Hello everyone:
I'm in a great need of assistance. Please help me!!! I'm setting up a Site-to-Site VPN between an 871 and 831 router. i can almost see the light at the end of the tunnel, but, it seems i'm beeing block by what looks like a pebble or maybe, the fat lady is getting close and getting ready to sing. please, someone, help me queue the fat lady. LET THE FAT LADY SING ??...hope the litle joke doesn't offend anyone. Thanks............
here are the configuration of the routers
Cisco Router 831 with GRE - Bellsouth network static ip
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname tiger
!
logging buffered 51200 warnings
enable secret 5 $1$qXom$Phn6/FKwQWsS75RehDvyZ.
enable password 7 10540F1004131F0202
!
username zfizulu password 7 06010E254147074E56
aaa new-model
!
aaa authentication login default local
aaa authentication login RTR-REMOTE local
aaa authorization exec deault local
aaa authorization network RTR-REMOTE local
aaa session-id common
ip subnet-zero
no ip domain lookup
ip domain name zaxbys.com
ip dhcp excluded-address 192.168.20.1 192.168.20.199
ip dhcp excluded-address 192.168.20.251 192.168.20.254
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool CLIENT
import all
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
lease 4
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw http
ip inspect name myfw icmp
ip urlfilter alert
ip audit notify log
ip audit po max-events 100
vpdn enable
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
lifetime 480
!
crypto isakmp client configuration group RTR-REMOTE
key 0 mysecretkeyhome
dns 205.152.37.23 205.152.144.23
domain bellsouth.net
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set peer 68.xx.xxx.xxxx
set peer 74.x.x.x
set transform-set vpn1
set pfs group2
match address 111
reverse-route
crypto map satic-map 1 ipsec-isakmp dynamic dynmap
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
!
interface Tunnel1
ip address 10.0.2.3 255.255.255.0
tunnel source 192.168.20.1
tunnel destination 10.0.1.3
crypto map static-map
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.20.1-255.255.255.0
ip address 192.168.20.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip access-group 122 out
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
ip address 10.253.15.19 255.255.0.0
ip access-group 111 in
ip inspect myfw out
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
crypto map static-map
!
interface Dialer1
ip address negotiated
ip access-group vpnstatic in
ip mtu 1492
ip nat outside
ip inspect myfw out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username@bellsouth.net
ppp chap password 7 1444415359517F7D
ppp pap sent-username username@bellsouth.net password 7 075C72141B5C4C53
ppp ipcp dns request
ppp ipcp wins request
crypto map static-map
!
ip local pool dynpool1 192.168.20.60 192.168.20.78
ip nat inside source list 102 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
!
ip access-list extended vpnstatic1
permit gre host 10.0.1.3 host 10.0.1.4
!
access-list 102 permit ip 192.168.20.0 0.0.0.255 any
access-list 111 permit tcp any any eq telnet
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
access-list 111 permit ahp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx
access-list 111 permit esp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx
access-list 111 permit udp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx eq isakmp
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
radius-server authorization permit missing Service-Type
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
length 0
!
scheduler max-task-time 5000
end
tiger#
Cisco Router 871w with GRE - Charter network DHCP
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Lion
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$2KJq$w3jVrr1258HpMzNDwMLry0
enable password $$$$2121
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login rtr-remote local
authentication login RTR-REMOTE local
aaa authorization exec default local
aaa authorization network RTR-REMOTE local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.2.1
ip dhcp excluded-address 10.10.2.0 10.10.2.200
ip dhcp excluded-address 192.168.1.1 192.168.1.199
ip dhcp excluded-address 192.168.1.251 192.168.1.254
!
ip dhcp pool internal-net
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
domain-name charter.net
lease 2
!
ip dhcp pool VLAN20
import all
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
domain-name charter.net
lease 2
!
ip inspect name ZaxFW tcp
ip inspect name ZaxFW udp
ip inspect name ZaxFW ftp
ip inspect name ZaxFW http
ip inspect name ZaxFW https
no ip domain lookup
ip domain name charter.net
!
crypto pki trustpoint TP-self-signed-2024531682
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2024531682
revocation-check none
rsakeypair TP-self-signed-2024531682
quit
username zfizulu privilege 15 password 0 &#&#&#
username zfizoulu privilege 15 password 0 *&&^%$
username cisco password 0 *&^^%^&$R
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
lifetime 480
!
crypto isakmp client configuration group RTR-REMOTE
key mysecretkeyhome
dns 24.197.160.17
domain charter.net
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-des
!
crypto dynamic-map dynmap 1
set peer 68.xx.xxx.xxxx
set peer 74.xx.xxx.xxxx
set transform-set vpn1
set pfs group2
match address 111
reverse-route
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
!
