NS#term len 0 NS#show run Building configuration... Current configuration : 10014 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption service sequence-numbers ! hostname NS ! boot-start-marker boot-end-marker ! logging buffered 51200 logging console critical ! aaa new-model ! ! aaa authentication login default local aaa authentication login ciscocp_vpn_xauth_ml_1 local aaa authorization exec default local ! ! aaa session-id common clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ! crypto pki trustpoint localtrust enrollment selfsigned fqdn xxxxxxxxxx.dyndns.org subject-name CN=xxxxxxxxxx.dyndns.org revocation-check crl rsakeypair sslvpnkey ! ! crypto pki certificate chain localtrust certificate self-signed 02 308201F0 3082019A A0030201 02020102 300D0609 2A864886 F70D0101 04050030 46311E30 1C060355 04031315 6E73656C 65637472 69632E64 796E646E 732E6F72 67312430 2206092A 864886F7 0D010902 16156E73 656C6563 74726963 2E64796E 646E732E 6F726730 1E170D30 39303632 34323231 3932315A 170D3230 30313031 30303030 30305A30 46311E30 1C060355 04031315 6E73656C 65637472 69632E64 796E646E 732E6F72 67312430 2206092A 864886F7 0D010902 16156E73 656C6563 74726963 2E64796E 646E732E 6F726730 5C300D06 092A8648 86F70D01 01010500 034B0030 48024100 CBCFC0CD F71ADF21 340D798E 05870B48 280AAB5B 8E73F070 B7EBE7BE 07676FCF 8740EE5A 8998FF09 7D963B73 F8800B6C 95A19B75 7EA99AC3 2455C3D3 E0488E25 02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D 11041730 1582134E 532E6E73 656C6563 74726963 2E6C6F63 616C301F 0603551D 23041830 1680142E 4FB2829D 33B49A7F 1A69B1A0 B02F097F 738FA730 1D060355 1D0E0416 04142E4F B2829D33 B49A7F1A 69B1A0B0 2F097F73 8FA7300D 06092A86 4886F70D 01010405 00034100 4D344E84 435A81CF 82E223A5 09B22FE6 64D873D0 4E11401E 19EE0470 EA9A9BF9 0AE613D8 2626C98F C4AE14A3 159B81CA 3D79682B 24B01610 2BFC0CD4 502915B0 quit dot11 syslog no ip source-route ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 192.168.1.1 192.168.1.49 ip dhcp excluded-address 192.168.1.100 192.168.1.254 ip dhcp excluded-address 192.168.10.1 ! ip dhcp pool ccp-pool import all default-router 192.168.1.1 lease 0 2 ! ip dhcp pool VLAN1 import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 domain-name xxxxxxxxxx.local dns-server 192.168.1.2 68.94.156.1 lease 4 ! ip dhcp pool VLAN2 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 domain-name xxxxxxxxxx.local lease 4 ! ! no ip bootp server ip domain name xxxxxxxxxx.local ip name-server 192.168.1.2 ip name-server 68.94.156.1 ! multilink bundle-name authenticated ! ! username admin privilege 15 secret 5 $1$UeFO$jvlP/RWM415fVgml9s95z0 username art password 0 xxxxxxxxx username nsuser secret 5 $1$DOzG$SPEwNQsQwp1vraBx3OGTD1 ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ! class-map type inspect match-any SDM_WEBVPN match access-group name SDM_WEBVPN class-map type inspect match-all SDM_WEBVPN_TRAFFIC match class-map SDM_WEBVPN match access-group 102 class-map type inspect match-any ccp-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all ccp-insp-traffic match class-map ccp-cls-insp-traffic class-map type inspect match-any ccp-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all ccp-invalid-src match access-group 100 class-map type inspect match-all ccp-icmp-access match class-map ccp-cls-icmp-access class-map type inspect match-all ccp-protocol-http match protocol http ! ! policy-map type inspect ccp-permit-icmpreply class type inspect ccp-icmp-access inspect class class-default pass policy-map type inspect ccp-inspect class type inspect ccp-invalid-src drop log class type inspect ccp-protocol-http inspect class type inspect ccp-insp-traffic inspect class class-default policy-map type inspect ccp-permit class type inspect SDM_WEBVPN_TRAFFIC inspect class class-default ! zone security out-zone zone security in-zone zone-pair security ccp-zp-self-out source self destination out-zone service-policy type inspect ccp-permit-icmpreply zone-pair security ccp-zp-in-out source in-zone destination out-zone service-policy type inspect ccp-inspect zone-pair security ccp-zp-out-self source out-zone destination self service-policy type inspect ccp-permit ! ! ! interface Loopback0 description Do not delete - SDM WebVPN generated interface ip address 192.168.2.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ES_WAN$ no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto pppoe-client dial-pool-number 1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly zone-member security in-zone ip route-cache flow ip tcp adjust-mss 1412 ! interface Dialer0 description $FW_OUTSIDE$ ip address xxxxxxxxxx.246 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside ip virtual-reassembly zone-member security out-zone encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname xxxxxxxxxx@snet.net ppp chap password 0 xxxxxxxxx ppp pap sent-username xxxxxxxxxx@snet.net password 0 system90 ! ip local pool VPN 192.168.2.50 192.168.2.100 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 101 interface Dialer0 overload ip nat inside source static tcp 192.168.2.1 443 xxxxxxxxxxx.246 4443 extendable ! ip access-list extended SDM_WEBVPN remark CCP_ACL Category=1 permit tcp any any eq 443 ! logging trap debugging access-list 23 remark CCP_ACL Category=17 access-list 23 permit 192.168.1.0 0.0.0.255 access-list 100 remark CCP_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 69.177.163.240 0.0.0.7 any access-list 101 remark CCP_ACL Category=2 access-list 101 permit ip 192.168.1.0 0.0.0.255 any access-list 102 remark CCP_ACL Category=128 access-list 102 permit ip any host xxxxxxxxxx.246 dialer-list 1 protocol ip permit no cdp run ! ! ! ! control-plane ! banner exec ^C % Password expiration warning. ----------------------------------------------------------------------- Cisco Configuration Professional (Cisco CP) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username privilege 15 secret 0 Replace and with the username and password you want to use. ----------------------------------------------------------------------- ^C banner login ^C ----------------------------------------------------------------------- Cisco Configuration Professional (Cisco CP) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". These default credentials have a privilege level of 15. YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN CREDENTIALS Here are the Cisco IOS commands. username privilege 15 secret 0 no username cisco Replace and with the username and password you want to use. IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF. For more information about Cisco CP please follow the instructions in the QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp ----------------------------------------------------------------------- ^C ! line con 0 no modem enable line aux 0 line vty 0 4 access-class 23 in transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ! webvpn gateway gateway_1 ip address xxxxxxxxxx.246 port 443 http-redirect port 80 ssl trustpoint localtrust inservice ! webvpn install svc flash:/webvpn/svc.pkg ! webvpn install csd flash:/webvpn/sdesktop.pkg ! webvpn context NSVPN secondary-color white title-color #669999 text-color black ssl authenticate verify all ! nbns-list "NS02" nbns-server 192.168.1.2 master ! policy group policy_1 functions svc-enabled svc address-pool "VPN" svc default-domain "xxxxxxxxxx.local" svc keep-client-installed svc split dns "xxxxxxxxxx.local" svc dns-server primary 192.168.1.2 svc wins-server primary 192.168.1.2 default-group-policy policy_1 aaa authentication list ciscocp_vpn_xauth_ml_1 gateway gateway_1 inservice ! end