! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname router ! boot-start-marker boot-end-marker ! enable password 7 15205B0D0F6E3F043A ! aaa new-model ! ! aaa authentication login default local aaa authentication login userauthen group radius aaa authorization exec default local aaa authorization network default local ! aaa session-id common ! resource policy ! clock timezone GMT 8 ! ! ip cef ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ip domain name domain.com ip name-server x.x.x.x ip name-server x.x.x.x ! ! crypto pki trustpoint TP-self-signed-1425014585 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1425014585 revocation-check none rsakeypair TP-self-signed-1425014585 ! ! crypto pki certificate chain TP-self-signed-1425014585 ! ! ! crypto isakmp policy 20 encr 3des authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 30 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group vpnteam key xxxxxxx dns x.x.x.x pool ipsecpool acl 108 ! ! crypto ipsec transform-set strongset esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 5 set transform-set strongset ! ! crypto map sgmap client authentication list userathen crypto map sgmap isakmp authorization list local crypto map sgmap client configuration address respond crypto map sgmap 9999 ipsec-isakmp dynamic dynmap ! ! ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point ip address 91.75.55.162 255.255.255.252 ip access-group 100 in no ip unreachables ip inspect SDM_LOW out ip nat outside ip virtual-reassembly no snmp trap link-status pvc 8/35 encapsulation aal5snap ! crypto map sgmap ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Dot11Radio0 no ip address shutdown speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 ip access-group 101 in ip nat inside ip virtual-reassembly ! ip local pool ipsecpool 172.24.0.0 172.24.0.254 ip route 0.0.0.0 0.0.0.0 91.75.55.161 ! ip http server ip http secure-server ip nat inside source list 109 interface ATM0.1 overload ip nat inside source static 192.168.1.5 91.73.213.113 route-map RMAP_1 ip nat inside source static 192.168.1.30 91.73.213.114 route-map RMAP_2 ip nat inside source static 192.168.1.29 91.73.213.115 route-map RMAP_3 ip nat inside source static 192.168.1.40 91.73.213.117 route-map RMAP_6 ip nat inside source static tcp 192.168.1.26 5555 91.73.213.118 80 extenda ip nat inside source static 192.168.1.25 91.73.213.119 route-map RMAP_7 ip nat inside source static 192.168.1.72 91.73.213.120 route-map RMAP_8 ip nat inside source static 192.168.1.27 91.73.213.126 route-map RMAP_4 ip nat inside source static 192.168.1.28 91.73.213.127 route-map RMAP_5 ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 permit udp any host 91.75.55.162 eq isakmp access-list 100 permit udp any host 91.75.55.162 eq non500-isakmp access-list 100 permit esp any host 91.75.55.162 access-list 100 permit tcp any host 91.75.55.162 eq 8085 access-list 100 permit tcp any host 91.75.55.162 eq 1723 access-list 100 permit tcp any host 91.75.55.162 eq 47 access-list 100 permit tcp any host 91.73.213.113 eq www access-list 100 permit tcp any host 91.73.213.113 eq 443 access-list 100 permit tcp any host 91.73.213.113 eq 8889 access-list 100 permit tcp any host 91.73.213.114 eq smtp access-list 100 permit tcp any host 91.73.213.114 eq pop3 access-list 100 permit tcp any host 91.73.213.114 eq www access-list 100 permit tcp any host 91.73.213.114 eq 443 access-list 100 permit tcp any host 91.73.213.115 eq www access-list 100 permit tcp any host 91.73.213.126 eq domain access-list 100 permit udp any host 91.73.213.126 eq domain access-list 100 permit tcp any host 91.73.213.127 eq domain access-list 100 permit udp any host 91.73.213.127 eq domain access-list 100 permit tcp any host 91.73.213.117 eq smtp access-list 100 permit tcp any host 91.73.213.117 eq pop3 access-list 100 permit tcp any host 91.73.213.117 eq www access-list 100 permit tcp any host 91.73.213.117 eq 443 access-list 100 permit tcp any host 91.73.213.117 eq 143 access-list 100 permit tcp any host 91.73.213.119 eq www access-list 100 permit tcp any host 91.73.213.118 eq www access-list 100 permit tcp any host 91.73.213.120 eq www access-list 100 permit tcp any host 91.73.213.120 eq 443 access-list 101 permit ip any any access-list 101 permit tcp any any access-list 101 permit gre any any access-list 108 permit ip 192.168.1.0 0.0.0.255 172.24.0.0 0.0.0.255 access-list 108 permit ip 172.24.0.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 109 deny ip 192.168.1.0 0.0.0.255 172.24.0.0 0.0.0.255 access-list 109 permit ip 192.168.1.0 0.0.0.255 172.24.0.0 0.0.0.255 access-list 109 permit ip 192.168.1.0 0.0.0.255 any access-list 111 deny ip host 192.168.1.5 172.24.0.0 0.0.0.255 access-list 111 permit ip host 192.168.1.5 any access-list 112 deny ip host 192.168.1.30 172.24.0.0 0.0.0.255 access-list 112 permit ip host 192.168.1.30 any access-list 113 deny ip host 192.168.1.29 172.24.0.0 0.0.0.255 access-list 113 permit ip host 192.168.1.29 any access-list 114 deny ip host 192.168.1.27 172.24.0.0 0.0.0.255 access-list 114 permit ip host 192.168.1.27 any access-list 115 deny ip host 192.168.1.28 172.24.0.0 0.0.0.255 access-list 115 permit ip host 192.168.1.28 any access-list 116 deny ip host 192.168.1.40 172.24.0.0 0.0.0.255 access-list 116 permit ip host 192.168.1.40 any access-list 117 deny ip host 192.168.1.25 172.24.0.0 0.0.0.255 access-list 117 permit ip host 192.168.1.25 any access-list 118 deny ip host 192.168.1.72 172.24.0.0 0.0.0.255 access-list 118 permit ip host 192.168.1.72 any route-map RMAP_1 permit 10 match ip address 111 ! route-map RMAP_3 permit 12 match ip address 113 ! route-map RMAP_2 permit 11 match ip address 112 ! route-map RMAP_5 permit 14 match ip address 115 ! route-map RMAP_4 permit 13 match ip address 114 ! route-map RMAP_7 permit 16 match ip address 117 ! route-map RMAP_6 permit 15 match ip address 116 ! route-map RMAP_8 permit 17 match ip address 118 ! radius-server host 192.168.1.23 auth-port 1645 acct-port 1646 key 7 107C591A0E53 062B1E ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 privilege level 15 ! scheduler max-task-time 5000 end