Router1941# Router1941#sh run Building configuration... Current configuration : 24487 bytes ! ! No configuration change since last restart version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Router1941 ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login VPNUSERAUTH local aaa authorization network VPNUSERGROUP local ! ! ! ! ! aaa session-id common ! clock timezone Berlin 1 0 clock summer-time Berlin recurring ! no ipv6 cef ip source-route ip cef ! ! ! ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 176.16.2.1 176.16.2.30 ip dhcp excluded-address 176.16.2.100 176.16.2.255 ! ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ip dhcp pool 16 import all network 176.16.2.0 255.255.255.0 domain-name nilsstorm.home.com dns-server 176.16.2.1 netbios-name-server 176.16.2.1 default-router 176.16.2.1 netbios-node-type h-node ! ! ip domain round-robin ip domain name nilsstorm.home.com ip host nilsstorm.home.com ns ns.nilsstorm.home.com ip host Nilss-MacBook-Pro.nilsstorm.home.com 192.168.11.31 ip host freenas-dmz.nilsstorm.home.com 176.16.2.12 ip host owncloud.nilsstorm.com 176.16.2.15 ip host freenas.nilsstorm.home.com 192.168.11.10 ip host Switch3560-1 192.168.11.1 ip host Router1941 192.168.250.1 ip host ns.nilsstorm.home.com 192.168.250.1 ip host netgear85BE68.nilsstorm.home.com 192.168.11.237 ip host remote.nilsstorm.com 176.16.2.12 ip name-server 8.8.8.8 ip name-server 208.67.222.222 ip ddns update method dyndns HTTP add https://XXXXXX:XXXXXX@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= remove https://XXXXXX:XXXXXX@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= interval maximum 1 0 0 0 ! ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-3772950798 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3772950798 revocation-check none rsakeypair TP-self-signed-3772950798 ! crypto pki trustpoint DigiCertHighAssuranceC3 enrollment terminal pem revocation-check none ! ! crypto pki certificate chain TP-self-signed-3772950798 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33373732 39353037 3938301E 170D3133 31313230 31313038 34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37373239 35303739 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B1B2 B2479418 C4655F7B 6C421D28 24D40D28 D9ED1B70 3FC5A95A 9738F732 085554BF F2559EAC E0DF201A 74FA269E 91359575 945871C8 7EA5D0BE 5C8CBD2A CF5DDA5C 574882A6 499054EF 8577D4E8 22AD830A 428884AC 259380FD 38434E3C 19F215BF 34A840D9 4DCF816C 1D1F1AD1 0668E35A 2AB1F5A8 44CDE4C5 9038D190 ABA10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 1415580D 5DC9E58E D0EA3E0E 1CA8696C F35E6502 1C301D06 03551D0E 04160414 15580D5D C9E58ED0 EA3E0E1C A8696CF3 5E65021C 300D0609 2A864886 F70D0101 05050003 818100A4 25282C8F C1725A08 A4F02719 25FC2E84 E9738B7A AE300EAE F29FDCC6 8DAF05A5 25518064 7F063ABC 8EB9F18D 10779337 CB4874ED 42298949 3EE63D2A C5B50352 C6694130 686E66EF ACDAA7DB 7AC67F86 81726541 9B05DCB5 2821A4B4 A63902DD 61ED2E7E B3084F8C 40BE83F3 969DE81F 1F2AE636 8493A96D 414F70EC 22EEA7 quit crypto pki certificate chain DigiCertHighAssuranceC3 certificate ca 0A5F114D035B179117D2EFD4038C3F3B 30820658 30820540 A0030201 0202100A 5F114D03 5B179117 D2EFD403 8C3F3B30 0D06092A 864886F7 0D010105 0500306C 310B3009 06035504 06130255 53311530 13060355 040A130C 44696769 43657274 20496E63 31193017 06035504 0B131077 77772E64 69676963 6572742E 636F6D31 2B302906 03550403 13224469 67694365 72742048 69676820 41737375 72616E63 65204556 20526F6F 74204341 301E170D 30383034 30323132 30303030 5A170D32 32303430 33303030 3030305A 3066310B 30090603 55040613 02555331 15301306 0355040A 130C4469 67694365 72742049 6E633119 30170603 55040B13 10777777 2E646967 69636572 742E636F 6D312530 23060355 0403131C 44696769 43657274 20486967 68204173 