Building configuration... Current configuration : 10548 bytes
advertisement
Building configuration... Current configuration : 10548 bytes ! ! Last configuration change at 08:13:14 PCTime Fri Jul 15 2011 by alouie ! version 15.0 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname SF_cisco891_01 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 logging console critical enable secret 5 / ! no aaa new-model ! ! ! clock timezone PCTime -8 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ! crypto pki trustpoint TP-self-signed-19X3249267 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-19X3249267 revocation-check none rsakeypair TP-self-signed-19X3249267 ! ! crypto pki certificate chain TP-self-signed-19X3249267 certificate self-signed 01 30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393233 32343932 3637301E 170D3131 30373133 31353236 35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39323332 34393236 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BBC1 63DA843D EE3CBC29 CFBFE33B 884AB6DF FF776C40 38A75425 13D3CB4B 06A0BA7C DF78D107 F4EAF0C8 5962D3EB 2207B2FA 614ADE06 FD5C6004 56ABF1B9 7339BBB6 1F9E3B6F A3710D68 3D71D889 85397C5B 6CDDFA14 1AC6FC80 E71AB59A 0DE2ADA5 CC01F874 3561FDB4 D74DBFBB 7F0C4DB2 7D6E3B7D FF99DA2E FA76772B 2A4D0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603 551D1104 12301082 0E53465F 63697363 6F383931 5F303130 1F060355 1D230418 30168014 285FDC5C 57B66CAD 8307A1F4 AA563FEF 4BFF1DBD 301D0603 551D0E04 16041428 5FDC5C57 B66CAD83 07A1F4AA 563FEF4B FF1DBD30 0D06092A 864886F7 0D010104 05000381 81005FF5 5CF84825 08DD2D4A 95097854 B079A9C0 67146CB1 0DDA0160 2157473E 0DC93497 6A32E3FA 51B57DC6 B8250A3E 652D5D93 223AA06A 96FDBB55 BDD4692A 00C3DA58 27BBFF6D E8CF4DEE FB7F0A64 13F5E991 BAA2940B ADBC7187 FD7C3791 40894422 6A80C288 C2AB70C4 D1EA8CB6 9F6B28A9 4AA722BB 718BBFC8 5CB0F4DB 084A quit no ip source-route ! ! ip dhcp excluded-address 192.168.2.1 192.168.2.174 ! ip dhcp pool ccp-pool1 import all network 192.168.2.0 255.255.255.0 dns-server e.f.g.h i.j.k.l default-router 192.168.2.1 ! ! ip cef no ip bootp server ip name-server e.f.g.h ip name-server i.j.k.l no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO891-K9! ! username admin privilege 15 secret username xlouie privilege 15 view root secret 5 username xcorridon privilege 15 view root secret 5! ! ip tcp synwait-time 10 no ip ftp passive ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key xxxxxxxxx address m.n.o.p ! ! crypto ipsec transform-set ESP-XDES-XXX esp-3des esp-sXX-Xmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to m.n.o.p set peer m.n.o.p set transform-set ESP-3DES-SHA match address 104 ! ! ! ! ! interface FastEthernet0 ! ! interface FastEthernet1 ! ! interface FastEthernet2 ! ! interface FastEthernet3 ! ! interface FastEthernet4 ! ! interface FastEthernet5 ! ! interface FastEthernet6 ! ! interface FastEthernet7 ! ! interface FastEthernet8 description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$ ip address a.b.c.d 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly duplex auto speed auto crypto map SDM_CMAP_1 ! ! interface GigabitEthernet0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown duplex auto speed auto ! ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$ ip address 192.168.2.1 255.255.255.0 ip access-group 103 in no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ! interface Async1 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation slip ! ! ip forward-protocol nd ip http server ip http access-class 2 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload ip nat inside source static tcp 192.168.2.100 80 a.b.c.d 80 extendable ip nat inside source static tcp 192.168.2.100 443 a.b.c.d 443 extendable ip route 0.0.0.0 0.0.0.0 FastEthernet8 ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 2 remark CCP_ACL Category=1 access-list 2 remark Auto generated by SDM Management Access feature access-list 2 permit 10.10.2.0 0.0.0.255 access-list 2 