[go: up one dir, main page]
Scribd
Upload
84 views6 pages

GOADVERTISING Lisboa Network Configuration

This document contains configuration settings for a network device located in Lisbon, Portugal belonging to an advertising company. It defines various security settings like ACLs for access control and authentication. The device acts as a firewall and VPN gateway to connect remote offices to headquarters, and its interfaces are configured for routing, DHCP, and traffic shaping.

Uploaded by

thed719
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
84 views6 pages

GOADVERTISING Lisboa Network Configuration

This document contains configuration settings for a network device located in Lisbon, Portugal belonging to an advertising company. It defines various security settings like ACLs for access control and authentication. The device acts as a firewall and VPN gateway to connect remote offices to headquarters, and its interfaces are configured for routing, DHCP, and traffic shaping.

Uploaded by

thed719
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

[V200R005C20SPC200]

#
sysname GOADVERTISING_LISBOA_142971
header shell information "
================================================================
=
=
GOADVERTISING SA
=
=
Morada: Avenida dos Combatentes, 43, 5 A, 1600-042,Lisboa
=
=
SITE 1 - LISBOA
=
================================================================
"
header login information "
================================================================
=
=
NOS
=
=
-Acesso Reservado= Acesso nao autorizado punido pelo decreto lei: 109/91 ; 67/98
=
Unauthorized access punished by law
=
================================================================
"
#
drop illegal-mac alarm
#
vlan batch 100 300
#
domain default_admin
#
dhcp enable
#
vlan 100
name centrex
#
hwtacacs-server template line_vty
hwtacacs-server authentication [Link] 1041
hwtacacs-server authorization [Link] 1041
hwtacacs-server accounting [Link] 1041
hwtacacs-server shared-key cipher %@%@\JxrSP3}l3CqKmSx;nMS<0+s>@Xk6$Y.c'!BUD2s5
FZ!0+v<%@%@
undo hwtacacs-server user-name domain-included
#
pki realm default
enrollment self-signed
#
acl number 2087
description ### SNMP Entuity ###
rule 10 deny
acl number 2090
description ### Acesso VTY ###
rule 10 permit source [Link] [Link]
rule 20 permit source [Link] [Link]
rule 30 permit source [Link] [Link]
rule 40 permit source [Link] [Link]
rule 50 permit source [Link] [Link]
rule 60 permit source [Link] [Link]
rule 70 deny

acl number 2096


description ### SNMP ilmi ###
rule 5 deny
acl number 2097
description ### SNMP Solarwinds ###
rule 10 permit source [Link] [Link]
rule 20 permit source [Link] [Link]
rule 30 deny
#
acl number 3102
description ### Outbound ###
rule 5 permit ip
acl number 3103
description ### Inbound ###
rule 5 deny ip source [Link] [Link]
rule 10 deny ip source [Link] [Link]
rule 15 deny ip source [Link] [Link]
rule 20 deny ip source [Link] [Link]
rule 25 permit ip
acl number 3501
description ### CRYPTO ACL ###
rule 10 permit ip source [Link] [Link] destination [Link] [Link]
55
acl number 3502
description ### NAT ###
rule 5 deny ip source [Link] [Link] destination [Link] [Link]
rule 10 permit ip
#
ipsec proposal novistrans
esp authentication-algorithm sha1
esp encryption-algorithm aes-256
#
ike proposal 10
encryption-algorithm aes-cbc-256
dh group5
authentication-algorithm sha2-256
sa duration 28800
#
ike peer noviscryptomap2 v1
pre-shared-key simple 3nTeR10ff1c3#2
ike-proposal 10
remote-address [Link]
#
ipsec policy policy1 10 isakmp
security acl 3501
pfs dh-group5
ike-peer noviscryptomap2
proposal novistrans
#
traffic classifier default operator or
if-match any
#
traffic behavior SHAPE_50Mbps
gts cir 50000 cbs 1250000 queue-length 64
statistic enable
#
traffic policy WAN_50Mbps
classifier default behavior SHAPE_50Mbps
#
ip pool DHCP

