Difference between revisions of "PengeBanken"

From Teknologisk videncenter
Jump to: navigation, search
(AAA01SWCO)
Line 514: Line 514:
 
scheduler allocate 20000 1000
 
scheduler allocate 20000 1000
 
ntp server 172.16.255.10
 
ntp server 172.16.255.10
 +
end
 +
</pre>
 +
AHA01FW
 +
<pre>
 +
version 12.4
 +
service timestamps debug datetime msec
 +
service timestamps log datetime msec
 +
no service password-encryption
 +
!
 +
hostname AHA01FW
 +
!
 +
boot-start-marker
 +
boot-end-marker
 +
!
 +
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/
 +
!
 +
aaa new-model
 +
!
 +
!
 +
aaa authentication login default group radius local
 +
aaa authentication ppp default if-needed group radius none
 +
aaa authorization exec default group radius local
 +
!
 +
aaa session-id common
 +
!
 +
resource policy
 +
!
 +
ip cef
 +
!
 +
!
 +
!
 +
!
 +
no ip domain lookup
 +
ip domain name pengebanken.dk
 +
ip name-server 172.16.241.11
 +
ip ssh version 2
 +
vpdn enable
 +
!
 +
vpdn-group VPN
 +
! Default PPTP VPDN group
 +
accept-dialin
 +
  protocol pptp
 +
  virtual-template 1
 +
!
 +
!
 +
!
 +
!
 +
voice-card 0
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1
 +
!
 +
!
 +
class-map type inspect match-any OUTSIDE-DMZ-CMAP
 +
match protocol http
 +
class-map match-any MissionCritical-Trust
 +
match ip dscp af31
 +
class-map match-any VoIP-RTP-Trust
 +
match ip dscp ef
 +
class-map match-any VoIP-Control-Trust
 +
match ip dscp cs3
 +
class-map match-any Management-Trust
 +
match ip dscp cs2
 +
class-map match-any AutoQoS-VoIP-RTP-Trust
 +
match ip dscp ef
 +
class-map type inspect match-any INSIDE-OUTSIDE-CMAP
 +
match protocol tcp
 +
match protocol udp
 +
match protocol icmp
 +
class-map type inspect match-any OUTSIDE-INSIDE-CMAP
 +
match protocol tcp
 +
match protocol udp
 +
class-map match-any AutoQoS-VoIP-Control-Trust
 +
match ip dscp cs3
 +
match ip dscp af31
 +
!
 +
!
 +
policy-map type inspect OUTSIDE-DMZ-PMAP
 +
class type inspect OUTSIDE-DMZ-CMAP
 +
  inspect
 +
class class-default
 +
  drop log
 +
policy-map PbPolicy
 +
class VoIP-RTP-Trust
 +
  priority percent 25
 +
class VoIP-Control-Trust
 +
  bandwidth percent 5
 +
class MissionCritical-Trust
 +
  bandwidth percent 40
 +
class Management-Trust
 +
  bandwidth percent 5
 +
class class-default
 +
  fair-queue
 +
policy-map AutoQoS-Policy-Trust
 +
class AutoQoS-VoIP-RTP-Trust
 +
  priority percent 70
 +
class AutoQoS-VoIP-Control-Trust
 +
  bandwidth percent 5
 +
class class-default
 +
  fair-queue
 +
policy-map type inspect INSIDE-OUTSIDE-PMAP
 +
class type inspect INSIDE-OUTSIDE-CMAP
 +
  inspect
 +
class class-default
 +
  drop log
 +
policy-map type inspect OUTSIDE-INSIDE-PMAP
 +
class type inspect OUTSIDE-INSIDE-CMAP
 +
  drop log
 +
class class-default
 +
!
 +
zone security INSIDE
 +
zone security OUTSIDE
 +
zone security DMZ
 +
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE
 +
service-policy type inspect INSIDE-OUTSIDE-PMAP
 +
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE
 +
service-policy type inspect OUTSIDE-INSIDE-PMAP
 +
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ
 +
service-policy type inspect OUTSIDE-DMZ-PMAP
 +
!
 +
!
 +
crypto isakmp policy 10
 +
encr aes 256
 +
authentication pre-share
 +
group 5
 +
lifetime 1000
 +
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2
 +
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3
 +
!
 +
!
 +
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac
 +
!
 +
crypto map PB_crypto_Map 10 ipsec-isakmp
 +
set peer 10.1.1.2
 +
set transform-set PB-TransformSet
 +
match address Tunnel1_til_Viborg
 +
crypto map PB_crypto_Map 20 ipsec-isakmp
 +
set peer 10.1.1.3
 +
set transform-set PB-TransformSet
 +
match address Tunnel2_til_Aalborg
 +
!
 +
!
 +
!
 +
!
 +
!