73757261 6E636520 43412D33 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00BF610A 29101F5E FE343751 08F81EFB 22ED61BE 0B0D704C 50632675 15B94188 97B6F0A0 15BB0860 E042E805 29108736 8A2865A8 EF310774 6D36972F 28466604 C72A7926 7A99D58E C36D4FA0 5EADBC3D 91C2597B 5E366CC0 53CF0008 323E1064 58101369 C70CEE9C 425100F9 0544EE24 CE7A1FED 8C11BD12 A8F315F4 1C7A3169 011BA7E6 5DC09A6C 7E099EE7 52444A10 3A23E49B B603AFA8 9CB45B9F D44BAD92 8CCEB511 2AAA3718 8DB4C2B8 D85C068C F8FF23BD 355ED47C 3E7E830E 91960598 C3B21FE3 C865EBA9 7B5DA02C CCFC3CD9 6DEDCCFA 4B438CC9 D4B8A561 1CB240B6 2812DFB9 F85FFED3 B2C9EF3D B41E4B7C 1C4C9936 9E3DEBEC A7685E1D DF676E5E FB020301 0001A382 02FA3082 02F6300E 0603551D 0F0101FF 04040302 01863082 01C60603 551D2004 8201BD30 8201B930 8201B506 0B608648 0186FD6C 01030002 308201A4 303A0608 2B060105 05070201 162E6874 74703A2F 2F777777 2E646967 69636572 742E636F 6D2F7373 6C2D6370 732D7265 706F7369 746F7279 2E68746D 30820164 06082B06 01050507 02023082 01561E82 01520041 006E0079 00200075 00730065 0020006F 00660020 00740068 00690073 00200043 00650072 00740069 00660069 00630061 00740065 00200063 006F006E 00730074 00690074 00750074 00650073 00200061 00630063 00650070 00740061 006E0063 00650020 006F0066 00200074 00680065 00200044 00690067 00690043 00650072 00740020 00430050 002F0043 00500053 00200061 006E0064 00200074 00680065 00200052 0065006C 00790069 006E0067 00200050 00610072 00740079 00200041 00670072 00650065 006D0065 006E0074 00200077 00680069 00630068 0020006C 0069006D 00690074 0020006C 00690061 00620069 006C0069 00740079 00200061 006E0064 00200061 00720065 00200069 006E0063 006F0072 0070006F 00720061 00740065 00640020 00680065 00720065 0069006E 00200062 00790020 00720065 00660065 00720065 006E0063 0065002E 30120603 551D1301 01FF0408 30060101 FF020100 30340608 2B060105 05070101 04283026 30240608 2B060105 05073001 86186874 74703A2F 2F6F6373 702E6469 67696365 72742E63 6F6D3081 8F060355 1D1F0481 87308184 3040A03E A03C863A 68747470 3A2F2F63 726C332E 64696769 63657274 2E636F6D 2F446967 69436572 74486967 68417373 7572616E 63654556 526F6F74 43412E63 726C3040 A03EA03C 863A6874 74703A2F 2F63726C 342E6469 67696365 72742E63 6F6D2F44 69676943 65727448 69676841 73737572 616E6365 4556526F 6F744341 2E63726C 301F0603 551D2304 18301680 14B13EC3 6903F8BF 4701D498 261A0802 EF63642B C3301D06 03551D0E 04160414 50EA7389 DB29FB10 8F9EE501 20D4DE79 994883F7 300D0609 2A864886 F70D0101 05050003 82010100 1EE2A548 9E6CDB53 380FEFA6 1A2AACE2 0343ED9A BC3E8E75 1BF0FD2E 2259AC13 C061E2E7 FAE999CD 87097554 28BF4660 DCBE512C 92F31B91 7C310870 E237B9C1 5BA8BDA3 0B00FB1A 15FD03AD 586AC5C7 24994847 46311E92 EFB45F4E 34C790BF 31C1F8B1 8486D09C 01AADF8A 5606CE3A E90EAE97 745DD771 9A42745F DE8D437C DEE955ED 6900CB05 E07A6161 33D1194D F908EEA0 39C52535 B72BC40F B2DDF1A5 B70E24C4 26288D79 77F52FF0 57BA7C07 D4E1FCCD 5A30577E 861047DD 311FD7FC A2C2BF30 7C5D24AA E8F9AE5F 6A74C2CE 6BB346D8 21BE29D4 8E5E15D6 424AE732 6FA4B16B 518358BE 3F6DC7FB DA0321CB 6A16194E 0AF0AD84 CA5D94B3 5A76F761 quit license udi pid CISCO1941/K9 sn FCZ174790U1 license accept end user agreement hw-module ism 0 ! ! ! vtp mode transparent username XXXXXX privilege 15 password 7 XXXXXX username XXXXXX password 7 XXXXXX username XXXXXX password 7 XXXXXX ! redundancy ! ! ! ! vlan 2 ! ip ssh authentication-retries 5 ip ssh version 2 ! class-map match-any QOS-TELNET-TRAFFIC match protocol telnet class-map match-any QOS-RTSP-TRAFFIC match protocol rtsp class-map type inspect match-any SSH-TELNET-TRAFFIC match protocol ssh match protocol telnet class-map match-any QOS-CHAT-TRAFFIC match protocol aol-messenger match protocol irc match protocol irc-serv match protocol secure-irc match protocol msn-messenger match protocol yahoo-messenger class-map type