Solved

Cisco port forward rule

Posted on 2014-07-24
8
995 Views
Last Modified: 2014-08-30
Hi, we have a Cisco 1921 which I manage through Cisco Configuration Professional.
I haven't done much with Cisco for years now and things have changed since I last had to configure one :(

I'm trying to create a simple rule for an internal web server which needs port 8808 on our WAN side to be directed to an internal server on port 8808.
I have created a port to application mapping but when I go into firewall I'm not sure what to do next.

We have the following zones:
1) sdm-permit-ip (ezvpn-zone to out-zone, out-zone to ezvpn-zone, ezvpn-zone to ezvpn-zone)
2) ccp-permit-icmpreply (self to out-zone)
3) ccp-policy-ccp-cls--1 (out-zone to in-zone)
4) ccp-inspect (in-zone to out-zone)
5) ccp-permit (out-zone to self)

I've tried adding a rule to zone 3 and 4 with my logic being in/out and out/in however it doesn't work.
I can get to the webpage internally on http://192.168.0.2:8808?

I'm sure this is simple for those who know Cisco :)
0
Comment
Question by:shayneg
  • 3
8 Comments
 
LVL 21

Expert Comment

by:eeRoot
Comment Utility
Are you performing NAT as well?  The address 192.168.0.2 would not be routable from an outside interface.
0
 
LVL 6

Author Comment

by:shayneg
Comment Utility
Yes I NAT translation is in place. Does it help if I get the running config up here?
0
 
LVL 6

Author Comment

by:shayneg
Comment Utility
Here is our config: Ideally I would like to add the rules through CCP as it will make it easier for me in the future.
I have edited the WAN ip's and replaced them with fictitious ones and blanked out passwords


Building configuration...
Current configuration : 63316 bytes
!
! Last configuration change at 09:29:43 UTC Fri Jul 18 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c1921
!
boot-start-marker
boot system flash c1900-universalk9-mz.SPA.151-4.M.bin
boot config usbflash0:jungood
boot-end-marker
!
!
logging buffered 52000
enable secret 5 *******
enable password *******
!
aaa new-model
!
!
aaa group server radius sdm-vpn-server-group-1
 server 128.66.2.170
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 group sdm-vpn-server-group-1 local
aaa authentication login ciscocp_vpn_xauth_ml_3 local
aaa authorization exec default local 
aaa authorization network ciscocp_vpn_group_ml_1 local 
aaa authorization network ciscocp_vpn_group_ml_2 group sdm-vpn-server-group-1 local 
aaa authorization network ciscocp_vpn_group_ml_3 local 
!
!
!
!
!
aaa session-id common
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip multicast-routing 
ip dhcp excluded-address 128.66.0.1 128.66.9.255
ip dhcp excluded-address 128.66.15.255 128.66.255.254
!
ip dhcp pool TMLan
 import all
 network 128.66.0.0 255.255.0.0
 update dns both
 domain-name mydomain.co.uk
 dns-server 128.66.2.10 128.66.2.11 
 default-router 128.66.1.1 
 netbios-name-server 128.66.2.10 128.66.2.11 
 lease 8
!
!
ip domain name mydomain.co.uk
ip name-server 128.66.2.11
ip name-server 8.8.8.8
ip port-map user-ctcp-ezvpnsvr port tcp 10000
ip ddns update method sdm_ddns1
 DDNS both
!
!
multilink bundle-name authenticated
!
!
energywise domain mydomain.co.uk security shared-secret 7 ******* protocol udp port 43440 interface GigabitEthernet0/0
energywise management security shared-secret 0 *******
no energywise allow query set
!
key chain key1
 key 1
  key-string border1
key chain PfR_DM
 key 1
  key-string PfR_DM
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-597298012
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-597298012
 revocation-check none
 rsakeypair TP-self-signed-597298012
!
!
crypto pki certificate chain TP-self-signed-597298012
 certificate self-signed 01
  3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
   

  	quit
license udi pid CISCO1921/K9 sn *******
!
!
archive
 path scp://cisco:ocsic@128.66.2.24//backups/cisco/1921/h$
 write-memory
 time-period 1440
object-group network WAN1-Servers 
 range 128.66.2.1 128.66.2.21
!
object-group network WAN2-Only 
 description Applications that don't like DualWAN
 host *******
 host *******
 host *******
 host *******
 host *******
 range ******* *******4
 range ******* *******
!
username root privilege 15 secret 5 $*******

