Riverside_Rtr01#sh run
Building configuration...

Current configuration : 11713 bytes
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname Riverside_Rtr01
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
clock timezone pst -8
clock summer-time PDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
crypto pki trustpoint TP-self-signed-2815222778
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2815222778
 revocation-check none
 rsakeypair TP-self-signed-2815222778
!
!
crypto pki certificate chain TP-self-signed-2815222778
 certificate self-signed 01
  30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383135 32323237 3738301E 170D3038 30363035 31373339
  33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38313532
  32323737 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B96A E150AB25 E500F7D2 D65FA819 6EE71EE2 632DEA14 E28ADB1F 4C10F9D3
  B0372BE1 1A4F5455 1D7A29C0 CA271127 D91C861D F5925AC1 C23F8F78 A631964D
  018CD768 3F97025C 83D573C9 844C3D6B 059012CA 54C78426 43C3C012 8D4EDDE4
  19329C8C A7D05C14 FC1C77C9 713A8003 803A821E E7E5604D 4842F086 736602AA
  CC970203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
  551D1104 22302082 1E526976 65727369 64655F52 74723031 2E76616C 6C657962
  6C6F782E 636F6D30 1F060355 1D230418 30168014 7F8164BF AA91A1EB DAD0C34E
  83904E84 36907BB1 301D0603 551D0E04 1604147F 8164BFAA 91A1EBDA D0C34E83
  904E8436 907BB130 0D06092A 864886F7 0D010104 05000381 81003BAC 22D11849
  863239E2 3A33C5E0 C68718A7 73C73939 3494CE8C 4959BB5D F9349F27 6371CE6B
  D016CEE3 565BBC70 D62ADDE0 88FA839B A9638357 1833643F 67ED3473 0FB08D12
  980B45B4 4074BCD2 8F773146 D56D5708 7BC5D031 7F1EF6FD 26787A49 AEAE887B
  DDAE13AD A1F08EF3 778B67B3 8112358E BA742384 E2E71936 7289
        quit
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key vbkey address XX.XX.XX.138
crypto isakmp keepalive 30
!
!
crypto ipsec transform-set vbset esp-des esp-md5-hmac
!
crypto map vbmap local-address FastEthernet0/0
crypto map vbmap 10 ipsec-isakmp
 set peer XX.XX.XX.XX
 set transform-set vbset
 match address VPN_WAN
 qos pre-classify
!
no ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.3.12.200 10.3.12.254
ip dhcp excluded-address 10.4.12.200 10.4.12.254
!
ip dhcp pool Riverside_Voice
   network 10.4.12.0 255.255.255.0
   default-router 10.4.12.254
   option 150 ip 10.2.1.21
   dns-server 10.2.0.10 10.2.0.32
!
ip dhcp pool Riverside_Data
   network 10.3.12.0 255.255.255.0
   netbios-node-type h-node
   default-router 10.3.12.254
   netbios-name-server 10.2.0.10 10.2.0.32
   dns-server 10.2.0.10 10.2.0.32 
!
!
no ip domain lookup
ip domain name valleyblox.com
ip multicast-routing
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
ip inspect name firewall icmp audit-trail on
!
!
multilink bundle-name authenticated
!
!
trunk group  POTS
!
!
voice call carrier capacity active
voice rtp send-recv
!
voice service pots
!
voice service voip
 fax protocol pass-through g711ulaw
 h323
  no h225 timeout keepalive
 modem passthrough nse codec g711ulaw
!
!
voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g729r8
!
!
!
voice class h323 1
 h225 timeout tcp establish 3
!
!
!
!
!
!
!
!
!
!
voice-card 0
 no dspfarm
!
!
!
username p360 privilege 15 secret 5 $1$LeXB$9jXR5eaVeaaxX7T9ljYwv/
username vb privilege 15 secret 5 $1$dMx2$Jvxkc2qKNj2.v.EqrPZh9/
archive
 log config
  hidekeys
!
!
ip telnet source-interface Vlan300
!
class-map match-any VOICE
 match ip dscp ef
class-map match-any VOICE-CTRL
 match ip dscp af31
 match ip dscp cs3
 match access-group name QoS_CallControl
!
!
policy-map WAN-EDGE-T1
 class VOICE
  priority 128
 class VOICE-CTRL
  bandwidth 12
 class class-default
  fair-queue
!
!
!
!
!
interface Loopback0
 ip address 10.254.254.29 255.255.255.255
 ip pim sparse-mode
!
interface Tunnel0
 description *** HBG GRE Tunnel ***
 ip address 10.1.2.94 255.255.255.252
 ip pim sparse-mode
 load-interval 30
 qos pre-classify
 tunnel source Loopback0
 tunnel destination 10.254.254.20
!
interface FastEthernet0/0
 description Connection to DSL Router
 ip address XX.XX.XX.61 255.255.255.252
 ip nat outside
 ip inspect firewall out
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map vbmap
 service-policy output WAN-EDGE-T1
!
interface FastEthernet0/1/0
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/1
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/2
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/3
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/4
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/5
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/6
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/7
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface FastEthernet0/1/8
 switchport access vlan 300
 switchport trunk native vlan 300
 switchport mode trunk
 switchport voice vlan 400
 spanning-tree portfast
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan300
 ip address 10.3.12.254 255.255.255.0
 ip pim sparse-mode
 ip nat inside
 ip virtual-reassembly
 h323-gateway voip interface
 h323-gateway voip bind srcaddr 10.3.12.254
