Firewall#sh conf Using 22134 out of 196600 bytes ! ! Last configuration change at 09:47:34 UTC Mon Oct 13 2008 by ani ! NVRAM config last updated at 09:49:00 UTC Mon Oct 13 2008 by ani ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname DKIGNFW01 ! boot-start-marker boot-end-marker ! logging buffered 4096 logging console errors ! aaa new-model ! ! aaa authentication banner ^C ***************************************************************** * Warning * * THIS DEVICE IS PART OF A PRIVATE NETWORK * * * * DISCONNECT IMMEDIATELY IF YOU ARE NOT AN AUTHORISED USER ! * * * * Unauthorised access is prohibited * * And may be punishable by law * * * * This device is monitored for unauthorised access * * * ***************************************************************** ***************************************************************** * Use of this network is restricted to authorized users. * * User activity is monitored and recorded by system * * personnel. Anyone using this network expressly consents * * to such monitoring and recording. BE ADVISED, if possible * * criminal activity is detected, system records, along with * * certain personal information, may be provided to law * * enforcement officials. * ***************************************************************** ^C aaa authentication login userauthen group radius local aaa authentication login device group radius local aaa authorization network groupauthor local ! ! aaa session-id common clock timezone UTC 2 ip cef ! ! ! ! no ip domain lookup ip domain name ignordic.com ip ssh time-out 60 ip ssh authentication-retries 2 ip inspect max-incomplete low 400 ip inspect max-incomplete high 500 ip inspect one-minute low 400 ip inspect one-minute high 500 ! multilink bundle-name authenticated ! crypto pki trustpoint TP-self-signed-2031154264 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2031154264 revocation-check none rsakeypair TP-self-signed-2031154264 ! ! crypto pki certificate chain TP-self-signed-2031154264 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer ! ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp policy 4 authentication pre-share group 2 ! crypto isakmp policy 5 hash md5 authentication pre-share group 2 ! crypto isakmp policy 6 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp policy 9 ! crypto isakmp policy 10 hash md5 authentication pre-share ! crypto isakmp policy 13 encr 3des authentication pre-share group 2 ! crypto isakmp policy 14 encr 3des authentication pre-share group 2 ! crypto isakmp policy 15 hash md5 authentication pre-share ! crypto isakmp policy 16 hash md5 authentication pre-share group 2 crypto isakmp key ITIGDMTL*499 address 12.161.222.6 no-xauth crypto isakmp key ITIGDMTL*499 address 196.12.47.130 no-xauth crypto isakmp key ITIGDMTL*499 address 195.24.1.115 no-xauth crypto isakmp key ITIGDMTL*499 address 195.24.5.83 no-xauth crypto isakmp key ITIGDMTL*499 address 195.24.6.227 no-xauth crypto isakmp key ITIGDMTL*499 address 195.24.4.99 no-xauth crypto isakmp key ITIGDMTL*499 address 194.175.230.228 no-xauth crypto isakmp key ITIGDMTL*499 address 83.14.212.10 no-xauth crypto isakmp key ITIGDMTL*499 address 85.81.161.214 no-xauth crypto isakmp key ITIGDMTL*499 address 24.142.115.10 no-xauth crypto isakmp key ITIGDMTL*499 address 24.142.115.3 no-xauth crypto isakmp key ITIGDMTL*499 address 212.160.94.99 no-xauth crypto isakmp key ITIGDMTL*499 address 206.180.192.36 no-xauth ! crypto isakmp client configuration group IGNMGNT key peter2moon dns 10.28.2.31 10.12.1.10 wins 10.28.2.31 domain IGNMGNT.DK pool IGNMGNT acl 2001 ! crypto isakmp client configuration group PINT key pinodense dns 10.12.1.10 wins 10.12.1.10 domain INTPINTPOINERS.DK pool PINPOINTERS acl 2000 ! crypto isakmp client configuration group INTELLIGROUP key haven120 dns 10.13.3.11 wins 10.13.3.10 domain Intelligroup.dk pool INTELLIGROUP acl 2002 ! crypto isakmp client configuration group TRAWLER key peter2moon dns 10.28.2.31 wins 10.28.2.31 domain TRAWLER.DK pool TRAWLER acl 105 