enrollment url http://19.13.7.246:80 usage ike serial-number revocation-check none auto-enroll ! crypto pki trustpoint TP-self-signed-4199659155 en123.116.xxx.xxxrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4199659155 revocation-check none rsakeypair TP-self-signed-4199659155 ! ! crypto pki certificate chain smc-gz crypto pki certificate chain smc-ca-gz crypto pki certificate chain TP-self-signed-4199659155 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34313939 36353931 3535301E 170D3134 30363037 30333239 32315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31393936 35393135 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AB21 D5B4CA0D FFA8158B F36A1DA5 9C86B834 19669292 AA8D5043 A2440C94 F26F21F6 CD2D88F4 A5DEBA4D 8291AF91 D436BE21 BB7A7B93 0185417F AD47AB10 8EBCDC39 14415DDE 00BD5B31 1698294D 7B3C64DF B91C6555 33B2F654 C1B645E2 AB74D692 F4E55E26 11F51620 56923EEB DB427102 21A8D93C C341FEF3 156A30A4 DC850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 144A79A7 95B2B780 AAB0449F 95822BE4 5E5A7CCA C8301D06 03551D0E 04160414 4A79A795 B2B780AA B0449F95 822BE45E 5A7CCAC8 300D0609 2A864886 F70D0101 05050003 81810034 5A25817B 5730F0A6 7178F41D 09368DA7 C161F5DC F8122EBB A3DED4A3 BEE581DF 7ED3B29A FCE5934D 34934BAC 5EB0ED65 76CED568 37D948E1 EECCC88F FB03EB76 34B83BF6 EB73A9BE 2457C455 3E7FE66E A7476FE9 14FEF0B3 B007F838 07E329A6 3FBE952B FCEDC177 9EF61F7E 052204E8 E459C9DE 23CA2A4F 17477AA5 2BD2ED quit ip cef ! ! ! ! ! ! no ip domain lookup ip domain name smc.com.cn ip host aux 2161 10.58.37.163 ip name-server 202.99.8.1 ip name-server 218.249.236.225 no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! voice-card 0 dspfarm ! ! voice call carrier capacity active ! voice class codec 100 codec preference 1 g729r8 codec preference 2 g729br8 codec preference 3 g723r63 codec preference 4 g723ar63 codec preference 5 g711ulaw ! ! ! ! ! ! license udi pid C3900-SPE150/K9 sn FOC1752394V hw-module pvdm 0/0 ! ! ! username zhangp privilege 15 password 7 131607000202037372 username smcgz privilege 15 password 0 smcmaster username Rvpn password 0 ciscovpn username cisco password 0 ciscoadmin ! redundancy ! ! ! ! ! ! class-map match-any HTTP match protocol http class-map match-any Block-P2P match protocol fasttrack file-transfer "*" match protocol gnutella file-transfer "*" match protocol vdolive class-map match-all internet-traffic match access-group 102 ! policy-map Internet-POLICY class internet-traffic priority 1000 policy-map Block-P2P-HTTP class Block-P2P drop policy-map Block-P2P class Block-P2P drop class HTTP ! ! crypto keyring dmvpn pre-shared-key address 0.0.0.0 0.0.0.0 key dmvpnkey rsa-pubkey address 0.0.0.0 address 0.0.0.0 key-string quit no crypto xauth GigabitEthernet0/1 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key winet2004 address 28.29.26.94 no-xauth crypto isakmp key smcipsec_key address 19.41.228.22 no-xauth crypto isakmp keepalive 10 crypto isakmp nat keepalive 5 ! crypto isakmp client configuration group guangzhou-broker key broker-2005 dns 10.116.0.18 10.116.0.16 wins 10.116.0.16 pool broker-pool acl 135 save-password ! crypto isakmp client configuration group ezvpn key gzezvpn dns 10.116.192.4 pool vpn-pool acl 133 save-password crypto isakmp profile DMVPN keyring dmvpn match identity address 0.0.0.0 crypto isakmp profile