Scribd Logo
Upload

Welcome to Scribd!

  • Core Router - Branch Configs

    Uploaded by

    GT_Bunny
    50 views12 pages

    Original Title

    Core Router_branch Configs

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    50 views12 pages

    Core Router - Branch Configs

    Uploaded by

    GT_Bunny

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    CORE ROUTER Current configuration : 3498 bytes ! version 12.

    4 service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption security passwords min-length 10 ! hostname CORP ! ! ! enable secret 5 $1$mERr$UBS6AqpcFjkupAnmSUCGG. ! ! ! ! ! aaa new-model ! --More--aaa new-model ! aaa authentication login default local !

    ! aaa authorization exec default local ! ! ! ! ! username CORPADMIN secret 5 $1$mERr$fPunCIN6tB/A1os48VIRu. username Internet password 7 08024F40082A261E010803 username SSHAccess secret 5 $1$mERr$3mVxZHExBNJRy65mTbcvz. ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 ! crypto isakmp key Vpnpass101 address 198.133.219.2 ! ! crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac ! crypto map VPN-MAP 10 ipsec-isakmp set peer 198.133.219.2 set transform-set VPN-SET match address 120

    ! ! ! ip ssh version 2 ip ssh authentication-retries 2 ip ssh time-out 90 ip domain-name theccnas.com ! ! ip inspect audit-trail --ip inspect audit-trail ip inspect name INTOCORP icmp ip inspect name INTOCORP tcp ip inspect name INTOCORP udp spanning-tree mode pvst ! ip ips config location flash:ipsdir/ retries 1 ip ips name corpips ip ips signature-category category all retired true category ios_ips basic retired false ! !

    ! interface FastEthernet0/0 ip address 10.1.1.254 255.255.255.0 ip ips corpips out ip access-group DMZFIREWALL out ip nat inside duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto ! interface FastEthernet0/1.10 encapsulation dot1Q 10 ip address 172.16.10.254 255.255.255.0 ip nat inside ! interface FastEthernet0/1.25 encapsulation dot1Q 25 ip address 172.16.25.254 255.255.255.0 ip nat inside More--interface FastEthernet0/1.99 encapsulation dot1Q 99 native

    ip address 172.16.99.254 255.255.255.0 ! interface Serial0/0/0 ip address 209.165.200.226 255.255.255.252 encapsulation ppp ppp authentication chap ip access-group INCORP in ip nat outside ip inspect INTOCORP out no cdp enable crypto map VPN-MAP ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address shutdown ! ip nat pool PATPOOL 209.165.200.245 209.165.200.248 netmask 255.255.255.240 ip nat inside source list 1 pool PATPOOL overload ip nat inside source static 10.1.1.2 209.165.200.241 ip nat inside source static 10.1.1.5 209.165.200.242 ip classless

    ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ! ! access-list 1 permit 172.16.0.0 0.0.255.255 access-list 12 permit host 172.16.25.5 access-list 12 permit host 198.133.219.35 ip access-list extended DMZFIREWALL permit tcp any host 10.1.1.2 eq www permit tcp any host 10.1.1.5 eq domain permit udp any host 10.1.1.5 eq domain permit ip 172.16.25.0 0.0.0.255 10.1.1.0 0.0.0.255 permit tcp 198.133.219.32 0.0.0.31 host 10.1.1.2 eq ftp --More-ip access-list extended INCORP permit tcp any host 209.165.200.241 eq www permit tcp any host 209.165.200.242 eq domain permit udp any host 209.165.200.242 eq domain permit tcp 198.133.219.0 0.0.0.31 host 209.165.200.226 eq 22 permit ip host 198.133.219.2 host 209.165.200.226 permit ip 198.133.219.32 0.0.0.31 209.165.200.240 0.0.0.15 access-list 120 permit ip 209.165.200.240 0.0.0.15 198.133.219.32 0.0.0.31 ! banner motd ^CAuthorized Access Only!^C ! !

    ! ! logging 172.16.25.2 line con 0 exec-timeout 20 0 logging synchronous line vty 0 4 access-class 12 in exec-timeout 20 0 transport input ssh line vty 5 15 access-class 12 in exec-timeout 20 0 transport input ssh ! ! ntp server 172.16.25.2 key 0 ntp update-calendar ! end BRANCH Current configuration : 2015 bytes ! version 12.4 no service timestamps log datetime msec

    no service timestamps debug datetime msec service password-encryption security passwords min-length 10 ! hostname Branch ! ! ! enable secret 5 $1$mERr$UBS6AqpcFjkupAnmSUCGG. ! ! ! ! ! ! username CORPADMIN secret 5 $1$mERr$fPunCIN6tB/A1os48VIRu.

    username Internet password 7 08024F40082A261E010803 ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 ! crypto isakmp key Vpnpass101 address 209.165.200.226

    ! ! crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac ! crypto map VPN-MAP 10 ipsec-isakmp set peer 209.165.200.226 set transform-set VPN-SET match address 120 ! ! ! ip ssh version 1 ip ssh authentication-retries 2 ip ssh time-out 90 ! ! spanning-tree mode pvst ! class-map type inspect match-all BR-IN-CLASS-MAP match access-group 110 ! policy-map type inspect BR-IN-OUT-PMAP class type inspect BR-IN-CLASS-MAP inspect !

    ! ! zone security BR-IN-ZONE --More-zone security BR-OUT-ZONE zone-pair security IN-OUT-ZPAIR source BR-IN-ZONE destination BR-OUT-ZONE service-policy type inspect BR-IN-OUT-PMAP ! interface FastEthernet0/0 ip address 198.133.219.62 255.255.255.224 zone-member security BR-IN-ZONE duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 198.133.219.2 255.255.255.252 zone-member security BR-OUT-ZONE encapsulation ppp ppp authentication chap

    no cdp enable crypto map VPN-MAP ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0/0

    access-list 110 permit ip 198.133.219.32 0.0.0.31 any access-list 120 permit ip 198.133.219.32 0.0.0.31 209.165.200.240 0.0.0.15 ! banner motd ^CAuthorized Access Only!^C ! ! ! ! line con 0 exec-timeout 20 0 logging synchronous

    login local line vty 0 4 exec-timeout 20 0 login local transport input none line vty 5 15 exec-timeout 20 0 login local transport input none

    You might also like