143 lines
2.0 KiB
Plaintext
143 lines
2.0 KiB
Plaintext
version 15.2
|
|
service timestamps debug datetime msec
|
|
service timestamps log datetime msec
|
|
no service password-encryption
|
|
!
|
|
hostname R2
|
|
!
|
|
boot-start-marker
|
|
boot-end-marker
|
|
!
|
|
!
|
|
!
|
|
no aaa new-model
|
|
mmi polling-interval 60
|
|
no mmi auto-configure
|
|
no mmi pvc
|
|
mmi snmp-timeout 180
|
|
no ip icmp rate-limit unreachable
|
|
!
|
|
!
|
|
!
|
|
!
|
|
|
|
|
|
!
|
|
ip dhcp excluded-address 192.168.20.1 192.168.20.19
|
|
!
|
|
ip dhcp pool PCI-Compliant
|
|
network 192.168.20.0 255.255.255.0
|
|
default-router 192.168.20.254
|
|
!
|
|
!
|
|
!
|
|
no ip domain lookup
|
|
no ip cef
|
|
no ipv6 cef
|
|
!
|
|
multilink bundle-name authenticated
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
redundancy
|
|
!
|
|
!
|
|
ip tcp synwait-time 5
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
crypto isakmp policy 1
|
|
encr aes
|
|
hash sha256
|
|
authentication pre-share
|
|
group 2
|
|
crypto isakmp key NAXSLABS address 203.0.113.1
|
|
!
|
|
!
|
|
crypto ipsec transform-set NAXSLABSTS esp-aes esp-sha256-hmac
|
|
mode tunnel
|
|
!
|
|
!
|
|
!
|
|
crypto map NAXSLABSCM 10 ipsec-isakmp
|
|
set peer 203.0.113.1
|
|
set transform-set NAXSLABSTS
|
|
match address NAXSLABSVPN-ACL
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
interface Ethernet0/0
|
|
no ip address
|
|
!
|
|
interface Ethernet0/0.20
|
|
encapsulation dot1Q 20
|
|
ip address 192.168.20.254 255.255.255.0
|
|
ip nat inside
|
|
ip virtual-reassembly in
|
|
!
|
|
interface Ethernet0/1
|
|
ip address 203.0.114.1 255.255.255.252
|
|
ip nat outside
|
|
ip virtual-reassembly in
|
|
crypto map NAXSLABSCM
|
|
!
|
|
interface Ethernet0/2
|
|
no ip address
|
|
!
|
|
interface Ethernet0/3
|
|
no ip address
|
|
!
|
|
router ospf 1
|
|
network 192.168.20.0 0.0.0.255 area 0
|
|
network 203.0.114.0 0.0.0.3 area 0
|
|
default-information originate
|
|
!
|
|
ip forward-protocol nd
|
|
!
|
|
!
|
|
no ip http server
|
|
no ip http secure-server
|
|
!
|
|
ip access-list extended NAXSLABSNAT
|
|
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
|
|
permit ip 192.168.20.0 0.0.0.255 any
|
|
ip access-list extended NAXSLABSVPN-ACL
|
|
permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
|
|
!
|
|
no cdp log mismatch duplex
|
|
!
|
|
!
|
|
!
|
|
control-plane
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
!
|
|
line con 0
|
|
exec-timeout 0 0
|
|
privilege level 15
|
|
logging synchronous
|
|
line aux 0
|
|
exec-timeout 0 0
|
|
privilege level 15
|
|
logging synchronous
|
|
line vty 0 4
|
|
login
|
|
transport input all
|
|
!
|
|
!
|
|
end
|