gateway-list [Link]
network [Link] mask [Link]
excluded-ip-address [Link] [Link]
excluded-ip-address [Link] [Link]
dns-list [Link] [Link]
domain-name [Link]
#
aaa
authentication-scheme default
authentication-mode hwtacacs local
authentication-scheme line_vty
authentication-mode hwtacacs local
authorization-scheme default
authorization-scheme line_vty
authorization-mode hwtacacs if-authenticated
authorization-cmd 15 hwtacacs local
accounting-scheme default
accounting-scheme line_vty
accounting-mode hwtacacs
accounting start-fail online
recording-scheme line_vty
recording-mode hwtacacs line_vty
cmd recording-scheme line_vty
outbound recording-scheme line_vty
system recording-scheme line_vty
domain default
domain default_admin
authentication-scheme line_vty
accounting-scheme line_vty
authorization-scheme line_vty
hwtacacs-server line_vty
undo local-user admin
local-user x142971 password cipher %@%@gbq0~M</\HQ&eW/h/h_%<1>}%@%@
local-user x142971 ftp-directory sd1:
local-user x142971 service-type terminal ssh ftp
#
firewall zone trust
priority 15
#
firewall zone untrust
priority 1
#
firewall zone Local
priority 16
#
firewall interzone trust untrust
packet-filter 3103 inbound
packet-filter 3102 outbound
detect aspf ftp
detect aspf sip
detect aspf rtsp
detect aspf http
detect aspf http java-blocking
detect aspf http activex-blocking
#
nat alg dns enable
nat alg ftp enable
nat alg rtsp enable
nat alg sip enable
nat alg pptp enable

#
nat dns-map [Link] interface GigabitEthernet 0/0/0.211 55555 tcp
#
interface Vlanif1
ip address [Link] [Link]
dhcp select global
#
interface Vlanif100
description CENTREX
ip address [Link] [Link]
dhcp select relay
dhcp relay server-ip [Link]
dhcp relay server-ip [Link]
#
interface Vlanif300
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
description *** Ligao ao SW ID151369 ***
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
port link-type access
port default vlan 300
loopback internal
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
qos gts cir 52600 cbs 1315000
qos lr pct 68
#
interface GigabitEthernet0/0/0.211
description *** WAN - NET: LIS1-163_LIS154-23_NS_5 ***
dot1q termination vid 211
ip address [Link] [Link]
ipsec policy policy1
nat server protocol tcp global current-interface 55555 inside [Link] 5555
5
nat outbound 3502
zone untrust
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.210
dot1q termination vid 210
ip address [Link] [Link]
#
interface Cellular0/0/0
#

interface Cellular0/0/1
#
interface NULL0
#
interface LoopBack1
#
interface LoopBack11
#
bgp 65000
router-id [Link]
peer [Link] as-number 2860
peer [Link] timer keepalive 15 hold 45
#
ipv4-family unicast
undo synchronization
network [Link] [Link]
network [Link] [Link]
peer [Link] enable
#
snmp-agent local-engineid 800007DB03D4B110B6A9ED
snmp-agent community read %@%@$W}PG"dn!UY3>a=k1o~(,.F2k58e5AOx3!x+8#RQ,iW*.F5,/
o#|A{[Link]>,.%@%@ acl 2097
snmp-agent community read %@%@1vExFQJ#AYx'Bx@HB'!*,.F.[q:q=>MiJ5!S7S.^UV1T.F1,V
3L>!V\Bd0>9xUR;hJv0F:,.%@%@ acl 2096
snmp-agent sys-info location GOADVERTISING_LISBOA, Portugal
snmp-agent target-host trap-hostname SERVER address [Link] udp-port 161
trap-paramsname L23B1U
snmp-agent
#
ssh server compatible-ssh1x enable
stelnet server enable
#
http timeout 3
http server enable
http secure-server enable
#
ip route-static [Link] [Link] [Link] description Default-Route
ip route-static [Link] [Link] [Link] description GestaoRemo
ta
ip route-static [Link] [Link] [Link]
ip route-static [Link] [Link] [Link] description GestaoRem
ota
ip route-static [Link] [Link] [Link] description GestaoR
emota
#
nqa test-instance PROBE ICMP1
test-type icmp
destination-address ipv4 [Link]
source-address ipv4 [Link]
frequency 30
start now
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
acl 2090 inbound
authentication-mode aaa
user privilege level 15
protocol inbound all
#

wlan
wmm-profile name wmmf id 0
traffic-profile name traf id 0
security-profile name secf id 0
radio-profile name radiof id 0
wmm-profile id 0
#
interface Wlan-Radio0/0/0
#
ntp-service unicast-server [Link]
#
return

You might also like