 +
interface Tunnel1
 +
description Tunnel1_til_Viborg
 +
ip address 172.16.254.1 255.255.255.252
 +
ip mtu 1420
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
tunnel source FastEthernet0/0
 +
tunnel destination 10.1.1.2
 +
!
 +
interface Tunnel2
 +
description Tunnel2_til_Aalborg
 +
ip address 172.16.254.5 255.255.255.252
 +
ip mtu 1420
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
tunnel source FastEthernet0/0
 +
tunnel destination 10.1.1.3
 +
!
 +
interface Loopback0
 +
ip address 192.168.255.10 255.255.255.0
 +
zone-member security DMZ
 +
!
 +
interface FastEthernet0/0
 +
description internet
 +
ip address 10.1.1.1 255.255.255.0
 +
ip nat outside
 +
ip virtual-reassembly
 +
zone-member security OUTSIDE
 +
duplex auto
 +
speed auto
 +
crypto map PB_crypto_Map
 +
!
 +
interface FastEthernet0/1
 +
description Til_AHA01SWCO
 +
ip address 172.16.255.10 255.255.255.252
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
ip route-cache flow
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
duplex auto
 +
speed auto
 +
service-policy output AutoQoS-Policy-Trust
 +
!
 +
interface FastEthernet0/1/0
 +
description Til_AHA02SWCO
 +
switchport access vlan 990
 +
!
 +
interface FastEthernet0/1/1
 +
description Til_AHA01RT
 +
switchport access vlan 991
 +
!
 +
interface FastEthernet0/1/2
 +
!
 +
interface FastEthernet0/1/3
 +
!
 +
interface Virtual-Template1
 +
ip address 172.16.253.1 255.255.255.0
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
peer default ip address pool VPN-Pool
 +
ppp encrypt mppe auto
 +
ppp authentication ms-chap ms-chap-v2
 +
!
 +
interface Vlan1
 +
no ip address
 +
!
 +
interface Vlan990
 +
ip address 172.16.255.22 255.255.255.252
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
!
 +
interface Vlan991
 +
ip address 172.16.255.14 255.255.255.252
 +
ip nat inside
 +
ip virtual-reassembly
 +
zone-member security INSIDE
 +
ip ospf network point-to-point
 +
ip ospf dead-interval minimal hello-multiplier 3
 +
!
 +
router ospf 1
 +
log-adjacency-changes
 +
passive-interface Tunnel1
 +
passive-interface Tunnel2
 +
network 172.16.255.10 0.0.0.0 area 0
 +
network 172.16.255.14 0.0.0.0 area 0
 +
network 172.16.255.22 0.0.0.0 area 0
 +
default-information originate
 +
!
 +
router bgp 65001
 +
bgp log-neighbor-changes
 +
neighbor 172.16.254.2 remote-as 65002
 +
neighbor 172.16.254.6 remote-as 65003
 +
!
 +
address-family ipv4
 +
redistribute static
 +
redistribute ospf 1 match internal external 1 external 2
 +
neighbor 172.16.254.2 activate
 +
neighbor 172.16.254.6 activate
 +
default-information originate
 +
no auto-summary
 +
no synchronization
 +
exit-address-family
 +
!
 +
ip local pool VPN-Pool 172.16.253.10 172.16.253.200
 +
ip route 0.0.0.0 0.0.0.0 10.1.1.254
 +
!
 +
ip flow-export source FastEthernet0/1
 +
ip flow-export version 5
 +
ip flow-export destination 172.16.241.17 9000
 +
!
 +
ip http server
 +
no ip http secure-server
 +
ip nat inside source list 10 interface FastEthernet0/0 overload
 +
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80
 +
!
 +
ip access-list extended Tunnel1_til_Viborg
 +
permit gre host 10.1.1.1 host 10.1.1.2
 +
ip access-list extended Tunnel2_til_Aalborg
 +
permit gre host 10.1.1.1 host 10.1.1.3
 +
!
 +
ip radius source-interface FastEthernet0/1
 +
access-list 10 permit 172.16.241.15
 +
access-list 10 permit 172.16.0.0 0.15.255.255
 +
snmp-server community PengeBanken RO
 +
snmp-server host 172.16.241.17 version 2c PengeBanken
 +
!
 +
!
 +
!
 +
!
 +
!
 +
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
 +
!
 +
control-plane
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
line con 0
 +
line aux 0
 +
line vty 0 4
 +
!
 +
scheduler allocate 20000 1000
 +
ntp clock-period 17178263
 +
ntp server 217.198.208.66
 
