! ! Last configuration change at 01:04:50 edt Fri Jul 4 2008 by rsd ! NVRAM config last updated at 01:04:51 edt Fri Jul 4 2008 by rsd ! version 12.4 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname loh-cable-gw ! boot-start-marker boot-end-marker ! logging buffered 4096 informational no logging console enable secret 5 enable password 7 ! aaa new-model ! ! aaa authentication ppp default local aaa authorization network default local ! ! aaa session-id common clock timezone eastern -5 clock summer-time edt recurring ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 28800 crypto isakmp key notshown x.y.203.4 no-xauth crypto isakmp key notshown address 0.0.0.0 0.0.0.0 no-xauth ! ! crypto ipsec transform-set tr-transport-aes256-sha esp-aes 256 esp-sha-hmac mode transport crypto ipsec transform-set tr-tunnel-aes256-sha esp-aes 256 esp-sha-hmac crypto ipsec transform-set tr-transport-aes-sha esp-aes esp-sha-hmac mode transport crypto ipsec transform-set tr-transport-3des-sha esp-3des esp-sha-hmac mode transport ! crypto ipsec profile turbolink-loh set transform-set tr-tunnel-aes256-sha ! ! crypto dynamic-map vpn-dynamic 10 set transform-set tr-transport-aes-sha tr-transport-3des-sha ! ! crypto map vpn-map client configuration address respond crypto map vpn-map 10 ipsec-isakmp dynamic vpn-dynamic ! ! dot11 ssid wireless1 vlan 2 authentication open authentication key-management wpa wpa-psk ascii 7 ! dot11 ssid wireless2 vlan 1 authentication open authentication key-management wpa wpa-psk hex 7 ! ip icmp rate-limit unreachable 3 ip cef ! ! no ip dhcp use vrf connected ! ip dhcp pool phone2 host 192.168.101.106 255.255.255.0 client-identifier 0100.1201.ad70.7b next-server 192.168.101.150 default-router 192.168.101.254 dns-server 192.168.101.150 domain-name landofhaze.net ! ip dhcp pool phone1 host 192.168.101.58 255.255.255.0 client-identifier 0100.1646.6834.0f next-server 192.168.101.150 default-router 192.168.101.254 dns-server 192.168.101.150 domain-name landofhaze.net ! ip dhcp pool vlan2 network 192.168.102.0 255.255.255.0 default-router 192.168.102.1 dns-server 192.168.101.150 ! ip dhcp pool vlan1 network 192.168.101.0 255.255.255.0 next-server 192.168.101.150 default-router 192.168.101.254 dns-server 192.168.101.150 domain-name landofhaze.net ! ip dhcp pool matt host 192.168.101.59 255.255.255.0 client-identifier 001c.58d6.9349 next-server 192.168.101.150 default-router 192.168.101.254 dns-server 192.168.101.150 domain-name landofhaze.net ! ! ip domain name landofhaze.net ip name-server 192.168.101.150 login on-failure log every 3 login on-success log no vlan accounting ! multilink bundle-name authenticated vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 l2tp tunnel receive-window 256 ! vpdn-group 2 ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 2 no l2tp tunnel authentication l2tp tunnel receive-window 256 ! ! ! users are not shown here archive log config hidekeys ! ! ip ssh version 1 ! bridge irb ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Tunnel1 description tunnel to shitter's house bandwidth 16000 ip address 172.16.100.10 255.255.255.0 ip nat outside ip nhrp authentication SHITYEAH ip nhrp map 172.16.100.1 x.y.203.4 ip nhrp network-id 69 ip nhrp holdtime 90 ip nhrp nhs 172.16.100.1 ip nhrp cache non-authoritative ip virtual-reassembly ip tcp adjust-mss 1400 ip ospf network broadcast ip ospf 11 area 1 tunnel source FastEthernet4 tunnel destination x.y.203.4 tunnel key tunnel protection ipsec profile turbolink-loh ! interface Tunnel0 description tunnel to axs2k bandwidth 16000 ip address 10.254.254.3 255.255.255.0 ip access-group t0_acl in ip mtu 1532 ip nat outside ip nhrp authentication TUNNEL ip nhrp map 10.254.254.1 209.213.219.123 ip nhrp network-id 2 ip nhrp holdtime 90 ip nhrp nhs 10.254.254.1 ip nhrp cache non-authoritative ip virtual-reassembly ip tcp adjust-mss 1380 no ip mroute-cache ip ospf network broadcast ip ospf 11 area 1 keepalive 5 5 tunnel source FastEthernet4 tunnel destination x.a.219.123 tunnel key ! interface FastEthernet0 ! interface FastEthernet1 switchport access vlan 3 ! interface FastEthernet2 switchport access vlan 143 shutdown ! interface FastEthernet3 ! interface FastEthernet4 description wan to Comcast mac-address 0040.05b4.4fec bandwidth 16000 ip address dhcp no ip redirects no ip proxy-arp ip nat outside no ip virtual-reassembly no ip route-cache cef no ip route-cache no ip mroute-cache duplex auto speed auto arp timeout 600 crypto map vpn-map ! interface Virtual-Template1 description *** PPtP VPN Endpoint *** ip unnumbered BVI1 ip tcp adjust-mss 1380 peer default ip address pool LOH-VPN ppp encrypt mppe 128 required ppp authentication chap ms-chap ms-chap-v2 ppp link reorders ! interface Virtual-Template2 description *** L2TP/IPSEC VPN Endpoint *** ip unnumbered BVI1 ip tcp header-compression ietf-format ip tcp adjust-mss 1200 peer default ip address pool LOH-VPN compress mppc ppp authentication chap ms-chap ms-chap-v2 ppp link reorders ip rtp header-compression ietf-format ! interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers aes-ccm tkip ! encryption vlan 2 mode ciphers aes-ccm tkip ! ssid loh_pc_wireless ! ssid loh_wireless ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 power local cck 20 power local ofdm 17 power client 20 station-role root rts threshold 2312 ! interface Dot11Radio0.1 description loh_wireless open encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.2 description wireless vlan for PCs encapsulation dot1Q 2 bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding ! interface Vlan1 description main loh vlan no ip address ip virtual-reassembly bridge-group 1 hold-queue 64 out ! interface Vlan2 description loh windows PCs vlan no ip address ip virtual-reassembly bridge-group 2 hold-queue 64 out ! interface Vlan3 ip address 10.50.100.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface BVI1 description bridge interface for vlan 1$ES_LAN$ ip address 192.168.101.254 255.255.255.0 ip nat inside ip virtual-reassembly ip route-cache policy ip policy route-map TUNNEL0_NAT no ip mroute-cache arp timeout 180 hold-queue 64 in ! interface BVI2 description bridged interface for vlan 2 ip address 192.168.102.1 255.255.255.0 ip nat inside ip virtual-reassembly no ip mroute-cache arp timeout 180 hold-queue 64 in ! router ospf 11 router-id x.y.199.120 log-adjacency-changes redistribute static subnets route-map MAP_OSPF_TURBOLINK ! router ospf 15 log-adjacency-changes passive-interface FastEthernet4 passive-interface Tunnel1 passive-interface Tunnel0 network 1.1.1.0 0.0.0.255 area 15 network 10.50.100.0 0.0.0.255 area 15 network 192.168.101.0 0.0.0.255 area 15 network 192.168.102.0 0.0.0.255 area 15 ! ip local pool LOH-VPN 192.168.101.15 192.168.101.18 ip route 10.118.144.0 255.255.240.0 172.16.100.1 ip route x.y.199.120 255.255.255.248 Null0 ip route x.y.203.4 255.255.255.255 71.224.184.1 ip route z.y.195.50 255.255.255.255 71.224.184.1 ! ! no ip http server ip http access-class 10 no ip http secure-server ip nat translation udp-timeout 600 ip nat translation finrst-timeout 10 ip nat translation syn-timeout 5 ip nat translation dns-timeout 5 ip nat translation icmp-timeout 10 ip nat pool axs2000 x.y.199.126 x.y.199.126 netmask 255.255.255.248 ip nat inside source list 100 pool axs2000 overload ip nat inside source list 101 interface FastEthernet4 overload ip nat inside source static tcp 192.168.101.201 5100 71.224.187.182 5100 extendable ip nat inside source static udp 192.168.101.201 5100 71.224.187.182 5100 extendable ip nat inside source static tcp 192.168.101.200 6881 71.224.187.182 6881 extendable ip nat inside source static udp 192.168.101.200 6881 71.224.187.182 6881 extendable ip nat inside source static tcp 192.168.101.150 21 x.y.199.120 21 extendable ip nat inside source static udp 192.168.101.150 21 x.y.199.120 21 extendable ip nat inside source static tcp 192.168.101.150 25 x.y.199.120 25 extendable ip nat inside source static tcp 192.168.101.151 53 x.y.199.120 53 extendable ip nat inside source static udp 192.168.101.151 53 x.y.199.120 53 extendable