sh run Building configuration... Current configuration : 14713 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname 1 ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! ! ! username touch password 0 cisco ! ! crypto isakmp policy 15 encr 3des authentication pre-share group 2 crypto isakmp key 6 ****** address x.x.x.x ! ! crypto ipsec transform-set Zen_Trans_Pref1 esp-3des esp-sha-hmac ! crypto map outside_map 15 ipsec-isakmp set peer x.x.x.x set security-association lifetime seconds 86400 set transform-set abc set pfs group2 match address abc ! archive log config hidekeys ! ! ! class-map type inspect match-any Lan-vpn-traffic match protocol tcp match protocol udp match protocol citrix match protocol citriximaclient match protocol ica match protocol icabrowser match protocol icmp class-map type inspect match-any vpn-Lan-traffic match protocol tcp match protocol udp match protocol icmp match protocol citrix match protocol citriximaclient match protocol ica match protocol icabrowser ! ! policy-map type inspect vpn-to-Lan-policy class type inspect vpn-Lan-traffic inspect class class-default pass policy-map type inspect Lan-to-vpn-policy class type inspect Lan-vpn-traffic inspect class class-default pass ! zone security vpn zone security Lan zone-pair security Lan-Vpn source Lan destination vpn service-policy type inspect Lan-to-vpn-policy zone-pair security vpn-Lan source vpn destination Lan service-policy type inspect vpn-to-Lan-policy ! ! ! ! interface FastEthernet0/0 description << outside >> ip address 121.241.66.245 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly zone-member security vpn duplex full speed 100 no cdp enable crypto map outside_map ! interface FastEthernet0/1 description << inside Lan>> ip address 10.42.3.100 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly zone-member security Lan duplex full speed 100 no cdp enable ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 121.241.66.246 ip route 10.42.5.0 255.255.255.0 10.42.3.254 ip route 10.42.65.0 255.255.255.0 10.42.3.254 ! ! no ip http server no ip http secure-server ip nat pool TEST x.x.x.x x.x.x.x netmask 255.255.255.192 ip nat inside source list abcd interface FastEthernet0/0 overload ! ip access-list standard telnet permit 10.42.2.234 log permit 10.42.5.0 0.0.0.255 log permit 10.41.5.0 0.0.0.255 log deny any ! ip access-list extended cdf permit ip 10.42.65.0 0.0.0.255 host 202.7.64.185 permit ip 10.42.65.0 0.0.0.255 10.6.1.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.33.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.76.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.177.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.42.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.26.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.41.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.31.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.100.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.40.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.60.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.175.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.25.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 172.17.21.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.200.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 202.7.64.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.182.142.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.182.176.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.182.129.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.182.177.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.182.163.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.47.129.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.47.125.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 207.61.64.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 207.61.63.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 207.61.66.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.200.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 172.16.21.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 172.16.7.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.182.143.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 106.182.134.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.119.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.60.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 207.61.65.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.70.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.80.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.135.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.21.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.90.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.24.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.47.127.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.110.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.47.128.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.120.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.10.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 206.182.134.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 10.168.20.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.2.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 192.168.10.0 0.0.0.255 ip access-list extended outside_ACL deny tcp any any eq 7000 deny tcp any any eq 3267 deny tcp any any eq 6667 deny tcp any any eq 5555 deny tcp any any eq 4367 deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.0.240.