end
 
end
 
</pre>
 
</pre>

Revision as of 08:16, 14 September 2009

PengeBanken Konfig filer

AAA01SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01SWCO
!
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/
!
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 85
mls qos min-reserve 7 51
mls qos min-reserve 8 34
mls qos
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2,8-11 priority 24576
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
! 
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 description AAFS01
 switchport access vlan 8
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA01RT
 no switchport
 ip address 172.18.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description Til_AAA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AAA01SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_TDC MPLS
 no switchport
 ip address 172.18.255.1 255.255.255.252
 mls qos trust cos
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address dhcp
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.2.2 255.255.255.0
 standby 2 ip 192.168.2.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.18.8.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 8 ip 172.18.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.18.9.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 9 ip 172.18.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.18.10.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 10 ip 172.18.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.18.11.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 11 ip 172.18.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 network 172.18.0.0 0.0.255.255 area 0
 default-information originate
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 172.18.255.2 remote-as 65000
 neighbor 172.18.255.2 description TDC_MPLS
 neighbor 172.18.255.2 soft-reconfiguration inbound
 neighbor 172.18.255.2 route-map 65003-RMAP-IN in
 neighbor 172.18.255.2 route-map 65003-RMAP-OUT out
 no auto-summary
!
ip classless
ip http server
ip http secure-server
!
ip radius source-interface Vlan2 
!
!
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PRE-OUT
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 17179326
ntp server 172.16.255.10
end

AAA01RT

version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.1
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Aarhus
!
!
!
!
!
interface Tunnel1
 description Til_Aarhus
 ip address 172.16.254.6 255.255.255.252
 ip mtu 1420
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.1
!
interface FastEthernet0/0
 description Internet
 ip address 10.1.1.3 255.255.255.0
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.18.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface Serial0/2/0
 no ip address
 shutdown
 no fair-queue
 clock rate 125000
!
interface Serial0/2/1
 no ip address
 shutdown
 clock rate 125000
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65003 metric 255 subnets
 network 172.18.255.6 0.0.0.0 area 0
 default-information originate metric 255
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.5 remote-as 65001
 neighbor 172.16.254.5 description AHA01FW
 neighbor 172.16.254.5 route-map 65003-RMAP-IN in
 neighbor 172.16.254.5 route-map 65003-RMAP-OUT out
 default-information originate
 no auto-summary
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
!
!
ip http server
no ip http secure-server
!
ip access-list extended Tunnel1_til_Aarhus
 permit gre host 10.1.1.3 host 10.1.1.1
!
!
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
!
!
!
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PLIST-OUT
 set as-path prepend 65003 65003 65003 65003 65003 65003 65003
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 length 0
!
scheduler allocate 20000 1000
ntp server 172.16.255.10
end

