poplarbark
IS-IT--Management
- Jan 28, 2010
- 2
I'm trying to connect to a remote 871W (33.33.33.210) from 2 networks (55.55.55.0 and 66.66.66.0) to manage it via SDM. No such luck. It seems like it would be an easy one to fix, but the config is very long.
Thanks for your help.
!This is the running config of the router: 192.168.181.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXX871w
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods
action-type start-stop
group rad_acct
!
!
!
aaa session-id common
!
c
dot11 syslog
!
dot11 ssid XXX_Net02W
!
dot11 ssid XXX_Net02w
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXnetwork
!
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.181.1 192.168.181.99
ip dhcp excluded-address 192.168.181.126 192.168.181.254
!
ip dhcp pool sdm-pool
import all
network 192.168.181.0 255.255.255.0
default-router 192.168.181.1
domain-name XXX
dns-server 192.168.181.2 192.168.181.4
netbios-name-server 192.168.181.2
lease 0 2
!
!
ip cef
ip domain name XXX.com
ip name-server 208.xxx.xxx.xxx
ip name-server 208.xxx.xxx.xxx
no ip port-map biff port udp 512 description Bliff mail notification
no ip port-map ircs port tcp 994 description IRC over TLS/SSL
no ip port-map cifs port udp 3020 description CIFS
no ip port-map cifs port tcp 3020 description CIFS
no ip port-map h225ras port udp 1719 description H225 RAS over Unicast
no ip port-map h323 port tcp 1720 description H.323 Protocol (e.g, MS NetMeeting, Inte
no ip port-map x11 port tcp from 6000 to 6606 description X Window System
no ip port-map lotusmtap port udp 3007 description Lotus Mail Tracking Agent Protocol
no ip port-map lotusmtap port tcp 3007 description Lotus Mail Tracking Agent Protocol
ip port-map user-QB-internal port tcp 6415 description QB external port access
ip port-map user-ftp-passive port tcp from 3000 to 3050 description ftp passive ports
ip port-map user-defined-Webmin port tcp 10000 description Webmin access to webserver
ip port-map user-ssmtp port tcp 465 description ssmtp port
ip port-map user-Tandberg-TCP port tcp from 1026 to 1027 description Tandberg Ports
ip port-map user-Tandberg-TCP port tcp from 2326 to 2373 description Tandberg Ports
ip port-map user-Tandberg-TCP port tcp from 5555 to 5599 description Tandberg Ports
ip port-map user-Tandberg-TCP port tcp 123 1719 2387 963 description Tandberg Ports
ip port-map user-Tandberg-UDP port udp from 1719 to 1720 description Tandberg UDP ports
ip port-map user-Tandberg-UDP port udp from 2326 to 2373 description Tandberg UDP ports
ip port-map user-Tandberg-UDP port udp from 5555 to 5599 description Tandberg UDP ports
ip port-map user-Tandberg-UDP port udp 2387 description Tandberg UDP ports
no ipv6 cef
ntp server pool.ntp.org prefer source FastEthernet4
ntp server pool.ntp.org prefer source FastEthernet4
ntp server pool.ntp.org prefer source Vlan1
!
