Solved

Access-List Help

Posted on 2006-06-12
39
443 Views
Last Modified: 2008-03-04
We have the config I am going to post below.  I currently have 1 router and 4 switches hooked up to the router.  Each port is a seperate VLAN and they can not see horizontally.  They can only see the router on the respective 10.X.X.X network.  I do have a problem though.  With our access-list's I can not move a public address up to the the top of it and make them wide open for access.  How can I do so?  For example.  The client in port 47 has their own router and they want their feed wide open for themself to control.  But, I do not want them to see horizontally and do not want others to see them horizontally.....  The config is as follows.....


sh run
Building configuration...

Current configuration : 57310 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Nonofyourbusiness-West-Belt
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5
!
no aaa new-model
!
resource policy
!
clock timezone UTC -6
clock summer-time UTC recurring
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.65
ip dhcp excluded-address 10.0.0.129
ip dhcp excluded-address 10.0.0.193
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.1.65
ip dhcp excluded-address 10.0.1.129
ip dhcp excluded-address 10.0.1.193
ip dhcp excluded-address 10.0.2.1
ip dhcp excluded-address 10.0.2.65
ip dhcp excluded-address 10.0.2.129
ip dhcp excluded-address 10.0.2.193
ip dhcp excluded-address 10.0.3.1
ip dhcp excluded-address 10.0.3.65
ip dhcp excluded-address 10.0.3.129
ip dhcp excluded-address 10.0.3.193
ip dhcp excluded-address 10.0.4.1
ip dhcp excluded-address 10.0.4.65
ip dhcp excluded-address 10.0.4.129
ip dhcp excluded-address 10.0.4.193
ip dhcp excluded-address 10.0.5.1
ip dhcp excluded-address 10.0.5.65
ip dhcp excluded-address 10.0.5.129
ip dhcp excluded-address 10.0.5.193
ip dhcp excluded-address 10.0.6.1
ip dhcp excluded-address 10.0.6.65
ip dhcp excluded-address 10.0.6.193
ip dhcp excluded-address 10.0.6.129
ip dhcp excluded-address 10.0.7.1
ip dhcp excluded-address 10.0.7.65
ip dhcp excluded-address 10.0.7.129
ip dhcp excluded-address 10.0.7.193
ip dhcp excluded-address 10.0.8.1
ip dhcp excluded-address 10.0.8.65
ip dhcp excluded-address 10.0.8.129
ip dhcp excluded-address 10.0.8.193
ip dhcp excluded-address 10.0.9.1
ip dhcp excluded-address 10.0.9.65
ip dhcp excluded-address 10.0.9.129
ip dhcp excluded-address 10.0.9.193
ip dhcp excluded-address 10.0.10.1
ip dhcp excluded-address 10.0.10.65
ip dhcp excluded-address 10.0.10.129
ip dhcp excluded-address 10.0.10.193
ip dhcp excluded-address 10.0.11.1
ip dhcp excluded-address 10.0.11.65
ip dhcp excluded-address 10.0.11.129
ip dhcp excluded-address 10.0.11.193
ip dhcp excluded-address 10.0.12.1
ip dhcp excluded-address 10.0.12.65
ip dhcp excluded-address 10.0.12.129
ip dhcp excluded-address 10.0.12.161 10.0.12.190
ip dhcp excluded-address 10.0.12.193
ip dhcp excluded-address 10.0.13.1
ip dhcp excluded-address 10.0.13.65
ip dhcp excluded-address 10.0.13.129
ip dhcp excluded-address 10.0.13.193
ip dhcp excluded-address 10.0.14.1
ip dhcp excluded-address 10.0.14.65
ip dhcp excluded-address 10.0.14.129
ip dhcp excluded-address 10.0.14.193
ip dhcp excluded-address 10.0.15.1
ip dhcp excluded-address 10.0.15.65
ip dhcp excluded-address 10.0.15.129
ip dhcp excluded-address 10.0.15.193
ip dhcp excluded-address 10.0.16.1
ip dhcp excluded-address 10.0.16.65
ip dhcp excluded-address 10.0.16.129
ip dhcp excluded-address 10.0.16.193
ip dhcp excluded-address 10.0.17.1
ip dhcp excluded-address 10.0.17.65
ip dhcp excluded-address 10.0.17.129
ip dhcp excluded-address 10.0.17.193
ip dhcp excluded-address 10.0.18.1
ip dhcp excluded-address 10.0.18.65
ip dhcp excluded-address 10.0.18.129
ip dhcp excluded-address 10.0.18.193
ip dhcp excluded-address 10.0.19.1
ip dhcp excluded-address 10.0.19.65
ip dhcp excluded-address 10.0.19.129
ip dhcp excluded-address 10.0.19.193
ip dhcp excluded-address 10.0.20.1
ip dhcp excluded-address 10.0.20.65
ip dhcp excluded-address 10.0.20.129
ip dhcp excluded-address 10.0.20.193
ip dhcp excluded-address 10.0.21.1
ip dhcp excluded-address 10.0.21.65
ip dhcp excluded-address 10.0.21.129
ip dhcp excluded-address 10.0.21.193
ip dhcp excluded-address 10.0.22.1
ip dhcp excluded-address 10.0.22.65
ip dhcp excluded-address 10.0.22.129
ip dhcp excluded-address 10.0.22.193
ip dhcp excluded-address 10.0.23.1
!
ip dhcp pool 02
   import all
   network 10.0.0.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.0.65
   lease 8
!
ip dhcp pool 03
   import all
   network 10.0.0.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.0.129
   lease 8
!
ip dhcp pool 04
   import all
   network 10.0.0.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.0.193
   lease 8
!
ip dhcp pool 05
   import all
   network 10.0.1.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.1.1
   lease 8
!
ip dhcp pool 06
   import all
   network 10.0.1.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.1.65
   lease 8
!
ip dhcp pool 07
   import all
   network 10.0.1.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.1.129
   lease 8
!
ip dhcp pool 08
   import all
   network 10.0.1.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.1.193
   lease 8
!
ip dhcp pool 09
   import all
   network 10.0.2.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.2.1
   lease 8
!
ip dhcp pool 10
   import all
   network 10.0.2.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.2.65
   lease 8
!
ip dhcp pool 11
   import all
   network 10.0.2.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.2.129
   lease 8
!
ip dhcp pool 12
   import all
   network 10.0.2.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.2.193
   lease 8
!
ip dhcp pool 13
   import all
   network 10.0.3.0 255.255.255.192
   domain-name NonofyourbusinessNetowkr
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.3.1
   lease 8
!
ip dhcp pool 14
   import all
   network 10.0.3.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.3.65
   lease 8
!
ip dhcp pool 15
   import all
   network 10.0.3.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.3.129
   lease 8
!
ip dhcp pool 16
   import all
   network 10.0.3.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.3.193
   lease 8
!
ip dhcp pool 17
   import all
   network 10.0.4.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.4.1
   lease 8
!
ip dhcp pool 18
   import all
   network 10.0.4.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.4.65
   lease 8
!
ip dhcp pool 19
   import all
   network 10.0.4.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.4.129
   lease 8
!
ip dhcp pool 20
   import all
   network 10.0.4.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.4.193
   lease 8
!
ip dhcp pool 21
   import all
   network 10.0.5.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.5.1
   lease 8
!
ip dhcp pool 22
   import all
   network 10.0.5.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.5.65
   lease 8
!
ip dhcp pool 23
   import all
   network 10.0.5.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.5.129
   lease 8
!
ip dhcp pool 24
   import all
   network 10.0.5.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.5.193
   lease 8
!
ip dhcp pool 25
   import all
   network 10.0.6.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.6.1
   lease 8
!
ip dhcp pool 26
   import all
   network 10.0.6.64 255.255.255.192
   domain-name NonofyourbusinessNetowkr
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.6.65
   lease 8
!
ip dhcp pool 28
   import all
   network 10.0.6.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.6.193
   lease 8
!
ip dhcp pool 27
   import all
   network 10.0.6.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.6.129
   lease 8
!
ip dhcp pool 29
   import all
   network 10.0.7.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.7.1
   lease 8
!
ip dhcp pool 30
   import all
   network 10.0.7.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.7.65
   lease 8
!
ip dhcp pool 31
   import all
   network 10.0.7.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.7.129
