troubleshooting Question

Routing issue from Cisco VPN clients to an 1811 router.

Avatar of NightBreakA
NightBreakA asked on
NetworkingHardware FirewallsDHCP
3 Comments2 Solutions1328 ViewsLast Modified:
Hello,
     I am running into an issue with a pair of Cisco 1811 routers (IOS 12.4(6)).  The routers are currently running a site-to-site IPsec tunnel for cross-site IP communications.  Both routers are also configured to act as EasyVPN servers.

     The site-to-site VPN is working fine.  But whenever I have one of my users connect using the Cisco EasyVPN client software, they can access the network that is directly connected to that router, but cannot get traffic cross-site or to the Internet.

     Eg.  use the client to connect into the 192.168.1.0 network, anything on the 192.168.1.0 is accessible, but nothing on the 192.168.2.0 network, or internet resources are available.

     The thing that confuses me on this is that the site-to-site VPN does not utilize a device name, so I am not sure how to designate a route from the EasyVPN client network (10.10.15.0) to the cross-site VPN.

     Here is the config for the routers:

West office router (192.168.1.0 network)
-------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router.west
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096 emergencies
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login userauthen local
aaa authentication ppp default local
aaa authorization exec local_author local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
no ip gratuitous-arps
!
!
ip cef
ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.149
ip dhcp excluded-address 192.168.1.221 192.168.1.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 192.168.1.4
   default-router 192.168.1.1
   domain-name corp.ingridhome.com
   netbios-name-server 192.168.1.4
!
!
ip tcp synwait-time 10
ip vrf VPN
 rd 1:1
!
no ip bootp server
ip domain name ingridhome.com
ip name-server 68.87.64.146
ip name-server 192.168.2.4
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM pptp
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW cuseeme
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
!
!
crypto pki trustpoint TP-self-signed-1967845904
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1967845904
 revocation-check none
 rsakeypair TP-self-signed-1967845904
!
!
crypto pki certificate chain TP-self-signed-1967845904
 certificate self-signed 01
<snip>
  quit
username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxx_xxx privilege 10 secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
!
!
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
 class sdm_p2p_gnutella
 class sdm_p2p_bittorrent
 class sdm_p2p_edonkey
 class sdm_p2p_kazaa
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxx address 70.91.45.73 no-xauth
crypto isakmp keepalive 3600
!
crypto isakmp client configuration group remote
 key xxxxxxxxx
 dns 192.168.1.4 192.168.2.3
 wins 192.168.1.4 192.168.2.4
 domain corp.ingridhome.com
 pool mypool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TS1 esp-3des esp-sha-hmac
 mode transport
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set Set1 esp-des esp-md5-hmac
crypto ipsec df-bit clear
!
crypto dynamic-map dynmap 1
 set transform-set Set1
!
!
crypto map mymap client authentication list userauthen
crypto map mymap isakmp authorization list groupauthor
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp
 set peer 70.91.45.73
 set transform-set myset
 match address 101
crypto map mymap 65535 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Null0
 no ip unreachables
!
interface Loopback0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
!
interface FastEthernet0
 description Comcast Business Cable Modem (1Mbit/9Mbit)$ES_WAN$$FW_OUTSIDE$$ETH-WAN$
 ip address 70.89.20.93 255.255.255.252
 ip access-group 112 in
 ip access-group 199 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed 10
 crypto map mymap
 crypto ipsec df-bit clear
!
interface FastEthernet1
 description US LEC fractional T1 (768k)$FW_OUTSIDE$$ETH-WAN$
 bandwidth 740
 ip address 199.72.119.50 255.255.255.248
 ip access-group 118 in
 ip access-group 199 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip inspect SDM_LOW in
 ip inspect SDM_LOW out
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface FastEthernet2
 description Vlan1
!
interface FastEthernet3
 description Vlan1
!
interface FastEthernet4
 description Vlan1
!
interface FastEthernet5
 description Vlan1
!
interface FastEthernet6
 description Vlan1
!
interface FastEthernet7
 description Vlan1
!
interface FastEthernet8
 description Vlan1
 switchport access vlan 2
!
interface FastEthernet9
 description Vlan1
 switchport access vlan 2
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip access-group 115 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan2
 description $FW_INSIDE$
 ip address 192.168.3.1 255.255.255.0
 ip access-group 116 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 ip route-cache flow
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
 shutdown
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets
 passive-interface Vlan1
 network 11.0.0.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 1
!
ip local pool mypool 10.10.15.150 10.10.15.200
ip route 0.0.0.0 0.0.0.0 70.89.20.94 permanent
!
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.4 7575 interface FastEthernet0 22
ip nat inside source static udp 192.168.1.4 473 interface FastEthernet0 473
ip nat inside source static tcp 192.168.1.3 10123 interface FastEthernet0 10123
ip nat inside source static tcp 192.168.1.147 5500 interface FastEthernet0 5503
ip nat inside source static tcp 192.168.1.141 5500 interface FastEthernet0 5502
ip nat inside source static tcp 192.168.1.123 5500 interface FastEthernet0 5501
ip nat inside source static tcp 192.168.1.127 5500 interface FastEthernet0 5500
ip nat inside source static tcp 192.168.1.10 25 interface FastEthernet0 25
ip nat inside source static tcp 192.168.1.10 443 interface FastEthernet0 443
ip nat inside source route-map SDM_RMAP_11 interface FastEthernet0 overload
!
