Building configuration... Current configuration : 7872 bytes ! ! Last configuration change at 18:43:22 EST Tue Oct 13 2015 by ronboling ! version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Sterling ! boot-start-marker boot-end-marker ! no logging console enable secret 5 $1$BLoi$4BRrze/1HnN084OvTDrJR1 ! aaa new-model ! ! aaa authentication login default local aaa authorization console aaa authorization exec default local ! ! ! ! ! aaa session-id common ! ! ! clock timezone EST -5 errdisable recovery cause bpduguard errdisable recovery cause rootguard errdisable recovery cause pagp-flap errdisable recovery cause dtp-flap errdisable recovery cause link-flap errdisable recovery interval 400 ! no ipv6 cef ip source-route ip cef ! ! ip dhcp excluded-address 192.168.100.1 192.168.100.199 ip dhcp excluded-address 192.168.101.1 192.168.101.199 ip dhcp excluded-address 192.168.102.1 192.168.102.199 ! ip dhcp pool 1 import all network 192.168.100.0 255.255.255.0 default-router 192.168.100.1 dns-server 173.44.120.40 173.44.120.41 ! ip dhcp pool 2 import all network 192.168.101.0 255.255.255.0 default-router 192.168.101.1 dns-server 173.44.120.40 173.44.120.41 ! ip dhcp pool 3 import all network 192.168.102.0 255.255.255.0 default-router 192.168.102.1 dns-server 173.44.120.40 173.44.120.41 ! ! ip domain name westminstertool.com ip name-server 8.8.8.8 ip port-map user-8600-tcp port tcp 8600 description user-8600-tcp ip port-map user-8600-udp port udp 8600 description user-8600-udp ! multilink bundle-name authenticated ! ! crypto pki trustpoint TP-self-signed-2151741883 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2151741883 revocation-check none rsakeypair TP-self-signed-2151741883 ! ! crypto pki certificate chain TP-self-signed-2151741883 certificate self-signed 01 30820254 308201BD A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32313531 37343138 3833301E 170D3135 30343231 31363536 34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31353137 34313838 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CB8C 16BC5B41 001F18B6 FAF2C395 3A24D7E8 C139F933 E359618F 557342F5 0F4A93B7 EB257C69 1ACE3457 7F287286 B48CE5A2 03B33E68 7BACEF93 703BCB98 77D7DB2E 5F776776 157FB2A4 9479B90E E1823713 17C5C91A 1BC062D4 4FA90132 EC199219 AA8E3AA0 809B5917 7EF8F013 B359E00A 8AF7C620 5F784448 2B01E8F8 BFC90203 010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603 551D1104 20301E82 1C537465 726C696E 672E7765 73746D69 6E737465 72746F6F 6C2E636F 6D301F06 03551D23 04183016 8014608F E4AD36CC 21EFA667 16CDC731 2648E278 5808301D 0603551D 0E041604 14608FE4 AD36CC21 EFA66716 CDC73126 48E27858 08300D06 092A8648 86F70D01 01040500 03818100 91E2628F A52FE320 C520224E 84EC9EB2 12E204BF 7C84B1ED A42EAFBA 70728725 A99F4721 FCB3D5AF 350A1E8D 9F89EA90 AA14BFBB DC1D71E2 1648186B A3F073D7 4471BAAA 17BE04BD 0FF52E6A 45743D10 FCD0EC2A 3C647FD5 12EDCE76 0A415526 B00D07EF CBA2D096 5A3607EF B69AC78D 0C5E1E1A FE0E51DE 958B3E27 F5461949 quit license udi pid CISCO1921/K9 sn FTX152984DC license boot module c1900 technology-package datak9 ! ! ! spanning-tree portfast bpduguard vtp domain westminstertool vtp mode transparent username administrator privilege 15 secret 5 $1$9N5/$2i7yrGTIdDzs48Uyx/JX51 username ronboling privilege 15 password 7 15534A0D0027222A7C273A2D1F554652541718 ! redundancy ! ! ! class-map type inspect match-any OUTSIDE_IN-VIDEORECORDING-ACCESS match protocol user-8600-udp match protocol user-8600-tcp class-map type inspect match-all OUTSIDE_IN-VIDEORECORDING match class-map OUTSIDE_IN-VIDEORECORDING-ACCESS match access-group name OUTSIDE_IN-VIDEORECORDING-ACCESS class-map type inspect match-all