! Last configuration change at 17:15:46 UTC Thu Aug 21 2014 by admin version 15.1 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname firewall ! boot-start-marker boot-end-marker ! ! security authentication failure rate 10 log security passwords min-length 6 logging console critical enable secret xxxxxxxxxxxx ! aaa new-model ! ! aaa authentication login local_auth local ! ! ! ! ! aaa session-id common ! crypto pki token default removal timeout 0 ! ! dot11 syslog no ip source-route no ip gratuitous-arps ! ! ! ! ! ip cef no ip bootp server ip domain name xxxxxxxxxxxx ip inspect audit-trail ip inspect udp idle-time 1800 ip inspect dns-timeout 7 ip inspect tcp idle-time 14400 ip inspect name fw_inspect ftp timeout 3600 ip inspect name fw_inspect http timeout 3600 ip inspect name fw_inspect rcmd timeout 3600 ip inspect name fw_inspect realaudio timeout 3600 ip inspect name fw_inspect smtp timeout 3600 ip inspect name fw_inspect tftp timeout 30 ip inspect name fw_inspect udp timeout 15 ip inspect name fw_inspect tcp timeout 3600 login block-for 300 attempts 5 within 120 no ipv6 cef ! multilink bundle-name authenticated ! ! ! license udi pid CISCO1841 sn xxxxxxxxxxx archive log config logging enable username xxxxxxx secret xxxxxxxx ! redundancy ! ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ! ! ! ! ! ! ! interface FastEthernet0/0 description Outside ip address 8.8.8.8 255.255.255.252 ip access-group inbound_firewall_acl in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect fw_inspect out ip virtual-reassembly in ip verify unicast source reachable-via rx allow-default 100 speed 100 full-duplex no mop enabled ! interface FastEthernet0/1 description Inside ip address 10.10.100.2 255.255.255.0 ip access-group outbound_firewall_acl in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in speed 100 full-duplex no mop enabled ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list nat_acl interface FastEthernet0/0 overload ip nat inside source static tcp 10.10.6.3 2000 interface FastEthernet0/0 2000 ip nat inside source static tcp 10.10.6.3 2001 interface FastEthernet0/0 2001 ip nat inside source static tcp 10.10.6.3 2002 interface FastEthernet0/0 2002 ip nat inside source static tcp 10.10.6.3 2003 interface FastEthernet0/0 2003 ip nat inside source static tcp 10.10.6.3 2004 interface FastEthernet0/0 2004 ip nat inside source static tcp 10.10.6.3 2005 interface FastEthernet0/0 2005 ip nat inside source static tcp 10.10.6.3 3389 interface FastEthernet0/0 3389 ip route 0.0.0.0 0.0.0.0 68.117.97.25 ip route 10.10.0.0 255.255.0.0 10.10.100.1 ! ip access-list extended inbound_firewall_acl permit udp any any eq bootpc remark Allow Security System access permit tcp any any eq 2000 permit tcp any any eq 2001 permit tcp any any eq 2002 permit tcp any any eq 2003 permit tcp any any eq 2004 permit tcp any any eq 2005 permit tcp any any eq 3389 deny ip any any log ip access-list extended nat_acl permit ip 10.10.0.0 0.0.255.255 any deny ip any any ip access-list extended outbound_firewall_acl remark permit only OpenDNS DNS permit udp any host 208.67.222.222 eq domain permit udp any host 208.67.220.220 eq domain deny udp any any eq domain remark deny SMTP outbound traffic deny tcp any any eq smtp deny tcp any any eq 465 deny tcp any any eq 587 remark permit all other traffic permit ip any any ! logging trap debugging logging facility local2 access-list 100 permit udp any any eq bootpc no cdp run ! ! ! ! ! ! ! ! control-plane ! ! ! line con 0 exec-timeout 5 0 transport output none line aux 0 exec-timeout 15 0 transport output none line vty 0 4 transport input ssh ! scheduler allocate 20000 1000 end