PengeBanken

From Teknologisk videncenter
Revision as of 08:17, 14 September 2009 by Sahan109 (talk | contribs)
Jump to: navigation, search

PengeBanken Konfig filer

AAA01SWCO

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01SWCO
!
enable secret 5 $1$rCMy$qRGETbYap5f9zcvVrWQpn/
!
username admin privilege 15 secret 5 $1$JYrG$a8l5k1cKm/ydAS.5t.OpV/
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
!
!
aaa session-id common
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 85
mls qos min-reserve 7 51
mls qos min-reserve 8 34
mls qos
ip subnet-zero
ip routing
ip domain-name pengebanken.dk
ip name-server 172.16.241.11
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2,8-11 priority 24576
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
! 
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/3
 description AAFS01
 switchport access vlan 8
 switchport mode access
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/21
 description Til_AHA01RT
 no switchport
 ip address 172.18.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 mls qos trust cos
 spanning-tree portfast
!
interface FastEthernet0/22
 description Til_AAA01SWOP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
 spanning-tree guard root
!
interface FastEthernet0/23
 description Til_AAA01SWCO
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,8-11
 switchport mode trunk
 mls qos trust cos
!
interface FastEthernet0/24
 description Til_TDC MPLS
 no switchport
 ip address 172.18.255.1 255.255.255.252
 mls qos trust cos
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address dhcp
 shutdown
!
interface Vlan2
 description Management
 ip address 192.168.2.2 255.255.255.0
 standby 2 ip 192.168.2.1
 standby 2 timers msec 200 msec 800
 standby 2 priority 110
 standby 2 preempt delay minimum 300
!
interface Vlan8
 description Common_Services
 ip address 172.18.8.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 8 ip 172.18.8.1
 standby 8 timers msec 200 msec 800
 standby 8 priority 110
 standby 8 preempt delay minimum 300
!
interface Vlan9
 description Administration
 ip address 172.18.9.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 9 ip 172.18.9.1
 standby 9 timers msec 200 msec 800
 standby 9 priority 110
 standby 9 preempt delay minimum 300
!
interface Vlan10
 description BankRaadgiver
 ip address 172.18.10.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 10 ip 172.18.10.1
 standby 10 timers msec 200 msec 800
 standby 10 priority 110
 standby 10 preempt delay minimum 300
!
interface Vlan11
 description IP-Telefoni
 ip address 172.18.11.2 255.255.255.0
 ip helper-address 172.18.8.11
 ip helper-address 172.16.241.11
 standby 11 ip 172.18.11.1
 standby 11 timers msec 200 msec 800
 standby 11 priority 110
 standby 11 preempt delay minimum 300
!
router ospf 1
 log-adjacency-changes
 network 172.18.0.0 0.0.255.255 area 0
 default-information originate
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 172.18.255.2 remote-as 65000
 neighbor 172.18.255.2 description TDC_MPLS
 neighbor 172.18.255.2 soft-reconfiguration inbound
 neighbor 172.18.255.2 route-map 65003-RMAP-IN in
 neighbor 172.18.255.2 route-map 65003-RMAP-OUT out
 no auto-summary
!
ip classless
ip http server
ip http secure-server
!
ip radius source-interface Vlan2 
!
!
ip prefix-list 65003-PRE-IN seq 10 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PRE-OUT
!
snmp-server community PengeBanken RO 1
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
line con 0
line vty 5 15
!
ntp clock-period 17179326
ntp server 172.16.255.10
end