!
redundancy
!
!
!
!
!
track 1 ip route 0.0.0.0 0.0.0.0 reachability
!
class-map type inspect match-any SDM_BOOTPC
 match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
 match access-group 114
class-map type inspect match-any SDM_HTTPS
 match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
 match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
 match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
 match class-map SDM_HTTPS
 match class-map SDM_SSH
 match class-map SDM_SHELL
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
 match access-group 118
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
 match access-group 116
class-map type inspect match-all sdm-cls-VPNOutsideToInside-5
 match access-group 122
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
 match access-group 120
class-map type inspect match-all sdm-cls-VPNOutsideToInside-7
 match access-group 124
class-map type inspect match-any SDM_DHCP_CLIENT_PT
 match class-map SDM_BOOTPC
class-map type inspect match-all sdm-cls-VPNOutsideToInside-6
 match access-group 123
class-map type inspect match-all sdm-cls-VPNOutsideToInside-9
 match access-group 127
class-map type inspect match-all sdm-cls-VPNOutsideToInside-8
 match access-group 126
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect match-all ccp-cls--1
 match access-group name All
class-map type inspect match-any sdm-cls-bootps
 match protocol bootps
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
 match access-group 113
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol dns
 match protocol ftp
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
 match access-group name SDM_IP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
 match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-all SDM_VPN_PT0
 match access-group 141
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-all SDM_VPN_PT1
 match access-group 147
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any Mail
 match protocol http
 match protocol https
 match protocol imap
 match protocol imap3
 match protocol imaps
 match protocol lotusmtap
 match protocol lotusnote
 match protocol pop3
 match protocol pop3s
 match protocol smtp
 match protocol tcp
 match protocol udp
 match protocol ssh
 match protocol ntp
 match protocol icmp
class-map type inspect match-any ccp-h323nxg-inspect
 match protocol h323-nxg
class-map type inspect match-all sdm-cls-VPNOutsideToInside-10
 match access-group 128
class-map type inspect match-all sdm-cls-VPNOutsideToInside-23
 match access-group 149
class-map type inspect match-all sdm-cls-VPNOutsideToInside-32
 match access-group 161
class-map type inspect match-all sdm-cls-VPNOutsideToInside-11
 match access-group 130
class-map type inspect match-all sdm-cls-VPNOutsideToInside-22
 match access-group 148
class-map type inspect match-all sdm-cls-VPNOutsideToInside-33
 match access-group 162
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-cls-VPNOutsideToInside-12
 match access-group 131
class-map type inspect match-all sdm-cls-VPNOutsideToInside-21
 match access-group 145
class-map type inspect match-all sdm-cls-VPNOutsideToInside-30
 match access-group 159
class-map type inspect match-all sdm-cls-VPNOutsideToInside-13
 match access-group 133
class-map type inspect match-all sdm-cls-VPNOutsideToInside-20
 match access-group 144
class-map type inspect match-all sdm-cls-VPNOutsideToInside-31
 match access-group 160
class-map type inspect match-all sdm-cls-VPNOutsideToInside-14
 match access-group 134
class-map type inspect match-all sdm-cls-VPNOutsideToInside-27
 match access-group 155
class-map type inspect match-all sdm-cls-VPNOutsideToInside-15
 match access-group 135
class-map type inspect match-all sdm-cls-VPNOutsideToInside-26
 match access-group 154
class-map type inspect match-all sdm-cls-VPNOutsideToInside-16
 match access-group 137
class-map type inspect match-all sdm-cls-VPNOutsideToInside-25
 match access-group 152
class-map type inspect match-all sdm-cls-VPNOutsideToInside-17
 match access-group 138
class-map type inspect match-all sdm-cls-VPNOutsideToInside-24
 match access-group 150
class-map type inspect match-all sdm-cls-VPNOutsideToInside-18
 match access-group 142
class-map type inspect match-all sdm-cls-VPNOutsideToInside-19
 match access-group 143
class-map type inspect match-all sdm-cls-VPNOutsideToInside-29
 match access-group 157
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-all sdm-cls-VPNOutsideToInside-28
 match access-group 156
class-map type inspect match-any ccp-h323annexe-inspect
 match protocol h323-annexe
class-map type inspect match-all sdm-access
 match class-map sdm-cls-access
 match access-group 101
