ip nat inside ip nat enable ip virtual-reassembly ip tcp adjust-mss 1452 hold-queue 100 in hold-queue 100 out ! interface Dialer0 bandwidth inherit ip address negotiated ip access-group 120 in ip access-group 121 out ip nat outside ip inspect fw out ip virtual-reassembly encapsulation ppp ip tcp header-compression iphc-format ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname XXXX@adsllogin.co.uk ppp chap password 7 XXXX ppp ipcp dns request ip rtp header-compression iphc-format ! ip local pool VPNPOOL 192.168.1.251 192.168.1.253 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server no ip http secure-server ! ! ip dns server no ip nat service sip udp port 5060 ip nat inside source static tcp 192.168.1.50 25 interface Dialer0 25 ip nat inside source static tcp 192.168.1.50 80 interface Dialer0 80 ip nat inside source static tcp 192.168.1.50 443 interface Dialer0 443 ip nat inside source static tcp 192.168.1.50 995 interface Dialer0 995 ip nat inside source static tcp 192.168.1.50 20 interface Dialer0 20 ip nat inside source static tcp 192.168.1.50 21 interface Dialer0 21 ip nat inside source list 102 interface Dialer0 overload ip nat inside source static tcp 192.168.1.20 3389 interface Dialer0 3389 ! ip access-list standard SNMP-ALLOWED permit 192.168.1.50 deny any ip access-list standard SSH-ALLOWED permit 192.168.0.0 0.0.0.255 permit 192.168.1.0 0.0.0.255 deny any ! ! logging 192.168.1.50 access-list 120 remark Allow public services access-list 120 remark This ACL should match the ip nat inside source static tcp lines access-list 120 permit tcp any any eq smtp access-list 120 permit tcp any any eq www access-list 120 permit tcp any any eq 443 access-list 120 permit tcp any any eq 995 access-list 120 permit tcp any any eq 3389 access-list 120 permit tcp any any eq ftp access-list 120 permit tcp any any eq ftp-data access-list 120 permit tcp any any eq 1723 access-list 120 permit tcp any any range 50000 50050 access-list 120 permit gre any any access-list 120 permit icmp any any echo access-list 120 permit icmp any any echo-reply access-list 120 permit icmp any any source-quench access-list 120 permit icmp any any packet-too-big access-list 120 permit icmp any any time-exceeded access-list 120 deny icmp any any access-list 120 remark Allow unrestricted UDP traffic to the Entanet DNS Servers access-list 120 permit udp host 195.74.113.58 eq domain any access-list 120 permit udp host 195.74.113.62 eq domain any access-list 120 permit udp host 195.74.102.146 eq domain any access-list 120 permit udp host 195.74.102.147 eq domain any access-list 120 remark Any new ports opened in the IP NAT INSIDE SOURCE STATIC lines should also be added here access-list 120 permit tcp any any eq 22 access-list 121 remark Allow all outbound IP access-list 121 permit ip any any dialer-list 1 protocol ip permit ! ! ! ! snmp-server community AnTeallach RW SNMP-ALLOWED ! control-plane ! ! line con 0 exec-timeout 0 0 password 7 XXX no modem enable transport output all line aux 0 transport output all line vty 0 4 access-class SSH-ALLOWED in exec-timeout 0 0 privilege level 15 password 7 XXX transport input ssh transport output all ! scheduler max-task-time 5000 scheduler allocate 20000 1000 time-range WEEKDAY periodic weekdays 8:00 to 18:00 ! end