* route-map MAPSTATIC ! logging trap debugging logging source-interface FastEthernet4 access-list 100 remark this list defines traffic NAT'd to the Internet access-list 100 remark SDM_ACL Category=18 access-list 100 deny ip 192.168.0.0 0.0.0.255 ********** 0.0.0.255 access-list 100 permit ip 192.168.0.0 0.0.0.255 any access-list 101 remark this list defines traffic for the ******** VPN tunnel access-list 101 permit ip *********** 0.0.0.127 ********** 0.0.0.255 access-list 102 remark this list defines dynamic NAT traffic to the Galileo Host access-list 102 deny ip host 192.168.0.1 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.2 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.3 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.4 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.5 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.6 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.7 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.8 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.9 ********* 0.0.0.255 access-list 102 deny ip host 192.168.0.10 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.11 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.12 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.13 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.14 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.15 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.16 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.17 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.18 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.19 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.20 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.21 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.22 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.23 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.24 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.25 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.26 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.27 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.28 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.29 ******** 0.0.0.255 access-list 102 deny ip host 192.168.0.30 ******** 0.0.0.255 access-list 102 permit ip 192.168.0.0 0.0.0.255 ******** 0.0.0.255 access-list 103 remark this list defines static NAT traffic to the ******** Host access-list 103 permit ip 192.168.0.0 0.0.0.255 ******** 0.0.0.255 access-list 104 remark auto generated by SDM firewall configuration access-list 104 remark SDM_ACL Category=1 access-list 104 deny ip 192.168.0.0 0.0.0.255 any access-list 104 deny ip ******** 0.0.0.15 any access-list 104 deny ip host 255.255.255.255 any access-list 104 deny ip 127.0.0.0 0.255.255.255 any access-list 104 permit ip any any access-list 105 remark auto generated by SDM firewall configuration access-list 105 remark SDM_ACL Category=1 access-list 105 deny ip host ******** any access-list 105 deny ip ******** 0.0.0.15 any access-list 105 deny ip host 255.255.255.255 any access-list 105 deny ip 127.0.0.0 0.255.255.255 any access-list 105 permit ip any any access-list 106 remark auto generated by SDM firewall configuration access-list 106 remark SDM_ACL Category=1 access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit udp any host ******** access-list 106 permit tcp any host ******** access-list 106 permit ahp host ******** host ******** access-list 106 permit esp host ******** host ******** access-list 106 permit udp host ******** host ******** eq isakmp access-list 106 permit udp host ******** host ******** eq non500-isakm p access-list 106 permit ip ******** 0.0.0.255 ******** 0.0.0.127 access-list 106 deny ip host ******** any access-list 106 deny ip 192.168.0.0 0.0.0.255 any access-list 106 permit icmp any host ******** echo-reply access-list 106 permit icmp any host ******** time-exceeded access-list 106 permit icmp any host ******** unreachable access-list 106 deny ip ******** 0.255.255.255 any access-list 106 deny ip ******** 0.15.255.255 any access-list 106 deny ip 192.168.0.0 0.0.255.255 any access-list 106 deny ip 127.0.0.0 0.255.255.255 any access-list 106 deny ip host 255.255.255.255 any access-list 106 deny ip host 0.0.0.0 any access-list 106 deny ip any any log snmp-server community n3wn3twk! RO snmp-server enable traps tty ! ! ! route-map MAPDYNAMIC permit 10 match ip address 102 ! route-map MAPSTATIC permit 10 match ip address 103 ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^CCCAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ! webvpn cef end