class-map type inspect match-all SDM_GRE
 match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all ccp-invalid-src
 match access-group 108
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-cls-sdm-permit-ip-1
 match class-map Mail
 match access-group name Mail
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect match-all outsidemail
 match access-group name outside_mail_in
 match protocol tcp
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect sdm-cls-bootps
  pass
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
policy-map type inspect ccp-inspect
 class type inspect ccp-cls-sdm-permit-ip-1
  inspect 
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class type inspect ccp-sip-inspect
  inspect 
 class type inspect ccp-h323-inspect
  inspect 
 class type inspect ccp-h323annexe-inspect
  inspect 
 class type inspect ccp-h225ras-inspect
  inspect 
 class type inspect ccp-h323nxg-inspect
  inspect 
 class type inspect ccp-skinny-inspect
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class type inspect SDM_VPN_PT1
  pass
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 class type inspect SDM_DHCP_CLIENT_PT
  pass
 class class-default
  drop
policy-map type inspect ccp-policy-ccp-cls--1
 class type inspect ccp-cls-sdm-permit-ip-1
  inspect 
 class type inspect ccp-cls--1
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-2
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-3
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-4
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-5
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-6
  pass
 class type inspect sdm-cls-VPNOutsideToInside-7
  pass
 class type inspect sdm-cls-VPNOutsideToInside-8
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-9
  pass
 class type inspect sdm-cls-VPNOutsideToInside-10
  pass
 class type inspect sdm-cls-VPNOutsideToInside-11
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-12
  pass
 class type inspect sdm-cls-VPNOutsideToInside-13
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-14
  pass
 class type inspect sdm-cls-VPNOutsideToInside-15
  pass
 class type inspect sdm-cls-VPNOutsideToInside-16
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-17
  pass
 class type inspect sdm-cls-VPNOutsideToInside-18
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-19
  pass
 class type inspect sdm-cls-VPNOutsideToInside-20
  pass
 class type inspect sdm-cls-VPNOutsideToInside-21
  pass
 class type inspect sdm-cls-VPNOutsideToInside-22
  pass
 class type inspect sdm-cls-VPNOutsideToInside-23
  pass
 class type inspect sdm-cls-VPNOutsideToInside-24
  pass
 class type inspect sdm-cls-VPNOutsideToInside-25
  pass
 class type inspect sdm-cls-VPNOutsideToInside-26
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-27
  pass
 class type inspect sdm-cls-VPNOutsideToInside-28
  pass
 class type inspect sdm-cls-VPNOutsideToInside-29
  pass
 class type inspect sdm-cls-VPNOutsideToInside-30
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-31
  pass
 class type inspect sdm-cls-VPNOutsideToInside-32
  pass
 class type inspect sdm-cls-VPNOutsideToInside-33
  pass
 class class-default
  drop
policy-map type inspect myinspectpolicy
 class type inspect outsidemail
  inspect 
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class type inspect sdm-cls-VPNOutsideToInside-18
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-19
  pass
 class type inspect sdm-cls-VPNOutsideToInside-20
  pass
 class type inspect sdm-cls-VPNOutsideToInside-21
  pass
 class type inspect sdm-cls-VPNOutsideToInside-22
  pass
 class type inspect sdm-cls-VPNOutsideToInside-23
  pass
 class type inspect sdm-cls-VPNOutsideToInside-24
  pass
 class type inspect sdm-cls-VPNOutsideToInside-25
  pass
 class type inspect sdm-cls-VPNOutsideToInside-26
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-27
  pass
 class type inspect sdm-cls-VPNOutsideToInside-28
  pass
 class type inspect sdm-cls-VPNOutsideToInside-29
  pass
 class type inspect sdm-cls-VPNOutsideToInside-30
  inspect 
 class type inspect sdm-cls-VPNOutsideToInside-31
  pass
 class type inspect sdm-cls-VPNOutsideToInside-32
  pass
 class type inspect sdm-cls-VPNOutsideToInside-33
  pass
 class class-default
  drop log
!
zone security ezvpn-zone
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
zone-pair security sdm-zp-out-zone-in-zone source out-zone destination in-zone
 service-policy type inspect ccp-policy-ccp-cls--1
zone-pair security sdm-zp-ezvpn-in2 source ezvpn-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
! 
crypto ctcp port 10000 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key 33747464552386 address *******