   lease 8
!
ip dhcp pool 32
   import all
   network 10.0.7.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.7.193
   lease 8
!
ip dhcp pool 33
   import all
   network 10.0.8.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.8.1
   lease 8
!
ip dhcp pool 34
   import all
   network 10.0.8.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.8.65
   lease 8
!
ip dhcp pool 35
   import all
   network 10.0.8.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.8.129
   lease 8
!
ip dhcp pool 36
   import all
   network 10.0.8.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.8.193
   lease 8
!
ip dhcp pool 37
   import all
   network 10.0.9.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.9.1
   lease 8
!
ip dhcp pool 38
   import all
   network 10.0.9.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.9.65
   lease 8
!
ip dhcp pool 39
   import all
   network 10.0.9.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.9.129
   lease 8
!
ip dhcp pool 40
   import all
   network 10.0.9.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.9.193
   lease 8
!
ip dhcp pool 41
   import all
   network 10.0.10.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.10.1
   lease 8
!
ip dhcp pool 42
   import all
   network 10.0.10.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.10.65
   lease 8
!
ip dhcp pool 43
   import all
   network 10.0.10.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.10.129
   lease 8
!
ip dhcp pool 44
   import all
   network 10.0.10.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.10.193
   lease 8
!
ip dhcp pool 45
   import all
   network 10.0.11.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.11.1
   lease 8
!
ip dhcp pool 46
   import all
   network 10.0.11.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.11.65
   lease 8
!
ip dhcp pool 47
   import all
   network 10.0.11.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.11.129
   lease 8
!
ip dhcp pool 48
   import all
   network 10.0.11.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.11.193
   lease 8
!
ip dhcp pool 49
   import all
   network 10.0.12.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.12.1
   lease 8
!
ip dhcp pool 50
   import all
   network 10.0.12.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.12.65
   lease 8
!
ip dhcp pool 51
   import all
   network 10.0.12.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.12.129
   lease 8
!
ip dhcp pool 52
   import all
   network 10.0.12.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.12.193
   lease 8
!
ip dhcp pool 53
   import all
   network 10.0.13.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.13.1
   lease 8
!
ip dhcp pool 54
   import all
   network 10.0.13.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.13.65
   lease 8
!
ip dhcp pool 55
   import all
   network 10.0.13.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.13.129
   lease 8
!
ip dhcp pool 56
   import all
   network 10.0.13.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.13.193
   lease 8
!
ip dhcp pool 57
   import all
   network 10.0.14.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.14.1
   lease 8
!
ip dhcp pool 58
   import all
   network 10.0.14.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.14.65
   lease 8
!
ip dhcp pool 59
   import all
   network 10.0.14.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.14.129
   lease 8
!
ip dhcp pool 60
   import all
   network 10.0.14.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.14.193
   lease 8
!
ip dhcp pool 61
   import all
   network 10.0.15.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.15.1
   lease 8
!
ip dhcp pool 62
   import all
   network 10.0.15.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.15.65
   lease 8
!
ip dhcp pool 63
   import all
   network 10.0.15.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.15.129
   lease 8
!
ip dhcp pool 64
   import all
   network 10.0.15.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.15.193
   lease 8
!
ip dhcp pool 65
   import all
   network 10.0.16.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.16.1
   lease 8
!
ip dhcp pool 66
   import all
   network 10.0.16.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.16.65
   lease 8
!
ip dhcp pool 67
   import all
   network 10.0.16.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.16.129
   lease 8
!
ip dhcp pool 68
   import all
   network 10.0.16.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.16.193
   lease 8
!
ip dhcp pool 69
   import all
   network 10.0.17.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.17.1
   lease 8
!
ip dhcp pool 70
   import all
   network 10.0.17.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.17.65
   lease 8
!
ip dhcp pool 71
   import all
   network 10.0.17.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.17.129
   lease 8
!
ip dhcp pool 72
   import all
   network 10.0.17.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.17.193
   lease 8
!
ip dhcp pool 73
   import all
   network 10.0.18.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.18.1
   lease 8
!
ip dhcp pool 74
   import all
   network 10.0.18.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.18.65
   lease 8
!
ip dhcp pool 75
   import all
   network 10.0.18.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.18.129
   lease 8
!
ip dhcp pool 76
   import all
   network 10.0.18.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.18.193
   lease 8
!
ip dhcp pool 77
   import all
   network 10.0.19.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.19.1
   lease 8
!
ip dhcp pool 78
   import all
   network 10.0.19.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.19.65
   lease 8
!
ip dhcp pool 79
   import all
   network 10.0.19.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.19.129
   lease 8
!
ip dhcp pool 80
   import all
   network 10.0.19.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.19.193
   lease 8
!
ip dhcp pool 81
   import all
   network 10.0.20.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.20.1
   lease 8
!
ip dhcp pool 82
   import all
   network 10.0.20.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.20.65
   lease 8
!
ip dhcp pool 83
   import all
   network 10.0.20.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.20.129
   lease 8
!
ip dhcp pool 84
   import all
   network 10.0.20.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.20.193
   lease 8
!
ip dhcp pool 85
   import all
   network 10.0.21.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.21.1
   lease 8
!
ip dhcp pool 86
   import all
   network 10.0.21.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.21.65
   lease 8
!
ip dhcp pool 87
   import all
   network 10.0.21.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.21.129
   lease 8
!
ip dhcp pool 88
   import all
   network 10.0.21.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.21.193
   lease 8
!
ip dhcp pool 89
   import all
   network 10.0.22.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.22.1
   lease 8
!
ip dhcp pool 90
   import all
   network 10.0.22.64 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.22.65
   lease 8
!
ip dhcp pool 91
   import all
   network 10.0.22.128 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.22.129
   lease 8
!
ip dhcp pool 92
   import all
   network 10.0.22.192 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.22.193
   lease 8
!
ip dhcp pool 93
   import all
   network 10.0.23.0 255.255.255.192
   domain-name NonofyourbusinessNetwork
   dns-server 10.0.0.1 207.91.130.4
   default-router 10.0.23.1
   lease 8
!
!
no ip bootp server
ip domain name yourdomain.com
ip name-server 207.91.130.4
ip name-server 207.91.130.6
!
username Nonofyourbusiness privilege 15 secret 5 $1$0BQe$/sG4lZbk11EQt9E0AJznU0
!
!
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$FW_INSIDE$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 192.168.89.254 255.255.255.0 secondary
 ip address 10.0.0.1 255.255.255.192
