Building configuration... Current configuration : 19297 bytes ! version 12.4 ! ! no ip domain lookup ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ! ! ! interface Loopback0 no ip address ! interface FastEthernet0 description $FW_OUTSIDE$ ip address 2.2.2.4 255.255.255.248 ip access-group 101 in ip verify unicast reverse-path ip nat outside ip inspect SDM_LOW out ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 description $FW_OUTSIDE$ ip address 1.1.1.3 255.255.255.248 ip access-group 102 in ip nat outside ip inspect SDM_LOW out ip virtual-reassembly no ip route-cache cef no ip route-cache shutdown duplex auto speed auto no cdp enable ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Virtual-Template1 type tunnel ip unnumbered Loopback0 tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 description LAN Interface$ES_LAN$$FW_INSIDE$ ip address 192.168.3.254 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ! ip local pool SDM_POOL_1 192.168.103.11 192.168.103.50 ip route 0.0.0.0 0.0.0.0 1.1.1.8 ip route 0.0.0.0 0.0.0.0 2.2.2.3 10 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map dhcp-nat interface FastEthernet1 overload ip nat inside source route-map fixed-nat interface FastEthernet0 overload ip nat inside source static tcp 192.168.3.205 20 1.1.1.3 20 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 21 1.1.1.3 21 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.175 80 1.1.1.3 80 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.175 443 1.1.1.3 443 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41100 1.1.1.3 41100 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41101 1.1.1.3 41101 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41102 1.1.1.3 41102 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41103 1.1.1.3 41103 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41104 1.1.1.3 41104 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41105 1.1.1.3 41105 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41106 1.1.1.3 41106 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41107 1.1.1.3 41107 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41108 1.1.1.3 41108 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41109 1.1.1.3 41109 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.205 41110 1.1.1.3 41110 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.1 25 1.1.1.4 25 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.1 80 1.1.1.4 80 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.1 143 1.1.1.4 143 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.1 443 1.1.1.4 443 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.1 993 1.1.1.4 993 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.201 80 1.1.1.5 80 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.201 443 1.1.1.5 443 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.202 80 1.1.1.6 80 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.202 443 1.1.1.6 443 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.203 80 1.1.1.7 80 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.203 443 1.1.1.7 443 route-map dhcp-nat extendable ip nat inside source static tcp 192.168.3.175 80 2.2.2.4 80 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.175 443 2.2.2.4 443 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.203 80 2.2.2.5 80 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.203 443 2.2.2.5 443 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.1 25 2.2.2.6 25 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.1 80 2.2.2.6 80 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.1 143 2.2.2.6 143 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.1 443 2.2.2.6 443 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.1 993 2.2.2.6 993 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 20 2.2.2.7 20 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 21 2.2.2.7 21 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.202 80 2.2.2.7 