crypto isakmp invalid-spi-recovery
!
crypto isakmp client configuration group *******
 key *******
 dns 128.66.2.10
 domain mydomain.co.uk
 pool SDM_POOL_1
 acl 146
 include-local-lan
 split-dns mydomain.co.uk
 max-users 50
 netmask 255.255.0.0
crypto isakmp profile ciscocp-ike-profile-2
   match identity group *******
   client authentication list ciscocp_vpn_xauth_ml_3
   isakmp authorization list ciscocp_vpn_group_ml_3
   client configuration address respond
   virtual-template 2
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA16 esp-3des esp-sha-hmac 

 mode transport
!
crypto ipsec profile CiscoCP_Profile2
 set security-association lifetime seconds 3600
 set security-association idle-time 7200
 set transform-set ESP-3DES-SHA 
 set isakmp-profile ciscocp-ike-profile-2
!

crypto map SDM_CMAP_1 3 ipsec-isakmp 
 description Tunnel to*******
 set peer *******
 set transform-set ESP-3DES-SHA 
 match address 117
!
bridge irb
!
!
!
!
interface Loopback100
 description $FW_INSIDE$
 ip address 11.255.1.1 255.255.255.255
 zone-member security in-zone
!
interface Tunnel0
 ip address 172.16.32.2 255.255.255.0
 ip mtu 1400
 zone-member security in-zone
 tunnel source *******
 tunnel mode ipsec ipv4
 tunnel destination *******
 tunnel protection ipsec profile *******
!
interface Tunnel1
 no ip address
 tunnel destination *******
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$FW_INSIDE$
 bandwidth 10000000
 ip address 128.66.1.1 255.255.0.0
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 ip policy route-map SDM_RMAP_2
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 description $FW_OUTSIDE$$ETH-WAN$
 bandwidth 10000
 ip address 144.112.247.22 255.255.255.240 secondary
 ip address 144.112.247.18 255.255.255.240
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
!
interface ATM0/1/0
 mac-address ******
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip virtual-reassembly in
 no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
 description $FW_OUTSIDE$
 ip address 87.24.55.78 255.255.255.248
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 atm route-bridged ip
 pvc 0/101 
  oam-pvc manage
  encapsulation aal5snap
  protocol ip inarp
 !
!
interface Virtual-Template2 type tunnel
 ip unnumbered Loopback100
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile2
!
interface BVI1
 description $FW_INSIDE$
 no ip address
 zone-member security in-zone
 shutdown
!
ip local pool SDM_POOL_1 128.66.22.1 128.66.22.254
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip flow-export destination 128.66.10.24 2055
ip flow-top-talkers
 top 50
 sort-by bytes
!
ip nat pool limeLan 144.112.247.18 144.112.247.30 netmask 255.255.255.240
ip nat inside source route-map MWLink interface GigabitEthernet0/1 overload
ip nat inside source route-map SDM_RMAP_1 interface ATM0/1/0.1 overload
ip nat inside source route-map SDM_RMAP_2 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 128.66.2.30 3389 144.112.247.18 3389 extendable
ip nat inside source static tcp 128.66.2.38 5900 144.112.247.18 5900 extendable
ip nat inside source static 128.66.1.230 144.112.247.22
ip nat inside source static tcp 128.66.1.247 1038 144.112.247.23 1038 extendable
ip nat inside source static tcp 128.66.1.247 5060 144.112.247.23 5060 extendable
ip nat inside source static tcp 128.66.2.38 20 144.112.247.24 20 extendable
ip nat inside source static tcp 128.66.2.38 21 144.112.247.24 21 extendable
ip nat inside source static tcp 128.66.2.38 3389 144.112.247.24 3389 extendable
ip nat inside source static tcp 128.66.2.20 22 144.112.247.26 22 extendable
ip nat inside source static tcp 128.66.17.15 3389 144.112.247.29 3389 extendable
ip nat inside source static tcp 128.66.1.230 25 144.112.247.30 25 extendable
ip nat inside source static tcp 128.66.2.15 3389 144.112.247.30 3389 extendable
ip route 0.0.0.0 0.0.0.0 144.112.247.17 permanent
ip route 10.0.0.0 255.0.0.0 128.66.1.251 permanent
ip route 128.66.0.0 255.255.0.0 GigabitEthernet0/0 permanent
ip route 192.168.7.0 255.255.255.0 Tunnel0
ip route 192.168.14.0 255.255.255.0 128.66.1.251
ip route 192.168.40.0 255.255.255.0 128.66.1.251 permanent
!
ip access-list extended All
 remark CCP_ACL Category=128
 permit ip any any
ip access-list extended Mail
 remark CCP_ACL Category=128
 permit ip any host 144.112.247.19
 permit ip any host 128.66.2.5
 permit ip any host 144.112.247.20
ip access-list extended SDM_AH
 remark CCP_ACL Category=1
 permit ahp any any
ip access-list extended SDM_BOOTPC
 remark CCP_ACL Category=0
 permit udp any any eq bootpc
ip access-list extended SDM_ESP
 remark CCP_ACL Category=1
 permit esp any any
ip access-list extended SDM_GRE
 remark CCP_ACL Category=1
 permit gre any any
ip access-list extended SDM_HTTPS
 remark CCP_ACL Category=1
 permit tcp any any eq 443
ip access-list extended SDM_IP
 remark CCP_ACL Category=1
 permit ip any any
ip access-list extended SDM_SHELL
 remark CCP_ACL Category=1
 permit tcp any any eq cmd
ip access-list extended SDM_SSH
 remark CCP_ACL Category=1
 permit tcp any any eq 22
ip access-list extended outside_mail_in
 permit tcp any host 128.66.2.5
!
ip sla ethernet-monitor 1
 type echo domain google.co.uk vlan 1
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 128.66.0.0 0.0.255.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 128.66.10.0 0.0.0.255
access-list 2 permit 128.66.11.0 0.0.0.255
access-list 2 permit 128.66.12.0 0.0.0.255
access-list 2 permit 128.66.13.0 0.0.0.255