inspect match-any FTP-TRAFFIC match protocol ftp class-map type inspect sip match-any SIP-VIOLATION match protocol-violation class-map type inspect match-any SIP-TRAFFIC match protocol sip class-map type inspect match-any NTP-TRAFFIC match protocol ntp class-map type inspect match-any EMAIL-TRAFFIC match protocol pop3 match protocol pop3s match protocol smtp match protocol imap match protocol imap3 match protocol imaps class-map type inspect match-any IPSec-TRAFFIC description For IPSec match protocol isakmp match protocol ipsec-msft class-map type inspect match-any WEB-TRAFFIC match protocol http class-map type inspect match-all STARCRAFT-PORTS match access-group 190 class-map match-any QOS-P2P-TRAFFIC match protocol bittorrent class-map type inspect match-any MISCELLANEOUS-TRAFFIC match protocol tftp class-map match-any INTERACTIVE-VIDEO match dscp cs5 match dscp cs4 class-map match-any NETWORK-CONTROL match dscp cs6 match dscp cs2 class-map match-any CRITICAL-DATA match dscp af41 af42 af43 match dscp af21 af22 af23 match dscp af11 af12 af13 class-map type inspect match-any DNS-TRAFFIC match protocol dns class-map type inspect match-any MSRPC-TRAFFIC match protocol msrpc class-map match-any QOS-BONJOUR-TRAFFIC match protocol asip-webadmin match protocol net-assistant class-map match-any QOS-FTP-TRAFFIC match protocol ftp match protocol ftp-data match protocol ftps-data match protocol secure-ftp class-map type inspect match-any ROUTER-TO-OUTSIDE description Permit router-generated traffic out match protocol tcp match protocol udp match protocol icmp class-map match-any QOS-SSH-TRAFFIC match protocol ssh class-map type inspect match-any WEB-SEC-TRAFFIC match protocol https class-map match-any QOS-EIGRP-TRAFFIC match protocol eigrp class-map match-any QOS-SIP-TRAFFIC match protocol sip class-map match-any QOS-EMAIL-TRAFFIC match protocol pop3 match protocol secure-pop3 match protocol smtp match protocol imap match protocol secure-imap class-map match-any QOS-IPSec-TRAFFIC match protocol ipsec match protocol isakmp class-map type inspect match-any VPN-TO-self match access-group 180 class-map match-any QOS-WEB-TRAFFIC match protocol http match protocol secure-http class-map type inspect match-any NETZWERK-MANAGEMENT-TRAFFIC match protocol router class-map type inspect match-all iTUNES-TRAFFIC match access-group 170 class-map match-any QOS-MISCELLANEOUS-TRAFFIC match protocol ntp match protocol dns match protocol icmp match protocol tftp class-map type inspect match-any P2P-TRAFFIC match protocol bittorrent class-map match-any QOS-SKYPE-TRAFFIC match protocol skype class-map match-any QOS-RTP-TRAFFIC match protocol rtp class-map match-all VOICE match dscp ef class-map type inspect match-any FTP-SEC-TRAFFIC match protocol ftps class-map match-all SCAVENGER match dscp cs1 class-map match-all SIGNALING match dscp cs3 class-map type inspect match-any RTSP-TRAFFIC match protocol rtsp class-map type inspect match-any DYNDNS-TRAFFIC match protocol ddns-v3 class-map type inspect match-any ICMP-TRAFFIC match protocol icmp class-map match-any QOS-REMOTE-DESKTOP-TRAFFIC match protocol vnc class-map match-all MULTIMEDIA-STREAMING match dscp af31 af32 af33 class-map type inspect match-any STUN-TRAFFIC match protocol stun class-map match-any QOS-QUICK-TIME-TRAFFIC match protocol appleqtc match protocol appleqtcsrvr class-map type inspect match-any CHAT-TRAFFIC match protocol icq match protocol aol match protocol irc match protocol irc-serv match protocol ircs match protocol msnmsgr match protocol ymsgr ! ! policy-map WAN-EDGE-8-CLASS class VOICE priority percent 10 class INTERACTIVE-VIDEO priority percent 23 class NETWORK-CONTROL bandwidth percent 5 class SIGNALING bandwidth percent 2 class MULTIMEDIA-STREAMING