80 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.202 443 2.2.2.7 443 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41100 2.2.2.7 41100 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41101 2.2.2.7 41101 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41102 2.2.2.7 41102 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41103 2.2.2.7 41103 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41104 2.2.2.7 41104 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41105 2.2.2.7 41105 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41106 2.2.2.7 41106 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41107 2.2.2.7 41107 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41108 2.2.2.7 41108 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41109 2.2.2.7 41109 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.205 41110 2.2.2.7 41110 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.201 80 2.2.2.8 80 route-map fixed-nat extendable ip nat inside source static tcp 192.168.3.201 443 2.2.2.8 443 route-map fixed-nat extendable ! access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 permit udp any host 192.168.3.254 eq non500-isakmp access-list 100 permit udp any host 192.168.3.254 eq isakmp access-list 100 permit esp any host 192.168.3.254 access-list 100 permit ahp any host 192.168.3.254 access-list 100 deny ip 2.2.2.2 0.0.0.7 any access-list 100 deny ip 1.1.1.2 0.0.0.7 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp any host 2.2.2.4 eq non500-isakmp access-list 101 permit udp any host 2.2.2.4 eq isakmp access-list 101 permit esp any host 2.2.2.4 access-list 101 permit ahp any host 2.2.2.4 access-list 101 permit tcp any host 2.2.2.8 eq 443 access-list 101 permit tcp any host 2.2.2.8 eq www access-list 101 permit tcp any host 2.2.2.7 eq 443 access-list 101 permit tcp any host 2.2.2.7 eq www access-list 101 permit tcp any host 2.2.2.7 eq ftp access-list 101 permit tcp any host 2.2.2.7 eq ftp-data access-list 101 permit tcp any host 2.2.2.7 eq 41100 access-list 101 permit tcp any host 2.2.2.7 eq 41101 access-list 101 permit tcp any host 2.2.2.7 eq 41102 access-list 101 permit tcp any host 2.2.2.7 eq 41103 access-list 101 permit tcp any host 2.2.2.7 eq 41104 access-list 101 permit tcp any host 2.2.2.7 eq 41105 access-list 101 permit tcp any host 2.2.2.7 eq 41106 access-list 101 permit tcp any host 2.2.2.7 eq 41107 access-list 101 permit tcp any host 2.2.2.7 eq 41108 access-list 101 permit tcp any host 2.2.2.7 eq 41109 access-list 101 permit tcp any host 2.2.2.7 eq 41110 access-list 101 permit tcp any host 2.2.2.6 eq 443 access-list 101 permit tcp any host 2.2.2.6 eq www access-list 101 permit tcp any host 2.2.2.6 eq smtp access-list 101 permit tcp any host 2.2.2.6 eq 143 access-list 101 permit tcp any host 2.2.2.6 eq 993 access-list 101 permit tcp any host 2.2.2.5 eq 443 access-list 101 permit tcp any host 2.2.2.5 eq www access-list 101 permit tcp any host 2.2.2.4 eq 443 access-list 101 permit tcp any host 2.2.2.4 eq www access-list 101 deny ip 192.168.3.0 0.0.0.255 any access-list 101 permit icmp any host 2.2.2.4 echo-reply access-list 101 permit icmp any host 2.2.2.4 time-exceeded access-list 101 permit icmp any host 2.2.2.4 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 permit udp any host 1.1.1.3 eq non500-isakmp access-list 101 permit udp any host 1.1.1.3 eq isakmp access-list 101 permit esp any host 1.1.1.3 access-list 101 permit ahp any host 1.1.1.3 access-list 101 permit tcp any host 1.1.1.5 eq 443 access-list 101 permit tcp any host 1.1.1.5 eq www access-list 101 permit tcp any host 1.1.1.6 eq 443 access-list 101 permit tcp any host 1.1.1.6 eq www access-list 101 permit tcp any host 1.1.1.3 eq ftp access-list 101 permit tcp any host 1.1.1.3 eq ftp-data access-list 101 permit tcp any host 1.1.1.3 eq 41100 access-list 101 permit tcp any host 1.1.1.3 eq 41101 access-list 101 permit tcp any host 1.1.1.3 eq 41102 access-list 101 permit tcp any host 