l33byt1980
Vendor
I have not done so much with the Advanced security routers. However i think I am almost there. Just need to check this is to offer a site to site VPN. But also offer direct Internet Access. I am a little miffed with the NAT part and was wondering if some one could just cast their eyes over the running config.
Building configuration...
Current configuration : 4168 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname *********
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.1.0 10.2.1.20
!
ip dhcp pool ********
network 10.2.1.0 255.255.255.0
dns-server EXCLUDED
default-router 10.2.1.1
!
!
!
!
crypto pki trustpoint TP-self-signed-3383648989
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3383648989
revocation-check none
rsakeypair TP-self-signed-3383648989
!
!
crypto pki certificate chain TP-self-signed-3383648989
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333833 36343839 3839301E 170D3038 31313234 30383230
35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33383336
34383938 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C86B 230016D8 AF3FD1ED 41391BFC 548FE562 2A3FB0AA B9FCD284 37262B22
100CA34F D0CF1687 852ADDF6 F1EDA3B0 6439A5F4 7F056E26 21301589 17EDDF29
98A4811F 70C31331 478A62FA 668BBC98 1C74D3BA 45C4AF89 8F2694EF FF997776
CBF1733E 6088EC39 D035A593 446B39B7 A42D626F AD040469 8287EE05 ACD941AD
88FD0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 12416476 616E6365 54485552 4D415354 4F4E2E30 1F060355
1D230418 30168014 215F8D79 6B7F6E8B 67E23E83 EAD34BCF 435A0BFB 301D0603
551D0E04 16041421 5F8D796B 7F6E8B67 E23E83EA D34BCF43 5A0BFB30 0D06092A
864886F7 0D010104 05000381 81006E39 1B1EC51A 4DFA7BEA 7A154FC5 F0A169E0
7ED3C8CE 1E40F134 C02D312B 7EC23E4D 9061766C F77CED40 6DA41264 23F90E0D
10A3788A 327D349E 871B2E7D 9B7EED07 6BDAC436 9F9F36C6 2D76CEB7 84DCE61B
6825279A 4A81DEB1 1572600A 20823550 68BA8427 1A7FB6E0 11E50747 4FF9E495
A4F1F8C5 D98ABA52 4E66658C F66A
quit
username admin privilege 15 password 0 EXCLUDED
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key EXCLUDED address AAA.AAA.AAA.AAA
crypto isakmp identity hostname
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto map main_map 10 ipsec-isakmp
set peer AAA.AAA.AAA.AAA
set transform-set set1
match address 102
!
!
!
interface Multilink1
ip unnumbered FastEthernet0/1
no cdp enable
ppp direction callout
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/0
description ***Port Closed***
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
description ***Uplink to Customer LAN***
ip address 10.2.1.1 255.255.255.0
duplex auto
speed auto
!
interface ATM0/0/0
description ***TEL: EXCLUDED***
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0
description ***TEL: EXCLUDED***
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface Virtual-Template1
no ip address
ppp authentication chap callin
ppp chap hostname EXCLUDED
ppp chap password 0 EXCLUDED
ppp direction callout
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
ip http server
ip http secure-server
!
access-list 25 remark ###Telnet Access###
access-list 25 permit EXCLUDED
access-list 25 permit EXCLUDED
access-list 102 permit ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 remark ###Nat Exemption for VPN###
access-list 103 deny ip 10.1.1.0 0.0.0.255 10.1.0.0 0.0.0.255
access-list 103 permit ip 10.1.1.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
logging synchronous
login local
line aux 0
logging synchronous
login local
line vty 0 4
access-class 25 in
exec-timeout 120 0
logging synchronous
login local
line vty 5 14
access-class 25 in
exec-timeout 120 0
logging synchronous
login local
!
end
ACA - IPOffice implement
ACA - IP Telephony
CCNA - Passed at last
Building configuration...
Current configuration : 4168 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname *********
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.1.0 10.2.1.20
!
ip dhcp pool ********
network 10.2.1.0 255.255.255.0
dns-server EXCLUDED
default-router 10.2.1.1
!
!
!
!
crypto pki trustpoint TP-self-signed-3383648989
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3383648989
revocation-check none
rsakeypair TP-self-signed-3383648989
!
!
crypto pki certificate chain TP-self-signed-3383648989
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333833 36343839 3839301E 170D3038 31313234 30383230
35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33383336
34383938 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C86B 230016D8 AF3FD1ED 41391BFC 548FE562 2A3FB0AA B9FCD284 37262B22
100CA34F D0CF1687 852ADDF6 F1EDA3B0 6439A5F4 7F056E26 21301589 17EDDF29
98A4811F 70C31331 478A62FA 668BBC98 1C74D3BA 45C4AF89 8F2694EF FF997776
CBF1733E 6088EC39 D035A593 446B39B7 A42D626F AD040469 8287EE05 ACD941AD
88FD0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 12416476 616E6365 54485552 4D415354 4F4E2E30 1F060355
1D230418 30168014 215F8D79 6B7F6E8B 67E23E83 EAD34BCF 435A0BFB 301D0603
551D0E04 16041421 5F8D796B 7F6E8B67 E23E83EA D34BCF43 5A0BFB30 0D06092A
864886F7 0D010104 05000381 81006E39 1B1EC51A 4DFA7BEA 7A154FC5 F0A169E0
7ED3C8CE 1E40F134 C02D312B 7EC23E4D 9061766C F77CED40 6DA41264 23F90E0D
10A3788A 327D349E 871B2E7D 9B7EED07 6BDAC436 9F9F36C6 2D76CEB7 84DCE61B
6825279A 4A81DEB1 1572600A 20823550 68BA8427 1A7FB6E0 11E50747 4FF9E495
A4F1F8C5 D98ABA52 4E66658C F66A
quit
username admin privilege 15 password 0 EXCLUDED
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key EXCLUDED address AAA.AAA.AAA.AAA
crypto isakmp identity hostname
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto map main_map 10 ipsec-isakmp
set peer AAA.AAA.AAA.AAA
set transform-set set1
match address 102
!
!
!
interface Multilink1
ip unnumbered FastEthernet0/1
no cdp enable
ppp direction callout
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/0
description ***Port Closed***
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
description ***Uplink to Customer LAN***
ip address 10.2.1.1 255.255.255.0
duplex auto
speed auto
!
interface ATM0/0/0
description ***TEL: EXCLUDED***
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0
description ***TEL: EXCLUDED***
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface Virtual-Template1
no ip address
ppp authentication chap callin
ppp chap hostname EXCLUDED
ppp chap password 0 EXCLUDED
ppp direction callout
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
ip http server
ip http secure-server
!
access-list 25 remark ###Telnet Access###
access-list 25 permit EXCLUDED
access-list 25 permit EXCLUDED
access-list 102 permit ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 remark ###Nat Exemption for VPN###
access-list 103 deny ip 10.1.1.0 0.0.0.255 10.1.0.0 0.0.0.255
access-list 103 permit ip 10.1.1.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
logging synchronous
login local
line aux 0
logging synchronous
login local
line vty 0 4
access-class 25 in
exec-timeout 120 0
logging synchronous
login local
line vty 5 14
access-class 25 in
exec-timeout 120 0
logging synchronous
login local
!
end
ACA - IPOffice implement
ACA - IP Telephony
CCNA - Passed at last