Building configuration... Current configuration : 8364 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname rotech01 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$rILO$bGw2ceLy7qmLInnIQh8Xs0 ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! aaa session-id common ! resource policy ! clock timezone PCTime 10 no ip source-route ip cef ! ! ! ! ip tcp synwait-time 10 no ip bootp server ip domain name rotechaust.com.au ip name-server 203.0.178.191 ip ssh time-out 60 ip ssh authentication-retries 2 ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ! ! crypto pki trustpoint TP-self-signed-330683186 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-330683186 revocation-check none rsakeypair TP-self-signed-330683186 ! ! crypto pki certificate chain TP-self-signed-330683186 certificate self-signed 01 30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333036 38333138 36301E17 0D303630 39313430 38323133 385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3333 30363833 31383630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 E27CCDAD 6AA0F77D D00786C9 F2AD1F43 3953E7EC C915A035 09C863FC E75C7935 BAA5AFCE B1282743 0C2F38DD 7DEEB593 2A36633F 51E1670F E6A4D2F4 1A9803E2 2A1CE6FE 6B9D4297 1BCA3E0E 5BA19D83 65C13006 C47CEAF4 7D36F4FD 0A18EC84 1C3AFE70 9C745FD1 13C15BBE A778C232 226A68FC F362D8CC 3C3585EF 94BAE071 02030100 01A37A30 78300F06 03551D13 0101FF04 05300301 01FF3025 0603551D 11041E30 1C821A72 6F746563 6830312E 726F7465 63686175 73742E63 6F6D2E61 75301F06 03551D23 04183016 80149641 6FA3B70D F76376F3 E74EE3CB E2AA888D C306301D 0603551D 0E041604 1496416F A3B70DF7 6376F3E7 4EE3CBE2 AA888DC3 06300D06 092A8648 86F70D01 01040500 03818100 06401AD6 7AFD824D FEF46CDA 812E6F43 AD1CA639 8AD8E040 BA64C05E 6E9A7FE5 6C98DF5A F3C040E9 B9853C50 B3E2870C 535E6D32 8EA40195 9AE609CE 12649DCE DE958472 1D1122C3 D9C27F3B 34B7DB7C A02CF6E0 A98E7535 3256CD3A C717CE34 B600F287 383E2434 555B10D0 9935658A D97C9EA6 22317D97 EDE65EAE 9C8E9A3F quit username bill privilege 15 secret 5 $1$N5Mh$uIxIJ6b8mxn2znKCU6.TC/ username gareth privilege 15 secret 5 $1$br6B$z7Hs1VQH4bk7Tq8nKtaTa1 username Rotech secret 5 $1$i2Jm$7OVdnaotV0.pYpnnHM/m8. ! ! ! ! ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description $ES_WAN$$FW_OUTSIDE$ no snmp trap link-status pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.160.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group ip-in in ip access-group ip-out out no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname jeffweigh@iinet.net.au ppp chap password 7 1504035517282E202F24 ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.160.3 25 203.206.143.86 25 extendable ip nat inside source static tcp 192.168.160.3 443 203.206.143.86 443 extendable ip nat inside source static tcp 192.168.160.10 3389 203.206.143.86 3389 extendable ip nat inside source static tcp 192.168.160.3 4125 203.206.143.86 4125 extendable ip nat inside source static tcp 192.168.160.10 5900 203.206.143.86 5900 extendable ! ip access-list extended ip-in remark In list Rotech remark ICMP network management permit icmp any any time-exceeded permit icmp any any traceroute permit icmp any any packet-too-big permit icmp any any unreachable permit icmp any any echo-reply remark IPSEC config rules permit ahp any host 203.206.143.86 permit esp any host 203.206.143.86 permit udp any host 203.206.143.86 eq isakmp permit udp any host 203.206.143.86 eq non500-isakmp remark Permit ports for RWW or OWA permit tcp any host 203.206.143.86 eq 443 permit tcp any host 203.206.143.86 eq 444 permit tcp any host 203.206.143.86 eq 3389 permit tcp any host 203.206.143.86 eq 1723 permit tcp any host 203.206.143.86 eq 4125 remark Permit VPN pool access to everything permit ip 192.168.160.0 0.0.0.255 any remark Permit support fron Hi-Tech Agencies permit ip host 202.124.35.162 host 203.206.143.86 permit ip host 202.124.43.130 host 203.206.143.86 remark Permit support fron G&A permit ip host 203.206.187.213 host 203.206.143.86 remark Permit return traffic evaluate di0traffic deny ip any any log ip access-list extended ip-out remark Out List for Overells remark permit return traffic to VPN client permit ip any 192.168.160.0 0.0.0.255 remark Permit return IPSEC traffic permit esp any any permit ahp any any remark Create return traffic rules dynamically permit tcp any any reflect di0traffic permit udp any any reflect di0traffic permit icmp any any reflect di0traffic deny ip any any log ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.160.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 remark Auto generated by SDM for NTP (123) 192.189.54.33 access-list 101 permit udp host 192.189.54.33 eq ntp any eq ntp access-list 101 permit udp host 144.140.71.29 eq domain any access-list 101 permit udp host 144.140.70.30 eq domain any access-list 101 deny ip 192.168.160.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any dialer-list 1 protocol ip permit no cdp run ! ! ! ! control-plane ! banner login ^CCCAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user! ^C ! line con 0 no modem enable transport output telnet line aux 0 transport output telnet line vty 0 4 transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ntp clock-period 17175132 ntp server 192.189.54.33 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end