1.1.1.3 eq 41103 access-list 101 permit tcp any host 1.1.1.3 eq 41104 access-list 101 permit tcp any host 1.1.1.3 eq 41105 access-list 101 permit tcp any host 1.1.1.3 eq 41106 access-list 101 permit tcp any host 1.1.1.3 eq 41107 access-list 101 permit tcp any host 1.1.1.3 eq 41108 access-list 101 permit tcp any host 1.1.1.3 eq 41109 access-list 101 permit tcp any host 1.1.1.3 eq 41110 access-list 101 permit tcp any host 1.1.1.4 eq 443 access-list 101 permit tcp any host 1.1.1.4 eq www access-list 101 permit tcp any host 1.1.1.4 eq smtp access-list 101 permit tcp any host 1.1.1.4 eq 143 access-list 101 permit tcp any host 1.1.1.4 eq 993 access-list 101 permit tcp any host 1.1.1.7 eq 443 access-list 101 permit tcp any host 1.1.1.7 eq www access-list 101 permit tcp any host 1.1.1.3 eq 443 access-list 101 permit tcp any host 1.1.1.3 eq www access-list 102 remark auto generated by SDM firewall configuration access-list 102 remark SDM_ACL Category=1 access-list 102 permit udp any host 1.1.1.3 eq non500-isakmp access-list 102 permit udp any host 1.1.1.3 eq isakmp access-list 102 permit esp any host 1.1.1.3 access-list 102 permit ahp any host 1.1.1.3 access-list 102 permit tcp any host 1.1.1.5 eq 443 access-list 102 permit tcp any host 1.1.1.5 eq www access-list 102 permit tcp any host 1.1.1.6 eq 443 access-list 102 permit tcp any host 1.1.1.6 eq www access-list 102 permit tcp any host 1.1.1.3 eq ftp access-list 102 permit tcp any host 1.1.1.3 eq ftp-data access-list 102 permit tcp any host 1.1.1.3 eq 41100 access-list 102 permit tcp any host 1.1.1.3 eq 41101 access-list 102 permit tcp any host 1.1.1.3 eq 41102 access-list 102 permit tcp any host 1.1.1.3 eq 41103 access-list 102 permit tcp any host 1.1.1.3 eq 41104 access-list 102 permit tcp any host 1.1.1.3 eq 41105 access-list 102 permit tcp any host 1.1.1.3 eq 41106 access-list 102 permit tcp any host 1.1.1.3 eq 41107 access-list 102 permit tcp any host 1.1.1.3 eq 41108 access-list 102 permit tcp any host 1.1.1.3 eq 41109 access-list 102 permit tcp any host 1.1.1.3 eq 41110 access-list 102 permit tcp any host 1.1.1.4 eq 443 access-list 102 permit tcp any host 1.1.1.4 eq www access-list 102 permit tcp any host 1.1.1.4 eq smtp access-list 102 permit tcp any host 1.1.1.4 eq 143 access-list 102 permit tcp any host 1.1.1.4 eq 993 access-list 102 permit tcp any host 1.1.1.7 eq 443 access-list 102 permit tcp any host 1.1.1.7 eq www access-list 102 permit tcp any host 1.1.1.3 eq 443 access-list 102 permit tcp any host 1.1.1.3 eq www access-list 102 deny ip 2.2.2.2 0.0.0.7 any access-list 102 deny ip 192.168.3.0 0.0.0.255 any access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable access-list 102 deny ip 10.0.0.0 0.255.255.255 any access-list 102 deny ip 172.16.0.0 0.15.255.255 any access-list 102 deny ip 192.168.0.0 0.0.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip any any log access-list 103 remark SDM_ACL Category=4 access-list 103 permit ip 192.168.3.0 0.0.0.255 any access-list 110 permit ip 192.168.3.0 0.0.0.255 any access-list 199 deny tcp host 192.168.3.175 eq www any access-list 199 deny tcp host 192.168.3.175 eq 443 any access-list 199 deny tcp host 192.168.3.203 eq www any access-list 199 deny tcp host 192.168.3.203 eq 443 any access-list 199 deny tcp host 192.168.3.1 eq smtp any access-list 199 deny tcp host 192.168.3.1 eq www any access-list 199 deny tcp host 192.168.3.1 eq 443 any access-list 199 deny tcp host 192.168.3.205 eq ftp-data any access-list 199 deny tcp host 192.168.3.205 eq ftp any access-list 199 deny tcp host 192.168.3.202 eq www any access-list 199 deny tcp host 192.168.3.202 eq 443 any access-list 199 deny tcp host 192.168.3.201 eq 443 any access-list 199 deny tcp host 192.168.3.201 eq www any access-list 199 permit ip 192.168.3.0 0.0.0.255 any no cdp run ! ! ! route-map fixed-nat permit 10 match ip address 110 match interface FastEthernet0 ! route-map dhcp-nat permit 10 match ip address 110 match interface FastEthernet1 ! ! ! !