Building configuration... Current configuration : 12256 bytes ! ! hostname Spoke-Site4 ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings ! ! ! ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 192.168.240.1 192.168.240.20 ip dhcp excluded-address 192.168.240.220 192.168.240.254 ip dhcp excluded-address 10.1.5.1 10.1.5.149 ip dhcp excluded-address 10.1.5.200 10.1.5.254 ! ip dhcp pool Voice network 192.168.240.0 255.255.255.0 default-router 192.168.240.254 option 150 ip 192.168.5.10 ! ip dhcp pool Data network 10.1.5.0 255.255.255.0 default-router 10.1.5.220 dns-server 202.62.147.50 202.62.147.54 ! ! ! ip name-server 202.62.147.50 ip name-server 202.62.147.54 ip cef no ipv6 cef ! ! ! ! crypto pki trustpoint TP-self-signed-3310623135 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3310623135 revocation-check none rsakeypair TP-self-signed-3310623135 ! ! crypto pki certificate chain TP-self-signed-3310623135 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333130 36323331 3335301E 170D3133 30363237 32303235 30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33313036 32333133 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C12F 83F13D98 D45425B7 006A47A8 5478C1C1 52D0A516 1A4B7E65 0662A5C1 055544E4 B829C798 9D9298CE DE9F98C4 3D92F9E9 D0C660D2 435945C0 AE63E30D F2935AD0 91A6F9DD 833BAA0B 774ADCA8 CA3EC5C5 B4CE1B0F 50082253 092B60DB 52D600C1 3E9C4300 DDF5C08D CFC1DAF9 76539E83 FE12B08D 26B3E496 C1AC2EE1 125F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 144C999C 93988CFE D1A4A702 4D6D80AD 7D463208 E0301D06 03551D0E 04160414 4C999C93 988CFED1 A4A7024D 6D80AD7D 463208E0 300D0609 2A864886 F70D0101 05050003 818100C0 EC64A9B2 D09708E6 838396BE AB46ECD4 E96AF9F8 450FA5DB 5B91E1D5 B94C2BD9 49D876D5 9C63C518 79B55DC2 7CDDDDB7 8C348C93 28824043 C670B45B 3C54A0CA A8B1E04A 8FC49320 8EE54E4B ED23CF3C 8D8248F5 55F5E442 80E7DBFF 33FB2412 3BBACBDF A0640B6C 891094CC D041A151 029E3E81 93A4F064 3CB69666 155D93 quit ! ! username password EQ ! ! controller VDSL 0 shutdown ! ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key B1gtr33! address ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac mode tunnel crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac mode tunnel crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac mode tunnel ! ! ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel set peer set transform-set ESP-3DES-SHA match address 102 ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0 no ip address shutdown ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface GigabitEthernet0 switchport mode trunk no ip address ! interface GigabitEthernet1 ip address 192.168.120.2 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto crypto map SDM_CMAP_1 ! interface Vlan1 description $ETH_LAN$ ip address 10.1.5.220 255.255.255.0 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan240 ip address 192.168.240.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source static tcp 10.1.5.220 22 interface GigabitEthernet1 22 ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet1 overload ip route 0.0.0.0 0.0.0.0 192.168.120.1 ! ip sla auto discovery access-list 101 remark NAT access-list 101 remark CCP_ACL Category=2 access-list 101 remark Loopback 0 to Loopback 0 access-list 101 deny ip 192.168.41.0 0.0.0.255 192.168.31.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 230 access-list 101 deny ip 192.168.41.0 0.0.0.255 192.168.230.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 1 access-list 101 deny ip 192.168.41.0 0.0.0.255 10.1.4.0 0.0.0.255 access-list 101 remark VLAN 240 to Loopback 0 access-list 101 deny ip 192.168.240.0 0.0.0.255 192.168.31.0 0.0.0.255 access-list 101 remark VLAN 240 to VLAN 230 access-list 101 deny ip 192.168.240.0 0.0.0.255 192.168.230.0 0.0.0.255 access-list 101 remark VLAN 240 to VLAN 1 access-list 101 deny ip 192.168.240.0 0.0.0.255 10.1.4.0 0.0.0.255 access-list 101 remark VLAN 1 to Loopback 0 access-list 101 deny ip 10.1.5.0 0.0.0.255 192.168.31.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 230 access-list 101 deny ip 10.1.5.0 0.0.0.255 192.168.230.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 1 access-list 101 deny ip 10.1.5.0 0.0.0.255 10.1.4.0 0.0.0.255 access-list 101 remark Loopback 0 to Loopback 0 access-list 101 deny ip 192.168.41.0 0.0.0.255 192.168.21.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 220 access-list 101 deny ip 192.168.41.0 0.0.0.255 192.168.220.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 1 access-list 101 deny ip 192.168.41.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 101 remark VLAN 240 to Loopback 0 access-list 101 deny ip 192.168.240.0 0.0.0.255 192.168.21.0 0.0.0.255 access-list 101 remark VLAN 240 to VLAN 220 access-list 101 deny ip 192.168.240.0 0.0.0.255 192.168.220.0 0.0.0.255 access-list 101 remark VLAN 240 to VLAN 1 access-list 101 deny ip 192.168.240.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 101 remark VLAN 1 to Loopback 0 access-list 101 deny ip 10.1.5.0 0.0.0.255 192.168.21.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 220 access-list 101 deny ip 10.1.5.0 0.0.0.255 192.168.220.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 1 access-list 101 deny ip 10.1.5.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 101 remark Loopback 0 to Loopback 0 access-list 101 deny ip 192.168.41.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 210 access-list 101 deny ip 192.168.41.0 0.0.0.255 192.168.210.