Аццкий конфиг с кошки, много всякого...


!
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
hostname c2821
!
boot-start-marker
boot-end-marker
!
card type e1 0 0
logging buffered 4096
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login user_auth group radius local
aaa authentication ppp default group radius local
aaa authorization exec default local none
aaa authorization network default group radius local
aaa authorization network group_author local
aaa accounting delay-start
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
!
aaa server radius dynamic-author
client 192.168.100.242 server-key XXXXXXXXXXXXXX
auth-type any
ignore session-key
!
aaa session-id unique
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
network-clock-participate wic 0
dot11 syslog
ip wccp web-cache redirect-list REDIRECT_HTTP password XXXXXXXXXXXXXX
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.30.1 192.168.30.10
ip dhcp excluded-address 192.168.110.1
!
ip dhcp pool SRST-Pool
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
option 150 ip 192.168.30.2
dns-server 192.168.100.254 80.250.191.18
option 66 ip 192.168.30.2
!
ip dhcp pool WiFi-Pool
network 192.168.110.0 255.255.255.0
default-router 192.168.110.1
dns-server 192.168.100.254
!
ip dhcp pool WiFi-AP-Pool
host 192.168.110.2 255.255.255.0
client-identifier 0100.1bd5.bdf2.b4
default-router 192.168.110.1
!
!
ip domain name bla-bla.ru
ip name-server xxx.xxx.65.9
ip name-server xxx.xxx.66.253
ip name-server xxx.xxx.192.2
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
login block-for 300 attempts 3 within 60
login delay 3
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name Cisco_VPN_PPTP_server
ip mtu adjust
!
isdn switch-type primary-net5
!
!
trunk group CO
carrier-id YYYYYYY
!
voice-card 0
dspfarm
dsp services dspfarm
!
!
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw
sip
registrar server expires max 600 min 60
no update-callerid
!
!
voice class codec 15
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 ilbc
!
!
!
!
!
!
!
!
!
!
!
voice register pool 10
id network 192.168.30.0 mask 255.255.255.0
application sip.app
preference 2
proxy 192.168.30.2 preference 1 monitor probe icmp-ping
dtmf-relay rtp-nte
voice-class codec 15
!
!
voice translation-rule 10
rule 1 /\(^.+\)/ /9\1/
!
!
voice translation-profile world-to-me
translate calling 10
!
!
!
application
service ivrtest flash://its-CISCO.2.0.2.0.tcl
paramspace english index 0
paramspace english language en
paramspace english location flash:
param aa-pilot YYYYYYY
paramspace english prefix en
param operator 2001
!
global
service alternate DEFAULT
!
!
!
!
!
!
username admin privilege 15 secret XXXXXXXXXXXXXX
username admin-vpn password XXXXXXXXXXXXXX
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXXXXXXXXXX address 1.1.1.1 no-xauth
crypto isakmp key XXXXXXXXXXXXXX address 2.2.2.2 no-xauth
crypto isakmp key XXXXXXXXXXXXXX address 3.3.3.3 no-xauth
crypto isakmp key XXXXXXXXXXXXXX address 4.4.4.4 no-xauth
crypto isakmp key XXXXXXXXXXXXXX address 5.5.5.5 no-xauth
crypto isakmp key XXXXXXXXXXXXXX address 6.6.6.6 no-xauth
crypto isakmp key XXXXXXXXXXXXXX address 7.7.7.7 no-xauth
crypto isakmp key XXXXXXXXXXXXXX address 8.8.8.8 no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 periodic
crypto isakmp xauth timeout 90

!
crypto isakmp client configuration group mobile
key XXXXXXXXXXXXXX
dns 192.168.100.254 80.250.191.18
pool PPTP_VPN
max-users 250
netmask 255.255.255.0
crypto isakmp profile mobile_users
match identity group mobile
client authentication list user_auth
isakmp authorization list group_author
client configuration address respond
client configuration group mobile
accounting default
virtual-template 2
!
!
crypto ipsec transform-set ESP-3DES-SHA0 esp-3des esp-sha-hmac
crypto ipsec transform-set T2 esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile P2
set transform-set T2
!
crypto ipsec profile mobile_users_ipsec
set transform-set ESP-3DES-SHA0
set isakmp-profile mobile_users
!
!
crypto map temp local-address Vlan50
crypto map temp client configuration address respond
crypto map temp 1 ipsec-isakmp
description to_Archangelsk
set peer 1.1.1.1
set transform-set ESP-3DES-SHA0
match address VPN-Archangelsk
crypto map temp 2 ipsec-isakmp
description to_Intersol
set peer 5.5.5.5
set transform-set ESP-3DES-SHA0
match address VPN-Intersol
!
!
