Hub:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Vpn_hub
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered 52000 debugging
enable secret 5 lozinka
!
no aaa new-model
!
resource policy
!
clock timezone Prague 1
clock summer-time Prague date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
!
!
ip cef
!
!
ip domain name nstrznica.co.yu
ip name-server 192.168.168.2
ip name-server 194.247.192.33
ip name-server 194.247.192.1
!
voice-card 0
no dspfarm
!
crypto pki trustpoint TP-self-signed-757496410
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-757496410
revocation-check none
rsakeypair TP-self-signed-757496410
!
!
crypto pki certificate chain TP-self-signed-757496410
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
...
quit
username admin privilege 15 secret lozinka
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key abcd address 213.198.227.133
!
!
crypto ipsec transform-set Set1 esp-3des esp-sha-hmac
!
!
crypto map Map1 1 ipsec-isakmp
set peer 213.198.227.133
set transform-set Set1
match address 100
!
!
!
!
!
interface FastEthernet0/0
description Lokalna mreza$ETH-LAN$$FW_INSIDE$
ip address 192.168.168.254 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
description Internet veza
no ip address
no ip redirects
no ip proxy-arp
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
crypto map detelinara
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface Dialer1
mtu 1492
ip address 213.198.232.185 255.255.255.248
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication pap callin
ppp pap sent-username adsl.adsl@eunet password lozinka
crypto map Map1
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.10.10.0 255.255.255.0 Dialer1 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool nat-pool1 213.198.242.187 213.198.242.190 netmask 255.255.255.248
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip nat inside source static tcp 192.168.168.2 25 213.198.232.186 25 extendable
ip nat inside source static tcp 192.168.168.2 110 213.198.232.186 110 extendable
ip nat inside source static tcp 192.168.168.2 443 213.198.232.186 443 extendable
ip nat inside source static tcp 192.168.168.2 3389 213.198.232.186 3389 extendab
le
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit any
access-list 100 permit ip 192.168.168.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip 192.168.168.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip any any
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Neautorizovan pristup zabranjen
Unesite korisnicko ime i lozinku
-----------------------------------------------------------------------
^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
password 7 0107141E5502050E2F5F
login
transport input none
transport output none
line vty 5 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179829
ntp server 147.91.8.77 source Dialer1 prefer
ntp server 217.26.78.34 source Dialer1 prefer
ntp server 87.237.201.132 source Dialer1 prefer
!
end
Spoke:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ADSL
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
clock timezone Prague 1
clock summer-time Prague date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 194.247.192.33 194.247.192.1
lease 0 2
!
!
ip domain name yourdomain.com
ip name-server 194.247.192.33
ip name-server 194.247.192.1
vpdn enable
!
!
!
crypto pki trustpoint TP-self-signed-3605020521
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3605020521
revocation-check none
rsakeypair TP-self-signed-3605020521
!
!
crypto pki certificate chain TP-self-signed-3605020521
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363035 30323035 3231301E 170D3037 30383138 31383236
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36303530
32303532 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F6C6 DC4E5780 C7DD77C7 67BA216A B220FAE2 A4040BBA D5574820 C1AC8356
A1F37BF3 8774BB5C AEF036D8 484579F2 F28A214E 55C66B4C 5837F1F7 301F870C
0828F33A 06D673A8 3D9F0F85 4AFB8A7D 7807FB3C E0CA2260 C87DE765 94501F48
DF0A4022 B12B3332 DE51A341 A84AFA1B 0B25E0B0 2BF16E6E FB43675A 0740CCF2
42F10203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13414453 4C2E796F 7572646F 6D61696E 2E636F6D 301F0603
551D2304 18301680 143CB26F 0DE7330F 080098D1 901F95AF 2ACA9000 14301D06
03551D0E 04160414 3CB26F0D E7330F08 0098D190 1F95AF2A CA900014 300D0609
2A864886 F70D0101 04050003 818100C7 31E3E7B8 E4894F41 675CD915 9FF7D6E7
690C5D09 44C067D4 B955B27A C70A52CB 68C0068A 5131EF9A B7BB26FC 729C708A
5F706316 9B8DED1C 5E1F47EF 4E65515C D9179805 6D01D23C 4D086FED 0667B550
DE79A4FD 43D35960 19F2C7D7 9FAAEF1A 1A4B0AE4 050886C9 FB0C7AC5 95AF54E4
4284EBCC 1BBAD614 F1D7EE8E 52221D
quit
username admin privilege 15 secret lozinka
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key abcd address 213.198.232.185
!
!
crypto ipsec transform-set Set1 esp-3des esp-sha-hmac
!
crypto map Map1 1 ipsec-isakmp
set peer 213.198.232.185
set transform-set Set1
match address SDM_2
!
!
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
crypto map detelinara
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username adsl.trznicad@eunet password 0 trznicad1
crypto map Map1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.168.0 255.255.255.0 Dialer1 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static udp 10.10.10.222 4672 interface Dialer1 4672
ip nat inside source static tcp 10.10.10.222 4662 interface Dialer1 4662
!
ip access-list extended SDM_2
remark SDM_ACL Category=20
permit ip 10.10.10.0 0.0.0.255 192.168.168.0 0.0.0.255
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 10.10.10.0 0.0.0.255
no cdp run
!
control-plane
!
banner login ^CC
-----------------------------------------------------------------------
Neautorizovan pristup zabranjen
Unesite korisnihko ime i lozinku
-----------------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
Iskustvo je srazmerno količini uništene opreme ...