Brokerlient match identity group guangzhou-broker client authentication list userauthen isakmp authorization list groupauthor client configuration address initiate client configuration address respond ! ! crypto ipsec transform-set dmvpnset esp-des esp-sha-hmac mode tunnel crypto ipsec transform-set smcipsec_set esp-3des esp-md5-hmac mode tunnel crypto ipsec transform-set myset esp-3des esp-md5-hmac mode tunnel ! ! crypto ipsec profile dmvpnprof set transform-set dmvpnset set isakmp-profile DMVPN ! ! crypto dynamic-map dynma 10 set transform-set myset reverse-route ! crypto dynamic-map dynmap 10 reverse-route crypto dynamic-map dynmap 20 set isakmp-profile Brokerlient reverse-route crypto dynamic-map dynmap 30 match address 101 ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynma ! crypto map smcipsec_map 9 ipsec-isakmp set peer 19.41.228.22 set transform-set smcipsec_set match address 133 ! ! ! ! ! interface Loopback0 ip address 10.58.37.222 255.255.255.255 ip ospf network point-to-point h323-gateway voip interface h323-gateway voip id smc-gk ipaddr 10.116.0.5 1719 h323-gateway voip tech-prefix 82 ! interface Tunnel1 description MULTI-POINT GRE TUNNEL for BRANCHES bandwidth 1000 ip address 10.116.200.1 255.255.255.0 no ip redirects ip mtu 1300 ip nhrp authentication dmvpn ip nhrp map multicast dynamic ip nhrp network-id 99 ip nhrp holdtime 300 no ip route-cache cef ip ospf network broadcast ip ospf priority 255 delay 1000 tunnel source GigabitEthernet0/1 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile dmvpnprof ! interface Tunnel10 ip address 10.116.201.253 255.255.255.252 ip accounting output-packets ip ospf cost 10 tunnel source GigabitEthernet0/1 tunnel destination 29.142.9.54 ! interface Tunnel17 ip unnumbered GigabitEthernet0/1 ! interface Tunnel102 description to shenzhen ip address 10.116.202.253 255.255.255.252 no ip redirects ip mtu 1300 tunnel source 19.13.7.246 tunnel destination 21.15.29.137 ! interface Tunnel110 ip address 10.116.203.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 21.12.15.5 ! interface Tunnel111 ip address 10.116.204.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 27.151.116.89 ! interface Tunnel112 ip address 10.116.205.253 255.255.255.252 shutdown tunnel source 19.13.7.246 tunnel destination xxx.122.15.5 ! interface Tunnel113 ip address 10.116.206.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination xxx.122.15.5 ! interface Tunnel114 ip address 10.116.207.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 123.116.xxx.xxx ! interface Tunnel115 ip address 10.116.208.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 220.168.91.159 ! interface Tunnel117 ip address 10.116.209.253 255.255.255.252 tunnel source 19.13.7.246 tunnel destination 11.180.111.88 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-G 0/0$ ip address 61.14.183.10 255.255.255.248 secondary ip address 59.141.225.126 255.255.255.248 ip accounting output-packets duplex auto speed auto ! interface GigabitEthernet0/1 ip address 19.13.7.246 255.255.255.252 ip accounting output-packets ip nbar protocol-discovery duplex auto speed auto crypto map clientmap ! interface GigabitEthernet0/2 no ip address duplex auto speed auto ! interface FastEthernet0/0/0 ip address 10.116.36.21 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/0/1 