{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}} {\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 Building configuration...\par \par \par version 12.4\par no service pad\par service tcp-keepalives-in\par service tcp-keepalives-out\par service timestamps debug datetime msec localtime show-timezone\par service timestamps log datetime msec localtime show-timezone\par service password-encryption\par service sequence-numbers\par !\par hostname router\par !\par boot-start-marker\par boot-end-marker\par !\par logging buffered 51200 debugging\par logging console critical\par enable secret xxxx\par !\par aaa new-model\par !\par !\par aaa authentication login local_authen local\par aaa authentication login sdm_vpn_xauth_ml_1 local\par aaa authorization exec local_author local \par aaa authorization network sdm_vpn_group_ml_1 local \par !\par aaa session-id common\par !\par resource policy\par !\par clock timezone NewYork -5\par clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00\par ip subnet-zero\par no ip source-route\par ip cef\par no ip dhcp use vrf connected\par ip dhcp excluded-address 10.0.1.1 10.0.1.99\par ip dhcp excluded-address 10.0.1.201 10.0.1.254\par !\par ip dhcp pool sdm-pool1\par import all\par network 10.0.1.0 255.255.255.0\par dns-server 208.39.158.2 64.56.37.246 \par default-router 10.0.1.1 \par domain-name corp.com\par netbios-name-server 10.0.1.20 \par lease 10\par !\par !\par ip inspect name DEFAULT100 cuseeme\par ip inspect name DEFAULT100 ftp\par ip inspect name DEFAULT100 h323\par ip inspect name DEFAULT100 icmp\par ip inspect name DEFAULT100 netshow\par ip inspect name DEFAULT100 rcmd\par ip inspect name DEFAULT100 realaudio\par ip inspect name DEFAULT100 rtsp\par ip inspect name DEFAULT100 esmtp\par ip inspect name DEFAULT100 sqlnet\par ip inspect name DEFAULT100 streamworks\par ip inspect name DEFAULT100 tftp\par ip inspect name DEFAULT100 tcp\par ip inspect name DEFAULT100 udp\par ip inspect name DEFAULT100 vdolive\par ip inspect name Default100 sip-tls\par ip inspect name Default100 sip\par ip tcp synwait-time 10\par no ip bootp server\par no ip domain lookup\par ip domain name ncorp.com\par ip name-server 208.39.158.2\par ip name-server 64.56.37.246\par ip ssh time-out 60\par ip ssh authentication-retries 2\par !\par password encryption aes\par !\par username xx privilege 15 secret 5 xxxx\par \par !\par ! \par !\par crypto isakmp policy 1\par encr 3des\par authentication pre-share\par group 2\par crypto isakmp xauth timeout 15\par \par !\par crypto isakmp client configuration group Company-Remote\par key 6 xxx\par dns 10.0.1.20\par wins 10.0.1.20\par domain corp.com\par pool SDM_POOL_1\par acl 106\par include-local-lan\par max-users 20\par netmask 255.255.255.0\par browser-proxy Browser-Proxy-Setting\par !\par crypto isakmp client configuration browser-proxy Browser-Proxy-Setting\par proxy none\par !\par !\par crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac \par !\par crypto dynamic-map SDM_DYNMAP_1 1\par set security-association idle-time 1800\par set transform-set ESP-3DES-SHA \par reverse-route\par !\par !\par crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1\par crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1\par crypto map SDM_CMAP_1 client configuration address respond\par crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 \par !\par bridge irb\par !\par !\par interface Null0\par no ip unreachables\par !\par interface FastEthernet0\par no cdp enable\par !\par interface FastEthernet1\par no cdp enable\par !\par interface FastEthernet2\par no cdp enable\par !\par interface FastEthernet3\par description Test-VPN\par no cdp enable\par !\par interface FastEthernet4\par description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$\par ip address xx.xx.xx.xx xxx.xxx.xxx.xxx\par ip access-group 101 in\par ip verify unicast reverse-path\par no ip redirects\par no ip unreachables\par no ip proxy-arp\par ip inspect DEFAULT100 out\par ip nat outside\par ip virtual-reassembly\par ip route-cache flow\par duplex auto\par speed auto\par !\par interface Dot11Radio0\par no ip address\par !\par encryption key 1 size 128bit 7 xxxx transmit-key\par encryption mode wep mandatory \par !\par ssid Wireless\par authentication open \par guest-mode\par !\par speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0\par rts threshold 2313\par no cdp enable\par bridge-group 1\par bridge-group 1 subscriber-loop-control\par bridge-group 1 spanning-disabled\par bridge-group 1 block-unknown-source\par no bridge-group 1 source-learning\par no bridge-group 1 unicast-flooding\par !\par interface Vlan1\par description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$\par no ip address\par bridge-group 1\par !\par interface BVI1\par description $ES_LAN$$FW_INSIDE$\par ip address 10.0.1.1 255.255.255.0\par ip access-group 100 in\par no ip redirects\par no ip unreachables\par no ip proxy-arp\par ip nat inside\par ip virtual-reassembly\par ip route-cache flow\par ip tcp adjust-mss 1452\par !\par ip local pool SDM_POOL_1 10.0.12.1 10.0.12.20\par ip classless\par ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx\par !