Scribd
Upload
25 views

R1

The document describes the configuration of a router interface. It includes details on IP addressing, routing protocols, firewall policies, VPN configuration, and other network services configured on the router interfaces.

Uploaded by

NickAndison1028
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
25 views

R1

The document describes the configuration of a router interface. It includes details on IP addressing, routing protocols, firewall policies, VPN configuration, and other network services configured on the router interfaces.

Uploaded by

NickAndison1028
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

R1#sh run Building configuration... Current configuration : 6515 bytes ! version 12.

4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! security passwords min-length 10 logging message-counter syslog logging buffered 52000 enable secret 5 $1$3CVF$vmWMeJKl//4Me3I82KnM.. ! aaa new-model ! ! aaa authentication login default local enable ! ! aaa session-id common memory-size iomem 5 ! ! ! dot11 syslog ip source-route ! ! ip cef ! ! no ip domain lookup ip domain name ccnasecurity.com ip ips config location flash:/ipsdir/ retries 1 ip ips notify SDEE ip ips name sdm_ips_rule ! ip ips signature-category category all retired true category ios_ips basic retired false ! login block-for 60 attempts 2 within 30 login on-failure log ! no ipv6 cef multilink bundle-name authenticated ! ! voice-card 0 no dspfarm !

! ! username Admin01 secret 5 $1$6w3a$CrMrtPgzlYl7274J42Zk1/ ! crypto key pubkey-chain rsa named-key realm-cisco.pub key-string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E 006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E F3020301 0001 quit ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key ciscovpnpa55 address 10.2.2.1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to10.2.2.1 set peer 10.2.2.1 set transform-set ESP-3DES-SHA match address 101 ! archive log config hidekeys ! ! ! class-map type inspect match-all sdm-cls-VPNOutsideToInside-1 match access-group 103 class-map type inspect match-any SDM_AH match access-group name SDM_AH class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net

02820101 4E441F16 6007D128 3E53053E C0112A35 F0B08B85 AD768C36 892356AE B4B094D3

match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any SDM_ESP match access-group name SDM_ESP class-map type inspect match-any SDM_VPN_TRAFFIC match protocol isakmp match protocol ipsec-msft match class-map SDM_AH match class-map SDM_ESP class-map type inspect match-all SDM_VPN_PT match access-group 102 match class-map SDM_VPN_TRAFFIC class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol icmp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class class-default pass policy-map type inspect sdm-pol-VPNOutsideToInside-1 class type inspect sdm-cls-VPNOutsideToInside-1 inspect class class-default drop policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-insp-traffic inspect class type inspect sdm-protocol-http inspect class type inspect SDM-Voice-permit inspect class class-default pass policy-map type inspect sdm-permit class type inspect SDM_VPN_PT pass class class-default drop ! zone security out-zone zone security in-zone

zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zo ne service-policy type inspect sdm-pol-VPNOutsideToInside-1 ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description $FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip ips sdm_ips_rule in ip virtual-reassembly zone-member security in-zone duplex auto speed auto ! interface Serial0/0/0 description $FW_OUTSIDE$ ip address 10.1.1.1 255.255.255.252 ip ips sdm_ips_rule in ip virtual-reassembly zone-member security out-zone clock rate 64000 crypto map SDM_CMAP_1 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.1.1.2 ip route 10.2.2.1 255.255.255.255 FastEthernet0/0 ip http server no ip http secure-server ! ! ! ip access-list extended SDM_AH remark SDM_ACL Category=1 permit ahp any any ip access-list extended SDM_ESP remark SDM_ACL Category=1 permit esp any any ! access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 10.1.1.0 0.0.0.3 any access-list 101 remark SDM_ACL Category=4

access-list 101 remark IPSec Rule access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 access-list 102 remark SDM_ACL Category=128 access-list 102 permit ip host 10.2.2.1 any access-list 103 remark SDM_ACL Category=0 access-list 103 remark IPSec Rule access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 ! ! control-plane ! ! banner motd ^CUnauthorized access strictly prohibited and prosecuted to the full extent of the law^C ! line con 0 exec-timeout 0 0 password 7 0822455D0A1606181C1B0D517F logging synchronous line aux 0 line vty 0 4 exec-timeout 0 0 privilege level 15 transport input ssh ! scheduler allocate 20000 1000 end

You might also like