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto ipsec transform-set inteli01 esp-3des esp-md5-hmac crypto ipsec transform-set inteli02 esp-des esp-md5-hmac crypto ipsec transform-set strong esp-3des esp-md5-hmac crypto ipsec transform-set dmvpn-trans esp-des esp-md5-hmac crypto ipsec transform-set Trawler_transform esp-des esp-md5-hmac crypto ipsec profile InteliDMPVN set security-association lifetime seconds 120 set transform-set strong ! crypto ipsec profile VPN set security-association lifetime seconds 120 set transform-set strong ! crypto ipsec profile dmvpn-profile set transform-set dmvpn-trans ! ! crypto dynamic-map Trawler_map 1 set transform-set Trawler_transform reverse-route ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map Trawler_map isakmp authorization list TRAWLER crypto map Trawler_map client configuration address respond crypto map Trawler_map 1 ipsec-isakmp dynamic Trawler_map ! crypto map vpn client authentication list userauthen crypto map vpn isakmp authorization list groupauthor crypto map vpn client configuration address respond crypto map vpn 2 ipsec-isakmp set peer 196.12.47.130 set transform-set inteli02 match address 151 crypto map vpn 3 ipsec-isakmp set peer 12.161.222.6 set transform-set inteli01 match address 150 crypto map vpn 4 ipsec-isakmp set peer 206.180.192.36 set transform-set inteli01 match address 153 crypto map vpn 10 ipsec-isakmp dynamic dynmap ! ! ! ! interface Tunnel0 bandwidth 10000 ip address 192.168.220.1 255.255.255.0 ip helper-address 10.28.2.11 no ip redirects ip mtu 1400 ip nbar protocol-discovery ip flow ingress ip flow egress ip nhrp authentication ITIGDMTL ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp cache non-authoritative ip tcp adjust-mss 1360 tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel key 999 tunnel protection ipsec profile dmvpn-profile ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$ ip address 195.24.4.66 255.255.255.240 ip nbar protocol-discovery ip nat outside ip virtual-reassembly speed auto half-duplex crypto map vpn ! interface FastEthernet0/1 ip address 192.168.199.12 255.255.255.0 ip helper-address 10.28.2.11 ip nbar protocol-discovery ip nat inside ip virtual-reassembly speed auto half-duplex standby use-bia scope interface standby 0 ip 192.168.199.10 standby 0 priority 110 standby 0 preempt standby 0 authentication peter2mo standby 0 track FastEthernet0/0 30 ! router bgp 60000 no synchronization bgp router-id 192.168.220.1 bgp log-neighbor-changes network 192.168.100.0 redistribute static neighbor 192.168.199.1 remote-as 65100 neighbor 192.168.210.10 remote-as 60000 neighbor 192.168.220.10 remote-as 60200 neighbor 192.168.220.20 remote-as 60300 neighbor 192.168.220.40 remote-as 60400 neighbor 192.168.220.50 remote-as 60500 neighbor 192.168.220.60 remote-as 60600 neighbor 192.168.220.70 remote-as 60700 neighbor 192.168.220.80 remote-as 60800 neighbor 192.168.220.90 remote-as 60900 no auto-summary ! ip local pool IGNMGNT 192.168.100.1 192.168.100.50 ip local pool PINPOINTERS 192.168.101.1 192.168.101.50 ip local pool INTELLIGROUP 192.168.102.1 192.168.102.50 ip local pool TRAWLER 192.168.100.101 192.168.100.110 ip route 0.0.0.0 0.0.0.0 195.24.4.65 ip route 10.29.5.0 255.255.255.0 192.168.220.10 ip route 10.31.15.0 255.255.255.0 192.168.220.80 ip route 10.31.51.0 255.255.255.0 192.168.220.90 ip route 192.168.100.0 255.255.255.0 195.24.4.65 ! ip flow-export source FastEthernet0/0 ip flow-export version 5 origin-as bgp-nexthop ip flow-export destination 10.246.6.50 9996 ! no ip http server no ip http secure-server ip nat pool nonat 195.24.4.67 195.24.4.67 netmask 255.255.255.248 ip nat source static 195.24.4.68 10.28.2.11 route-map DKRGLDAP extendable ip nat source static 10.28.2.11 195.24.4.68 route-map DKRGLDAP extendable ip nat inside source route-map nonat pool nonat overload ip nat inside source static tcp 192.168.199.20 25 195.24.4.68 25 extendable ip nat inside source static tcp 192.168.199.30 80 195.24.4.68 80 extendable ip nat inside