SR520#show running-config Building configuration... Current configuration : 7777 bytes version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname SR520 boot-start-marker boot-end-marker logging message-counter syslog enable secret 5 $1$ aaa new-model aaa authentication login default local aaa authorization exec default local aaa session-id common crypto pki trustpoint TP-self-signed-1387388407 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1387388407 revocation-check none rsakeypair TP-self-signed-1387388407 crypto pki certificate chain TP-self-signed-1387388407 certificate self-signed 01 3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 dot11 syslog ip source-route ip dhcp excluded-address 192.168.3.1 192.168.3.10 ip dhcp pool inside import all network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 ip cef ip name-server 10.1.1.10 ip port-map user-ezvpn-remote port udp 10000 no ipv6 cef multilink bundle-name authenticated username xxxx privilege 15 secret 5 qf1lA8XW0 crypto ipsec client ezvpn EZVPN_REMOTE_CONNECTION_1 connect auto group EZVPN_GROUP_1 key xxxxxxx mode client peer xx.60.101.154 virtual-interface 2 xauth userid mode http-intercept archive log config hidekeys class-map type inspect match-any SDM_AH match access-group name SDM_AH class-map type inspect match-any CMAP_non500isakmp match access-group 103 class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any SDM_ESP match access-group name SDM_ESP class-map type inspect match-any CMAP_isakmp match access-group 102 class-map type inspect match-any SDM_EASY_VPN_REMOTE_TRAFFIC match class-map SDM_AH match class-map SDM_ESP match class-map CMAP_isakmp match class-map CMAP_non500isakmp class-map type inspect match-all SDM_EASY_VPN_REMOTE_PT match class-map SDM_EASY_VPN_REMOTE_TRAFFIC match access-group 101 class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all dhcp_out_self match access-group name dhcp-resp-permit class-map type inspect match-all dhcp_self_out match access-group name dhcp-req-permit class-map type inspect match-all sdm-protocol-http match protocol http policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class type inspect dhcp_self_out pass class type inspect sdm-cls-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-cls-insp-traffic inspect class type inspect SDM-Voice-permit pass class type inspect sdm-invalid-src drop log class type inspect sdm-protocol-http inspect class class-default drop policy-map type inspect sdm-inspect-voip-in class type inspect SDM-Voice-permit pass class class-default drop policy-map type inspect sdm-permit class type inspect SDM_EASY_VPN_REMOTE_PT pass class type inspect dhcp_out_self pass class class-default drop zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-in source out-zone destination in-zone service-policy type inspect sdm-inspect-voip-in zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect interface FastEthernet0 switchport access vlan 75 interface FastEthernet1 switchport access vlan 75 interface FastEthernet2 switchport access vlan 75 interface FastEthernet3 switchport access vlan 75 interface FastEthernet4 description $FW_OUTSIDE$ ip address xx.8.140.226 255.255.255.248 ip nat outside ip virtual-reassembly zone-member security out-zone duplex auto speed auto crypto ipsec client ezvpn EZVPN_REMOTE_CONNECTION_1 interface Virtual-Template2 type tunnel no ip address tunnel mode ipsec ipv4 interface Vlan1 no ip address interface Vlan75 description $FW_INSIDE$ ip address 192.168.3.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone crypto ipsec client ezvpn EZVPN_REMOTE_CONNECTION_1 inside ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 xx.8.140.225 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ip access-list extended SDM_AH remark SDM_ACL Category=1 permit ahp any any ip access-list extended SDM_ESP remark SDM_ACL Category=1 permit esp any any ip access-list extended dhcp-req-permit remark SDM_ACL Category=1 permit udp any eq bootpc any eq bootps ip access-list extended dhcp-resp-permit permit udp any eq bootps any eq bootpc access-list 1 permit 192.168.3.0 0.0.0.255 access-list 1 remark allow all traffic out of the router access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip xx.8.140.224 0.0.0.7 any access-list 101 remark SDM_ACL Category=128 access-list 101 permit ip host xx.60.101.154 any access-list 102 remark SDM_ACL Category=1 access-list 102 permit udp any any eq isakmp access-list 103 remark SDM_ACL Category=1 access-list 103 permit udp any any eq non500-isakmp control-plane banner login ^CSR520 Base Config - MFG 1.0 ^C line con 0 no modem enable line aux 0 line vty 0 4 transport input telnet ssh scheduler max-task-time 5000 end