master#show conf Using 10100 out of 131072 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname master ! boot-start-marker boot system flash c870-advipservicesk9-mz.124-9.T.bin boot-end-marker ! logging buffered 52000 debugging ! no aaa new-model ! resource policy ! ip cef ! ! no ip dhcp use vrf connected ! ! ip domain name yourdomain.com ip name-server 217.79.96.71 ip name-server 217.79.96.70 ip inspect log drop-pkt ip inspect name SDM_MEDIUM appfw SDM_MEDIUM ip inspect name SDM_MEDIUM cuseeme ip inspect name SDM_MEDIUM dns ip inspect name SDM_MEDIUM ftp ip inspect name SDM_MEDIUM h323 ip inspect name SDM_MEDIUM https ip inspect name SDM_MEDIUM icmp ip inspect name SDM_MEDIUM imap reset ip inspect name SDM_MEDIUM pop3 reset ip inspect name SDM_MEDIUM netshow ip inspect name SDM_MEDIUM rcmd ip inspect name SDM_MEDIUM realaudio ip inspect name SDM_MEDIUM rtsp ip inspect name SDM_MEDIUM esmtp ip inspect name SDM_MEDIUM sqlnet ip inspect name SDM_MEDIUM streamworks ip inspect name SDM_MEDIUM tftp ip inspect name SDM_MEDIUM tcp ip inspect name SDM_MEDIUM udp ip inspect name SDM_MEDIUM vdolive ip inspect name SDM_HIGH appfw SDM_HIGH ip inspect name SDM_HIGH icmp ip inspect name SDM_HIGH dns ip inspect name SDM_HIGH esmtp ip inspect name SDM_HIGH https ip inspect name SDM_HIGH imap reset ip inspect name SDM_HIGH pop3 reset ip inspect name SDM_HIGH tcp ip inspect name SDM_HIGH udp ! appfw policy-name SDM_MEDIUM application im aol service default action reset alarm service text-chat action reset alarm server deny name login.oscar.aol.com server deny name toc.oscar.aol.com server deny name oam-d09a.blue.aol.com audit-trail on application im msn service default action reset alarm service text-chat action reset alarm server deny name messenger.hotmail.com server deny name gateway.messenger.hotmail.com server deny name webmessenger.msn.com audit-trail on application http strict-http action reset alarm port-misuse im action reset alarm port-misuse p2p action reset alarm port-misuse tunneling action reset alarm application im yahoo service default action reset alarm service text-chat action reset alarm server deny name scs.msg.yahoo.com server deny name scsa.msg.yahoo.com server deny name scsb.msg.yahoo.com server deny name scsc.msg.yahoo.com server deny name scsd.msg.yahoo.com server deny name cs16.msg.dcn.yahoo.com server deny name cs19.msg.dcn.yahoo.com server deny name cs42.msg.dcn.yahoo.com server deny name cs53.msg.dcn.yahoo.com server deny name cs54.msg.dcn.yahoo.com server deny name ads1.vip.scd.yahoo.com server deny name radio1.launch.vip.dal.yahoo.com server deny name in1.msg.vip.re2.yahoo.com server deny name data1.my.vip.sc5.yahoo.com server deny name address1.pim.vip.mud.yahoo.com server deny name edit.messenger.yahoo.com server deny name messenger.yahoo.com server deny name http.pager.yahoo.com server deny name privacy.yahoo.com server deny name csa.yahoo.com server deny name csb.yahoo.com server deny name csc.yahoo.com audit-trail on ! ! crypto pki trustpoint TP-self-signed-772223641 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-772223641 revocation-check none rsakeypair TP-self-signed-772223641 ! ! crypto pki certificate chain TP-self-signed-772223641 certificate self-signed 01 nvram:IOS-Self-Sig#3103.cer ! ! class-map match-any sdm_p2p_kazaa match protocol fasttrack match protocol kazaa2 class-map match-any sdm_p2p_edonkey match protocol edonkey class-map match-any sdm_p2p_gnutella match protocol gnutella class-map match-any sdm_p2p_bittorrent match protocol bittorrent ! ! policy-map sdmappfwp2p_SDM_HIGH class sdm_p2p_gnutella drop class sdm_p2p_bittorrent drop class sdm_p2p_edonkey drop class sdm_p2p_kazaa drop policy-map sdmappfwp2p_SDM_MEDIUM class sdm_p2p_gnutella class sdm_p2p_bittorrent class sdm_p2p_edonkey class sdm_p2p_kazaa ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key test address 85.189.102.80 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! ! ! interface Loopback0 ip address 85.189.102.182 255.255.255.255 ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point no snmp trap link-status pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ ip address 192.168.219.2 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 standby 1 ip 192.168.219.1 standby 1 priority 110 standby 1 preempt standby 1 authentication microdot ! interface Dialer0 description $FW_OUTSIDE$ ip unnumbered Loopback0 ip access-group 102 in ip nat outside ip inspect SDM_HIGH out ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname yhds-5eet@openip.broadband ppp chap password 0 Andy service-policy input sdmappfwp2p_SDM_HIGH service-policy output sdmappfwp2p_SDM_HIGH ! router eigrp 6001 network 192.168.50.0 network 192.168.219.0 no auto-summary ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 3 interface Dialer0 overload ip nat inside source static tcp 192.168.219.20 80 85.189.102.182 80 extendable ! access-list 3 remark SDM_ACL Category=2 access-list 3 permit 192.168.219.0 0.0.0.255 access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 102 remark auto generated by SDM firewall configuration access-list 102 remark SDM_ACL Category=1 access-list 102 permit tcp any host 85.189.102.182 eq www access-list 102 permit udp host 217.79.96.71 eq domain any access-list 102 permit udp host 217.79.96.70 eq domain any access-list 102 deny ip 192.168.219.0 0.0.0.255 any access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable access-list 102 deny ip 10.0.0.0 0.255.255.255 any access-list 102 deny ip 172.16.0.0 0.15.255.255 any access-list 102 deny ip 192.168.0.0 0.0.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip host 0.0.0.0 any access-list 102 deny ip any any log dialer-list 1 protocol ip permit no cdp run ! line con 0 login local no modem enable line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end