#sh ru Building configuration... Current configuration : 12027 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime service password-encryption service sequence-numbers ! hostname router ! boot-start-marker boot system flash:c870-advipservicesk9-mz.124-11.T2.bin boot system flash:c870-advipservicesk9-mz.124-11.T1.bin boot system flash:c870-advipservicesk9-mz.124-9.T.bin boot-end-marker ! logging buffered 4096 enable secret 5 **** ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! ! aaa session-id common clock timezone CET 1 clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00 no ip source-route no ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.1.1.1 10.1.1.99 ip dhcp excluded-address 10.1.1.200 10.1.1.254 ! ip dhcp pool WIFI_Pool import all network 10.1.1.0 255.255.255.0 dns-server 212.23.33.70 212.23.33.71 default-router 10.1.1.1 ! ! ip name-server 212.23.33.70 ip name-server 212.23.33.71 ip name-server 212.108.200.75 ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ! multilink bundle-name authenticated ! crypto pki trustpoint TP-self-signed-408288327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-408288327 revocation-check none rsakeypair TP-self-signed-408288327 ! ! crypto pki certificate chain TP-self-signed-408288327 certificate self-signed 01 quit ! ! username admin privilege 15 secret 5 ****** ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des group 2 crypto isakmp key ***** hostname {Branch Office router IP} ! crypto isakmp client configuration group admin key ***** pool SDM_POOL_1 acl 102 crypto isakmp profile VPNclient description VPN clients profile match identity group admin client authentication list sdm_vpn_xauth_ml_1 isakmp authorization list sdm_vpn_group_ml_1 client configuration address respond ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! ! ! crypto ipsec client ezvpn Adatpark connect auto group OfficeVPN key ***** mode network-extension peer {Branch Office router IP} acl 105 username **** password **** xauth userid mode local ! ! crypto dynamic-map SDM_CMAP_1 99 set transform-set ESP-3DES-SHA set isakmp-profile VPNclient reverse-route ! ! crypto map SDM_CMAP_1 99 ipsec-isakmp dynamic SDM_CMAP_1 ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description Interroute 2/2 Mbit$ETH-WAN$$FW_OUTSIDE$ ip address *.*.*.110 255.255.255.252 ip access-group 101 in ip nat outside ip inspect SDM_LOW out ip virtual-reassembly speed 100 full-duplex crypto map SDM_CMAP_1 crypto ipsec client ezvpn Adatpark ! interface Dot11Radio0 ip address 10.1.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! encryption mode ciphers tkip ! ssid SSID authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 ***** ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root no cdp enable ! interface Vlan1 description LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ ip address 192.168.22.1 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 crypto ipsec client ezvpn Adatpark inside ! ip local pool SDM_POOL_1 172.1.22.1 172.1.22.10 ip route 0.0.0.0 0.0.0.0 *.*.*.109 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip dns server ip dns spoofing ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload ip nat inside source static tcp 192.168.22.2 22 *.*.*.110 2122 route-map SDM_RMAP_2 extendable ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.22.0 0.0.0.255 access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 remark Auto generated by SDM for NTP (123) 148.6.0.1 access-list 100 permit udp host 148.6.0.1 eq ntp host 192.168.22.1 eq ntp access-list 100 deny ip *.*.*.108 0.0.0.3 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 remark Auto generated by SDM for EzVPN (udp-10000) Adatpark access-list 101 permit udp host {Branch Office router IP} any eq 10000 access-list 101 remark Auto generated by SDM for EzVPN (non500-isakmp) Adatpark access-list 101 permit udp host {Branch Office router IP} any eq non500-isakmp access-list 101 remark Auto generated by SDM for EzVPN (isakmp) Adatpark access-list 101 permit udp host {Branch Office router IP} any eq isakmp access-list 101 remark Auto generated by SDM for EzVPN (ahp) Adatpark access-list 101 permit esp host {Branch Office router IP} any access-list 101 remark Auto generated by SDM for EzVPN (esp) Adatpark access-list 101 permit ahp host {Branch Office router IP} any access-list 101 permit ip host 172.1.22.1 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.2 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.3 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.4 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.5 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.6 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.7 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.8 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.9 192.168.22.0 0.0.0.255 access-list 101 permit ip host 172.1.22.10 192.168.22.0 0.0.0.255 access-list 101 permit ip 192.168.100.0 0.0.0.255 192.168.22.0 0.0.0.255 access-list 101 permit udp any host *.*.*.110 eq non500-isakmp access-list 101 permit udp any host *.*.*.110 eq isakmp access-list 101 permit esp any host *.*.*.110 access-list 101 permit ahp any host *.*.*.110 access-list 101 permit udp host 212.108.200.75 eq domain host *.*.*.110 access-list 101 permit udp host 212.23.33.71 eq domain host *.*.*.110 access-list 101 permit udp host 212.23.33.70 eq domain host *.*.*.110 access-list 101 remark Auto generated by SDM for NTP (123) 148.6.0.1 access-list 101 permit udp host 148.6.0.1 eq ntp host *.*.*.110 eq ntp access-list 101 remark Guska access-list 101 permit tcp host *.*.*.* any eq 2122 access-list 101 deny ip 192.168.22.0 0.0.0.255 any access-list 101 permit icmp any host *.*.*.110 echo-reply access-list 101 permit icmp any host *.*.*.110 time-exceeded access-list 101 permit icmp any host *.*.*.110 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log access-list 102 remark SDM_ACL Category=4 access-list 102 permit ip 192.168.22.0 0.0.0.255 any access-list 102 permit ip 192.168.100.0 0.0.0.255 any access-list 103 remark SDM_ACL Category=2 access-list 103 deny ip 192.168.22.0 0.0.0.255 172.1.22.0 0.0.0.7 access-list 103 permit ip 192.168.22.0 0.0.0.255 any access-list 104 remark SDM_ACL Category=2 access-list 104 deny ip host 192.168.22.2 host 172.1.22.10 access-list 104 deny ip host 192.168.22.2 host 172.1.22.9 access-list 104 deny ip host 192.168.22.2 host 172.1.22.8 access-list 104 deny ip host 192.168.22.2 host 172.1.22.7 access-list 104 deny ip host 192.168.22.2 host 172.1.22.6 access-list 104 deny ip host 192.168.22.2 host 172.1.22.5 access-list 104 deny ip host 192.168.22.2 host 172.1.22.4 access-list 104 deny ip host 192.168.22.2 host 172.1.22.3 access-list 104 deny ip host 192.168.22.2 host 172.1.22.2 access-list 104 deny ip host 192.168.22.2 host 172.1.22.1 access-list 104 permit ip host 192.168.22.2 any access-list 105 permit ip 172.1.22.0 0.0.0.7 192.168.100.0 0.0.0.255 snmp-server community **** no cdp run ! ! ! route-map SDM_RMAP_1 permit 1 match ip address 103 ! route-map SDM_RMAP_2 permit 1 match ip address 104 ! ! control-plane ! banner login ^C ----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". The default username and password have a privilege level of 15. Please change these publicly known initial credentials using SDM or the IOS CLI. Here are the Cisco IOS commands. username privilege 15 secret 0 no username cisco Replace and with the username and password you want to use. For more information about SDM please follow the instructions in the QUICK START GUIDE for your router or go to http://www.cisco.com/go/sdm ----------------------------------------------------------------------- ^C ! line con 0 no modem enable line aux 0 line vty 0 4 transport input telnet ssh ! scheduler max-task-time 5000 ntp clock-period 17175104 ntp server 148.6.0.1 source FastEthernet4 end