access-list 2 permit 128.66.14.0 0.0.0.255
access-list 2 permit 128.66.15.0 0.0.0.255
access-list 2 permit 128.66.16.0 0.0.0.255
access-list 2 permit 128.66.17.0 0.0.0.255
access-list 2 permit 128.66.18.0 0.0.0.255
access-list 2 permit 128.66.19.0 0.0.0.255
access-list 2 permit 128.66.20.0 0.0.0.255
access-list 2 permit 128.66.5.0 0.0.0.255
access-list 2 permit 128.66.1.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 128.66.2.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 128.66.0.0 0.0.255.255 192.168.7.0 0.0.0.255
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip any any
access-list 102 remark CCP_ACL Category=4
access-list 102 permit ip 128.66.0.0 0.0.255.255 any
access-list 103 remark CCP_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.21.0 0.0.0.255
access-list 103 deny   ip 192.168.21.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.7.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.4.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.6.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.207.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.14.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 128.66.21.0 0.0.0.7
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.5.0 0.0.0.7
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.20.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.2.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 128.66.1.0 0.0.0.255 any
access-list 103 permit ip 128.66.20.0 0.0.0.255 any
access-list 103 permit ip 128.66.19.0 0.0.0.255 any
access-list 103 permit ip 128.66.18.0 0.0.0.255 any
access-list 103 permit ip 128.66.17.0 0.0.0.255 any
access-list 103 permit ip 128.66.16.0 0.0.0.255 any
access-list 103 permit ip 128.66.15.0 0.0.0.255 any
access-list 103 permit ip 128.66.14.0 0.0.0.255 any
access-list 103 permit ip 128.66.13.0 0.0.0.255 any
access-list 103 deny   ip 128.66.0.0 0.0.255.255 172.16.32.0 0.0.0.255
access-list 103 permit ip 128.66.12.0 0.0.0.255 any
access-list 103 permit ip 128.66.11.0 0.0.0.255 any
access-list 103 permit ip 128.66.10.0 0.0.0.255 any
access-list 103 permit ip 128.66.2.0 0.0.0.255 any
access-list 103 deny   ip 128.66.5.0 0.0.0.255 any
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.22.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.5.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.30.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.40.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 128.66.0.0 0.0.255.255 192.168.30.0 0.0.0.7
access-list 103 permit ip 128.66.7.0 0.0.0.255 any
access-list 103 deny   ip any host 84.55.47.31
access-list 103 permit ip 128.66.0.0 0.0.255.255 any
access-list 104 remark CCP_ACL Category=2
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.21.0 0.0.0.255
access-list 104 deny   ip 192.168.21.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.7.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.4.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.6.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.207.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.14.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 128.66.21.0 0.0.0.7
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.5.0 0.0.0.7
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.20.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.2.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.3.0 0.0.0.255
access-list 104 deny   ip 128.66.0.0 0.0.255.255 any
access-list 104 deny   ip 128.66.5.0 0.0.0.255 any
access-list 104 deny   ip 128.66.2.0 0.0.0.255 any
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.30.0 0.0.0.7
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.30.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.22.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.5.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 128.66.0.0 0.0.255.255 192.168.40.0 0.0.0.255
access-list 104 deny   ip 128.66.0.0 0.0.255.255 172.16.32.0 0.0.0.255
access-list 104 permit ip any host 84.55.47.31
access-list 104 deny   ip 192.168.1.0 0.0.0.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 128.66.0.0 0.0.255.255 192.168.40.0 0.0.0.255
access-list 106 remark CCP_ACL Category=4
access-list 106 remark IPSec Rule
access-list 106 permit ip 128.66.0.0 0.0.255.255 192.168.5.0 0.0.0.7
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 128.66.0.0 0.0.255.255 192.168.30.0 0.0.0.7
access-list 108 remark CCP_ACL Category=128
access-list 108 permit ip host 255.255.255.255 any
access-list 108 permit ip 127.0.0.0 0.255.255.255 any
access-list 108 permit ip 87.24.55.66 0.0.0.7 any
access-list 108 permit ip 144.112.247.80 0.0.0.7 any
access-list 109 permit ip host 0.0.0.0 any
access-list 110 remark CCP_ACL Category=0
access-list 111 remark CCP_ACL Category=4
access-list 111 remark IPSec Rule
access-list 111 permit ip 128.66.0.0 0.0.255.255 192.168.11.0 0.0.0.255
access-list 112 remark CCP_ACL Category=4
access-list 112 remark IPSec Rule
access-list 112 permit ip 128.66.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 113 remark CCP_ACL Category=128
access-list 113 permit ip host *.*.*.* any
access-list 113 permit ip host *.*.*.* any
access-list 113 permit ip host *.*.*.* any
access-list 113 permit ip host *.*.*.* any
access-list 113 permit ip host *.*.*.* any
access-list 113 permit ip host *.*.*.* any
access-list 113 permit ip host *.*.*.* any
access-list 113 permit ip host *.*.*.* any
