#################### primary Router ########################### ___ ___ ___ ___ \C/ \O/ \L/ \T/ This is BRN019481.GVA.ipc.colt.net V V V V Unauthorised access prohibited! This equipment is monitored. Logs will be used as evidence in court. COLT Telecommunications Group PLC. Network Monitoring Centre: +44 20 7390 7848. User Access Verification Username: vlotze Password: BRN019481# BRN019481# BRN019481#sh ver Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(6)T2, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Tue 16-May-06 17:41 by kellythw ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE BRN019481 uptime is 32 minutes System returned to ROM by power-on System restarted at 14:50:56 UTC Mon Feb 26 2007 System image file is "flash:c870-advipservicesk9-mz.124-6.T2.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 878 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory. Processor board ID FCZ110221UJ MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10 4 FastEthernet interfaces 1 ISDN Basic Rate interface 1 ATM interface 128K bytes of non-volatile configuration memory. 24576K bytes of processor board System flash (Intel Strataflash) Configuration register is 0x2102 up BRN019481#sh run Building configuration... Current configuration : 7548 bytes ! ! No configuration change since last restart ! version 12.4 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! ! boot-start-marker boot system flash flash:c870-advipservicesk9-mz.124-6.T2.bin boot system flash boot-end-marker ! logging buffered 32000 debugging aaa new-model ! ! a aaa session-id common ! resource policy ! no ip source-route ip icmp rate-limit unreachable 2000 ip cef ! ! ! ! ip tftp source-interface Loopback0 no ip domain lookup ip sla responder ip rcmd rsh-enable vpdn enable ! ! ! key chain ROUTING key 0 key-string 7 1446371F0D27 ! ! ! ! controller DSL 0 mode atm line-term cpe line-mode 2-wire line-zero dsl-mode shdsl symmetric annex A-B line-rate auto ! policy-map default-qos class class-default set ip dscp default ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key R3gim0 address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 10 ! ! crypto ipsec transform-set trans_ esp-3des esp-sha-hmac ! crypto dynamic-map dynamap_ set transform-set trans_ match address 101 ! ! crypto map map_ 10 ipsec-isakmp dynamic dynamap_ discover ! ! ! ! interface Loopback0 description IfType[Management] ! interface Loopback999 description ConfigVersion:1.16 no ip address shutdown ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface ATM0 no ip address load-interval 30 no atm ilmi-keepalive pvc 8/35 vbr-nrt 1600 1600 1 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 duplex half speed 10 no cdp enable ! interface FastEthernet1 duplex half speed 10 no cdp enable ! interface FastEthernet2 duplex half speed 10 no cdp enable ! interface FastEthernet3 duplex half speed 10 no cdp enable ! interface Vlan1 ip address 192.168.12.2 255.255.255.0 ip access-group 110 in no ip redirects ip rip authentication mode md5 ip rip authentication key-chain ROUTING vrrp 1 ip 192.168.12.1 crypto map map_ service-policy input default-qos ! interface Dialer1 mtu 1440 ip address negotiated no ip redirects no ip unreachables encapsulation ppp dialer pool 1 no cdp enable ppp authentication pap chap callin ppp chap hostname ppp chap password ! router rip version 2 timers basic 30 90 90 120 redistribute connected redistribute static route-map 65505-TAGGED-STATIC network 192.168.12.0 distance 210 no auto-summary ! router bgp 65505 no synchronization bgp log-neighbor-changes network 192.168.12.0 redistribute connected redistribute static route-map 65505-TAGGED-STATIC neighbor 172.20.20.149 remote-as 65505 neighbor 172.20.20.149 soft-reconfiguration inbound no auto-summary ! ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 10.82.20.0 255.255.255.0 172.20.20.149 ip route 10.82.21.0 255.255.255.0 172.20.20.149 ip route 10.82.22.0 255.255.255.0 172.20.20.149 ip route 10.82.23.0 255.255.255.0 172.20.20.149 ip route 192.168.197.225 255.255.255.255 Vlan1 192.168.12.3 ! ! access-list 5 deny 0.0.0.0 access-list 5 permit 192.168.197.225 access-list 5 permit 192.168.197.223 access-list 5 permit 192.168.12.0 0.0.0.255 access-list 5 deny any access-list 10 permit 172.20.20.149 access-list 10 permit 192.168.197.225 access-list 10 permit 10.82.20.0 0.0.0.255 access-list 10 permit 10.82.21.0 0.0.0.255 access-list 10 permit 10.82.22.0 0.0.0.255 access-list 10 permit 10.82.23.0 0.0.0.255 access-list 10 deny any log access-list 11 permit any access-list 66 deny any access-list 101 permit ip 10.82.20.0 0.0.3.255 host 192.168.197.225 access-list 101 permit ip host 192.168.197.223 host 192.168.197.225 access-list 110 permit ip host 192.168.197.225 any access-list 110 permit ip host 192.168.12.3 any access-list 110 deny ip any 10.82.20.0 0.0.0.255 access-list 110 deny ip any 10.82.21.0 0.0.0.255 access-list 110 deny ip any 10.82.22.0 0.0.0.255 access-list 110 deny ip any 10.82.23.0 0.0.0.255 access-list 110 permit ip any any access-list 110 deny ip any 10.82.20.0 0.0.3.255 snmp-server community snmp-server community incc RO 10 snmp-server ifindex persist snmp-server trap-source Loopback0 snmp-server location snmp-server contact snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps isdn call-information snmp-server enable traps bgp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps rtr snmp-server enable traps syslog snmp-server host snmp-server host snmp-server host snmp-server host snmp-server host 1 snmp-server host no cdp run ! ! ! route-map 65505-TAGGED-STATIC permit 10 match tag 65505 ! snmp ifmib ifalias long snmp mib persist cbqos snmp mib persist circuit ! control-plane ! banner login ^C line con 0 no modem enable stopbits 1 line aux 0 line vty 0 4 exec-timeout 60 0 ! scheduler max-task-time 5000 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end ################ secondary Router ############################### BRN019482#sh ver Cisco IOS Software, C836 Software (C836-K9O3S8Y6-M), Version 12.3(8)T9, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Wed 01-Jun-05 20:36 by pwade ROM: System Bootstrap, Version 12.2(11r)YV3, RELEASE SOFTWARE (fc2) BRN019482 uptime is 48 minutes System returned to ROM by power-on System image file is "flash:c836-k9o3s8y6-mz.123-8.T9.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco C836 (MPC857T) processor (revision 0x300) with 62260K/3276K bytes of memory. Processor board ID FCZ091922WB (2504163850), with hardware revision 0000 CPU rev number 7 1 Ethernet interface 4 FastEthernet interfaces 1 ISDN Basic Rate interface 1 ATM interface 128K bytes of NVRAM. 12288K bytes of processor board System flash (Read/Write) 2048K bytes of processor board Web flash (Read/Write) Configuration register is 0x2102 BRN019482#sh run Building configuration... Current configuration : 7536 bytes ! version 12.3 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname BRN019482 ! boot-start-marker boot system flash flash:c836-k9o3s8y6-mz.123-8.T9.bin boot system flash boot-end-marker ! memory-size iomem 5 logging buffered 32000 debugging ! ! ! ! ! ip tftp source-interface Loopback0 no ip domain lookup ip cef ip ips po max-events 100 vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ! no ftp-server write-enable ! isdn switch-type basic-net3 ! ! username username ! ! policy-map default-qos class class-default set ip dscp default ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key R3gim0 address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 10 ! ! crypto ipsec transform-set trans_esp-3des esp-sha-hmac ! crypto dynamic-map dynamap set transform-set trans_ match address 101 ! ! crypto map map_ 10 ipsec-isakmp dynamic dynamap_ discover ! ! ! interface Loopback0 interface Loopback999 shutdown ! interface Ethernet0 ip access-group 