bridge irb
!
interface Tunnel1
ip address 10.0.1.3 255.255.255.0
tunnel source BVI1
tunnel destination 10.0.2.3
crypto map static-map
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
description Wide Area Network$ES_WAN$
ip address dhcp
ip access-group vpnstatic1 in
ip inspect ZaxFW out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
crypto map static-map
!
interface Dot11Radio0
no ip address
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid LHC
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 ##$@$@^@&@
!
ssid LionHeart
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 @!^@@*@*@*@@%%@%@
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
power local cck 20
channel 2417
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest Wireless LAN
encapsulation dot1Q 20
ip address 10.10.2.1 255.255.255.0
ip access-group Guest-ACL in
ip inspect ZaxFW out
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
interface Vlan1
description Virtual LAN
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description Bridge to Internal LAN
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static udp 192.168.1.50 69 interface FastEthernet4 69
ip nat inside source static tcp 192.168.1.200 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.168.1.200 1723 interface FastEthernet4 1723
ip nat inside source static tcp 192.168.1.80 5501 interface FastEthernet4 5501
ip nat inside source static tcp 192.168.1.40 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.1.200 23 interface FastEthernet4 23
ip nat inside source static tcp 192.168.1.40 5940 interface FastEthernet4 5940
!
ip access-list extended Guest-ACL
permit ip any any
permit ip host 192.168.1.50 any
deny ip any 192.168.1.0 0.0.0.255
ip access-list extended Internet-inbound-ACL
permit tcp any any eq 3389
permit tcp any any eq 1723
permit tcp any any eq 5501
permit tcp any any eq 5500
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit udp any any eq tftp
permit tcp any eq ftp-data any eq ftp-data
permit tcp any eq ftp any eq ftp
permit tcp any any eq telnet
ip access-list extended vpnstatic1
permit gre host 10.0.2.3 host 10.0.2.4
!
access-list 1 permit 192.168.1.0 0.0.0.254
access-list 1 permit 10.10.2.0 0.0.0.254
access-list 1 remark SDM_ACL Category=18
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.10.2.0 0.0.0.255
access-list 111 permit ahp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx
no cdp run
!
control-plane
!
bridge 1 route ip
banner login ^Cc
Access to this device is RESTRICTED..!!!
^C
!
line con 0
password #&#%#^#^#*(#
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
Lion#
I'm in a great need of assistance. Please help me!!! I'm setting up a Site-to-Site VPN between an 871 and 831 router. i can almost see the light at the end of the tunnel, but, it seems i'm beeing block by what looks like a pebble or maybe, the fat lady is getting close and getting ready to sing. please, someone, help me queue the fat lady. LET THE FAT LADY SING ??...hope the litle joke doesn't offend anyone. Thanks............
here are the configuration of the routers
Cisco Router 831 with GRE - Bellsouth network static ip
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname tiger
!
logging buffered 51200 warnings
enable secret 5 $1$qXom$Phn6/FKwQWsS75RehDvyZ.
enable password 7 10540F1004131F0202
!
username zfizulu password 7 06010E254147074E56
aaa new-model
!
aaa authentication login default local
aaa authentication login RTR-REMOTE local
aaa authorization exec deault local
aaa authorization network RTR-REMOTE local
aaa session-id common
ip subnet-zero
no ip domain lookup
ip domain name zaxbys.com
ip dhcp excluded-address 192.168.20.1 192.168.20.199
ip dhcp excluded-address 192.168.20.251 192.168.20.254
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool CLIENT
import all
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
lease 4
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw http
ip inspect name myfw icmp
ip urlfilter alert
ip audit notify log
ip audit po max-events 100
vpdn enable
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
lifetime 480
!
crypto isakmp client configuration group RTR-REMOTE
key 0 mysecretkeyhome
dns 205.152.37.23 205.152.144.23
domain bellsouth.net
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set peer 68.xx.xxx.xxxx
set peer 74.x.x.x
set transform-set vpn1
set pfs group2
match address 111
reverse-route
crypto map satic-map 1 ipsec-isakmp dynamic dynmap
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
!
interface Tunnel1
ip address 10.0.2.3 255.255.255.0
tunnel source 192.168.20.1
tunnel destination 10.0.1.3
crypto map static-map
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.20.1-255.255.255.0
ip address 192.168.20.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip access-group 122 out
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
ip address 10.253.15.19 255.255.0.0
ip access-group 111 in
ip inspect myfw out
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
crypto map static-map
!
interface Dialer1
ip address negotiated
ip access-group vpnstatic in
ip mtu 1492
ip nat outside
ip inspect myfw out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username@bellsouth.net
ppp chap password 7 1444415359517F7D
ppp pap sent-username username@bellsouth.net password 7 075C72141B5C4C53
ppp ipcp dns request
ppp ipcp wins request
crypto map static-map
!
ip local pool dynpool1 192.168.20.60 192.168.20.78
ip nat inside source list 102 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
!
ip access-list extended vpnstatic1
permit gre host 10.0.1.3 host 10.0.1.4
!
access-list 102 permit ip 192.168.20.0 0.0.0.255 any
access-list 111 permit tcp any any eq telnet
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
access-list 111 permit ahp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx
access-list 111 permit esp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx
access-list 111 permit udp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx eq isakmp
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
radius-server authorization permit missing Service-Type
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
length 0
!
scheduler max-task-time 5000
end
tiger#
Cisco Router 871w with GRE - Charter network DHCP
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Lion
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$2KJq$w3jVrr1258HpMzNDwMLry0
enable password $$$$2121
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login rtr-remote local
authentication login RTR-REMOTE local
aaa authorization exec default local
aaa authorization network RTR-REMOTE local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.2.1
ip dhcp excluded-address 10.10.2.0 10.10.2.200
ip dhcp excluded-address 192.168.1.1 192.168.1.199
ip dhcp excluded-address 192.168.1.251 192.168.1.254
!
ip dhcp pool internal-net
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
domain-name charter.net
lease 2
!
ip dhcp pool VLAN20
import all
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
domain-name charter.net
lease 2
!
ip inspect name ZaxFW tcp
ip inspect name ZaxFW udp
ip inspect name ZaxFW ftp
ip inspect name ZaxFW http
ip inspect name ZaxFW https
no ip domain lookup
ip domain name charter.net
!
crypto pki trustpoint TP-self-signed-2024531682
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2024531682
revocation-check none
rsakeypair TP-self-signed-2024531682
quit
username zfizulu privilege 15 password 0 &#&#&#
username zfizoulu privilege 15 password 0 *&&^%$
username cisco password 0 *&^^%^&$R
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
lifetime 480
!
crypto isakmp client configuration group RTR-REMOTE
key mysecretkeyhome
dns 24.197.160.17
domain charter.net
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-des
!
crypto dynamic-map dynmap 1
set peer 68.xx.xxx.xxxx
set peer 74.xx.xxx.xxxx
set transform-set vpn1
set pfs group2
match address 111
reverse-route
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
!
bridge irb
!
interface Tunnel1
ip address 10.0.1.3 255.255.255.0
tunnel source BVI1
tunnel destination 10.0.2.3
crypto map static-map
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
description Wide Area Network$ES_WAN$
ip address dhcp
ip access-group vpnstatic1 in
ip inspect ZaxFW out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
crypto map static-map
!
interface Dot11Radio0
no ip address
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid LHC
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 ##$@$@^@&@
!
ssid LionHeart
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 @!^@@*@*@*@@%%@%@
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
power local cck 20
channel 2417
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest Wireless LAN
encapsulation dot1Q 20
ip address 10.10.2.1 255.255.255.0
ip access-group Guest-ACL in
ip inspect ZaxFW out
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
interface Vlan1
description Virtual LAN
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description Bridge to Internal LAN
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static udp 192.168.1.50 69 interface FastEthernet4 69
ip nat inside source static tcp 192.168.1.200 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.168.1.200 1723 interface FastEthernet4 1723
ip nat inside source static tcp 192.168.1.80 5501 interface FastEthernet4 5501
ip nat inside source static tcp 192.168.1.40 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.1.200 23 interface FastEthernet4 23
ip nat inside source static tcp 192.168.1.40 5940 interface FastEthernet4 5940
!
ip access-list extended Guest-ACL
permit ip any any
permit ip host 192.168.1.50 any
deny ip any 192.168.1.0 0.0.0.255
ip access-list extended Internet-inbound-ACL
permit tcp any any eq 3389
permit tcp any any eq 1723
permit tcp any any eq 5501
permit tcp any any eq 5500
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit udp any any eq tftp
permit tcp any eq ftp-data any eq ftp-data
permit tcp any eq ftp any eq ftp
permit tcp any any eq telnet
ip access-list extended vpnstatic1
permit gre host 10.0.2.3 host 10.0.2.4
!
access-list 1 permit 192.168.1.0 0.0.0.254
access-list 1 permit 10.10.2.0 0.0.0.254
access-list 1 remark SDM_ACL Category=18
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.10.2.0 0.0.0.255
access-list 111 permit ahp host 68.xx.xxx.xxxx host 74.xx.xxx.xxxx
no cdp run
!
control-plane
!
bridge 1 route ip
banner login ^Cc
Access to this device is RESTRICTED..!!!
^C
!
line con 0
password #&#%#^#^#*(#
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
Lion#