!
interface Vlan400
 ip address 10.4.12.254 255.255.255.0
 ip pim sparse-mode
 ip virtual-reassembly
!
router eigrp 10
 network 10.0.0.0
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 XX.XX.XX.62
ip route 10.254.254.20 255.255.255.255 FastEthernet0/0
!
!
ip http server
ip http authentication local
ip http secure-server
ip pim rp-address 10.254.254.1
ip nat inside source list nat interface FastEthernet0/0 overload
!
ip access-list extended QoS_CallControl
 remark Match VoIP Control Traffic
 remark SCCP
 permit tcp any any range 2000 2002
 remark H323 Fast Start
 permit tcp any any eq 1720
 remark H323 Slow Start
 permit tcp any any range 11000 11999
 remark MGCP
 permit udp any any eq 2427
ip access-list extended SRST
 deny   tcp any any eq 2000
 permit ip any any
ip access-list extended VPN_Traffic
 remark VPN
 permit udp any any eq isakmp
 permit esp any any
ip access-list extended VPN_WAN
 permit ip host 10.254.254.29 host 10.254.254.20
ip access-list extended nat
 permit ip 10.3.12.0 0.0.0.255 any
ip access-list extended perimeter
 permit udp any eq ntp any eq ntp
 remark ****************************************************
 remark *****       Allow DHCP and        *****
 remark ***************************************************
 permit udp host XX.XX.XX.138 host XX.XX.97.17 eq isakmp
 permit udp host XX.XX.XX.138 host XX.XX.97.17 eq non500-isakmp
 permit icmp host XX.XX.XX.XX any echo
 permit gre any any
 permit esp any any
 permit tcp XX.XX.XX.0 0.0.0.255 any eq 22
 deny   tcp any any eq 22 log
 deny   tcp any any eq 443 log
 remark ****************************************************
 remark *****      Deny all 0 or 255 IP addresses      *****
 remark ***************************************************
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 remark ****************************************************
 remark *****            Legitimate Traffic            *****
 remark ***************************************************
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 permit ip any any log
!
logging origin-id hostname
logging source-interface Vlan300
logging 10.2.0.11
logging 10.2.0.205
!
!
!
!
!
!
control-plane
!
!
!
voice-port 0/0/0
 connection plar 4436
 shutdown
!
voice-port 0/0/1
 shutdown
!
voice-port 0/0/2
 shutdown
!
voice-port 0/0/3
 shutdown
!
voice-port 0/1/0
 trunk-group POTS
 input gain 6
 connection plar opx 1830
!
voice-port 0/1/1
 shutdown
!
voice-port 0/1/2
 shutdown
!
voice-port 0/1/3
 shutdown
!
voice-port 0/4/0
 auto-cut-through
 signal immediate
 input gain auto-control
 description Music On Hold Port
!
ccm-manager music-on-hold
!
!
!
!
dial-peer voice 1 pots
 incoming called-number .
 direct-inward-dial
!
dial-peer voice 2 pots
 trunkgroup POTS
 destination-pattern 9T
 progress_ind setup enable 3
 progress_ind connect enable 8
!
dial-peer voice 100 voip
 modem passthrough nse codec g711ulaw
 voice-class codec 1
 incoming called-number .
 dtmf-relay h245-alphanumeric
 fax-relay ecm disable
 fax rate disable
 no vad
voice-class codec 1
voice-class h323 1
!
dial-peer voice 101 voip
 preference 1
 destination-pattern 1...
 progress_ind setup enable 3
 modem passthrough nse codec g711ulaw
 voice-class codec 1
 session target ipv4:10.2.1.22
 dtmf-relay h245-alphanumeric
 fax-relay ecm disable
 fax rate disable
 no vad
voice-class codec 1
voice-class h323 1
!
dial-peer voice 102 voip
 preference 2
 destination-pattern 1...
 progress_ind setup enable 3
 modem passthrough nse codec g711ulaw
 voice-class codec 1
 session target ipv4:10.2.1.21
 dtmf-relay h245-alphanumeric
 fax-relay ecm disable
 fax rate disable925
 no vad
voice-class codec 1
voice-class h323 1
!
!
num-exp 911 9911
!
!
call-manager-fallback
 secondary-dialtone 9
 max-conferences 4 gain -6
 transfer-system full-consult
 ip source-address 10.3.12.254 port 2000
 max-ephones 12
 max-dn 48 dual-line
 system message primary Phone System Fallback Enabled
 alias 1 9513591725 to 1830 preference 1
!
banner exec ^CCCC

                |             |
               |||           |||
              |||||         |||||
       .....:|||||||:.....:|||||||:.....
            C i s c o S y s t e m s


^C
banner motd ^CCCC
************************************************************
*  WARNING! WARNING! WARNING! WARNING! WARNING! WARNING!   *
************************************************************
* Access to and use of this device and/or other devices is *
* restricted to authorized users only. Unauthorized        *
* individuals attempting to access this device may be      *
* subject to prosecution.                                  *
************************************************************
^C
!
line con 0
 exec-timeout 30 0
 login local
 no modem enable
line aux 0
 login local
 transport input all
 stopbits 1
 flowcontrol hardware
line vty 0 4
 privilege level 15
 password 7 111C1D0013170E1E05
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 password 7 03115F0E020A245E4F
 login local
 transport input telnet ssh
!
ntp clock-period 17180448
ntp server 192.5.41.209

!
webvpn cef
end