service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service compress-config service sequence-numbers service counters max age 5 ! boot-start-marker boot-end-marker ! ! ! aaa new-model ! ! aaa authentication login RAVPN local aaa authorization network RAVPN local ! ! ! ! ! aaa session-id common clock timezone UAE 4 0 ! ! ! no ip source-route no ip gratuitous-arps ip cef ip cef accounting non-recursive ! ! ! ip vrf DMVPN rd 100:1 route-target export 100:1 route-target import 100:1 ! ! ! ! no ip bootp server no ip domain lookup ip domain name maf.ae ip multicast-routing login block-for 120 attempts 5 within 30 login on-failure log every 5 no ipv6 cef ! multilink bundle-name authenticated ! ! license udi pid CISCO2951/K9 sn FCZ1722602V ! ! ! redundancy ! ! ! ! ! ip tcp synwait-time 5 no ip ftp passive ip ssh version 2 ! crypto keyring dmvpn1 vrf DMVPN pre-shared-key address 0.0.0.0 0.0.0.0 key M@Fgr0up crypto keyring RAvpn pre-shared-key address 0.0.0.0 0.0.0.0 key !G0$get^! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! crypto isakmp policy 30 encr 3des authentication pre-share group 2 crypto isakmp key M@Fgr0up address 0.0.0.0 crypto isakmp keepalive 20 5 periodic crypto isakmp xauth timeout 20 ! crypto isakmp client configuration group MAFWiFi-RAVPN key !G0$get^! pool RAvpn-pool acl 103 save-password ! crypto isakmp client configuration group MAF-VPN key G04get2 pool RAvpn-pool acl 104 save-password crypto isakmp profile MAFWiFi-RAVPN keyring RAvpn match identity group MAFWiFi-RAVPN match identity group MAF-VPN client authentication list RAVPN isakmp authorization list RAVPN client configuration address respond crypto isakmp profile MAF-VPN keyring RAvpn match identity group MAF-VPN client authentication list RAVPN isakmp authorization list RAVPN client configuration address respond ! ! crypto ipsec transform-set MAF esp-3des esp-sha-hmac mode transport crypto ipsec transform-set ts1 esp-3des esp-sha-hmac mode tunnel ! ! crypto ipsec profile dmvpn set security-association lifetime seconds 1800 set transform-set MAF ! ! crypto dynamic-map dmap 30 set transform-set ts1 set isakmp-profile MAF-VPN reverse-route crypto dynamic-map dmap 40 set transform-set ts1 set isakmp-profile MAFWiFi-RAVPN reverse-route ! ! crypto map RAvpn-map 1 ipsec-isakmp dynamic dmap ! ! ! ! ! interface Tunnel1 bandwidth 8000 ip vrf forwarding DMVPN ip address 192.168.250.1 255.255.255.0 no ip redirects ip mtu 1400 no ip next-hop-self eigrp 100 no ip split-horizon eigrp 100 ip nhrp authentication M@Fgr0up ip nhrp map multicast dynamic ip nhrp network-id 11 ip nhrp holdtime 180 ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 11 tunnel vrf DMVPN tunnel protection ipsec profile dmvpn shared ! interface Tunnel2 ip vrf forwarding DMVPN ip address 192.168.251.1 255.255.255.0 no ip redirects ip mtu 1400 no ip next-hop-self eigrp 100 no ip split-horizon eigrp 100 ip nhrp authentication maf2 ip nhrp map multicast dynamic ip nhrp network-id 12 ip nhrp holdtime 180 ip tcp adjust-mss 1360 shutdown tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 12 tunnel vrf DMVPN tunnel protection ipsec profile dmvpn shared ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip vrf forwarding DMVPN ip address 195.229.213.74 255.255.255.240 ip accounting output-packets ip verify unicast reverse-path ip nat outside ip virtual-reassembly in duplex auto speed auto crypto map RAvpn-map ! interface GigabitEthernet0/1 description <<<<< ADSL1 >>>>> no ip address no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in duplex auto speed auto pppoe enable group 1 pppoe-client dial-pool-number 1 ! interface GigabitEthernet0/2 description +++++ Temp Connectivity for BBX-MSE ip address 10.95.15.145 255.255.255.240 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/0/0 description ++++ connected to ASA-Primary-ADSL1-CTX:Gi0/0:IP-10.95.15.84 ++++ switchport access vlan 100 no ip address storm-control broadcast level 15.00 ! interface GigabitEthernet0/0/1 description +++++ Connected to Internet-RTR02 +++++ switchport mode trunk no ip address storm-control broadcast level 15.00 ! interface GigabitEthernet0/0/2 description ++++ connected to ASA-Primary-ADSL2-CTX:Gi0/1:IP-10.95.15.100 ++++ switchport access vlan 101 no ip address storm-control broadcast level 15.00 ! interface GigabitEthernet0/0/3 description ++++ connected to ASA-Primary-ADSL1-CTX_DMVPN_Link:Gi0/5:IP-10.95.15.116 ++++ switchport access vlan 102 ip vrf forwarding DMVPN no ip address storm-control broadcast level 5.00 ! interface Vlan1 no ip address shutdown ! interface Vlan100 description ++++ Vlan for ADSL1-CTX ++++ ip address 10.95.15.81 255.255.255.240 ip nat inside ip virtual-reassembly in standby 100 ip 10.95.15.83 standby 100 priority 150 standby 100 preempt ! interface Vlan101 description ++++ Vlan for ADSL2-CTX ++++ ip address 10.95.15.97 255.255.255.240 no ip unreachables ip accounting output-packets ip nat inside ip virtual-reassembly in standby 101 ip 10.95.15.99 standby 101 preempt ! interface Vlan102 description ++++ Vlan for ADSL1-CTX-DMVPN_Link ++++ ip vrf forwarding DMVPN ip address 10.95.15.114 255.255.255.240 ip accounting output-packets ip nat inside ip virtual-reassembly in standby 102 ip 10.95.15.113 standby 102 priority 150 standby 102 preempt ! interface Dialer1 bandwidth 100000 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 ppp authentication chap callin ppp pap sent-username dccwifip password 7 065004284D4F0A1356 ppp ipcp dns request accept ppp ipcp route default ppp ipcp address accept no cdp enable ! interface Dialer2 bandwidth 100000 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly in encapsulation ppp shutdown dialer pool 2 dialer idle-timeout 0 dialer persistent dialer-group 2 ppp authentication chap callin ppp pap sent-username dccwifi2 password 7 15435E075C7F25237B ppp ipcp dns request accept ppp ipcp route default ppp ipcp address accept no cdp enable ! ! router eigrp 100 ! address-family ipv4 vrf DMVPN redistribute static network 192.168.250.0 network 192.168.251.0 passive-interface default no passive-interface Tunnel1 no passive-interface Tunnel2 autonomous-system 100 exit-address-family ! ip local pool RAvpn-pool 192.168.254.2 192.168.254.254 ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat translation timeout 14400 ip nat inside source list 101 interface GigabitEthernet0/0 vrf DMVPN overload ip nat inside source route-map ADSL1 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 10.95.0.0 255.255.240.0 10.95.15.84 ip route 10.95.0.0 255.255.240.0 10.95.15.100 100 ip route 10.95.2.0 255.255.255.0 10.95.15.84 ip route 172.16.0.0 255.240.0.0 10.95.15.84 ip route 172.31.102.61 255.255.255.255 10.95.15.84 ip route 192.168.0.0 255.255.240.0 10.95.15.84 ip route 192.168.254.0 255.255.255.0 10.95.15.84 ip route vrf DMVPN 0.0.0.0 0.0.0.0 195.229.213.77 ip route vrf DMVPN 10.95.0.1 255.255.255.255 10.95.15.116 