bandwidth percent 10 fair-queue random-detect dscp-based random-detect dscp 26 50 64 random-detect dscp 28 45 64 random-detect dscp 30 40 64 class CRITICAL-DATA bandwidth percent 24 fair-queue random-detect dscp-based random-detect dscp 10 50 64 random-detect dscp 12 45 64 random-detect dscp 14 40 64 random-detect dscp 18 50 64 random-detect dscp 20 45 64 random-detect dscp 22 40 64 random-detect dscp 34 50 64 random-detect dscp 36 45 64 random-detect dscp 38 40 64 class SCAVENGER bandwidth percent 1 class class-default bandwidth percent 25 fair-queue queue-limit 128 packets random-detect dscp-based random-detect dscp 0 100 128 policy-map type inspect sip SIP-VIOLATION-PASS class type inspect sip SIP-VIOLATION allow log policy-map type inspect WAN-TO-LAN class type inspect NTP-TRAFFIC inspect class type inspect SIP-TRAFFIC inspect service-policy sip SIP-VIOLATION-PASS class type inspect STUN-TRAFFIC inspect class class-default drop log policy-map type inspect LAN-TO-WAN class type inspect RTSP-TRAFFIC inspect class type inspect IPSec-TRAFFIC inspect class type inspect ICMP-TRAFFIC inspect class type inspect NETZWERK-MANAGEMENT-TRAFFIC inspect class type inspect WEB-SEC-TRAFFIC inspect class type inspect WEB-TRAFFIC inspect class type inspect CHAT-TRAFFIC inspect class type inspect EMAIL-TRAFFIC inspect class type inspect MISCELLANEOUS-TRAFFIC inspect class type inspect FTP-TRAFFIC inspect class type inspect FTP-SEC-TRAFFIC inspect class type inspect P2P-TRAFFIC inspect class type inspect SSH-TELNET-TRAFFIC inspect class type inspect NTP-TRAFFIC inspect class type inspect DNS-TRAFFIC inspect class type inspect STARCRAFT-PORTS inspect class type inspect MSRPC-TRAFFIC inspect class type inspect STUN-TRAFFIC inspect class type inspect iTUNES-TRAFFIC inspect class type inspect SIP-TRAFFIC inspect service-policy sip SIP-VIOLATION-PASS class class-default pass policy-map type inspect LAN-TO-DMZ class type inspect RTSP-TRAFFIC inspect class type inspect IPSec-TRAFFIC inspect class type inspect ICMP-TRAFFIC inspect class type inspect NETZWERK-MANAGEMENT-TRAFFIC inspect class type inspect WEB-SEC-TRAFFIC inspect class type inspect WEB-TRAFFIC inspect class type inspect CHAT-TRAFFIC inspect class type inspect EMAIL-TRAFFIC inspect class type inspect MISCELLANEOUS-TRAFFIC inspect class type inspect FTP-TRAFFIC inspect class type inspect FTP-SEC-TRAFFIC inspect class type inspect P2P-TRAFFIC inspect class type inspect SSH-TELNET-TRAFFIC inspect class class-default pass policy-map type inspect DMZ-TO-LAN class class-default drop log policy-map type inspect DMZ-TO-WAN class type inspect WEB-SEC-TRAFFIC inspect class type inspect WEB-TRAFFIC inspect class type inspect EMAIL-TRAFFIC inspect class type inspect MISCELLANEOUS-TRAFFIC inspect class type inspect FTP-TRAFFIC inspect class type inspect FTP-SEC-TRAFFIC inspect class type inspect DYNDNS-TRAFFIC inspect class type inspect NETZWERK-MANAGEMENT-TRAFFIC inspect class type inspect ICMP-TRAFFIC inspect class type inspect IPSec-TRAFFIC inspect class type inspect DNS-TRAFFIC inspect class type inspect NTP-TRAFFIC inspect class class-default pass policy-map type inspect WAN-TO-DMZ class type inspect WEB-SEC-TRAFFIC inspect class type inspect FTP-TRAFFIC inspect class type inspect FTP-SEC-TRAFFIC inspect class type inspect NTP-TRAFFIC inspect class class-default drop log policy-map QOS-OUT-SHAPER class class-default shape average 25000000 service-policy WAN-EDGE-8-CLASS policy-map type inspect WAN-TO-self class type inspect SSH-TELNET-TRAFFIC drop log class type inspect ICMP-TRAFFIC drop log class type inspect IPSec-TRAFFIC pass class type inspect VPN-TO-self inspect class class-default pass log policy-map type inspect self-TO-WAN class type inspect