indasur#sh ver System image file is "flash:c180x-advipservicesk9-mz.124-4.T2.bin" indasur#sh run Building configuration... Current configuration : 14143 bytes ! ! Last configuration change at 16:04:17 CEST Sat Jul 21 2007 ! NVRAM config last updated at 16:04:08 CEST Sat Jul 21 2007 ! version 12.4 service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname indasur ! boot-start-marker boot-end-marker ! logging buffered 8192 debugging ! no aaa new-model ! resource policy ! clock timezone CET 1 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ! ! ip cef ! ! ip domain name daimlerchrysler.es ip name-server xx.xx.xx.xx ip name-server yy.yy.yy.yy ! isdn switch-type basic-net3 ! crypto pki trustpoint ace-verisign ........... ! ! ! crypto pki certificate map CAConcesionarios 10 ........ ! crypto pki certificate chain ace-verisign .......... quit certificate ca .......... quit ! class-map match-any P2P match protocol fasttrack match protocol kazaa2 match protocol gnutella match protocol winmx match protocol edonkey match protocol bittorrent match protocol directconnect class-map match-any Redes_VIP description Redes prioritarias match access-group name Redes_VIP ! ! policy-map P2P class P2P police cir 1000000 bc 325000 be 325000 conform-action drop exceed-action drop violate-action drop policy-map Redes_VIP class Redes_VIP priority 100 ! ! ! crypto isakmp policy 1 encr aes 256 group 2 crypto isakmp keepalive 10 crypto isakmp profile CAConcesionarios ca trust-point ace-verisign match certificate CAConcesionarios ! crypto ipsec security-association lifetime seconds 18000 ! crypto ipsec transform-set AES256sha2 esp-aes 256 esp-sha-hmac mode transport crypto ipsec transform-set AES256sha esp-aes 256 esp-sha-hmac mode transport ! crypto ipsec profile vpnprof set security-association lifetime seconds 3600 set transform-set AES256sha set isakmp-profile CAConcesionarios ! crypto ipsec profile vpnprof2 set security-association lifetime seconds 3600 set transform-set AES256sha2 set isakmp-profile CAConcesionarios ! ! ! ! ! interface Tunnel1 description Tunel RDSI Backup bandwidth 1000 ip address 10.0.1.25 255.255.255.0 no ip redirects ip mtu 1400 ip hold-time eigrp 10 60 ip nhrp authentication test1 ip nhrp map 10.0.1.1 195.235.64.231 ip nhrp network-id 100001 ip nhrp holdtime 300 ip nhrp nhs 10.0.1.1 10.0.1.0 255.255.255.0 ip nhrp registration no-unique ip virtual-reassembly ip tcp adjust-mss 1360 tunnel source Dialer1 tunnel destination aa.aa.aa.aa tunnel protection ipsec profile vpnprof2 ! interface Tunnel0 description Tunel ADSL Principal (Alcobendas) bandwidth 1000 ip address 10.0.0.25 255.255.255.0 no ip redirects ip mtu 1400 ip hold-time eigrp 10 60 ip nhrp authentication test ip nhrp map 10.0.0.1 195.76.242.43 ip nhrp network-id 100000 ip nhrp holdtime 300 ip nhrp nhs 10.0.0.1 10.0.0.0 255.255.255.0 ip nhrp registration no-unique ip virtual-reassembly ip tcp adjust-mss 1360 tunnel source ATM0.1 tunnel destination bb.bb.bb.bb tunnel protection ipsec profile vpnprof ! interface Loopback1 description IP para NAT de direcciones locales (No 10.255.x.x) ip address 172.30.1.25 255.255.255.255 ! interface Loopback10 description Direccion de Gestion ip address 172.30.2.25 255.255.255.255 ! interface FastEthernet0 description Red LAN ip address 10.255.25.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto service-policy input P2P ! interface BRI0 description BACKUP no ip address encapsulation ppp dialer pool-member 2 isdn switch-type basic-net3 isdn point-to-point-setup ppp multilink ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface ATM0 no ip address logging event atm pvc state logging event subif-link-status no atm ilmi-keepalive dsl operating-mode auto service-policy output Redes_VIP ! interface ATM0.1 point-to-point description Megavia ADSL - Configuracion Tipo Linea linea Mb bandwidth 300 backup interface Dialer1 ip address public address ip nat outside ip virtual-reassembly no snmp trap link-status pvc 8/32 description Megavia ADSL - Configuracion Tipo Linea linea Mb vbr-nrt 300 300 broadcast tx-ring-limit 3 oam-pvc manage oam