name DCC-CCTV-CSW01 ip route vrf DMVPN 10.95.0.2 255.255.255.255 10.95.15.116 name DCC-CCTV-CSW01 ip route vrf DMVPN 10.95.0.3 255.255.255.255 10.95.15.116 name DCC-CCTV-CSW01 ip route vrf DMVPN 10.95.0.11 255.255.255.255 10.95.15.116 name DCC-WLC01 ip route vrf DMVPN 10.95.0.13 255.255.255.255 10.95.15.116 name DCC-WLC02 ip route vrf DMVPN 10.95.0.15 255.255.255.255 10.95.15.116 name DCC-NCS01 ip route vrf DMVPN 10.95.0.16 255.255.255.255 10.95.15.116 name DCC-NCS02 ip route vrf DMVPN 10.95.0.17 255.255.255.255 10.95.15.116 name DCC-MSE01 ip route vrf DMVPN 10.95.0.18 255.255.255.255 10.95.15.116 name DCC-MSE02-VIP ip route vrf DMVPN 10.95.0.19 255.255.255.255 10.95.15.116 name DCC-MSE02 ip route vrf DMVPN 10.95.0.22 255.255.255.255 10.95.15.116 name CMX-MSE01 ip route vrf DMVPN 10.95.0.23 255.255.255.255 10.95.15.116 name CMXUCS-SRV ip route vrf DMVPN 10.95.0.24 255.255.255.255 10.95.15.116 name CMX-MSE ip route vrf DMVPN 10.95.1.6 255.255.255.255 10.95.15.116 ip route vrf DMVPN 10.95.3.0 255.255.255.0 10.95.15.116 ip route vrf DMVPN 10.95.3.11 255.255.255.255 10.95.15.116 name HS01 ip route vrf DMVPN 10.95.3.13 255.255.255.255 10.95.15.116 name DCC-Radius02 ip route vrf DMVPN 10.95.3.14 255.255.255.255 10.95.15.116 name DCC-Radius01 ip route vrf DMVPN 10.95.3.15 255.255.255.255 10.95.15.116 name DCC-Radius-DB ip route vrf DMVPN 10.95.3.16 255.255.255.255 10.95.15.116 name DCC-DB-AUX ip route vrf DMVPN 10.95.4.11 255.255.255.255 10.95.15.116 name HS01-WAN02 ip route vrf DMVPN 10.95.4.12 255.255.255.255 10.95.15.116 name HS02-WAN02 ip route vrf DMVPN 10.95.5.11 255.255.255.255 10.95.15.116 name NOC-COMM1 ip route vrf DMVPN 10.95.5.12 255.255.255.255 10.95.15.116 name NOC-COMM2 ip route vrf DMVPN 10.95.15.88 255.255.255.255 10.95.15.116 name Billboard-MSE ip route vrf DMVPN 10.95.15.89 255.255.255.255 10.95.15.116 name Billboard-MSE ip route vrf DMVPN 10.95.15.146 255.255.255.255 10.95.15.116 name BBX-MSE ip route vrf DMVPN 10.46.17.15 255.255.255.255 10.95.15.116 name MAF-PINCS ip route vrf DMVPN 86.96.241.55 255.255.255.255 195.229.213.77 name SMSC-IP ip route vrf DMVPN 172.31.102.61 255.255.255.255 10.95.15.116 ! ip access-list standard NCS-SNMP permit 10.95.0.15 permit 10.95.0.16 ip access-list standard vty-access permit 10.95.0.15 permit 10.95.0.3 permit 10.95.0.2 permit 10.95.0.17 permit 10.95.0.16 permit 10.95.0.0 0.0.255.255 deny 10.95.3.0 0.0.0.255 deny 10.95.4.0 0.0.0.255 deny 10.95.5.0 0.0.0.255 deny 10.95.19.0 0.0.0.255 deny 10.95.20.0 0.0.0.255 deny 10.95.21.0 0.0.0.255 deny 10.95.35.0 0.0.0.255 deny 10.95.36.0 0.0.0.255 deny 10.95.37.0 0.0.0.255 ! ip access-list extended bbx permit tcp 10.95.6.0 0.0.0.255 any eq www deny ip host 10.95.15.88 any deny ip host 10.95.15.89 any ip access-list extended bbx-wan permit tcp any eq www 10.95.6.0 0.0.0.255 ip access-list extended bilboard deny tcp host 10.95.15.88 any eq www deny tcp host 10.95.15.89 any eq www permit tcp 192.168.0.0 0.0.15.255 any eq www ip access-list extended wbx permit tcp any eq www 10.95.6.0 0.0.0.255 ! dialer-list 1 protocol ip permit dialer-list 2 protocol ip permit ! route-map static permit 10 match ip address 11 ! route-map ADSL2 permit 10 match ip address 102 match interface Dialer2 ! route-map ADSL1 permit 10 match ip address 101 match interface Dialer1 ! route-map WBX permit 10 match ip address wbx set ip next-hop 10.95.15.146 ! route-map BBX permit 10 match ip address bbx set ip next-hop 10.95.15.146 ! ! snmp-server group snmpgroup v3 noauth snmp-server group snmpgroup v3 auth snmp-server community M@F-W!F! RW NCS-SNMP snmp-server community M@F-W!F!