PengeBanken
From Teknologisk videncenter
PengeBanken Konfig filer
Contents
AAA01SWCO
version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AAA01SWCO ! enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/ ! username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/ aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! ! ! aaa session-id common mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34 mls qos ip subnet-zero ip routing ip domain-name pengebanken.dk ip name-server 172.16.241.11 ! ! ! ! ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 2,8-11 priority 24576 ! vlan internal allocation policy ascending ! ip ssh version 2 ! ! ! ! ! interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/3 description AAFS01 switchport access vlan 8 switchport mode access mls qos trust cos spanning-tree portfast ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/12 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/15 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/18 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/20 switchport trunk encapsulation dot1q switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/21 description Til_AHA01RT no switchport ip address 172.18.255.5 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 mls qos trust cos spanning-tree portfast ! interface FastEthernet0/22 description Til_AAA01SWOP switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,8-11 switchport mode trunk mls qos trust cos spanning-tree guard root ! interface FastEthernet0/23 description Til_AAA01SWCO switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,8-11 switchport mode trunk mls qos trust cos ! interface FastEthernet0/24 description Til_TDC MPLS no switchport ip address 172.18.255.1 255.255.255.252 mls qos trust cos ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 ip address dhcp shutdown ! interface Vlan2 description Management ip address 192.168.2.2 255.255.255.0 standby 2 ip 192.168.2.1 standby 2 timers msec 200 msec 800 standby 2 priority 110 standby 2 preempt delay minimum 300 ! interface Vlan8 description Common_Services ip address 172.18.8.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 8 ip 172.18.8.1 standby 8 timers msec 200 msec 800 standby 8 priority 110 standby 8 preempt delay minimum 300 ! interface Vlan9 description Administration ip address 172.18.9.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 9 ip 172.18.9.1 standby 9 timers msec 200 msec 800 standby 9 priority 110 standby 9 preempt delay minimum 300 ! interface Vlan10 description BankRaadgiver ip address 172.18.10.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 10 ip 172.18.10.1 standby 10 timers msec 200 msec 800 standby 10 priority 110 standby 10 preempt delay minimum 300 ! interface Vlan11 description IP-Telefoni ip address 172.18.11.2 255.255.255.0 ip helper-address 172.18.8.11 ip helper-address 172.16.241.11 standby 11 ip 172.18.11.1 standby 11 timers msec 200 msec 800 standby 11 priority 110 standby 11 preempt delay minimum 300 ! router ospf 1 log-adjacency-changes network 172.18.0.0 0.0.255.255 area 0 default-information originate ! router bgp 65003 no synchronization bgp log-neighbor-changes redistribute connected neighbor 172.18.255.2 remote-as 65000 neighbor 172.18.255.2 description TDC_MPLS neighbor 172.18.255.2 soft-reconfiguration inbound neighbor 172.18.255.2 route-map 65003-RMAP-IN in neighbor 172.18.255.2 route-map 65003-RMAP-OUT out no auto-summary ! ip classless ip http server ip http secure-server ! ip radius source-interface Vlan2 ! ! ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32 ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32 ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32 access-list 1 permit 172.16.241.17 access-list 1 permit 172.16.7.0 0.0.0.255 route-map 65003-RMAP-IN permit 10 match ip address prefix-list 65003-PRE-IN ! route-map 65003-RMAP-OUT permit 10 match ip address prefix-list 65003-PRE-OUT ! snmp-server community PengeBanken RO 1 radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! line con 0 line vty 5 15 ! ntp clock-period 17179326 ntp server 172.16.255.10 end