multilink bundle-name authenticated
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxx address 44.44.44.230
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to44.44.44.230
set peer 44.44.44.230
set transform-set ESP-3DES-SHA
match address 102
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-any vpn-in
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all sdm-cls-sdm-permit-gre-2
match class-map vpn-in
match access-group name vpn-in
class-map type inspect match-any internal-web-share
match protocol tcp
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-2
match class-map internal-web-share
match access-group name web-share
class-map type inspect match-any QB
match protocol user-QB-internal
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-1
match class-map QB
match access-group name QB-External
class-map type inspect match-any tunnel
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all sdm-cls-sdm-permit-gre-1
match class-map tunnel
match access-group name tunnel-traffic
class-map type inspect match-any SDM_TELNET
match access-group name SDM_TELNET
class-map type inspect match-any SDM_HTTP
match access-group name SDM_HTTP
class-map type inspect match-any SDM_WEBVPN
match access-group name SDM_WEBVPN
class-map type inspect match-any sdm-mgmt-cls-0
match class-map SDM_TELNET
match class-map SDM_HTTP
match class-map SDM_SHELL
match class-map SDM_SSH
match class-map SDM_WEBVPN
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-all SDM_WEBVPN_TRAFFIC
match class-map SDM_WEBVPN
match access-group 103
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 111
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any web-ports
match protocol http
match protocol https
match protocol user-defined-Webmin
class-map type inspect match-all sdm-nat--4
match access-group 108
match class-map web-ports
class-map type inspect match-any ftp-ports
match protocol http
match protocol https
match protocol user-ftp-passive
match protocol ftp
match protocol ftps
match protocol user-ssmtp
class-map type inspect match-all sdm-nat--5
match access-group 109
match class-map ftp-ports
class-map type inspect match-any Tandberg-ports
match protocol user-Tandberg-TCP
match protocol user-Tandberg-UDP
match protocol h323
match protocol h225ras
match protocol ftp
match protocol telnet
class-map type inspect match-all sdm-nat--6
match access-group 110
match class-map Tandberg-ports
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any web-server
match protocol http
match protocol https
class-map type inspect match-all sdm-nat--1
match access-group 104
match class-map web-server
class-map type inspect match-all sdm-nat--2
match access-group 105
class-map type inspect match-all sdm-nat--3
match access-group 106
class-map type inspect match-any DMZ-OUT
match protocol http
match protocol https
match protocol smtp
match protocol imaps
match protocol imap3
match protocol imap
match protocol pop3
match protocol pop3s
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-cls-sdm-inspect-1
match class-map DMZ-OUT
match access-group name DMZ-Out
class-map type inspect match-any FTP-Server
match class-map ftp-ports
class-map type inspect match-any tcp-access
match protocol tcp
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 107
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-all sdm-mgmt-cls-sdm-permit-1
match class-map sdm-mgmt-cls-0
match access-group 117
class-map type inspect match-all sdm-mgmt-cls-sdm-permit-0
match class-map sdm-mgmt-cls-0
match access-group 116
class-map type inspect match-all sdm-mgmt-cls-sdm-permit-2
match class-map sdm-mgmt-cls-0
match access-group 118
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-any AllowPing
match protocol icmp
class-map type inspect match-any sdm-dmz-protocols
match protocol http
match protocol https
match protocol ftp
match protocol user-ftp-passive
match protocol user-Tandberg-TCP
match protocol user-Tandberg-UDP
match protocol telnet
match protocol user-QB-internal
class-map type inspect match-all sdm-protocol-http
match protocol http
class-map type inspect match-all sdm-cls-sdm-permit-dmzservice-1
match class-map tcp-access
match access-group name internal-access
class-map type inspect match-all sdm-cls-sdm-permit-dmzservice-2
match class-map FTP-Server
match access-group name ftp-ports
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-2
inspect
class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
inspect
class type inspect sdm-nat--1
inspect
class type inspect sdm-nat--5
inspect
class type inspect sdm-nat--6
inspect
class class-default
drop
policy-map type inspect sdm-permit-gre
class type inspect sdm-cls-sdm-permit-gre-2
inspect
class type inspect sdm-cls-sdm-permit-gre-1
pass
class type inspect SDM_GRE
pass
class class-default
drop log
policy-map type inspect sdm-inspect
class type inspect sdm-cls-sdm-inspect-1
pass
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
drop
policy-map type inspect sdm-permit
class type inspect AllowPing
inspect
class type inspect SDM_VPN_PT
pass
class type inspect sdm-access
class type inspect sdm-mgmt-cls-sdm-permit-1
class type inspect sdm-mgmt-cls-sdm-permit-0
class type inspect sdm-mgmt-cls-sdm-permit-2
class class-default
drop
policy-map type inspect sdm-permit-dmzservice
class type inspect SDM-Voice-permit
inspect
class type inspect sdm-nat--4
inspect
class type inspect sdm-cls-sdm-permit-dmzservice-2
inspect
class type inspect sdm-nat--6
inspect
class type inspect sdm-cls-sdm-permit-dmzservice-1
inspect
class class-default
pass
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class class-default
drop log
!
zone security dmz-zone
zone security out-zone
zone security in-zone
zone security gre-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-out-dmz source out-zone destination dmz-zone
service-policy type inspect sdm-permit-dmzservice
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-dmz source in-zone destination dmz-zone
service-policy type inspect sdm-permit-dmzservice
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-gre-in2 source gre-zone destination dmz-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-gre-out source gre-zone destination out-zone
service-policy type inspect sdm-permit-gre
zone-pair security sdm-zp-gre-in1 source gre-zone destination in-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-gre2 source dmz-zone destination gre-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-in-gre1 source in-zone destination gre-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-gre source out-zone destination gre-zone
service-policy type inspect sdm-permit-gre
!
bridge irb
!