AAA01RT

version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AAA01RT
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$C.7u$pLtmCcZ97WTe/1WNff1aP0
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$LTCn$DMDN3cY4cPSvI/FtXN7C9.
!
!
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
!
!
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.1
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.1
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Aarhus
!
!
!
!
!
interface Tunnel1
 description Til_Aarhus
 ip address 172.16.254.6 255.255.255.252
 ip mtu 1420
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.1
!
interface FastEthernet0/0
 description Internet
 ip address 10.1.1.3 255.255.255.0
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.18.255.6 255.255.255.252
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output PbPolicy
!
interface Serial0/2/0
 no ip address
 shutdown
 no fair-queue
 clock rate 125000
!
interface Serial0/2/1
 no ip address
 shutdown
 clock rate 125000
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 65003 metric 255 subnets
 network 172.18.255.6 0.0.0.0 area 0
 default-information originate metric 255
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.5 remote-as 65001
 neighbor 172.16.254.5 description AHA01FW
 neighbor 172.16.254.5 route-map 65003-RMAP-IN in
 neighbor 172.16.254.5 route-map 65003-RMAP-OUT out
 default-information originate
 no auto-summary
!
ip route 10.1.1.1 255.255.255.255 FastEthernet0/0
!
!
ip http server
no ip http secure-server
!
ip access-list extended Tunnel1_til_Aarhus
 permit gre host 10.1.1.3 host 10.1.1.1
!
!
ip prefix-list 65003-PLIST-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 65003-PRE-IN seq 5 deny 172.18.0.0/16 le 32
ip prefix-list 65003-PRE-IN seq 15 deny 192.168.2.0/24 le 32
ip prefix-list 65003-PRE-IN seq 30 permit 0.0.0.0/0 le 32
ip radius source-interface FastEthernet0/1 
access-list 1 permit 172.16.241.17
access-list 1 permit 172.16.7.0 0.0.0.255
snmp-server community PengeBanken RO 1
!
!
!
route-map 65003-RMAP-IN permit 10
 match ip address prefix-list 65003-PRE-IN
!
route-map 65003-RMAP-OUT permit 10
 match ip address prefix-list 65003-PLIST-OUT
 set as-path prepend 65003 65003 65003 65003 65003 65003 65003
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 length 0
!
scheduler allocate 20000 1000
ntp server 172.16.255.10
end