AAA01RT
version 12.4 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AAA01RT ! boot-start-marker boot-end-marker ! enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0 ! aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! aaa session-id common ! resource policy ! ip cef ! ! ! ! ip domain name pengebanken.dk ip name-server 172.16.241.11 ip ssh version 2 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9. ! ! class-map match-any MissionCritical-Trust match ip dscp af31 class-map match-any VoIP-RTP-Trust match ip dscp ef class-map match-any VoIP-Control-Trust match ip dscp cs3 class-map match-any Management-Trust match ip dscp cs2 ! ! policy-map PbPolicy class VoIP-RTP-Trust priority percent 25 class VoIP-Control-Trust bandwidth percent 5 class MissionCritical-Trust bandwidth percent 40 class Management-Trust bandwidth percent 5 class class-default fair-queue ! ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1 ! ! crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac ! crypto map PB_crypto_Map 10 ipsec-isakmp set peer 10.1.1.1 set transform-set PB-TransformSet match address Tunnel1_til_Aarhus ! ! ! ! ! interface Tunnel1 description Til_Aarhus ip address 172.16.254.6 255.255.255.252 ip mtu 1420 tunnel source FastEthernet0/0 tunnel destination 10.1.1.1 ! interface FastEthernet0/0 description Internet ip address 10.1.1.3 255.255.255.0 duplex auto speed auto crypto map PB_crypto_Map ! interface FastEthernet0/1 description Til_AHA01SWCO ip address 172.18.255.6 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 duplex auto speed auto service-policy output PbPolicy ! interface Serial0/2/0 no ip address shutdown no fair-queue clock rate 125000 ! interface Serial0/2/1 no ip address shutdown clock rate 125000 ! router ospf 1 log-adjacency-changes redistribute bgp 65003 metric 255 subnets network 172.18.255.6 0.0.0.0 area 0 default-information originate metric 255 ! router bgp 65003 no synchronization bgp log-neighbor-changes redistribute static redistribute ospf 1 match internal external 1 external 2 neighbor 172.16.254.5 remote-as 65001 neighbor 172.16.254.5 description AHA01FW neighbor 172.16.254.5 route-map 65003-RMAP-IN in neighbor 172.16.254.5 route-map 65003-RMAP-OUT out default-information originate no auto-summary ! ip route 10.1.1.1 255.255.255.255 FastEthernet0/0 ! ! ip http server no ip http secure-server ! ip access-list extended Tunnel1_til_Aarhus permit gre host 10.1.1.3 host 10.1.1.1 ! ! ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32 ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32 ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32 ip radius source-interface FastEthernet0/1 access-list 1 permit 172.16.241.17 access-list 1 permit 172.16.7.0 0.0.0.255 snmp-server community PengeBanken RO 1 ! ! ! route-map 65003-RMAP-IN permit 10 match ip address prefix-list 65003-PRE-IN ! route-map 65003-RMAP-OUT permit 10 match ip address prefix-list 65003-PLIST-OUT set as-path prepend 65003 65003 65003 65003 65003 65003 65003 ! ! ! radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 length 0 ! scheduler allocate 20000 1000 ntp server 172.16.255.10 end
AHA01FW
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AHA01FW ! boot-start-marker boot-end-marker ! enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/ ! aaa new-model ! ! aaa authentication login default group radius local aaa authentication ppp default if-needed group radius none aaa authorization exec default group radius local ! aaa session-id common ! resource policy ! ip cef ! ! ! ! no ip domain lookup ip domain name pengebanken.dk ip name-server 172.16.241.11 ip ssh version 2 vpdn enable ! vpdn-group VPN ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1 ! ! class-map type inspect match-any OUTSIDE-DMZ-CMAP match protocol http class-map match-any MissionCritical-Trust match ip dscp af31 class-map match-any VoIP-RTP-Trust match ip dscp ef class-map match-any VoIP-Control-Trust match ip dscp cs3 class-map match-any Management-Trust match ip dscp cs2 class-map type inspect match-any INSIDE-OUTSIDE-CMAP match protocol tcp match protocol udp