Current configuration : 8332 bytes ! ! Last configuration change at 10:14:22 METDST Thu Nov 9 2006 by cemar ! NVRAM config last updated at 10:39:07 METDST Mon Nov 6 2006 by cemar ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname cliente ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 52000 debugging enable secret XXXXXX ! aaa new-model ! ! aaa authentication login default local aaa authentication login vpnauthen local aaa authorization exec default local aaa authorization network vpnauthor local ! aaa session-id common ! resource policy ! clock timezone METDST 1 clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 2:00 no ip source-route ip cef ! ! ! ! no ip domain lookup ip domain name cisco.com ip sap cache-timeout 30 ip ssh time-out 30 ip ssh authentication-retries 2 ! isdn switch-type basic-net3 ! crypto pki trustpoint TP-self-signed-2733944567 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2733944567 revocation-check none rsakeypair TP-self-signed-2733944567 ! ! crypto pki certificate chain TP-self-signed-2733944567 certificate self-signed 02 30820255 308201BE A0030201 02020102 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32373333 39343435 3637301E 170D3036 31313033 30383434 33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37333339 34343536 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AC45 ABCAB3AF 3B29618D 8F3549F4 A31F4472 A8AF6883 5DD58075 30055C87 54ACE18F BCF41547 86D5129E A679EC4A C6F845B9 5126B9A8 AE4F1328 10BE72C6 3794A464 A6635F21 1C572131 50E77FB7 7F877730 B11495E7 DDF42506 AA68F7D5 843E1A32 BD654E82 F5F28AF3 02539130 4D6FFD5E 38CDBBC0 8508D735 D48E2087 03A90203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603 551D1104 21301F82 1D43656D 6172416C 74655F31 3834312E 63656D61 7267726F 75702E63 6F6D301F 0603551D 23041830 168014BE 821AD184 7E1B329B 5585E45F 72A1B320 DF425A30 1D060355 1D0E0416 0414BE82 1AD1847E 1B329B55 85E45F72 A1B320DF 425A300D 06092A86 4886F70D 01010405 00038181 0015B959 BB20F7AB C0AD4A2C 47643CCB 4710CD89 C1F2C169 0902D1C0 28A6E63C A3C0F61D 8277405D 25D239E6 7A42B695 39C6A9D9 44F0D2AC 2CD1661F 79A49A41 3740B2D9 328A8CAD 1A746DC2 844E8747 5EEFA0A9 B12B7B90 69FED45B 60EA941E 2AD01CDE 18FC334E 1D6833F0 D1BC09C3 922E0E85 2A97C478 6B6554DB 7CB7A02E 50 quit username XXXX privilege 15 password XXXXXXXX ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 authentication pre-share crypto isakmp key cemar9876 address remote_ip1 no-xauth crypto isakmp key cemar9876 address remote_ip2 no-xauth crypto isakmp key cemar9876 address remote_ip3 no-xauth crypto isakmp keepalive 90 12 ! crypto isakmp client configuration group alfa key XXXXXXXX dns 62.94.0.1 62.94.0.2 pool vpnpool acl 195 save-password ! crypto isakmp client configuration group beta key XXXXXXXX dns 213.234.128.211 wins 192.168.3.254 pool vpn acl 193 ! ! crypto ipsec transform-set 160cemar esp-des esp-md5-hmac crypto ipsec transform-set 170cemar esp-des esp-md5-hmac crypto ipsec transform-set 180cemar esp-des esp-md5-hmac crypto ipsec transform-set 195cemar esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 description Client VPN set transform-set 195cemar reverse-route ! ! crypto map CMAP_1 client authentication list vpnauthen crypto map CMAP_1 isakmp authorization list vpnauthor crypto map CMAP_1 client configuration address respond crypto map CMAP_1 1 ipsec-isakmp description Tunnel to remote1 set peer remote_ip1 set transform-set 160cemar match address 105 crypto map CMAP_1 2 ipsec-isakmp description Tunnel to remote2 set peer remote_ip2 set transform-set 160cemar match address 106 crypto map CMAP_1 3 ipsec-isakmp description Tunnel to remote3 set peer remote_ip3 set transform-set 160cemar match address 107 crypto map CMAP_1 10 ipsec-isakmp dynamic dynmap ! ! ! ! interface FastEthernet0/0 ip address 192.168.3.254 255.255.255.0 no ip proxy-arp ip nat inside no ip virtual-reassembly no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto no cdp enable ! interface BRI0/0/0 no ip address no ip redirects no ip proxy-arp encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 isdn point-to-point-setup no cdp enable ! interface Serial0/1/0 description *** INTERFACCIA WAN HDSL *** no ip address encapsulation frame-relay IETF no fair-queue frame-relay traffic-shaping ! interface Serial0/1/0 description *** INTERFACCIA WAN HDSL *** no ip address encapsulation frame-relay IETF no fair-queue frame-relay traffic-shaping ! interface Serial0/1/0.1 point-to-point no cdp enable frame-relay interface-dlci 20 ppp Virtual-Template1 class frshaping ! interface Virtual-Template1 bandwidth 384 ip address XXXXXXXXXXXXXXX no ip proxy-arp ip nat outside no ip virtual-reassembly ppp chap hostname XXXXXXXXXXXXXXX ppp chap password XXXXXXXXXXXXX crypto map CMAP_1 ! ! ip local pool vpn 192.168.15.10 192.168.15.15 ip local pool vpnpool 192.168.10.11 ip route 0.0.0.0 0.0.0.0 62.94.58.1 ! ! no ip http server ip http access-class 23 ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map ROUTEMAP_1 interface Virtual-Template1 overload ! ! map-class frame-relay frshaping frame-relay cir 1459200 frame-relay bc 1000 frame-relay be 0 frame-relay fair-queue logging trap warnings access-list 23 remark ACCESSO HTTP access-list 23 permit 192.168.3.0 0.0.0.255 access-list 23 permit 192.168.2.0 0.0.0.255 access-list 23 permit 192.168.1.0 0.0.0.255 access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 101 deny ip 192.168.3.0 0.0.0.255 192.192.1.0 0.0.0.255 access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.15.0 0.0.0.255 access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 any access-list 105 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 106 permit ip 192.168.3.0 0.0.0.255 192.192.1.0 0.0.0.255 access-list 107 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 108 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 193 permit ip 192.168.3.0 0.0.0.255 192.168.15.0 0.0.0.255 access-list 195 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255 dialer watch-list 1 ip 62.94.58.1 255.255.255.255 dialer watch-list 1 delay route-check initial 90 dialer watch-list 1 delay connect 5 dialer watch-list 1 delay disconnect 60 no cdp run ! ! route-map ROUTEMAP_1 permit 1 match ip address 101 ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 sntp server 207.46.130.100 sntp broadcast client end