!
interface Tunnel0
ip unnumbered FastEthernet4
ip access-group XXX-vpn out
ip mtu 1415
zone-member security gre-zone
ip tcp adjust-mss 1375
keepalive 10 3
tunnel source FastEthernet4
tunnel destination 44.44.44.230
tunnel path-mtu-discovery
crypto ipsec df-bit clear
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
switchport access vlan 2
!
interface FastEthernet4
description $ETH-WAN$$FW_OUTSIDE$
ip address 33.33.33.210 255.255.255.240
ip access-group 114 in
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
!
interface Dot11Radio0
no ip address
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
!
encryption vlan 1 mode ciphers tkip
!
ssid XXX_Net02W
!
ssid XXX_Net02w
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.181.1 255.255.255.0
ip access-group 113 in
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
interface Vlan2
description $FW_DMZ$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security dmz-zone
!
ip local pool SSL-VPN 192.168.181.50 192.168.181.55
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 33.33.33.209
ip route 192.168.10.0 255.255.255.0 Tunnel0 permanent
ip http server
ip http access-class 6
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static 192.168.2.2 33.33.33.211
ip nat inside source static 192.168.2.5 33.33.33.213
ip nat inside source static 192.168.2.100 33.33.33.215
ip nat inside source static 192.168.181.3 33.33.33.217
!
ip access-list extended DMZ-Out
remark SDM_ACL Category=128
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended QB-External
remark SDM_ACL Category=128
permit ip any host 192.168.181.3
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_GRE
remark SDM_ACL Category=1
permit gre any any
ip access-list extended SDM_HTTP
remark SDM_ACL Category=0
permit tcp any any eq www
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_IP
remark SDM_ACL Category=0
permit ip any any
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
ip access-list extended SDM_TELNET
remark SDM_ACL Category=0
permit tcp any any eq telnet
ip access-list extended SDM_WEBVPN
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended ftp-ports
remark SDM_ACL Category=128
permit ip any host 192.168.2.5
ip access-list extended internal-access
remark SDM_ACL Category=128
permit ip 192.168.181.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended XXX-vpn
remark XXX vpn ACL
remark SDM_ACL Category=1
permit ip 192.168.181.0 0.0.0.255 192.168.10.0 0.0.0.255
permit icmp 192.168.181.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.181.0 0.0.0.255
permit icmp 192.168.10.0 0.0.0.255 192.168.181.0 0.0.0.255
ip access-list extended tunnel-traffic
remark SDM_ACL Category=128
permit ip 192.168.181.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended vpn-in
remark SDM_ACL Category=128
permit ip 192.168.10.0 0.0.0.255 192.168.181.0 0.0.0.255
ip access-list extended web-share
remark SDM_ACL Category=128
permit ip 192.168.181.0 0.0.0.255 192.168.2.0 0.0.0.255
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.181.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark Auto generated by SDM Management Access feature
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.181.0 0.0.0.255
access-list 3 permit 44.44.44.0 0.0.0.255
access-list 3 permit 55.55.55.0 0.0.0.255
access-list 4 remark Auto generated by SDM Management Access feature
access-list 4 remark SDM_ACL Category=1
access-list 4 permit 44.44.44.0 0.0.0.255
access-list 4 permit 55.55.55.0 0.0.0.255
access-list 4 permit 192.168.181.0 0.0.0.255
access-list 5 remark Auto generated by SDM Management Access feature
access-list 5 remark SDM_ACL Category=1
access-list 5 permit 55.55.55.0 0.0.0.255
access-list 5 permit 44.44.44.0 0.0.0.255
access-list 5 permit 192.168.181.0 0.0.0.255
access-list 6 remark Auto generated by SDM Management Access feature
access-list 6 remark SDM_ACL Category=1
access-list 6 permit 192.168.181.0 0.0.0.255
access-list 6 permit 66.66.66.0 0.0.0.255
access-list 6 permit 55.55.55.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 33.33.33.208 0.0.0.15 any
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip 55.55.55.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 permit gre host 33.33.33.210 host 44.44.44.230
access-list 103 remark SDM_ACL Category=128
access-list 103 permit ip any host 33.33.33.219
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.2.2
access-list 105 remark SDM_ACL Category=0
