Kod: Zaznacz cały
clear crypto sa peer 62.87.xx.xx
Kod: Zaznacz cały
clear crypto sa peer 62.87.xx.xx
Kod: Zaznacz cały
crypto isakmp policy 1
encr 3des
authentication pre-share
Kod: Zaznacz cały
debug crypto isakmp sa
debug crypto ipsec sa
terminal monitor
Definiujesz tutaj ruch jaki ma byc szyfrowany i wpadac w tego vpn...umbro pisze:Nic nie dało, status down, proba pinga na 10.1.1.1 failed :/
match address 110 <---- Co to jest ?
Kod: Zaznacz cały
sh crypto isakmp sa
sh crypto ipsec sa
spróbuj :umbro pisze:ok tunel się nie zapiął (widze to na sdm-ie na centralnym routerze):
Usunołem hash md5
I teraz jak próbuje wykonać polecenia debug:
rt31#debug crypto isakmp sa
^
% Invalid input detected at '^' marker.
rt31#debug crypto isakmp ?
error ISAKMP Errors
ha ISAKMP High Availability
<cr>
Kod: Zaznacz cały
debug crypto isakmp [ enter]
debug crypto ipsec [ enter ]
Kod: Zaznacz cały
rt31(config)#exit
rt31#sh run
Building configuration...
Current configuration : 6853 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname rt31
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$lygk$xAeiu8NjnNYl8MNpLsKB7/
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3871084757
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3871084757
revocation-check none
rsakeypair TP-self-signed-3871084757
!
!
crypto pki certificate chain TP-self-signed-3871084757
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383731 30383437 3537301E 170D3032 30333031 30313439
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38373130
38343735 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CCCF A6A656F6 21C3DF95 9C062610 AD85893B 9D785905 40C411B1 99AF0FEB
4F7BB983 1B81ED2A E238E9CD 1A74BAE4 64E9E392 0148DE2F 26301E6A F6CE7096
A351B588 DD7F3ECE 94748442 7E6BA11C 265CC498 14F77474 CE362DAB 45D4B3F9
60A04BBC 4B24792D 1A5F5312 E92D3D4C 0B502A96 3D5AC1EE F6ADE65A 5819EEEA
F4FB0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11727433 312E7072 696D616D 6F64612E 706C301F 0603551D
23041830 168014D2 48492803 E35E7BCD B7B46CB5 29051D53 C1466830 1D060355
1D0E0416 0414D248 492803E3 5E7BCDB7 B46CB529 051D53C1 4668300D 06092A86
4886F70D 01010405 00038181 00B777D7 D2454731 75FC3710 FBD777A4 B41D1987
9166C928 4EAA9FE6 D6772E22 27E3F3BD 6EDB7C77 C2B83D1E 58C332A6 3AAAECC6
E39DD4BD DB9F97A7 3B37545F 8C98FF70 928E14EE 90C049A3 CEC04D00 E2F63521
B700F4D0 224FBA26 058804C4 1C15CCB2 64292B78 651C28F1 E969B5F7 849F732B
DB2BBA3B D0A23B2B 79C908A0 40
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.31.1
ip dhcp excluded-address 192.168.31.1 192.168.31.99
ip dhcp excluded-address 192.168.31.201 192.168.31.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.31.0 255.255.255.0
default-router 192.168.31.1
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name xx.pl
ip name-server 81.15.146.169
ip name-server 194.204.159.1
!
!
!
username admin privilege 15 secret 5 $1$s8hV$OJ.YqVWoofaAbvOuzSO/W/
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key 12345678910 address 62.87.xx.xx
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
! Incomplete
description skl31->Head
set peer 62.87.xx.xx
set transform-set ESP-3DES-SHA
match address 141
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface FastEthernet0
!