logging trap critical
logging 192.168.1.4
logging 192.168.1.3
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-Class List
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 remark ACL for NAT translation
access-list 101 remark SDM_ACL Category=20
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 102 remark SDM_ACL Category=4
access-list 102 permit gre host 192.168.3.1 host 192.168.4.1
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip 70.89.20.92 0.0.0.3 any
access-list 103 deny   ip 192.168.3.0 0.0.0.255 any
access-list 103 deny   ip 199.72.119.48 0.0.0.7 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit gre host 192.168.4.1 host 192.168.3.1
access-list 104 permit ahp host 70.91.45.73 host 192.168.3.1
access-list 104 permit esp host 70.91.45.73 host 192.168.3.1
access-list 104 permit udp host 70.91.45.73 host 192.168.3.1 eq isakmp
access-list 104 permit udp host 70.91.45.73 host 192.168.3.1 eq non500-isakmp
access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 104 deny   ip 70.89.20.92 0.0.0.3 any
access-list 104 deny   ip 192.168.1.0 0.0.0.255 any
access-list 104 deny   ip 199.72.119.48 0.0.0.7 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 105 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 105 permit tcp any host 70.89.20.93 eq 10123
access-list 105 permit udp host 68.87.64.146 eq domain host 70.89.20.93
access-list 105 permit udp host 192.168.2.4 eq domain host 70.89.20.93
access-list 105 permit ahp host 70.91.45.73 host 70.89.20.93
access-list 105 permit esp host 70.91.45.73 host 70.89.20.93
access-list 105 permit udp host 70.91.45.73 host 70.89.20.93 eq isakmp
access-list 105 permit udp host 70.91.45.73 host 70.89.20.93 eq non500-isakmp
access-list 105 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 105 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 105 deny   ip 192.168.3.0 0.0.0.255 any
access-list 105 deny   ip 192.168.1.0 0.0.0.255 any
access-list 105 deny   ip 199.72.119.48 0.0.0.7 any
access-list 105 permit icmp any host 70.89.20.93 echo-reply
access-list 105 permit icmp any host 70.89.20.93 time-exceeded
access-list 105 permit icmp any host 70.89.20.93 unreachable
access-list 105 permit tcp any host 70.89.20.93 eq 443
access-list 105 permit tcp any host 70.89.20.93 eq 22
access-list 105 permit tcp any host 70.89.20.93 eq cmd
access-list 105 deny   ip 10.0.0.0 0.255.255.255 any
access-list 105 deny   ip 172.16.0.0 0.15.255.255 any
access-list 105 deny   ip 192.168.0.0 0.0.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip host 0.0.0.0 any
access-list 105 deny   ip any any log
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 permit tcp any host 70.89.20.93 eq 22
access-list 106 permit udp any host 70.89.20.93 eq 473
access-list 106 permit tcp any host 70.89.20.93 eq 473
access-list 106 permit udp host 192.168.2.4 eq domain host 70.89.20.93
access-list 106 permit udp host 68.87.64.146 eq domain host 70.89.20.93
access-list 106 permit ahp host 70.91.45.73 host 70.89.20.93
access-list 106 permit esp host 70.91.45.73 host 70.89.20.93
access-list 106 permit udp host 70.91.45.73 host 70.89.20.93 eq isakmp
access-list 106 permit udp host 70.91.45.73 host 70.89.20.93 eq non500-isakmp
access-list 106 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 106 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 106 deny   ip 192.168.3.0 0.0.0.255 any
access-list 106 deny   ip 192.168.1.0 0.0.0.255 any
access-list 106 deny   ip 199.72.119.48 0.0.0.7 any
access-list 106 permit icmp any host 70.89.20.93 echo-reply
access-list 106 permit icmp any host 70.89.20.93 time-exceeded
access-list 106 permit icmp any host 70.89.20.93 unreachable
access-list 106 deny   ip 10.0.0.0 0.255.255.255 any
access-list 106 deny   ip 172.16.0.0 0.15.255.255 any
access-list 106 deny   ip 192.168.0.0 0.0.255.255 any
access-list 106 deny   ip 127.0.0.0 0.255.255.255 any
access-list 106 deny   ip host 255.255.255.255 any
access-list 106 deny   ip host 0.0.0.0 any
access-list 106 deny   ip any any log
access-list 107 remark auto generated by SDM firewall configuration
access-list 107 remark SDM_ACL Category=1
access-list 107 permit ahp host 70.91.45.73 host 199.72.119.50
access-list 107 permit esp host 70.91.45.73 host 199.72.119.50
access-list 107 permit udp host 70.91.45.73 host 199.72.119.50 eq isakmp
access-list 107 permit udp host 70.91.45.73 host 199.72.119.50 eq non500-isakmp
access-list 107 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 107 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 107 permit ahp any host 199.72.119.50
access-list 107 permit esp any host 199.72.119.50
access-list 107 permit udp any host 199.72.119.50 eq isakmp
access-list 107 permit udp any host 199.72.119.50 eq non500-isakmp
access-list 107 deny   ip 70.89.20.92 0.0.0.3 any
access-list 107 deny   ip 192.168.3.0 0.0.0.255 any
access-list 107 deny   ip 192.168.1.0 0.0.0.255 any
access-list 107 permit icmp any host 199.72.119.50 echo-reply
access-list 107 permit icmp any host 199.72.119.50 time-exceeded
access-list 107 permit icmp any host 199.72.119.50 unreachable
access-list 107 deny   ip 10.0.0.0 0.255.255.255 any
access-list 107 deny   ip 172.16.0.0 0.15.255.255 any
access-list 107 deny   ip 192.168.0.0 0.0.255.255 any
access-list 107 deny   ip 127.0.0.0 0.255.255.255 any
access-list 107 deny   ip host 255.255.255.255 any
access-list 107 deny   ip host 0.0.0.0 any
access-list 107 deny   ip any any log
access-list 108 remark SDM_ACL Category=16
access-list 108 permit udp host 192.168.1.3 eq 1645 host 192.168.1.1
access-list 108 remark Access List for incoming traffic on vlan1
access-list 108 permit udp host 192.168.1.3 eq 1646 host 192.168.1.1
access-list 108 deny   ip 70.89.20.92 0.0.0.3 any
access-list 108 deny   ip 192.168.3.0 0.0.0.255 any
access-list 108 deny   ip 199.72.119.48 0.0.0.7 any
access-list 108 deny   ip host 255.255.255.255 any
access-list 108 deny   ip 127.0.0.0 0.255.255.255 any
access-list 108 permit ip any any
access-list 109 remark auto generated by SDM firewall configuration
access-list 109 remark SDM_ACL Category=1
access-list 109 permit udp host 70.91.45.73 host 192.168.3.1 eq non500-isakmp
access-list 109 permit udp host 70.91.45.73 host 192.168.3.1 eq isakmp
access-list 109 permit esp host 70.91.45.73 host 192.168.3.1
access-list 109 permit ahp host 70.91.45.73 host 192.168.3.1
access-list 109 permit gre host 192.168.4.1 host 192.168.3.1
access-list 109 permit udp host 192.168.4.1 host 192.168.3.1 eq non500-isakmp
access-list 109 permit udp host 192.168.4.1 host 192.168.3.1 eq isakmp
access-list 109 permit esp host 192.168.4.1 host 192.168.3.1
access-list 109 permit ahp host 192.168.4.1 host 192.168.3.1
access-list 109 deny   ip 70.89.20.92 0.0.0.3 any
access-list 109 deny   ip 192.168.1.0 0.0.0.255 any
access-list 109 deny   ip 199.72.119.48 0.0.0.7 any
access-list 109 deny   ip host 255.255.255.255 any
access-list 109 deny   ip 127.0.0.0 0.255.255.255 any
access-list 109 permit ip any any
