!
ip ssh time-out 60
ip ssh authentication-retries 2
!
track 1 ip sla 1 reachability
 delay down 20 up 20
!
track 2 ip sla 2 reachability
 delay down 20 up 20
!
track 3 ip sla 3 reachability
 delay down 20 up 20
!
!
!
interface Loopback1
 no ip address
!
interface FastEthernet0/0
 description EDGETELECOM INTERFACE
 ip address <a1> 255.255.255.248
 ip access-group EDGE_IN in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect INSPECT_OUT out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description WIMAX INTERFACE
 ip address <b2> 255.255.255.252
 ip access-group WIMAX_IN in
 ip verify unicast source reachable-via rx allow-default 100
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect INSPECT_OUT out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 snmp trap ip verify drop-rate
 no mop enabled
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
 duplex full
 speed 100
!
interface ATM0/3/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Vlan1
 description LAN INTERFACE
 ip address 10.10.10.5 255.255.255.0
 ip access-group LAN_FILTER in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1460
 ip policy route-map ADSL_POLICY
 no mop enabled
!
interface Dialer0
 description LOGICAL INTERFACE FOR VITAL ADSL
 ip address negotiated
 ip access-group ADSL_IN in
 ip verify unicast source reachable-via rx allow-default 100
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect INSPECT_OUT out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 snmp trap ip verify drop-rate
 ppp authentication chap callin
 ppp chap hostname urbanwimax@branchoffice.vital-group.com
 ppp chap password xxxxxxxxxxxxxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <b2> name WIMAX_DEFAULT track 1
ip route 0.0.0.0 0.0.0.0 Dialer0 10 name ADSL_DEFAULT track 2
ip route 0.0.0.0 0.0.0.0 <a2> 5 name EDGE_DEFAULT track 3
ip route <h1> 255.255.255.255 <b2> name ROUTE_TO_DNS
ip route <h2> 255.255.255.255 Dialer0 name VITAL_DNS
ip route <h3> 255.255.255.255 <a2> name EDGE_DNS
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map ADSL_ALL interface Dialer0 overload
ip nat inside source route-map EDGE_ALL interface FastEthernet0/0 overload
ip nat inside source route-map WIMAX_ALL interface FastEthernet0/1 overload
ip nat inside source static 10.10.10.40 <a3> route-map EDGE
ip nat inside source static 10.10.10.11 <a4> route-map EDGE
ip nat inside source static 10.10.10.3 <a5> route-map EDGE
ip nat inside source static 10.10.10.4 <a6> route-map EDGE
ip nat inside source static 10.10.10.40 <c1> route-map WIMAX
ip nat inside source static 10.10.10.11 <c2> route-map WIMAX
ip nat inside source static 10.10.10.3 <c3> route-map WIMAX
ip nat inside source static 10.10.10.4 <c4> route-map WIMAX
ip nat inside source static 10.10.10.4 <d1> route-map VITAL
ip nat inside source static 10.10.10.11 <d2> route-map VITAL
ip nat inside source static 10.10.10.40 <d3> route-map VITAL
ip nat inside source static 10.10.10.3 <d4> route-map VITAL
!
