Building configuration... Current configuration : 8777 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname RainingRose ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$PHQl$lDEq4vpf54G1Fy6016gsQ1 ! no aaa new-model ! resource policy ! clock timezone CST -6 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ip cef ! ! ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 ! ! no ip bootp server ip domain name rainingrose.com ip name-server 205.171.3.65 ip name-server 205.171.2.65 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! crypto pki trustpoint TP-self-signed-4028605841 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4028605841 revocation-check none rsakeypair TP-self-signed-4028605841 ! ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key 2821mtvernonroad address 12.206.137.5 ! ! crypto ipsec transform-set toSSP esp-des esp-md5-hmac ! crypto map IPSEC 10 ipsec-isakmp set peer 12.206.137.5 set transform-set toSSP match address 111 ! ! ! interface FastEthernet0/0 description LAN INTERFACE ip address 10.2.1.254 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/1 description WAN - QWEST DSL ip address 65.103.52.169 255.255.255.248 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled crypto map IPSEC ! ip classless ip route 0.0.0.0 0.0.0.0 65.103.52.174 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map nonat interface FastEthernet0/1 overload ip nat inside source static tcp 10.2.1.3 21 65.103.52.170 21 extendable ip nat inside source static tcp 10.2.1.3 1433 65.103.52.170 1433 extendable ip nat inside source static tcp 10.2.1.4 1494 65.103.52.170 1494 extendable ip nat inside source static tcp 10.2.1.4 3389 65.103.52.170 3389 extendable ip nat inside source static tcp 10.2.1.2 5360 65.103.52.170 5360 extendable ip nat inside source static tcp 10.2.1.3 5361 65.103.52.170 5361 extendable ip nat inside source static tcp 10.2.1.74 5364 65.103.52.170 5364 extendable ip nat inside source static tcp 10.2.1.77 5365 65.103.52.170 5365 extendable ip nat inside source static tcp 10.2.1.78 5366 65.103.52.170 5366 extendable ip nat inside source static tcp 10.2.1.2 1433 65.103.52.171 1433 extendable ip nat inside source static tcp 10.2.1.62 1494 65.103.52.171 1494 extendable ip nat inside source static tcp 10.2.1.62 3389 65.103.52.171 3389 extendable ip nat inside source static 10.2.1.6 65.103.52.172 route-map nonat ! logging trap debugging access-list 1 remark INSIDE_IF=FastEthernet0/0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.2.1.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip 65.103.52.168 0.0.0.7 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host 205.171.3.65 eq domain host 65.103.52.169 access-list 101 permit udp host 205.171.2.65 eq domain host 65.103.52.169 access-list 101 permit tcp any host 65.103.52.170 eq 1494 access-list 101 permit tcp host 72.50.231.196 host 65.103.52.171 eq 1433 access-list 101 permit tcp host 72.50.231.196 host 65.103.52.170 eq 1433 access-list 101 permit tcp host 147.202.24.152 host 65.103.52.171 eq 1433 access-list 101 permit tcp host 147.202.24.152 host 65.103.52.170 eq 1433 access-list 101 permit tcp any host 65.103.52.170 eq ftp access-list 101 permit tcp any host 65.103.52.170 eq 5360 access-list 101 permit tcp any host 65.103.52.170 eq 5366 access-list 101 permit tcp any host 65.103.52.170 eq 3389 access-list 101 permit tcp any host 65.103.52.170 eq 5365 access-list 101 permit tcp any host 65.103.52.170 eq 5364 access-list 101 permit tcp any host 65.103.52.170 eq 5361 access-list 101 permit ip 10.5.5.0 0.0.0.255 host 65.103.52.172 access-list 101 permit tcp any host 65.103.52.171 eq 1494 access-list 101 permit tcp any host 65.103.52.171 eq 3389 access-list 101 permit tcp any host 65.103.52.172 eq smtp access-list 101 permit tcp any host 65.103.52.172 eq 389 access-list 101 permit esp any host 65.103.52.169 access-list 101 permit udp any host 65.103.52.169 eq isakmp access-list 101 permit tcp any host 65.103.52.172 eq www access-list 101 permit tcp any host 65.103.52.172 eq 5362 access-list 101 permit tcp any host 65.103.52.172 eq 443 access-list 101 permit ip 10.5.5.0 0.0.0.255 10.2.1.0 0.0.0.255 access-list 101 deny ip 10.2.1.0 0.0.0.255 any access-list 101 permit icmp any host 65.103.52.169 echo-reply access-list 101 permit icmp any host 65.103.52.169 time-exceeded access-list 101 permit icmp any host 65.103.52.169 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 111 permit ip 10.2.1.0 0.0.0.255 10.5.5.0 0.0.0.255 access-list 111 permit ip host 65.103.52.172 10.5.5.0 0.0.0.255 access-list 112 deny ip 10.2.1.0 0.0.0.255 10.5.5.0 0.0.0.255 access-list 112 permit ip 10.2.1.0 0.0.0.255 any access-list 130 deny ip 10.2.1.0 0.0.0.255 10.5.5.0 0.0.0.255 access-list 130 permit ip 10.2.1.0 0.0.0.255 any no cdp run route-map nonat permit 10 match ip address 112 130 ! ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler allocate 4000 1000 end RainingRose#