version 12.3 no service pad service tcp-keepalives-in service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname 9014MD ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging logging console warnings enable secret 5 ! username privilege 15 password 7 clock timezone EST -5 clock summer-time EDT recurring ! aaa new-model aaa authentication ppp default local aaa authorization network default if-authenticated aaa session-id common ip subnet-zero no ip source-route ! ip dhcp excluded-address 172.16.0.1 172.16.0.10 ! ip dhcp pool INTERNAL network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 68.87.73.242 68.87.71.226 ! ! ip name-server 68.87.73.242 ip name-server 68.87.71.226 no ip bootp server ip cef ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable no scripting tcl init no scripting tcl encdir ! no crypto isakmp enable ! interface Ethernet0 description WAN Interface to Comcast ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nat outside full-duplex no cdp enable ! interface FastEthernet0 description LAN Interface to Private Network ip address 172.16.0.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside speed 100 full-duplex ! ip nat inside source list 1 interface Ethernet0 overload ip classless no ip forward-protocol udp tftp no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs ip route 0.0.0.0 0.0.0.0 ip route 10.0.0.0 255.0.0.0 Null0 ip route 172.16.0.0 255.240.0.0 Null0 ip route 192.168.0.0 255.255.0.0 Null0 no ip http server no ip http secure-server ! access-list 1 permit 172.16.0.0 0.0.0.255 access-list 1 deny any ! access-list 100 remark Basic Firewall to protect from Internet intruders access-list 100 permit tcp any any established access-list 100 permit tcp any any eq www access-list 100 permit tcp any any eq ftp access-list 100 permit tcp any any eq 443 access-list 100 permit tcp any any eq smtp access-list 100 deny ip 192.168.0.0 0.0.255.255 any log-input access-list 100 deny ip 172.16.0.0 0.15.255.255 any log-input access-list 100 deny ip 10.0.0.0 0.255.255.255 any log-input access-list 100 deny ip 127.0.0.0 0.255.255.255 any log-input access-list 100 deny ip 255.0.0.0 0.255.255.255 any log-input access-list 100 deny ip 224.0.0.0 31.255.255.255 any log-input access-list 100 deny ip host 0.0.0.0 any log-input access-list 100 deny ip any any log-input ! access-list 101 remark Deny Illegitimate Traffic go outbound access-list 101 deny tcp any any eq 135 log-input access-list 101 deny tcp any eq 135 any log-input access-list 101 deny udp any any eq 135 log-input access-list 101 deny udp any eq 135 any log-input access-list 101 deny tcp any any range 137 139 log-input access-list 101 deny tcp any range 137 139 any log-input access-list 101 deny udp any any range netbios-ns netbios-ss log-input access-list 101 deny udp any range netbios-ns netbios-ss any log-input access-list 101 deny tcp any any eq 445 log-input access-list 101 deny tcp any eq 445 any log-input access-list 101 deny udp any any eq 445 log-input access-list 101 deny udp any eq 445 any log-input access-list 101 deny tcp any any eq 593 log-input access-list 101 deny tcp any eq 593 any log-input access-list 101 deny tcp any any eq 707 log-input access-list 101 deny tcp any eq 707 any log-input access-list 101 deny tcp any any eq 4444 log-input access-list 101 deny tcp any eq 4444 any log-input access-list 101 deny ip host 0.0.0.0 any log-input access-list 101 deny ip host 255.255.255.255 any log-input access-list 101 deny ip 127.0.0.0 0.255.255.255 any log-input access-list 101 deny ip any 10.0.0.0 0.255.255.255 log-input access-list 101 deny ip any 172.16.0.0 0.15.255.255 log-input access-list 101 deny ip any 192.168.0.0 0.0.255.255 log-input access-list 101 deny udp any any eq netbios-ns access-list 101 deny udp any any eq netbios-dgm access-list 101 deny udp any any eq netbios-ss access-list 101 deny ip any any log-input ! no cdp run ! control-plane ! banner motd ^C **********THIS SYSTEM IS FOR AUTHORIZED USERS ONLY********** Individuals using this computer system are subject to monitoring for compliance with applicable policies and laws. Anyone using this system expressly consents to such monitoring, and is advised that if monitoring reveals evidence of what could constitute illegal activity under federal and/or applicable state law, system personnel may refer this evidence to appropriate law enforcement officials.^C ! line con 0 exec-timeout 5 0 password 7 logging synchronous line aux 0 password 7 no exec line vty 0 4 access-class 25 in exec-timeout 5 0 password 7 ! ntp server 206.246.118.250 prefer ntp server 134.214.100.6 ntp server 129.6.15.28 ! end