access-list 110 remark Rule for the VoIP GRE tunnel
access-list 110 remark SDM_ACL Category=4
access-list 110 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 111 remark auto generated by SDM firewall configuration
access-list 111 remark SDM_ACL Category=1
access-list 111 permit ip host 192.168.5.100 any
access-list 111 permit ip host 192.168.5.101 any
access-list 111 permit ip host 192.168.5.102 any
access-list 111 permit ip host 192.168.5.103 any
access-list 111 permit ip host 192.168.5.104 any
access-list 111 permit ip host 192.168.5.105 any
access-list 111 permit ip host 192.168.5.106 any
access-list 111 permit ip host 192.168.5.107 any
access-list 111 permit ip host 192.168.5.108 any
access-list 111 permit ip host 192.168.5.109 any
access-list 111 permit ip host 192.168.5.110 any
access-list 111 permit ip host 192.168.5.111 any
access-list 111 permit ip host 192.168.5.112 any
access-list 111 permit ip host 192.168.5.113 any
access-list 111 permit ip host 192.168.5.114 any
access-list 111 permit ip host 192.168.5.115 any
access-list 111 permit ip host 192.168.5.116 any
access-list 111 permit ip host 192.168.5.117 any
access-list 111 permit ip host 192.168.5.118 any
access-list 111 permit ip host 192.168.5.119 any
access-list 111 permit ip host 192.168.5.120 any
access-list 111 permit ip host 192.168.5.121 any
access-list 111 permit ip host 192.168.5.122 any
access-list 111 permit ip host 192.168.5.123 any
access-list 111 permit ip host 192.168.5.124 any
access-list 111 permit ip host 192.168.5.125 any
access-list 111 permit ip host 192.168.5.126 any
access-list 111 permit ip host 192.168.5.127 any
access-list 111 permit ip host 192.168.5.128 any
access-list 111 permit ip host 192.168.5.129 any
access-list 111 permit ip host 192.168.5.130 any
access-list 111 permit ip host 192.168.5.131 any
access-list 111 permit ip host 192.168.5.132 any
access-list 111 permit ip host 192.168.5.133 any
access-list 111 permit ip host 192.168.5.134 any
access-list 111 permit ip host 192.168.5.135 any
access-list 111 permit ip host 192.168.5.136 any
access-list 111 permit ip host 192.168.5.137 any
access-list 111 permit ip host 192.168.5.138 any
access-list 111 permit ip host 192.168.5.139 any
access-list 111 permit ip host 192.168.5.140 any
access-list 111 permit ip host 192.168.5.141 any
access-list 111 permit ip host 192.168.5.142 any
access-list 111 permit ip host 192.168.5.143 any
access-list 111 permit ip host 192.168.5.144 any
access-list 111 permit ip host 192.168.5.145 any
access-list 111 permit ip host 192.168.5.146 any
access-list 111 permit ip host 192.168.5.147 any
access-list 111 permit ip host 192.168.5.148 any
access-list 111 permit ip host 192.168.5.149 any
access-list 111 permit ip host 192.168.5.150 any
access-list 111 permit udp any host 199.72.119.50 eq non500-isakmp
access-list 111 permit udp any host 199.72.119.50 eq isakmp
access-list 111 permit esp any host 199.72.119.50
access-list 111 permit ahp any host 199.72.119.50
access-list 111 deny   ip 70.89.20.92 0.0.0.3 any
access-list 111 deny   ip 192.168.3.0 0.0.0.255 any
access-list 111 deny   ip 192.168.1.0 0.0.0.255 any
access-list 111 permit icmp any host 199.72.119.50 echo-reply
access-list 111 permit icmp any host 199.72.119.50 time-exceeded
access-list 111 permit icmp any host 199.72.119.50 unreachable
access-list 111 deny   ip 10.0.0.0 0.255.255.255 any
access-list 111 deny   ip 172.16.0.0 0.15.255.255 any
access-list 111 deny   ip 192.168.0.0 0.0.255.255 any
access-list 111 deny   ip 127.0.0.0 0.255.255.255 any
access-list 111 deny   ip host 255.255.255.255 any
access-list 111 deny   ip host 0.0.0.0 any
access-list 111 deny   ip any any log
access-list 112 remark auto generated by SDM firewall configuration
access-list 112 remark SDM_ACL Category=1
access-list 112 permit ip host 10.10.15.150 any
access-list 112 permit ip host 10.10.15.151 any
access-list 112 permit ip host 10.10.15.152 any
access-list 112 permit ip host 10.10.15.153 any
access-list 112 permit ip host 10.10.15.154 any
access-list 112 permit ip host 10.10.15.155 any
access-list 112 permit ip host 10.10.15.156 any
access-list 112 permit ip host 10.10.15.157 any
access-list 112 permit ip host 10.10.15.158 any
access-list 112 permit ip host 10.10.15.159 any
access-list 112 permit ip host 10.10.15.160 any
access-list 112 permit ip host 10.10.15.161 any
access-list 112 permit ip host 10.10.15.162 any
access-list 112 permit ip host 10.10.15.163 any
access-list 112 permit ip host 10.10.15.164 any
access-list 112 permit ip host 10.10.15.165 any
access-list 112 permit ip host 10.10.15.166 any
access-list 112 permit ip host 10.10.15.167 any
access-list 112 permit ip host 10.10.15.168 any
access-list 112 permit ip host 10.10.15.169 any
access-list 112 permit ip host 10.10.15.170 any
access-list 112 permit ip host 10.10.15.171 any
access-list 112 permit ip host 10.10.15.172 any
access-list 112 permit ip host 10.10.15.173 any
access-list 112 permit ip host 10.10.15.174 any
access-list 112 permit ip host 10.10.15.175 any
access-list 112 permit ip host 10.10.15.176 any
access-list 112 permit ip host 10.10.15.177 any
access-list 112 permit ip host 10.10.15.178 any
access-list 112 permit ip host 10.10.15.179 any
access-list 112 permit ip host 10.10.15.180 any
access-list 112 permit ip host 10.10.15.181 any
access-list 112 permit ip host 10.10.15.182 any
access-list 112 permit ip host 10.10.15.183 any
access-list 112 permit ip host 10.10.15.184 any
access-list 112 permit ip host 10.10.15.185 any
access-list 112 permit ip host 10.10.15.186 any
access-list 112 permit ip host 10.10.15.187 any
access-list 112 permit ip host 10.10.15.188 any
access-list 112 permit ip host 10.10.15.189 any
access-list 112 permit ip host 10.10.15.190 any
access-list 112 permit ip host 10.10.15.191 any
access-list 112 permit ip host 10.10.15.192 any
access-list 112 permit ip host 10.10.15.193 any
access-list 112 permit ip host 10.10.15.194 any
access-list 112 permit ip host 10.10.15.195 any
access-list 112 permit ip host 10.10.15.196 any
access-list 112 permit ip host 10.10.15.197 any
access-list 112 permit ip host 10.10.15.198 any
access-list 112 permit ip host 10.10.15.199 any
access-list 112 permit ip host 10.10.15.200 any
access-list 112 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 112 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 112 permit udp host 70.91.45.73 host 70.89.20.93 eq non500-isakmp
access-list 112 permit udp host 70.91.45.73 host 70.89.20.93 eq isakmp
access-list 112 permit esp host 70.91.45.73 host 70.89.20.93
access-list 112 permit ahp host 70.91.45.73 host 70.89.20.93
access-list 112 permit udp any host 70.89.20.93 eq non500-isakmp
access-list 112 permit udp any host 70.89.20.93 eq isakmp
access-list 112 permit esp any host 70.89.20.93
access-list 112 permit ahp any host 70.89.20.93
access-list 112 deny   ip 70.89.20.92 0.0.0.3 any
access-list 112 deny   ip 192.168.3.0 0.0.0.255 any
access-list 112 deny   ip host 255.255.255.255 any
