!
version 12.3
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname rt-1
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
logging buffered 16384 debugging
no logging console
enable secret 5 $1$xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username foobar secret 5 $1$xxxxxxxxxxxxxxxxxxxxxxxxxxx
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
no aaa new-model
ip subnet-zero
no ip source-route
!
ip domain name 0x1b.ch
ip name-server 212.25.17.162
no ip bootp server
ip ftp username cisco
ip ftp password 7 xxxxxxxxxxxxxxxxxx
ip cef
ip flow-cache feature-accelerate
ip ids po max-events 100
ipv6 unicast-routing
ipv6 cef
no ftp-server write-enable
isdn switch-type basic-net3
!
interface Tunnel2002
description 6to4 tunnel (RFC3068)
no ip address
no ip redirects
ipv6 address 2002:D419:11A1::1/128
tunnel source Ethernet0
tunnel mode ipv6ip 6to4
!
interface Ethernet0
description public LAN
ip address 212.25.17.161 255.255.255.240
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
ipv6 address 2001:8E0:1006::1/64
ipv6 address 2001:8E0:1006::/64 eui-64
ipv6 verify unicast reverse-path
no cdp enable
!
interface Ethernet2
description private LAN
ip address 172.16.0.1 255.255.0.0
ip verify unicast reverse-path
ip helper-address 212.25.17.162
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
ipv6 address 2001:8E0:1006:1::1/64
ipv6 address 2001:8E0:1006:1::/64 eui-64
ipv6 verify unicast reverse-path
no cdp enable
!
interface BRI0
description ISDN interface
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
isdn tei-negotiation first-call
isdn answer1 0123456789
isdn calling-number 0123456789
no cdp enable
!
interface ATM0
description ADSL interface
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode etsi
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Virtual-Template1
no ip address
!
interface Dialer1
description ADSL link to Dolphins (212.25.16.173 - 212.25.27.44)
bandwidth 600
ip address negotiated
ip access-group frominet in
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
no ip mroute-cache
dialer pool 1
dialer-group 1
ipv6 address autoconfig
ipv6 traffic-filter frominet6 in
ipv6 virtual-reassembly
no cdp enable
ppp authentication chap callin
ppp chap hostname login@example.com
ppp chap password 7 xxxxxxxxxxxxxxxxxx
!
interface Dialer2
description ISDN link to Dolphins (212.25.29.216 - 212.25.28.83)
bandwidth 128
ip address negotiated
ip access-group frominet in
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
no ip mroute-cache
load-interval 60
dialer pool 2
dialer string 0840840730
dialer hold-queue 25 timeout 30
dialer load-threshold 200 either
dialer watch-group 2
dialer-group 2
no cdp enable
ppp authentication chap callin
ppp chap hostname login
ppp chap password 7 xxxxxxxxxxxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 212.25.27.44
ip route 0.0.0.0 0.0.0.0 Dialer2 80
!
no ip http server
no ip http secure-server
ip nat inside source route-map main interface Dialer1 overload
ip nat inside source route-map secondary interface Dialer2 overload
!
ip access-list standard management
remark Remote access to Router
permit 212.25.17.160 0.0.0.15
deny any
ip access-list standard private
remark Private IP ranges
permit 10.0.0.0 0.255.255.255
permit 172.0.0.0 0.240.255.255
permit 192.168.0.0 0.0.255.255
deny any
!
ip access-list extended frominet
remark Filter traffic from internet
deny ip host 255.255.255.255 any
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 204.152.64.0 0.0.1.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 224.0.0.0 15.255.255.255 any
deny ip 240.0.0.0 7.255.255.255 any
deny ip 248.0.0.0 7.255.255.255 any
deny ip 212.25.17.160 0.0.0.15 any
permit udp any eq domain any
permit udp any eq ntp any
permit udp any eq isakmp any
permit udp any eq talk any
permit udp any eq 518 any
deny udp any range 0 1023 any
deny udp any eq 2049 any
deny tcp any range exec cmd any
deny tcp any eq 2049 any
deny tcp any range 6000 6099 any
deny tcp any eq 7100 any
deny tcp any eq 7101 any
deny tcp any eq 16001 any
permit ip any any
logging trap debugging
logging 212.25.17.162
dialer watch-list 2 ip 212.25.27.44 255.255.255.255
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
dialer-list 2 protocol ip permit
snmp-server community public RO management
snmp-server location Obstalden
snmp-server contact beat@0x1b.ch
snmp-server enable traps tty
snmp-server enable traps config
snmp-server tftp-server-list management
no cdp run
ipv6 route 2002::/16 Tunnel2002
ipv6 route ::/0 Dialer1
!
route-map main permit 10
description NAT on ADSL
match ip address private
match interface Dialer1
!
route-map secondary permit 10
description NAT on ISDN
match ip address private
match interface Dialer2
!
ipv6 access-list frominet6
remark Filter traffic from internet
permit udp any eq domain any
permit udp any eq ntp any
permit udp any eq isakmp any
permit udp any eq talk any
permit udp any eq 518 any
deny udp any range 0 1023 any
deny udp any eq 2049 any
deny tcp any range exec cmd any
deny tcp any eq 2049 any
deny tcp any range 6000 6099 any
deny tcp any eq 7100 any
deny tcp any eq 7101 any
deny tcp any eq 16001 any
permit ipv6 any any
!
ipv6 access-list management6
remark Remote access to Router
permit ipv6 2001:8E0:1006::/64 any
deny ipv6 any any
!
control-plane
!
banner exec ^C
Hopefully you know what you are doing ;-)
^C
banner motd ^C
..............................................................................
: rt-1.0x1b.ch :
: :
: ADSL / ISDN uplink Obstalden :
: Cisco 836 managed by Beat Rubischon :
:............................................................................:
^C
alias exec w copy running-config startup-config
alias exec v show running-config
alias exec b show ip interface brief
alias exec c configure terminal
alias exec n copy running-config ftp
!
line con 0
exec-timeout 60 0
no modem enable
history size 256
transport preferred none
transport output all
stopbits 1
line aux 0
exec-timeout 60 0
transport preferred none
transport output all
line vty 0 4
access-class management in
exec-timeout 60 0
ipv6 access-class management6 in
login local
history size 256
transport preferred none
transport input telnet ssh
transport output all
line vty 5 61
access-class management in
exec-timeout 60 0
ipv6 access-class management6 in
login local
history size 256
transport preferred none
transport input telnet ssh
transport output all
!
exception protocol ftp
exception dump 212.25.17.162
scheduler max-task-time 5000
ntp authentication-key 1 md5 xxxxxxxxxxxxxxxx 7
ntp authentication-key 2 md5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 7
ntp authenticate
ntp trusted-key 1
ntp trusted-key 2
ntp clock-period 17180036
ntp master 6
ntp server 212.25.17.162
no rcapi server
!
end
|