match protocol icmp class-map type inspect match-any OUTSIDE-INSIDE-CMAP match protocol tcp match protocol udp ! ! policy-map type inspect OUTSIDE-DMZ-PMAP class type inspect OUTSIDE-DMZ-CMAP inspect class class-default drop log policy-map PbPolicy class VoIP-RTP-Trust priority percent 25 class VoIP-Control-Trust bandwidth percent 5 class MissionCritical-Trust bandwidth percent 40 class Management-Trust bandwidth percent 5 class class-default fair-queue policy-map type inspect INSIDE-OUTSIDE-PMAP class type inspect INSIDE-OUTSIDE-CMAP inspect class class-default drop log policy-map type inspect OUTSIDE-INSIDE-PMAP class type inspect OUTSIDE-INSIDE-CMAP drop log class class-default ! zone security INSIDE zone security OUTSIDE zone security DMZ zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE service-policy type inspect INSIDE-OUTSIDE-PMAP zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE service-policy type inspect OUTSIDE-INSIDE-PMAP zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ service-policy type inspect OUTSIDE-DMZ-PMAP ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2 crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3 ! ! crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac ! crypto map PB_crypto_Map 10 ipsec-isakmp set peer 10.1.1.2 set transform-set PB-TransformSet match address Tunnel1_til_Viborg crypto map PB_crypto_Map 20 ipsec-isakmp set peer 10.1.1.3 set transform-set PB-TransformSet match address Tunnel2_til_Aalborg ! ! ! ! ! interface Tunnel1 description Tunnel1_til_Viborg ip address 172.16.254.1 255.255.255.252 ip mtu 1420 ip nat inside ip virtual-reassembly zone-member security INSIDE tunnel source FastEthernet0/0 tunnel destination 10.1.1.2 service-policy output PbPolicy ! interface Tunnel2 description Tunnel2_til_Aalborg ip address 172.16.254.5 255.255.255.252 ip mtu 1420 ip nat inside ip virtual-reassembly zone-member security INSIDE tunnel source FastEthernet0/0 tunnel destination 10.1.1.3 service-policy output PbPolicy ! interface Loopback0 ip address 192.168.255.10 255.255.255.0 zone-member security DMZ ! interface FastEthernet0/0 description internet ip address 10.1.1.1 255.255.255.0 ip nat outside ip virtual-reassembly zone-member security OUTSIDE duplex auto speed auto crypto map PB_crypto_Map ! interface FastEthernet0/1 description Til_AHA01SWCO ip address 172.16.255.10 255.255.255.252 ip nat inside ip virtual-reassembly zone-member security INSIDE ip route-cache flow ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 duplex auto speed auto service-policy output PbPolicy ! interface FastEthernet0/1/0 description Til_AHA02SWCO switchport access vlan 990 service-policy output PbPolicy ! interface FastEthernet0/1/1 description Til_AHA01RT switchport access vlan 991 service-policy output PbPolicy ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Virtual-Template1 ip address 172.16.253.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security INSIDE peer default ip address pool VPN-Pool ppp encrypt mppe auto ppp authentication ms-chap ms-chap-v2 ! interface Vlan1 no ip address ! interface Vlan990 ip address 172.16.255.22 255.255.255.252 ip nat inside ip virtual-reassembly zone-member security INSIDE ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 ! interface Vlan991 ip address 172.16.255.14 255.255.255.252 ip nat inside ip virtual-reassembly zone-member security INSIDE ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 ! router ospf 1 log-adjacency-changes passive-interface Tunnel1 passive-interface Tunnel2 network 172.16.255.10 0.0.0.0 area 0 network 172.16.255.14 0.0.0.0 area 0 network 172.16.255.22 0.0.0.0 area 0 default-information originate ! router bgp 65001 bgp log-neighbor-changes neighbor 172.16.254.2 remote-as 65002 neighbor 172.16.254.6 remote-as 65003 ! address-family ipv4 redistribute static redistribute ospf 1 match internal external 1 external 2 neighbor 172.16.254.2 activate neighbor 172.16.254.6 activate default-information originate no auto-summary no synchronization exit-address-family ! ip local pool VPN-Pool 172.16.253.10 172.16.253.200 ip route 0.0.0.0 