=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.02.26 19:36:05 =~=~=~=~=~=~=~=~=~=~=~= login as: admin Using keyboard-interactive authentication. Password: ASRouter_Acacia#show run Building configuration... Current configuration : 7487 bytes ! ! Last configuration change at 09:01:28 UTC Sun Feb 26 2017 by admin version 15.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ASRouter_Acacia ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login default local aaa authentication login actionclient local aaa authorization exec default local --More-- aaa authorization network action_vpn local ! ! ! ! ! aaa session-id common ! crypto pki trustpoint TP-self-signed-2511652494 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2511652494 revocation-check none rsakeypair TP-self-signed-2511652494 ! ! crypto pki certificate chain TP-self-signed-2511652494 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32353131 36353234 3934301E 170D3134 30383237 32323333 34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35313136 35323439 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 --More-- 8100C640 F454012C D6512C79 475593B6 7848BFA3 68C8AF5F 4827CBA2 53BC9797 681261E8 3C1C9732 299BAE99 4736DFF7 E68331D4 7ACA7C0E FDCDB4CF DB83645B 467E13E6 281AF958 4D263C37 7ED7DEFB CD741764 36A3ACAA C81834F8 E62856D4 585124F9 FCD9DEE0 6F8D9740 5A0B1C33 2DD70CD6 75879469 19434872 A94335B6 6CC10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14C5CB0A C73AC9DE 08FDEED5 292BDEC2 CBB8A06B 35301D06 03551D0E 04160414 C5CB0AC7 3AC9DE08 FDEED529 2BDEC2CB B8A06B35 300D0609 2A864886 F70D0101 05050003 81810065 AA23E043 55FB3546 59CA9F10 FA4F9B58 255A4792 C20A0CC9 DF25451A C2E4262F 0ED8DC89 0563B2BA 17CC2E4C 95B93B8B 15B3339B BCE3E093 68F6072B 88C70042 1EA5314C A991DA61 4167D6D6 E546370D 8CF451B0 1B93C62A 6231A6DB 23791CEB 3BDEBADB C5F01897 B5CB1A4D F9D1071B 1C9D94BB 662270AB 7A079A60 F76CDC quit ! ! ! ! ! ! no ip domain lookup ip domain name yourdomain.com ip name-server 203.12.160.35 ip name-server 203.12.160.36 --More-- ip cef no ipv6 cef ! ! license udi pid C881W-A-K9 sn FTX1835838J license accept end user agreement license boot module c800 level advsecurity ! ! username VOIP privilege 5 secret 4 5QbhK5MCQqlY.1C5tyNtEl5uFAC/vL0eluG7LsEhroE username MALCOLM privilege 5 secret 4 wzjDDWEq5.uccFeU59Du.fNSu7x7CGR0TIdQtoLDzwU username ADMINISTRATOR privilege 15 secret 4 ZKPXeNMfHaojQRLrCfFWVmHFjwfqw/OB6QRg1I4C74w username TRACY privilege 5 secret 4 bdaKRuU5uaF9tL326qvbGw25GBr6BGY7W6kCcLIMvrc username ROSS privilege 5 secret 4 aLiTlkf40.AWyJrulWbnaJ7nucYgRtSVV0j2yc7KaiE username CHRISP privilege 5 secret 4 2AyD2U2nJdkdAzY36OoTjTmovyx3PDXonWDBwh/V63k username SYRINX privilege 5 secret 4 FLpzvFp1bhbaxN50wMfb.4qiy1zNSxp70LMh9UoUKYo username ARONP privilege 5 secret 4 5p0y1.yQQ2HMKYtAn.VrdCP57o5O9pwu4.Ds5BHNDMA username ADMIN privilege 15 secret 4 Bul85K2KWhGGfo8j/1dYldWOk0TanFDjzuB.NCXpjtw username ALANKON privilege 15 secret 4 iftEVHyH06RaPDnG4tjE/ZWoCcweH.oXLmSxoqsPv0k username LEANNE privilege 5 secret 4 61tMpuKbUm4GIBtfaR77VenTNcHwhVW8PDPVq82LvnY --More-- username MATHEW privilege 5 secret 4 WTRpk9DqGuBFVfXfAp56vNIT2BYNJIHqJ5LO78.C7vA ! ! ! ! ! ! ! crypto isakmp policy 1 encr aes authentication pre-share group 2 ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key S2SVPN!2#4 address 139.130.56.72 ! crypto isakmp client configuration group Action key 33234500 dns 