access-list 112 deny   ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark auto generated by SDM firewall configuration
access-list 113 remark SDM_ACL Category=1
access-list 113 permit gre host 192.168.4.1 host 192.168.3.1
access-list 113 permit ahp host 70.91.45.73 host 192.168.3.1
access-list 113 permit esp host 70.91.45.73 host 192.168.3.1
access-list 113 permit udp host 70.91.45.73 host 192.168.3.1 eq isakmp
access-list 113 permit udp host 70.91.45.73 host 192.168.3.1 eq non500-isakmp
access-list 113 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 113 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 113 deny   ip 70.89.20.92 0.0.0.3 any
access-list 113 deny   ip host 255.255.255.255 any
access-list 113 deny   ip 127.0.0.0 0.255.255.255 any
access-list 113 permit ip any any
access-list 114 remark auto generated by SDM firewall configuration
access-list 114 remark SDM_ACL Category=1
access-list 114 permit tcp any any eq 10123
access-list 114 permit tcp any host 70.89.20.93 eq www
access-list 114 permit udp any host 70.89.20.93 eq 473
access-list 114 permit tcp any host 70.89.20.93 eq smtp
access-list 114 permit udp host 192.168.2.4 eq domain host 70.89.20.93
access-list 114 permit udp host 68.87.64.146 eq domain host 70.89.20.93
access-list 114 permit ahp host 70.91.45.73 host 70.89.20.93
access-list 114 permit esp host 70.91.45.73 host 70.89.20.93
access-list 114 permit udp host 70.91.45.73 host 70.89.20.93 eq isakmp
access-list 114 permit udp host 70.91.45.73 host 70.89.20.93 eq non500-isakmp
access-list 114 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 114 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 114 deny   ip 192.168.3.0 0.0.0.255 any
access-list 114 deny   ip 192.168.1.0 0.0.0.255 any
access-list 114 permit icmp any host 70.89.20.93 echo-reply
access-list 114 permit icmp any host 70.89.20.93 time-exceeded
access-list 114 permit icmp any host 70.89.20.93 unreachable
access-list 114 permit tcp any host 70.89.20.93 eq 443
access-list 114 permit tcp any host 70.89.20.93 eq 22
access-list 114 permit tcp any host 70.89.20.93 eq cmd
access-list 114 deny   ip 10.0.0.0 0.255.255.255 any
access-list 114 deny   ip 172.16.0.0 0.15.255.255 any
access-list 114 deny   ip 192.168.0.0 0.0.255.255 any
access-list 114 deny   ip 127.0.0.0 0.255.255.255 any
access-list 114 deny   ip host 255.255.255.255 any
access-list 114 deny   ip host 0.0.0.0 any
access-list 114 deny   ip any any log
access-list 115 remark auto generated by SDM firewall configuration
access-list 115 remark SDM_ACL Category=1
access-list 115 deny   ip 70.89.20.92 0.0.0.3 any
access-list 115 deny   ip 192.168.3.0 0.0.0.255 any
access-list 115 deny   ip 199.72.119.48 0.0.0.7 any
access-list 115 deny   ip host 255.255.255.255 any
access-list 115 deny   ip 127.0.0.0 0.255.255.255 any
access-list 115 permit ip any any
access-list 116 remark auto generated by SDM firewall configuration
access-list 116 remark SDM_ACL Category=1
access-list 116 deny   ip 70.89.20.92 0.0.0.3 any
access-list 116 deny   ip 192.168.1.0 0.0.0.255 any
access-list 116 deny   ip 199.72.119.48 0.0.0.7 any
access-list 116 deny   ip host 255.255.255.255 any
access-list 116 deny   ip 127.0.0.0 0.255.255.255 any
access-list 116 permit ip any any
access-list 117 remark auto generated by SDM firewall configuration
access-list 117 remark SDM_ACL Category=1
access-list 117 permit tcp any host 70.89.20.93 eq 10123
access-list 117 permit tcp any host 70.89.20.93 eq 22
access-list 117 permit udp any host 70.89.20.93 eq 473
access-list 117 permit tcp any host 70.89.20.93 eq smtp
access-list 117 permit tcp any host 70.89.20.93 eq 443
access-list 117 permit udp host 192.168.2.4 eq domain host 70.89.20.93
access-list 117 permit udp host 68.87.64.146 eq domain host 70.89.20.93
access-list 117 permit ahp host 70.91.45.73 host 70.89.20.93
access-list 117 permit esp host 70.91.45.73 host 70.89.20.93
access-list 117 permit udp host 70.91.45.73 host 70.89.20.93 eq isakmp
access-list 117 permit udp host 70.91.45.73 host 70.89.20.93 eq non500-isakmp
access-list 117 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 117 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 117 deny   ip 192.168.3.0 0.0.0.255 any
access-list 117 deny   ip 199.72.119.48 0.0.0.7 any
access-list 117 permit icmp any host 70.89.20.93 echo-reply
access-list 117 permit icmp any host 70.89.20.93 time-exceeded
access-list 117 permit icmp any host 70.89.20.93 unreachable
access-list 117 deny   ip 10.0.0.0 0.255.255.255 any
access-list 117 deny   ip 172.16.0.0 0.15.255.255 any
access-list 117 deny   ip 127.0.0.0 0.255.255.255 any
access-list 117 deny   ip host 255.255.255.255 any
access-list 117 deny   ip host 0.0.0.0 any
access-list 117 deny   ip any any log
access-list 118 remark auto generated by SDM firewall configuration
access-list 118 remark SDM_ACL Category=1
access-list 118 permit ip host 10.10.15.150 any
access-list 118 permit ip host 10.10.15.151 any
access-list 118 permit ip host 10.10.15.152 any
access-list 118 permit ip host 10.10.15.153 any
access-list 118 permit ip host 10.10.15.154 any
access-list 118 permit ip host 10.10.15.155 any
access-list 118 permit ip host 10.10.15.156 any
access-list 118 permit ip host 10.10.15.157 any
access-list 118 permit ip host 10.10.15.158 any
access-list 118 permit ip host 10.10.15.159 any
access-list 118 permit ip host 10.10.15.160 any
access-list 118 permit ip host 10.10.15.161 any
access-list 118 permit ip host 10.10.15.162 any
access-list 118 permit ip host 10.10.15.163 any
access-list 118 permit ip host 10.10.15.164 any
access-list 118 permit ip host 10.10.15.165 any
access-list 118 permit ip host 10.10.15.166 any
access-list 118 permit ip host 10.10.15.167 any
access-list 118 permit ip host 10.10.15.168 any
access-list 118 permit ip host 10.10.15.169 any
access-list 118 permit ip host 10.10.15.170 any
access-list 118 permit ip host 10.10.15.171 any
access-list 118 permit ip host 10.10.15.172 any
access-list 118 permit ip host 10.10.15.173 any
access-list 118 permit ip host 10.10.15.174 any
access-list 118 permit ip host 10.10.15.175 any
access-list 118 permit ip host 10.10.15.176 any
access-list 118 permit ip host 10.10.15.177 any
access-list 118 permit ip host 10.10.15.178 any
access-list 118 permit ip host 10.10.15.179 any
access-list 118 permit ip host 10.10.15.180 any
access-list 118 permit ip host 10.10.15.181 any
access-list 118 permit ip host 10.10.15.182 any
access-list 118 permit ip host 10.10.15.183 any
access-list 118 permit ip host 10.10.15.184 any
access-list 118 permit ip host 10.10.15.185 any
access-list 118 permit ip host 10.10.15.186 any
access-list 118 permit ip host 10.10.15.187 any
access-list 118 permit ip host 10.10.15.188 any
access-list 118 permit ip host 10.10.15.189 any
access-list 118 permit ip host 10.10.15.190 any
access-list 118 permit ip host 10.10.15.191 any
access-list 118 permit ip host 10.10.15.192 any
access-list 118 permit ip host 10.10.15.193 any