\par ip http server\par ip http access-class 2\par ip http authentication local\par ip http secure-server\par ip http timeout-policy idle 5 life 86400 requests 10000\par ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload\par ip nat inside source static 10.0.1.20 xxx.xxx.xxx.xxx route-map SDM_RMAP_2\par !\par logging trap debugging\par logging 10.0.1.20\par access-list 1 remark INSIDE_IF=BVI1\par access-list 1 remark SDM_ACL Category=2\par access-list 1 permit 10.0.1.0 0.0.0.255\par access-list 2 remark Auto generated by SDM Management Access feature\par access-list 2 remark SDM_ACL Category=1\par access-list 2 permit 10.0.1.0 0.0.0.255\par access-list 100 remark auto-generated by Cisco SDM Express firewall configuration\par access-list 100 remark SDM_ACL Category=1\par access-list 100 permit tcp 10.0.1.0 0.0.0.255 host 10.0.1.1 eq telnet\par access-list 100 permit tcp 10.0.1.0 0.0.0.255 host 10.0.1.1 eq 22\par access-list 100 permit tcp 10.0.1.0 0.0.0.255 host 10.0.1.1 eq www\par access-list 100 permit tcp 10.0.1.0 0.0.0.255 host 10.0.1.1 eq 443\par access-list 100 permit tcp 10.0.1.0 0.0.0.255 host 10.0.1.1 eq cmd\par access-list 100 deny tcp any host 10.0.1.1 eq telnet\par access-list 100 deny tcp any host 10.0.1.1 eq 22\par access-list 100 deny tcp any host 10.0.1.1 eq www\par access-list 100 deny tcp any host 10.0.1.1 eq 443\par access-list 100 deny tcp any host 10.0.1.1 eq cmd\par access-list 100 deny udp any host 10.0.1.1 eq snmp\par access-list 100 deny ip host 255.255.255.255 any\par access-list 100 deny ip 127.0.0.0 0.255.255.255 any\par access-list 100 permit ip any any\par access-list 101 remark auto-generated by Cisco SDM Express firewall configuration\par access-list 101 remark SDM_ACL Category=1\par access-list 101 permit ip host 10.0.12.1 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.2 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.3 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.4 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.5 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.6 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.7 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.8 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.9 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.10 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.11 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.12 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.13 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.14 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.15 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.16 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.17 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.18 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.19 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.20 10.0.1.0 0.0.0.255\par access-list 101 permit ip host 10.0.12.1 any\par access-list 101 permit ip host 10.0.12.2 any\par access-list 101 permit ip host 10.0.12.3 any\par access-list 101 permit ip host 10.0.12.4 any\par access-list 101 permit ip host 10.0.12.5 any\par access-list 101 permit ip host 10.0.12.6 any\par access-list 101 permit ip host 10.0.12.7 any\par access-list 101 permit ip host 10.0.12.8 any\par access-list 101 permit ip host 10.0.12.9 any\par access-list 101 permit ip host 10.0.12.10 any\par access-list 101 permit ip host 10.0.12.11 any\par access-list 101 permit ip host 10.0.12.12 any\par access-list 101 permit ip host 10.0.12.13 any\par access-list 101 permit ip host 10.0.12.14 any\par access-list 101 permit ip host 10.0.12.15 any\par access-list 101 permit ip host 10.0.12.16 any\par access-list 101 permit ip host 10.0.12.17 any\par access-list 101 permit ip host 10.0.12.18 any\par access-list 101 permit ip host 10.0.12.19 any\par access-list 101 permit ip host 10.0.12.20 any\par access-list 101 remark Auto generated by SDM for NTP (123) 64.236.96.53\par access-list 101 permit udp host 64.236.96.53 eq ntp host xxx.xxx.xxx.xxx eq ntp\par access-list 101 permit udp any host xxx.xxx.xxx.xxx eq non500-isakmp\par access-list 101 permit udp any host xxx.xxx.xxx.xxx eq isakmp\par access-list 101 permit esp any host xxx.xxx.xxx.xxx \par access-list 101 permit ahp any host xxx.xxx.xxx.xxx \par access-list 101 permit tcp host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq telnet\par access-list 101 permit tcp host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq 22\par access-list 101 permit tcp host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq www\par access-list 101 permit tcp host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq 443\par access-list 101 permit tcp host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx eq cmd\par access-list 101 deny udp any host xxx.xxx.xxx.xxx eq snmp\par access-list 101 permit tcp any host xxx.xxx.xxx.xxx eq www\par access-list 101 permit udp host 64.56.37.246 eq domain host xxx.xxx.xxx.xxx \par access-list 101 permit udp host 208.39.158.2 eq domain host xxx.xxx.xxx.xxx \par access-list 101 deny ip 10.0.1.0 0.0.0.255 any\par access-list 101 permit icmp any host xxx.xxx.xxx.xxx echo-reply\par access-list 101 permit icmp any host xxx.xxx.xxx.xxx