source static tcp 10.28.2.11 389 195.24.4.68 389 extendable ip nat inside source static tcp 192.168.199.30 443 195.24.4.68 443 extendable ip nat inside source static tcp 192.168.199.20 25 195.24.4.69 25 extendable ip nat inside source static tcp 10.246.6.40 443 195.24.4.69 443 extendable ip nat inside source static tcp 10.246.6.40 1741 195.24.4.69 1741 extendable ip nat inside source static tcp 10.28.2.103 1001 195.24.4.70 1001 extendable ip nat inside source static tcp 10.28.2.103 1723 195.24.4.70 1723 extendable ip nat inside source static tcp 10.246.6.100 6666 195.24.4.70 6666 extendable ip nat inside source static 10.246.6.100 195.24.4.70 extendable ! ip access-list standard SNMP_ACCESS permit 10.246.6.50 permit 10.246.6.42 permit 10.246.6.40 permit 10.28.2.80 0.0.0.7 ip access-list extended DKRGLDAP permit tcp host 85.81.51.101 eq 389 host 10.28.2.11 eq 389 permit tcp host 193.189.92.170 eq 389 host 10.28.2.11 eq 389 ip access-list extended EACCESSOUT permit tcp any any eq www permit udp any any eq snmp permit tcp any eq smtp any permit udp any any eq isakmp permit tcp any any eq domain permit udp any any eq domain permit tcp any any eq 3389 permit tcp any 192.168.199.0 0.0.0.255 eq bgp permit tcp host 10.246.6.10 any eq telnet deny icmp any any deny tcp any any eq telnet deny tcp any any eq ftp-data deny tcp any any eq irc deny tcp any any eq lpd deny tcp any any eq nntp permit ip 10.12.0.0 0.0.7.255 any permit ip host 10.246.6.82 any log permit ip 10.13.0.0 0.0.15.255 any permit ip 10.25.0.0 0.0.255.255 any permit ip 10.27.0.0 0.0.255.255 any permit ip 10.29.2.0 0.0.0.255 any permit ip 10.29.4.0 0.0.0.255 any permit ip 10.29.4.0 0.0.3.255 any permit ip 10.30.0.0 0.0.255.255 any permit ip 10.31.1.0 0.0.0.255 any permit ip 10.31.2.0 0.0.0.255 any permit ip 10.31.3.0 0.0.0.255 any permit ip 10.31.4.0 0.0.0.255 any permit ip 10.31.5.0 0.0.0.255 any permit ip 10.31.6.0 0.0.0.255 any permit ip 10.31.7.0 0.0.0.255 any permit ip 10.31.8.0 0.0.0.255 any permit ip 10.31.9.0 0.0.0.255 any permit ip 10.31.10.0 0.0.0.255 any permit ip 10.38.0.0 0.0.255.255 any permit ip 10.246.0.0 0.0.255.255 any permit ip 192.168.199.0 0.0.0.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip 10.0.0.0 0.255.255.255 any deny ip any 10.0.0.0 0.255.255.255 deny ip any 127.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 ip access-list extended NONAT permit udp any any eq ntp permit tcp any any eq 443 deny ip 10.31.0.0 0.0.255.255 192.168.100.0 0.0.0.255 deny ip 10.30.0.0 0.0.255.255 192.168.100.0 0.0.0.255 deny ip 10.246.0.0 0.0.255.255 192.168.100.0 0.0.0.255 deny ip 10.27.0.0 0.0.255.255 192.168.100.0 0.0.0.255 deny ip 10.25.0.0 0.0.255.255 192.168.100.0 0.0.0.255 deny ip 10.28.0.0 0.0.255.255 192.168.100.0 0.0.0.255 deny ip 10.246.0.0 0.0.255.255 10.38.0.0 0.0.255.255 deny ip 10.28.0.0 0.0.255.255 10.38.0.0 0.0.255.255 deny ip 10.28.0.0 0.0.255.255 10.27.0.0 0.0.255.255 deny ip 10.28.0.0 0.0.255.255 10.24.0.0 0.0.255.255 deny ip 10.28.0.0 0.0.255.255 10.29.0.0 0.0.255.255 deny ip 192.168.199.0 0.0.0.255 192.168.198.0 0.0.0.255 deny ip 192.168.199.0 0.0.0.255 192.168.100.0 0.0.0.255 deny ip 10.246.0.0 0.0.255.255 10.27.0.0 0.0.255.255 deny ip 10.246.0.0 0.0.255.255 10.24.0.0 0.0.255.255 deny ip 10.38.0.0 0.0.255.255 192.168.100.0 0.0.0.255 deny ip 10.13.0.0 0.0.7.255 192.168.102.0 0.0.0.255 deny ip 10.12.1.0 0.0.0.255 192.168.100.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 192.168.100.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 host 66.198.56.122 deny ip 192.168.100.0 0.0.0.255 host 66.198.56.122 deny ip 192.168.102.0 0.0.0.255 host 66.198.56.122 deny ip 10.12.1.0 0.0.0.255 192.168.101.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 10.250.6.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 10.250.6.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 10.250.6.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 10.250.4.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 10.250.4.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 10.250.4.