access-list 105 permit ip any host 192.168.2.5
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.2.100
access-list 107 remark SDM_ACL Category=128
access-list 107 permit ip any any
access-list 108 remark SDM_ACL Category=0
access-list 108 permit ip any host 192.168.2.2
access-list 109 remark SDM_ACL Category=0
access-list 109 permit ip any host 192.168.2.5
access-list 110 remark SDM_ACL Category=0
access-list 110 permit ip any host 192.168.2.100
access-list 111 remark SDM_ACL Category=128
access-list 111 permit ip host 44.44.44.230 any
access-list 112 remark Route map for NAT
access-list 112 remark SDM_ACL Category=2
access-list 112 remark Do not NAT traffic destined to VPN tunnel
access-list 112 deny ip any 192.168.10.0 0.0.0.255
access-list 112 permit ip 192.168.181.0 0.0.0.255 any
access-list 112 permit ip 192.168.2.0 0.0.0.255 any
access-list 113 remark Auto generated by SDM Management Access feature
access-list 113 remark SDM_ACL Category=1
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq telnet
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq 22
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq www
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq 443
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq cmd
access-list 113 deny tcp any host 192.168.181.1 eq telnet
access-list 113 deny tcp any host 192.168.181.1 eq 22
access-list 113 deny tcp any host 192.168.181.1 eq www
access-list 113 deny tcp any host 192.168.181.1 eq 443
access-list 113 deny tcp any host 192.168.181.1 eq cmd
access-list 113 deny udp any host 192.168.181.1 eq snmp
access-list 113 permit ip any any
access-list 114 remark Auto generated by SDM Management Access feature
access-list 114 remark SDM_ACL Category=1
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq telnet
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq telnet
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq telnet
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq 22
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq 22
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq 22
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 192.168.181.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 192.168.181.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq cmd
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq cmd
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq cmd
access-list 114 deny tcp any host 33.33.33.210 eq telnet
access-list 114 deny tcp any host 33.33.33.210 eq 22
access-list 114 deny tcp any host 33.33.33.210 eq www
access-list 114 deny tcp any host 33.33.33.210 eq 443
access-list 114 deny tcp any host 33.33.33.210 eq cmd
access-list 114 deny udp any host 33.33.33.210 eq snmp
access-list 114 remark Auto generated by SDM for NTP (123) pool.ntp.org
access-list 114 permit udp host 65.xxx.xxx.xxx eq ntp host 33.33.33.210 eq ntp
access-list 114 remark Auto generated by SDM for NTP (123) pool.ntp.org
access-list 114 permit udp host 38.xxx.xxx.xxx eq ntp host 33.33.33.210 eq ntp
access-list 114 permit gre host 44.44.44.230 host 33.33.33.210
access-list 114 permit udp host 44.44.44.230 host 33.33.33.210 eq non500-isakmp
access-list 114 permit udp host 44.44.44.230 host 33.33.33.210 eq isakmp
access-list 114 permit esp host 44.44.44.230 host 33.33.33.210
access-list 114 permit ahp host 44.44.44.230 host 33.33.33.210
access-list 114 permit ip any any
access-list 115 remark Auto generated by SDM Management Access feature
access-list 115 remark SDM_ACL Category=1
access-list 115 permit ip 192.168.181.0 0.0.0.255 any
access-list 115 permit ip 55.55.55.0 0.0.0.255 any
access-list 115 permit ip 44.44.44.0 0.0.0.255 any
access-list 115 permit ip 66.66.66.0 0.0.0.255 any
access-list 116 remark Auto generated by SDM Management Access feature
access-list 116 remark SDM_ACL Category=1
access-list 116 permit ip 55.55.55.0 0.0.0.255 host 33.33.33.210
access-list 117 remark Auto generated by SDM Management Access feature
access-list 117 remark SDM_ACL Category=1
access-list 117 permit ip 44.44.44.0 0.0.0.255 host 33.33.33.210
access-list 118 remark Auto generated by SDM Management Access feature
access-list 118 remark SDM_ACL Category=1
access-list 118 permit ip 66.66.66.0 0.0.0.255 host 33.33.33.210
no cdp run
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 112
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 115 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
Thanks for your help.
