sh run Building configuration... Current configuration : 4616 bytes ! ! Last configuration change at 14:26:08 UTC Thu May 4 2006 ! NVRAM config last updated at 14:26:08 UTC Thu May 4 2006 ! version 12.2 service timestamps debug uptime service timestamps log datetime msec localtime service password-encryption ! hostname border-p ! logging buffered 16000 informational logging console notifications enable secret ********* enable password ********** ! username admin clock timezone UTC -5 ip subnet-zero ip cef ! ! no ip domain-lookup ip domain-name ALTER.NET ip name-server 198.6.1.5 ! no ip bootp server call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 description To Office FastEthernet ip address 65.220.37.11 255.255.255.0 ip verify unicast reverse-path no ip redirects no ip unreachables duplex auto speed auto !(Masood's comments: border router for outside connectivity, 65.220.37.0 is our public Pool and .10 below !is for routing in the stand by router or shadow witgh the same config) ! standby 1 ip 65.220.37.10 standby 1 timers 5 15 standby 1 preempt standby 1 authentication gmac standby 1 track Serial0/0 ! interface Serial0/0 description MCI T1 CKT # wcomw0h19150 bandwidth 1536 no ip address ip access-group IDS_Serial0/0_in_0 in encapsulation frame-relay IETF no fair-queue frame-relay lmi-type ansi ! interface Serial0/0.1 point-to-point bandwidth 1536 ip address MCI's Side IP address 255.255.255.252 ip access-group 120 in frame-relay interface-dlci 500 IETF ! router bgp 7046 no synchronization bgp log-neighbor-changes network 65.220.37.0 mask 255.255.255.0 neighbor THis router's Public IP address remote-as 7046 neighbor THis router's Public IP address next-hop-self neighbor MCI's site IP address remote-as 701 neighbor MCI's site IP address route-map localprefin in ! ip classless ip route 10.1.1.0 255.255.255.0 65.220.37.13 ! ! !(Masood's Comments:10.1.2.0 is our Dev subnet, we have some servers in our remote site using these IPs !some clustered with servers in here our main office) ! ! ip route 10.1.2.0 255.255.255.0 65.220.37.15 ip route 10.1.4.0 255.255.255.0 65.220.37.13 ip route 65.220.37.0 255.255.255.0 Null0 no ip http server ! ! ip access-list extended IDS_Serial0/0_in_0 permit ip host 10.1.1.8 any permit ip any any logging trap critical logging 10.1.1.57 logging 10.1.1.139 !(Masood's comments: all web servers IP addressess, all public IPs) access-list 105 permit ip any any access-list 120 permit tcp any host ----------- eq www access-list 120 permit tcp any host ----------- eq 443 access-list 120 permit udp any eq domain host --------------- log access-list 120 permit udp any host ----------------- eq domain log access-list 120 permit tcp any host -------------------- eq domain log access-list 120 permit tcp any host-------------------- eq smtp log access-list 120 permit udp any eq domain host ----------------- log access-list 120 permit udp any host --------------- eq domain log access-list 120 permit udp any host ----------------- eq ntp log access-list 120 permit tcp any host ----------------- eq domain log access-list 120 permit tcp any host ----------------- eq smtp log access-list 120 permit tcp any host ---------------- eq www access-list 120 permit tcp any host -------------------- eq 443 access-list 120 permit tcp any host ------------------- eq 443 access-list 120 permit tcp any host ------------------ eq www access-list 120 permit tcp any host ------------------ eq 443 access-list 120 permit tcp any host ----------------------- eq 9998 access-list 120 permit tcp any host -------------------- eq 9999 access-list 120 permit icmp host -------------------- any access-list 120 permit icmp host -------------------- any access-list 120 permit icmp host ------------------- any access-list 120 permit icmp host ------------------------ any access-list 120 permit icmp host ------------------------ any access-list 120 permit icmp host ---------------------- any access-list 120 permit icmp host -------------------- any access-list 120 permit icmp host ------------------------- any access-list 120 permit icmp host ---------------------- any access-list 120 permit icmp host ---------------------- any access-list 120 permit ip any host -------------------- access-list 120 permit ip any host --------------------- access-list 120 permit ip any host ----------------------------- access-list 120 permit ip any host ------------------------- access-list 120 permit tcp host -------------- host ---------------- eq 22 log access-list 120 permit tcp any any established route-map localprefin permit 10 set local-preference 300 ! snmp-server community ************** RW no snmp-server enable traps tty snmp-server host 10.1.1.139 255.255.255.0 snmp-server host 10.1.1.139 maso0d snmp-server manager ! dial-peer cor custom ! ! ! banner login ^CUnAuthorized login is against the law^C banner motd ^CAuthorized login only^C ! line con 0 password ************************************* login transport preferred none line aux 0 password *********************** login modem InOut transport preferred none transport input all transport output pad v120 telnet rlogin udptn stopbits 1 flowcontrol hardware line vty 0 4 password **************** login transport preferred none line vty 5 15 password ********* login ! end border-p#