-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathR3.cfg
157 lines (156 loc) · 2.31 KB
/
R3.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key cisco address 200.0.1.1
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set MySet esp-aes 256 esp-sha-hmac
!
crypto map cmap 10 ipsec-isakmp
set peer 200.0.1.1
set transform-set MySet
match address l2l
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.10.8.1 255.255.255.0
serial restart-delay 0
clock rate 64000
!
interface Serial1/1
ip address 200.0.2.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
clock rate 64000
crypto map cmap
!
interface Serial1/2
ip address 10.10.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 5001
no synchronization
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor 10.10.8.2 remote-as 5003
neighbor 10.10.8.2 prefix-list permit-traffic in
neighbor 10.10.8.2 prefix-list permit-traffic out
neighbor 200.0.2.2 remote-as 5002
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.0.2.2
ip route 10.10.2.0 255.255.255.0 10.10.1.2
ip route 10.10.30.0 255.255.255.0 10.10.1.2
ip route 10.10.30.0 255.255.255.0 200.0.2.2
!
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Serial1/1 overload
!
ip access-list extended l2l
permit ip 10.10.30.0 0.0.0.255 10.10.40.0 0.0.0.255
!
!
ip prefix-list permit-traffic seq 5 permit 10.0.0.0/8 le 24
access-list 100 deny ip host 10.10.30.1 host 10.10.40.1
access-list 100 permit ip any any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end