! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname AirportComplex ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical ! no aaa new-model ! resource policy ! ip subnet-zero no ip source-route ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.8.32.1 10.8.32.65 ip dhcp excluded-address 10.8.32.77 10.8.32.254 ! ip dhcp pool sdm-pool1 network 10.8.32.0 255.255.255.0 domain-name ormondbeach.org default-router 10.8.32.254 dns-server 192.168.1.15 netbios-name-server 192.168.1.15 ! ! ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 ip tftp source-interface Vlan1 no ip bootp server ip name-server 192.168.1.15 ! ! ! ! ! crypto isakmp policy 11 hash md5 authentication pre-share group 2 crypto isakmp key xxxxxxxxxxxx address xxx.xxx.xxx.xxx crypto isakmp keepalive 10 periodic ! ! crypto ipsec transform-set AirportComplex esp-3des esp-md5-hmac ! crypto map AirportComplex 11 ipsec-isakmp set peer xxx.xxx.xxx.xxx set transform-set AirportComplex match address 120 ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $FW_OUTSIDE$$ES_WAN$ ip address dhcp ip access-group 102 in no ip redirects no ip unreachables no ip proxy-arp ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto map AirportComplex ! interface Dot11Radio0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Vlan1 description $FW_INSIDE$ ip address 10.8.32.254 255.255.255.0 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! ip classless ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map nonat interface FastEthernet4 overload ! logging trap debugging access-list 100 remark SDM_ACL Category=2 access-list 100 remark SDM_ACL Category=2 access-list 100 permit ip 10.8.32.0 0.0.0.255 any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 permit ip any any access-list 102 permit udp any any eq isakmp access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 remark auto generated by Cisco SDM Express firewall configuration access-list 102 remark SDM_ACL Category=1 access-list 102 permit udp any eq bootps any eq bootpc access-list 102 permit udp any any eq non500-isakmp access-list 102 permit esp any any access-list 102 deny ip 10.8.32.0 0.0.0.255 any access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable access-list 102 deny ip 10.0.0.0 0.255.255.255 any access-list 102 deny ip 172.16.0.0 0.15.255.255 any access-list 102 deny ip 192.168.0.0 0.0.255.255 any access-list 102 deny ip any any access-list 120 permit ip 10.8.32.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 120 permit ip 10.8.32.0 0.0.0.255 10.8.0.0 0.0.255.255 access-list 130 deny ip 10.8.32.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 130 deny ip 10.8.32.0 0.0.0.255 10.8.0.0 0.0.255.255 access-list 130 permit ip 10.8.32.0 0.0.0.255 any no cdp run route-map nonat permit 10 match ip address 130 ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end