sh run Building configuration... Current configuration : 3638 bytes ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxxxxxxx ! boot-start-marker boot-end-marker ! no logging buffered enable secret xxxxxxxx ! username USER password xxxxxxxx no aaa new-model ip subnet-zero no ip domain lookup ip domain name xxxxxxxx.nl ! ! ip inspect max-incomplete high 1100 ip inspect one-minute high 1100 ip inspect dns-timeout 10 ip inspect name FIREWALL tcp ip inspect name FIREWALL udp ip inspect name FIREWALL http ip inspect name FIREWALL smtp ip inspect name FIREWALL icmp ip inspect name FIREWALL ftp ip audit notify log ip audit po max-events 100 ip audit name AUDIT_RULE info action alarm ip audit name AUDIT_RULE attack action alarm drop reset no ftp-server write-enable ! ! ! ! crypto isakmp policy 5 hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group xxxxxxxx key xxxxxxxx pool xxxxxxxx_pool ! ! crypto ipsec transform-set xxxxxxxx_set esp-des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set xxxxxxxx_set ! ! crypto map xxxxxxxx_map client authentication list userauthen crypto map xxxxxxxx_map isakmp authorization list groupauthor crypto map xxxxxxxx_map client configuration address respond crypto map xxxxxxxx_map 10 ipsec-isakmp dynamic dynmap ! ! bridge irb ! ! interface Ethernet0 ip address 10.0.1.254 255.255.255.0 ip nat inside no cdp enable ! interface BRI0 no ip address shutdown no cdp enable ! interface ATM0 mac-address xxxx.xxxx.xxxx no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description Cisco 836 RFC1483/AAL5SNAP pvc 0/35 encapsulation aal5snap ! bridge-group 1 ! interface BVI1 mac-address xxxx.xxxx.xxxx ip address dhcp ip access-group 102 in ip nat outside ip inspect FIREWALL out ip audit AUDIT_RULE in crypto map xxxxxxxx_map ! ip local pool xxxxxxxx_pool 192.168.5.1 192.168.5.254 ip nat inside source route-map nonat interface BVI1 overload ip nat inside source static tcp 10.0.1.1 25 INTERNET_IP 25 extendable ip classless ip route 0.0.0.0 0.0.0.0 BVI1 permanent no ip http server no ip http secure-server ! ! access-list 102 remark Incoming Internet via dialer 0 access-list 102 remark Permit IP Range VPN Client access-list 102 permit ip 192.168.5.0 0.0.0.255 any access-list 102 permit esp any any access-list 102 remark Permit all incoming ICMP access-list 102 permit icmp any any access-list 102 remark Open VPN Ports & Others access-list 102 permit udp any host INTERNET_IP eq isakmp log access-list 102 permit tcp any host INTERNET_IP eq smtp access-list 102 remark Permit FTP access-list 102 permit tcp any eq ftp any access-list 102 permit tcp any eq ftp-data any access-list 102 permit tcp any any eq 22 access-list 102 permit ip host INTERNET_IP host 255.255.255.255 access-list 120 remark Except Private to Private from NAT access-list 120 deny ip 10.0.1.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 120 permit ip 10.0.1.0 0.0.0.255 any no cdp run route-map nonat permit 10 match ip address 120 ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 exec-timeout 15 0 logging synchronous login local transport preferred all transport output all ip netmask-format decimal stopbits 1 line vty 0 4 exec-timeout 15 0 login local transport preferred all transport input ssh transport output all ip netmask-format decimal ! scheduler max-task-time 5000 ! ! end