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip 1.0.0.0 0.255.255.255 any deny ip 2.0.0.0 0.255.255.255 any deny ip 5.0.0.0 0.255.255.255 any deny ip 23.0.0.0 0.255.255.255 any deny ip 27.0.0.0 0.255.255.255 any deny ip 31.0.0.0 0.255.255.255 any deny ip 36.0.0.0 0.255.255.255 any deny ip 37.0.0.0 0.255.255.255 any deny ip 39.0.0.0 0.255.255.255 any deny ip 42.0.0.0 0.255.255.255 any deny ip 46.0.0.0 0.255.255.255 any deny ip 49.0.0.0 0.255.255.255 any deny ip 50.0.0.0 0.255.255.255 any deny ip 100.0.0.0 3.255.255.255 any deny ip 104.0.0.0 7.255.255.255 any permit ip host 208.117.236.69 any permit ip host 208.65.153.238 any permit ip 174.0.0.0 0.255.255.255 any permit ip host 174.129.227.164 any permit ip host 174.129.227.165 any permit ip host 174.36.164.53 any permit ip 115.0.0.0 0.0.0.255 any permit ip 112.110.0.0 0.0.255.255 any permit ip 115.69.0.0 0.0.255.255 any deny ip 112.0.0.0 3.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 128.0.0.0 0.0.255.255 any deny ip 169.254.0.0 0.0.255.255 any deny ip 173.0.0.0 0.255.255.255 any permit ip host 174.36.28.11 any permit ip host 174.133.14.66 any deny ip 174.0.0.0 1.255.255.255 any deny ip 176.0.0.0 7.255.255.255 any deny ip 184.0.0.0 1.255.255.255 any deny ip 191.0.0.0 0.255.255.255 any deny ip 192.0.0.0 0.0.255.255 any deny ip 192.68.185.0 0.0.0.255 any deny ip 192.70.192.0 0.0.0.255 any deny ip 197.0.0.0 0.255.255.255 any deny ip 198.18.0.0 0.0.255.255 any deny ip 198.19.0.0 0.0.255.255 any deny ip 223.0.0.0 0.255.255.255 any deny ip 224.0.0.0 31.255.255.255 any deny ip host 202.100.24.102 any deny tcp any host 203.197.82.60 eq ftp deny ip host 0.0.0.0 any deny ip host 203.197.82.98 any deny ip host 0.0.0.71 any deny ip host 0.0.0.7 any deny ip host 0.0.0.4 any deny ip host 0.0.0.68 any deny ip host 0.0.0.6 any deny ip host 0.72.40.100 any deny ip host 0.0.0.1 any deny ip host 0.0.0.5 any deny ip host 0.0.0.20 any deny ip host 0.0.0.21 any permit esp host 203.18.176.243 host 121.241.66.245 permit udp host 203.18.176.243 host 121.241.66.245 eq isakmp permit ip host 12.22.9.242 any permit ip host 12.17.227.45 any permit ip host 12.154.38.90 any permit ip host 12.104.57.65 any permit ip 12.45.139.0 0.0.0.255 any permit ip 12.17.202.0 0.0.0.255 any permit ip 12.67.0.0 0.0.255.255 any permit ip 12.156.175.0 0.0.0.255 any permit ip 12.5.134.0 0.0.0.255 any permit ip 12.11.185.0 0.0.0.255 any permit ip 12.31.213.0 0.0.0.255 any permit ip 12.31.212.0 0.0.0.255 any permit ip 12.107.96.0 0.0.0.255 any permit ip 12.52.80.0 0.0.0.255 any permit ip 12.186.98.0 0.0.0.255 any permit udp 12.0.0.0 0.255.255.255 host 202.54.40.194 eq domain permit ip 12.108.126.0 0.0.0.255 any permit ip host 12.22.9.241 any permit ip host 12.127.17.71 any permit ip host 12.127.16.68 any permit ip 12.22.9.0 0.0.0.255 any permit ip 12.127.0.0 0.0.255.255 any permit ip 12.22.9.240 0.0.0.15 any permit ip 12.9.33.0 0.0.0.255 any deny ip 12.0.0.0 0.255.255.255 any deny icmp any any fragments permit icmp any any echo permit icmp any any echo-reply permit icmp any any packet-too-big permit icmp any any time-exceeded deny icmp any any permit ip any any ip access-list extended zen_in deny ip 10.42.65.0 0.0.0.255 host 202.7.64.185 deny ip 10.42.65.0 0.0.0.255 10.6.1.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.33.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.76.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.177.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.42.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.26.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.41.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.31.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.100.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.40.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.60.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.175.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.25.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 172.17.21.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.200.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 202.7.64.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.182.142.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.182.176.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.182.129.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.182.177.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.182.163.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.47.129.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.47.125.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 207.61.64.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 207.61.63.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 207.61.66.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.200.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 172.16.21.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 172.16.7.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.182.143.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 106.182.134.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.119.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.60.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 207.61.65.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.70.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.80.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.135.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.21.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.90.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.24.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.47.127.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.110.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.47.128.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.120.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.10.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 206.182.134.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 10.168.20.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.1.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.2.0 0.0.0.255 deny ip 10.42.65.0 0.0.0.255 192.168.10.0 0.0.0.255 permit ip 10.42.65.0 0.0.0.255 any ! no cdp run ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 transport input telnet line vty 5 15 login transport input none ! scheduler allocate 20000 1000 ! end