version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname RainingRose ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$PHQl$lDEq4vpf54G1Fy6016gsQ1 ! no aaa new-model ! resource policy ! clock timezone CST -6 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ip cef ! ! ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 ! ! no ip bootp server ip domain name rainingrose.com ip name-server 216.203.115.234 ip name-server 216.203.122.200 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! crypto pki trustpoint TP-self-signed-4028605841 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4028605841 revocation-check none rsakeypair TP-self-signed-4028605841 ! ! crypto pki certificate chain TP-self-signed-4028605841 certificate self-signed 01 30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34303238 36303538 3431301E 170D3038 30393037 31373332 35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30323836 30353834 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E265 1CFF5399 B2485E53 DF0A2F5B DCFAF886 0CEFEE35 AB93F47E 4F68A293 592400C0 A3D51636 A690499F C204A913 D6BED162 7ECE7D88 847310A0 3C0B7AD0 1B0F9AF8 A3030C62 BE81891B 6F61ACAF CA8F900D 4390D1D9 F58F5DBA F95752FE ABA2A428 F2D3B315 1CC1A948 BDBA3065 9627574F 2884077A 1EECD37B 0DD66D26 CBF90203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603 551D1104 1F301D82 1B526169 6E696E67 526F7365 2E726169 6E696E67 726F7365 2E636F6D 301F0603 551D2304 18301680 1466E873 E2AC5F87 42352580 496E5174 E138D7E9 36301D06 03551D0E 04160414 66E873E2 AC5F8742 35258049 6E5174E1 38D7E936 300D0609 2A864886 F70D0101 04050003 81810022 2CDC6FDF 6A18A5FF F7993929 86EE59A6 632B9D0B FEEFFECF E893EC20 14962FC2 1E5E09AF 73265043 5B370C9C 4A924DD9 9573A166 EAB895EC F827EEFD 4394786C DF0C724C 620E9DE7 41C74EE3 48A26E5B A7069C63 73F7FCA7 FCE3AABA AE8475AB 6167B3D1 26488E13 833BBAF3 63411792 A2FF5F08 D699DB1B 76D19110 2569C8 quit username admin privilege 15 secret 5 $1$C/Eu$DREpmmAnJcy.e5XyIxNhY. ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key 2821mtvernonroad address 12.206.137.5 ! ! crypto ipsec transform-set toSSP esp-des esp-md5-hmac ! crypto map IPSEC 10 ipsec-isakmp set peer 12.206.137.5 set transform-set toSSP match address 111 ! ! ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$ ip address 10.2.1.254 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/1 description $ES_WAN$$FW_OUTSIDE$ ip address 216.203.117.82 255.255.255.248 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled crypto map IPSEC ! ip classless ip route 0.0.0.0 0.0.0.0 216.203.117.81 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map nonat interface FastEthernet0/1 overload ip nat inside source static tcp 10.2.1.3 21 216.203.117.83 21 extendable ip nat inside source static tcp 10.2.1.3 1433 216.203.117.83 1433 extendable ip nat inside source static tcp 10.2.1.4 1494 216.203.117.83 1494 extendable ip nat inside source static tcp 10.2.1.4 3389 216.203.117.83 3389 extendable ip nat inside source static tcp 10.2.1.2 5360 216.203.117.83 5360 extendable ip nat inside source static tcp 10.2.1.3 5361 216.203.117.83 5361 extendable ip nat inside source static tcp 10.2.1.74 5364 216.203.117.83 5364 extendable ip nat inside source static tcp 10.2.1.77 5365 216.203.117.83 5365 extendable ip nat inside source static tcp 10.2.1.78 5366 216.203.117.83 5366 extendable ip nat inside source static tcp 10.2.1.2 1433 216.203.117.84 1433 extendable ip nat inside source static 10.2.1.6 216.203.117.85 ! logging trap debugging access-list 1 remark INSIDE_IF=FastEthernet0/0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.2.1.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuratio n access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip 216.203.117.80 0.0.0.7 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuratio n access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host 216.203.122.200 eq domain host 216.203.117.82 access-list 101 permit udp host 216.203.115.234 eq domain host 216.203.117.82 access-list 101 permit tcp any host 216.203.117.83 eq 1494 access-list 101 permit tcp host 66.211.4.130 host 216.203.117.84 eq 1433 access-list 101 permit tcp host 66.211.4.130 host 216.203.117.83 eq 1433 access-list 101 permit tcp host 147.202.24.152 host 216.203.117.84 eq 1433 access-list 101 permit tcp host 147.202.24.152 host 216.203.117.83 eq 1433 access-list 101 permit tcp any host 216.203.117.83 eq ftp access-list 101 permit tcp any host 216.203.117.83 eq 5360 access-list 101 permit tcp any host 216.203.117.83 eq 5366 access-list 101 permit tcp any host 216.203.117.83 eq 3389 access-list 101 permit tcp any host 216.203.117.83 eq 5365 access-list 101 permit tcp any host 216.203.117.83 eq 5364 access-list 101 permit tcp any host 216.203.117.83 eq 5361 access-list 101 permit ip 10.5.5.0 0.0.0.255 host 216.203.117.85 access-list 101 permit tcp any host 216.203.117.85 eq smtp access-list 101 permit tcp any host 216.203.117.85 eq 389 access-list 101 permit esp any host 216.203.117.82 access-list 101 permit udp any host 216.203.117.82 eq isakmp access-list 101 permit tcp any host 216.203.117.85 eq www access-list 101 permit tcp any host 216.203.117.85 eq 5362 access-list 101 permit tcp any host 216.203.117.85 eq 443 access-list 101 permit ip 10.5.5.0 0.0.0.255 10.2.1.0 0.0.0.255 access-list 101 deny ip 10.2.1.0 0.0.0.255 any access-list 101 permit icmp any host 216.203.117.82 echo-reply access-list 101 permit icmp any host 216.203.117.82 time-exceeded access-list 101 permit icmp any host 216.203.117.82 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 111 permit ip 10.2.1.0 0.0.0.255 10.5.5.0 0.0.0.255 access-list 111 permit ip host 216.203.117.85 10.5.5.0 0.0.0.255 access-list 112 deny ip 10.2.1.0 0.0.0.255 10.5.5.0 0.0.0.255 access-list 112 permit ip 10.2.1.0 0.0.0.255 any no cdp run route-map nonat permit 10 match ip address 112 ! ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler allocate 4000 1000 end RainingRose#