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.2
 encapsulation dot1Q 2
 ip address 10.0.0.65 255.255.255.192
 ip access-group 2102 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.3
 encapsulation dot1Q 3
 ip address 10.0.0.129 255.255.255.192
 ip access-group 2103 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.4
 encapsulation dot1Q 4
 ip address 10.0.0.193 255.255.255.192
 ip access-group 2104 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.5
 encapsulation dot1Q 5
 ip address 10.0.1.1 255.255.255.192
 ip access-group 2105 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.6
 encapsulation dot1Q 6
 ip address 10.0.1.65 255.255.255.192
 ip access-group 2106 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.7
 encapsulation dot1Q 7
 ip address 10.0.1.129 255.255.255.192
 ip access-group 2107 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.8
 encapsulation dot1Q 8
 ip address 10.0.1.193 255.255.255.192
 ip access-group 2108 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.9
 encapsulation dot1Q 9
 ip address 10.0.2.1 255.255.255.192
 ip access-group 2109 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.0.2.65 255.255.255.192
 ip access-group 2110 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.11
 encapsulation dot1Q 11
 ip address 10.0.2.129 255.255.255.192
 ip access-group 2111 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.12
 encapsulation dot1Q 12
 ip address 10.0.2.193 255.255.255.192
 ip access-group 2112 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.13
 encapsulation dot1Q 13
 ip address 10.0.3.1 255.255.255.192
 ip access-group 2113 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.14
 encapsulation dot1Q 14
 ip address 10.0.3.65 255.255.255.192
 ip access-group 2114 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.15
 encapsulation dot1Q 15
 ip address 10.0.3.129 255.255.255.192
 ip access-group 2115 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.16
 encapsulation dot1Q 16
 ip address 10.0.3.193 255.255.255.192
 ip access-group 2116 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.17
 encapsulation dot1Q 17
 ip address 10.0.4.1 255.255.255.192
 ip access-group 2117 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.18
 encapsulation dot1Q 18
 ip address 10.0.4.65 255.255.255.192
 ip access-group 2118 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.19
 encapsulation dot1Q 19
 ip address 10.0.4.129 255.255.255.192
 ip access-group 2119 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.0.4.193 255.255.255.192
 ip access-group 2120 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.21
 encapsulation dot1Q 21
 ip address 10.0.5.1 255.255.255.192
 ip access-group 2121 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.22
 encapsulation dot1Q 22
 ip address 10.0.5.65 255.255.255.192
 ip access-group 2122 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.23
 encapsulation dot1Q 23
 ip address 10.0.5.129 255.255.255.192
 ip access-group 2123 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.24
 encapsulation dot1Q 24
 ip address 10.0.5.193 255.255.255.192
 ip access-group 2124 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.25
 encapsulation dot1Q 25
 ip address 10.0.6.1 255.255.255.192
 ip access-group 2125 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.26
 encapsulation dot1Q 26
 ip address 10.0.6.65 255.255.255.192
 ip access-group 2126 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.27
 encapsulation dot1Q 27
 ip address 10.0.6.129 255.255.255.192
 ip access-group 2127 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.28
 encapsulation dot1Q 28
 ip address 10.0.6.193 255.255.255.192
 ip access-group 2128 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.29
 encapsulation dot1Q 29
 ip address 10.0.7.1 255.255.255.192
 ip access-group 2129 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 10.0.7.65 255.255.255.192
 ip access-group 2130 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.31
 encapsulation dot1Q 31
 ip address 10.0.7.129 255.255.255.192
 ip access-group 2131 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.32
 encapsulation dot1Q 32
 ip address 10.0.7.193 255.255.255.192
 ip access-group 2132 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.33
 encapsulation dot1Q 33
 ip address 10.0.8.1 255.255.255.192
 ip access-group 2133 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.34
 encapsulation dot1Q 34
 ip address 10.0.8.65 255.255.255.192
 ip access-group 2134 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.35
 encapsulation dot1Q 35
 ip address 10.0.8.129 255.255.255.192
 ip access-group 2135 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.36
 encapsulation dot1Q 36
 ip address 10.0.8.193 255.255.255.192
 ip access-group 2136 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.37
 encapsulation dot1Q 37
 ip address 10.0.9.1 255.255.255.192
 ip access-group 2137 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.38
 encapsulation dot1Q 38
 ip address 10.0.9.65 255.255.255.192
 ip access-group 2138 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.39
 encapsulation dot1Q 39
 ip address 10.0.9.129 255.255.255.192
 ip access-group 2139 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.40
 encapsulation dot1Q 40
 ip address 10.0.9.193 255.255.255.192
 ip access-group 2140 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.41
 encapsulation dot1Q 41
 ip address 10.0.10.1 255.255.255.192
 ip access-group 2141 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.42
 encapsulation dot1Q 42
 ip address 10.0.10.65 255.255.255.192
 ip access-group 2142 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.43
 encapsulation dot1Q 43
 ip address 10.0.10.129 255.255.255.192
 ip access-group 2143 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.44
 encapsulation dot1Q 44
 ip address 10.0.10.193 255.255.255.192
 ip access-group 2144 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.45
 encapsulation dot1Q 45
 ip address 10.0.11.1 255.255.255.192
 ip access-group 2145 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.46
 encapsulation dot1Q 46
 ip address 10.0.11.65 255.255.255.192
 ip access-group 2146 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.47
 encapsulation dot1Q 47
 ip address 10.0.11.129 255.255.255.192
 ip access-group 2147 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.48
 encapsulation dot1Q 48
 ip address 10.0.11.193 255.255.255.192
 ip access-group 2148 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.49
 encapsulation dot1Q 49
 ip address 10.0.12.1 255.255.255.192
 ip access-group 2149 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.50
 encapsulation dot1Q 50
 ip address 10.0.12.65 255.255.255.192
 ip access-group 2150 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.51
 encapsulation dot1Q 51
 ip address 10.0.12.129 255.255.255.192
 ip access-group 2151 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.52
 encapsulation dot1Q 52
 ip address 10.0.12.193 255.255.255.192
 ip access-group 2152 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.53
 encapsulation dot1Q 53
 ip address 10.0.13.1 255.255.255.192
 ip access-group 2153 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.54
 encapsulation dot1Q 54
 ip address 10.0.13.65 255.255.255.192
 ip access-group 2154 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.55
 encapsulation dot1Q 55
 ip address 10.0.13.129 255.255.255.192
 ip access-group 2155 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.56
 encapsulation dot1Q 56
 ip address 10.0.13.193 255.255.255.192
 ip access-group 2156 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.57
 encapsulation dot1Q 57
 ip address 10.0.14.1 255.255.255.192
 ip access-group 2157 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.58
 encapsulation dot1Q 58
 ip address 10.0.14.65 255.255.255.192
 ip access-group 2158 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.59
 encapsulation dot1Q 59
 ip address 10.0.14.129 255.255.255.192
 ip access-group 2159 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.60
