! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname MyCisco91 ! memory-size iomem 5 no logging buffered enable secret 5 XXXXXXXXXX enable password 7 XXXXXXXXXX ! username admin password 7 XXXXXXXXXX aaa new-model ! ! aaa authorization network hw-client-groupname local aaa session-id common ip subnet-zero ip domain name dsl-hawaiiantel.net ip name-server x.x.x.x ip name-server x.x.x.x ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 10.10.10.1 10.10.10.10 ! ip dhcp pool CLIENT import all network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 dns-server x.x.x.x x.x.x.x domain-name dsl-hawaiiantel.net lease 0 2 ! ! ip cef ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip ssh port 8080 rotary 1 ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp client configuration address-pool local dynpool ! crypto isakmp client configuration group USERID1 key 0 XXXXXXXXXX dns x.x.x.x x.x.x.x domain dsl-hawaiiantel.net pool dynpool acl 199 ! ! crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac ! crypto dynamic-map dynmap 1 set transform-set transform-1 reverse-route ! ! crypto map dynmap isakmp authorization list hw-client-groupname crypto map dynmap client configuration address respond crypto map dynmap 1 ipsec-isakmp dynamic dynmap ! ! ! ! interface Ethernet0 ip address 10.10.10.1 255.255.255.0 ip directed-broadcast ip nat inside no cdp enable hold-queue 32 in ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip access-group 111 in ip nat outside ip inspect myfw out duplex auto no cdp enable crypto map dynmap ! ip local pool dynpool 10.10.1.1 10.10.1.254 ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 10.10.10.1 8080 interface Ethernet1 8080 ip nat inside source static tcp 10.10.10.2 21 interface Ethernet1 21 ip nat inside source static tcp 10.10.10.2 22 interface Ethernet1 22 ip nat inside source static tcp 10.10.10.2 80 interface Ethernet1 80 ip nat inside source static tcp 10.10.10.2 3389 interface Ethernet1 3389 ip nat inside source static tcp 10.10.10.7 25 interface Ethernet1 25 ip nat inside source static tcp 10.10.10.7 81 interface Ethernet1 81 ip nat inside source static tcp 10.10.10.7 110 interface Ethernet1 110 ip nat inside source static udp 10.10.10.7 8767 interface Ethernet1 8767 ip nat inside source static udp 10.10.10.255 7 interface Ethernet1 7 ip classless ip http server no ip http secure-server ! access-list 102 permit ip 10.10.10.0 0.0.0.255 any access-list 111 permit tcp any any eq pop3 access-list 111 permit tcp any any eq smtp access-list 111 permit tcp any any eq ftp access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq telnet access-list 111 permit udp any any eq echo access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq non500-isakmp access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 permit tcp any any eq 22 access-list 111 permit tcp any any eq 81 access-list 111 permit tcp any any eq 139 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 3389 access-list 111 permit tcp any any eq 8080 access-list 111 permit udp any any eq 8767 access-list 111 permit udp any any eq 10000 access-list 111 deny ip any any access-list 199 permit ip 10.10.1.0 0.0.0.255 any no cdp run ! line con 0 exec-timeout 120 0 no modem enable stopbits 1 line aux 0 line vty 0 4 exec-timeout 120 0 rotary 1 ! scheduler max-task-time 5000 ! end