User Access Verification
Username:
Password:
Router#sho run
Building configuration...
Current configuration : 4683 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$yuTJ$2AfnDSmneRz.mpf7w/CZ30
!
username test privilege 15 password 0 test
username jxc privilege 15 secret 5 $1$GcSJ$oitYk1fj7n3K06ut4mnbH0
memory-size iomem 15
no network-clock-participate aim 0
no network-clock-participate aim 1
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa session-id common
ip subnet-zero
!
!
ip cef
!
!
ip ips po max-events 100
no ip domain lookup
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group easyvpn
key easyvpn
pool SDM_POOL_2
max-users 10
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA1
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Loopback0
ip address 192.168.7.1 255.255.255.0
!
interface GigabitEthernet0/0
ip address 113.0.42.?255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface GigabitEthernet0/1
ip address 172.16.10.254 255.255.255.0 secondary
ip address 172.16.100.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clockrate 2000000
!
interface Serial0/1/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clockrate 2000000
!
ip local pool SDM_POOL_2 172.16.99.1 172.16.99.10
ip classless
ip route 0.0.0.0 0.0.0.0 113.0.42.161
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 172.16.100.35 22 113.0.42.? 1035 extendable
ip nat inside source static tcp 172.16.100.37 22 ?1037 extendable
ip nat inside source static tcp 172.16.100.38 22 ?1038 extendable
ip nat inside source static tcp 172.16.100.40 22 113.0??1040 extendable
ip nat inside source static tcp 172.16.100.46 22 ?1046 extendable
ip nat inside source static tcp 172.16.10.203 22 ?2222 extendable
ip nat inside source static tcp 172.16.100.37 3306 ?3306 extendable
ip nat inside source static tcp 172.16.10.203 5903 ?5903 extendable
ip nat inside source static tcp 172.16.10.201 5910 ?5910 extendable
ip nat inside source static tcp 172.16.10.202 5911 ?5911 extendable
ip nat inside source static tcp 172.16.10.63 22 ?6322 extendable
ip nat inside source static tcp 172.16.10.67 22 ?6722 extendable
ip nat inside source static tcp 172.16.10.203 8080 ? 8080 extendable
ip nat inside source static tcp 172.16.10.67 9527 ?9527 extendable
ip nat inside source static tcp 172.16.100.46 11211 ?11211 extendabl
e
ip nat inside source static tcp 172.16.10.201 22 ?20122 extendable
ip nat inside source static tcp 172.16.10.202 22 ?20222 extendable
ip nat inside source static tcp 172.16.10.64 50000 ?50000 extendable
!
!
access-list 1 permit 172.16.100.185
access-list 1 permit 172.16.10.202
access-list 1 permit 172.16.10.203
access-list 1 permit 172.16.10.201
access-list 1 permit 172.16.10.62
access-list 1 permit 172.16.10.63
access-list 1 permit 172.16.10.61
access-list 1 permit 172.16.10.68
access-list 1 permit 172.16.10.69
access-list 1 permit 172.16.100.46
access-list 1 permit 172.16.10.64
access-list 1 permit 172.16.10.65
access-list 144 remark wer
access-list 144 remark SDM_ACL Category=4
access-list 144 permit ip any any
access-list 144 remark wer
access-list 144 remark SDM_ACL Category=4
route-map SDM_RMAP_2 permit 1
match ip address 102
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password test
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Username:
Password:
Router#sho run
Building configuration...
Current configuration : 4683 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$yuTJ$2AfnDSmneRz.mpf7w/CZ30
!
username test privilege 15 password 0 test
username jxc privilege 15 secret 5 $1$GcSJ$oitYk1fj7n3K06ut4mnbH0
memory-size iomem 15
no network-clock-participate aim 0
no network-clock-participate aim 1
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa session-id common
ip subnet-zero
!
!
ip cef
!
!
ip ips po max-events 100
no ip domain lookup
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group easyvpn
key easyvpn
pool SDM_POOL_2
max-users 10
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA1
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Loopback0
ip address 192.168.7.1 255.255.255.0
!
interface GigabitEthernet0/0
ip address 113.0.42.?255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface GigabitEthernet0/1
ip address 172.16.10.254 255.255.255.0 secondary
ip address 172.16.100.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clockrate 2000000
!
interface Serial0/1/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clockrate 2000000
!
ip local pool SDM_POOL_2 172.16.99.1 172.16.99.10
ip classless
ip route 0.0.0.0 0.0.0.0 113.0.42.161
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 172.16.100.35 22 113.0.42.? 1035 extendable
ip nat inside source static tcp 172.16.100.37 22 ?1037 extendable
ip nat inside source static tcp 172.16.100.38 22 ?1038 extendable
ip nat inside source static tcp 172.16.100.40 22 113.0??1040 extendable
ip nat inside source static tcp 172.16.100.46 22 ?1046 extendable
ip nat inside source static tcp 172.16.10.203 22 ?2222 extendable
ip nat inside source static tcp 172.16.100.37 3306 ?3306 extendable
ip nat inside source static tcp 172.16.10.203 5903 ?5903 extendable
ip nat inside source static tcp 172.16.10.201 5910 ?5910 extendable
ip nat inside source static tcp 172.16.10.202 5911 ?5911 extendable
ip nat inside source static tcp 172.16.10.63 22 ?6322 extendable
ip nat inside source static tcp 172.16.10.67 22 ?6722 extendable
ip nat inside source static tcp 172.16.10.203 8080 ? 8080 extendable
ip nat inside source static tcp 172.16.10.67 9527 ?9527 extendable
ip nat inside source static tcp 172.16.100.46 11211 ?11211 extendabl
e
ip nat inside source static tcp 172.16.10.201 22 ?20122 extendable
ip nat inside source static tcp 172.16.10.202 22 ?20222 extendable
ip nat inside source static tcp 172.16.10.64 50000 ?50000 extendable
!
!
access-list 1 permit 172.16.100.185
access-list 1 permit 172.16.10.202
access-list 1 permit 172.16.10.203
access-list 1 permit 172.16.10.201
access-list 1 permit 172.16.10.62
access-list 1 permit 172.16.10.63
access-list 1 permit 172.16.10.61
access-list 1 permit 172.16.10.68
access-list 1 permit 172.16.10.69
access-list 1 permit 172.16.100.46
access-list 1 permit 172.16.10.64
access-list 1 permit 172.16.10.65
access-list 144 remark wer
access-list 144 remark SDM_ACL Category=4
access-list 144 permit ip any any
access-list 144 remark wer
access-list 144 remark SDM_ACL Category=4
route-map SDM_RMAP_2 permit 1
match ip address 102
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password test
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end