retry 3 5 1 encapsulation aal5snap max-reserved-bandwidth 100 ! ! interface Vlan1 no ip address ! interface Dialer1 description Backup Infovia ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp no ip mroute-cache dialer pool 2 dialer idle-timeout 300 dialer string 909210402 dialer load-threshold 1 outbound dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname Dealer@dce ppp chap password 7 1306473C080937037A2A29013C70 ppp multilink ! router eigrp 10 redistribute static route-map nodef passive-interface default no passive-interface Tunnel1 no passive-interface Tunnel0 network 10.0.0.0 0.0.0.255 network 10.0.1.0 0.0.0.255 network 10.255.25.0 0.0.0.255 network 172.30.0.0 0.0.3.255 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 ATM0.1 ip route 0.0.0.0 0.0.0.0 Dialer1 240 ip route 10.0.1.0 255.255.255.0 Tunnel1 ! ! no ip http server no ip http secure-server ip nat inside source route-map Central interface Loopback1 overload ip nat inside source route-map Internet interface ATM0.1 overload ip nat inside source route-map InternetBackup interface Dialer1 overload ! ip access-list extended ACCESO remark TELEFONICA ......... ! logging source-interface Loopback10 logging 53.254.33.110 access-list 23 permit 10.10.10.0 0.0.0.7 access-list 80 permit 10.240.0.0 0.15.255.255 access-list 80 deny any access-list 120 permit ip 192.168.0.0 0.0.255.255 162.12.0.0 0.0.255.255 access-list 120 permit ip 192.168.0.0 0.0.255.255 170.2.0.0 0.0.255.255 access-list 120 permit ip 192.168.0.0 0.0.255.255 53.0.0.0 0.255.255.255 access-list 120 permit ip 192.168.0.0 0.0.255.255 129.9.0.0 0.0.255.255 access-list 120 permit ip 172.16.0.0 0.15.255.255 151.171.0.0 0.0.255.255 access-list 120 permit ip 172.16.0.0 0.15.255.255 152.116.0.0 0.0.255.255 access-list 120 permit ip 172.16.0.0 0.15.255.255 162.12.0.0 0.0.255.255 access-list 120 permit ip 172.16.0.0 0.15.255.255 170.2.0.0 0.0.255.255 access-list 120 deny ip 10.0.0.0 0.0.0.255 any access-list 120 deny ip 10.0.1.0 0.0.0.255 any access-list 120 deny ip 10.240.0.0 0.15.255.255 any access-list 120 permit ip 10.0.0.0 0.255.255.255 53.0.0.0 0.255.255.255 access-list 120 permit ip 10.0.0.0 0.255.255.255 129.9.0.0 0.0.255.255 access-list 120 permit ip 10.0.0.0 0.255.255.255 141.113.0.0 0.0.255.255 access-list 120 permit ip 10.0.0.0 0.255.255.255 151.171.0.0 0.0.255.255 access-list 120 permit ip 10.0.0.0 0.255.255.255 152.116.0.0 0.0.255.255 access-list 120 permit ip 10.0.0.0 0.255.255.255 162.12.0.0 0.0.255.255 access-list 120 permit ip 10.0.0.0 0.255.255.255 170.2.0.0 0.0.255.255 access-list 120 permit ip 192.168.0.0 0.0.255.255 141.113.0.0 0.0.255.255 access-list 120 permit ip 192.168.0.0 0.0.255.255 151.171.0.0 0.0.255.255 access-list 120 permit ip 192.168.0.0 0.0.255.255 152.116.0.0 0.0.255.255 access-list 120 deny ip 172.30.0.0 0.0.3.255 any access-list 120 permit ip 172.16.0.0 0.15.255.255 53.0.0.0 0.255.255.255 access-list 120 permit ip 172.16.0.0 0.15.255.255 129.9.0.0 0.0.255.255 access-list 120 permit ip 172.16.0.0 0.15.255.255 141.113.0.0 0.0.255.255 access-list 130 deny ip host 80.35.82.222 any access-list 130 permit ip any any access-list 150 permit ip any 53.0.0.0 0.255.255.255 access-list 150 permit ip any 129.9.0.0 0.0.255.255 dialer-list 1 protocol ip permit snmp-server community w157rr RO snmp-server trap-source Loopback10 snmp-server source-interface informs Loopback10 no cdp run ! route-map InternetBackup permit 10 match ip address 130 match interface Dialer1 ! route-map Internet permit 10 match ip address 130 match interface ATM0.1 ! route-map Central permit 10 match ip address 120 match interface Tunnel0 ! route-map Central permit 20 match ip address 120 match interface Tunnel1 ! route-map nodef permit 10 match ip address 80 ! ! ! ! control-plane ! privilege exec all level 3 traceroute privilege exec all level 3 ping privilege exec all level 3 terminal privilege exec all level 3 show privilege exec all level 3 debug ! line con 0 password ........ login line aux 0 line vty 0 4 access-class ACCESO in password .......... login transport input telnet ssh ! ntp clock-period 17180351 end