mknew
IS-IT--Management
- Sep 9, 2013
- 9
here the config, router: 1841
Building configuration...
Current configuration : 3054 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname X_R_Z
!
boot-start-marker
boot system flash:c1841-advipservicesk9-mz.124-12.bin
boot-end-marker
!
no logging buffered
enable secret 5 $1$MNXK$lahi6sf17juTZIYm877hT.
enable password cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.87
ip dhcp excluded-address 192.168.1.1 192.168.1.66
ip dhcp excluded-address 192.168.1.106
!
ip dhcp pool Xyz
network 192.168.1.0 255.255.255.0
default-router 192.168.1.77
dns-server 196.29.180.39 196.29.164.49 192.168.1.82
domain-name wr
!
!
no ip domain lookup
!
!
!
username w1 privilege 15 password 0 ww2
username firm privilege 15 secret 5 $1$oIDZ$JHpf0Hft0qMAi4oabOfM..
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group testvpn
key 111111
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA1
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
description WAN_INTERFACE
no ip address
no ip proxy-arp
ip mtu 1400
speed 100
full-duplex
!
interface FastEthernet0/0.71
encapsulation dot1Q 71
ip dhcp relay information trusted
ip address 192.168.1.77 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.75
encapsulation dot1Q 75
ip address 197.251.229.147 255.255.255.252
no ip proxy-arp
ip nat outside
ip virtual-reassembly
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
ip address 10.8.0.1 255.255.255.0
duplex auto
speed auto
!
ip local pool SDM_POOL_1 192.168.50.1 192.168.50.5
ip route 0.0.0.0 0.0.0.0 197.251.229.146
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0.75 overload
!
ip access-list extended X-Yh
remark SDM_ACL Category=16
deny ip any host 192.168.50.1
deny ip any host 192.168.50.2
deny ip any host 192.168.50.3
deny ip any host 192.168.50.4
deny ip any host 192.168.50.5
permit ip 192.168.1.0 0.0.0.255 any
!
!
route-map SDM_RMAP_1 permit 1
match ip address X-Yh
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password SR
!
scheduler allocate 20000 1000
end
Appreciate your help