!
hostname host
!
aaa new-model
aaa authentication login default local
aaa authentication ppp dialin local
aaa authorization exec default local 
aaa authorization network default local 
aaa session-id common
 
crypto pki trustpoint TP-self-signed-1241398422
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1241398422
 revocation-check none
 rsakeypair TP-self-signed-1241398422
!
crypto pki certificate chain TP-self-signed-1241398422
 certificate self-signed 01
  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
!----------------
  	quit
!
no ip source-route
!
ip cef
no ip dhcp use vrf connected
!
no ip bootp server
ip domain name dyndns.org
!
multilink bundle-name authenticated
!
!
username user privilege 15 secret 0 password
!
track 123 rtr 1 reachability
 delay down 10 up 10
!
track 124 rtr 2 reachability
 delay down 10 up 10
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 description $FW_OUTSIDE$$ETH-WAN$
 ip address dhcp client-id FastEthernet0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface FastEthernet1
 description $ETH-WAN$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip virtual-reassembly
 encapsulation ppp
 dialer in-band
 dialer pool-member 2
 async mode interactive
 peer default ip address dhcp-pool lan-pool
 ppp encrypt mppe auto required
 ppp authentication ms-chap-v2 callin dialin
 ppp ipcp header-compression ack
 ppp ipcp dns 172.16.0.100
!
interface Dialer0
 description $FW_OUTSIDE$
 ip ddns update sdm_ddns1
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp ipcp dns request
 ppp ipcp wins request
!
interface Dialer2
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 dialer-group 2
 no cdp enable
 ppp authentication chap pap callin
 ppp ipcp dns request
!
interface BVI1
 description $ES_LAN$$FW_INSIDE$
 ip address 172.16.0.100 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
ip local pool ssl-pool 172.16.0.20 172.16.0.21
ip route 0.0.0.0 0.0.0.0 FastEthernet0 10 track 123
ip route 0.0.0.0 0.0.0.0 Dialer0 20 track 124
ip route 0.0.0.0 0.0.0.0 Dialer2 30
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns view default
 dns forwarder 208.67.222.222
 dns forwarder 208.67.220.220
ip dns server
ip nat translation timeout 800
ip nat inside source route-map ASYNCnat interface Dialer2 overload
ip nat inside source route-map ISP2nat interface Dialer0 overload
ip nat inside source route-map ISP1nat interface FastEthernet0 overload
!
!
ip sla 1
 icmp-echo x.x.x.x source-interface FastEthernet0
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo x.x.x.x source-interface Dialer0
ip sla schedule 2 life forever start-time now
no logging trap
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
 
no cdp run
!
!
route-map ISP1nat permit 10
 match interface FastEthernet0
!
route-map ASYNCnat permit 10
 match interface Dialer2
!
route-map ISP2nat permit 10
 match interface Dialer0
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
^C
!
line con 0
 transport output telnet
line 1
 modem InOut
 transport input all
 autoselect during-login
 autoselect ppp
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 transport output telnet
line vty 0 4
 privilege level 15
 transport input telnet ssh
line vty 5 15
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn gateway gw1
 ip interface Dialer0 port 443
 ssl trustpoint TP-self-signed-1241398422
 inservice
 
!
webvpn cef
 !
webvpn install svc flash:/webvpn/svc.pkg
 !
webvpn install csd flash:/webvpn/sdesktop.pkg
 !
webvpn context context1
 secondary-color white
 title-color #CCCC66
 text-color black
 ssl authenticate verify all
 !
 policy group pol1
   functions svc-enabled
   mask-urls
   svc address-pool "ssl-pool"
   svc keep-client-installed
  default-group-policy pol1
  aaa authentication list default
  gateway gw1
  inservice
!
end