version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging ! no aaa new-model ! resource policy ! clock timezone UTC 2 clock summer-time EET recurring last Sun Oct 4:00 last Sun Mar 4:00 no ip source-route ip cef ! ! no ip dhcp use vrf connected ! ! ip tcp synwait-time 10 no ip bootp server ip domain name doi_net ip inspect log drop-pkt ip inspect name doi tcp ip inspect name doi udp ! ! crypto pki trustpoint TP-self-signed-2653191270 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2653191270 revocation-check none rsakeypair TP-self-signed-2653191270 ! ! crypto pki certificate chain TP-self-signed-2653191270 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32363533 31393132 3730301E 170D3038 30343138 31313334 32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36353331 39313237 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A647 7E2695F4 B74CE600 CF33C06C F053BAFE E2B6C470 B2C4B036 D60A56F5 5A884AAD E33FC785 0562B751 DA155390 0B439E20 6B98BE7B A8DBF998 B2BCA0FC F801866A 8EC27127 DFCF9FD7 D5FE960A A9CE5EE2 C3471855 E469CC3E 82C8093B 912D78B7 F5094B98 FD453CF6 687EDB85 6C754357 362F0DB8 2D9D3FE5 920EABB1 77450203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F49616B 6F766F73 2E646F69 5F6E6574 301F0603 551D2304 18301680 14C7836D D084D040 855B8BEC 395B0DFD A63B92E3 73301D06 03551D0E 04160414 C7836DD0 84D04085 5B8BEC39 5B0DFDA6 3B92E373 300D0609 2A864886 F70D0101 04050003 8181009F FB213407 2B4CDEBB AF0DCBFD C357E642 26B218F8 ABB59D70 971A3C32 413502BF 75351550 BAAC1E02 9488CFB6 FB15CE85 0DFA9B98 EFE356A2 581D175C E1F392BC B26F3AD2 85AEB41E 344FB0D8 E519C121 42B52E64 0EE7D15F E17F2DB7 33B1995B 83D9275B E839734E 6072D5DE 8E7A2AC1 66D472EB E1E3BF13 B0FA3889 310951 quit ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key 6 ΚΕΥ address R.R.R.R (static IP of the othe peer) crypto isakmp keepalive 10 9 periodic ! ! crypto ipsec transform-set transfdes esp-3des ! crypto map stratos 2 ipsec-isakmp set peer R.R.R.R (η Public IP του άλλου) set security-association lifetime kilobytes 102400 set security-association lifetime seconds 600 set transform-set transfdes match address 110 ! ! ! ! interface BRI0 no ip address no ip redirects no ip proxy-arp encapsulation hdlc shutdown ! interface ATM0 description ***WAN*** no ip address no ip redirects no ip proxy-arp atm vc-per-vp 64 no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Vlan1 description LAN ip address 192.168.2.1 255.255.255.0 ip access-group 101 in no ip redirects no ip proxy-arp ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Dialer1 description con2Niko ip address negotiated ip access-group 102 in no ip redirects no ip proxy-arp ip nat outside ip inspect doi out ip virtual-reassembly ip mtu 1492 encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname xxxxx ppp chap password xxxx ppp pap sent-username xxxx password xxxx ppp ipcp dns request ppp ipcp wins request crypto map stratos crypto ipsec df-bit clear ! ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! ip http server ip http secure-server ip nat inside source list 150 interface Dialer1 overload ! access-list 101 remark auto generated by SDM firewall configuration access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 permit ip any any access-list 102 permit tcp any any eq www access-list 102 permit ahp host R.R.R.R any access-list 102 permit esp host R.R.R.R any access-list 102 permit udp host R.R.R.R any eq isakmp access-list 102 permit udp host R.R.R.R any eq non500-isakmp access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable access-list 102 deny ip 10.0.0.0 0.255.255.255 any access-list 102 deny ip 172.16.0.0 0.15.255.255 any access-list 102 deny ip 192.168.0.0 0.0.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip host 0.0.0.0 any access-list 102 deny ip any any log access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 150 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 150 permit ip 192.168.2.0 0.0.0.255 any dialer-list 1 protocol ip permit snmp-server community XXXX RO snmp-server community XXXX RW snmp-server host 192.168.2.20 version 2c XXXX ! !