192.168.15.18 --More-- pool VPN-IP-POOL acl VPN-SPLIT-TUN include-local-lan max-users 10 netmask 255.255.255.0 crypto isakmp profile VPN-PROFILE match identity group Action client authentication list actionclient isakmp authorization list action_vpn client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set IPSEC-TR esp-aes esp-sha-hmac mode tunnel crypto ipsec transform-set Albany_VPN esp-3des esp-md5-hmac mode tunnel ! crypto ipsec profile IPSEC-PROFILE set transform-set IPSEC-TR set isakmp-profile VPN-PROFILE ! ! --More-- ! crypto map Albany_VPN 10 ipsec-isakmp set peer 139.130.56.72 set security-association lifetime seconds 86400 set transform-set Albany_VPN set pfs group2 match address 101 ! ! ! ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 switchport access vlan 20 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 --More-- no ip address ! interface FastEthernet4 no ip address no ip redirects no ip unreachables no ip proxy-arp duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Virtual-Template1 type tunnel ip unnumbered Dialer0 no ip redirects no ip proxy-arp tunnel mode ipsec ipv4 tunnel protection ipsec profile IPSEC-PROFILE ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP no ip address ! --More-- interface wlan-ap0 description Service module interface to manage the embedded AP ip unnumbered Vlan1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 192.168.15.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan20 ip address 192.168.20.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Dialer0 ip address 203.87.9.178 255.255.255.252 ip mtu 1492 ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 --More-- dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username max137343 password 7 055A555872181D04181D no cdp enable ! ip local pool VPN-IP-POOL 192.168.4.100 192.168.4.120 ip forward-protocol nd no ip http server ip http access-class 23 ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source list NAT-PERMIT interface Dialer0 overload ip nat inside source static tcp 192.168.15.201 1880 interface Dialer0 80 ip nat inside source static tcp 192.168.15.14 3389 interface Dialer0 3389 ip nat inside source static tcp 192.168.15.5 8016 interface Dialer0 8016 ip nat inside source static tcp 192.168.15.5 8116 interface Dialer0 8116 ip nat inside source static tcp 192.168.15.5 8200 interface Dialer0 8200 ip nat inside source static tcp 192.168.15.5 8201 interface Dialer0 8201 ip nat inside source static tcp 192.168.15.5 10019 interface Dialer0 10019 ip route 0.0.0.0 0.0.0.0 Dialer0 --More-- ! ip access-list standard NAT-PERMIT permit 192.168.0.0 0.0.255.255 ! ip access-list extended S2S_VPN permit ip 192.168.15.0 0.0.0.255 192.168.16.0 0.0.0.255 ip access-list extended VPN-SPLIT-TUN permit ip 192.168.15.0 0.0.0.255 any permit ip 192.168.20.0 0.0.0.255 any ! dialer-list 1 protocol ip permit ! access-list 23 permit 120.88.175.152 access-list 23 permit 139.130.56.72 access-list 23 permit 192.168.15.0 0.0.0.255 access-list 101 permit ip 192.168.15.0 0.0.0.255 192.168.16.0 0.0.0.255 ! ! ! ! line con 0 privilege level 15 logging synchronous --More-- no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line vty 0 4 access-class 23 in privilege level 15 logging synchronous transport input ssh line vty 5 15 access-class 23 in privilege level 15 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ! end ASRouter_Acacia# exit