--More--
000065: *Mar 1 07:00:04.198 PCTime: %SYS-5-CONFIG_I: Configured from console
admin on vty0 (192.1interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
mac-address 0002.7257.093f
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.31.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 212.77.xx.xx
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source route-map rmap interface FastEthernet4 overload
!
ip access-list extended NAT
deny ip 192.168.31.0 0.0.0.255 192.168.0.0 0.0.0.255
deny ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 192.168.31.0 0.0.0.255 any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.31.0 0.0.0.255
access-list 1 remark INSIDE_IF=VLAN1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 2 remark INSIDE_IF=VLAN1
access-list 2 remark SDM_ACL Category=4
access-list 2 permit 192.168.31.0 0.0.0.255
access-list 100 remark IPSEC Rule
access-list 100 permit ip 192.168.31.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 100 permit ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 remark IPSEC Rule
access-list 103 deny ip 192.168.31.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 192.168.31.0 0.0.0.255 any
access-list 110 permit ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
no cdp run
!
!
route-map rmap permit 1
match ip address NAT
!
route-map SDM_RMAP_1 permit 1
match ip address 141
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device an
it provides the default username "cisco" for one-time use. If you have alrea
used the username "cisco" to login to the router and your IOS image supports
"one-time" user option, then this username has already expired. You will not
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege leve
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Kod: Zaznacz cały
rt31#sh run
Building configuration...
Current configuration : 6908 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname rt31
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$lygk$xAeiu8NjnNYl8MNpLsKB7/
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3871084757
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3871084757
revocation-check none
rsakeypair TP-self-signed-3871084757
!
!
crypto pki certificate chain TP-self-signed-3871084757
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383731 30383437 3537301E 170D3032 30333031 30313439
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38373130
38343735 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CCCF A6A656F6 21C3DF95 9C062610 AD85893B 9D785905 40C411B1 99AF0FEB
4F7BB983 1B81ED2A E238E9CD 1A74BAE4 64E9E392 0148DE2F 26301E6A F6CE7096
A351B588 DD7F3ECE 94748442 7E6BA11C 265CC498 14F77474 CE362DAB 45D4B3F9
60A04BBC 4B24792D 1A5F5312 E92D3D4C 0B502A96 3D5AC1EE F6ADE65A 5819EEEA
F4FB0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11727433 312E7072 696D616D 6F64612E 706C301F 0603551D
23041830 168014D2 48492803 E35E7BCD B7B46CB5 29051D53 C1466830 1D060355
1D0E0416 0414D248 492803E3 5E7BCDB7 B46CB529 051D53C1 4668300D 06092A86
4886F70D 01010405 00038181 00B777D7 D2454731 75FC3710 FBD777A4 B41D1987
9166C928 4EAA9FE6 D6772E22 27E3F3BD 6EDB7C77 C2B83D1E 58C332A6 3AAAECC6
E39DD4BD DB9F97A7 3B37545F 8C98FF70 928E14EE 90C049A3 CEC04D00 E2F63521
B700F4D0 224FBA26 058804C4 1C15CCB2 64292B78 651C28F1 E969B5F7 849F732B
DB2BBA3B D0A23B2B 79C908A0 40
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.31.1
ip dhcp excluded-address 192.168.31.1 192.168.31.99
ip dhcp excluded-address 192.168.31.201 192.168.31.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.31.0 255.255.255.0
default-router 192.168.31.1
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name xx.pl
ip name-server 81.15.146.169
ip name-server 194.204.159.1
!
!
!
username admin privilege 15 secret 5 $1$s8hV$OJ.YqVWoofaAbvOuzSO/W/
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key 12345678910 address 62.87.xx.xx
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description skl31->Head
set peer 62.87.xx.xx
set transform-set ESP-3DES-SHA
match address 141
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
mac-address 0002.7257.093f
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.31.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 212.77.xx.xx
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source route-map rmap interface FastEthernet4 overload
!
ip access-list extended NAT
deny ip 192.168.31.0 0.0.0.255 192.168.0.0 0.0.0.255
deny ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 192.168.31.0 0.0.0.255 any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.31.0 0.0.0.255
access-list 1 remark INSIDE_IF=VLAN1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 2 remark INSIDE_IF=VLAN1
access-list 2 remark SDM_ACL Category=4
access-list 2 permit 192.168.31.0 0.0.0.255
access-list 100 remark IPSEC Rule
access-list 100 permit ip 192.168.31.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 100 permit ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 remark IPSEC Rule
access-list 103 deny ip 192.168.31.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 192.168.31.0 0.0.0.255 any
access-list 110 permit ip 192.168.31.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 141 permit ip 192.168.31.0 0.0.0.255 192.168.0.0 0.0.0.255
no cdp run
!