 encapsulation dot1Q 60
 ip address 10.0.14.193 255.255.255.192
 ip access-group 2160 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.61
 encapsulation dot1Q 61
 ip address 10.0.15.1 255.255.255.192
 ip access-group 2161 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.62
 encapsulation dot1Q 62
 ip address 10.0.15.65 255.255.255.192
 ip access-group 2162 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.63
 encapsulation dot1Q 63
 ip address 10.0.15.129 255.255.255.192
 ip access-group 2163 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.64
 encapsulation dot1Q 64
 ip address 10.0.15.193 255.255.255.192
 ip access-group 2164 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.65
 encapsulation dot1Q 65
 ip address 10.0.16.1 255.255.255.192
 ip access-group 2165 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.66
 encapsulation dot1Q 66
 ip address 10.0.16.65 255.255.255.192
 ip access-group 2166 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.67
 encapsulation dot1Q 67
 ip address 10.0.16.129 255.255.255.192
 ip access-group 2167 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.68
 encapsulation dot1Q 68
 ip address 10.0.16.193 255.255.255.192
 ip access-group 2168 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.69
 encapsulation dot1Q 69
 ip address 10.0.17.1 255.255.255.192
 ip access-group 2169 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.70
 encapsulation dot1Q 70
 ip address 10.0.17.65 255.255.255.192
 ip access-group 2170 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.71
 encapsulation dot1Q 71
 ip address 10.0.17.129 255.255.255.192
 ip access-group 2171 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.72
 encapsulation dot1Q 72
 ip address 10.0.17.193 255.255.255.192
 ip access-group 2172 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.73
 encapsulation dot1Q 73
 ip address 10.0.18.1 255.255.255.192
 ip access-group 2173 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.74
 encapsulation dot1Q 74
 ip address 10.0.18.65 255.255.255.192
 ip access-group 2174 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.75
 encapsulation dot1Q 75
 ip address 10.0.18.129 255.255.255.192
 ip access-group 2175 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.76
 encapsulation dot1Q 76
 ip address 10.0.18.193 255.255.255.192
 ip access-group 2176 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.77
 encapsulation dot1Q 77
 ip address 10.0.19.1 255.255.255.192
 ip access-group 2177 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.78
 encapsulation dot1Q 78
 ip address 10.0.19.65 255.255.255.192
 ip access-group 2178 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.79
 encapsulation dot1Q 79
 ip address 10.0.19.129 255.255.255.192
 ip access-group 2179 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.80
 encapsulation dot1Q 80
 ip address 10.0.19.193 255.255.255.192
 ip access-group 2180 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.81
 encapsulation dot1Q 81
 ip address 10.0.20.1 255.255.255.192
 ip access-group 2181 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.82
 encapsulation dot1Q 82
 ip address 10.0.20.65 255.255.255.192
 ip access-group 2182 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.83
 encapsulation dot1Q 83
 ip address 10.0.20.129 255.255.255.192
 ip access-group 2183 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.84
 encapsulation dot1Q 84
 ip address 10.0.20.193 255.255.255.192
 ip access-group 2184 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.85
 encapsulation dot1Q 85
 ip address 10.0.21.1 255.255.255.192
 ip access-group 2185 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.86
 encapsulation dot1Q 86
 ip address 10.0.21.65 255.255.255.192
 ip access-group 2186 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.87
 encapsulation dot1Q 87
 ip address 10.0.21.129 255.255.255.192
 ip access-group 2187 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.88
 encapsulation dot1Q 88
 ip address 10.0.21.193 255.255.255.192
 ip access-group 2188 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.89
 encapsulation dot1Q 89
 ip address 10.0.22.1 255.255.255.192
 ip access-group 2189 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.90
 encapsulation dot1Q 90
 ip address 10.0.22.65 255.255.255.192
 ip access-group 2190 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.91
 encapsulation dot1Q 91
 ip address 10.0.22.129 255.255.255.192
 ip access-group 2191 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.92
 encapsulation dot1Q 92
 ip address 10.0.22.193 255.255.255.192
 ip access-group 2192 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/0.93
 encapsulation dot1Q 93
 ip address 10.0.23.1 255.255.255.192
 ip access-group 2193 in
 ip nat inside
 no snmp trap link-status
 no cdp enable
!
interface GigabitEthernet0/1
 description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
 ip address XXX.XX.XXX.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source list 2 interface GigabitEthernet0/1 overload
ip nat inside source static 10.0.3.130 XXX.XX.XXX.7
ip nat inside source static 10.0.6.2 XXX.XX.XXX.9
ip nat inside source static 10.0.3.66 XXX.XX.XXX.10
ip nat inside source static 10.0.3.67 XXX.XX.XXX.11
ip nat inside source static 10.0.0.66 XXX.XX.XXX.12
ip nat inside source static 10.0.0.68 XXX.XX.XXX.13
ip nat inside source static 10.0.0.69 XXX.XX.XXX.14
ip nat inside source static 10.0.3.194 XXX.XX.XXX.15
ip nat inside source static 10.0.5.131 XXX.XX.XXX.16
ip nat inside source static 10.0.3.250 XXX.XX.XXX.17
ip nat inside source static 10.0.7.130 XXX.XX.XXX.20
ip nat inside source static 10.0.2.2 XXX.XX.XXX.22
ip nat inside source static 10.0.2.130 XXX.XX.XXX.26
ip nat inside source static 10.0.19.66 XXX.XX.XXX.30
ip nat inside source static 10.0.17.187 XXX.XX.XXX.37
ip nat inside source static 10.0.11.130 XXX.XX.XXX.50
ip nat inside source static 10.0.6.130 XXX.XX.XXX.90
ip nat inside source static 10.0.6.131 XXX.XX.XXX.91
ip nat inside source static 10.0.6.132 XXX.XX.XXX.92
ip nat inside source static 10.0.6.133 XXX.XX.XXX.93
ip nat inside source static 10.0.6.134 XXX.XX.XXX.94
ip nat inside source static 10.0.6.135 XXX.XX.XXX.95
ip nat inside source static 10.0.6.136 XXX.XX.XXX.96
ip nat inside source static 10.0.6.137 XXX.XX.XXX.97
ip nat inside source static 10.0.6.138 XXX.XX.XXX.98
ip nat inside source static 192.168.89.250 XXX.XX.XXX.250
ip nat inside source static 192.168.89.251 XXX.XX.XXX.251
ip nat inside source static 192.168.89.252 XXX.XX.XXX.252
ip nat inside source static 192.168.89.253 XXX.XX.XXX.253
!
logging trap debugging
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 101 permit ip any host XXX.XX.XXX.50
access-list 2102 permit ip any host XXX.XX.XXX.12
access-list 2102 permit ip any 10.0.0.0 0.0.0.63
access-list 2102 permit ip any 10.0.0.64 0.0.0.63
access-list 2102 deny   ip any 10.0.0.0 0.0.255.255
access-list 2102 permit ip any any
access-list 2103 permit ip any 10.0.0.0 0.0.0.63
access-list 2103 permit ip any 10.0.0.128 0.0.0.63
access-list 2103 deny   ip any 10.0.0.0 0.0.255.255
access-list 2103 permit ip any any
access-list 2104 permit ip any 10.0.0.0 0.0.0.63
access-list 2104 permit ip any 10.0.0.192 0.0.0.63
access-list 2104 deny   ip any 10.0.0.0 0.0.255.255
access-list 2104 permit ip any any
access-list 2105 permit ip any 10.0.0.0 0.0.0.63
access-list 2105 permit ip any 10.0.1.0 0.0.0.63
access-list 2105 deny   ip any 10.0.0.0 0.0.255.255
access-list 2105 permit ip any any
access-list 2106 permit ip any 10.0.0.0 0.0.0.63
access-list 2106 permit ip any 10.0.1.64 0.0.0.63
access-list 2106 deny   ip any 10.0.0.0 0.0.255.255
access-list 2106 permit ip any any
access-list 2107 permit ip any 10.0.0.0 0.0.0.63
access-list 2107 permit ip any 10.0.1.128 0.0.0.63
access-list 2107 deny   ip any 10.0.0.0 0.0.255.255
access-list 2107 permit ip any any
access-list 2108 permit ip any 10.0.0.0 0.0.0.63
access-list 2108 permit ip any 10.0.1.192 0.0.0.63
access-list 2108 deny   ip any 10.0.0.0 0.0.255.255
