no service password-encryption ! hostname HQ-2901 ! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication login default local aaa authentication login ciscocp_vpn_xauth_ml_1 local aaa authentication login ciscocp_vpn_xauth_ml_2 local aaa authentication login ciscocp_vpn_xauth_ml_3 local aaa authentication login ciscocp_vpn_xauth_ml_4 local aaa authorization exec default local aaa authorization network ciscocp_vpn_group_ml_1 local aaa authorization network ciscocp_vpn_group_ml_2 local aaa authorization network ciscocp_vpn_group_ml_3 local aaa authorization network ciscocp_vpn_group_ml_4 local ! ! ! ! ! aaa session-id common ! ! no ipv6 cef ip source-route ip cef ! ! ! ip dhcp excluded-address 192.168.5.1 192.168.5.20 ip dhcp excluded-address 192.168.5.200 192.168.5.254 ip dhcp excluded-address 192.168.210.1 192.168.210.10 ip dhcp excluded-address 192.168.210.220 192.168.210.254 ip dhcp excluded-address 192.168.230.1 192.168.230.20 ip dhcp excluded-address 192.168.230.220 192.168.230.254 ! ip dhcp pool Server network 192.168.5.0 255.255.255.0 default-router 192.168.5.254 dns-server ! ip dhcp pool Voice network 192.168.210.0 255.255.255.0 default-router 192.168.210.254 option 150 ip 192.168.5.10 ! ip dhcp pool VG202 network 192.168.230.0 255.255.255.0 default-router 192.168.230.254 option 150 ip 192.168.5.10 ! ! ip domain name waminda.org.au ip name-server ip name-server ip name-server 8.8.8.8 ! multilink bundle-name authenticated ! ! ! ! ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-2657987659 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2657987659 revocation-check none rsakeypair TP-self-signed-2657987659 ! ! crypto pki certificate chain TP-self-signed-2657987659 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32363537 39383736 3539301E 170D3136 30393232 30303239 34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36353739 38373635 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100DF52 D3D691EB A930D699 3441106B 472DE471 F9539C67 0360E596 8DDFD8F4 2FFFA48A 0FBE59F8 02F6F783 91D01A27 5D7BCD7E EB08C4AA D035D9CD C696886A E2ECFEB7 568E29F5 5CC90E12 F8702671 A56DEB8C EA0B2287 1F38443A 0BFE53AE B292918A E290D867 4D407AD3 392AE250 1E9FE7D0 1C83BD39 6F61739C FB7A61CE 4BFB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 140FE590 3213E81B 60538205 4F49CB5E 76BFBDC6 F6301D06 03551D0E 04160414 0FE59032 13E81B60 5382054F 49CB5E76 BFBDC6F6 300D0609 2A864886 F70D0101 05050003 818100D7 A0610D9C D1027D74 F6B868ED CDC7FE69 FAC8BAFB B51A8E4C 9E58B70A 4B08962B 793091D2 B515E947 F61AC385 5D829005 490FD5A4 FAF72A03 26DBE94F 740C914D E0D588CB 10989DE4 34AA5073 18221E7E 52520F7E C902D1D4 87E3B91B 17BD7A88 415719D0 78863D74 9554CDAF 363AA9E0 BE677D8C 5B772C3C 6516637B 23EB97 quit voice-card 0 dspfarm dsp services dspfarm no local-bypass ! ! ! voice service voip ip address trusted list ipv4 10.1.1.0 255.255.255.0 ipv4 192.168.5.0 255.255.255.0 ipv4 192.168.210.0 255.255.255.0 ipv4 192.168.240.0 255.255.255.0 ipv4 10.1.5.0 255.255.255.0 ipv4 255.255.128.0 ipv4 255.255.0.0 ipv4 255.255.0.0 ipv4 255.255.255.255 address-hiding mode border-element allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 allow-connections sip to sip fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none sip error-passthru registrar server expires max 600 min 60 asserted-id pai outbound-proxy ipv4: early-offer forced midcall-signaling passthru privacy-policy passthru ! voice class codec 10 codec preference 1 g711alaw codec preference 2 g711ulaw codec preference 3 g729r8 ! ! ! ! voice translation-rule 1 rule 1 /^00/ /000/ rule 2 /^01/ /001/ rule 3 /^02/ /002/ rule 4 /^03/ /003/ rule 5 /^04/ /004/ rule 6 /^05/ /005/ rule 7 /^06/ /006/ rule 8 /^07/ /007/ rule 9 /^08/ /008/ rule 10 /^09/ /009/ ! voice translation-rule 2 rule 5 /.*/ /700/ ! voice translation-rule 3 rule 5 /^1..$/ // ! voice translation-rule 4 rule 1 /^0/ // ! ! voice translation-profile INBOUND-PSTN-XLATE translate calling 1 translate called 2 translate redirect-target 2 translate redirect-called 2 ! voice translation-profile OUTBOUND-PSTN-XLATE translate calling 3 translate called 4 translate redirect-target 3 translate redirect-called 3 ! ! ! username username password ! redundancy ! ! ! ! ip ssh version 2 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key address ! crypto isakmp client configuration group key dns 8.8.8.8 wins 8.8.8.8 pool SDM_POOL_1 acl 199 max-users 10 netmask 255.255.255.0 crypto isakmp profile ciscocp-ike-profile-1 match identity group Basscom-VPN client authentication list ciscocp_vpn_xauth_ml_4 isakmp authorization list ciscocp_vpn_group_ml_4 client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA6 esp-3des esp-sha-hmac ! crypto ipsec profile CiscoCP_Profile1 set transform-set ESP-3DES-SHA6 set isakmp-profile ciscocp-ike-profile-1 ! ! crypto map SDM_CMAP_1 3 ipsec-isakmp description Tunnel set peer set transform-set ESP-3DES-SHA2 match address 104 ! ! ! ! ! interface Loopback0 ip address 192.168.11.1 255.255.255.0 ! interface Loopback1 no ip address ! interface Loopback2 ip address 192.168.10.1 255.255.255.0 ! interface Loopback3 no ip address ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.1.1.220 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/0.5 encapsulation dot1Q 5 ip address 192.168.5.