!
route-map rmap permit 1
match ip address NAT
!
route-map SDM_RMAP_1 permit 1
match ip address 141
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Kod: Zaznacz cały
!This is the running config of the router: 10.1.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname RT00
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 52000 debugging
enable secret 5 $1$.Ir4$5Sh8DZRJJeON3cXbqBgUR0
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
ip tcp synwait-time 10
!
!
ip cef
!
!
no ip bootp server
ip domain name xx.pl
ip name-server 192.168.0.253
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1965592476
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1965592476
revocation-check none
rsakeypair TP-self-signed-1965592476
!
!
crypto pki certificate chain TP-self-signed-1965592476
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393635 35393234 3736301E 170D3037 31323131 31323532
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39363535
39323437 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DF05 91C48915 20DDA711 4A47280F 38505F29 C875D308 07B3D7C2 45C6E5AA
8B55A8B3 B81DBD33 23334C23 5733DC91 7B9E7695 76845DAB 53DCEAE0 7CE0C32F
B866987D E22EC403 3A8FC3E8 3CB1004D 68792840 DF575EA5 FCA8584E FEDB1573
40DA49DB B2C27834 781BD4AA AF035B5B FBD28187 830119FF 17EA1E55 A74322C7
E1A90203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11525430 302E7072 696D616D 6F64612E 706C301F 0603551D
23041830 1680145F 65B89E07 4CDFCEB2 5ACA29AD B96A249B AAB3C830 1D060355
1D0E0416 04145F65 B89E074C DFCEB25A CA29ADB9 6A249BAA B3C8300D 06092A86
4886F70D 01010405 00038181 006E547D 206801AB 865CB2F2 7F554641 0C3564CB
1619A351 6D660BD5 C1E3B778 E00CE803 5B2F57F4 F3735F6B 6C077B45 3B08E974
B0D1EDB0 328E6A9A D1726453 AC7DC3EA 0E20DED8 C4302FE5 FBF9E0E8 8EF27740
7A4A9E24 161B00BB ECF7DB62 BF4CDB92 317817DF 14B9B46E 81A8A081 EC050F1B
87D3643E 00723E75 CD14840B 65
quit
username admin privilege 15 secret 5 $1$m8yp$/Y5E1quEHpCz7F7IO4Lh40
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 2
hash md5
authentication pre-share
crypto isakmp key 12345678910 address 88.156.xx.xx no-xauth
crypto isakmp keepalive 10
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group menago
key menago8
pool SDM_POOL_1
max-users 5
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-des esp-md5-hmac
!
crypto map SDM_CMAP_1 43 ipsec-isakmp
description head->skl31
set peer 88.156.89.202
set transform-set ESP-3DES-SHA
match address 141
!
!
!
!
interface Null0
no ip unreachables
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$FW_OUTSIDE$$ETH-LAN$
ip address 192.168.0.1 255.255.255.0
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 10.1.1.1 255.255.255.0
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1/0
vlan-id dot1q 1
exit-vlan-config
!
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
switchport access vlan 2
!
interface FastEthernet0/1/3
switchport access vlan 2
!
interface Serial0/0/0
ip address 62.87.xx.xx 255.255.255.252
ip verify unicast reverse-path
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1394
crypto map SDM_CMAP_1
!
interface Vlan1
no ip address
!
ip local pool SDM_POOL_1 192.168.0.210 192.168.0.220
ip classless
ip route 0.0.0.0 0.0.0.0 62.87.xx.xx
!
ip flow-top-talkers
top 50
sort-by bytes
!