!This is the running config of the router: 192.168.181.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXX871w
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods
action-type start-stop
group rad_acct
!
!
!
aaa session-id common
!
c
dot11 syslog
!
dot11 ssid XXX_Net02W
!
dot11 ssid XXX_Net02w
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXnetwork
!
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.181.1 192.168.181.99
ip dhcp excluded-address 192.168.181.126 192.168.181.254
!
ip dhcp pool sdm-pool
import all
network 192.168.181.0 255.255.255.0
default-router 192.168.181.1
domain-name XXX
dns-server 192.168.181.2 192.168.181.4
netbios-name-server 192.168.181.2
lease 0 2
!
!
ip cef
ip domain name XXX.com
ip name-server 208.xxx.xxx.xxx
ip name-server 208.xxx.xxx.xxx
no ip port-map biff port udp 512 description Bliff mail notification
no ip port-map ircs port tcp 994 description IRC over TLS/SSL
no ip port-map cifs port udp 3020 description CIFS
no ip port-map cifs port tcp 3020 description CIFS
no ip port-map h225ras port udp 1719 description H225 RAS over Unicast
no ip port-map h323 port tcp 1720 description H.323 Protocol (e.g, MS NetMeeting, Inte
no ip port-map x11 port tcp from 6000 to 6606 description X Window System
no ip port-map lotusmtap port udp 3007 description Lotus Mail Tracking Agent Protocol
no ip port-map lotusmtap port tcp 3007 description Lotus Mail Tracking Agent Protocol
ip port-map user-QB-internal port tcp 6415 description QB external port access
ip port-map user-ftp-passive port tcp from 3000 to 3050 description ftp passive ports
ip port-map user-defined-Webmin port tcp 10000 description Webmin access to webserver
ip port-map user-ssmtp port tcp 465 description ssmtp port
ip port-map user-Tandberg-TCP port tcp from 1026 to 1027 description Tandberg Ports
ip port-map user-Tandberg-TCP port tcp from 2326 to 2373 description Tandberg Ports
ip port-map user-Tandberg-TCP port tcp from 5555 to 5599 description Tandberg Ports
ip port-map user-Tandberg-TCP port tcp 123 1719 2387 963 description Tandberg Ports
ip port-map user-Tandberg-UDP port udp from 1719 to 1720 description Tandberg UDP ports
ip port-map user-Tandberg-UDP port udp from 2326 to 2373 description Tandberg UDP ports
ip port-map user-Tandberg-UDP port udp from 5555 to 5599 description Tandberg UDP ports
ip port-map user-Tandberg-UDP port udp 2387 description Tandberg UDP ports
no ipv6 cef
ntp server pool.ntp.org prefer source FastEthernet4
ntp server pool.ntp.org prefer source FastEthernet4
ntp server pool.ntp.org prefer source Vlan1
!
multilink bundle-name authenticated
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxx address 44.44.44.230
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to44.44.44.230
set peer 44.44.44.230
set transform-set ESP-3DES-SHA
match address 102
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-any vpn-in
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all sdm-cls-sdm-permit-gre-2
match class-map vpn-in
match access-group name vpn-in
class-map type inspect match-any internal-web-share
match protocol tcp
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-2
match class-map internal-web-share
match access-group name web-share
class-map type inspect match-any QB
match protocol user-QB-internal
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-1
match class-map QB
match access-group name QB-External
class-map type inspect match-any tunnel
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all sdm-cls-sdm-permit-gre-1
match class-map tunnel
match access-group name tunnel-traffic
class-map type inspect match-any SDM_TELNET
match access-group name SDM_TELNET
class-map type inspect match-any SDM_HTTP
match access-group name SDM_HTTP
class-map type inspect match-any SDM_WEBVPN
match access-group name SDM_WEBVPN
class-map type inspect match-any sdm-mgmt-cls-0
match class-map SDM_TELNET
match class-map SDM_HTTP
match class-map SDM_SHELL
match class-map SDM_SSH
match class-map SDM_WEBVPN
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-all SDM_WEBVPN_TRAFFIC
match class-map SDM_WEBVPN
match access-group 103
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 111
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any web-ports
match protocol http
match protocol https
match protocol user-defined-Webmin
class-map type inspect match-all sdm-nat--4
match access-group 108
match class-map web-ports
class-map type inspect match-any ftp-ports
match protocol http
match protocol https
match protocol user-ftp-passive
match protocol ftp
match protocol ftps
match protocol user-ssmtp
