show run Building configuration... Current configuration : 6252 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname R1 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$Ycbi$Y2Dz6clB5huH4IlWdmuAN1 ! aaa --More-new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! aaa session-id common memory-size iomem 15 no ip source-route ! ! ip cef ! ! no ip bootp server no ip domain lookup ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip--More-inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive
! interface FastEthernet0/0 description $FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown duplex auto --More-speed auto no mop enabled ! interface Serial0/0/0 description $FW_OUTSIDE$ ip address 10.1.1.1 255.255.255.252 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip inspect SDM_LOW out ip route-cache flow no fair-queue clock rate 64000 ! interface Serial0/0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown --More-clock rate 2000000 ! interface Serial0/1/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown clock rate 2000000 ! interface Serial0/1/1 no ip address no ip redirects no ip unreachables no ip proxy-arp
ip route-cache flow shutdown clock rate 2000000 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Serial0/0/0 !--More-! ip http server ip http access-class 1 ip http authentication local ip http secure-server ! logging trap debugging logging 192.168.1.3 access-list 1 remark HTTP Access-class list access-list 1 remark SDM_ACL Category=1 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 deny any access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip 10.1.1.0 0.0.0.3 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 deny ip 192.168.1.0 0.0.0.255 any access-list 101 permit icmp any host 10.1.1.1 echo-reply access-list --More-- 101 permit icmp any host 10.1.1.1 time-exceeded access-list 101 permit icmp any host 10.1.1.1 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log access-list 102 remark VTY Access-class list access-list 102 remark SDM_ACL Category=1 access-list 102 permit ip 192.168.1.0 0.0.0.255 any access-list 102 deny ip any any no cdp run ! ! ! ! control-plane ! ! ! ! !--More-! ! ! ! banner login ^CBatmaaaaan^C ! line con 0
logging synchronous login authentication local_authen transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 4 access-class 102 in authorization exec local_author login authentication local_authen transport input telnet ssh ! scheduler allocate 20000 1000 ! end --More-R1#show acc ru R1#show acc R1#show acc R1#show acc R1#show acc R1#show acce R1#show access-li R1#show access-lists Standard IP access list 1 10 permit 192.168.1.0, wildcard bits 0.0.0.255 (17 matches) 20 deny any Extended IP access list 100 10 deny ip 10.1.1.0 0.0.0.3 any 20 deny ip host 255.255.255.255 any 30 deny ip 127.0.0.0 0.255.255.255 any 40 permit ip any any (2070 matches) Extended IP access list 101 10 deny ip 192.168.1.0 0.0.0.255 any 20 permit icmp any host 10.1.1.1 echo-reply (15 matches) 30 permit icmp any host 10.1.1.1 time-exceeded 40 permit icmp any host 10.1.1.1 unreachable 50 deny ip 10.0.0.0 0.255.255.255 any (409 matches) 60 deny ip 172.16.0.0 0.15.255.255 any 70 deny ip 192.168.0.0 0.0.255.255 any (4 matches) 80 deny ip 127.0.0.0 0.255.255.255 any 90 deny ip host 255.255.255.255 any 100 deny ip host 0.0.0.0 any 110 deny ip any any log Extended IP access list 102 10 permit ip 192.168.1.0 0.0.0.255 any 20 deny ip any any R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1#