ip http server
ip http access-class 99
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended NAT
remark SDM_ACL Category=2
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.17.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.17.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.80.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.80.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.16.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.16.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.23.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.23.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.22.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.22.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.9.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.5.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.19.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.12.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.8.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.13.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.13.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.56.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.56.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.94.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.94.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.21.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.21.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.60.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.60.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.81.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.81.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.53.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.53.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.20.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.30.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.7.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.83.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.83.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.6.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.2.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.18.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.18.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.11.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.3.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.10.0 0.0.0.255
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
deny ip 192.168.83.0 0.0.0.255 10.1.1.0 0.0.0.255
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255
remark SDM_ACL Category=2
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.31.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.31.0 0.0.0.255
ip access-list extended NAT_RULE
remark SDM_ACL Category=2
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.17.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.17.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.80.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.16.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.16.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.23.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.23.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.22.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.22.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.9.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.19.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.12.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.13.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.56.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.94.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.21.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.21.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.60.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.81.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.81.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.53.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.53.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.20.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.83.0 0.0.0.255
deny ip 192.168.83.0 0.0.0.255 10.1.1.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.6.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.2.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.18.0 0.0.0.255
permit ip host 10.1.1.130 any
remark SDM_ACL Category=2
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.31.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.31.0 0.0.0.255
ip access-list extended NN
remark SDM_ACL Category=2
permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
remark SDM_ACL Category=2
ip access-list extended internet
remark company->internet
remark SDM_ACL Category=2
deny ip 10.1.1.0 0.0.0.255 192.168.7.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.60.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.56.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.13.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.8.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.80.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.83.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.11.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.18.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.94.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.17.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.17.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.80.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.16.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.16.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.23.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.23.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.22.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.22.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.9.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.19.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.12.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.13.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.56.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.94.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.21.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.21.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.60.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.81.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.81.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.53.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.53.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.20.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.83.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.6.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.2.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.18.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 any
