! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname ! boot-start-marker boot system flash:c181x-advipservicesk9-mz.124-15.T7.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 52000 ! aaa new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! ! aaa session-id common clock timezone PST -8 clock summer-time PST recurring ! crypto pki trustpoint TP-self-signed-1717698609 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1717698609 revocation-check none rsakeypair TP-self-signed-1717698609 ! ! crypto pki certificate chain TP-self-signed-1717698609 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer dot11 syslog no ip source-route ! ! ip cef no ip dhcp use vrf connected ! ! no ip bootp server ip domain name mgvfs.mcleannet ip inspect log drop-pkt ip inspect name SDM_MEDIUM dns ip inspect name SDM_MEDIUM ftp ip inspect name SDM_MEDIUM h323 ip inspect name SDM_MEDIUM icmp ip inspect name SDM_MEDIUM imap reset ip inspect name SDM_MEDIUM pop3 reset ip inspect name SDM_MEDIUM realaudio ip inspect name SDM_MEDIUM esmtp ip inspect name SDM_MEDIUM sqlnet ip inspect name SDM_MEDIUM tftp ip inspect name SDM_MEDIUM tcp ip inspect name SDM_MEDIUM udp ip ips notify SDEE ip ips name sdm_ips_rule ! multilink bundle-name authenticated ! key chain EIGRP_KEY key 1 key-string 7 ! ! ! spanning-tree portfast bpduguard spanning-tree vlan 1 priority 8192 no spanning-tree vlan 1 spanning-tree vlan 2 priority 8192 no spanning-tree vlan 2 spanning-tree vlan 3 priority 8192 no spanning-tree vlan 3 ! ! crypto isakmp policy 2 encr aes authentication pre-share group 2 crypto isakmp key showmethe$ address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 3600 ! ! crypto ipsec transform-set DMVPN esp-aes esp-sha-hmac mode transport ! crypto ipsec profile SDM_Profile1 set transform-set DMVPN ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh version 2 ! class-map match-any AutoQoS-VoIP-Remark match ip dscp ef match ip dscp cs3 match ip dscp af31 class-map match-any AutoQoS-VoIP-Control-UnTrust match access-group name AutoQoS-VoIP-Control class-map match-any AutoQoS-VoIP-RTP-UnTrust match protocol rtp audio match access-group name AutoQoS-VoIP-RTCP match ip dscp ef ! ! policy-map AutoQoS-Policy-UnTrust class AutoQoS-VoIP-RTP-UnTrust priority percent 70 set dscp ef class AutoQoS-VoIP-Control-UnTrust bandwidth percent 5 set dscp af31 class AutoQoS-VoIP-Remark set dscp default class class-default fair-queue ! ! ! ! interface Tunnel0 bandwidth 1000 ip address no ip redirects ip mtu 1400 ip flow ingress ip flow egress ip authentication mode eigrp 50 md5 ip authentication key-chain eigrp 50 EIGRP_KEY ip nhrp authentication DMVPN_NW ip nhrp map ip nhrp map multicast ip nhrp network-id 100000 ip nhrp holdtime 360 ip nhrp nhs ip virtual-reassembly ip tcp adjust-mss 1360 ip summary-address eigrp 50 delay 1000 qos pre-classify tunnel source FastEthernet0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile SDM_Profile1 ! interface Null0 no ip unreachables ! interface FastEthernet0 description $FW_OUTSIDE$ ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip inspect SDM_MEDIUM out ip ips sdm_ips_rule in ip virtual-reassembly ip route-cache flow duplex auto speed auto max-reserved-bandwidth 100 ! interface FastEthernet1 ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 description trunk to switch switchport mode trunk ! interface Vlan1 ip address ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1360 ! interface Vlan2 ip address ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1360 ! interface Vlan3 ip address no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip tcp adjust-mss 1360 ! interface Async1 no ip address encapsulation slip ! router eigrp 50 passive-interface default no passive-interface Tunnel0 network no auto-summary eigrp stub connected summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.254 ! ip flow-export version 5 ip flow-export destination ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ip nat translation max-entries 2147483647 ip nat inside source list 1 interface FastEthernet1 overload ! ip access-list extended AutoQoS-VoIP-Control permit tcp any any eq 1720 permit tcp any any range 11000 11999 permit udp any any eq 2427 permit tcp any any eq 2428 permit tcp any any range 2000 2002 permit udp any any eq 1719 permit udp any any eq 5060 ip access-list extended AutoQoS-VoIP-RTCP permit udp any any range 16384 32767 ! ip sla responder ! ! route-map nonat permit 10 match ip address 151 ! ! ! ! control-plane ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 login authentication local transport preferred ssh ! end