no ip address shutdown duplex auto speed auto ! router ospf 1 redistribute static metric 100 metric-type 1 subnets network 10.0.0.0 0.0.0.0 area 0 network 10.0.0.0 0.255.255.255 area 0 ! ip local pool ezvpn-pool 10.116.201.1 10.116.201.63 ip local pool broker-pool 10.116.201.64 10.116.201.127 ip local pool vpn-pool 10.1.1.1 10.1.1.63 ip forward-protocol nd ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! ip route 0.0.0.0 0.0.0.0 219.137.27.245 ip route 10.1.1.0 255.255.255.0 GigabitEthernet0/1 ip route 10.116.0.0 255.255.248.0 10.116.36.22 ip route 10.116.16.0 255.255.248.0 10.116.36.22 ip route 10.116.32.0 255.255.254.0 10.116.36.22 ip route 10.116.36.4 255.255.255.252 10.116.36.22 ip route 10.116.36.16 255.255.255.252 10.116.36.22 ip route 10.116.36.16 255.255.255.255 10.116.36.22 ip route 10.116.36.20 255.255.255.252 10.116.36.22 ip route 10.116.36.20 255.255.255.255 10.116.36.22 ip route 10.116.40.0 255.255.255.0 10.116.36.22 ip route 10.116.48.0 255.255.254.0 10.116.36.22 ip route 10.116.48.100 255.255.255.255 10.116.36.22 ip route 10.116.64.0 255.255.255.0 10.116.36.22 ip route 10.116.66.0 255.255.255.0 10.116.36.22 ip route 10.116.67.0 255.255.255.0 10.116.36.22 ip route 10.116.68.0 255.255.255.0 10.116.36.22 ip route 10.116.69.0 255.255.255.0 10.116.36.22 ip route 10.116.70.0 255.255.255.0 10.116.36.22 ip route 10.116.71.0 255.255.255.0 10.116.36.22 ip route 10.116.72.0 255.255.255.0 10.116.36.22 ip route 10.116.73.0 255.255.255.0 10.116.36.22 ip route 10.116.75.0 255.255.255.0 10.116.36.22 ip route 10.116.76.0 255.255.255.0 10.116.36.22 ip route 10.116.77.0 255.255.255.0 10.116.36.22 ip route 10.116.78.0 255.255.255.0 10.116.36.22 ip route 10.116.79.0 255.255.255.0 10.116.36.22 ip route 10.116.80.0 255.255.255.0 10.116.36.22 ip route 10.116.81.0 255.255.255.0 10.116.36.22 ip route 10.116.82.0 255.255.255.0 10.116.36.22 ip route 10.116.83.0 255.255.255.0 10.116.36.22 ip route 10.116.84.0 255.255.255.0 10.116.36.22 ip route 10.116.85.0 255.255.255.0 10.116.36.22 ip route 10.116.86.0 255.255.255.0 10.116.36.22 ip route 10.116.87.0 255.255.255.0 10.116.36.22 ip route 10.116.88.0 255.255.255.0 10.116.36.22 ip route 10.116.89.0 255.255.255.0 10.116.36.22 ip route 10.116.91.0 255.255.255.0 10.116.36.22 ip route 10.116.93.0 255.255.255.0 10.116.36.22 ip route 10.116.94.0 255.255.255.0 10.116.36.22 ip route 10.116.95.0 255.255.255.0 10.116.36.22 ip route 10.116.96.0 255.255.255.0 10.116.36.22 ip route 10.116.98.0 255.255.255.0 10.116.36.22 ip route 10.116.99.0 255.255.255.0 10.116.36.22 ip route 10.116.100.0 255.255.255.0 10.116.36.22 ip route 10.116.101.0 255.255.255.0 10.116.36.22 ip route 10.116.102.0 255.255.255.0 10.116.36.22 ip route 10.116.103.0 255.255.255.0 10.116.36.22 ip route 10.116.105.0 255.255.255.0 10.116.36.22 ip route 10.116.106.0 255.255.255.0 10.116.36.22 ip route 10.116.107.0 255.255.255.0 10.116.36.22 ip route 10.116.108.0 255.255.255.0 10.116.36.22 ip route 10.116.109.0 255.255.255.0 10.116.36.22 ip route 10.116.110.0 255.255.255.0 10.116.36.22 ip route 10.116.111.0 255.255.255.0 10.116.36.22 ip route 10.116.112.0 255.255.255.0 10.116.36.22 ip route 10.116.113.0 255.255.255.0 10.116.36.22 ip route 10.116.114.0 255.255.255.0 10.116.36.22 ip route 10.116.115.0 255.255.255.0 10.116.36.22 ip route 10.116.116.0 255.255.255.0 10.116.36.22 ip route 