access-list 118 permit ip host 10.10.15.194 any
access-list 118 permit ip host 10.10.15.195 any
access-list 118 permit ip host 10.10.15.196 any
access-list 118 permit ip host 10.10.15.197 any
access-list 118 permit ip host 10.10.15.198 any
access-list 118 permit ip host 10.10.15.199 any
access-list 118 permit ip host 10.10.15.200 any
access-list 118 permit udp any host 199.72.119.50 eq non500-isakmp
access-list 118 permit udp any host 199.72.119.50 eq isakmp
access-list 118 permit esp any host 199.72.119.50
access-list 118 permit ahp any host 199.72.119.50
access-list 118 permit ahp host 70.91.45.73 host 199.72.119.50
access-list 118 permit esp host 70.91.45.73 host 199.72.119.50
access-list 118 permit udp host 70.91.45.73 host 199.72.119.50 eq isakmp
access-list 118 permit udp host 70.91.45.73 host 199.72.119.50 eq non500-isakmp
access-list 118 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 118 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 118 deny   ip 70.89.20.92 0.0.0.3 any
access-list 118 deny   ip 192.168.3.0 0.0.0.255 any
access-list 118 deny   ip 192.168.1.0 0.0.0.255 any
access-list 118 permit icmp any host 199.72.119.50 echo-reply
access-list 118 permit icmp any host 199.72.119.50 time-exceeded
access-list 118 permit icmp any host 199.72.119.50 unreachable
access-list 118 deny   ip 10.0.0.0 0.255.255.255 any
access-list 118 deny   ip 172.16.0.0 0.15.255.255 any
access-list 118 deny   ip 192.168.0.0 0.0.255.255 any
access-list 118 deny   ip 127.0.0.0 0.255.255.255 any
access-list 118 deny   ip host 255.255.255.255 any
access-list 118 deny   ip host 0.0.0.0 any
access-list 118 deny   ip any any log
access-list 119 remark auto generated by SDM firewall configuration
access-list 119 remark SDM_ACL Category=1
access-list 119 permit udp host 192.168.2.4 eq domain host 70.89.20.93
access-list 119 permit udp host 68.87.64.146 eq domain host 70.89.20.93
access-list 119 permit ahp host 70.91.45.73 host 70.89.20.93
access-list 119 permit esp host 70.91.45.73 host 70.89.20.93
access-list 119 permit udp host 70.91.45.73 host 70.89.20.93 eq isakmp
access-list 119 permit udp host 70.91.45.73 host 70.89.20.93 eq non500-isakmp
access-list 119 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 119 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 119 deny   ip 192.168.3.0 0.0.0.255 any
access-list 119 deny   ip 192.168.1.0 0.0.0.255 any
access-list 119 deny   ip 199.72.119.48 0.0.0.7 any
access-list 119 permit icmp any host 70.89.20.93 echo-reply
access-list 119 permit icmp any host 70.89.20.93 time-exceeded
access-list 119 permit icmp any host 70.89.20.93 unreachable
access-list 119 permit tcp any host 70.89.20.93 eq 443
access-list 119 permit tcp any host 70.89.20.93 eq 22
access-list 119 permit tcp any host 70.89.20.93 eq cmd
access-list 119 deny   ip 10.0.0.0 0.255.255.255 any
access-list 119 deny   ip 172.16.0.0 0.15.255.255 any
access-list 119 deny   ip 192.168.0.0 0.0.255.255 any
access-list 119 deny   ip 127.0.0.0 0.255.255.255 any
access-list 119 deny   ip host 255.255.255.255 any
access-list 119 deny   ip host 0.0.0.0 any
access-list 119 deny   ip any any log
access-list 120 remark auto generated by SDM firewall configuration
access-list 120 remark SDM_ACL Category=1
access-list 120 permit tcp any host 70.89.20.93 eq 22
access-list 120 permit ahp any host 199.72.119.50
access-list 120 permit esp any host 199.72.119.50
access-list 120 permit udp any host 199.72.119.50 eq isakmp
access-list 120 permit udp any host 199.72.119.50 eq non500-isakmp
access-list 120 deny   ip 70.89.20.92 0.0.0.3 any
access-list 120 deny   ip 192.168.3.0 0.0.0.255 any
access-list 120 deny   ip 192.168.1.0 0.0.0.255 any
access-list 120 permit icmp any host 199.72.119.50 echo-reply
access-list 120 permit icmp any host 199.72.119.50 time-exceeded
access-list 120 permit icmp any host 199.72.119.50 unreachable
access-list 120 deny   ip 10.0.0.0 0.255.255.255 any
access-list 120 deny   ip 172.16.0.0 0.15.255.255 any
access-list 120 deny   ip 192.168.0.0 0.0.255.255 any
access-list 120 deny   ip 127.0.0.0 0.255.255.255 any
access-list 120 deny   ip host 255.255.255.255 any
access-list 120 deny   ip host 0.0.0.0 any
access-list 120 deny   ip any any log
access-list 121 remark VTY Access-class list
access-list 121 remark SDM_ACL Category=1
access-list 121 permit ip 192.168.3.0 0.0.0.255 any
access-list 121 permit ip 192.168.1.0 0.0.0.255 any
access-list 121 deny   ip any any
access-list 122 remark SDM_ACL Category=2
access-list 122 deny   ip host 192.168.1.4 any
access-list 122 deny   ip any host 192.168.5.100
access-list 122 deny   ip any host 192.168.5.101
access-list 122 deny   ip any host 192.168.5.102
access-list 122 deny   ip any host 192.168.5.103
access-list 122 deny   ip any host 192.168.5.104
access-list 122 deny   ip any host 192.168.5.105
access-list 122 deny   ip any host 192.168.5.106
access-list 122 deny   ip any host 192.168.5.107
access-list 122 deny   ip any host 192.168.5.108
access-list 122 deny   ip any host 192.168.5.109
access-list 122 deny   ip any host 192.168.5.110
access-list 122 deny   ip any host 192.168.5.111
access-list 122 deny   ip any host 192.168.5.112
access-list 122 deny   ip any host 192.168.5.113
access-list 122 deny   ip any host 192.168.5.114
access-list 122 deny   ip any host 192.168.5.115
access-list 122 deny   ip any host 192.168.5.116
access-list 122 deny   ip any host 192.168.5.117
access-list 122 deny   ip any host 192.168.5.118
access-list 122 deny   ip any host 192.168.5.119
access-list 122 deny   ip any host 192.168.5.120
access-list 122 deny   ip any host 192.168.5.121
access-list 122 deny   ip any host 192.168.5.122
access-list 122 deny   ip any host 192.168.5.123
access-list 122 deny   ip any host 192.168.5.124
access-list 122 deny   ip any host 192.168.5.125
access-list 122 deny   ip any host 192.168.5.126
access-list 122 deny   ip any host 192.168.5.127
access-list 122 deny   ip any host 192.168.5.128
access-list 122 deny   ip any host 192.168.5.129
access-list 122 deny   ip any host 192.168.5.130
access-list 122 deny   ip any host 192.168.5.131
access-list 122 deny   ip any host 192.168.5.132
access-list 122 deny   ip any host 192.168.5.133
access-list 122 deny   ip any host 192.168.5.134
access-list 122 deny   ip any host 192.168.5.135
access-list 122 deny   ip any host 192.168.5.136
access-list 122 deny   ip any host 192.168.5.137
access-list 122 deny   ip any host 192.168.5.138
access-list 122 deny   ip any host 192.168.5.139
access-list 122 deny   ip any host 192.168.5.140
access-list 122 deny   ip any host 192.168.5.141
access-list 122 deny   ip any host 192.168.5.142
access-list 122 deny   ip any host 192.168.5.143
access-list 122 deny   ip any host 192.168.5.144
access-list 122 deny   ip any host 192.168.5.145
access-list 122 deny   ip any host 192.168.5.146
access-list 122 deny   ip any host 192.168.5.147
access-list 122 deny   ip any host 192.168.5.148
access-list 122 deny   ip any host 192.168.5.149
access-list 122 deny   ip any host 192.168.5.150