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/0.210 encapsulation dot1Q 210 ip address 192.168.210.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/0.230 encapsulation dot1Q 230 ip address 192.168.230.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1 description Connect to Exetel-Internet no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 crypto map SDM_CMAP_1 ! interface Virtual-Template1 type tunnel ip unnumbered Loopback3 tunnel mode ipsec ipv4 tunnel protection ipsec profile CiscoCP_Profile1 ! interface Dialer1 description Internet mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp no ip route-cache ip tcp adjust-mss 1436 dialer pool 1 ppp chap hostname ppp chap password 0 ppp pap sent-username password crypto map SDM_CMAP_1 ! ip local pool SDM_POOL_1 192.168.5.230 192.168.5.240 ip forward-protocol nd ! ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload ip nat inside source static tcp 10.1.1.4 25 25 extendable ip nat inside source static tcp 10.1.1.4 443 443 extendable ip nat inside source static tcp 10.1.1.240 3389 6001 extendable ip nat inside source static udp 10.1.1.240 3389 6001 extendable ip nat inside source static tcp 10.1.1.10 13000 13000 extendable ip nat inside source static udp 10.1.1.10 13000 13000 extendable ip nat inside source static tcp 10.1.1.10 14000 14000 extendable ip nat inside source static udp 10.1.1.10 14000 14000 extendable ip nat inside source static tcp 10.1.1.10 14001 14001 extendable ip nat inside source static udp 10.1.1.10 14001 14001 extendable ip nat inside source static tcp 10.1.1.10 15000 15000 extendable ip nat inside source static udp 10.1.1.10 15000 15000 extendable ip nat inside source static udp 10.1.1.2 17445 17445 route-map No-VPN-NAT-2 extendable ip nat inside source static tcp 10.1.1.2 17988 17988 route-map No-VPN-NAT-2 extendable ip nat inside source static udp 10.1.1.2 17988 17988 route-map No-VPN-NAT-2 extendable ip nat inside source static tcp 10.1.1.2 17990 17990 route-map No-VPN-NAT-2 extendable ip nat inside source static udp 10.1.1.2 17990 17990 route-map No-VPN-NAT-2 extendable ip route 0.0.0.0 0.0.0.0 Dialer1 ! access-list 101 remark NAT access-list 101 remark CCP_ACL Category=2 access-list 101 remark Loopback 0 access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 240 access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 101 remark Loopback 0 to VLAN 1 access-list 101 deny ip 192.168.11.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 101 remark VLAN 210 to Loopback 0 access-list 101 deny ip 192.168.210.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 101 remark VLAN 210 to VLAN 240 access-list 101 deny ip 192.168.210.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 101 remark VLAN 210 to VLAN 1 access-list 101 deny ip 192.168.210.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 101 remark VLAN 5 to Loopback 0 access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 101 remark VLAN 5 to VLAN 240 access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 101 remark VLAN 5 to VLAN 1 access-list 101 deny ip 192.168.5.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 101 remark VLAN 1 to Loopback 0 access-list 101 deny ip 10.1.1.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 240 access-list 101 deny ip 10.1.1.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 101 remark VLAN 1 to VLAN 1 access-list 101 deny ip 10.1.1.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 101 permit ip 10.1.1.0 0.0.0.255 any access-list 101 permit ip 192.168.5.0 0.0.0.255 any access-list 101 permit ip 192.168.210.0 0.0.0.255 any access-list 104 remark VPN to Pioneer access-list 104 remark CCP_ACL Category=4 access-list 104 remark VLAN 1 to VLAN 1 access-list 104 permit ip 10.1.1.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 104 remark VLAN 1 to VLAN 240 access-list 104 permit ip 10.1.1.