AHA01FW

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AHA01FW
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jo1B$nWomz1YE6pfKxf2fsIEbL/
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication ppp default if-needed group radius none
aaa authorization exec default group radius local 
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
ip domain name pengebanken.dk
ip name-server 172.16.241.11
ip ssh version 2
vpdn enable
!
vpdn-group VPN
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$QJJ1$jRbgh4QRTKIss5u1jaRPg1
!
!
class-map type inspect match-any OUTSIDE-DMZ-CMAP
 match protocol http
class-map match-any MissionCritical-Trust
 match ip dscp af31 
class-map match-any VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any VoIP-Control-Trust
 match ip dscp cs3 
class-map match-any Management-Trust
 match ip dscp cs2 
class-map match-any AutoQoS-VoIP-RTP-Trust
 match ip dscp ef 
class-map type inspect match-any INSIDE-OUTSIDE-CMAP
 match protocol tcp
 match protocol udp
 match protocol icmp
class-map type inspect match-any OUTSIDE-INSIDE-CMAP
 match protocol tcp
 match protocol udp
class-map match-any AutoQoS-VoIP-Control-Trust
 match ip dscp cs3 
 match ip dscp af31 
!
!
policy-map type inspect OUTSIDE-DMZ-PMAP
 class type inspect OUTSIDE-DMZ-CMAP
  inspect
 class class-default
  drop log
policy-map PbPolicy
 class VoIP-RTP-Trust
  priority percent 25
 class VoIP-Control-Trust
  bandwidth percent 5
 class MissionCritical-Trust
  bandwidth percent 40
 class Management-Trust
  bandwidth percent 5
 class class-default
  fair-queue
policy-map AutoQoS-Policy-Trust
 class AutoQoS-VoIP-RTP-Trust
  priority percent 70
 class AutoQoS-VoIP-Control-Trust
  bandwidth percent 5
 class class-default
  fair-queue
policy-map type inspect INSIDE-OUTSIDE-PMAP
 class type inspect INSIDE-OUTSIDE-CMAP
  inspect
 class class-default
  drop log
policy-map type inspect OUTSIDE-INSIDE-PMAP
 class type inspect OUTSIDE-INSIDE-CMAP
  drop log
 class class-default
!
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security INSIDE-OUTSIDE-ZPAIR source INSIDE destination OUTSIDE
 service-policy type inspect INSIDE-OUTSIDE-PMAP
zone-pair security OUTSIDE-INSIDE-ZPAIR source OUTSIDE destination INSIDE
 service-policy type inspect OUTSIDE-INSIDE-PMAP
zone-pair security OUTSIDE-DMZ-ZPAIR source OUTSIDE destination DMZ
 service-policy type inspect OUTSIDE-DMZ-PMAP
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
crypto isakmp key MegetSikkerNoegleTilViborg address 10.1.1.2
crypto isakmp key MegetSikkerNoegleTilAalborg address 10.1.1.3
!
!
crypto ipsec transform-set PB-TransformSet esp-3des esp-sha-hmac 
!
crypto map PB_crypto_Map 10 ipsec-isakmp 
 set peer 10.1.1.2
 set transform-set PB-TransformSet 
 match address Tunnel1_til_Viborg
crypto map PB_crypto_Map 20 ipsec-isakmp 
 set peer 10.1.1.3
 set transform-set PB-TransformSet 
 match address Tunnel2_til_Aalborg
!
!
!
!
!
interface Tunnel1
 description Tunnel1_til_Viborg
 ip address 172.16.254.1 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.2
!
interface Tunnel2
 description Tunnel2_til_Aalborg
 ip address 172.16.254.5 255.255.255.252
 ip mtu 1420
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 tunnel source FastEthernet0/0
 tunnel destination 10.1.1.3
!
interface Loopback0
 ip address 192.168.255.10 255.255.255.0
 zone-member security DMZ
!
interface FastEthernet0/0
 description internet
 ip address 10.1.1.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 zone-member security OUTSIDE
 duplex auto
 speed auto
 crypto map PB_crypto_Map
!
interface FastEthernet0/1
 description Til_AHA01SWCO
 ip address 172.16.255.10 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip route-cache flow
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
 duplex auto
 speed auto
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet0/1/0
 description Til_AHA02SWCO
 switchport access vlan 990
!
interface FastEthernet0/1/1
 description Til_AHA01RT
 switchport access vlan 991
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Virtual-Template1 
 ip address 172.16.253.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 peer default ip address pool VPN-Pool
 ppp encrypt mppe auto
 ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
 no ip address
!
interface Vlan990
 ip address 172.16.255.22 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
interface Vlan991
 ip address 172.16.255.14 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 zone-member security INSIDE
 ip ospf network point-to-point
 ip ospf dead-interval minimal hello-multiplier 3
!
router ospf 1
 log-adjacency-changes
 passive-interface Tunnel1
 passive-interface Tunnel2
 network 172.16.255.10 0.0.0.0 area 0
 network 172.16.255.14 0.0.0.0 area 0
 network 172.16.255.22 0.0.0.0 area 0
 default-information originate
!
router bgp 65001
 bgp log-neighbor-changes
 neighbor 172.16.254.2 remote-as 65002
 neighbor 172.16.254.6 remote-as 65003
 !
 address-family ipv4
 redistribute static
 redistribute ospf 1 match internal external 1 external 2
 neighbor 172.16.254.2 activate
 neighbor 172.16.254.6 activate
 default-information originate
 no auto-summary
 no synchronization
 exit-address-family
!
ip local pool VPN-Pool 172.16.253.10 172.16.253.200
ip route 0.0.0.0 0.0.0.0 10.1.1.254
!
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 172.16.241.17 9000
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.255.10 80 interface FastEthernet0/0 80
!
ip access-list extended Tunnel1_til_Viborg
 permit gre host 10.1.1.1 host 10.1.1.2
ip access-list extended Tunnel2_til_Aalborg
 permit gre host 10.1.1.1 host 10.1.1.3
!
ip radius source-interface FastEthernet0/1 
access-list 10 permit 172.16.241.15
access-list 10 permit 172.16.0.0 0.15.255.255
snmp-server community PengeBanken RO
snmp-server host 172.16.241.17 version 2c PengeBanken 
!
!
!
!
!
radius-server host 172.16.241.11 auth-port 1645 acct-port 1646 key PengeBanken
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
ntp clock-period 17178263
ntp server 217.198.208.66
end