class-map type inspect match-all sdm-nat--5
match access-group 109
match class-map ftp-ports
class-map type inspect match-any Tandberg-ports
match protocol user-Tandberg-TCP
match protocol user-Tandberg-UDP
match protocol h323
match protocol h225ras
match protocol ftp
match protocol telnet
class-map type inspect match-all sdm-nat--6
match access-group 110
match class-map Tandberg-ports
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any web-server
match protocol http
match protocol https
class-map type inspect match-all sdm-nat--1
match access-group 104
match class-map web-server
class-map type inspect match-all sdm-nat--2
match access-group 105
class-map type inspect match-all sdm-nat--3
match access-group 106
class-map type inspect match-any DMZ-OUT
match protocol http
match protocol https
match protocol smtp
match protocol imaps
match protocol imap3
match protocol imap
match protocol pop3
match protocol pop3s
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-cls-sdm-inspect-1
match class-map DMZ-OUT
match access-group name DMZ-Out
class-map type inspect match-any FTP-Server
match class-map ftp-ports
class-map type inspect match-any tcp-access
match protocol tcp
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 107
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-all sdm-mgmt-cls-sdm-permit-1
match class-map sdm-mgmt-cls-0
match access-group 117
class-map type inspect match-all sdm-mgmt-cls-sdm-permit-0
match class-map sdm-mgmt-cls-0
match access-group 116
class-map type inspect match-all sdm-mgmt-cls-sdm-permit-2
match class-map sdm-mgmt-cls-0
match access-group 118
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-any AllowPing
match protocol icmp
class-map type inspect match-any sdm-dmz-protocols
match protocol http
match protocol https
match protocol ftp
match protocol user-ftp-passive
match protocol user-Tandberg-TCP
match protocol user-Tandberg-UDP
match protocol telnet
match protocol user-QB-internal
class-map type inspect match-all sdm-protocol-http
match protocol http
class-map type inspect match-all sdm-cls-sdm-permit-dmzservice-1
match class-map tcp-access
match access-group name internal-access
class-map type inspect match-all sdm-cls-sdm-permit-dmzservice-2
match class-map FTP-Server
match access-group name ftp-ports
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-2
inspect
class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
inspect
class type inspect sdm-nat--1
inspect
class type inspect sdm-nat--5
inspect
class type inspect sdm-nat--6
inspect
class class-default
drop
policy-map type inspect sdm-permit-gre
class type inspect sdm-cls-sdm-permit-gre-2
inspect
class type inspect sdm-cls-sdm-permit-gre-1
pass
class type inspect SDM_GRE
pass
class class-default
drop log
policy-map type inspect sdm-inspect
class type inspect sdm-cls-sdm-inspect-1
pass
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
drop
policy-map type inspect sdm-permit
class type inspect AllowPing
inspect
class type inspect SDM_VPN_PT
pass
class type inspect sdm-access
class type inspect sdm-mgmt-cls-sdm-permit-1
class type inspect sdm-mgmt-cls-sdm-permit-0
class type inspect sdm-mgmt-cls-sdm-permit-2
class class-default
drop
policy-map type inspect sdm-permit-dmzservice
class type inspect SDM-Voice-permit
inspect
class type inspect sdm-nat--4
inspect
class type inspect sdm-cls-sdm-permit-dmzservice-2
inspect
class type inspect sdm-nat--6
inspect
class type inspect sdm-cls-sdm-permit-dmzservice-1
inspect
class class-default
pass
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class class-default
drop log
!
zone security dmz-zone
zone security out-zone
zone security in-zone
zone security gre-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-out-dmz source out-zone destination dmz-zone
service-policy type inspect sdm-permit-dmzservice
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-dmz source in-zone destination dmz-zone
service-policy type inspect sdm-permit-dmzservice
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-gre-in2 source gre-zone destination dmz-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-gre-out source gre-zone destination out-zone
service-policy type inspect sdm-permit-gre
zone-pair security sdm-zp-gre-in1 source gre-zone destination in-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-gre2 source dmz-zone destination gre-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-in-gre1 source in-zone destination gre-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-gre source out-zone destination gre-zone
service-policy type inspect sdm-permit-gre
!
bridge irb
!