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 104 remark VLAN 1 to Loopback 0 access-list 104 permit ip 10.1.1.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 104 remark VLAN 5 to VLAN 1 access-list 104 permit ip 192.168.5.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 104 remark VLAN 5 to VLAN 240 access-list 104 permit ip 192.168.5.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 104 remark VLAN 5 to Loopback 0 access-list 104 permit ip 192.168.5.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 104 remark VLAN 210 to VLAN 1 access-list 104 permit ip 192.168.210.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 104 remark VLAN 210 to VLAN 240 access-list 104 permit ip 192.168.210.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 104 remark VLAN 210 to Loopback 0 access-list 104 permit ip 192.168.210.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 104 remark Loopback 0 to VLAN 1 access-list 104 permit ip 192.168.11.0 0.0.0.255 10.1.5.0 0.0.0.255 access-list 104 remark Loopback 0 to VLAN 240 access-list 104 permit ip 192.168.11.0 0.0.0.255 192.168.240.0 0.0.0.255 access-list 104 remark Loopback 0 access-list 104 permit ip 192.168.11.0 0.0.0.255 192.168.41.0 0.0.0.255 access-list 140 remark Deny Worrigee subnet being routed in via port forward access-list 140 deny ip host 10.1.1.2 10.1.1.0 0.0.0.255 access-list 140 deny ip host 10.1.1.2 10.1.5.0 0.0.0.255 access-list 199 permit ip 192.168.5.0 0.0.0.255 any access-list 199 permit ip 10.1.1.0 0.0.0.255 any access-list 199 permit ip 192.168.230.0 0.0.0.255 any ! ! ! ! route-map NO-VPN-NAT-2 permit 1 match ip address 140 ! route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! ! ! ! control-plane ! ! voice-port 0/0/0 supervisory disconnect dualtone mid-call compand-type a-law timeouts call-disconnect 3 timeouts wait-release 3 timing hookflash-out 50 timing guard-out 1000 ! voice-port 0/0/1 supervisory disconnect dualtone mid-call compand-type a-law timeouts call-disconnect 3 timeouts wait-release 3 timing hookflash-out 50 timing guard-out 1000 ! voice-port 0/0/2 supervisory disconnect dualtone mid-call compand-type a-law timeouts call-disconnect 3 timeouts wait-release 3 timing hookflash-out 50 timing guard-out 1000 ! voice-port 0/0/3 ! ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 192.168.5.10 ccm-manager config ! mgcp mgcp call-agent 192.168.5.10 2427 service-type mgcp version 0.1 mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp timer receive-rtcp mgcp sdp simple mgcp fax t38 inhibit mgcp bind control source-interface GigabitEthernet0/0.210 mgcp bind media source-interface GigabitEthernet0/0.210 ! mgcp profile default ! ! dial-peer voice 999000 pots service mgcpapp port 0/0/0 ! dial-peer voice 999001 pots service mgcpapp port 0/0/1 ! dial-peer voice 999002 pots service mgcpapp port 0/0/2 ! dial-peer voice 30 voip description ## outgoing to cucm from CUBE ## destination-pattern 700 session protocol sipv2 session target ipv4:192.168.5.10 voice-class codec 10 no voice-class sip outbound-proxy dtmf-relay rtp-nte fax protocol none no vad ! dial-peer voice 35 voip description ## incoming from cucm to CUBE ## session protocol sipv2 session target sip-server incoming called-number . voice-class codec 10 no voice-class sip outbound-proxy voice-class sip options-keepalive up-interval 20 down-interval 20 retry 2 dtmf-relay rtp-nte h245-alphanumeric fax protocol none ! dial-peer voice 60 voip description ## outgoing to tipt from CUBE ## translation-profile outgoing OUTBOUND-PSTN-XLATE destination-pattern 0T session protocol sipv2 session target sip-server voice-class codec 10 dtmf-relay rtp-nte fax protocol none ! dial-peer voice 65 voip description ## incoming from tipt to CUBE ## translation-profile incoming INBOUND-PSTN-XLATE rtp payload-type nse 99 session protocol sipv2 session target sip-server incoming called-number voice-class codec 10 voice-class sip dtmf-relay force rtp-nte dtmf-relay rtp-nte fax protocol none ! dial-peer voice 31 voip description ## outgoing to cucm from CUBE ## destination-pattern 1.. session protocol sipv2 session target ipv4:192.168.5.10 voice-class codec 10 no voice-class sip outbound-proxy dtmf-relay rtp-nte fax protocol none no vad ! ! sip-ua credentials username password 7 realm 58.96.1.2 authentication username password 7 realm 58.96.1.2 no remote-party-id timers expires 60000 timers connect 100 registrar ipv4: expires 3000 sip-server ipv4: connection-reuse ! ! ! gatekeeper shutdown ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 exec-timeout 0 0 logging synchronous transport input all ! scheduler allocate 20000 1000 ntp update-calendar end HQ-2901#