! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ETH-WAN$ ip address dhcp client-id FastEthernet4 ip access-group WANinbound in ip access-group WANoutbound out no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto map SDM_CMAP_1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 70.x.x.1 255.255.255.0 ip access-group VLANin in ip access-group VLANout out no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! ip classless ip route 168.x.x.x 255.255.255.255 FastEthernet4 ip route 168.x.x.x 255.255.255.255 FastEthernet4 ip route 168.x.x.x 255.255.255.255 FastEthernet4 ip route 168.x.x.x 255.255.255.255 FastEthernet4 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload ip nat inside source static tcp 70.x.x.99 21 65.x.x.163 21 extendable ip nat inside source static tcp 70.x.x.99 22 65.x.x.163 22 extendable ip nat inside source static tcp 70.x.x.99 80 65.x.x.163 80 extendable ip nat inside source static tcp 70.x.x.123 65.x.x.163 extendable ip nat inside source static tcp 70.x.x.123 3389 65.x.x.163 3389 extendable ! ip access-list extended EVPN remark SDM_ACL Category=4 permit ip host 70.x.x.123 host 168.x.x.x permit ip host 70.x.x.123 host 168.x.x.x permit ip host 70.x.x.123 host 168.x.x.x permit ip host 70.x.x.123 host 168.x.x.x ip access-list extended VLANin remark LAN in bound ACL remark SDM_ACL Category=1 permit gre any any permit ip any any ip access-list extended VLANout remark VLAN outbound remark SDM_ACL Category=1 permit gre any any permit ip any any ip access-list extended WANinbound remark SDM_ACL Category=1 permit ip host 168.x.x.x host 70.x.x.123 permit ip host 168.x.x.x host 70.x.x.123 permit ip host 168.x.x.x host 70.x.x.123 permit ip host 168.x.x.x host 70.x.x.123 permit udp host 168.x.x.x any eq non500-isakmp permit udp host 168.x.x.x any eq isakmp permit esp host 168.x.x.x any permit ahp host 168.x.x.x any permit tcp any eq 3389 any eq 3389 permit tcp any eq any eq permit gre any any permit ip any any ip access-list extended WANoutbound remark SDM_ACL Category=1 permit icmp any any permit tcp any eq www any eq www permit ip any any ! access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 70.x.x.0 0.0.0.255 access-list 100 remark SDM_ACL Category=2 access-list 100 deny ip host 70.x.x.123 host 168.x.x.x access-list 100 deny ip host 70.x.x.123 host 168.x.x.x access-list 100 deny ip host 70.x.x.123 host 168.x.x.x access-list 100 deny ip host 70.x.x.123 host 168.x.x.x access-list 100 permit ip 70.x.x.0 0.0.0.255 any no cdp run route-map SDM_RMAP_1 permit 1 match ip address 100 ! !