show run
Building configuration...

Current configuration : 6645 bytes
!
! Last configuration change at 13:23:00 EDT Wed May 7 2008
! NVRAM config last updated at 13:23:37 EDT Wed May 7 2008
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
no service password-encryption
!
hostname Router-871
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
enable secret 5 xxxxxx
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
!
!
!
!
!
!
crypto ipsec client ezvpn RBH-VPN
 connect auto
 group HardwareClient key xxxxxx
 local-address FastEthernet4
 mode network-extension
 peer 123.123.123.123
 username router1 password xxxxxx
 xauth userid mode local
!
!
crypto pki trustpoint TP-self-signed-2592971177
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2592971177
 revocation-check none
 rsakeypair TP-self-signed-2592971177
!
!
crypto pki certificate chain TP-self-signed-2592971177
 certificate self-signed 01
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
        quit
no ip dhcp use vrf connected
!
!
ip dhcp pool DHCP
   import all
   network 172.16.15.0 255.255.255.0
   default-router 172.16.15.1
   domain-name rbh.local
   option 150 ip 10.5.9.11
   dns-server 10.1.19.94 10.1.19.84
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW skinny
ip inspect name SDM_LOW sip
no ip domain lookup
ip domain name rbh.local
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet1
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet2
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet3
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet4
 description Outside (Public) Network$FW_OUTSIDE$
 ip address dhcp client-id FastEthernet4
 ip access-group 101 in
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 crypto ipsec client ezvpn RBH-VPN
!
interface Vlan1
 description Inside (Private) Network$FW_INSIDE$
 ip address 172.16.15.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 crypto ipsec client ezvpn RBH-VPN inside
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source route-map EZVPN interface FastEthernet4 overload
!
ip access-list extended NO-NAT
 deny   ip 172.16.0.0 0.0.255.255 10.0.0.0 0.255.255.255
 permit ip any any
!
logging source-interface Vlan1
logging 10.1.1.147
access-list 100 remark ---------------VLAN1/VPN Access List---------------
access-list 100 remark ------Block broadcasts
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 remark ------Permit everything else
access-list 100 permit ip any any
access-list 101 remark ---------------WAN Access List---------------
access-list 101 remark ------Permit DHCP
access-list 101 permit udp any any eq bootpc
access-list 101 permit udp any any eq bootps
access-list 101 remark ------Permit NTP
access-list 101 permit udp host 216.218.192.202 eq ntp any eq ntp
access-list 101 permit udp host 216.218.254.202 eq ntp any eq ntp
access-list 101 remark ------Permit Cisco VPN Concentrator related traffic
access-list 101 permit udp host 123.123.123.123 any eq 10000
access-list 101 permit udp host 123.123.123.123 any eq non500-isakmp
access-list 101 permit udp host 123.123.123.123 any eq isakmp
access-list 101 permit esp host 123.123.123.123 any
access-list 101 permit ahp host 123.123.123.123 any
access-list 101 remark ------Block broadcasts
access-list 101 deny   ip 172.16.15.0 0.0.0.255 any
access-list 101 remark ------Permit ICMP
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 remark ------Deny Everything Else
access-list 101 deny   ip any any log
no cdp run

!
!
route-map EZVPN permit 10
 match ip address NO-NAT
!
!
control-plane
!
banner login ^C
For Help, please contact RBH Helpdesk at XXX-XXX-XXXX^C
banner motd ^C
Property of Robinson, Bradshaw & Hinson, P.A.
Unauthorized Use Prohibited
^C
!
line con 0
 password XXXXX
 login
 no modem enable
 transport preferred none
 transport output all
line aux 0
 password XXXXX
 login
 transport preferred none
 transport output all
line vty 0 4
 password XXXXX
 login
 transport preferred none
 transport input all
 transport output all
!
scheduler max-task-time 5000
ntp logging
ntp clock-period 17175775
ntp source FastEthernet4
ntp server 216.218.192.202 source FastEthernet4
ntp server 216.218.254.202 source FastEthernet4 prefer

!
webvpn cef
end