remark company->internet
remark SDM_ACL Category=2
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
remark IPSec Rule
deny ip 192.168.0.0 0.0.0.255 192.168.31.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.31.0 0.0.0.255
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 24 permit 192.168.0.0 0.0.0.255
access-list 99 remark SDM_ACL Category=16
access-list 99 permit 192.168.0.0 0.0.0.255
access-list 99 permit 10.1.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 10.1.1.0 0.0.0.255 192.168.83.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.83.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 10.1.1.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 102 remark SDM_ACL Category=4
access-list 102 permit ip 10.1.1.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 103 remark SDM_ACL Category=4
access-list 103 permit ip 10.1.1.0 0.0.0.255 192.168.80.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.0.0 0.0.0.255 192.168.80.0 0.0.0.255
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip 10.1.1.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.0.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 105 remark SDM_ACL Category=4
access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.23.0 0.0.0.255
access-list 105 remark IPSec Rule
access-list 105 permit ip 192.168.0.0 0.0.0.255 192.168.23.0 0.0.0.255
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 106 remark SDM_ACL Category=4
access-list 106 permit ip 10.1.1.0 0.0.0.255 192.168.22.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.0.0 0.0.0.255 192.168.22.0 0.0.0.255
access-list 106 remark SDM_ACL Category=4
access-list 106 remark IPSec Rule
access-list 107 remark SDM_ACL Category=4
access-list 107 permit ip 10.1.1.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 107 remark SDM_ACL Category=4
access-list 107 remark IPSec Rule
access-list 108 remark SDM_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.80.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.80.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.23.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.23.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.22.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.22.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.56.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.56.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.94.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.94.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.81.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.81.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.53.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.53.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.83.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.83.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.18.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.18.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 108 deny ip 10.1.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 108 permit ip 10.1.1.0 0.0.0.255 any
access-list 108 remark SDM_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 108 remark IPSec Rule
access-list 109 remark SDM_ACL Category=4
access-list 109 permit ip 10.1.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 109 remark IPSec Rule
access-list 109 permit ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 109 remark SDM_ACL Category=4
access-list 109 remark IPSec Rule
access-list 110 remark SDM_ACL Category=4
access-list 110 permit ip 10.1.1.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 110 remark IPSec Rule
access-list 110 permit ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 110 remark SDM_ACL Category=4
access-list 110 remark IPSec Rule
access-list 111 remark SDM_ACL Category=4
access-list 111 permit ip 10.1.1.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 111 remark IPSec Rule
access-list 111 permit ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 111 remark SDM_ACL Category=4
access-list 111 remark IPSec Rule
access-list 112 remark SDM_ACL Category=4
access-list 112 permit ip 10.1.1.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 112 remark IPSec Rule
access-list 112 permit ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 112 remark SDM_ACL Category=4
access-list 112 remark IPSec Rule
access-list 113 remark SDM_ACL Category=4
access-list 113 permit ip 10.1.1.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.0.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 113 remark SDM_ACL Category=4
access-list 113 remark IPSec Rule
access-list 114 remark SDM_ACL Category=4
access-list 114 permit ip 10.1.1.0 0.0.0.255 192.168.56.0 0.0.0.255
access-list 114 remark IPSec Rule
access-list 114 permit ip 192.168.0.0 0.0.0.255 192.168.56.0 0.0.0.255
access-list 114 remark SDM_ACL Category=4
access-list 114 remark IPSec Rule
access-list 115 remark SDM_ACL Category=4
access-list 115 permit ip 10.1.1.0 0.0.0.255 192.168.94.0 0.0.0.255
access-list 115 remark IPSec Rule
access-list 115 permit ip 192.168.0.0 0.0.0.255 192.168.94.0 0.0.0.255
access-list 115 remark SDM_ACL Category=4
access-list 115 remark IPSec Rule
access-list 116 remark SDM_ACL Category=4
access-list 116 permit ip 10.1.1.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.0.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 116 remark SDM_ACL Category=4
access-list 116 remark IPSec Rule
access-list 117 remark SDM_ACL Category=4
access-list 117 permit ip 10.1.1.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 117 remark IPSec Rule
access-list 117 permit ip 192.168.0.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 117 remark SDM_ACL Category=4
