!This is the running config of the router: 10.10.10.1 !---------------------------------------------------------------------------- !version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname router1 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 xxxxxxxxxxxxx ! username administrator privilege 15 secret 5 xxxxxxxxxxxxx clock timezone PCTime 1 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 no aaa new-model ip subnet-zero no ip source-route ! ! ip tcp synwait-time 10 ip domain name aofnord.dk ip name-server 10.10.10.15 no ip bootp server ip cef ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp timeout 3600 ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip ips po max-events 100 ip ssh time-out 60 ip ssh authentication-retries 2 no ftp-server write-enable ! ! ! ! ! ! ! interface Ethernet0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$$ES_LAN$$FW_INSIDE$ ip address 10.10.10.1 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow no cdp enable ! interface Ethernet1 description $ES_WAN$$FW_OUTSIDE$ ip address 68.68.68.68 255.255.255.248 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly ip route-cache flow duplex auto no cdp enable ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 68.68.68.67 ip route 10.10.20.0 255.255.255.0 10.10.10.10 permanent ip route 10.10.30.0 255.255.255.0 10.10.10.10 permanent ip route 10.10.40.0 255.255.255.0 10.10.10.10 permanent ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 1 interface Ethernet1 overload ip nat inside source static tcp 10.10.10.5 3389 interface Ethernet1 3389 ! ! logging trap debugging access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.10.10.0 0.0.0.255 access-list 2 remark Permit NAT Passthrough access-list 2 remark SDM_ACL Category=1 access-list 2 remark Public IP Address access-list 2 permit 68.68.68.68 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip 68.68.68.67 0.0.0.7 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host 10.10.10.15 eq domain host 68.68.68.68 access-list 101 permit tcp host 10.10.10.5 eq 3389 host 68.68.68.68 access-list 101 deny ip 10.10.10.0 0.0.0.255 any access-list 101 permit icmp any host 68.68.68.68 echo-reply access-list 101 permit icmp any host 68.68.68.68 time-exceeded access-list 101 permit icmp any host 68.68.68.68 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any no cdp run ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler interval 500 end