CSPS CBCI VPN router – 1 Dec 08 KED1CSPSVPNr01#sh run Building configuration... Current configuration : 3006 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname KED1CSPSVPNr01 ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging enable secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ! no aaa new-model ! resource policy ! ! ! ip cef no ip domain lookup ! ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key cbc1+CSPS08 address 8.10.15.130 no-xauth ! ! crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac ! crypto map outside 10 ipsec-isakmp description Tunnel to CBCI set peer 8.10.15.130 set transform-set 3DES-SHA match address 100 ! ! ! interface Ethernet0 description connected to CSPS Firewall DMZ-2 ip address 192.168.13.2 255.255.255.0 ip virtual-reassembly no ip mroute-cache no cdp enable ! interface Ethernet1 description CSPS SCNet segment ip address 98.10.18.120 255.255.255.128 duplex full crypto map outside ! interface Ethernet2 no ip address shutdown ! interface FastEthernet1 description connected to firewall duplex full speed 100 ! interface FastEthernet2 shutdown duplex auto speed auto ! interface FastEthernet3 shutdown duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 98.10.18.9 ip route 10.0.0.0 255.0.0.0 192.168.13.1 no ip http server no ip http secure-server ! ! access-list 1 permit 192.168.13.1 access-list 1 permit 205.192.50.0 0.0.0.31 access-list 100 permit ip 10.0.0.0 0.255.255.255 172.30.0.0 0.0.255.255 access-list 100 permit ip 192.168.13.0 0.0.0.255 172.30.0.0 0.0.0.255 access-list 111 permit esp host 8.10.15.130 host 98.10.18.120 access-list 111 permit udp host 8.10.15.130 host 98.10.18.120 eq isakmp access-list 111 permit udp host 8.10.15.130 host 98.10.18.120 eq non500-isakmp access-list 111 deny ip any any log access-list 199 remark **Permit SNMP, SNMPTRAP, HTTPS, ICMP, SSH Back to CBCI** access-list 199 permit udp 10.0.0.0 0.255.0.255 eq snmp 172.30.1.0 0.0.0.255 access-list 199 permit udp 10.0.0.0 0.255.0.255 eq snmptrap 172.30.1.0 0.0.0.255 access-list 199 permit icmp 10.0.0.0 0.255.0.255 172.30.1.0 0.0.0.255 access-list 199 permit tcp 10.0.0.0 0.255.0.255 172.30.1.0 0.0.0.255 eq 22 access-list 199 permit tcp 10.0.0.0 0.255.0.255 eq 22 172.30.1.0 0.0.0.255 access-list 199 permit tcp 10.0.0.0 0.255.0.255 172.30.1.0 0.0.0.255 eq ftp access-list 199 remark **Permit SSH and ICMP for router management access-list 199 permit icmp 10.131.0.0 0.0.0.255 host 192.168.13.2 access-list 199 permit tcp 10.0.0.0 0.255.0.255 host 192.168.13.2 eq 22 access-list 199 permit tcp 10.0.0.0 0.255.0.255 eq 22 host 192.168.13.2 access-list 199 deny ip any any log no cdp run ! control-plane ! ! line con 0 password 7 xxxxxxxxxxxxxx login no modem enable line aux 0 password 7 xxxxxxxxxxxxxxxx login line vty 0 4 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx login ! scheduler max-task-time 5000 end KED1CSPSVPNr01# sh ver Cisco IOS Software, C831 Software (C831-K9O3Y6-M), Version 12.4(5a), RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Sat 14-Jan-06 07:35 by alnguyen ROM: System Bootstrap, Version 12.2(11r)YV3, RELEASE SOFTWARE (fc2) KED1CSPSVPNr01 uptime is 24 minutes System returned to ROM by reload System image file is "flash:c831-k9o3y6-mz.124-5a.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco C831 (MPC857DSL) processor (revision 0x500) with 58983K/6553K bytes of memory. Processor board ID FHK101121PW (1166885547), with hardware revision 4392 CPU rev number 7 3 Ethernet interfaces 4 FastEthernet interfaces 128K bytes of NVRAM. 12288K bytes of processor board System flash (Read/Write) 2048K bytes of processor board Web flash (Read/Write) Configuration register is 0x2102