110 in ip rip authentication mode md5 ip rip authentication key-chain ROUTING service-policy input default-qos vrrp 1 ip 192.168.12.1 no cdp enable crypto map map_ ! interface BRI0 description IfType[ISDN Backup] Comment no ip address encapsulation ppp shutdown isdn switch-type basic-net3 no cdp enable ! interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode etsi ! interface FastEthernet1 no ip address speed 10 half-duplex ! interface FastEthernet2 no ip address speed 10 half-duplex ! interface FastEthernet3 no ip address speed 10 half-duplex ! interface FastEthernet4 no ip address speed 10 half-duplex ! interface Dialer2 encapsulation ppp no ip route-cache cef no ip route-cache shutdown dialer pool 2 dialer remote-name dialer string dialer load-threshold 128 either dialer watch-group 2 dialer-group 2 no keepalive no cdp enable ppp authentication chap ppp authorization ISDN-BU ppp multilink ! router rip version 2 timers basic 30 90 90 120 redistribute connected redistribute static route-map 65505-TAGGED-STATIC offset-list 11 in 10 Dialer2 offset-list 11 out 10 Dialer2 network 172.20.0.0 network 192.168.12.0 distribute-list 5 out Dialer2 distance 210 no auto-summary ! router bgp 65505 no synchronization bgp log-neighbor-changes redistribute connected redistribute static route-map 65505-TAGGED-STATIC neighbor 172.20.20.149 remote-as 65505 neighbor 172.20.20.149 soft-reconfiguration inbound no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer2 240 ip route 10.82.20.0 255.255.252.0 192.168.12.2 ip route 10.82.20.0 255.255.255.0 192.168.12.2 ip route 10.82.21.0 255.255.255.0 192.168.12.2 ip route 10.82.22.0 255.255.255.0 192.168.12.2 ip route 10.82.23.0 255.255.255.0 192.168.12.2 ip route 172.20.20.149 255.255.255.255 192.168.12.2 ip route 192.168.197.223 255.255.255.255 Ethernet0 192.168.12.2 ! ip tacacs source-interface Loopback0 ip http server no ip http secure-server ! ! logging trap debugging logging facility local6 logging source-interface Loopback0 access-list 5 deny 0.0.0.0 access-list 5 deny 192.168.197.225 access-list 5 deny 192.168.197.223 access-list 5 permit 192.168.12.0 0.0.0.255 access-list 5 permit 172.20.162.92 0.0.0.3 access-list 10 permit 192.168.197.223 access-list 10 permit 10.82.20.0 0.0.0.255 access-list 10 permit 10.82.21.0 0.0.0.255 access-list 10 permit 10.82.22.0 0.0.0.255 access-list 10 permit 10.82.23.0 0.0.0.255 access-list 10 deny any log access-list 11 permit any access-list 101 permit ip host 192.168.197.225 10.82.20.0 0.0.3.255 access-list 101 permit ip host 192.168.197.225 host 192.168.197.223 access-list 110 permit ip any host 192.168.197.225 access-list 110 permit ip any host 192.168.12.2 access-list 110 deny ip any 10.82.20.0 0.0.0.255 access-list 110 deny ip any 10.82.21.0 0.0.0.255 access-list 110 deny ip any 10.82.22.0 0.0.0.255 access-list 110 deny ip any 10.82.23.0 0.0.0.255 access-list 110 permit ip any any access-list 199 deny eigrp any any access-list 199 deny udp any any eq rip access-list 199 deny tcp any any eq bgp access-list 199 deny ospf any any access-list 199 deny ip any host 255.255.255.255 access-list 199 permit ip any any dialer watch-list 2 ip 192.168.254.237 255.255.255.255 dialer-list 2 protocol ip deny s snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps bgp snmp-server enable traps isdn call-information snmp-server enable traps rtr snmp-server enable traps entity snmp-server enable traps syslog snmp-server enable traps config no cdp run route-map 65505-TAGGED-STATIC permit 10 match tag 65505 ! tacacs-server host tacacs-server host no tacacs-server directed-request snmp ifmib ifalias long snmp mib persist circuit ! control-plane ! rtr responder banner login ^C ___ ___ ___ ___ \C line con 0 password 7 no modem enable stopbits 1 line aux 0 password 7 line vty 0 4 access-class 10 in exec-timeout 60 0 password 7 ! scheduler max-task-time 5000 no rcapi server ! ! sntp server end