R1

show run Building configuration... Current configuration : 6252 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname R1 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$Ycbi$Y2Dz6clB5huH4IlWdmuAN1 ! aaa --More-new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! aaa session-id common memory-size iomem 15 no ip source-route ! ! ip cef ! ! no ip bootp server no ip domain lookup ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip--More-inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive

ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! voice-card 0 no dspfarm ! ! ! ! ! !--More-! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-4116096827 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4116096827 revocation-check none rsakeypair TP-self-signed-4116096827 ! ! crypto pki certificate chain TP-self-signed-4116096827 certificate self-signed 01 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34313136 30393638 3237301E 170D3038 31323232 32303435 35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31313630 39363832 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 --More-8100E3CE AD08CBA1 731EFB40 38D8158A 590F81CE 9889E85B FD71949A C7AE8B03 9CB54259 5CA623A4 54A1D8CB BABA0EFE 960B6888 27F542E4 203C5375 03CE79F7 5F39918B BAB20541 141182FA F9195558 0AC8CA4A DB644856 3B356280 DF6CAB25 DB4E9F31 F3038BDD 43B96EB9 505C17CE E61E1D70 7BFEB0EA B97FCE75 8A1BCCAD 3D670203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603 551D1104 06300482 02523130 1F060355 1D230418 30168014 19AD8243 669168A3 06208031 AB9A2E8C A8864A29 301D0603 551D0E04 16041419 AD824366 9168A306 208031AB 9A2E8CA8 864A2930 0D06092A 864886F7 0D010104 05000381 8100C79A 4A348522 8063F35D C9C33F7D 23D2E9AE 77CEFA82 E3964DD8 FCF318D5 A0600C1F 9913DA53 53784841 1F1710B6 357620AA 0B923C7F 373E7CE8 13EFC438 1F43AB00 84F9A360 C2F94623 9336EC88 3CF83D06 53A716AC 0D9AFDCD AEF0847A 82F76E37 8C7F434A DF4C7AC1 C6F6081E 294762A3 26902876 D39A4AD6 5F65A5D1 C00C quit username admin privilege 15 secret 5 $1$X4Tn$BnvORFW.bYcrFLmVkSddQ/ ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! ! !--More-interface Null0 no ip unreachables

! interface FastEthernet0/0 description $FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown duplex auto --More-speed auto no mop enabled ! interface Serial0/0/0 description $FW_OUTSIDE$ ip address 10.1.1.1 255.255.255.252 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip inspect SDM_LOW out ip route-cache flow no fair-queue clock rate 64000 ! interface Serial0/0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown --More-clock rate 2000000 ! interface Serial0/1/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown clock rate 2000000 ! interface Serial0/1/1 no ip address no ip redirects no ip unreachables no ip proxy-arp

ip route-cache flow shutdown clock rate 2000000 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Serial0/0/0 !--More-! ip http server ip http access-class 1 ip http authentication local ip http secure-server ! logging trap debugging logging 192.168.1.3 access-list 1 remark HTTP Access-class list access-list 1 remark SDM_ACL Category=1 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 deny any access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip 10.1.1.0 0.0.0.3 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 deny ip 192.168.1.0 0.0.0.255 any access-list 101 permit icmp any host 10.1.1.1 echo-reply access-list --More-- 101 permit icmp any host 10.1.1.1 time-exceeded access-list 101 permit icmp any host 10.1.1.1 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log access-list 102 remark VTY Access-class list access-list 102 remark SDM_ACL Category=1 access-list 102 permit ip 192.168.1.0 0.0.0.255 any access-list 102 deny ip any any no cdp run ! ! ! ! control-plane ! ! ! ! !--More-! ! ! ! banner login ^CBatmaaaaan^C ! line con 0

logging synchronous login authentication local_authen transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 4 access-class 102 in authorization exec local_author login authentication local_authen transport input telnet ssh ! scheduler allocate 20000 1000 ! end --More-R1#show acc ru R1#show acc R1#show acc R1#show acc R1#show acc R1#show acce R1#show access-li R1#show access-lists Standard IP access list 1 10 permit 192.168.1.0, wildcard bits 0.0.0.255 (17 matches) 20 deny any Extended IP access list 100 10 deny ip 10.1.1.0 0.0.0.3 any 20 deny ip host 255.255.255.255 any 30 deny ip 127.0.0.0 0.255.255.255 any 40 permit ip any any (2070 matches) Extended IP access list 101 10 deny ip 192.168.1.0 0.0.0.255 any 20 permit icmp any host 10.1.1.1 echo-reply (15 matches) 30 permit icmp any host 10.1.1.1 time-exceeded 40 permit icmp any host 10.1.1.1 unreachable 50 deny ip 10.0.0.0 0.255.255.255 any (409 matches) 60 deny ip 172.16.0.0 0.15.255.255 any 70 deny ip 192.168.0.0 0.0.255.255 any (4 matches) 80 deny ip 127.0.0.0 0.255.255.255 any 90 deny ip host 255.255.255.255 any 100 deny ip host 0.0.0.0 any 110 deny ip any any log Extended IP access list 102 10 permit ip 192.168.1.0 0.0.0.255 any 20 deny ip any any R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1#

R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1# R1#