access-list 2108 permit ip any any
access-list 2109 permit ip any 10.0.0.0 0.0.0.63
access-list 2109 permit ip any 10.0.2.0 0.0.0.63
access-list 2109 deny   ip any 10.0.0.0 0.0.255.255
access-list 2109 permit ip any any
access-list 2110 permit ip any 10.0.0.0 0.0.0.63
access-list 2110 permit ip any 10.0.2.64 0.0.0.63
access-list 2110 deny   ip any 10.0.0.0 0.0.255.255
access-list 2110 permit ip any any
access-list 2111 permit ip any 10.0.0.0 0.0.0.63
access-list 2111 permit ip any 10.0.2.128 0.0.0.63
access-list 2111 deny   ip any 10.0.0.0 0.0.255.255
access-list 2111 permit ip any any
access-list 2112 permit ip any 10.0.0.0 0.0.0.63
access-list 2112 permit ip any 10.0.2.192 0.0.0.63
access-list 2112 deny   ip any 10.0.0.0 0.0.255.255
access-list 2112 permit ip any any
access-list 2113 permit ip any 10.0.0.0 0.0.0.63
access-list 2113 permit ip any 10.0.3.0 0.0.0.63
access-list 2113 deny   ip any 10.0.0.0 0.0.255.255
access-list 2113 permit ip any any
access-list 2114 permit ip any 10.0.0.0 0.0.0.63
access-list 2114 permit ip any 10.0.3.64 0.0.0.63
access-list 2114 deny   ip any 10.0.0.0 0.0.255.255
access-list 2114 permit ip any any
access-list 2115 permit ip any 10.0.0.0 0.0.0.63
access-list 2115 permit ip any 10.0.3.128 0.0.0.63
access-list 2115 deny   ip any 10.0.0.0 0.0.255.255
access-list 2115 permit ip any any
access-list 2116 permit ip any 10.0.0.0 0.0.0.63
access-list 2116 permit ip any 10.0.3.192 0.0.0.63
access-list 2116 deny   ip any 10.0.0.0 0.0.255.255
access-list 2116 permit ip any any
access-list 2117 permit ip any 10.0.0.0 0.0.0.63
access-list 2117 permit ip any 10.0.4.0 0.0.0.63
access-list 2117 deny   ip any 10.0.0.0 0.0.255.255
access-list 2117 permit ip any any
access-list 2118 permit ip any 10.0.0.0 0.0.0.63
access-list 2118 permit ip any 10.0.4.64 0.0.0.63
access-list 2118 deny   ip any 10.0.0.0 0.0.255.255
access-list 2118 permit ip any any
access-list 2119 permit ip any 10.0.0.0 0.0.0.63
access-list 2119 permit ip any 10.0.4.128 0.0.0.63
access-list 2119 deny   ip any 10.0.0.0 0.0.255.255
access-list 2119 permit ip any any
access-list 2120 permit ip any 10.0.0.0 0.0.0.63
access-list 2120 permit ip any 10.0.4.192 0.0.0.63
access-list 2120 deny   ip any 10.0.0.0 0.0.255.255
access-list 2120 permit ip any any
access-list 2121 permit ip any 10.0.0.0 0.0.0.63
access-list 2121 permit ip any 10.0.5.0 0.0.0.63
access-list 2121 deny   ip any 10.0.0.0 0.0.255.255
access-list 2121 permit ip any any
access-list 2122 permit ip any 10.0.0.0 0.0.0.63
access-list 2122 permit ip any 10.0.5.64 0.0.0.63
access-list 2122 deny   ip any 10.0.0.0 0.0.255.255
access-list 2122 permit ip any any
access-list 2123 permit ip any 10.0.0.0 0.0.0.63
access-list 2123 permit ip any 10.0.5.128 0.0.0.63
access-list 2123 permit tcp any range 2996 2999 any
access-list 2123 permit udp any range 2996 2999 any
access-list 2123 deny   ip any 10.0.0.0 0.0.255.255
access-list 2123 permit ip any any
access-list 2124 permit ip any 10.0.0.0 0.0.0.63
access-list 2124 permit ip any 10.0.5.192 0.0.0.63
access-list 2124 deny   ip any 10.0.0.0 0.0.255.255
access-list 2124 permit ip any any
access-list 2125 permit ip any 10.0.0.0 0.0.0.63
access-list 2125 permit ip any 10.0.6.0 0.0.0.63
access-list 2125 deny   ip any 10.0.0.0 0.0.255.255
access-list 2125 permit ip any any
access-list 2126 permit ip any 10.0.0.0 0.0.0.63
access-list 2126 permit ip any 10.0.6.64 0.0.0.63
access-list 2126 deny   ip any 10.0.0.0 0.0.255.255
access-list 2126 permit ip any any
access-list 2127 permit ip any 10.0.0.0 0.0.0.63
access-list 2127 permit ip any 10.0.6.128 0.0.0.63
access-list 2127 deny   ip any 10.0.0.0 0.0.255.255
access-list 2127 permit ip any any
access-list 2128 permit ip any 10.0.0.0 0.0.0.63
access-list 2128 permit ip any 10.0.6.192 0.0.0.63
access-list 2128 deny   ip any 10.0.0.0 0.0.255.255
access-list 2128 permit ip any any
access-list 2129 permit ip any 10.0.0.0 0.0.0.63
access-list 2129 permit ip any 10.0.7.0 0.0.0.63
access-list 2129 deny   ip any 10.0.0.0 0.0.255.255
access-list 2129 permit ip any any
access-list 2130 permit ip any 10.0.0.0 0.0.0.63
access-list 2130 permit ip any 10.0.7.64 0.0.0.63
access-list 2130 deny   ip any 10.0.0.0 0.0.255.255
access-list 2130 permit ip any any
access-list 2131 permit ip any 10.0.0.0 0.0.0.63
access-list 2131 permit ip any 10.0.7.128 0.0.0.63
access-list 2131 deny   ip any 10.0.0.0 0.0.255.255
access-list 2131 permit ip any any
access-list 2132 permit ip any 10.0.0.0 0.0.0.63
access-list 2132 permit ip any 10.0.7.192 0.0.0.63
access-list 2132 deny   ip any 10.0.0.0 0.0.255.255
access-list 2132 permit ip any any
access-list 2133 permit ip any 10.0.0.0 0.0.0.63
access-list 2133 permit ip any 10.0.8.0 0.0.0.63
access-list 2133 deny   ip any 10.0.0.0 0.0.255.255
access-list 2133 permit ip any any
access-list 2134 permit ip any 10.0.0.0 0.0.0.63
access-list 2134 permit ip any 10.0.8.64 0.0.0.63
access-list 2134 deny   ip any 10.0.0.0 0.0.255.255
access-list 2134 permit ip any any
access-list 2135 permit ip any 10.0.0.0 0.0.0.63
access-list 2135 permit ip any 10.0.8.128 0.0.0.63
access-list 2135 deny   ip any 10.0.0.0 0.0.255.255
access-list 2135 permit ip any any
access-list 2136 permit ip any 10.0.0.0 0.0.0.63
access-list 2136 permit ip any 10.0.8.192 0.0.0.63
access-list 2136 deny   ip any 10.0.0.0 0.0.255.255
access-list 2136 permit ip any any
access-list 2137 permit ip any 10.0.0.0 0.0.0.63
access-list 2137 permit ip any 10.0.9.0 0.0.0.63
access-list 2137 deny   ip any 10.0.0.0 0.0.255.255
access-list 2137 permit ip any any
access-list 2138 permit ip any 10.0.0.0 0.0.0.63
access-list 2138 permit ip any 10.0.9.64 0.0.0.63
access-list 2138 deny   ip any 10.0.0.0 0.0.255.255
access-list 2138 permit ip any any
access-list 2139 permit ip any 10.0.0.0 0.0.0.63
access-list 2139 permit ip any 10.0.9.128 0.0.0.63
access-list 2139 deny   ip any 10.0.0.0 0.0.255.255
access-list 2139 permit ip any any
access-list 2140 permit ip any 10.0.0.0 0.0.0.63
access-list 2140 permit ip any 10.0.9.192 0.0.0.63
access-list 2140 deny   ip any 10.0.0.0 0.0.255.255
access-list 2140 permit ip any any
access-list 2141 permit ip any 10.0.0.0 0.0.0.63
access-list 2141 permit ip any 10.0.10.0 0.0.0.63
access-list 2141 deny   ip any 10.0.0.0 0.0.255.255
access-list 2141 permit ip any any
access-list 2142 permit ip any 10.0.0.0 0.0.0.63
access-list 2142 permit ip any 10.0.10.64 0.0.0.63
access-list 2142 deny   ip any 10.0.0.0 0.0.255.255
access-list 2142 permit ip any any
access-list 2143 permit ip any 10.0.0.0 0.0.0.63
access-list 2143 permit ip any 10.0.10.128 0.0.0.63
access-list 2143 deny   ip any 10.0.0.0 0.0.255.255
access-list 2143 permit ip any any
access-list 2144 permit ip any 10.0.0.0 0.0.0.63
access-list 2144 permit ip any 10.0.10.192 0.0.0.63
access-list 2144 deny   ip any 10.0.0.0 0.0.255.255
access-list 2144 permit ip any any
access-list 2145 permit ip any 10.0.0.0 0.0.0.63
access-list 2145 permit ip any 10.0.11.0 0.0.0.63
access-list 2145 deny   ip any 10.0.0.0 0.0.255.255
access-list 2145 permit ip any any
access-list 2146 permit ip any 10.0.0.0 0.0.0.63
access-list 2146 permit ip any 10.0.11.64 0.0.0.63
access-list 2146 deny   ip any 10.0.0.0 0.0.255.255
access-list 2146 permit ip any any
access-list 2147 permit ip any 10.0.0.0 0.0.0.63
access-list 2147 permit ip any 10.0.11.128 0.0.0.63
access-list 2147 deny   ip any 10.0.0.0 0.0.255.255
access-list 2147 permit ip any any
access-list 2148 permit ip any 10.0.0.0 0.0.0.63
access-list 2148 permit ip any 10.0.11.192 0.0.0.63
access-list 2148 deny   ip any 10.0.0.0 0.0.255.255
access-list 2148 permit ip any any
access-list 2149 permit ip any 10.0.0.0 0.0.0.63
access-list 2149 permit ip any 10.0.12.0 0.0.0.63
access-list 2149 deny   ip any 10.0.0.0 0.0.255.255
access-list 2149 permit ip any any
access-list 2150 permit ip any 10.0.0.0 0.0.0.63
access-list 2150 permit ip any 10.0.12.64 0.0.0.63
access-list 2150 deny   ip any 10.0.0.0 0.0.255.255
access-list 2150 permit ip any any
access-list 2151 permit ip any 10.0.0.0 0.0.0.63
access-list 2151 permit ip any 10.0.12.128 0.0.0.63