access-list 122 deny   ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 122 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 122 permit ip 192.168.1.0 0.0.0.255 any
access-list 123 deny   ip 192.168.1.0 0.0.0.255 10.10.15.0 0.0.0.255
access-list 123 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 123 deny   ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 123 permit ip 192.168.1.0 0.0.0.255 any
access-list 124 remark auto generated by SDM firewall configuration
access-list 124 remark SDM_ACL Category=1
access-list 124 permit udp any host 70.89.20.93 eq 5000
access-list 124 permit ip host 10.10.15.150 any
access-list 124 permit ip host 10.10.15.151 any
access-list 124 permit ip host 10.10.15.152 any
access-list 124 permit ip host 10.10.15.153 any
access-list 124 permit ip host 10.10.15.154 any
access-list 124 permit ip host 10.10.15.155 any
access-list 124 permit ip host 10.10.15.156 any
access-list 124 permit ip host 10.10.15.157 any
access-list 124 permit ip host 10.10.15.158 any
access-list 124 permit ip host 10.10.15.159 any
access-list 124 permit ip host 10.10.15.160 any
access-list 124 permit ip host 10.10.15.161 any
access-list 124 permit ip host 10.10.15.162 any
access-list 124 permit ip host 10.10.15.163 any
access-list 124 permit ip host 10.10.15.164 any
access-list 124 permit ip host 10.10.15.165 any
access-list 124 permit ip host 10.10.15.166 any
access-list 124 permit ip host 10.10.15.167 any
access-list 124 permit ip host 10.10.15.168 any
access-list 124 permit ip host 10.10.15.169 any
access-list 124 permit ip host 10.10.15.170 any
access-list 124 permit ip host 10.10.15.171 any
access-list 124 permit ip host 10.10.15.172 any
access-list 124 permit ip host 10.10.15.173 any
access-list 124 permit ip host 10.10.15.174 any
access-list 124 permit ip host 10.10.15.175 any
access-list 124 permit ip host 10.10.15.176 any
access-list 124 permit ip host 10.10.15.177 any
access-list 124 permit ip host 10.10.15.178 any
access-list 124 permit ip host 10.10.15.179 any
access-list 124 permit ip host 10.10.15.180 any
access-list 124 permit ip host 10.10.15.181 any
access-list 124 permit ip host 10.10.15.182 any
access-list 124 permit ip host 10.10.15.183 any
access-list 124 permit ip host 10.10.15.184 any
access-list 124 permit ip host 10.10.15.185 any
access-list 124 permit ip host 10.10.15.186 any
access-list 124 permit ip host 10.10.15.187 any
access-list 124 permit ip host 10.10.15.188 any
access-list 124 permit ip host 10.10.15.189 any
access-list 124 permit ip host 10.10.15.190 any
access-list 124 permit ip host 10.10.15.191 any
access-list 124 permit ip host 10.10.15.192 any
access-list 124 permit ip host 10.10.15.193 any
access-list 124 permit ip host 10.10.15.194 any
access-list 124 permit ip host 10.10.15.195 any
access-list 124 permit ip host 10.10.15.196 any
access-list 124 permit ip host 10.10.15.197 any
access-list 124 permit ip host 10.10.15.198 any
access-list 124 permit ip host 10.10.15.199 any
access-list 124 permit ip host 10.10.15.200 any
access-list 124 permit udp any host 70.89.20.93 eq non500-isakmp
access-list 124 permit udp any host 70.89.20.93 eq isakmp
access-list 124 permit esp any host 70.89.20.93
access-list 124 permit ahp any host 70.89.20.93
access-list 124 permit tcp any host 70.89.20.93 eq 5503
access-list 124 permit tcp any host 70.89.20.93 eq 5502
access-list 124 permit tcp any host 70.89.20.93 eq 5501
access-list 124 permit tcp any host 70.89.20.93 eq 5500
access-list 124 permit tcp any host 70.89.20.93 eq 22
access-list 124 permit udp any host 70.89.20.93 eq 473
access-list 124 permit tcp any host 70.89.20.93 eq 443
access-list 124 permit tcp any host 70.89.20.93 eq 10123
access-list 124 permit tcp any host 70.89.20.93 eq smtp
access-list 124 permit udp host 192.168.2.4 eq domain host 70.89.20.93
access-list 124 permit udp host 68.87.64.146 eq domain host 70.89.20.93
access-list 124 permit ahp host 70.91.45.73 host 70.89.20.93
access-list 124 permit esp host 70.91.45.73 host 70.89.20.93
access-list 124 permit udp host 70.91.45.73 host 70.89.20.93 eq isakmp
access-list 124 permit udp host 70.91.45.73 host 70.89.20.93 eq non500-isakmp
access-list 124 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 124 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 124 deny   ip 192.168.3.0 0.0.0.255 any
access-list 124 deny   ip 192.168.1.0 0.0.0.255 any
access-list 124 deny   ip 199.72.119.48 0.0.0.7 any
access-list 124 permit icmp any host 70.89.20.93 echo-reply
access-list 124 permit icmp any host 70.89.20.93 time-exceeded
access-list 124 permit icmp any host 70.89.20.93 unreachable
access-list 124 deny   ip 10.0.0.0 0.255.255.255 any
access-list 124 deny   ip 172.16.0.0 0.15.255.255 any
access-list 124 deny   ip 192.168.0.0 0.0.255.255 any
access-list 124 deny   ip 127.0.0.0 0.255.255.255 any
access-list 124 deny   ip host 255.255.255.255 any
access-list 124 deny   ip host 0.0.0.0 any
access-list 124 deny   ip any any log
access-list 151 remark Rule for L2TP VPN clients.
access-list 151 remark SDM_ACL Category=4
access-list 151 permit ip any 192.168.1.0 0.0.0.255
access-list 151 permit ip any 192.168.2.0 0.0.0.255
access-list 199 remark DISABLE UDP 500
access-list 199 remark SDM_ACL Category=1
access-list 199 deny   udp any host 70.91.45.73 eq isakmp
access-list 199 permit ip any any
no cdp run
!
!
!
route-map SDM_RMAP_11 permit 1
 match ip address 123
!
route-map SDM_RMAP_4 permit 1
 match ip address 114
!
route-map SDM_RMAP_5 permit 1
 match ip address 115
!
route-map SDM_RMAP_6 permit 1
 match ip address 116
!
route-map SDM_RMAP_7 permit 1
 match ip address 117
!
route-map SDM_RMAP_1 permit 1
 match ip address 100
!
route-map SDM_RMAP_2 permit 1
 match ip address 112
!
route-map SDM_RMAP_3 permit 1
 match ip address 113
!
route-map SDM_RMAP_8 permit 1
 match ip address 118
!
route-map SDM_RMAP_9 permit 1
 match ip address 122
!
!
!
!
control-plane
!
!
line con 0
 login authentication local_authen
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 access-class 121 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

East office router (192.168.2.0 network)
------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router.east
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging console critical
enable secret 5 $1$edHp$.Ja/JmtA2urh8T3.bZF.80
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec local_author local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.99
ip dhcp excluded-address 192.168.2.221 192.168.2.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   domain-name corp.ingridhome.com
   netbios-name-server 192.168.2.3 192.168.1.3
   dns-server 192.168.1.3 192.168.2.3
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name ingridhome.com
ip name-server 68.87.75.194
ip name-server 192.168.2.4
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name dmzinspect tcp
ip inspect name dmzinspect udp
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
!
