FTTB + NAT + DHCP + pppoe + CBAC + vpn client + Authentication AAA

Last Update:2018-12-08 Source: Internet

Author: User

Tags domain lookup

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Configuration successful. If debugging is successful!
Hongyi # show run
Building configuration...

Current configuration: 4655 bytes
!
! Last configuration change at 04:47:29 UTC Sun Apr 25 2004 by tonyxue
! NVRAM config last updated at 04:47:50 UTC Sun Apr 25 2004 by tonyxue
!
Version 12.3:
Service timestamps debug datetime msec
Service timestamps log datetime msec
Service password-encryption
!
Hostname hongyi
!
Boot-start-marker
Boot-end-marker
!
No logging console
Enable secret 5 $1 $ nyjl $3Q7avJNhGMGg9h8S3TxL01
!
Username tonyxue password 7 110B0B0C101A1F010524
Mmi polling-interval 60
No mmi auto-configure
No mmi pvc
Mmi snmp-timeout 180
Aaa new-model
!
!
Aaa authentication login hongyi_authen group tacacs +
Aaa authentication login no_tacasc enable
Aaa authentication login line_vty local
Aaa authorization network hongyi_author local
Aaa session-id common
Ip subnet-zero
No ip source-route
!
!
No ip domain lookup
Ip dhcp excluded-address 172.16.0.1 172.16.0.220
!
Ip dhcp pool hongyi
Network 172.16.0.0 255.255.255.0
Dns-server 202.96.209.5 202.96.209.20.
Default-router 172.16.0.10
Lease 30
!
No ip bootp server
Ip cef
Ip inspect audit-trail
Ip inspect name firewall cuseeme
Ip inspect name firewall fragment maximum 256 timeout 1
Ip inspect name firewall ftp
Ip inspect name firewall h323
Ip inspect name firewall icmp
Ip inspect name firewall netshow
Ip inspect name firewall rcmd
Ip inspect name firewall realaudio
Ip inspect name firewall rtsp
Ip inspect name firewall sqlnet
Ip inspect name firewall streamworks
Ip inspect name firewall tcp
Ip inspect name firewall udp
Ip inspect name firewall vdolive
Ip inspect name firewall http
Ip: audit po max-events 100
Vpdn enable
!
Vpdn-group FTTB
Request-dialin
Protocol pppoe
!
No ftp-server write-enable
!
!
!
!
!
Crypto isakmp policy 3
Encr 3des
Authentication pre-share
Group 2
!
Crypto isakmp client configuration group hongyi
Key *********
Pool hongyi_pool
!
!
Crypto ipsec transform-set hongyi_set esp-3des (esp-sha-hmac)
!
Crypto dynamic-map hongyi_dynamic_map 10
Set transform-set hongyi_set
!
!
Crypto map clientmap client authentication list hongyi_authen
Crypto map clientmap isakmp authorization list hongyi_author
Crypto map clientmap client configuration address respond
Crypto map clientmap 10 ipsec-isakmp dynamic hongyi_dynamic_map
!
!
!
Interface Ethernet0
No ip address
No ip redirects
No ip unreachables
No ip proxy-arp
No ip mroute-cache
Half-duplex
Pppoe enable
Pppoe-client dial-pool-number 1
No cdp enable
!
Interface FastEthernet0
Ip address 172.16.0.10 255.255.255.0.0
Ip access-group local_r0000in
No ip redirects
No ip unreachables
No ip proxy-arp
Ip nat inside
Iptcp adjust-mss 1452
No ip mroute-cache
Speed auto
No cdp enable
!
Interface Dialer1
Mtu 1492
Ip address negotiated
Ip access-group outbound_r0000in
No ip redirects
No ip unreachables
No ip proxy-arp
Ip nat outside
Ip inspect firewall out
Encapsulation ppp
No ip mroute-cache
Dialer pool 1
No cdp enable
Ppp authentication pap callin
Ppp pap sent-username ad ********* @ shtel password 7 046B08133D255F7908
Crypto map clientmap
!
Ip local pool hongyi_pool 192.168.0.1 192.168.0.254
Ip nat inside source route-map nat_map interface Dialer1 overload
Ip classless
Ip route 0.0.0.0 0.0.0.0 Dialer1
No ip http server
No ip http secure-server
!
!
!
Ip access-list extended local_r.pdf
Deny 53 any log
Deny 55 any log
Deny pim any log
Deny tcp any eq echo log
Deny tcp any eq chargen log
Deny tcp any eq 135 log
Deny tcp any eq 136 log
Deny tcp any eq 137 log
Deny tcp any eq 138 log
Deny tcp any eq 139 log
Deny tcp any eq 445 log
Deny tcp any eq 4444 log
Deny udp any eq tftp log
Deny udp any eq 135 log
Deny udp any eq 136 log
Deny udp any eq netbios-ns log
Deny udp any eq netbios-dgm log
Deny udp any eq netbios-ss log
Deny udp any eq snmp log
Deny udp any eq 445 log
Permit ip any
Ip access-list extended outbound_rund
Permit udp any eq isakmp log
Permit esp any log
Permit udp any eq non500-isakmp log
Permit ip 192.168.0.0 0.0.255 172.16.0.0 0.0.255.255 log
Deny ip any log
Logging source-interface FastEthernet0
Logging 172.16.0.100
Access-list 1 deny any
Access-list 101 deny ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255
Access-list 101 permit ip 172.16.0.0 0.0.255.255 any
No cdp run
!
Route-map nat_map permit 10
Matches ip address 101
!
Tacacs-server host 172.16.0.100 key 7 0459425f082958116817
Tacacs-server directed-request
!
Line con 0
Logging synchronous
Login authentication line_vty
Line aux 0
Logging synchronous
Line vty 0 4
Logging synchronous
Login authentication line_vty
!
!
End Article entry: aaadxmmm responsible editor: aaadxmmm

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More