ip access-list extended ADSL_IN
 permit icmp any any echo-reply
 permit tcp <e1> 0.0.0.15 host <d1> eq 3389
 permit tcp <e1> 0.0.0.15 host <d4> eq 3389
 permit tcp any host <d1> eq smtp
 permit tcp any host <d1> eq 1723
 permit gre any host <d1>
 permit tcp any host <d4> eq 1723
 permit gre any host <d4>
 permit tcp any host <d3> eq ftp
 permit tcp host 81.137.129.29 host <d2> eq 5900
 permit tcp host 81.137.129.29 host <d2> eq 3389
 permit tcp any host <d1> eq 443
 permit tcp any host <d1> eq www
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip any any log
ip access-list extended ADSL_POLICY
 permit tcp host 10.10.10.4 any eq smtp
ip access-list extended EDGE_IN
 permit icmp any any echo
 permit tcp any host <a1> eq ftp
 permit gre any any
 permit icmp any host <a1> echo-reply
 permit tcp <e1> 0.0.0.15 host <a6> eq 3389
 permit tcp <e1> 0.0.0.15 host <a5> eq 3389
 permit tcp any host <a6> eq smtp
 permit tcp any host <a6> eq 1723
 permit gre any host <a6>
 permit tcp any host <a5> eq 1723
 permit gre any host <a5>
 permit tcp any host <a3> eq ftp
 permit tcp host <g1> host <a4> eq 5900
 permit tcp host <g1> host <a4> eq 3389
 permit tcp any host <a6> eq 443
 permit tcp any host <a6> eq www
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip any any log
ip access-list extended LAN_FILTER
 permit gre any any
 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.5 eq telnet
 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.5 eq 22
 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.5 eq www
 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.5 eq 443
 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.5 eq cmd
 deny   tcp any host 10.10.10.5 eq telnet
 deny   tcp any host 10.10.10.5 eq 22
 deny   tcp any host 10.10.10.5 eq www
 deny   tcp any host 10.10.10.5 eq 443
 deny   tcp any host 10.10.10.5 eq cmd
 deny   udp any host 10.10.10.5 eq snmp
 deny   ip host 255.255.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 permit ip any any
ip access-list extended MANAGEMENT_ACCESS
 permit ip 10.10.10.0 0.0.0.255 any
 permit ip <f1> 0.0.0.31 any
 permit ip <f2> 0.0.0.31 any
 deny   ip any any log
ip access-list extended NAT_1to1
 permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended NAT_ALL
 deny   ip host 10.10.10.40 any
 deny   ip host 10.10.10.4 any
 deny   ip host 10.10.10.3 any
 deny   ip host 10.10.10.11 any
 permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended WIMAX_IN
 permit icmp any any
 permit tcp any host <c4> eq ftp
 permit icmp any host <b1> echo-reply
 permit tcp <e1> 0.0.0.15 host <c4> eq 3389
 permit tcp <e1> 0.0.0.15 host <c3> eq 3389
 permit tcp any host <c4> eq smtp
 permit tcp any host <c4> eq 1723
 permit gre any host <c4>
 permit tcp any host <c3> eq 1723
 permit gre any host <c3>
 permit tcp any host <c1> eq ftp
 permit tcp host <g1> host <c2> eq 5900
 permit tcp host <g1> host <c2> eq 3389
 permit tcp any host <c4> eq 443
 permit tcp any host <c4> eq www
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip any any log
!
ip sla 1
 icmp-echo <h1> source-interface FastEthernet0/1
 frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo <h2> source-interface Dialer0
 frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
 icmp-echo <h3> source-interface FastEthernet0/0
 frequency 10
ip sla schedule 3 life forever start-time now
logging trap debugging
logging facility local2
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
no cdp run

!
!
!
route-map EDGE permit 10
 match ip address NAT_1to1
 match interface FastEthernet0/0
 set ip next-hop 77.107.81.81
!
route-map ADSL_ALL permit 10
 match ip address NAT_ALL
 match interface Dialer0
!
route-map ADSL permit 10
 match ip address NAT_1to1
 set interface Dialer0
!
route-map EDGE_ALL permit 10
 match ip address NAT_ALL
 match interface FastEthernet0/0
!
route-map ADSL_POLICY permit 10
 match ip address ADSL_POLICY
 set ip next-hop verify-availability <h2> 1 track 2
!         
route-map WIMAX permit 10
 match ip address NAT_1to1
 match interface FastEthernet0/1
 set ip next-hop 79.173.170.1
!
route-map WIMAX_ALL permit 10
 match ip address NAT_ALL
 match interface FastEthernet0/1
!
!