access-list 114 remark CCP_ACL Category=0
access-list 114 remark IPSec Rule
access-list 114 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 115 permit ip 128.66.0.0 0.0.255.255 192.168.6.0 0.0.0.255
access-list 116 remark CCP_ACL Category=0
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 116 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 117 remark CCP_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 128.66.0.0 0.0.255.255 192.168.2.0 0.0.0.255
access-list 118 remark CCP_ACL Category=0
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 118 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 119 permit ip 128.66.0.0 0.0.255.255 192.168.4.0 0.0.0.255
access-list 120 remark CCP_ACL Category=0
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 120 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 121 remark CCP_ACL Category=4
access-list 121 remark IPSec Rule
access-list 121 permit ip 128.66.0.0 0.0.255.255 192.168.20.0 0.0.0.255
access-list 122 remark CCP_ACL Category=0
access-list 122 remark IPSec Rule
access-list 122 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 122 remark IPSec Rule
access-list 122 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 122 remark IPSec Rule
access-list 122 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 122 remark IPSec Rule
access-list 122 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 122 remark IPSec Rule
access-list 122 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 122 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 123 remark CCP_ACL Category=0
access-list 123 remark IPSec Rule
access-list 123 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 123 remark IPSec Rule
access-list 123 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 123 remark IPSec Rule
access-list 123 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 123 remark IPSec Rule
access-list 123 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 123 remark IPSec Rule
access-list 123 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 123 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 124 remark CCP_ACL Category=0
access-list 124 remark IPSec Rule
access-list 124 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 124 remark IPSec Rule
access-list 124 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 124 remark IPSec Rule
access-list 124 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 124 remark IPSec Rule
access-list 124 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 124 remark IPSec Rule
access-list 124 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 124 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 125 remark CCP_ACL Category=4
access-list 125 remark IPSec Rule
access-list 125 permit ip 128.66.0.0 0.0.255.255 192.168.20.0 0.0.0.255
access-list 126 remark CCP_ACL Category=0
access-list 126 remark IPSec Rule
access-list 126 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 126 remark IPSec Rule
access-list 126 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 126 remark IPSec Rule
access-list 126 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 126 remark IPSec Rule
access-list 126 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 126 remark IPSec Rule
access-list 126 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 126 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 127 remark CCP_ACL Category=0
access-list 127 remark IPSec Rule
access-list 127 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 127 remark IPSec Rule
access-list 127 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 127 remark IPSec Rule
access-list 127 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 127 remark IPSec Rule
access-list 127 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 127 remark IPSec Rule
access-list 127 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 127 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 128 remark CCP_ACL Category=0
access-list 128 remark IPSec Rule
access-list 128 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 128 remark IPSec Rule
access-list 128 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 128 remark IPSec Rule
access-list 128 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 128 remark IPSec Rule
access-list 128 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 128 remark IPSec Rule
access-list 128 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 128 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 130 remark CCP_ACL Category=0
access-list 130 remark IPSec Rule
access-list 130 permit ip 192.168.5.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 130 remark IPSec Rule
access-list 130 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 130 remark IPSec Rule
access-list 130 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 130 remark IPSec Rule
access-list 130 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 130 remark IPSec Rule
access-list 130 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 130 remark IPSec Rule
access-list 130 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 130 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 131 remark CCP_ACL Category=0
access-list 131 remark IPSec Rule
access-list 131 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 131 remark IPSec Rule
access-list 131 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 131 remark IPSec Rule