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 10.250.10.0 0.0.0.255 deny ip 10.38.0.0 0.0.255.255 10.31.9.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 10.250.10.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 10.250.10.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 10.250.8.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 10.250.8.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 10.250.8.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 10.250.20.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 10.250.20.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 10.250.20.0 0.0.0.255 deny ip 10.13.0.0 0.0.15.255 10.254.31.0 0.0.0.255 deny ip 192.168.102.0 0.0.0.255 10.254.31.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 10.254.31.0 0.0.0.255 deny ip 10.246.0.0 0.0.255.255 10.254.0.0 0.0.255.255 deny ip 10.13.0.0 0.0.15.255 10.254.11.0 0.0.0.255 deny ip 192.168.96.0 0.0.15.255 10.254.11.0 0.0.0.255 deny ip 10.11.0.0 0.0.255.255 10.254.0.0 0.0.255.255 deny ip 10.12.0.0 0.0.255.255 10.254.0.0 0.0.255.255 deny ip 10.14.0.0 0.0.255.255 10.254.0.0 0.0.255.255 permit ip any host 10.28.2.84 log permit ip 10.28.2.0 0.0.0.255 any permit ip 10.12.0.0 0.0.7.255 any permit ip 10.13.0.0 0.0.15.255 any permit ip 10.13.0.0 0.0.255.255 any permit ip 10.25.1.0 0.0.0.255 any permit ip 10.25.0.0 0.0.255.255 any permit ip 10.27.0.0 0.0.255.255 any permit ip 10.29.2.0 0.0.0.255 any permit ip 10.29.4.0 0.0.0.255 any permit ip 10.29.4.0 0.0.3.255 any permit ip 10.30.0.0 0.0.255.255 any permit ip 10.31.1.0 0.0.0.255 any permit ip 10.31.2.0 0.0.0.255 any permit ip 10.31.3.0 0.0.0.255 any permit ip 10.31.4.0 0.0.0.255 any permit ip 10.31.7.0 0.0.0.255 any permit ip 10.31.8.0 0.0.0.255 any permit ip 10.31.9.0 0.0.0.255 any permit ip 10.31.10.0 0.0.0.255 any permit ip any 10.31.10.0 0.0.0.255 permit ip 10.31.15.0 0.0.0.255 any permit ip 10.31.51.0 0.0.0.255 any permit ip 10.38.0.0 0.0.255.255 any permit ip 10.246.0.0 0.0.255.255 any permit ip 192.168.199.0 0.0.0.255 any permit ip 10.31.6.0 0.0.0.255 any permit tcp any any eq 8530 ! logging 10.246.6.42 access-list 23 permit 10.246.6.10 access-list 23 permit 10.246.6.11 access-list 23 permit 192.168.100.0 0.0.0.255 access-list 105 permit ip 10.28.0.0 0.0.255.255 any access-list 105 permit ip 10.38.0.0 0.0.255.255 any access-list 150 permit ip 10.13.0.0 0.0.15.255 10.250.4.0 0.0.0.255 access-list 150 permit ip 10.13.0.0 0.0.15.255 10.250.6.0 0.0.0.255 access-list 150 permit ip 10.13.0.0 0.0.15.255 10.250.10.0 0.0.0.255 access-list 150 permit ip 192.168.100.0 0.0.0.255 10.250.4.0 0.0.0.255 access-list 150 permit ip 192.168.100.0 0.0.0.255 10.250.6.0 0.0.0.255 access-list 150 permit ip 192.168.100.0 0.0.0.255 10.250.10.0 0.0.0.255 access-list 150 permit ip 192.168.102.0 0.0.0.255 10.250.4.0 0.0.0.255 access-list 150 permit ip 192.168.102.0 0.0.0.255 10.250.6.0 0.0.0.255 access-list 150 permit ip 192.168.102.0 0.0.0.255 10.250.10.0 0.0.0.255 access-list 151 permit ip 10.246.0.0 0.0.15.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 10.11.0.0 0.0.255.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 10.12.0.0 0.0.255.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 10.13.0.0 0.0.255.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 10.14.0.0 0.0.255.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 192.168.100.0 0.0.0.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 192.168.102.0 0.0.0.