access-list 2151 deny   ip any 10.0.0.0 0.0.255.255
access-list 2151 permit ip any any
access-list 2152 permit ip any 10.0.0.0 0.0.0.63
access-list 2152 permit ip any 10.0.12.192 0.0.0.63
access-list 2152 deny   ip any 10.0.0.0 0.0.255.255
access-list 2152 permit ip any any
access-list 2153 permit ip any 10.0.0.0 0.0.0.63
access-list 2153 permit ip any 10.0.13.0 0.0.0.63
access-list 2153 deny   ip any 10.0.0.0 0.0.255.255
access-list 2153 permit ip any any
access-list 2154 permit ip any 10.0.0.0 0.0.0.63
access-list 2154 permit ip any 10.0.13.64 0.0.0.63
access-list 2154 deny   ip any 10.0.0.0 0.0.255.255
access-list 2154 permit ip any any
access-list 2155 permit ip any 10.0.0.0 0.0.0.63
access-list 2155 permit ip any 10.0.13.128 0.0.0.63
access-list 2155 deny   ip any 10.0.0.0 0.0.255.255
access-list 2155 permit ip any any
access-list 2156 permit ip any 10.0.0.0 0.0.0.63
access-list 2156 permit ip any 10.0.13.192 0.0.0.63
access-list 2156 deny   ip any 10.0.0.0 0.0.255.255
access-list 2156 permit ip any any
access-list 2157 permit ip any 10.0.0.0 0.0.0.63
access-list 2157 permit ip any 10.0.14.0 0.0.0.63
access-list 2157 deny   ip any 10.0.0.0 0.0.255.255
access-list 2157 permit ip any any
access-list 2158 permit ip any 10.0.0.0 0.0.0.63
access-list 2158 permit ip any 10.0.14.64 0.0.0.63
access-list 2158 deny   ip any 10.0.0.0 0.0.255.255
access-list 2158 permit ip any any
access-list 2159 permit ip any 10.0.0.0 0.0.0.63
access-list 2159 permit ip any 10.0.14.128 0.0.0.63
access-list 2159 deny   ip any 10.0.0.0 0.0.255.255
access-list 2159 permit ip any any
access-list 2160 permit ip any 10.0.0.0 0.0.0.63
access-list 2160 permit ip any 10.0.14.192 0.0.0.63
access-list 2160 deny   ip any 10.0.0.0 0.0.255.255
access-list 2160 permit ip any any
access-list 2161 permit ip any 10.0.0.0 0.0.0.63
access-list 2161 permit ip any 10.0.15.0 0.0.0.63
access-list 2161 deny   ip any 10.0.0.0 0.0.255.255
access-list 2161 permit ip any any
access-list 2162 permit ip any 10.0.0.0 0.0.0.63
access-list 2162 permit ip any 10.0.15.64 0.0.0.63
access-list 2162 deny   ip any 10.0.0.0 0.0.255.255
access-list 2162 permit ip any any
access-list 2163 permit ip any 10.0.0.0 0.0.0.63
access-list 2163 permit ip any 10.0.15.128 0.0.0.63
access-list 2163 deny   ip any 10.0.0.0 0.0.255.255
access-list 2163 permit ip any any
access-list 2164 permit ip any 10.0.0.0 0.0.0.63
access-list 2164 permit ip any 10.0.15.192 0.0.0.63
access-list 2164 deny   ip any 10.0.0.0 0.0.255.255
access-list 2164 permit ip any any
access-list 2165 permit ip any 10.0.0.0 0.0.0.63
access-list 2165 permit ip any 10.0.16.0 0.0.0.63
access-list 2165 deny   ip any 10.0.0.0 0.0.255.255
access-list 2165 permit ip any any
access-list 2166 permit ip any 10.0.0.0 0.0.0.63
access-list 2166 permit ip any 10.0.16.64 0.0.0.63
access-list 2166 deny   ip any 10.0.0.0 0.0.255.255
access-list 2166 permit ip any any
access-list 2167 permit ip any 10.0.0.0 0.0.0.63
access-list 2167 permit ip any 10.0.16.128 0.0.0.63
access-list 2167 deny   ip any 10.0.0.0 0.0.255.255
access-list 2167 permit ip any any
access-list 2168 permit ip any 10.0.0.0 0.0.0.63
access-list 2168 permit ip any 10.0.16.192 0.0.0.63
access-list 2168 deny   ip any 10.0.0.0 0.0.255.255
access-list 2168 permit ip any any
access-list 2169 permit ip any 10.0.0.0 0.0.0.63
access-list 2169 permit ip any 10.0.17.0 0.0.0.63
access-list 2169 deny   ip any 10.0.0.0 0.0.255.255
access-list 2169 permit ip any any
access-list 2170 permit ip any 10.0.0.0 0.0.0.63
access-list 2170 permit ip any 10.0.17.64 0.0.0.63
access-list 2170 deny   ip any 10.0.0.0 0.0.255.255
access-list 2170 permit ip any any
access-list 2171 permit ip any host XXX.XX.XXX.37
access-list 2171 permit ip any 10.0.0.0 0.0.0.63
access-list 2171 permit ip any 10.0.17.128 0.0.0.63
access-list 2171 deny   ip any 10.0.0.0 0.0.255.255
access-list 2171 permit ip any any
access-list 2172 permit ip any 10.0.0.0 0.0.0.63
access-list 2172 permit ip any 10.0.17.192 0.0.0.63
access-list 2172 deny   ip any 10.0.0.0 0.0.255.255
access-list 2172 permit ip any any
access-list 2173 permit ip any 10.0.0.0 0.0.0.63
access-list 2173 permit ip any 10.0.18.0 0.0.0.63
access-list 2173 deny   ip any 10.0.0.0 0.0.255.255
access-list 2173 permit ip any any
access-list 2174 permit ip any 10.0.0.0 0.0.0.63
access-list 2174 permit ip any 10.0.18.64 0.0.0.63
access-list 2174 deny   ip any 10.0.0.0 0.0.255.255
access-list 2174 permit ip any any
access-list 2175 permit ip any 10.0.0.0 0.0.0.63
access-list 2175 permit ip any 10.0.18.128 0.0.0.63
access-list 2175 deny   ip any 10.0.0.0 0.0.255.255
access-list 2175 permit ip any any
access-list 2176 permit ip any 10.0.0.0 0.0.0.63
access-list 2176 permit ip any 10.0.18.192 0.0.0.63
access-list 2176 deny   ip any 10.0.0.0 0.0.255.255
access-list 2176 permit ip any any
access-list 2177 permit ip any 10.0.0.0 0.0.0.63
access-list 2177 permit ip any 10.0.19.0 0.0.0.63
access-list 2177 deny   ip any 10.0.0.0 0.0.255.255
access-list 2177 permit ip any any
access-list 2178 permit ip any 10.0.0.0 0.0.0.63
access-list 2178 permit ip any 10.0.19.64 0.0.0.63
access-list 2178 deny   ip any 10.0.0.0 0.0.255.255
access-list 2178 permit ip any any
access-list 2179 permit ip any 10.0.0.0 0.0.0.63
access-list 2179 permit ip any 10.0.19.128 0.0.0.63
access-list 2179 deny   ip any 10.0.0.0 0.0.255.255
access-list 2179 permit ip any any
access-list 2180 permit ip any 10.0.0.0 0.0.0.63
access-list 2180 permit ip any 10.0.19.192 0.0.0.63
access-list 2180 deny   ip any 10.0.0.0 0.0.255.255
access-list 2180 permit ip any any
access-list 2181 permit ip any 10.0.0.0 0.0.0.63
access-list 2181 permit ip any 10.0.20.0 0.0.0.63
access-list 2181 deny   ip any 10.0.0.0 0.0.255.255
access-list 2181 permit ip any any
access-list 2182 permit ip any 10.0.0.0 0.0.0.63
access-list 2182 permit ip any 10.0.20.64 0.0.0.63
access-list 2182 deny   ip any 10.0.0.0 0.0.255.255
access-list 2182 permit ip any any
access-list 2183 permit ip any 10.0.0.0 0.0.0.63
access-list 2183 permit ip any 10.0.20.128 0.0.0.63
access-list 2183 deny   ip any 10.0.0.0 0.0.255.255
access-list 2183 permit ip any any
access-list 2184 permit ip any 10.0.0.0 0.0.0.63
access-list 2184 permit ip any 10.0.20.192 0.0.0.63
access-list 2184 deny   ip any 10.0.0.0 0.0.255.255
access-list 2184 permit ip any any
access-list 2185 permit ip any 10.0.0.0 0.0.0.63
access-list 2185 permit ip any 10.0.21.0 0.0.0.63
access-list 2185 deny   ip any 10.0.0.0 0.0.255.255
access-list 2185 permit ip any any
access-list 2186 permit ip any 10.0.0.0 0.0.0.63
access-list 2186 permit ip any 10.0.21.64 0.0.0.63
access-list 2186 deny   ip any 10.0.0.0 0.0.255.255
access-list 2186 permit ip any any
access-list 2187 permit ip any 10.0.0.0 0.0.0.63
access-list 2187 permit ip any 10.0.21.128 0.0.0.63
access-list 2187 deny   ip any 10.0.0.0 0.0.255.255
access-list 2187 permit ip any any
access-list 2188 permit ip any 10.0.0.0 0.0.0.63
access-list 2188 permit ip any 10.0.21.192 0.0.0.63
access-list 2188 deny   ip any 10.0.0.0 0.0.255.255
access-list 2188 permit ip any any
access-list 2189 permit ip any 10.0.0.0 0.0.0.63
access-list 2189 permit ip any 10.0.22.0 0.0.0.63
access-list 2189 deny   ip any 10.0.0.0 0.0.255.255
access-list 2189 permit ip any any
access-list 2190 permit ip any 10.0.0.0 0.0.0.63
access-list 2190 permit ip any 10.0.22.64 0.0.0.63
access-list 2190 deny   ip any 10.0.0.0 0.0.255.255
access-list 2190 permit ip any any
access-list 2191 permit ip any 10.0.0.0 0.0.0.63
access-list 2191 permit ip any 10.0.22.128 0.0.0.63
access-list 2191 deny   ip any 10.0.0.0 0.0.255.255
access-list 2191 permit ip any any
access-list 2192 permit ip any 10.0.0.0 0.0.0.63
access-list 2192 permit ip any 10.0.22.192 0.0.0.63
access-list 2192 deny   ip any 10.0.0.0 0.0.255.255
access-list 2192 permit ip any any
access-list 2193 permit ip any 10.0.0.0 0.0.0.63
access-list 2193 permit ip any 10.0.23.0 0.0.0.63
access-list 2193 deny   ip any 10.0.0.0 0.0.255.255
access-list 2193 permit ip any any
snmp-server community public RO
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