!
crypto pki trustpoint TP-self-signed-1433850974
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1433850974
 revocation-check none
 rsakeypair TP-self-signed-1433850974
!
!
crypto pki certificate chain TP-self-signed-1433850974
 certificate self-signed 01
<snip>
  quit
username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxx_xxx privilege 10 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxx
!
!
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
!
!
policy-map SDMPolicy0
 class sdm_p2p_gnutella
 class sdm_p2p_bittorrent
 class sdm_p2p_edonkey
 class sdm_p2p_kazaa
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxx address 70.89.20.93 no-xauth
!
crypto isakmp client configuration group remote
 key xxxxxxxxx
 dns 192.168.2.3 192.168.1.3
 wins 192.168.2.3 192.168.1.3
 domain corp.ingridhome.com
 pool SDM_POOL_1
 save-password
 max-users 10
 netmask 255.255.255.0
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto dynamic-map SDM_DYNMAP_1 1
 set security-association idle-time 1200
 set transform-set myset
 reverse-route
!
!
crypto map mymap client authentication list sdm_vpn_xauth_ml_1
crypto map mymap isakmp authorization list sdm_vpn_group_ml_1
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp
 set peer 70.89.20.93
 set transform-set myset
 match address 101
crypto map mymap 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 description Comcast Business Cable Modem$ES_WAN$$FW_OUTSIDE$$ETH-WAN$
 ip address 70.91.45.73 255.255.255.252
 ip access-group 113 in
 ip access-group 199 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 crypto map mymap
 crypto ipsec df-bit clear
!
interface FastEthernet1
 description $ETH-WAN$
 bandwidth 680
 ip address 209.155.24.90 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
!
interface FastEthernet2
 description Vlan1
!
interface FastEthernet3
 description Vlan1
!
interface FastEthernet4
 description Vlan1
!
interface FastEthernet5
 description Vlan1
!
interface FastEthernet6
 description Vlan1
!
interface FastEthernet7
 description Vlan2
 switchport access vlan 2
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
 ip address 192.168.2.1 255.255.255.0
 ip access-group 112 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
 ip policy route-map nonat
!
interface Vlan2
 description $FW_INSIDE$
 ip address 192.168.4.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
 shutdown
!
router ospf 1
 log-adjacency-changes
 passive-interface Vlan1
 network 192.168.2.0 0.0.0.255 area 1
!
ip local pool SDM_POOL_1 10.8.0.100 10.8.0.110
ip route 0.0.0.0 0.0.0.0 70.91.45.74 permanent
ip route 192.168.3.0 255.255.255.0 192.168.1.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.2.84 3389 interface FastEthernet0 3390
ip nat inside source static udp 192.168.2.3 5000 interface FastEthernet0 5000
ip nat inside source static udp 192.168.2.89 4091 interface FastEthernet0 4091
ip nat inside source static udp 192.168.2.89 4090 interface FastEthernet0 4090
ip nat inside source static tcp 192.168.2.89 8080 interface FastEthernet0 8080
ip nat inside source static tcp 192.168.2.89 4091 interface FastEthernet0 4091
ip nat inside source static tcp 192.168.2.89 4090 interface FastEthernet0 4090
ip nat inside source static tcp 192.168.2.83 3389 interface FastEthernet0 3389
ip nat inside source static tcp 192.168.2.80 2222 interface FastEthernet0 2222
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.2.4 7575 interface FastEthernet0 22
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.4.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark SDM_ACL Category=18
access-list 100 deny   ip any host 10.8.0.100
access-list 100 deny   ip any host 10.8.0.101
access-list 100 deny   ip any host 10.8.0.102
access-list 100 deny   ip any host 10.8.0.103
access-list 100 deny   ip any host 10.8.0.104
access-list 100 deny   ip any host 10.8.0.105
access-list 100 deny   ip any host 10.8.0.106
access-list 100 deny   ip any host 10.8.0.107
access-list 100 deny   ip any host 10.8.0.108
access-list 100 deny   ip any host 10.8.0.109
access-list 100 deny   ip any host 10.8.0.110
access-list 100 deny   ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 100 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip 70.91.45.72 0.0.0.3 any
access-list 103 deny   ip 192.168.4.0 0.0.0.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip 70.91.45.72 0.0.0.3 any
access-list 104 deny   ip 192.168.2.0 0.0.0.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit udp host 68.87.75.194 eq domain host 70.91.45.73
access-list 105 permit ahp host 70.89.20.93 host 70.91.45.73
access-list 105 permit esp host 70.89.20.93 host 70.91.45.73
access-list 105 permit udp host 70.89.20.93 host 70.91.45.73 eq isakmp
access-list 105 permit udp host 70.89.20.93 host 70.91.45.73 eq non500-isakmp
access-list 105 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 105 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 105 deny   ip 192.168.4.0 0.0.0.255 any
access-list 105 deny   ip 192.168.2.0 0.0.0.255 any
access-list 105 permit icmp any host 70.91.45.73 echo-reply
access-list 105 permit icmp any host 70.91.45.73 time-exceeded
access-list 105 permit icmp any host 70.91.45.73 unreachable
access-list 105 permit tcp any host 70.91.45.73 eq 443
access-list 105 permit tcp any host 70.91.45.73 eq 22
access-list 105 permit tcp any host 70.91.45.73 eq cmd
access-list 105 deny   ip 10.0.0.0 0.255.255.255 any
access-list 105 deny   ip 172.16.0.0 0.15.255.255 any
access-list 105 deny   ip 192.168.0.0 0.0.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip host 0.0.0.0 any
access-list 105 deny   ip any any log
access-list 106 remark VTY Access-class list
access-list 106 remark SDM_ACL Category=1
access-list 106 permit ip 192.168.4.0 0.0.0.255 any
access-list 106 permit ip 192.168.2.0 0.0.0.255 any
access-list 106 deny   ip any any
access-list 107 remark auto generated by SDM firewall configuration
access-list 107 remark SDM_ACL Category=1
access-list 107 deny   ip 70.91.45.72 0.0.0.3 any
access-list 107 deny   ip 192.168.10.0 0.0.0.255 any
access-list 107 deny   ip 192.168.4.0 0.0.0.255 any
access-list 107 deny   ip host 255.255.255.255 any
access-list 107 deny   ip 127.0.0.0 0.255.255.255 any
access-list 107 permit ip any any
access-list 108 remark auto generated by SDM firewall configuration
access-list 108 remark SDM_ACL Category=1
access-list 108 deny   ip 70.91.45.72 0.0.0.3 any
access-list 108 deny   ip 192.168.10.0 0.0.0.255 any
access-list 108 deny   ip 192.168.2.0 0.0.0.255 any
access-list 108 deny   ip host 255.255.255.255 any
access-list 108 deny   ip 127.0.0.0 0.255.255.255 any
access-list 108 permit ip any any
access-list 109 remark auto generated by SDM firewall configuration
access-list 109 remark SDM_ACL Category=1
access-list 109 deny   ip any any log