0.0.0.0 10.1.1.254 ! ip flow-export source FastEthernet0/1 ip flow-export version 5 ip flow-export destination 172.16.241.17 9000 ! ip http server no ip http secure-server ip nat inside source list 10 interface FastEthernet0/0 overload ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80 ! ip access-list extended Tunnel1_til_Viborg permit gre host 10.1.1.1 host 10.1.1.2 ip access-list extended Tunnel2_til_Aalborg permit gre host 10.1.1.1 host 10.1.1.3 ! ip radius source-interface FastEthernet0/1 access-list 10 permit 172.16.241.15 access-list 10 permit 172.16.0.0 0.15.255.255 snmp-server community PengeBanken RO snmp-server host 172.16.241.17 version 2c PengeBanken ! ! ! ! ! radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! scheduler allocate 20000 1000 ntp clock-period 17178263 ntp server 217.198.208.66 end
AHA01RT
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname AHA01RT ! boot-start-marker boot-end-marker ! enable secret 5 $1$YV94$HOlo8yju4M0iEUg5.PrWu. ! aaa new-model ! ! aaa authentication login default group radius local aaa authorization exec default group radius local ! aaa session-id common ! resource policy ! ip cef ! ! ! ! ip domain name pengebanken.dk ip name-server 172.16.241.11 ip ssh version 2 ! ! ! voice-card 0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username admin privilege 15 secret 5 $1$uLI5$fbqYcgEAGYN9aJopMZbs0. ! ! class-map match-any MissionCritical-Trust match ip dscp af31 class-map match-any VoIP-RTP-Trust match ip dscp ef class-map match-any VoIP-Control-Trust match ip dscp cs3 class-map match-any Management-Trust match ip dscp cs2 ! ! policy-map PbPolicy class VoIP-RTP-Trust priority percent 25 class VoIP-Control-Trust bandwidth percent 5 class MissionCritical-Trust bandwidth percent 40 class Management-Trust bandwidth percent 5 class class-default fair-queue ! ! ! ! ! ! ! interface FastEthernet0/0 description TDC_MPLS ip address 172.16.255.1 255.255.255.252 duplex auto speed auto auto qos voip trust ! interface FastEthernet0/1 description Til_AHA02SWCO ip address 172.16.255.5 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 duplex auto speed auto auto qos voip trust service-policy output PbPolicy ! interface FastEthernet0/1.101 ! interface FastEthernet0/1/0 description Til_AHA01SWCO switchport access vlan 990 service-policy output PbPolicy ! interface FastEthernet0/1/1 description Til_AHA01FW switchport access vlan 991 service-policy output PbPolicy ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/2/0 no ip address shutdown clock rate 2000000 ! interface Vlan1 no ip address ! interface Vlan990 ip address 172.16.255.18 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 ! interface Vlan991 ip address 172.16.255.13 255.255.255.252 ip ospf network point-to-point ip ospf dead-interval minimal hello-multiplier 3 ! router ospf 1 log-adjacency-changes redistribute bgp 65001 subnets network 172.16.255.1 0.0.0.0 area 0 network 172.16.255.5 0.0.0.0 area 0 network 172.16.255.13 0.0.0.0 area 0 network 172.16.255.18 0.0.0.0 area 0 ! router bgp 65001 no synchronization bgp log-neighbor-changes redistribute connected redistribute ospf 1 match internal external 1 external 2 neighbor 172.16.255.2 remote-as 65000 neighbor 172.16.255.2 description TDC_MPLS neighbor 172.16.255.2 next-hop-self neighbor 172.16.255.2 soft-reconfiguration inbound neighbor 172.16.255.2 route-map 65000-RMAP-OUT out default-information originate no auto-summary ! ! ! ip http server no ip http secure-server ! ! ip prefix-list 65000-PLIST-OUT seq 5 deny 172.17.0.0/16 le 32 ip prefix-list 65000-PLIST-OUT seq 10 deny 172.18.0.0/16 le 32 ip prefix-list 65000-PLIST-OUT seq 15 deny 192.168.2.0/24 le 32 ip prefix-list 65000-PLIST-OUT seq 20 deny 192.168.1.0/24 le 32 ip prefix-list 65000-PLIST-OUT seq 30 permit 0.0.0.0/0 le 32 ip radius source-interface FastEthernet0/1 snmp-server community PengeBanken RO ! ! ! route-map 65000-RMAP-OUT permit 10 match ip address prefix-list 65000-PLIST-OUT ! ! ! radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco ! scheduler allocate 20000 1000 ntp clock-period 17179809 ntp server 172.16.255.10 end