! ! interface Tunnel1 ip address 192.168.210.251 255.255.255.128 ip access-group inbound in ip mtu 1560 ip nat outside ip virtual-reassembly tunnel source Dialer1 tunnel destination 61.xxx.xxx.xxx ! interface ATM0 description ADSL2+ connection CCT Speed 24M/1M Provider ISP bandwidth inherit no ip address no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0 duplex full speed 100 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Virtual-Template2 type tunnel description $FW_INSIDE$ ip unnumbered Vlan1 ip access-group 102 in tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 description $FW_INSIDE$ ip address 172.16.64.99 255.255.248.0 ip access-group 103 in ip nat inside ip virtual-reassembly ! interface Dialer1 description ADSL2+ connection CCT Speed 24M/1M Provider ISP$FW_OUTSIDE$ bandwidth inherit ip address 59.xxx.xxx.xxx 255.255.255.0 ip access-group 104 in no ip unreachables ip nat outside ip virtual-reassembly encapsulation ppp no ip mroute-cache dialer pool 1 dialer-group 1 fair-queue 64 256 0 no cdp enable ppp authentication chap callin ppp chap hostname bne@isp.net ppp chap password 7 xxxxx crypto map vpnmap ! ip local pool vpnpool 192.168.255.1 192.168.255.10 ip local pool SDM_POOL_1 172.16.64.70 172.16.64.90 ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 172.16.0.0 255.255.0.0 172.16.71.249 ip route 192.168.210.0 255.255.255.128 192.168.210.254 ! ! ip http server ip http access-class 2 ip http secure-server ip nat pool customer 192.168.210.140 192.168.210.140 netmask 255.255.255.128 ip nat inside source list NAT1 pool customer overload ip nat inside source list nat interface Dialer1 overload ip nat inside source static 172.16.64.23 192.168.210.129 ip nat inside source static 172.16.96.101 192.168.210.130 ip nat inside source static 172.16.43.14 192.168.210.131 ip nat inside source static 172.16.32.44 192.168.210.132 ip nat inside source static 172.16.65.19 192.168.210.133 ! ip access-list extended NAT1 permit ip 172.16.0.0 0.0.255.255 host 192.168.210.227 permit ip 172.16.0.0 0.0.255.255 host 192.168.210.228 permit ip 172.16.0.0 0.0.255.255 host 192.168.210.229 permit ip 172.16.0.0 0.0.255.255 host 192.168.210.230 permit ip 172.16.0.0 0.0.255.255 host 192.168.210.231 permit ip 172.16.0.0 0.0.255.255 host 192.168.210.232 permit ip 172.16.0.0 0.0.255.255 host 192.168.210.233 ip access-list extended inbound permit tcp any any established permit tcp 192.168.210.0 0.0.0.255 host 192.168.210.129 eq www permit tcp 192.168.210.0 0.0.0.255 host 192.168.210.129 eq 8080 permit tcp 192.168.210.0 0.0.0.255 eq www host 192.168.210.129 permit tcp 192.168.210.0 0.0.0.255 eq 8080 host 192.168.210.129 permit tcp 192.168.210.0 0.0.0.255 eq www 192.168.210.0 0.0.0.255 permit tcp 192.168.210.0 0.0.0.255 192.168.210.0 0.0.0.255 eq www permit icmp 192.168.210.0 0.0.0.255 any permit tcp 192.168.210.0 0.0.0.255 host 192.168.210.133 eq 1494 permit tcp 192.168.210.0 0.0.0.255 host 192.168.210.130 eq 1494 permit tcp 192.168.210.0 0.0.0.255 host 192.168.210.131 eq 1494 permit tcp 192.168.210.0 0.0.0.255 host 192.168.210.132 eq 1494 permit ip host 192.168.210.125 172.16.0.0 0.0.255.255 permit ip host 192.168.210.124 172.16.0.0 0.0.255.255 permit ip host 192.168.210.123 172.16.0.0 0.0.255.255 permit ip host 192.168.210.119 host 172.16.32.48 ip access-list extended lan-out permit ip 172.16.64.0 0.0.0.255 any ip access-list extended nat deny ip 172.16.0.0 0.0.255.255 192.168.210.0 0.0.0.255 permit ip 172.16.0.0 0.0.255.255 any ! access-list 2 remark HTTP Access-class list access-list 2 remark SDM_ACL Category=1 access-list 2 permit 172.16.64.0 0.0.7.255 access-list 2 deny any access-list 100 remark SDM_ACL Category=4 access-list 100 permit ip 172.16.0.0 0.0.255.255 any access-list 101 remark VTY Access-class list access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 172.16.64.0 0.0.7.255 any access-list 101 deny ip any any access-list 102 remark auto generated by SDM firewall configuration access-list 102 remark SDM_ACL Category=1 access-list 102 deny ip 59.xxx.xxx.xxx 0.0.0.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 permit ip any any access-list 103 remark auto generated by SDM firewall configuration access-list 103 remark SDM_ACL Category=1 access-list 103 permit udp any host 172.16.64.99 eq non500-isakmp access-list 103 permit udp any host 172.16.64.99 eq isakmp access-list 103 permit esp any host 172.16.64.99 access-list 103 permit ahp any host 172.16.64.99 access-list 103 deny ip 59.xxx.xxx.xxx 0.0.0.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 permit ip any any access-list 104 remark auto generated by SDM firewall configuration access-list 104 remark SDM_ACL Category=1 access-list 104 permit udp host 192.231.203.3 eq domain host 59.xxx.xxx.xxx access-list 104 permit udp host 192.231.203.132 eq domain host 59.xxx.xxx.xxx access-list 104 permit ahp any host 59.xxx.xxx.xxx access-list 104 permit esp any host 59.xxx.xxx.xxx access-list 104 permit udp any host 59.xxx.xxx.xxx eq isakmp access-list 104 permit udp any host 59.xxx.xxx.xxx eq non500-isakmp access-list 104 permit ip 192.168.255.0 0.0.0.255 host 59.xxx.xxx.xxx access-list 104 permit ip 192.168.255.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 104 deny ip 172.16.64.0 0.0.7.255 any access-list 104 permit icmp any host 59.xxx.xxx.xxx echo-reply access-list 104 permit icmp any host 59.xxx.xxx.xxx time-exceeded access-list 104 permit icmp any host 59.xxx.xxx.xxx unreachable access-list 104 deny ip 10.0.0.0 0.255.255.255 any access-list 104 deny ip 172.16.0.0 0.15.255.255 any access-list 104 deny ip 192.168.0.0 0.0.255.255 any access-list 104 deny ip 127.0.0.0 0.255.255.255 any access-list 104 deny ip host 255.255.255.255 any access-list 104 deny ip host 0.0.0.0 any access-list 104 deny ip any any log access-list 112 deny ip 172.16.0.0 0.0.255.255 192.168.255.0 0.0.0.255 access-list 112 permit ip 172.16.0.0 0.0.255.255 any access-list 120 permit ip 172.16.0.0 0.0.255.255 192.168.255.0 0.0.0.255 access-list 125 permit gre host 59.xxx.xxx.xxx host 61.xxx.xxx.xxx access-list 199 permit ip host 59.xxx.xxx.xxx 192.168.255.0 0.0.0.255 access-list 199 permit ip 172.16.0.0 0.0.255.255 192.168.255.0 0.0.0.255 no cdp run ! ! ! route-map nonat permit 10 match ip address 112 !