permit 192.168.2.0 0.0.0.255 access-list 100 remark Auto generated by SDM Management Access feature access-list 100 remark CCP_ACL Category=1 access-list 100 permit tcp host m.n.o.p host a.b.c.d eq 22 access-list 100 deny tcp any host a.b.c.d eq telnet access-list 100 deny tcp any host a.b.c.d eq 22 access-list 100 deny tcp any host a.b.c.d eq cmd access-list 100 deny udp any host a.b.c.d eq snmp access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list telnet access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list access-list 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 101 101 101 101 101 102 102 102 102 102 103 103 103 103 remark permit remark permit permit permit permit permit remark permit remark permit permit permit permit remark remark permit permit permit remark remark permit permit permit remark remark permit permit IPSec Rule ip 10.10.2.0 0.0.0.255 192.168.2.0 0.0.0.255 IPSec Rule ip 10.10.2.0 0.0.0.255 192.16.2.0 0.0.0.255 udp host m.n.o.p host a.b.c.d eq non500-isakmp udp host m.n.o.p host a.b.c.d eq isakmp esp host m.n.o.p host a.b.c.d ahp host m.n.o.p host a.b.c.d Auto generated by CCP for NTP (123) q.r.s.t udp host q.r.s.t eq ntp host a.b.c.d eq ntp Auto generated by CCP for NTP (123) u.v.w.x udp host u.v.w.x eq ntp host a.b.c.d eq ntp tcp any host a.b.c.d eq www tcp any host a.b.c.d eq 443 ip any any Auto generated by SDM Management Access feature CCP_ACL Category=1 ip host m.n.o.p any ip 10.10.2.0 0.0.0.255 any ip 192.168.2.0 0.0.0.255 any Auto generated by SDM Management Access feature CCP_ACL Category=1 ip host m.n.o.p any ip 10.10.2.0 0.0.0.255 any ip 192.168.2.0 0.0.0.255 any Auto generated by SDM Management Access feature CCP_ACL Category=1 tcp 10.10.2.0 0.0.0.255 host 192.168.2.1 eq telnet tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 103 103 103 103 103 103 103 103 103 103 103 103 103 103 103 104 104 104 104 104 104 105 105 105 permit permit permit permit permit permit permit permit deny deny deny deny deny deny permit remark remark permit remark remark permit remark remark deny tcp 10.10.2.0 0.0.0.255 host 192.168.2.1 eq 22 tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 22 tcp 10.10.2.0 0.0.0.255 host 192.168.2.1 eq www tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq www tcp 10.10.2.0 0.0.0.255 host 192.168.2.1 eq 443 tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 443 tcp 10.10.2.0 0.0.0.255 host 192.168.2.1 eq cmd tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq cmd tcp any host 192.168.2.1 eq telnet tcp any host 192.168.2.1 eq 22 tcp any host 192.168.2.1 eq www tcp any host 192.168.2.1 eq 443 tcp any host 192.168.2.1 eq cmd udp any host 192.168.2.1 eq snmp ip any any CCP_ACL Category=4 IPSec Rule ip 192.168.2.0 0.0.0.255 10.10.2.0 0.0.0.255 CCP_ACL Category=4 IPSec Rule ip 192.16.2.0 0.0.0.255 10.10.2.0 0.0.0.255 CCP_ACL Category=2 IPSec Rule ip 192.168.2.0 0.0.0.255 10.10.2.0 0.0.0.255 access-list access-list access-list access-list no cdp run 105 105 105 105 permit remark remark deny ip 192.168.2.0 0.0.0.255 any CCP_ACL Category=2 IPSec Rule ip 192.16.2.0 0.0.0.255 10.10.2.0 0.0.0.255 ! ! ! ! route-map SDM_RMAP_1 permit 1 match ip address 105 ! ! ! control-plane ! ! banner exec ^C % Password expiration warning. ----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username <myuser> privilege 15 secret 0 <mypassword> Replace <myuser> and <mypassword> with the username and password you want to use. ----------------------------------------------------------------------^C banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local transport output telnet line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 login local transport output telnet line vty 0 4 access-class 101 in privilege level 15 login local transport input telnet ssh line vty 5 15 access-class 102 in privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ntp update-calendar ntp server q.r.s.t source FastEthernet8 ntp server u.v.w.x source FastEthernet8 end