ip nat inside source static tcp 192.168.101.150 80 x.y.199.120 80 extendable ip nat inside source static udp 192.168.101.150 143 x.y.199.120 143 extendable ip nat inside source static tcp 192.168.101.150 3689 x.y.199.120 3689 extendable ip nat inside source static tcp 192.168.101.150 5060 x.y.199.120 5060 extendable ip nat inside source static udp 192.168.101.150 5060 x.y.199.120 5060 extendable ip nat inside source static tcp 192.168.101.150 5900 x.y.199.120 5900 extendable ip nat inside source static udp 192.168.101.150 5900 x.y.199.120 5900 extendable ip nat inside source static tcp 192.168.101.150 588 x.y.199.120 64588 extendable ip nat inside source static tcp 192.168.101.153 80 x.y.199.124 80 extendable ip nat inside source static 192.168.101.22 x.y.199.125 extendable ! ip access-list extended OSPF_TURBOLINK permit ip x.y.199.120 0.0.0.7 any ip access-list extended t0_acl permit tcp host x.y.202.60 host x.y.199.120 eq smtp permit tcp host x.y.196.59 host x.y.199.120 eq smtp permit tcp host x.y.197.75 host x.y.199.120 eq smtp permit tcp host x.y.202.58 host x.y.199.120 eq smtp deny tcp any any eq smtp deny ip 1.0.0.0 0.255.255.255 any log deny ip 2.0.0.0 0.255.255.255 any log deny ip 5.0.0.0 0.255.255.255 any log deny ip 10.0.0.0 0.255.255.255 any log deny ip 127.0.0.0 0.255.255.255 any log deny ip 172.16.0.0 0.15.255.255 any log deny ip 192.168.0.0 0.0.255.255 any log deny ip 255.0.0.0 0.255.255.255 any log deny ip 224.0.0.0 31.255.255.255 any log deny ip host 67.101.91.9 any log deny ip host 68.60.244.4 any log deny tcp any any eq 5432 deny udp any any eq 5432 deny tcp any any eq 22 log permit ip any any ! logging origin-id string loh-cable-gw logging facility local6 logging server-arp access-list 1 permit x.y.199.48 access-list 1 permit 68.81.255.140 access-list 1 permit 207.106.112.35 access-list 1 permit 192.168.101.0 0.0.0.255 access-list 5 permit 192.168.101.151 access-list 5 permit 192.168.101.150 access-list 10 permit 192.168.101.15 access-list 10 permit x.y.199.48 access-list 10 permit 192.168.101.150 access-list 10 permit 192.168.101.170 access-list 10 permit 192.168.101.201 access-list 10 permit 192.168.101.200 access-list 10 permit 192.168.101.245 access-list 100 deny ip 192.168.101.0 0.0.0.255 10.118.144.0 0.0.15.255 access-list 100 remark *** NAT ACL for tunnel traffic access-list 100 permit ip host 192.168.101.150 any access-list 100 permit ip host 192.168.101.22 any access-list 100 permit tcp host 192.168.101.153 eq www any access-list 100 permit tcp host 192.168.101.245 eq 22 any access-list 100 permit tcp host 192.168.101.151 eq domain any access-list 100 permit udp host 192.168.101.151 eq domain any access-list 101 remark *** NAT ACL for shitcast traffic access-list 101 deny ip host 192.168.101.150 any access-list 101 deny tcp host 192.168.101.153 eq www any access-list 101 deny tcp host 192.168.101.245 eq 22 any access-list 101 deny tcp host 192.168.101.151 eq domain any access-list 101 deny udp host 192.168.101.151 eq domain any access-list 101 deny ip 192.168.101.0 0.0.0.255 10.118.144.0 0.0.15.255 access-list 101 permit ip 192.168.0.0 0.0.255.255 any access-list 101 permit ip 10.50.100.0 0.0.0.255 any access-list 180 permit ip host 71.224.187.182 host x.y.203.4 access-list 700 permit 000a.95f4.0989 0000.0000.0000 snmp-server community 192e168s101i RW 5 snmp-server location Phoenixville, PA snmp-server contact Rob Drummond snmp-server enable traps tty ! ! ! route-map MAP_OSPF_TURBOLINK permit 10 match ip address OSPF_TURBOLINK ! route-map TUNNEL0_NAT permit 10 match ip address 100 set ip default next-hop 10.254.254.1 set default interface Tunnel0 ! route-map TUNNEL0_NAT permit 20 match ip address 102 ! ! control-plane ! bridge 1 route ip bridge 2 route ip banner login  does your mother know you are here...  ! line con 0 no modem enable speed 115200 line aux 0 line vty 0 4 access-class 10 in privilege level 15 ! scheduler max-task-time 5000 ntp clock-period 17175063 ntp server 17.254.0.27 ! webvpn cef ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end