version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname removed ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings logging console errors enable secret secret ! no aaa new-model ! resource policy ! ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 172.18.46.1 172.18.46.128 ! ip dhcp pool test import all network 172.18.46.0 255.255.255.0 domain-name mycompany.com dns-server 172.18.18.65 172.18.16.65 default-router 172.18.46.1 netbios-name-server 172.18.18.65 172.18.16.65 ! ! ip domain name mycompany.com ip name-server ISP NAME SERVER IP 1 ip name-server ISP NAME SERVER IP 2 ip ddns update method sdm_ddns1 HTTP add http://removd@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= remove http://removd@members.dyndns.org/nic/update?system=dyndns&hostname=&myip= ! ! ! username removed ! ! ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 crypto isakmp key adsldynvpn address PIX1 IP no-xauth crypto isakmp key adsldynvpn address PIX2 IP no-xauth ! ! crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel toPIX1 set peer PIX1 set transform-set ESP-3DES-MD5 match address 100 crypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel toPIX2 set peer PIX2 set transform-set ESP-3DES-MD5 match address 103 ! bridge irb ! ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto no shut ! interface ATM0.1 point-to-point no snmp trap link-status pvc 8/35 pppoe-client dial-pool-number 1 no shut ! ! interface FastEthernet0 description connected to client-inside shutdown ! interface FastEthernet1 description test-outside switchport access vlan 2 no shut ! interface FastEthernet2 description test-outside switchport access vlan 2 no shut ! interface FastEthernet3 description test-outside switchport access vlan 2 no shut ! interface Dot11Radio0 no ip address shutdown speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 no preamble-short station-role root ! interface Vlan1 no ip address ! interface Vlan2 description connected to test-inside no ip address bridge-group 1 ! interface Dialer0 ip ddns update hostname blah.dyndns.org ip ddns update sdm_ddns1 ip address negotiated ip mtu 1452 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp pap sent-username removed password removed crypto map SDM_CMAP_1 no shut ! interface BVI1 description nha-ctn-test ip address 172.18.46.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 no shut ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http authentication local ip http secure-server ip nat inside source route-map SDM_RMAP_5 interface Dialer0 overload ! access-list 20 remark used by snmp access access-list 20 permit access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 172.18.46.0 0.0.0.255 172.18.16.0 0.0.1.255 access-list 100 remark IPSec Rule access-list 100 permit ip 172.18.46.0 0.0.0.255 0.0.0.127 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 remark IPSec Rule access-list 103 remark SDM_ACL Category=4 access-list 103 remark IPSec Rule access-list 103 permit ip 172.18.46.0 0.0.0.255 172.18.18.0 0.0.1.255 access-list 103 remark SDM_ACL Category=4 access-list 103 remark IPSec Rule access-list 103 remark access to client sites via crypto access-list 103 permit ip 172.18.46.0 0.0.0.255 access-list 103 permit ip 172.18.46.0 0.0.0.255 access-list 103 permit ip 172.18.46.0 0.0.0.255 access-list 103 permit ip 172.18.46.0 0.0.0.255 access-list 103 permit ip 172.18.46.0 0.0.0.255 access-list 103 permit ip 172.18.46.0 0.0.0.255 access-list 106 remark SDM_ACL Category=2 access-list 106 remark deny internet-nat to company-dmz access-list 106 deny ip 172.18.46.0 0.0.0.255 0.0.0.127 access-list 106 remark deny internet-nat to company-site2 access-list 106 deny ip 172.18.46.0 0.0.0.255 172.18.18.0 0.0.1.255 access-list 106 remark deny internet-nat to company-site1 access-list 106 deny ip 172.18.46.0 0.0.0.255 172.18.16.0 0.0.1.255 access-list 106 remark deny internet-nat to client-site access-list 106 deny ip 172.18.46.0 0.0.0.255 172.16.112.0 0.0.4.255 access-list 106 remark deny internet-nat to client-sites access-list 106 deny ip 172.18.46.0 0.0.0.255 access-list 106 deny ip 172.18.46.0 0.0.0.255 access-list 106 deny ip 172.18.46.0 0.0.0.255 access-list 106 deny ip 172.18.46.0 0.0.0.255 access-list 106 deny ip 172.18.46.0 0.0.0.255 access-list 106 remark permit test to everwhere else access-list 106 permit ip 172.18.46.0 0.0.0.255 any dialer-list 1 protocol ip permit snmp-server community public RO 20 snmp-server location myoffice snmp-server contact myofficerouters-access ! ! ! route-map SDM_RMAP_5 permit 1 match ip address 106 ! route-map SDM_RMAP_6 permit 1 match ip address 107 ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 no modem enable line aux 0 line vty 0 4 password removed login transport input telnet ssh ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end