Current configuration : 3663 bytes ! ! Last configuration change at 15:13:15 PCTime Thu Jan 5 2006 by k37@ ! NVRAM config last updated at 15:13:15 PCTime Thu Jan 5 2006 by k37@ ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname RTR-GROOM ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 $1$E2LM$Y/kufWdJrqB6D/Q4bBIDF1 ! username k37@ privilege 15 secret 5 $1$EldV$wAqJymtYy1tbljg.fAKSm. clock timezone PCTime -6 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 no aaa new-model ip subnet-zero ip cef ip dhcp excluded-address 10.1.5.1 10.1.5.100 ! ip dhcp pool sdm-pool1 import all network 10.1.5.0 255.255.255.0 dns-server x.x.x.25 x.x.x.30 default-router 10.1.5.1 ! ! ip name-server x.x.x.25 ip name-server x.x.x.30 no ftp-server write-enable password encryption aes ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key 6 VH[bOPb^dX]\b\QaVNZUZaAHSd]FeeNDaAAB address x.x.x.238 255.255.255.252 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel tox.x.x.238 set peer x.x.x.238 set transform-set ESP-3DES-SHA match address 100 ! ! ! interface FastEthernet0 no ip address no cdp enable ! interface FastEthernet1 no ip address no cdp enable ! interface FastEthernet2 no ip address no cdp enable ! interface FastEthernet3 no ip address no cdp enable ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ ip address x.x.x.47 255.255.255.224 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto map SDM_CMAP_1 ! interface Dot11Radio0 no ip address ip nat inside ip virtual-reassembly ! ssid Keta-Wireless vlan 1 authentication open guest-mode ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 10.1.5.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip classless ip route 0.0.0.0 0.0.0.0 x.x.x.33 permanent ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload ! access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.1.5.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip x.x.x.32 0.0.0.31 x.x.x.236 0.0.0.3 access-list 101 remark SDM_ACL Category=2 access-list 101 remark IPSec Rule access-list 101 deny ip x.x.x.32 0.0.0.31 x.x.x.236 0.0.0.3 access-list 101 permit ip 10.1.5.0 0.0.0.255 any no cdp run route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 privilege level 15 login local transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 end RTR-GROOM#