access-list 117 remark IPSec Rule
access-list 118 remark SDM_ACL Category=4
access-list 118 permit ip 10.1.1.0 0.0.0.255 192.168.81.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.0.0 0.0.0.255 192.168.81.0 0.0.0.255
access-list 118 remark SDM_ACL Category=4
access-list 118 remark IPSec Rule
access-list 119 remark SDM_ACL Category=4
access-list 119 permit ip 10.1.1.0 0.0.0.255 192.168.53.0 0.0.0.255
access-list 119 remark IPSec Rule
access-list 119 permit ip 192.168.0.0 0.0.0.255 192.168.53.0 0.0.0.255
access-list 119 remark SDM_ACL Category=4
access-list 119 remark IPSec Rule
access-list 120 remark SDM_ACL Category=4
access-list 120 permit ip 10.1.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 120 remark SDM_ACL Category=4
access-list 120 remark IPSec Rule
access-list 121 remark SDM_ACL Category=4
access-list 121 permit ip 10.1.1.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 121 remark IPSec Rule
access-list 121 permit ip 192.168.0.0 0.0.0.255 192.168.44.0 0.0.0.255
access-list 122 remark SDM_ACL Category=4
access-list 122 remark IPSec Rule
access-list 122 permit ip 192.168.0.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 122 remark SDM_ACL Category=4
access-list 122 remark IPSec Rule
access-list 123 remark SDM_ACL Category=4
access-list 123 remark IPSec Rule
access-list 123 permit ip 192.168.0.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 124 remark SDM_ACL Category=4
access-list 124 remark IPSec Rule
access-list 124 permit ip 192.168.0.0 0.0.0.255 192.168.24.0 0.0.0.255
access-list 125 remark SDM_ACL Category=4
access-list 125 remark IPSec Rule
access-list 125 permit ip 192.168.0.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 126 remark SDM_ACL Category=4
access-list 126 permit ip 10.1.1.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 126 remark IPSec Rule
access-list 126 permit ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 126 remark SDM_ACL Category=4
access-list 126 remark IPSec Rule
access-list 127 remark SDM_ACL Category=4
access-list 127 permit ip 10.1.1.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 127 remark IPSec Rule
access-list 127 permit ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 127 remark SDM_ACL Category=4
access-list 127 remark IPSec Rule
access-list 128 remark SDM_ACL Category=4
access-list 128 permit ip 10.1.1.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 128 remark IPSec Rule
access-list 128 permit ip 192.168.0.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 129 remark SDM_ACL Category=4
access-list 129 permit ip 10.1.1.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 129 remark IPSec Rule
access-list 129 permit ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 129 remark SDM_ACL Category=4
access-list 129 remark IPSec Rule
access-list 130 remark SDM_ACL Category=4
access-list 130 remark IPSec Rule
access-list 130 permit ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 131 remark SDM_ACL Category=4
access-list 131 permit ip 10.1.1.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 131 remark IPSec Rule
access-list 131 permit ip 192.168.0.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 132 remark SDM_ACL Category=4
access-list 132 permit ip 10.1.1.0 0.0.0.255 192.168.18.0 0.0.0.255
access-list 132 remark IPSec Rule
access-list 132 permit ip 192.168.0.0 0.0.0.255 192.168.18.0 0.0.0.255
access-list 132 remark SDM_ACL Category=4
access-list 132 remark IPSec Rule
access-list 133 remark SDM_ACL Category=4
access-list 133 permit ip 10.1.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 133 remark SDM_ACL Category=4
access-list 133 remark IPSec Rule
access-list 134 remark SDM_ACL Category=4
access-list 134 permit ip 10.1.1.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 134 permit ip 192.168.0.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 134 remark SDM_ACL Category=4
access-list 135 remark SDM_ACL Category=4
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.0.0 0.0.0.255 192.168.29.0 0.0.0.255
access-list 136 remark SDM_ACL Category=4
access-list 136 remark IPSec Rule
access-list 136 permit ip 192.168.0.0 0.0.0.255 192.168.28.0 0.0.0.255
access-list 137 remark SDM_ACL Category=4
access-list 137 remark IPSec Rule
access-list 137 permit ip 192.168.0.0 0.0.0.255 192.168.27.0 0.0.0.255
access-list 138 remark SDM_ACL Category=4
access-list 138 remark IPSec Rule
access-list 138 permit ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 139 remark SDM_ACL Category=4
access-list 139 remark IPSec Rule
access-list 139 permit ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 140 remark SDM_ACL Category=4
access-list 140 remark IPSec Rule
access-list 140 permit ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 141 remark IPSEC Rule
access-list 141 remark SDM_ACL Category=4
access-list 141 remark IPSecRule
access-list 141 permit ip 192.168.0.0 0.0.0.255 192.168.31.0 0.0.0.255
access-list 141 permit ip 10.1.1.0 0.0.0.255 192.168.31.0 0.0.0.255
access-list 180 remark PVPN
access-list 180 remark SDM_ACL Category=4
access-list 180 remark PVPN
access-list 180 permit ip 192.168.0.0 0.0.0.255 host 88.156.86.26
access-list 198 remark SDM_ACL Category=1
access-list 198 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 198 remark SDM_ACL Category=1
access-list 199 remark SDM_ACL Category=1
access-list 199 permit ip 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 199 remark SDM_ACL Category=1
no cdp run
!
route-map SDM_RMAP_4 permit 1
match ip address NAT
!
route-map SDM_RMAP_5 permit 1
match ip address 108
!
route-map SDM_RMAP_1 permit 1
match ip address NAT_RULE
!
route-map SDM_RMAP_2 permit 1
match ip address NAT
!
route-map SDM_RMAP_3 permit 1
match ip address internet
set ip next-hop 83.16.xx.xx
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^CCPMSA
^C
alias exec c conf t
alias exec r sh run
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
line vty 5 15
access-class 23 in
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179981
ntp update-calendar
ntp server 10.1.1.253 source GigabitEthernet0/1 prefer
ntp server 192.168.0.253 prefer
!
end
Kod: Zaznacz cały
deny ip 10.1.1.0 0.0.0.255 192.168.31.0 0.0.0.255
Kod: Zaznacz cały
permit ip 10.1.1.0 0.0.0.255 any
Kod: Zaznacz cały
show crypto isakmp sa