|
01.01.2008
Cisco 3620 Configuration File with Firewall Settings
!
version 12.2
service
timestamps debug datetime msec
service timestamps log datetime msec
no
service password-encryption
!
hostname R1
!
!
clock
timezone ro 2
ip subnet-zero
ip cef
!
!
no ip
domain-lookup
!
ip inspect name test http timeout 3600
ip audit
notify log
ip audit po max-events 100
!
crypto isakmp policy
15
encr 3des
authentication pre-share
group 2
lifetime
28800
crypto isakmp key 12345 address 192.168.22.234
!
!
crypto ipsec transform-set isaset esp-3des esp-sha-hmac
!
crypto map isavpn 15 ipsec-isakmp
set peer 192.168.22.234
set
transform-set isaset
set pfs group2
match address 101
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description "External Interface"
ip
address 192.168.22.111 255.255.255.0
ip access-group 121 in
no ip
redirects
no ip unreachables
ip nat outside
ip inspect test
out
duplex auto
speed auto
crypto map isavpn
!
interface FastEthernet1/0
description "Internal Interface"
ip
address 192.168.40.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 111 interface FastEthernet0/0
overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.22.1
no ip
http server
!
access-list 101 permit ip 192.168.40.0 0.0.0.255
192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.40.0 0.0.0.255
host 192.168.22.234
access-list 101 permit ip host 192.168.22.111
192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.40.0 0.0.0.255
192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.40.0 0.0.0.255 host
192.168.22.234
access-list 111 permit ip 192.168.40.0 0.0.0.255 any
access-list 121 permit udp host 192.168.22.234 eq isakmp host 192.168.22.111
eq isakmp
access-list 121 permit esp host 192.168.22.234 host
192.168.22.111
access-list 121 permit udp any eq domain host 192.168.22.111
gt 1023
access-list 121 permit icmp any host 192.168.22.111 echo-reply
access-list 121 permit ip host 192.168.22.234 192.168.40.0 0.0.0.255
access-list 121 permit ip 192.168.10.0 0.0.0.255 192.168.40.0 0.0.0.255
!
dial-peer cor custom
!
!
!
!
!
line con
0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
|