ip dhcp pool sdm-pool1 import all network 192.168.1.0 255.255.255.0 dns-server default-router 192.168.1.254 ! ! ip cef ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 no ip bootp server ip name-server 213.94.190.194 ip name-server 213.94.190.236 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-3712202957 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3712202957 revocation-check none rsakeypair TP-self-signed-3712202957 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key ****** address 83.*.*.114 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to 83.*.*.114 set peer 83.*.*.114 set transform-set ESP-3DES-SHA match address 102 ! ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description $ES_WAN$$FW_OUTSIDE$ no snmp trap link-status pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.1.254 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1412 ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname croftparkdsl ppp chap password 7 06575D225E411A0A ppp pap sent-username croftparkdsl password 7 055A540C33435D1A crypto map SDM_CMAP_1 ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ip nat inside source static 192.168.1.254 86.*.*.47 ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 remark IPSec Rule access-list 101 permit ip 191.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255 log access-list 101 permit udp host 83.*.*.114 any eq non500-isakmp access-list 101 permit udp host 83.*.*.114 any eq isakmp access-list 101 permit esp host 83.*.*.114 any access-list 101 permit ahp host 83.*.*.114 any access-list 101 permit udp host 213.94.190.236 eq domain any access-list 101 permit udp host 213.94.190.194 eq domain any access-list 101 permit tcp any host 86.*.*.47 access-list 101 deny ip 192.168.1.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 102 remark SDM_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip 192.168.1.0 0.0.0.255 191.1.1.0 0.0.0.255 log access-list 103 remark SDM_ACL Category=2 access-list 103 remark IPSec Rule access-list 103 deny ip 192.168.1.0 0.0.0.255 191.1.1.0 0.0.0.255 log access-list 103 permit ip 192.168.1.0 0.0.0.255 any dialer-list 1 protocol ip permit no cdp run route-map SDM_RMAP_1 permit 1 match ip address 103 ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end