OUTSIDE_IN-BLOCK match access-group name OUTSIDE_IN-BLOCK class-map type inspect match-all IN_OUT-ALLOW_ALL match access-group name IN_OUT-ALLOW_ALL ! ! policy-map type inspect FIREWALLRULE-OUTSIDE_IN class type inspect OUTSIDE_IN-BLOCK drop class type inspect OUTSIDE_IN-VIDEORECORDING inspect class class-default drop log policy-map type inspect FIREWALLRULE-IN_OUT class type inspect IN_OUT-ALLOW_ALL inspect class class-default drop ! zone security OUTSIDE zone security INSIDE zone-pair security INSIDE-OUTSIDE source INSIDE destination OUTSIDE service-policy type inspect FIREWALLRULE-IN_OUT zone-pair security OUTSIDE-INSIDE source OUTSIDE destination INSIDE service-policy type inspect FIREWALLRULE-OUTSIDE_IN ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 60 crypto isakmp key firewallcx address 66.212.194.100 ! ! crypto ipsec transform-set TS esp-3des esp-md5-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 66.212.194.100 set transform-set TS match address VPN-TRAFFIC ! ! ! ! ! interface GigabitEthernet0/0 ip address 66.212.193.211 255.255.255.0 ip nat outside ip virtual-reassembly zone-member security OUTSIDE duplex auto speed auto crypto map CMAP ! ! interface GigabitEthernet0/1 no ip address duplex auto speed auto ! ! interface GigabitEthernet0/1.1 encapsulation dot1Q 1 native ip address 192.168.100.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security INSIDE ! interface GigabitEthernet0/1.2 encapsulation dot1Q 2 ip address 192.168.101.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security INSIDE ! interface GigabitEthernet0/1.3 encapsulation dot1Q 3 ip address 192.168.102.1 255.255.255.0 ip access-group BlockGuest_ToProd in ip nat inside ip virtual-reassembly zone-member security INSIDE ! ip forward-protocol nd ! no ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source list 100 interface GigabitEthernet0/0 overload ip nat inside source static tcp 192.168.100.25 8600 interface GigabitEthernet0/0 8600 ip nat inside source static udp 192.168.100.25 8600 interface GigabitEthernet0/0 8600 ip route 0.0.0.0 0.0.0.0 66.212.193.1 ! ip access-list extended BLOCK_ICMP-ECHO_IN deny icmp any any echo permit ip any any ip access-list extended BlockGuest_ToProd deny ip 192.168.102.0 0.0.0.255 192.168.0.0 0.0.255.255 permit ip any any ip access-list extended IN_OUT-ALLOW_ALL permit ip any any ip access-list extended OUTSIDE_IN-BLOCK ip access-list extended OUTSIDE_IN-VIDEORECORDING-ACCESS permit ip any host 192.168.100.25 ip access-list extended VPN-TRAFFIC permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255 permit ip 192.168.101.0 0.0.0.255 192.168.1.0 0.0.0.255 ! access-list 100 remark NATinsideOut access-list 100 deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 100 deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 100 deny ip 192.168.101.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 100 deny ip 192.168.101.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 100 permit ip 192.168.100.0 0.0.0.255 any access-list 100 permit ip 192.168.101.0 0.0.0.255 any access-list 100 permit ip 192.168.102.0 0.0.0.255 any ! ! ! ! ! snmp-server ifindex persist ! control-plane ! ! banner login ^C Warning: Use of this System is Restricted to Authorized Users. This computer system is the private property of the Company and may only be used by those individuals authorized by Company management in accordance with Company electronic communication system policies.^C ! line con 0 session-timeout 15 transport output telnet line aux 0 transport output telnet line vty 0 4 session-timeout 15 transport input ssh ! scheduler max-task-time 5000 scheduler allocate 20000 1000 end