Cisco 800 series with passthrough config

[tjbradford]

not going to say this is the most secure nor am i going to say this will be what your after but its a good example config with VNC enabled on one of the inside devices.

please add tweak / adjust this config and post improvement's

hostname RTR-ADSL
!
no logging buffered
!

ip subnet-zero
ip dhcp database data
ip dhcp excluded-address 192.168.1.2
!
ip dhcp pool CLIENT
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

lease 0 2

ip dhcp pool SVR
host 192.168.1.2 255.255.255.0
client-identifier 0100.0934.1044.b2
default-router 192.168.1.1
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
password encryption aes
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ******.co.uk
ppp chap password magic
ppp pap sent-username *****.co.uk password magic
0323C30
ppp ipcp dns request accept
ppp ipcp wins request accept
hold-queue 224 in
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.2 5900 interface Dialer1 5900
ip nat inside source static tcp 192.168.1.2 5800 interface Dialer1 5800
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http secure-server
!
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 permit tcp any any eq 5900
access-list 111 permit tcp any any eq 5800
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
dialer-list 1 protocol ip permit
banner motd ^CC
##############################################################
# >>>> WARNING <<<< #
# YOU HAVE CONNECTED TO A RESTRICTED RESOURCE IF YOU ARE #
# NOT AUTHORISED TO ACCESS THIS DEVICE EXIT IMMEDIATELY #
# #
##############################################################

^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end

RTR-ADSL#


hope this is useful to some