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 10.28.0.0 0.0.255.255 10.254.31.0 0.0.0.255 access-list 151 permit ip 10.13.0.0 0.0.255.255 10.254.11.0 0.0.0.255 access-list 151 permit ip 192.168.100.0 0.0.0.255 10.254.11.0 0.0.0.255 access-list 151 permit ip 192.168.102.0 0.0.0.255 10.254.11.0 0.0.0.255 access-list 153 permit ip 10.13.0.0 0.0.15.255 10.250.8.0 0.0.0.255 access-list 153 permit ip 10.13.0.0 0.0.15.255 10.250.20.0 0.0.0.255 access-list 153 permit ip 10.13.0.0 0.0.15.255 host 66.198.56.122 access-list 153 permit ip 192.168.100.0 0.0.0.255 host 66.198.56.122 access-list 153 permit ip 192.168.102.0 0.0.0.255 host 66.198.56.122 access-list 153 permit ip 192.168.100.0 0.0.0.255 10.250.8.0 0.0.0.255 access-list 153 permit ip 192.168.102.0 0.0.0.255 10.250.8.0 0.0.0.255 access-list 153 permit icmp 10.13.0.0 0.0.255.255 any access-list 153 permit ip 192.168.100.0 0.0.0.255 10.250.20.0 0.0.0.255 access-list 153 permit ip 192.168.102.0 0.0.0.255 10.250.20.0 0.0.0.255 access-list 2000 permit ip 10.12.1.0 0.0.0.255 any access-list 2001 permit ip 10.12.1.0 0.0.0.255 any access-list 2001 permit ip 10.246.0.0 0.0.255.255 any access-list 2001 permit ip 10.28.0.0 0.0.255.255 any access-list 2001 permit ip 10.30.0.0 0.0.255.255 any access-list 2001 permit ip 10.32.0.0 0.0.255.255 any access-list 2001 permit ip 10.31.0.0 0.0.255.255 any access-list 2001 permit ip 10.38.0.0 0.0.255.255 any access-list 2001 permit ip 10.27.0.0 0.0.255.255 any access-list 2001 permit ip 10.29.2.0 0.0.0.255 any access-list 2001 permit ip 10.25.0.0 0.0.255.255 any access-list 2001 permit ip 10.26.0.0 0.0.255.255 any access-list 2001 permit ip 10.13.0.0 0.0.255.255 any access-list 2001 permit ip 192.168.199.0 0.0.0.255 any access-list 2002 permit ip 10.13.0.0 0.0.7.255 any access-list 2002 permit ip 10.250.0.0 0.0.255.255 any access-list 2002 permit ip host 66.198.56.122 any access-list 2002 permit ip 10.254.11.0 0.0.0.255 any snmp-server community DKDATAFW RW snmp-server community AS400JBT RO SNMP_ACCESS snmp-server community NETFLOW RW SNMP_ACCESS snmp-server location DK-DATACENTER snmp-server enable traps config snmp-server enable traps syslog route-map DKRGLDAP permit 10 match ip address DKRGLDAP ! route-map nonat permit 10 match ip address NONAT ! ! ! radius-server host 192.168.199.20 auth-port 1812 acct-port 1813 key as400jbt radius-server host 192.168.199.21 auth-port 1812 acct-port 1813 key as400jbt ! control-plane ! ! banner incoming ^CC ***************************************************************** * Warning * * THIS DEVICE IS PART OF A PRIVATE NETWORK * * * * DISCONNECT IMMEDIATELY IF YOU ARE NOT AN AUTHORISED USER ! * * * * Unauthorised access is prohibited * * And may be punishable by law * * * * This device is monitored for unauthorised access * * * ***************************************************************** ***************************************************************** * Use of this network is restricted to authorized users. * * User activity is monitored and recorded by system * * personnel. Anyone using this network expressly consents * * to such monitoring and recording. BE ADVISED, if possible * * criminal activity is detected, system records, along with * * certain personal information, may be provided to law * * enforcement officials. * ***************************************************************** ^C banner login ^C ***************************************************************** * Warning * * THIS DEVICE IS PART OF A PRIVATE NETWORK * * * * DISCONNECT IMMEDIATELY IF YOU ARE NOT AN AUTHORISED USER ! * * * * Unauthorised access is prohibited * * And may be punishable by law * * * * This device is monitored for unauthorised access * * * ***************************************************************** ***************************************************************** * Use of this network is restricted to authorized users. * * User activity is monitored and recorded by system * * personnel. Anyone using this network expressly consents * * to such monitoring and recording. BE ADVISED, if possible * * criminal activity is detected, system records, along with * * certain personal information, may be provided to law * * enforcement officials. * ***************************************************************** ^C alias exec x sh ip int br ! line con 0 login authentication device line aux 0 line vty 0 4 access-class 23 in privilege level 15 login authentication device transport input ssh line vty 5 ! scheduler allocate 20000 1000 ntp clock-period 17179849 ntp master ntp server 10.246.6.10 end