show r1 R1#show run Building configuration... Current configuration : 4742 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname R1 ! boot-start-marker boot system flash c2800nm-adventerprisek9-mz.124-13a.bin boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging buffered 4096 debugging no logging console enable secret 5 $1$3iYL$xPV0Tk8w165m.J9IyZBqd/ enable password 7 060F1C20474319 ! aaa new-model ! ! aaa authentication login local_auth local aaa authentication login vpnlogin local aaa authorization network vpnauth local ! aaa session-id common no ip source-route no ip gratuitous-arps ! ! ip cef ! ! ip flow-cache timeout active 1 no ip bootp server ip name-server xx.xx.xx.65 ip name-server xx.xx.xx.66 ip name-server 192.168.0.2 login block-for 3 attempts 7 within 3 ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! username admin password 7 030D480A0D0231 username somebody password 7 060F1C20474319 archive log config logging enable ! ! class-map match-any worms match protocol http url "*.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" match protocol http url "*readme.eml*" ! ! policy-map worm-requests class worms set ip dscp 1 ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group RVPN key xxxxxxxx dns 192.168.0.2 wins 192.168.0.2 domain domain.local pool vpnpool acl 144 ! ! crypto ipsec transform-set settransform esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set settransform reverse-route ! ! crypto map vpnmap client authentication list vpnlogin crypto map vpnmap isakmp authorization list vpnauth crypto map vpnmap client configuration address respond crypto map vpnmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! interface Loopback0 ip address 10.11.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/0 ip address 10.0.2.21 255.255.255.0 ip verify unicast source reachable-via rx allow-default 100 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled crypto map vpnmap service-policy input worm-requests ! interface FastEthernet0/1 ip address 192.168.0.1 255.255.255.0 ip access-group 121 out no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled ! ip local pool vpnpool 192.168.1.1 192.168.1.100 ip route 0.0.0.0 0.0.0.0 10.0.2.1 ! ip flow-export source FastEthernet0/1 ip flow-export version 5 ip flow-export destination 192.168.0.27 9996 ! no ip http server no ip http secure-server ip nat inside source list 101 interface FastEthernet0/0 overload ip nat inside source static tcp 192.168.0.27 3389 10.0.2.21 3389 extendable ! ! logging trap debugging logging facility local2 logging source-interface FastEthernet0/1 logging 192.168.0.27 access-list 100 permit udp any any eq bootpc access-list 101 permit ip 192.168.0.0 0.0.0.255 any access-list 111 permit tcp any host 10.0.2.21 eq telnet access-list 111 deny ip any any access-list 111 permit tcp any host 192.168.0.27 eq 3 access-list 121 deny ip any any dscp 1 access-list 121 permit ip any any access-list 122 permit udp host 192.168.1.0 host 192.168.0.0 eq non500-isakmp access-list 122 permit tcp host 192.168.1.0 host 192.168.0.0 eq 50 access-list 122 permit udp host 192.168.1.0 host 192.168.0.0 eq 50 access-list 122 permit udp host 192.168.1.0 host 192.168.0.0 eq 51 access-list 122 permit tcp host 192.168.1.0 host 192.168.0.0 eq 51 access-list 122 permit tcp host 192.168.1.0 host 192.168.0.0 eq 47 access-list 122 permit udp host 192.168.1.0 host 192.168.0.0 eq 47 access-list 122 permit udp host 192.168.1.0 host 192.168.0.0 eq isakmp access-list 122 permit udp host 192.168.1.0 host 192.168.0.0 eq 5000 access-list 122 permit udp host 192.168.1.0 host 192.168.0.0 eq 10000 access-list 122 permit tcp host 192.168.1.0 host 192.168.0.0 eq 10000 access-list 122 permit tcp host 192.168.1.0 host 192.168.0.0 eq 4500 access-list 122 permit tcp host 192.168.1.0 host 192.168.0.0 eq 500 access-list 122 permit tcp host 192.168.1.0 host 192.168.0.0 eq 5000 access-list 144 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 no cdp run ! route-map VPN-Client permit 10 match ip address 144 set interface Loopback0 ! ! ! tftp-server server tftp-server en ! control-plane ! ! ! ! ! ! ! ! ! banner motd ^CUNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.^C ! line con 0 exec-timeout 5 0 login authentication local_auth transport output telnet line aux 0 exec-timeout 15 0 login authentication local_auth transport output telnet line vty 0 4 login authentication local_auth transport input telnet line vty 5 15 login authentication local_auth transport input telnet ! scheduler allocate 20000 1000 ! end