!
interface Tunnel0
ip unnumbered FastEthernet4
ip access-group XXX-vpn out
ip mtu 1415
zone-member security gre-zone
ip tcp adjust-mss 1375
keepalive 10 3
tunnel source FastEthernet4
tunnel destination 44.44.44.230
tunnel path-mtu-discovery
crypto ipsec df-bit clear
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
switchport access vlan 2
!
interface FastEthernet4
description $ETH-WAN$$FW_OUTSIDE$
ip address 33.33.33.210 255.255.255.240
ip access-group 114 in
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
!
interface Dot11Radio0
no ip address
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
!
encryption vlan 1 mode ciphers tkip
!
ssid XXX_Net02W
!
ssid XXX_Net02w
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.181.1 255.255.255.0
ip access-group 113 in
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
interface Vlan2
description $FW_DMZ$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security dmz-zone
!
ip local pool SSL-VPN 192.168.181.50 192.168.181.55
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 33.33.33.209
ip route 192.168.10.0 255.255.255.0 Tunnel0 permanent
ip http server
ip http access-class 6
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static 192.168.2.2 33.33.33.211
ip nat inside source static 192.168.2.5 33.33.33.213
ip nat inside source static 192.168.2.100 33.33.33.215
ip nat inside source static 192.168.181.3 33.33.33.217
!
ip access-list extended DMZ-Out
remark SDM_ACL Category=128
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended QB-External
remark SDM_ACL Category=128
permit ip any host 192.168.181.3
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_GRE
remark SDM_ACL Category=1
permit gre any any
ip access-list extended SDM_HTTP
remark SDM_ACL Category=0
permit tcp any any eq www
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_IP
remark SDM_ACL Category=0
permit ip any any
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
ip access-list extended SDM_TELNET
remark SDM_ACL Category=0
permit tcp any any eq telnet
ip access-list extended SDM_WEBVPN
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended ftp-ports
remark SDM_ACL Category=128
permit ip any host 192.168.2.5
ip access-list extended internal-access
remark SDM_ACL Category=128
permit ip 192.168.181.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended XXX-vpn
remark XXX vpn ACL
remark SDM_ACL Category=1
permit ip 192.168.181.0 0.0.0.255 192.168.10.0 0.0.0.255
permit icmp 192.168.181.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.181.0 0.0.0.255
permit icmp 192.168.10.0 0.0.0.255 192.168.181.0 0.0.0.255
ip access-list extended tunnel-traffic
remark SDM_ACL Category=128
permit ip 192.168.181.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended vpn-in
remark SDM_ACL Category=128
permit ip 192.168.10.0 0.0.0.255 192.168.181.0 0.0.0.255
ip access-list extended web-share
remark SDM_ACL Category=128
permit ip 192.168.181.0 0.0.0.255 192.168.2.0 0.0.0.255
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.181.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark Auto generated by SDM Management Access feature
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.181.0 0.0.0.255
access-list 3 permit 44.44.44.0 0.0.0.255
access-list 3 permit 55.55.55.0 0.0.0.255
access-list 4 remark Auto generated by SDM Management Access feature
access-list 4 remark SDM_ACL Category=1
access-list 4 permit 44.44.44.0 0.0.0.255
access-list 4 permit 55.55.55.0 0.0.0.255
access-list 4 permit 192.168.181.0 0.0.0.255
access-list 5 remark Auto generated by SDM Management Access feature
access-list 5 remark SDM_ACL Category=1
access-list 5 permit 55.55.55.0 0.0.0.255
access-list 5 permit 44.44.44.0 0.0.0.255
access-list 5 permit 192.168.181.0 0.0.0.255
access-list 6 remark Auto generated by SDM Management Access feature
access-list 6 remark SDM_ACL Category=1
access-list 6 permit 192.168.181.0 0.0.0.255
access-list 6 permit 66.66.66.0 0.0.0.255
access-list 6 permit 55.55.55.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 33.33.33.208 0.0.0.15 any
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip 55.55.55.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 permit gre host 33.33.33.210 host 44.44.44.230
access-list 103 remark SDM_ACL Category=128
access-list 103 permit ip any host 33.33.33.219
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.2.2
access-list 105 remark SDM_ACL Category=0
access-list 105 permit ip any host 192.168.2.5
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.2.100