-RO RO NCS-SNMP snmp-server trap-source Vlan100 snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps tty snmp-server enable traps eigrp snmp-server enable traps envmon fan shutdown supply temperature snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up snmp-server enable traps flash insertion removal snmp-server enable traps entity-sensor threshold snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps fru-ctrl snmp-server enable traps event-manager snmp-server enable traps hsrp snmp-server enable traps ipmulticast snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps cpu threshold snmp-server enable traps syslog snmp-server enable traps vtp snmp-server enable traps rf snmp-server host 10.95.0.15 version 2c M@F-W!F! snmp-server host 10.95.0.15 vrf DMVPN version 2c M@F-W!F! snmp-server host 10.95.0.16 version 2c M@F-W!F! snmp-server host 10.95.0.16 vrf DMVPN version 2c M@F-W!F! snmp-server host 10.110.110.52 version 3 auth snmpuser snmp-server host 10.110.110.56 version 3 auth snmpuser snmp-server host 10.110.110.61 version 3 auth snmpuser access-list 10 permit 10.95.3.11 access-list 10 permit 10.95.0.11 access-list 10 permit 10.95.0.13 access-list 10 permit 10.95.0.12 access-list 10 permit 10.95.0.15 access-list 10 permit 10.95.3.13 access-list 10 permit 10.95.0.17 access-list 10 permit 10.95.0.16 access-list 10 permit 10.95.0.18 access-list 11 permit 10.95.0.0 0.0.15.255 access-list 101 deny ip host 10.95.3.11 host 10.95.0.17 access-list 101 deny ip 10.95.0.0 0.0.255.255 host 10.95.15.146 access-list 101 deny ip host 10.95.15.146 10.95.0.0 0.0.255.255 access-list 101 deny ip host 10.95.0.17 host 10.95.3.11 access-list 101 deny ip host 10.95.3.11 host 10.95.0.18 access-list 101 deny ip 10.95.0.0 0.0.15.255 10.95.16.0 0.0.15.255 access-list 101 deny ip 10.95.0.0 0.0.15.255 10.95.48.0 0.0.15.255 access-list 101 deny ip 10.95.0.0 0.0.15.255 10.95.32.0 0.0.15.255 access-list 101 deny ip any 192.168.254.0 0.0.0.255 access-list 101 permit ip 10.95.0.0 0.0.0.255 any access-list 101 permit ip 192.168.0.0 0.0.15.255 any access-list 101 permit ip 10.95.1.0 0.0.0.255 any access-list 101 permit ip 10.95.2.0 0.0.0.255 any access-list 101 permit ip 10.95.6.0 0.0.0.255 any access-list 101 permit ip 10.95.3.0 0.0.0.255 any access-list 101 permit ip 10.95.15.0 0.0.0.255 any access-list 101 permit ip 10.95.19.0 0.0.0.255 host 86.96.241.55 access-list 101 permit ip 10.95.31.16 0.0.0.15 host 86.96.241.55 access-list 101 permit ip 10.95.35.0 0.0.0.255 host 86.96.241.55 access-list 101 permit ip 10.95.47.16 0.0.0.15 host 86.96.241.55 access-list 101 deny ip any any access-list 102 deny ip host 10.95.3.11 host 10.95.0.17 access-list 102 deny ip 10.95.0.0 0.0.255.255 host 10.95.15.146 access-list 102 deny ip host 10.95.15.146 10.95.0.0 0.0.255.255 access-list 102 deny ip host 10.95.0.17 host 10.95.3.11 access-list 102 deny ip host 10.95.3.11 host 10.95.0.18 access-list 102 deny ip 10.95.0.0 0.0.15.255 10.95.16.0 0.0.15.255 access-list 102 deny ip 10.95.0.0 0.0.15.255 10.95.32.0 0.0.15.255 access-list 102 permit ip 10.95.0.0 0.0.0.255 any access-list 102 permit ip 192.168.0.0 0.0.15.255 any access-list 102 permit ip 10.95.1.0 0.0.0.255 any access-list 102 permit ip 10.95.2.0 0.0.0.255 any access-list 102 permit ip 10.95.3.0 0.0.0.255 any access-list 102 permit ip 