ROUTER-TO-OUTSIDE inspect class class-default drop log policy-map DSCP-MARKING class QOS-RTP-TRAFFIC set ip dscp ef class QOS-EIGRP-TRAFFIC set ip dscp cs6 class QOS-RTSP-TRAFFIC set ip dscp cs4 class QOS-BONJOUR-TRAFFIC set ip dscp af42 class QOS-SIP-TRAFFIC set ip dscp cs3 class QOS-IPSec-TRAFFIC set ip dscp af31 class QOS-WEB-TRAFFIC set ip dscp af23 class QOS-SSH-TRAFFIC set ip dscp af31 class QOS-TELNET-TRAFFIC set ip dscp af31 class QOS-EMAIL-TRAFFIC set ip dscp af22 class QOS-MISCELLANEOUS-TRAFFIC set ip dscp cs2 class QOS-FTP-TRAFFIC set ip dscp af13 class QOS-P2P-TRAFFIC set ip dscp af12 class QOS-SKYPE-TRAFFIC set ip dscp cs4 class QOS-REMOTE-DESKTOP-TRAFFIC set ip dscp af31 ! zone security LAN zone security WAN zone security DMZ zone-pair security LAN-TO-WAN source LAN destination WAN service-policy type inspect LAN-TO-WAN zone-pair security LAN-TO-DMZ source LAN destination DMZ service-policy type inspect LAN-TO-DMZ zone-pair security WAN-TO-LAN source WAN destination LAN service-policy type inspect WAN-TO-LAN zone-pair security WAN-TO-DMZ source WAN destination DMZ service-policy type inspect WAN-TO-DMZ zone-pair security self-TO-WAN source self destination WAN zone-pair security DMZ-TO-self source DMZ destination self zone-pair security WAN-TO-self source WAN destination self service-policy type inspect WAN-TO-self zone-pair security self-TO-DMZ source self destination DMZ zone-pair security self-TO-LAN source self destination LAN zone-pair security LAN-TO-self source LAN destination self zone-pair security DMZ-TO-LAN source DMZ destination LAN zone-pair security DMZ-TO-WAN source DMZ destination WAN service-policy type inspect DMZ-TO-WAN zone-pair security LAN-TO-LAN source LAN destination LAN ! crypto ctcp port 10000 10001 10002 10003 ! crypto isakmp policy 10 encr aes authentication pre-share group 2 crypto isakmp nat keepalive 3600 ! crypto isakmp client configuration group VPNUSERGROUP key XXXXXX dns 192.168.250.1 wins 192.168.250.1 domain nilsstorm.home.com pool VPN-IP-POOL acl VPN-CLIENT-ACL save-password crypto isakmp profile VPN-CLIENT-ISAKMP-PROFIL match identity group VPNUSERGROUP client authentication list VPNUSERSAUTH isakmp authorization list VPNUSERGROUP client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set VPN-CLIENT-TRANSFORMSET esp-aes esp-sha-hmac ! crypto ipsec profile VPN-CLIENT-IPSEC-PROFIL set transform-set VPN-CLIENT-TRANSFORMSET set isakmp-profile VPN-CLIENT-ISAKMP-PROFIL ! ! ! ! ! ! interface Loopback0 description Anchor for Virtual-Template1 ip address 192.168.100.1 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security LAN ! interface Loopback1 ip address 192.168.101.1 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security DMZ ! interface Embedded-Service-Engine0/0 no ip address ! interface GigabitEthernet0/0 description Uplink zu WillyTel no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface GigabitEthernet0/1 description to Switch3560-11 L3 mtu 9000 ip address 192.168.250.1 255.255.255.254 ip nat inside ip virtual-reassembly in zone-member security LAN duplex auto speed auto service-policy input DSCP-MARKING service-policy output WAN-EDGE-8-CLASS ! interface GigabitEthernet0/0/0 description Layer 3 Spare mtu 9000 no ip address ip nat inside ip virtual-reassembly in duplex auto speed auto service-policy output WAN-EDGE-8-CLASS ! interface GigabitEthernet0/1/0 description To FreeNAS switchport access vlan 2 no ip address spanning-tree portfast service-policy input DSCP-MARKING service-policy output WAN-EDGE-8-CLASS ! interface GigabitEthernet0/1/1 switchport access vlan 2 no ip address spanning-tree portfast service-policy input DSCP-MARKING service-policy output WAN-EDGE-8-CLASS ! interface GigabitEthernet0/1/2 