! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname Router ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 xxxxxxxxxxxxxxx ! aaa new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! aaa session-id common ! resource policy ! memory-size iomem 10 no ip source-route ip tcp synwait-time 10 ! ! ip cef ! ! no ip bootp server ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! crypto pki trustpoint TP-self-signed-692081809 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-692081809 revocation-check none rsakeypair TP-self-signed-692081809 ! ! crypto pki certificate chain TP-self-signed-692081809 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer ! ! ! ! ! ! ! ! ! ! ! username xxxxxxx privilege 15 password 7 xxxxxxxxxxxxxx ! ! ! ! ! ! interface Null0 no ip unreachables ! interface ATM0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode itu-dmt dsl enable-training-log pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0/0 description LAN ip address 192.168.0.254 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown duplex auto speed auto ! interface Dialer1 description WAN ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect SDM_LOW out ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 ppp chap hostname xxxxxxxxxxxx ppp chap password 7 xxxxxxxxxxx ! no ip http server ip http access-class 3 ip http secure-server ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! ip nat inside source list 1 interface Dialer1 overload ip nat inside source static tcp 192.168.0.253 21 x.x.x.x 21 extendable ip nat inside source static tcp 192.168.0.253 80 x.x.x.x 80 extendable ip nat inside source static tcp 192.168.0.253 1723 x.x.x.x 1723 extendable ip nat inside source static tcp 192.168.0.253 3389 x.x.x.x 3389 extendable ip nat inside source static tcp 192.168.0.253 6129 x.x.x.x 6129 extendable ip nat inside source static tcp 192.168.0.253 27015 x.x.x.x 27015 extendable ip nat inside source static udp 192.168.0.253 27015 x.x.x.x 27015 extendable ! logging trap debugging access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.0.0 0.0.0.255 access-list 3 remark HTTP Access-class list access-list 3 remark SDM_ACL Category=1 access-list 3 permit 192.168.0.0 0.0.0.255 access-list 3 deny any access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 remark Auto generated by SDM for NTP (123) 192.168.0.253 access-list 100 permit udp host 192.168.0.253 eq ntp host 192.168.0.254 eq ntp access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp any host x.x.x.x eq 27015 access-list 101 permit tcp any host x.x.x.x eq 27015 access-list 101 permit tcp any host x.x.x.x eq 6129 access-list 101 permit tcp any host x.x.x.x eq 3389 access-list 101 permit tcp any host x.x.x.x eq 1723 access-list 101 permit tcp any host x.x.x.x eq www access-list 101 permit tcp any host x.x.x.x eq ftp access-list 101 deny ip 192.168.0.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log no cdp run ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 password 7 xxxxxxxxxxxx login authentication local_authen transport output telnet line aux 0 password 7 xxxxxxxxxxxx login authentication local_authen transport output telnet line vty 0 4 access-class 2 in authorization exec local_author login authentication local_authen transport input telnet ssh ! scheduler allocate 4000 1000 ntp clock-period 17179862 ntp server 192.168.0.253 source FastEthernet0/0 prefer ! end