time-exceeded\par access-list 101 permit icmp any host xxx.xxx.xxx.xxx unreachable\par access-list 101 deny ip 10.0.0.0 0.255.255.255 any\par access-list 101 deny ip 172.16.0.0 0.15.255.255 any\par access-list 101 deny ip 192.168.0.0 0.0.255.255 any\par access-list 101 deny ip 127.0.0.0 0.255.255.255 any\par access-list 101 deny ip host 255.255.255.255 any\par access-list 101 deny ip host 0.0.0.0 any\par access-list 101 deny ip any any\par access-list 102 remark Auto generated by SDM Management Access feature\par access-list 102 remark SDM_ACL Category=1\par access-list 102 permit ip host xxx.xxx.xxx.xxx any\par access-list 102 permit ip 10.0.1.0 0.0.0.255 any\par access-list 103 remark SDM_ACL Category=2\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.1\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.2\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.3\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.4\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.5\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.6\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.7\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.8\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.9\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.10\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.11\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.12\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.13\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.14\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.15\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.16\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.17\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.18\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.19\par access-list 103 deny ip 10.0.1.0 0.0.0.255 host 10.0.12.20\par access-list 103 deny ip any host 10.0.12.1\par access-list 103 deny ip any host 10.0.12.2\par access-list 103 deny ip any host 10.0.12.3\par access-list 103 deny ip any host 10.0.12.4\par access-list 103 deny ip any host 10.0.12.5\par access-list 103 deny ip any host 10.0.12.6\par access-list 103 deny ip any host 10.0.12.7\par access-list 103 deny ip any host 10.0.12.8\par access-list 103 deny ip any host 10.0.12.9\par access-list 103 deny ip any host 10.0.12.10\par access-list 103 deny ip any host 10.0.12.11\par access-list 103 deny ip any host 10.0.12.12\par access-list 103 deny ip any host 10.0.12.13\par access-list 103 deny ip any host 10.0.12.14\par access-list 103 deny ip any host 10.0.12.15\par access-list 103 deny ip any host 10.0.12.16\par access-list 103 deny ip any host 10.0.12.17\par access-list 103 deny ip any host 10.0.12.18\par access-list 103 deny ip any host 10.0.12.19\par access-list 103 deny ip any host 10.0.12.20\par access-list 103 deny ip host 10.0.1.20 any\par access-list 103 permit ip 10.0.1.0 0.0.0.255 any\par access-list 104 remark SDM_ACL Category=2\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.20\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.19\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.18\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.17\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.16\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.15\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.14\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.13\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.12\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.11\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.10\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.9\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.8\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.7\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.6\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.5\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.4\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.3\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.2\par access-list 104 deny ip host 10.0.1.20 host 10.0.12.1\par access-list 104 permit ip host 10.0.1.20 any\par access-list 105 remark SDM_ACL Category=4\par access-list 105 permit ip 10.0.1.0 0.0.0.255 any\par access-list 106 remark SDM_ACL Category=4\par access-list 106 permit ip 10.0.1.0 0.0.0.255 any\par no cdp run\par route-map SDM_RMAP_1 permit 1\par match ip address 103\par !\par route-map SDM_RMAP_2 permit 1\par match ip address 104\par !\par !\par control-plane\par !\par bridge 1 protocol ieee\par bridge 1 route ip\par banner login ^CAuthorized access only!\par Disconnect IMMEDIATELY if you are not an authorized user!^C\par !\par line con 0\par login authentication local_authen\par no modem enable\par transport output telnet\par line aux 0\par login authentication local_authen\par transport output telnet\par line vty 0 4\par access-class 102 in\par authorization exec local_author\par login authentication local_authen\par transport input telnet ssh\par !\par scheduler max-task-time 5000\par scheduler allocate 4000 1000\par scheduler interval 500\par ntp clock-period 17176380\par ntp server 64.236.96.53 source FastEthernet4 prefer\par end\par }