Nonofyourbusiness-West-Belt#
0
Comment
Question by:lttech
  • 21
  • 14
  • +1
39 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16889224
Are you saying you want to add a line to the beginning of the ACL?

If so, you have to remove the access-list and recreate it in the order you want.

So:
no access-list 2147
access-list 2147 permit ip host 10.0.11.130 any (or whatever you want)
access-list 2147 permit ip any 10.0.0.0 0.0.0.63
access-list 2147 permit ip any 10.0.11.128 0.0.0.63
access-list 2147 deny   ip any 10.0.0.0 0.0.255.255
access-list 2147 permit ip any any
 
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16889486
>The client in port 47 has their own router and they want their feed wide open for themself to control.  But, I do not want them to see horizontally and do not want others to see them horizontally.....  

You already have that in acl 2147
  access-list 2147 permit ip any 10.0.0.0 0.0.0.63 <== traffic to the next hop router
  access-list 2147 permit ip any 10.0.11.128 0.0.0.63 <== traffic to itself?? not necessary
  access-list 2147 deny   ip any 10.0.0.0 0.0.255.255 <== OK make sure it can't see any other 10.
  access-list 2147 permit ip any any   <=== ??? wide open

What else do you need? Perhaps what they really want is a static NAT address?

ip nat inside source static 10.0.11.130  XXX.XX.XXX.99
Then they can add a firewall to their port, assign the firewall 10.0.11.130 and all traffic for that public IP will flow to them un-filtered..

??
0
 

Author Comment

by:lttech
ID: 16889596
lrmoore:

We have the ip nat inside source static statement, but it does not open it for them....In this instance they have a VPN that cannot connect.  We have verified their settings and they are correct, it is something with our router config.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16889851
>ip nat inside source static 10.0.11.130 XXX.XX.XXX.50
OK, I didn't see this the first time.

You don't have any access-lists applied to GigabitEthernet0/1 inbound, so there is nothing else that would be blocking them.

Just for a quick test, remove the acl from their GigabitEthernet0/0.47 interface and see if it works then. If it does then we can work on refining the acl.
0
 

Author Comment

by:lttech
ID: 16893497
Are you saying to remove the ip access group 2147 in or just delete the access-list 2147 entries?
0
 

Author Comment

by:lttech
ID: 16893606
I removed the ip access group 2147 in statement and it did not change anything.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16893807
That basically proves that it is not your router. Perhaps their VPN device will not work through NAT?
0
 

Author Comment

by:lttech
ID: 16893868
Well before we had this configuration we had a similiar set up but the interface had the access-list and it was 101.  On that access list we defined everything and it applied to everyone.  If we opened port 3389 on the router that applied for anyone on any interface.  We could move someone's public to the top of that ACL and make them wide open, but it does not work like that in this case.  We need to be able to do the same thing, but keep the security in place so no one can see horizontally.

I tried moving their public IP address to the top of that ACL and it does not work either.  I have also set up a test router here in our office on another port and tried multiple tests to see what ports I can get through, etc.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16893971
Have you considered adding a dhcp exclude statement for 10.0.11.130 ?
0
 

Author Comment

by:lttech
ID: 16893990
I could certainly try it, but how would that effect the ACL?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16894087
It won't affect the acl, we're grasping at straws here and it only makes sense that anything you have with a static NAT statement should also be excluded from DHCP and statically assigned on the host. Are you 100% positive they are using the IP 10.0.11.130?
I don't understand why it won't work, especially if you remove the acl completely from their interface. The acl is only applied to their interface inbound meaning it only affects their outbound traffic and nothing else. Removing the access-group from the interface makes them wide open outbound and the static NAT with no inbound acl makes it wide open inbound.