10.95.6.0 0.0.0.255 any access-list 102 permit ip 10.95.15.0 0.0.0.255 any access-list 102 deny ip any any access-list 103 permit ip host 10.95.32.17 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.24 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.48.11 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.48.1 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.46.17.15 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.32.18 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.32.19 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.16.19 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.16.18 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.16.17 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.15.146 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.22 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.23 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.19 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.18 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.17 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.16 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.16.11 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.32.11 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.11 192.168.254.0 0.0.0.255 access-list 103 permit ip host 10.95.0.15 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.3.11 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.3.15 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.3.16 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.51.11 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.52.11 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.3.12 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.3.14 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.35.12 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.19.12 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.0.15 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.0.16 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.3.13 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.35.11 192.168.254.0 0.0.0.255 access-list 104 permit ip host 10.95.19.11 192.168.254.0 0.0.0.255 ! ! ! control-plane ! ! banner login ^CCCC *********************************************************************** WARNING This system is for authorised use only and may only be used for approved purposes. Misuse or misappropriation of this system is prohibited and may result in civil and criminal penalties. We reserve to audit, access and inspect any communications stored or transmitted in accordance with applicable law. BY COMPLETING THE LOGIN PROCESS YOU ARE ACKNOWLEDGING AND CONSENTING TO THE PROVISIONS OF THIS NOTICE. IF YOU ARE NOT AN AUTHORISED USER, DISCONNECT NOW! *********************************************************************** ^C ! line con 0 exec-timeout 5 0 stopbits 1 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 access-class vty-access in exec-timeout 5 0 privilege level 15 logging synchronous transport preferred ssh transport input ssh line vty 5 15 access-class vty-access in exec-timeout 5 0 privilege level 15 logging synchronous transport preferred ssh transport input ssh ! scheduler allocate 20000 1000 ntp source Vlan100 ntp server 10.95.0.1 ntp server vrf DMVPN 10.95.0.1 ! end DCC-WiFi-INTRTR01# exit Connection to 10.95.15.81 closed by remote host. Connection to 10.95.15.81 closed. DCC-PINCS01/admin# exit