switchport access vlan 2 no ip address spanning-tree portfast service-policy input DSCP-MARKING service-policy output WAN-EDGE-8-CLASS ! interface GigabitEthernet0/1/3 switchport access vlan 2 no ip address spanning-tree portfast service-policy input DSCP-MARKING service-policy output WAN-EDGE-8-CLASS ! interface Virtual-Template1 type tunnel description Endpoint for VPN Tunnel ip unnumbered Loopback0 tunnel mode ipsec ipv4 tunnel protection ipsec profile VPN-CLIENT-IPSEC-PROFIL ! interface Vlan1 no ip address ! interface Vlan2 description DMZ Privat VLAN ip address 176.16.2.1 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security DMZ ! interface Dialer1 description Uplink-PPPoE zu WillyTel mtu 1492 bandwidth 100000 ip ddns update hostname XXXXXX.dyndns.org ip ddns update dyndns ip address negotiated no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly in zone-member security WAN encapsulation ppp dialer pool 1 ppp pap sent-username nstorm password 7 XXXXXX ppp ipcp dns request accept no cdp enable service-policy input DSCP-MARKING service-policy output QOS-OUT-SHAPER ! ! router eigrp 1 default-metric 10000 1 255 1 1500 network 176.16.2.0 0.0.0.255 network 192.168.100.0 network 192.168.101.0 network 192.168.250.0 0.0.0.1 redistribute static ! ip local pool VPN-IP-POOL 192.168.100.20 192.168.100.50 ip forward-protocol nd ! no ip http server ip http access-class 23 ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip dns server ip dns primary nilsstorm.home.com soa ns.nilsstorm.home.com admin.nilsstorm.home.com 21600 900 7776000 86400 ip nat inside source list NAT-OUT-ACL interface Dialer1 overload ip nat inside source static tcp 176.16.2.12 21 interface Dialer1 21 ip nat inside source static udp 192.168.21.10 5060 interface Dialer1 5060 ip nat inside source static tcp 176.16.2.12 20 interface Dialer1 20 ip nat inside source static tcp 176.16.2.13 443 interface Dialer1 443 ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip access-list extended NAT-OUT-ACL deny ip 192.168.21.0 0.0.0.255 192.168.0.0 0.0.7.255 deny ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.7.255 permit ip any any ip access-list extended WAN-TO-DMZ permit tcp any any eq ftp permit tcp any any eq ftp-data permit tcp any any eq 443 ! access-list 160 permit udp any any eq 3478 access-list 160 permit tcp any any eq 3478 access-list 170 permit tcp any any range 7760 9999 access-list 170 permit udp any any range 7760 9999 access-list 180 permit udp any any eq isakmp access-list 180 permit esp any any access-list 180 permit udp any any eq non500-isakmp access-list 180 permit tcp any any eq 10000 access-list 190 permit tcp any any eq 1119 access-list 190 permit udp any any eq 1119 access-list 190 permit tcp any any eq 1120 access-list 190 permit udp any any eq 1120 access-list 190 permit tcp any any eq 3724 access-list 190 permit udp any any eq 3742 access-list 190 permit tcp any any eq 4000 access-list 190 permit udp any any eq 4000 access-list 190 permit tcp any any range 6112 6114 access-list 190 permit udp any any range 6112 6114 access-list 190 permit tcp any any range 6881 6999 access-list 190 permit udp any any range 6881 6999 ! ! ! ! ! ! ! ! control-plane ! ! banner login ^C ******************************************************** * * * PRIVAT PROPERTY, DO NOT ENTER * * * ******************************************************** ^C ! line con 0 password 7 XXXXXX logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 access-class 23 in privilege level 15 password 7 XXXXXX transport input ssh line vty 5 15 access-class 23 in privilege level 15 password 7 XXXXXX transport input none ! scheduler allocate 20000 1000 ntp source Dialer1 ntp server 192.53.103.104 ntp server 192.53.103.108 prefer end