access-list 131 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 131 remark IPSec Rule
access-list 131 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 131 remark IPSec Rule
access-list 131 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 131 remark IPSec Rule
access-list 131 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 131 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 132 remark CCP_ACL Category=16
access-list 132 permit ip 192.168.21.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 132 remark IPSec Rule
access-list 132 permit ip 128.66.0.0 0.0.255.255 192.168.21.0 0.0.0.255
access-list 133 remark CCP_ACL Category=0
access-list 133 remark IPSec Rule
access-list 133 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 133 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 134 remark CCP_ACL Category=0
access-list 134 remark IPSec Rule
access-list 134 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 134 remark IPSec Rule
access-list 134 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 134 remark IPSec Rule
access-list 134 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 134 remark IPSec Rule
access-list 134 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 134 remark IPSec Rule
access-list 134 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 134 remark IPSec Rule
access-list 134 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 134 remark IPSec Rule
access-list 134 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 134 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 135 remark CCP_ACL Category=0
access-list 135 remark IPSec Rule
access-list 135 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 135 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 136 remark CCP_ACL Category=4
access-list 136 remark IPSec Rule
access-list 136 permit ip 128.66.0.0 0.0.255.255 192.168.6.0 0.0.0.255
access-list 137 remark CCP_ACL Category=0
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 137 remark IPSec Rule
access-list 137 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 138 remark CCP_ACL Category=0
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 138 remark IPSec Rule
access-list 138 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 139 remark CCP_ACL Category=16
access-list 139 permit ip 128.66.0.0 0.0.255.255 any
access-list 139 permit ip any 128.66.0.0 0.0.255.255
access-list 140 remark CCP_ACL Category=4
access-list 140 remark IPSec Rule
access-list 140 permit ip 128.66.0.0 0.0.255.255 192.168.14.0 0.0.0.255
access-list 141 remark CCP_ACL Category=128
access-list 141 permit ip host *.*.*.* any
access-list 142 remark CCP_ACL Category=0
access-list 142 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 142 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 142 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 142 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 142 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 142 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 142 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 142 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 142 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 143 remark CCP_ACL Category=0
access-list 143 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 143 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 143 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 143 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 143 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 143 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 143 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 143 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 143 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 144 remark CCP_ACL Category=0
access-list 144 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 144 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 144 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 144 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 144 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 144 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 144 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 144 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 144 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 145 remark CCP_ACL Category=0
access-list 145 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 145 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 145 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 145 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 145 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 145 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 145 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 145 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 145 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 146 remark CCP_ACL Category=4
access-list 146 permit ip 128.66.0.0 0.0.255.255 any
access-list 147 remark CCP_ACL Category=128
access-list 147 permit ip host *.*.*.* any
access-list 147 permit ip host *.*.*.* any
access-list 147 permit ip host *.*.*.* any
access-list 148 remark CCP_ACL Category=0
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 149 remark CCP_ACL Category=0
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 149 remark IPSec Rule
access-list 149 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 150 remark CCP_ACL Category=0
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 151 remark CCP_ACL Category=18
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.21.0 0.0.0.255
access-list 151 deny   ip 192.168.21.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.7.0 0.0.0.255
access-list 151 deny   ip 128.66.0.0 0.0.255.255 172.16.32.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.4.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.6.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.207.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.14.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 128.66.21.0 0.0.0.7
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.5.0 0.0.0.7
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.20.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.2.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny   ip 128.66.0.0 0.0.255.255 192.168.3.0 0.0.0.255
access-list 151 permit ip 128.66.0.0 0.0.255.255 any
access-list 151 permit ip any host 144.112.247.19
access-list 151 permit ip any host 128.66.255.128
access-list 152 remark CCP_ACL Category=0
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 153 remark CCP_ACL Category=4
access-list 153 remark IPSec Rule
access-list 153 permit ip 128.66.0.0 0.0.255.255 192.168.207.0 0.0.0.255
access-list 154 remark CCP_ACL Category=0
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 154 remark IPSec Rule
access-list 154 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark CCP_ACL Category=0
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark CCP_ACL Category=0
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 156 remark IPSec Rule
access-list 156 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark CCP_ACL Category=0
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 158 permit ip 128.66.0.0 0.0.255.255 192.168.7.0 0.0.0.255
access-list 159 remark CCP_ACL Category=0
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.7.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 permit ip 172.16.32.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 128.66.21.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 remark CCP_ACL Category=0
access-list 160 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 128.66.0.0 0.0.255.255 192.168.21.0 0.0.0.255
access-list 160 permit ip 192.168.21.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.11.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 192.168.7.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 160 permit ip 172.16.32.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 remark CCP_ACL Category=0
access-list 161 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 128.66.0.0 0.0.255.255 192.168.21.0 0.0.0.255
access-list 161 permit ip 192.168.21.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 10.0.0.0 0.255.255.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 192.168.7.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 161 permit ip 172.16.32.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 remark CCP_ACL Category=0
access-list 162 permit ip 192.168.7.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 172.16.32.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.207.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.14.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.6.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 128.66.0.0 0.0.255.255 192.168.21.0 0.0.0.255
access-list 162 permit ip 192.168.21.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.5.0 0.0.0.7 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.20.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.4.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.2.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 192.168.3.0 0.0.0.255 128.66.0.0 0.0.255.255
access-list 162 permit ip 10.0.0.0 0.255.255.255 128.66.0.0 0.0.255.255
!
!
!
!
route-map MWLink permit 10
 match ip address 151
 set ip next-hop 144.112.247.81 144.112.247.17
 set interface GigabitEthernet0/1
!
route-map SDM_RMAP_1 permit 1
 match ip address 103
 set ip next-hop 144.112.247.81
 set interface ATM0/1/0.1 GigabitEthernet0/1
!
route-map SDM_RMAP_2 permit 1
 match ip address 104
 set ip default next-hop 128.66.1.251
!
route-map ISP! permit 10
!
route-map ISP1 permit 10
 match ip address 109
 set ip next-hop 128.66.1.251
!
!
snmp-server community public RO
snmp-server community private RW
radius-server host 128.66.2.17 timeout 10 key *****************************
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password ***********
 transport input telnet ssh
!
scheduler allocate 20000 1000
event manager applet change-tunnel-dest
 event timer cron name CHRON cron-entry "15 * * * *"
 action 1.0 cli command "enable"
 action 1.1 cli command "configure terminal"
 action 1.2 cli command "interface Tunnel1"
!
end

Open in new window

0
 
LVL 6

Author Comment

by:shayneg
Comment Utility
I need a NAT rule for 144.112.247.20:8808 to go to 128.66.2.53:8808 but I also don't see this WAN ip configured anywhere in the config
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
Comment Utility
If the IP is in your WAN range it doesn't matter if it's not in the interface config.  Just go ahead and add the NAT rule for the IP you want to use on the WAN and the router will translate.

ip nat inside source static tcp 128.66.2.53 8808 144.112.247.20 8808 

Open in new window

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now