CORE ROUTER Current configuration : 3498 bytes ! version 12.

4 service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption security passwords min-length 10 ! hostname CORP ! ! ! enable secret 5 $1$mERr$UBS6AqpcFjkupAnmSUCGG. ! ! ! ! ! aaa new-model ! --More--aaa new-model ! aaa authentication login default local !

! aaa authorization exec default local ! ! ! ! ! username CORPADMIN secret 5 $1$mERr$fPunCIN6tB/A1os48VIRu. username Internet password 7 08024F40082A261E010803 username SSHAccess secret 5 $1$mERr$3mVxZHExBNJRy65mTbcvz. ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 ! crypto isakmp key Vpnpass101 address [Link] ! ! crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac ! crypto map VPN-MAP 10 ipsec-isakmp set peer [Link] set transform-set VPN-SET match address 120

! ! ! ip ssh version 2 ip ssh authentication-retries 2 ip ssh time-out 90 ip domain-name [Link] ! ! ip inspect audit-trail --ip inspect audit-trail ip inspect name INTOCORP icmp ip inspect name INTOCORP tcp ip inspect name INTOCORP udp spanning-tree mode pvst ! ip ips config location flash:ipsdir/ retries 1 ip ips name corpips ip ips signature-category category all retired true category ios_ips basic retired false ! !

! interface FastEthernet0/0 ip address [Link] [Link] ip ips corpips out ip access-group DMZFIREWALL out ip nat inside duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto ! interface FastEthernet0/1.10 encapsulation dot1Q 10 ip address [Link] [Link] ip nat inside ! interface FastEthernet0/1.25 encapsulation dot1Q 25 ip address [Link] [Link] ip nat inside More--interface FastEthernet0/1.99 encapsulation dot1Q 99 native

ip address [Link] [Link] ! interface Serial0/0/0 ip address [Link] [Link] encapsulation ppp ppp authentication chap ip access-group INCORP in ip nat outside ip inspect INTOCORP out no cdp enable crypto map VPN-MAP ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address shutdown ! ip nat pool PATPOOL [Link] [Link] netmask [Link] ip nat inside source list 1 pool PATPOOL overload ip nat inside source static [Link] [Link] ip nat inside source static [Link] [Link] ip classless

ip route [Link] [Link] Serial0/0/0 ! ! access-list 1 permit [Link] [Link] access-list 12 permit host [Link] access-list 12 permit host [Link] ip access-list extended DMZFIREWALL permit tcp any host [Link] eq www permit tcp any host [Link] eq domain permit udp any host [Link] eq domain permit ip [Link] [Link] [Link] [Link] permit tcp [Link] [Link] host [Link] eq ftp --More-ip access-list extended INCORP permit tcp any host [Link] eq www permit tcp any host [Link] eq domain permit udp any host [Link] eq domain permit tcp [Link] [Link] host [Link] eq 22 permit ip host [Link] host [Link] permit ip [Link] [Link] [Link] [Link] access-list 120 permit ip [Link] [Link] [Link] [Link] ! banner motd ^CAuthorized Access Only!^C ! !

! ! logging [Link] line con 0 exec-timeout 20 0 logging synchronous line vty 0 4 access-class 12 in exec-timeout 20 0 transport input ssh line vty 5 15 access-class 12 in exec-timeout 20 0 transport input ssh ! ! ntp server [Link] key 0 ntp update-calendar ! end BRANCH Current configuration : 2015 bytes ! version 12.4 no service timestamps log datetime msec

no service timestamps debug datetime msec service password-encryption security passwords min-length 10 ! hostname Branch ! ! ! enable secret 5 $1$mERr$UBS6AqpcFjkupAnmSUCGG. ! ! ! ! ! ! username CORPADMIN secret 5 $1$mERr$fPunCIN6tB/A1os48VIRu.

username Internet password 7 08024F40082A261E010803 ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 ! crypto isakmp key Vpnpass101 address [Link]

! ! crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac ! crypto map VPN-MAP 10 ipsec-isakmp set peer [Link] set transform-set VPN-SET match address 120 ! ! ! ip ssh version 1 ip ssh authentication-retries 2 ip ssh time-out 90 ! ! spanning-tree mode pvst ! class-map type inspect match-all BR-IN-CLASS-MAP match access-group 110 ! policy-map type inspect BR-IN-OUT-PMAP class type inspect BR-IN-CLASS-MAP inspect !

! ! zone security BR-IN-ZONE --More-zone security BR-OUT-ZONE zone-pair security IN-OUT-ZPAIR source BR-IN-ZONE destination BR-OUT-ZONE service-policy type inspect BR-IN-OUT-PMAP ! interface FastEthernet0/0 ip address [Link] [Link] zone-member security BR-IN-ZONE duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address [Link] [Link] zone-member security BR-OUT-ZONE encapsulation ppp ppp authentication chap

no cdp enable crypto map VPN-MAP ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address shutdown ! ip classless ip route [Link] [Link] Serial0/0/0

access-list 110 permit ip [Link] [Link] any access-list 120 permit ip [Link] [Link] [Link] [Link] ! banner motd ^CAuthorized Access Only!^C ! ! ! ! line con 0 exec-timeout 20 0 logging synchronous

login local line vty 0 4 exec-timeout 20 0 login local transport input none line vty 5 15 exec-timeout 20 0 login local transport input none