sho conf Using 14994 out of 131072 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname HartADSL ! boot-start-marker boot-end-marker ! logging buffered 51200 logging console critical enable secret 5 $1$Fdol$Mg33CDpTbfXDAa4gyGaTX/ ! aaa new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! ! aaa session-id common ! crypto pki trustpoint TP-self-signed-3695612210 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3695612210 revocation-check none rsakeypair TP-self-signed-3695612210 ! ! crypto pki certificate chain TP-self-signed-3695612210 certificate self-signed 01 nvram:IOS-Self-Sig#E.cer no ip source-route ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.17.1 ip dhcp excluded-address 192.168.17.11 192.168.17.254 ip dhcp excluded-address 192.168.17.3 ip dhcp excluded-address 192.168.17.2 ! ip dhcp pool CLIENT import all network 192.168.17.0 255.255.255.0 domain-name IHI.local default-router 192.168.17.1 netbios-name-server 172.16.0.33 172.16.0.10 dns-server 172.16.0.33 172.16.0.10 68.94.157.1 68.94.156.1 ! ! ip inspect log drop-pkt ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 no ip bootp server ip name-server 68.94.157.1 ip name-server 68.94.156.1 ! parameter-map type protocol-info msn-servers server name messenger.hotmail.com server name gateway.messenger.hotmail.com server name webmessenger.msn.com parameter-map type protocol-info aol-servers server name login.oscar.aol.com server name toc.oscar.aol.com server name oam-d09a.blue.aol.com parameter-map type protocol-info yahoo-servers server name scs.msg.yahoo.com server name scsa.msg.yahoo.com server name scsb.msg.yahoo.com server name scsc.msg.yahoo.com server name scsd.msg.yahoo.com server name cs16.msg.dcn.yahoo.com server name cs19.msg.dcn.yahoo.com server name cs42.msg.dcn.yahoo.com server name cs53.msg.dcn.yahoo.com server name cs54.msg.dcn.yahoo.com server name ads1.vip.scd.yahoo.com server name radio1.launch.vip.dal.yahoo.com server name in1.msg.vip.re2.yahoo.com server name data1.my.vip.sc5.yahoo.com server name address1.pim.vip.mud.yahoo.com server name edit.messenger.yahoo.com server name messenger.yahoo.com server name http.pager.yahoo.com server name privacy.yahoo.com server name csa.yahoo.com server name csb.yahoo.com server name csc.yahoo.com ! ! username blueline privilege 15 secret 5 ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key 6 xxxxxxxx address x.x.x.x ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac ! crypto map mycrypto 10 ipsec-isakmp set peer x.x.x.x set transform-set myset match address 105 ! archive log config hidekeys ! ! ip tcp synwait-time 10 ! class-map type inspect match-any SDM_HTTPS match access-group name SDM_HTTPS class-map type inspect match-any SDM_SSH match access-group name SDM_SSH class-map type inspect match-any SDM_SHELL match access-group name SDM_SHELL class-map type inspect match-any sdm-cls-access match class-map SDM_HTTPS match class-map SDM_SSH match class-map SDM_SHELL class-map type inspect match-any SDM_AH match access-group name SDM_AH class-map type inspect match-any SDM_ESP match access-group name SDM_ESP class-map type inspect match-any VPN_PROTOCOLS match protocol isakmp match protocol ipsec-msft match class-map SDM_AH match class-map SDM_ESP class-map type inspect match-all LAN_to_LAN_VPN match class-map VPN_PROTOCOLS class-map type inspect imap match-any sdm-app-imap match invalid-command class-map type inspect match-all VPN_IN match access-group 199 class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect msnmsgr match-any sdm-app-msn-otherservices match service any class-map type inspect ymsgr match-any sdm-app-yahoo-otherservices match service any class-map type inspect match-all sdm-protocol-pop3 match protocol pop3 class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any sdm-cls-protocol-im match protocol ymsgr yahoo-servers match protocol msnmsgr msn-servers match protocol aol aol-servers class-map type inspect aol match-any sdm-app-aol-otherservices match service any class-map type inspect pop3 match-any sdm-app-pop3 match invalid-command class-map type inspect match-all sdm-access match class-map