>....In this instance they have a VPN that cannot connect.  We have verified their settings and they are correct, it is something with our router config.
What kind of router do they have? How did you verifiy that their settings are correct? What about the other end of the VPN tunnel? What type of VPN is it? Perhaps it is a problem out there at the remote site? Perhaps the remote site is not setup to handle Nat-traversal of the VPN tunnel. There are lots of things to consider.

Do you have another public IP block that you can assign to their interface as secondary IP and give them a real public IP address?


0
 

Author Comment

by:lttech
ID: 16894144
Even back away from the VPN issue....Let us use this port 47 as a new issue with Remote Desktop or Email or Whatever....We just want to be able to open it up wide open so that we are not NAT'ing for them.  We want their router to handle ALL of their traffic.

 I will try excluding it from DHCP for now.....

0
 

Author Comment

by:lttech
ID: 16894207
Exclude it from DHCP and remove the ACL or no?  Just excluding didn't change anything....
0
 

Author Comment

by:lttech
ID: 16902270
Did you give up on me ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16902586
No, I won't give up on you, just busy. Sitting at an airport right now waiting on a flight....

As long as you have a static nat statment you are natting. You need a separate public IP subnet, even if it is only a /30 subnet to assign to their interface of your router and their their router.

interface fast0/0.47
 ip address 10.0.11.129 255.255.255.0
 ip address 12.34.56.5 255.255.255.252

0
 

Author Comment

by:lttech
ID: 16904665
We have a full class C to use publics.

Are you saying keep the same ACL like it is and just giving that interface another IP address on the public side and have them assign the public to their router rather than the 10.0.11.XX address?
0
 

Author Comment

by:lttech
ID: 17054671
someone please?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17057461
Sorry about that.. thought you might have figured something else out by now.

No, you can't give them a public ip from your class C unless you change the mask on the interface that currently has that class C subnet assigned to it and you chop up your class C into multiple smaller subnets.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:lttech
ID: 17057795
I spent three hours on the phone with Cisco yesterday trying to solve this and the person I was working with was unable to help!  

All I want to do is give certain VLANS a wide open connection....Im dying! haha

interface fast0/0.47
 ip address 10.0.11.129 255.255.255.0
 ip address 12.34.56.5 255.255.255.252

You stated to try this...So you think I should give that interface a public as well as private?  Then put the statement on the top of their ACL to allow any
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17057877
I think that would be your best bet. You don't have to necessarily give it a private IP if they have their own firewall and just want a public IP.
Take your Class C subnet and cut it in half with 255.255.255.128 mask on the external interface Gig 0/1
This gives you addresses X.2 - .126 for static nats.
You might have to reconsider the X.250+ statics that you already have

Now you can split up the other half of the class C into many smaller parts as needed.
Assign
interface fast0/0.47
 ip address 10.0.11.129 255.255.255.0
 ip address X.X.X.253 255.255.255.252
 ip access-group 2147 in

  access-list 2147 deny ip any 10.0.0.0 0.255.255.255
  access-list 2147 permit ip host X.X.X.254 any


Tell the client to use X.X.X.254 on their firewall with same 255.255.255.252 mask
Their firewall's default gateway is .253
0
 

Author Comment

by:lttech
ID: 17059602
So they will apply the public to their firewall, but what will that do in terms of the access-list? Only use the two lines you have entered?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17059627
Correct. Yes, just those two lines should be adequate.
0
 

Author Comment

by:lttech
ID: 17061491
The only problem is that I cut my Class C of publics in half this way to provide their gateway and their public IP address.  Correct?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17062087
Correct, but you still retain the use of all the other IP's, just in different ways and for many different customers. Gives you lots of flexibility if you bite the bullet and go ahead and slice it up now.
0
 

Author Comment

by:lttech
ID: 17089655
I tried what you suggested and it says I cannot give that interface that IP address that it overlaps with Interface0/1
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17089699
Of course it does. You have to change the mask on Interface 0/1 first from 255.255.255.0 to 255.255.255.128

0
 

Author Comment

by:lttech
ID: 17090153
Of course it does. You have to change the mask on Interface 0/1 first from 255.255.255.0 to 255.255.255.128


That made me wipe my entire internet out! haha.....

There has got to be a way for us to give these 10. addresses wide open access....
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17090182
There is - just the way you did it with a 1-1 NAT. This works for 99% of your customers but some have applications (like VPN's) that simply don't like the NAT and require a "real" public IP address.
Perhaps your ISP can provide you another subnet that they can route to you and you can split it up any way you want.
0
 

Author Comment

by:lttech
ID: 17090210
I don't know if I explained it before or not, but we had the same setup before but instead of individual access lists we only had one access list and it was on the 0/1 interface.  That access-list 101 had all of the open ports and allowed for all of the access, but it made everyone accessible by ports that someone else needed so we went this route.  We had natting then and we would simply just move the allow any for the public to the top of ACL.
0
 

Author Comment

by:lttech
ID: 17092998
Now, however, when we move the public to the top of the ACL for that VLAN it makes no difference.
0
 

Author Comment

by:lttech
ID: 17149732
This is eating me alive....Cisco TAC couldn't help me...The lady said she fixed it but didnt make any changes and we see no difference...WHat a joke
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17150997
The acl is irrelevant because you're natting and the client can't handle the nat and wants a public IP address. Get another IP block from the ISP and chop it up to assign "real" public IP's to those few clients that really need them.
0
 

Author Comment

by:lttech
ID: 17156601
They do have the "real" address though...It is mapped...

The strange thing is that it worked before we switched to this type of config.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17156719
Not to be argumentative, but they do not have a 'real' public IP because it is mapped using NAT, with this statement:
>ip nat inside source static 10.0.11.130 XXX.XX.XXX.50

Their 'real' IP is still 10.0.11.130 in the private range isn't it?
Their 'real' IP is not really Public xx.xx.xx.50, is it?
Their 'public' IP is still xx.xx.xx.50 for all the world knows

I just want to be clear on the difference between a "public" IP address and their "real" IP address

Like I said, a static NAT-mapped public/Private IP address works for 90% of the applications/clients, and for all intents and purposes their "Public" ip is the one that you have mapped to them. Their "real" IP is still 10.0.x.x

There are some applications that simply do not work through NAT and absolutely must have a "real public" IP actually assigned to their own interface (which also means, of course, a real public IP assigned to your own interface for them to route to). Unless they can actually assign xx.xx.xx.50 to their own interface as its 'real' IP address, you're chasing your tail and running in circles.


0
 

Author Comment

by:lttech
ID: 17388843
My apologies for not responding further to the last post. We have been trying to get this issue resolved now that we have consulted with just about everybody under the sun.

In response to the last post though, we have been running this same scenario now for about four years. We have just recently changed our equipment out and moved to the seperate ACL lists instead of one central list (ACL 101) and prior to this change, these clients have been able to do all they needed including VPN's with the NAT being done the same way.

We have just recently discovered that the MTU may be an issue. We have run tests to clarify if larger packets (1500) would pass and they have not. The largest packet size we can pass is in fact 1270. After consulting with the ISP, they feel this might be a possible issue with the VPN clients due to the encryption added to each packet.

We have also noted that packets will come in, but not pass back out as needed. This may also be part of the issue.

All of this seems to bee only affecting VPN clients. General Internet traffic seems to be fine.
After reviewing the config, do you see anything that may be preventing any route issue or packet size limits?
We have also been told that our switches (Cisco 3560G) are not set for routing. Is this a possible issue?

Any further help would be greatly appreciated.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17519773
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0
 

Author Comment

by:lttech
ID: 17522714
Has anyone ever run into this issue with multiple VPN's over a wireless connection?
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now