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 5 access-list 101 deny ip 192.168.41.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 1 access-list 101 deny ip 192.168.41.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 101 remark VLAN 240 to Loopback 0 access-list 101 deny ip 192.168.240.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 101 remark VLAN 240 to VLAN 210 access-list 101 deny ip 192.168.240.0 0.0.0.255 192.168.210.0 0.0.0.255 access-list 101 remark VLAN 240 to VLAN 5 access-list 101 deny ip 192.168.240.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 101 remark VLAN 240 to VLAN 1 access-list 101 deny ip 192.168.240.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 101 remark VLAN 1 to Loopback 0 access-list 101 deny ip 10.1.5.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 210 access-list 101 deny ip 10.1.5.0 0.0.0.255 192.168.210.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 5 access-list 101 deny ip 10.1.5.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 1 access-list 101 deny ip 10.1.5.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 101 remark VLAN 1 access-list 101 permit ip 10.1.5.0 0.0.0.255 any access-list 101 remark VLAN 240 access-list 101 permit ip 192.168.240.0 0.0.0.255 any access-list 102 remark VPN to Worrigee access-list 102 remark CCP_ACL Category=4 access-list 102 remark VLAN 1 to VLAN 1 access-list 102 permit ip 10.1.5.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 102 remark VLAN 1 to VLAN 5 access-list 102 permit ip 10.1.5.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 102 remark VLAN 1 to VLAN 210 access-list 102 permit ip 10.1.5.0 0.0.0.255 192.168.210.0 0.0.0.255 access-list 102 remark VLAN 1 to Loopback 0 access-list 102 permit ip 10.1.5.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 102 remark VLAN 240 to VLAN 1 access-list 102 permit ip 192.168.240.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 102 remark VLAN 240 to VLAN 5 access-list 102 permit ip 192.168.240.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 102 remark VLAN 240 to VLAN 210 access-list 102 permit ip 192.168.240.0 0.0.0.255 192.168.210.0 0.0.0.255 access-list 102 remark VLAN 240 to Loopback 0 access-list 102 permit ip 192.168.240.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 102 remark Loopback 0 to VLAN 1 access-list 102 permit ip 192.168.41.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 102 remark Loopback 0 to VLAN 5 access-list 102 permit ip 192.168.41.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 102 remark Loopback 0 to VLAN 210 access-list 102 permit ip 192.168.41.0 0.0.0.255 192.168.210.0 0.0.0.255 access-list 102 remark Loopback 0 to Loopback 0 access-list 102 permit ip 192.168.41.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 103 remark VPN to Burr access-list 103 remark CCP_ACL Category=4 access-list 103 remark VLAN 1 to VLAN 1 access-list 103 permit ip 10.1.5.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 103 remark VLAN 1 to VLAN 220 access-list 103 permit ip 10.1.5.0 0.0.0.255 192.168.220.0 0.0.0.255 access-list 103 remark VLAN 1 to Loopback 0 access-list 103 permit ip 10.1.5.0 0.0.0.255 192.168.21.0 0.0.0.255 access-list 103 remark VLAN 240 to VLAN 1 access-list 103 permit ip 192.168.240.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 103 remark VLAN 240 to VLAN 220 access-list 103 permit ip 192.168.240.0 0.0.0.255 192.168.220.0 0.0.0.255 access-list 103 remark VLAN 240 to Loopback 0 access-list 103 permit ip 192.168.240.0 0.0.0.255 192.168.21.0 0.0.0.255 access-list 103 remark Loopback 0 to VLAN 1 access-list 103 permit ip 192.168.41.0 0.0.0.255 10.1.2.0 0.0.0.255 access-list 103 remark Loopback 0 to VLAN 220 access-list 103 permit ip 192.168.41.0 0.0.0.255 192.168.220.0 0.0.0.255 access-list 103 remark Loopback 0 to Loopback 0 access-list 103 permit ip 192.168.41.0 0.0.0.255 192.168.21.0 0.0.0.255 access-list 104 remark VPN to North access-list 104 remark CCP_ACL Category=4 access-list 104 remark VLAN 1 to VLAN 1 access-list 104 permit ip 10.1.5.0 0.0.0.255 10.1.4.0 0.0.0.255 access-list 104 remark VLAN 1 to VLAN 230 access-list 104 permit ip 10.1.5.0 0.0.0.255 192.168.230.0 0.0.0.255 access-list 104 remark VLAN 1 to Loopback 0 access-list 104 permit ip 10.1.5.0 0.0.0.255 192.168.31.0 0.0.0.255 access-list 104 remark VLAN 240 to VLAN 1 access-list 104 permit ip 192.168.240.0 0.0.0.255 10.1.4.0 0.0.0.255 access-list 104 remark VLAN 240 to VLAN 230 access-list 104 permit ip 192.168.240.0 0.0.0.255 192.168.230.0 0.0.0.255 access-list 104 remark VLAN 240 to Loopback 0 access-list 104 permit ip 192.168.240.0 0.0.0.255 192.168.31.0 0.0.0.255 access-list 104 remark Loopback 0 to VLAN 1 access-list 104 permit ip 192.168.41.0 0.0.0.255 10.1.4.0 0.0.0.255 access-list 104 remark Loopback 0 to VLAN 230 access-list 104 permit ip 192.168.41.0 0.0.0.255 192.168.230.0 0.0.0.255 access-list 104 remark Loopback 0 to Loopback 0 access-list 104 permit ip 192.168.41.0 0.0.0.255 192.168.31.0 0.0.0.255 mac-address-table aging-time 15 ! route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! line con 0 exec-timeout 0 0 logging synchronous login local no modem enable line aux 0 line vty 0 4 exec-timeout 0 0 privilege level 15 logging synchronous login local transport input telnet ssh ! scheduler allocate 60000 1000 ntp master ! end Pioneer-Site4#