sdm-cls-access match access-group 101 class-map type inspect http match-any sdm-http-blockparam match request port-misuse im match request port-misuse p2p match req-resp protocol-violation class-map type inspect match-all sdm-protocol-im match class-map sdm-cls-protocol-im class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect ymsgr match-any sdm-app-yahoo match service text-chat class-map type inspect msnmsgr match-any sdm-app-msn match service text-chat class-map type inspect http match-any sdm-app-httpmethods match request method bcopy match request method bdelete match request method bmove match request method bpropfind match request method bproppatch match request method connect match request method copy match request method delete match request method edit match request method getattribute match request method getattributenames match request method getproperties match request method index match request method lock match request method mkcol match request method mkdir match request method move match request method notify match request method options match request method poll match request method propfind match request method proppatch match request method put match request method revadd match request method revlabel match request method revlog match request method revnum match request method save match request method search match request method setattribute match request method startrev match request method stoprev match request method subscribe match request method trace match request method unedit match request method unlock match request method unsubscribe class-map type inspect http match-any sdm-http-allowparam match request port-misuse tunneling class-map type inspect match-all sdm-protocol-http match protocol http class-map type inspect match-all sdm-protocol-imap match protocol imap class-map type inspect aol match-any sdm-app-aol match service text-chat ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class class-default pass policy-map type inspect http sdm-action-app-http class type inspect http sdm-http-blockparam log reset class type inspect http sdm-app-httpmethods log reset class type inspect http sdm-http-allowparam log allow class class-default policy-map type inspect imap sdm-action-imap class type inspect imap sdm-app-imap log class class-default policy-map type inspect pop3 sdm-action-pop3 class type inspect pop3 sdm-app-pop3 log class class-default policy-map type inspect im sdm-action-app-im class type inspect aol sdm-app-aol log allow class type inspect msnmsgr sdm-app-msn log allow class type inspect ymsgr sdm-app-yahoo log allow class type inspect aol sdm-app-aol-otherservices log reset class type inspect msnmsgr sdm-app-msn-otherservices log reset class type inspect ymsgr sdm-app-yahoo-otherservices log reset class class-default policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-protocol-http inspect service-policy http sdm-action-app-http class type inspect sdm-protocol-imap inspect service-policy imap sdm-action-imap class type inspect sdm-protocol-pop3 inspect service-policy pop3 sdm-action-pop3 class type inspect sdm-protocol-im inspect service-policy im sdm-action-app-im class type inspect sdm-insp-traffic inspect class class-default policy-map type inspect sdm-permit class type inspect sdm-access inspect class type inspect LAN_to_LAN_VPN pass class class-default policy-map type inspect VPN_TRAFFIC class type inspect VPN_IN inspect class class-default ! zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect zone-pair security OUT-to-IN source out-zone destination in-zone service-policy type inspect VPN_TRAFFIC ! ! ! interface Loopback0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow ! interface Null0 no ip unreachables ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ETH-WAN$ ip address x.x.x.x 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface Vlan1 description $FW_INSIDE$ ip address 192.168.17.1 255.255.255.0 ip access-group 103 in no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly zone-member security in-zone ip route-cache flow ip tcp adjust-mss 1412 ! interface Dialer0 description $FW_OUTSIDE$ ip address x.x.x.x 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip virtual-reassembly zone-member security out-zone encapsulation ppp ip route-cache flow shutdown ppp chap password 7 104C050C001B1B050955 ppp pap sent-username binc7001@sbcglobal.net password 7 151007190126222A2D62 crypto map mycrypto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 x.x.x.x ! no ip http server ip http access-class 2 ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 177 interface FastEthernet4 overload ip nat inside source route-map Nonat interface Dialer0 overload ! ip access-list extended SDM_AH permit ahp any any ip access-list extended SDM_ESP permit esp any any ip access-list extended SDM_HTTPS remark SDM_ACL Category=1 permit tcp any any eq 443 ip access-list extended SDM_SHELL remark SDM_ACL Category=1 permit tcp any any eq cmd ip access-list extended SDM_SSH remark SDM_ACL Category=1 permit tcp any any eq 22 ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.17.0 0.0.0.255 access-list 2 remark Auto generated by SDM Management Access feature access-list 2 remark SDM_ACL Category=1 access-list 2 permit x.x.x.x 0.0.0.7 access-list 2 permit x.x.x.x 0.0.0.255 access-list 2 permit 192.168.17.0 0.0.0.255 access-list 2 permit x.x.x.x 0.0.0.127 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=128 access-list 101 permit ip x.x.x.x 0.0.0.255 any access-list 101 permit ip x.x.x.x0.0.0.255 any access-list 102 remark VTY Access-class list access-list 102 remark SDM_ACL Category=1 access-list 102 permit ip x.x.x.x 0.0.0.7 any access-list 102 permit ip x.x.x.x 0.0.0.255 any access-list 102 permit ip x.x.x.x 0.0.0.127 any access-list 102 permit ip 192.168.17.0 0.0.0.255 any access-list 102 deny ip any any access-list 103 remark Auto generated by SDM Management Access feature access-list 103 remark SDM_ACL Category=1 access-list 103 permit tcp x.x.x.x 0.0.0.7 host 192.168.17.1 eq 22 access-list 103 permit tcp x.x.x.x 0.0.0.255 host 192.168.17.1 eq 22 access-list 103 permit tcp 192.168.17.0 0.0.0.255 host 192.168.17.1 eq 22 access-list 103 permit tcp x.x.x.x 0.0.0.127 host 192.168.17.1 eq 22 access-list 103 permit tcp x.x.x.x 0.0.0.7 host 192.168.17.1 eq 443 access-list 103 permit tcp x.x.x.x 0.0.0.255 host 192.168.17.1 eq 443 access-list 103 permit tcp 192.168.17.0 0.0.0.255 host 192.168.17.1 eq 443 access-list 103 permit tcp x.x.x.x 0.0.0.127 host 192.168.17.1 eq 443 access-list 103 permit tcp x.x.x.x 0.0.0.7 host 192.168.17.1 eq cmd access-list 103 permit tcp x.x.x.x 0.0.0.255 host 192.168.17.1 eq cmd access-list 103 permit tcp 192.168.17.0 0.0.0.255 host 192.168.17.1 eq cmd access-list 103 permit tcp x.x.x.x 0.0.0.127 host 192.168.17.1 eq cmd access-list 103 deny tcp any host 192.168.17.1 eq telnet access-list 103 deny tcp any host 192.168.17.1 eq 22 access-list 103 deny tcp any host 192.168.17.1 eq www access-list 103 deny tcp any host 192.168.17.1 eq 443 access-list 103 deny tcp any host 192.168.17.1 eq cmd access-list 103 deny udp any host 192.168.17.1 eq snmp access-list 103 permit ip any any access-list 105 permit ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 105 permit ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255 access-list 177 deny ip 192.168.17.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 177 deny ip 192.168.17.0 0.0.0.255 172.17.0.0 0.0.255.255 access-list 177 permit ip 192.168.17.0 0.0.0.255 any access-list 199 permit ip 172.16.0.0 0.0.255.255 192.168.17.0 0.0.0.255 access-list 199 permit ip 172.17.0.0 0.0.255.255 192.168.17.0 0.0.0.255 dialer-list 1 protocol ip permit no cdp run ! ! route-map Nonat permit 1 match ip address 177 ! ! control-plane ! banner login ^CAccess to this device is Restricted to Authorized Users Only. All activity is being Logged. Authorized Users - Please Log In.^C ! line con 0 password 7 0307490A1C16 login authentication local_authen no modem enable transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 4 access-class 102 in password 7 01100701480A14 authorization exec local_author login authentication local_authen transport input ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end HartADSL#