10.116.117.0 255.255.255.0 10.116.36.22 ip route 10.116.118.0 255.255.255.0 10.116.36.22 ip route 10.116.120.0 255.255.255.0 10.116.36.22 ip route 10.116.122.0 255.255.255.0 10.116.36.22 ip route 10.116.123.0 255.255.255.0 10.116.36.22 ip route 10.116.150.0 255.255.255.0 10.116.36.22 ip route 10.116.151.0 255.255.255.0 10.116.36.22 ip route 10.116.153.0 255.255.255.0 10.116.36.22 ip route 10.116.192.0 255.255.252.0 59.41.215.225 ip route 10.116.193.0 255.255.255.0 59.41.215.225 ip route 10.116.196.0 255.255.255.0 172.16.1.2 ip route 10.116.197.0 255.255.255.0 Tunnel102 ip route 10.116.198.0 255.255.255.0 Tunnel110 ip route 10.116.199.0 255.255.255.0 Tunnel111 ip route 10.116.200.0 255.255.255.0 Tunnel112 ip route 10.116.201.0 255.255.255.0 Tunnel113 ip route 10.116.222.0 255.255.255.0 Tunnel114 ip route 10.116.223.0 255.255.255.0 Tunnel115 ip route 10.116.224.0 255.255.255.0 Tunnel117 ip route 192.168.0.0 255.255.0.0 10.116.36.22 ! access-list 101 permit ip host 19.13.7.246 host 29.142.9.54 access-list 101 permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 102 permit udp any any range 16384 32767 access-list 102 permit ip host 10.116.48.16 host 10.116.32.17 access-list 102 permit ip host 10.116.32.17 host 10.116.48.16 access-list 102 permit ip host 10.116.48.39 host 10.116.32.17 access-list 102 permit ip host 10.116.32.17 host 10.116.48.39 access-list 102 permit tcp any eq 1720 any access-list 102 permit tcp any any eq 1720 access-list 102 permit udp any eq 1719 any access-list 102 permit udp any any eq 1719 access-list 133 permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 135 permit ip host 10.116.32.20 any access-list 135 permit ip host 10.58.37.163 any ! nls resp-timeout 1 cpd cr-id 1 ! snmp-server community winet2005 RW snmp-server enable traps tty snmp-server enable traps entity-sensor threshold ! ! ! control-plane ! ! voice-port 0/1/0 ! voice-port 0/1/1 ! voice-port 0/1/2 ! voice-port 0/1/3 ! ! ! ! ! ! mgcp profile default ! ! dial-peer cor custom ! ! dial-peer voice 301 voip destination-pattern .T session target ras voice-class codec 100 dtmf-relay cisco-rtp h245-signal h245-alphanumeric ! dial-peer voice 1000 pots preference 1 destination-pattern 82001 port 0/1/0 ! dial-peer voice 1005 pots preference 2 destination-pattern 82002 port 0/1/1 ! dial-peer voice 1010 pots preference 3 destination-pattern 82003 port 0/1/2 ! dial-peer voice 1015 pots preference 4 destination-pattern 82004 port 0/1/3 ! dial-peer voice 401 voip destination-pattern 83T session target ipv4:10.116.197.254 ! dial-peer voice 402 voip destination-pattern 86T session target ipv4:10.116.199.254 ! dial-peer voice 403 voip destination-pattern 84T session target ipv4:10.116.198.254 ! dial-peer voice 404 voip destination-pattern 87T session target ipv4:10.116.222.254 ! dial-peer voice 405 voip destination-pattern 89T session target ipv4:10.116.224.254 ! dial-peer voice 406 voip destination-pattern 88T session target ipv4:10.116.223.254 ! dial-peer voice 407 voip destination-pattern 85T session target ipv4:10.116.206.254 ! ! ! ! gatekeeper no shutdown ! ! ! line con 0 line aux 0 no exec transport input all line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 line vty 5 15 privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ntp source Loopback0 ntp master ntp server 10.116.16.4