Building configuration... Current configuration : 7101 bytes ! ! Last configuration change at 13:30:08 PCTime Sun Mar 18 2007 by admin ! NVRAM config last updated at 09:24:00 PCTime Tue Dec 26 2006 by cisco ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname fr-par-wan1 ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx ! no aaa new-model ! resource policy ! clock timezone PCTime 1 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ip subnet-zero no ip source-route ! ! ip cef ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 no ip bootp server ip domain name domaine.local ip name-server 194.2.0.20 ip name-server 194.2.0.50 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-361402317 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-361402317 revocation-check none rsakeypair TP-self-signed-361402317 ! ! crypto pki certificate chain TP-self-signed-361402317 certificate self-signed 01 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx quit username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxx ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.0.254 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1412 ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname xxxxxxxxxxxxx ppp chap password 7 xxxxxxxxxxxxx ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static udp 192.168.0.253 4500 interface Dialer0 4500 ip nat inside source static udp 192.168.0.253 500 interface Dialer0 500 ip nat inside source static udp 192.168.0.253 1701 interface Dialer0 1701 ip nat inside source static tcp 192.168.0.253 1723 interface Dialer0 1723 ip nat inside source static tcp 192.168.0.253 25 interface Dialer0 25 ip nat inside source static tcp 192.168.0.253 443 interface Dialer0 443 ip nat inside source static tcp 192.168.0.253 80 interface Dialer0 80 ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit udp host 194.2.0.50 eq domain any access-list 101 permit udp host 194.2.0.20 eq domain any access-list 101 remark HTTP access-list 101 permit tcp any any eq www access-list 101 remark HTTPS access-list 101 permit tcp any any eq 443 access-list 101 remark SMTP access-list 101 permit tcp any any eq smtp access-list 101 remark PPTP access-list 101 permit tcp any any eq 1723 access-list 101 remark L2TP access-list 101 permit udp any any eq 1701 access-list 101 remark IKE access-list 101 permit udp any any eq isakmp access-list 101 remark IPSec NAT-T access-list 101 permit udp any any eq non500-isakmp access-list 101 remark GRE access-list 101 permit gre any any access-list 101 deny ip 192.168.0.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any dialer-list 1 protocol ip permit no cdp run ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end