access-list 107 remark SDM_ACL Category=128
access-list 107 permit ip any any
access-list 108 remark SDM_ACL Category=0
access-list 108 permit ip any host 192.168.2.2
access-list 109 remark SDM_ACL Category=0
access-list 109 permit ip any host 192.168.2.5
access-list 110 remark SDM_ACL Category=0
access-list 110 permit ip any host 192.168.2.100
access-list 111 remark SDM_ACL Category=128
access-list 111 permit ip host 44.44.44.230 any
access-list 112 remark Route map for NAT
access-list 112 remark SDM_ACL Category=2
access-list 112 remark Do not NAT traffic destined to VPN tunnel
access-list 112 deny ip any 192.168.10.0 0.0.0.255
access-list 112 permit ip 192.168.181.0 0.0.0.255 any
access-list 112 permit ip 192.168.2.0 0.0.0.255 any
access-list 113 remark Auto generated by SDM Management Access feature
access-list 113 remark SDM_ACL Category=1
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq telnet
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq 22
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq www
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq 443
access-list 113 permit tcp 192.168.181.0 0.0.0.255 host 192.168.181.1 eq cmd
access-list 113 deny tcp any host 192.168.181.1 eq telnet
access-list 113 deny tcp any host 192.168.181.1 eq 22
access-list 113 deny tcp any host 192.168.181.1 eq www
access-list 113 deny tcp any host 192.168.181.1 eq 443
access-list 113 deny tcp any host 192.168.181.1 eq cmd
access-list 113 deny udp any host 192.168.181.1 eq snmp
access-list 113 permit ip any any
access-list 114 remark Auto generated by SDM Management Access feature
access-list 114 remark SDM_ACL Category=1
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq telnet
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq telnet
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq telnet
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq 22
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq 22
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq 22
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 192.168.181.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq www
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 192.168.181.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq 443
access-list 114 permit tcp 66.66.66.0 0.0.0.255 host 33.33.33.210 eq cmd
access-list 114 permit tcp 55.55.55.0 0.0.0.255 host 33.33.33.210 eq cmd
access-list 114 permit tcp 44.44.44.0 0.0.0.255 host 33.33.33.210 eq cmd
access-list 114 deny tcp any host 33.33.33.210 eq telnet
access-list 114 deny tcp any host 33.33.33.210 eq 22
access-list 114 deny tcp any host 33.33.33.210 eq www
access-list 114 deny tcp any host 33.33.33.210 eq 443
access-list 114 deny tcp any host 33.33.33.210 eq cmd
access-list 114 deny udp any host 33.33.33.210 eq snmp
access-list 114 remark Auto generated by SDM for NTP (123) pool.ntp.org
access-list 114 permit udp host 65.xxx.xxx.xxx eq ntp host 33.33.33.210 eq ntp
access-list 114 remark Auto generated by SDM for NTP (123) pool.ntp.org
access-list 114 permit udp host 38.xxx.xxx.xxx eq ntp host 33.33.33.210 eq ntp
access-list 114 permit gre host 44.44.44.230 host 33.33.33.210
access-list 114 permit udp host 44.44.44.230 host 33.33.33.210 eq non500-isakmp
access-list 114 permit udp host 44.44.44.230 host 33.33.33.210 eq isakmp
access-list 114 permit esp host 44.44.44.230 host 33.33.33.210
access-list 114 permit ahp host 44.44.44.230 host 33.33.33.210
access-list 114 permit ip any any
access-list 115 remark Auto generated by SDM Management Access feature
access-list 115 remark SDM_ACL Category=1
access-list 115 permit ip 192.168.181.0 0.0.0.255 any
access-list 115 permit ip 55.55.55.0 0.0.0.255 any
access-list 115 permit ip 44.44.44.0 0.0.0.255 any
access-list 115 permit ip 66.66.66.0 0.0.0.255 any
access-list 116 remark Auto generated by SDM Management Access feature
access-list 116 remark SDM_ACL Category=1
access-list 116 permit ip 55.55.55.0 0.0.0.255 host 33.33.33.210
access-list 117 remark Auto generated by SDM Management Access feature
access-list 117 remark SDM_ACL Category=1
access-list 117 permit ip 44.44.44.0 0.0.0.255 host 33.33.33.210
access-list 118 remark Auto generated by SDM Management Access feature
access-list 118 remark SDM_ACL Category=1
access-list 118 permit ip 66.66.66.0 0.0.0.255 host 33.33.33.210
no cdp run
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 112
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 115 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