access-list 110 remark auto generated by SDM firewall configuration
access-list 110 remark SDM_ACL Category=1
access-list 110 permit tcp any host 70.91.45.73 eq 10123
access-list 110 permit tcp any host 70.91.45.73 eq 3389
access-list 110 permit tcp any host 70.91.45.73 eq 2222
access-list 110 permit tcp any host 70.91.45.73 eq 22
access-list 110 permit udp host 68.87.75.194 eq domain host 70.91.45.73
access-list 110 permit ahp host 70.89.20.93 host 70.91.45.73
access-list 110 permit esp host 70.89.20.93 host 70.91.45.73
access-list 110 permit udp host 70.89.20.93 host 70.91.45.73 eq isakmp
access-list 110 permit udp host 70.89.20.93 host 70.91.45.73 eq non500-isakmp
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 110 deny   ip 192.168.10.0 0.0.0.255 any
access-list 110 deny   ip 192.168.4.0 0.0.0.255 any
access-list 110 deny   ip 192.168.2.0 0.0.0.255 any
access-list 110 permit icmp any host 70.91.45.73 echo-reply
access-list 110 permit icmp any host 70.91.45.73 time-exceeded
access-list 110 permit icmp any host 70.91.45.73 unreachable
access-list 110 permit tcp any host 192.168.10.80 eq 3389
access-list 110 permit tcp any host 192.168.10.81 eq 3389
access-list 110 permit tcp any host 192.168.10.82 eq 3389
access-list 110 permit tcp any host 192.168.10.83 eq 3389
access-list 110 deny   ip 10.0.0.0 0.255.255.255 any
access-list 110 deny   ip 172.16.0.0 0.15.255.255 any
access-list 110 deny   ip 192.168.0.0 0.0.255.255 any
access-list 110 deny   ip 127.0.0.0 0.255.255.255 any
access-list 110 deny   ip host 255.255.255.255 any
access-list 110 deny   ip host 0.0.0.0 any
access-list 110 deny   ip any any log
access-list 111 remark VTY Access-class list
access-list 111 remark SDM_ACL Category=1
access-list 111 permit ip 192.168.4.0 0.0.0.255 any
access-list 111 permit ip 192.168.2.0 0.0.0.255 any
access-list 111 deny   ip any any
access-list 112 remark auto generated by SDM firewall configuration
access-list 112 remark SDM_ACL Category=1
access-list 112 deny   ip 70.91.45.72 0.0.0.3 any
access-list 112 deny   ip 192.168.4.0 0.0.0.255 any
access-list 112 deny   ip host 255.255.255.255 any
access-list 112 deny   ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark auto generated by SDM firewall configuration
access-list 113 remark SDM_ACL Category=1
access-list 113 permit ip host 10.8.0.100 any
access-list 113 permit ip host 10.8.0.101 any
access-list 113 permit ip host 10.8.0.102 any
access-list 113 permit ip host 10.8.0.103 any
access-list 113 permit ip host 10.8.0.104 any
access-list 113 permit ip host 10.8.0.105 any
access-list 113 permit ip host 10.8.0.106 any
access-list 113 permit ip host 10.8.0.107 any
access-list 113 permit ip host 10.8.0.108 any
access-list 113 permit ip host 10.8.0.109 any
access-list 113 permit ip host 10.8.0.110 any
access-list 113 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 113 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 113 permit udp host 70.89.20.93 host 70.91.45.73 eq non500-isakmp
access-list 113 permit udp host 70.89.20.93 host 70.91.45.73 eq isakmp
access-list 113 permit esp host 70.89.20.93 host 70.91.45.73
access-list 113 permit ahp host 70.89.20.93 host 70.91.45.73
access-list 113 permit udp any host 70.91.45.73 eq non500-isakmp
access-list 113 permit udp any host 70.91.45.73 eq isakmp
access-list 113 permit esp any host 70.91.45.73
access-list 113 permit ahp any host 70.91.45.73
access-list 113 deny   ip 70.91.45.72 0.0.0.3 any
access-list 113 deny   ip 192.168.2.0 0.0.0.255 any
access-list 113 deny   ip host 255.255.255.255 any
access-list 113 deny   ip 127.0.0.0 0.255.255.255 any
access-list 113 permit ip any any
access-list 114 permit ip host 171.68.225.212 any
access-list 114 remark auto generated by SDM firewall configuration
access-list 114 remark SDM_ACL Category=1
access-list 114 permit ip host 10.8.0.100 any
access-list 114 permit ip host 10.8.0.101 any
access-list 114 permit ip host 10.8.0.102 any
access-list 114 permit ip host 10.8.0.103 any
access-list 114 permit ip host 10.8.0.104 any
access-list 114 permit ip host 10.8.0.105 any
access-list 114 permit ip host 10.8.0.106 any
access-list 114 permit ip host 10.8.0.107 any
access-list 114 permit ip host 10.8.0.108 any
access-list 114 permit ip host 10.8.0.109 any
access-list 114 permit ip host 10.8.0.110 any
access-list 114 permit udp any host 70.91.45.73 eq non500-isakmp
access-list 114 permit udp any host 70.91.45.73 eq isakmp
access-list 114 permit esp any host 70.91.45.73
access-list 114 permit ahp any host 70.91.45.73
access-list 114 permit udp any host 70.91.45.73 eq 5000
access-list 114 permit udp any host 70.91.45.73 eq 4091
access-list 114 permit udp any host 70.91.45.73 eq 4090
access-list 114 permit tcp any host 70.91.45.73 eq 8080
access-list 114 permit tcp any host 70.91.45.73 eq 4091
access-list 114 permit tcp any host 70.91.45.73 eq 4090
access-list 114 permit tcp any host 70.91.45.73 eq ftp
access-list 114 permit tcp any host 70.91.45.73 eq 22
access-list 114 permit tcp any host 70.91.45.73 eq 3389
access-list 114 permit tcp any host 70.91.45.73 eq 2222
access-list 114 permit udp host 68.87.75.194 eq domain host 70.91.45.73
access-list 114 permit ahp host 70.89.20.93 host 70.91.45.73
access-list 114 permit esp host 70.89.20.93 host 70.91.45.73
access-list 114 permit udp host 70.89.20.93 host 70.91.45.73 eq isakmp
access-list 114 permit udp host 70.89.20.93 host 70.91.45.73 eq non500-isakmp
access-list 114 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 114 permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 114 deny   ip 192.168.4.0 0.0.0.255 any
access-list 114 deny   ip 192.168.2.0 0.0.0.255 any
access-list 114 permit icmp any host 70.91.45.73 echo-reply
access-list 114 permit icmp any host 70.91.45.73 time-exceeded
access-list 114 permit icmp any host 70.91.45.73 unreachable
access-list 114 deny   ip 10.0.0.0 0.255.255.255 any
access-list 114 deny   ip 172.16.0.0 0.15.255.255 any
access-list 114 deny   ip 192.168.0.0 0.0.255.255 any
access-list 114 deny   ip 127.0.0.0 0.255.255.255 any
access-list 114 deny   ip host 255.255.255.255 any
access-list 114 deny   ip host 0.0.0.0 any
access-list 114 deny   ip any any log
access-list 123 permit ip host 192.168.2.4 192.168.1.0 0.0.0.255
access-list 199 remark DISABLE UDP 500
access-list 199 remark SDM_ACL Category=1
access-list 199 deny   udp any host 70.89.20.93 eq isakmp
access-list 199 permit ip any any
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 100
!
route-map nonat permit 10
 match ip address 123
!
!
!
!
control-plane
!
line con 0
 login authentication local_authen
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 access-class 111 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 2 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros