Hi
I'm a Cisco newbie and I have managed to get my Cisco 877(C870-ADVIPSERVICESK9-M) ver 12.4 IOS)connected to my new provdier.
From the router I can ping externally, however when I try an internal (from the PC) to external (google ip address)
ping I recieve a 'trasmit failed. general failure. Any ideas please? config is below:
Building configuration...
Current configuration : 15169 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname RAxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 1024000
logging console critical
no logging monitor
enable secret
enable password
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login group local
aaa authentication enable default enable
aaa authentication ppp default if-needed
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone GMT 0
ip cef
!
!
!
!
no ip bootp server
ip domain name AdConnection.local
ip name-server 77.7x.xxx.xxx
ip name-server 77.7x.xxx.xxx
ip inspect log drop-pkt
ip inspect name FIREWALL tcp timeout 7200
ip inspect name FIREWALL ftp
ip inspect name FIREWALL sqlnet
ip inspect name FIREWALL udp
ip inspect name FIREWALL realaudio
ip inspect name FIREWALL rtsp
ip inspect name FIREWALL tftp
ip inspect name FIREWALL netshow
ip inspect name FIREWALL icmp
ip inspect name FIREWALL ntp
!
multilink bundle-name authenticated
password encryption aes
!
crypto pki trustpoint TP-self-signed-273xxx098
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2732xx2098
revocation-check none
rsakeypair TP-self-signed-273xxx098
!
!
crypto pki certificate chain TP-self-signed-2732172098
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37333231
8100B787 701EE800 0D68CD83 E65066E3 4D37F987 E38ACDA4 5B8954F3 E72D68FE
10C3AA8D 0305AC36 67BDD750 4F8B498F 41F20D00 E4DEA750 E44CFFCD 6732D3B1
E0CD372C D595D34D 9106AFFB B7B46CCC 495E28F6 63937BD7 D88AE53A 939432E3
quit
!
!
username Admin privilege 15 password
username definedit privilege 15 password
!
!
!
bridge irb
!
!
!
interface Loopback1
ip address 10.10.1.1 255.255.0.0
no ip unreachables
!
interface Null0
no ip unreachables
!
interface ATM0
description *** Layer 2 DSL Interface ***
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description *** vendor LLU ***
mtu 1492
no ip redirects
no ip unreachables
no ip proxy-arp
ip tcp adjust-mss 1452
no snmp trap link-status
pvc 0/101
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no cdp enable
!
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface Virtual-Template3 type tunnel
no ip address
ip nat inside
ip virtual-reassembly
tunnel mode ipsec ipv4
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
bridge-group 1
!
interface Dialer1
mtu 1492
ip address 93.xx.xx.xx 255.xxx.xxx.xxx
ip access-group in-from-internet in
ip mtu 1452
ip nat outside
ip inspect FIREWALL out
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password xxxxxxxxxxx
ppp ipcp dns request
ppp ipcp route default
!
interface BVI1
ip address 172.20.20.254 255.255.0.0
ip access-group in-from-lan in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1200
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map NAT-RULES interface Dialer1 overload
ip nat inside source static tcp 172.20.20.230 25 93.89.94.65 25 extendable
ip nat inside source static tcp 172.20.20.220 389 93.89.94.65 389 extendable
ip nat inside source static tcp 172.20.20.230 443 93.89.94.65 443 extendable
ip nat inside source static tcp 172.20.20.230 3389 93.89.94.65 3389 extendable
ip nat inside source static tcp 172.20.20.230 4125 93.89.94.65 4125 extendable
!
ip access-list extended in-from-internet
remark *** Internet Access List **************************************************************
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp any eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp any eq ntp
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 192.168.200.254 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 192.168.200.254 eq ntp
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 93.89.94.65 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 93.89.94.65 eq ntp
remark *** VPN Traffic ***********************************************************************
permit esp any host 93.89.94.65
remark *** DNS traffic ***********************************************************************
permit udp host 212.104.130.9 eq domain host 93.89.94.65
permit udp host 212.104.130.65 eq domain host 93.89.94.65
remark *** Allow SSH Access ******************************************************************
permit tcp any host 93.89.94.65 eq 22
remark *** Permit SMTP Traffic From Mimecast *************************************************
permit tcp 135.196.24.192 0.0.0.15 host 93.89.64.65 eq smtp
permit tcp 212.2.3.128 0.0.0.63 host 93.89.64.65 eq smtp
permit tcp 213.235.63.64 0.0.0.63 host 93.89.64.65 eq smtp
permit tcp 212.188.232.144 0.0.0.7 host 93.89.64.65 eq smtp
permit tcp 94.185.244.0 0.0.0.255 host 93.89.64.65 eq smtp
permit tcp 94.185.240.0 0.0.0.255 host 93.89.64.65 eq smtp
permit tcp 195.130.217.0 0.0.0.255 host 93.89.64.65 eq smtp
remark *** Allow HTTPS Webmail traffic to server *********************************************
permit tcp any host 93.89.94.65 eq 443
remark RDP Inbound
permit tcp any host 93.89.94.65 eq 3389
remark *** Allow HTTPS RWW traffic to server *************************************************
permit tcp any host 93.89.94.65 eq 4125
remark *** Mimecast LDAP Traffic *************************************************************
permit tcp 135.196.24.192 0.0.0.15 host 93.89.64.65 eq 389
permit tcp 212.2.3.128 0.0.0.63 host 93.89.64.65 eq 389
permit tcp 213.235.63.64 0.0.0.63 host 93.89.64.65 eq 389
permit tcp 212.188.232.144 0.0.0.7 host 93.89.64.65 eq 389
permit tcp 94.185.244.0 0.0.0.255 host 93.89.64.65 eq 389
permit tcp 94.185.240.0 0.0.0.255 host 93.89.64.65 eq 389
permit tcp 195.130.217.0 0.0.0.255 host 93.89.64.65 eq 389
remark *** Misc Traffic **********************************************************************
permit icmp any host 93.89.94.65
permit udp any host 93.89.64.65 eq isakmp
permit tcp 172.20.0.0 0.0.255.255 eq 8080 any eq 8080
permit ip 172.20.0.0 0.0.255.255 any
remark *** Deny Specific Traffic *************************************************************
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip host 255.255.255.255 any
deny ip host 213.152.39.66 any
deny ip host 0.0.0.0 any
remark *** Deny and Log all other Traffic ****************************************************
deny ip any any
remark *** Internet Access List **************************************************************
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark *** VPN Traffic ***********************************************************************
remark *** DNS traffic ***********************************************************************
remark *** Allow SSH Access ******************************************************************
remark *** Permit SMTP Traffic From Mimecast *************************************************
remark *** Allow HTTPS Webmail traffic to server *********************************************
remark RDP Inbound
remark *** Allow HTTPS RWW traffic to server *************************************************
remark *** Mimecast LDAP Traffic *************************************************************
remark *** Misc Traffic **********************************************************************
remark *** Deny Specific Traffic *************************************************************
remark *** Deny and Log all other Traffic ****************************************************
ip access-list extended in-from-lan
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 192.168.1.254 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 192.168.1.254 eq ntp
permit udp host 172.20.20.220 eq 1645 host 172.20.20.254
permit udp host 172.20.20.220 eq 1646 host 172.20.20.254
permit tcp host 172.20.20.220 any eq smtp
deny tcp 172.20.20.0 0.0.0.255 any eq smtp
permit ip any any
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
ip access-list extended nat-to-public
remark *** Do not address translate VPN traffic **********************************************
remark CCP_ACL Category=18
remark *** Address translate all outgoing traffic using interface PAT ************************
permit ip 172.20.0.0 0.0.0.255 any
remark *** Do not address translate VPN traffic **********************************************
remark CCP_ACL Category=18
remark *** Address translate all outgoing traffic using interface PAT ************************
ip access-list extended vpn-2-nat-to-public
remark ***vpn 2 to nat to pulic***
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 192.168.2.254 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 192.168.2.254 eq ntp
remark ****vpn 2 to public***
permit ip 192.168.2.0 0.0.0.255 any
remark ****vpn 2 to public***
permit ip 192.168.1.0 0.0.0.255 any
remark ***vpn 2 to nat to pulic***
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark ****vpn 2 to public***
remark ****vpn 2 to public***
!
logging trap debugging
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.20.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.16.0 0.0.0.255
access-list 4 remark CCP_ACL Category=2
access-list 4 permit 192.168.2.0 0.0.0.255
access-list 5 remark CCP_ACL Category=2
access-list 5 permit 192.168.200.0 0.0.0.255
access-list 6 remark CCP_ACL Category=2
access-list 6 permit 172.20.0.0 0.0.255.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 172.20.0.0 0.0.255.255 any
access-list 100 remark CCP_ACL Category=4
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 172.20.0.0 0.0.255.255 any
access-list 101 remark Allow IPsec DNS
access-list 101 permit udp 10.10.10.0 0.0.0.255 eq domain host 192.168.1.1 eq domain
access-list 101 remark CCP_ACL Category=4
access-list 101 remark Allow IPsec DNS
access-list 102 remark CCP_ACL Category=4
access-list 102 permit ip 172.0.0.0 0.255.255.255 any
access-list 102 remark CCP_ACL Category=4
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 172.20.20.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=4
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map NAT-RULES permit 10
match ip address nat-to-public
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCC
***********************************************************************
***********************************************************************
* *
* *** WARNING *** *
* *
* This is a private system. *
* Unauthorised access is prohibited and access attempts *
* are logged. *
* *
* Unauthorised access or misuse of this system is a *
* criminal offence and offenders will be prosecuted *
* *
***********************************************************************
***********************************************************************
^C
!
line con 0
exec-timeout 5 0
password 7 062506324F41
login authentication LOCAL
no modem enable
transport preferred none
transport output telnet
line aux 0
transport preferred none
transport output none
line vty 0 4
exec-timeout 5 0
privilege level 15
password 7 05280F1C2243
login authentication LOCAL
transport preferred ssh
transport input telnet ssh
transport output telnet
!
scheduler max-task-time 5000
end
I'm a Cisco newbie and I have managed to get my Cisco 877(C870-ADVIPSERVICESK9-M) ver 12.4 IOS)connected to my new provdier.
From the router I can ping externally, however when I try an internal (from the PC) to external (google ip address)
ping I recieve a 'trasmit failed. general failure. Any ideas please? config is below:
Building configuration...
Current configuration : 15169 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname RAxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 1024000
logging console critical
no logging monitor
enable secret
enable password
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login group local
aaa authentication enable default enable
aaa authentication ppp default if-needed
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone GMT 0
ip cef
!
!
!
!
no ip bootp server
ip domain name AdConnection.local
ip name-server 77.7x.xxx.xxx
ip name-server 77.7x.xxx.xxx
ip inspect log drop-pkt
ip inspect name FIREWALL tcp timeout 7200
ip inspect name FIREWALL ftp
ip inspect name FIREWALL sqlnet
ip inspect name FIREWALL udp
ip inspect name FIREWALL realaudio
ip inspect name FIREWALL rtsp
ip inspect name FIREWALL tftp
ip inspect name FIREWALL netshow
ip inspect name FIREWALL icmp
ip inspect name FIREWALL ntp
!
multilink bundle-name authenticated
password encryption aes
!
crypto pki trustpoint TP-self-signed-273xxx098
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2732xx2098
revocation-check none
rsakeypair TP-self-signed-273xxx098
!
!
crypto pki certificate chain TP-self-signed-2732172098
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37333231
8100B787 701EE800 0D68CD83 E65066E3 4D37F987 E38ACDA4 5B8954F3 E72D68FE
10C3AA8D 0305AC36 67BDD750 4F8B498F 41F20D00 E4DEA750 E44CFFCD 6732D3B1
E0CD372C D595D34D 9106AFFB B7B46CCC 495E28F6 63937BD7 D88AE53A 939432E3
quit
!
!
username Admin privilege 15 password
username definedit privilege 15 password
!
!
!
bridge irb
!
!
!
interface Loopback1
ip address 10.10.1.1 255.255.0.0
no ip unreachables
!
interface Null0
no ip unreachables
!
interface ATM0
description *** Layer 2 DSL Interface ***
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description *** vendor LLU ***
mtu 1492
no ip redirects
no ip unreachables
no ip proxy-arp
ip tcp adjust-mss 1452
no snmp trap link-status
pvc 0/101
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no cdp enable
!
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface Virtual-Template3 type tunnel
no ip address
ip nat inside
ip virtual-reassembly
tunnel mode ipsec ipv4
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
bridge-group 1
!
interface Dialer1
mtu 1492
ip address 93.xx.xx.xx 255.xxx.xxx.xxx
ip access-group in-from-internet in
ip mtu 1452
ip nat outside
ip inspect FIREWALL out
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password xxxxxxxxxxx
ppp ipcp dns request
ppp ipcp route default
!
interface BVI1
ip address 172.20.20.254 255.255.0.0
ip access-group in-from-lan in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1200
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map NAT-RULES interface Dialer1 overload
ip nat inside source static tcp 172.20.20.230 25 93.89.94.65 25 extendable
ip nat inside source static tcp 172.20.20.220 389 93.89.94.65 389 extendable
ip nat inside source static tcp 172.20.20.230 443 93.89.94.65 443 extendable
ip nat inside source static tcp 172.20.20.230 3389 93.89.94.65 3389 extendable
ip nat inside source static tcp 172.20.20.230 4125 93.89.94.65 4125 extendable
!
ip access-list extended in-from-internet
remark *** Internet Access List **************************************************************
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp any eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp any eq ntp
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 192.168.200.254 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 192.168.200.254 eq ntp
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 93.89.94.65 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 93.89.94.65 eq ntp
remark *** VPN Traffic ***********************************************************************
permit esp any host 93.89.94.65
remark *** DNS traffic ***********************************************************************
permit udp host 212.104.130.9 eq domain host 93.89.94.65
permit udp host 212.104.130.65 eq domain host 93.89.94.65
remark *** Allow SSH Access ******************************************************************
permit tcp any host 93.89.94.65 eq 22
remark *** Permit SMTP Traffic From Mimecast *************************************************
permit tcp 135.196.24.192 0.0.0.15 host 93.89.64.65 eq smtp
permit tcp 212.2.3.128 0.0.0.63 host 93.89.64.65 eq smtp
permit tcp 213.235.63.64 0.0.0.63 host 93.89.64.65 eq smtp
permit tcp 212.188.232.144 0.0.0.7 host 93.89.64.65 eq smtp
permit tcp 94.185.244.0 0.0.0.255 host 93.89.64.65 eq smtp
permit tcp 94.185.240.0 0.0.0.255 host 93.89.64.65 eq smtp
permit tcp 195.130.217.0 0.0.0.255 host 93.89.64.65 eq smtp
remark *** Allow HTTPS Webmail traffic to server *********************************************
permit tcp any host 93.89.94.65 eq 443
remark RDP Inbound
permit tcp any host 93.89.94.65 eq 3389
remark *** Allow HTTPS RWW traffic to server *************************************************
permit tcp any host 93.89.94.65 eq 4125
remark *** Mimecast LDAP Traffic *************************************************************
permit tcp 135.196.24.192 0.0.0.15 host 93.89.64.65 eq 389
permit tcp 212.2.3.128 0.0.0.63 host 93.89.64.65 eq 389
permit tcp 213.235.63.64 0.0.0.63 host 93.89.64.65 eq 389
permit tcp 212.188.232.144 0.0.0.7 host 93.89.64.65 eq 389
permit tcp 94.185.244.0 0.0.0.255 host 93.89.64.65 eq 389
permit tcp 94.185.240.0 0.0.0.255 host 93.89.64.65 eq 389
permit tcp 195.130.217.0 0.0.0.255 host 93.89.64.65 eq 389
remark *** Misc Traffic **********************************************************************
permit icmp any host 93.89.94.65
permit udp any host 93.89.64.65 eq isakmp
permit tcp 172.20.0.0 0.0.255.255 eq 8080 any eq 8080
permit ip 172.20.0.0 0.0.255.255 any
remark *** Deny Specific Traffic *************************************************************
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip host 255.255.255.255 any
deny ip host 213.152.39.66 any
deny ip host 0.0.0.0 any
remark *** Deny and Log all other Traffic ****************************************************
deny ip any any
remark *** Internet Access List **************************************************************
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark *** VPN Traffic ***********************************************************************
remark *** DNS traffic ***********************************************************************
remark *** Allow SSH Access ******************************************************************
remark *** Permit SMTP Traffic From Mimecast *************************************************
remark *** Allow HTTPS Webmail traffic to server *********************************************
remark RDP Inbound
remark *** Allow HTTPS RWW traffic to server *************************************************
remark *** Mimecast LDAP Traffic *************************************************************
remark *** Misc Traffic **********************************************************************
remark *** Deny Specific Traffic *************************************************************
remark *** Deny and Log all other Traffic ****************************************************
ip access-list extended in-from-lan
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 192.168.1.254 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 192.168.1.254 eq ntp
permit udp host 172.20.20.220 eq 1645 host 172.20.20.254
permit udp host 172.20.20.220 eq 1646 host 172.20.20.254
permit tcp host 172.20.20.220 any eq smtp
deny tcp 172.20.20.0 0.0.0.255 any eq smtp
permit ip any any
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
ip access-list extended nat-to-public
remark *** Do not address translate VPN traffic **********************************************
remark CCP_ACL Category=18
remark *** Address translate all outgoing traffic using interface PAT ************************
permit ip 172.20.0.0 0.0.0.255 any
remark *** Do not address translate VPN traffic **********************************************
remark CCP_ACL Category=18
remark *** Address translate all outgoing traffic using interface PAT ************************
ip access-list extended vpn-2-nat-to-public
remark ***vpn 2 to nat to pulic***
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
permit udp host 192.5.41.209 eq ntp host 192.168.2.254 eq ntp
remark Auto generated by SDM for NTP (123) 129.132.2.21
permit udp host 129.132.2.21 eq ntp host 192.168.2.254 eq ntp
remark ****vpn 2 to public***
permit ip 192.168.2.0 0.0.0.255 any
remark ****vpn 2 to public***
permit ip 192.168.1.0 0.0.0.255 any
remark ***vpn 2 to nat to pulic***
remark CCP_ACL Category=17
remark Auto generated by SDM for NTP (123) 192.5.41.209
remark Auto generated by SDM for NTP (123) 129.132.2.21
remark ****vpn 2 to public***
remark ****vpn 2 to public***
!
logging trap debugging
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.20.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.16.0 0.0.0.255
access-list 4 remark CCP_ACL Category=2
access-list 4 permit 192.168.2.0 0.0.0.255
access-list 5 remark CCP_ACL Category=2
access-list 5 permit 192.168.200.0 0.0.0.255
access-list 6 remark CCP_ACL Category=2
access-list 6 permit 172.20.0.0 0.0.255.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 172.20.0.0 0.0.255.255 any
access-list 100 remark CCP_ACL Category=4
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 172.20.0.0 0.0.255.255 any
access-list 101 remark Allow IPsec DNS
access-list 101 permit udp 10.10.10.0 0.0.0.255 eq domain host 192.168.1.1 eq domain
access-list 101 remark CCP_ACL Category=4
access-list 101 remark Allow IPsec DNS
access-list 102 remark CCP_ACL Category=4
access-list 102 permit ip 172.0.0.0 0.255.255.255 any
access-list 102 remark CCP_ACL Category=4
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 172.20.20.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=4
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map NAT-RULES permit 10
match ip address nat-to-public
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCC
***********************************************************************
***********************************************************************
* *
* *** WARNING *** *
* *
* This is a private system. *
* Unauthorised access is prohibited and access attempts *
* are logged. *
* *
* Unauthorised access or misuse of this system is a *
* criminal offence and offenders will be prosecuted *
* *
***********************************************************************
***********************************************************************
^C
!
line con 0
exec-timeout 5 0
password 7 062506324F41
login authentication LOCAL
no modem enable
transport preferred none
transport output telnet
line aux 0
transport preferred none
transport output none
line vty 0 4
exec-timeout 5 0
privilege level 15
password 7 05280F1C2243
login authentication LOCAL
transport preferred ssh
transport input telnet ssh
transport output telnet
!
scheduler max-task-time 5000
end
