ACDetroit>en Password: ACDetroit#sh run Building configuration... Current configuration : 7688 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ACDetroit ! boot-start-marker boot-end-marker ! enable secret 5 $1$bzoe$YTQmT6l.2b6dfTVbpATB9/ enable password 7 00075215070B4A264C ! aaa new-model ! ! ! ! aaa session-id common ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.4.51 192.168.4.254 ! ip dhcp pool pool1 import all network 192.168.4.0 255.255.255.0 domain-name cct.com default-router 192.168.4.200 dns-server 192.168.0.253 192.168.0.2 ! ! ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ! ip name-server 68.94.156.1 ip name-server 68.94.157.1 ! ! crypto pki trustpoint TP-self-signed-1670056258 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1670056258 revocation-check none rsakeypair TP-self-signed-1670056258 ! ! crypto pki certificate chain TP-self-signed-1670056258 certificate self-signed 01 30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31363730 30353632 3538301E 170D3032 30333032 30303532 33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36373030 35363235 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D1B7 9BA34C2F DD6D972F 6376321D D668C2C0 90EE3181 8872B498 6C951CCA BCCE0937 A8E01707 B7E9E9C9 BC97D255 FBC2DB86 F4D8F84C 888ADA0F 96BBAE80 68A3B9E8 1E795A08 924A0EBC 0A1A896B E6A0CC2C A0E973EE 97466991 52E56F74 7DC4ADC6 834D89C0 47AE4036 3B3A51D3 A91BCC80 5CE6843B 7DA68F9D 7E6101C8 BCA30203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 551D1104 0E300C82 0A414344 6574726F 69742E30 1F060355 1D230418 30168014 F1D1DC2C 2ED7878D E95E8027 183147CC 3264ADA6 301D0603 551D0E04 160414F1 D1DC2C2E D7878DE9 5E802718 3147CC32 64ADA630 0D06092A 864886F7 0D010104 05000381 81008510 B58A5E76 9FDA8040 61F09A9E 73216502 6B972415 5043F801 B746216D F575FFBD B45A0B8F 3DCCD455 EF7E91EB 0227D79B 74FA1777 CCFF6E64 0BB0DF76 0599DC74 0B0531E5 8DE2AEEC E1ECEA88 A4BBD0D6 37022A6D F2745BB1 9778F5F3 282DFD44 05867497 E504E4D5 2C6C9DBC 2896E596 804F62D8 435DA042 8ECB2102 7C94 quit ! ! username admin privilege 15 secret 5 $1$yMQf$uzi2Hs1tQOsjc96LCUTUt/ ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key ********** address 70.62.XXX.XXX no-xauth crypto isakmp key ********** address 69.2.XXX.XXX no-xauth ! ! crypto ipsec transform-set myset esp-3des esp-md5-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to 70.62.XXX.XXX set peer 70.62.XXX.XXX set transform-set myset match address 100 crypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel to 69.2.XXX.XXX set peer 69.2.XXX.XXX set transform-set myset match address 103 ! bridge irb ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description WAN Interface ip address 75.28.XXX.XXX 255.255.255.248 ip access-group 102 in ip inspect SDM_LOW out ip nat outside ip virtual-reassembly duplex auto speed auto crypto map SDM_CMAP_1 crypto ipsec df-bit set ! interface Dot11Radio0 no ip address ! encryption vlan 1 key 1 size 128bit 7 D3623E47603300B27F13446809F6 transmit-key encryption vlan 1 mode wep mandatory ! ssid acwlan vlan 1 authentication open guest-mode ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 rts threshold 2312 channel least-congested 2412 2437 2462 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 no ip address ip virtual-reassembly bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 description $FW_INSIDE$ ip address 192.168.4.200 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1300 ! ip route 0.0.0.0 0.0.0.0 75.28.XXX.XXX ! ip http server ip http secure-server ip nat inside source route-map nonat interface FastEthernet4 overload ! access-list 1 permit 192.168.4.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 100 permit ip 192.168.4.0 0.0.0.255 192.168.50.0 0.0.0.255 access-list 100 permit ip 192.168.4.0 0.0.0.255 192.168.221.0 0.0.0.255 access-list 101 permit ip any any access-list 102 permit tcp host 201.194.XXX.XXX host 75.28.XXX.XXXeq 22 access-list 102 permit ip 192.168.4.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 102 permit ip 192.168.4.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 102 permit udp host 69.2.XXX.XXX host 75.28.XXX.XXXeq non500-isakmp access-list 102 permit udp host 69.2.XXX.XXX host 75.28.XXX.XXXeq isakmp access-list 102 permit esp host 69.2.XXX.XXX host 75.28.XXX.XXX access-list 102 permit udp host 192.168.0.2 eq domain host 75.28.XXX.XXX access-list 102 permit udp host 192.168.0.253 eq domain host 75.28.XXX.XXX access-list 102 permit esp host 70.62.XXX.XXX host 75.28.XXX.XXX access-list 102 permit udp host 70.62.XXX.XXX host 75.28.XXX.XXXeq isakmp access-list 102 permit udp host 70.62.XXX.XXX host 75.28.XXX.XXXeq non500-isakmp access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.50.0 0.0.0.255 access-list 102 permit icmp any host 75.28.XXX.XXXecho-reply access-list 102 permit icmp any host 75.28.XXX.XXXtime-exceeded access-list 102 permit icmp any host 75.28.XXX.XXXunreachable access-list 102 permit tcp 12.37.XXX.XXX 0.0.0.63 host 75.28.XXX.XXXeq 22 access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.128.0 0.0.0.255 access-list 103 permit ip 192.168.4.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 103 permit ip 192.168.4.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 110 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 110 deny ip 192.168.4.0 0.0.0.255 192.168.50.0 0.0.0.255 access-list 110 deny ip 192.168.4.0 0.0.0.255 192.168.221.0 0.0.0.255 access-list 110 deny ip 192.168.4.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 110 deny ip 192.168.4.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 110 deny ip 192.168.4.0 0.0.0.255 192.168.51.0 0.0.0.255 access-list 110 deny ip 192.168.4.0 0.0.0.255 192.168.128.0 0.0.0.255 access-list 110 permit ip any any access-list 169 permit tcp host 192.168.4.5 host 192.168.0.7 eq smtp dialer-list 1 protocol ip permit ! ! route-map nonat permit 10 match ip address 110 ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 password 7 141453180F546B0B67 no modem enable line aux 0 password 7 00075215070B4A264C line vty 0 4 password 7 104D480A0647532B4F transport input all ! scheduler max-task-time 5000 end