AHA01FW

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01FW
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication ppp default if-needed group radius none
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
vpdn enable
!
vpdn-group VPN
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1
!
!
class-map type inspect match-any OUTSIDE-DMZ-CMAP
 match protocol http
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
class-map match-any AutoQoS-VoIP-RTP-Trust
 match ip dscp ef 
class-map type inspect match-any INSIDE-OUTSIDE-CMAP
 match protocol tcp
 match protocol udp
 match protocol icmp
class-map type inspect match-any OUTSIDE-INSIDE-CMAP
 match protocol tcp
 match protocol udp
class-map match-any AutoQoS-VoIP-Control-Trust
 match ip dscp cs3 
 match ip dscp af31 
!
!
policy-map type inspect OUTSIDE-DMZ-PMAP
 class type inspect OUTSIDE-DMZ-CMAP
  inspect
 class class-default
  drop log
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
policy-map AutoQoS-Policy-Trust
 class AutoQoS-VoIP-RTP-Trust
  priority percent 70
 class AutoQoS-VoIP-Control-Trust
  bandwidth percent 5
 class class-default
  fair-queue
policy-map type inspect INSIDE-OUTSIDE-PMAP
 class type inspect INSIDE-OUTSIDE-CMAP
  inspect
 class class-default
  drop log
policy-map type inspect OUTSIDE-INSIDE-PMAP
 class type inspect OUTSIDE-INSIDE-CMAP
  drop log
 class class-default
!
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE
 service-policy type inspect INSIDE-OUTSIDE-PMAP
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE
 service-policy type inspect OUTSIDE-INSIDE-PMAP
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ
 service-policy type inspect OUTSIDE-DMZ-PMAP
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.2
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Viborg
crypto map PB_crypto_Map 20 ipsec-isakmp 
 set peer 10.1.1.3
 set transform-set PB-TransformSet 
 match address Tunnel2_til_Aalborg
!
!
!
!
!
interface Tunnel1
 description Tunnel1_til_Viborg
 ip address 172.16.254.1 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.2
!
interface Tunnel2
 description Tunnel2_til_Aalborg
 ip address 172.16.254.5 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.3
!
interface Loopback0
 ip address 192.168.255.10 255.255.255.0
 zone-member security DMZ
!
interface FastEthernet0/0
 description internet
 ip address 10.1.1.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 zone-member security OUTSIDE
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.16.255.10 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip route-cache flow
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet0/1/0
 description Til_AHA02SWCO
 switchport access vlan 990
!
interface FastEthernet0/1/1
 description Til_AHA01RT
 switchport access vlan 991
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Virtual-Template1 
 ip address 172.16.253.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 peer default ip address pool VPN-Pool
 ppp encrypt mppe auto
 ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
 no ip address
!
interface Vlan990
 ip address 172.16.255.22 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
interface Vlan991
 ip address 172.16.255.14 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
router ospf 1
 log-adjacency-changes
 passive-interface Tunnel1
 passive-interface Tunnel2
 network 172.16.255.10 0.0.0.0 area 0
 network 172.16.255.14 0.0.0.0 area 0
 network 172.16.255.22 0.0.0.0 area 0
 default-information originate
!
router bgp 65001
 bgp log-neighbor-changes
 neighbor 172.16.254.2 remote-as 65002
 neighbor 172.16.254.6 remote-as 65003
 !
 address-family ipv4
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.2 activate
 neighbor 172.16.254.6 activate
 default-information originate
 no auto-summary
 no synchronization
 exit-address-family
!
ip local pool VPN-Pool 172.16.253.10 172.16.253.200
ip route 0.0.0.0 0.0.0.0 10.1.1.254
!
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 172.16.241.17 9000
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80
!
ip access-list extended Tunnel1_til_Viborg
 permit gre host 10.1.1.1 host 10.1.1.2
ip access-list extended Tunnel2_til_Aalborg
 permit gre host 10.1.1.1 host 10.1.1.3
!
ip radius source-interface FastEthernet0/1 
access-list 10 permit 172.16.241.15
access-list 10 permit 172.16.0.0 0.15.255.255
snmp-server community PengeBanken RO
snmp-server host 172.16.241.17 version 2c PengeBanken 
!
!
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
ntp clock-period 17178263
ntp server 217.198.208.66
end