!
controller E1 0/0/0
pri-group timeslots 1-31
description PSTN-Voice-Trunk-E1
!
ip tcp path-mtu-discovery
ip ssh maxstartups 5
ip ssh time-out 60
ip ssh version 2
no ip rcmd domain-lookup
!
track 10 rtr 10 reachability
delay down 15 up 10
!
track 20 rtr 20 reachability
delay down 15 up 10
!
policy-map out-policy-128k
class class-default
police cir 128000 bc 8000 be 8000
exceed-action drop
policy-map in-policy-128k
class class-default
police cir 128000 bc 8000 be 8000
exceed-action drop
!
!
!
!
bba-group pppoe TEST
virtual-template 1
!
!
interface Loopback10
description Loopback-For-VPN-Users
ip address 192.168.111.1 255.255.255.255
!
interface Loopback20
description Loopback-For-WiFi-Net
ip address 192.168.110.1 255.255.255.255
!
interface Tunnel1
description tun-to-c871spb-novg12
bandwidth 256
ip address 192.168.10.1 255.255.255.252
ip mtu 1250
ip tcp adjust-mss 1100
tunnel source aaa.aaa.aaa.226
tunnel destination 2.2.2.2
tunnel protection ipsec profile P2
!
interface Tunnel2
description tun-to-c877-msk-1
bandwidth 256
ip address 192.168.10.5 255.255.255.252
ip mtu 1250
ip tcp adjust-mss 1100
tunnel source aaa.aaa.aaa.226
tunnel destination 4.4.4.4
tunnel protection ipsec profile P2
!
interface Tunnel3
description tun-to-c851-novosib-1
bandwidth 256
ip address 192.168.10.9 255.255.255.252
ip mtu 1250
ip tcp adjust-mss 1100
tunnel source aaa.aaa.aaa.226
tunnel destination 3.3.3.3
tunnel protection ipsec profile P2
!
interface Tunnel4
description tun-to-c857-murmansk
bandwidth 256
ip address 192.168.10.13 255.255.255.252
ip mtu 1226
ip tcp adjust-mss 1100
tunnel source aaa.aaa.aaa.226
tunnel destination 8.8.8.8
tunnel protection ipsec profile P2
!
interface Tunnel5
description tun-to-c2811-msk-2
bandwidth 256
ip address 192.168.10.17 255.255.255.252
ip mtu 1250
ip tcp adjust-mss 1100
tunnel source aaa.aaa.aaa.226
tunnel destination 7.7.7.7
tunnel protection ipsec profile P2
!
interface Tunnel6
description tun-to-c871-spb-rzevka
bandwidth 256
ip address 192.168.10.21 255.255.255.252
ip mtu 1250
ip tcp adjust-mss 1100
tunnel source aaa.aaa.aaa.226
tunnel destination 6.6.6.6
tunnel protection ipsec profile P2
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.20
description TESTLAB
encapsulation dot1Q 20
ip address 192.168.4.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface GigabitEthernet0/0.30
description Voice_LAN
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip wccp web-cache redirect in
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ntp broadcast
!
interface GigabitEthernet0/0.40
description Data_LAN
encapsulation dot1Q 40
ip address 192.168.0.90 255.255.255.0 secondary
ip address 192.168.40.1 255.255.255.0
ip helper-address 192.168.100.254
ip wccp web-cache redirect in
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0.100
description Servers
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1/0
description To-WiFi-AP-WithoutEncryption
switchport access vlan 70
!
interface FastEthernet0/1/1
description ISP-1
switchport access vlan 50
no cdp enable
!
interface FastEthernet0/1/2
description ISP-2
switchport access vlan 60
no cdp enable
!
interface FastEthernet0/1/3
switchport access vlan 60
no cdp enable
!
interface Serial0/0/0:15
description PSTN-Voice-Trunk-E1
no ip address
encapsulation hdlc
no logging event link-status
isdn switch-type primary-net5
isdn timer T310 60000
isdn incoming-voice voice
no cdp enable
!
interface Virtual-Template1
description Tunnel-Template-For-PPTP-Users
ip unnumbered Loopback10
ip verify unicast reverse-path
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1460
autodetect encapsulation ppp
no snmp trap link-status
peer default ip address pool PPTP_VPN
no keepalive
ppp mtu adaptive
ppp encrypt mppe 128 passive
ppp authentication ms-chap-v2
ppp ipcp dns 192.168.100.254 217.195.65.9
ppp ipcp wins 192.168.100.254
!
interface Virtual-Template2 type tunnel
description Tunnel-Template-For-VPNC-Users
bandwidth 1024
ip unnumbered Loopback10
ip nat inside
ip virtual-reassembly
load-interval 30
no snmp trap link-status
tunnel mode ipsec ipv4
tunnel protection ipsec profile mobile_users_ipsec
tunnel bandwidth transmit 1024
tunnel bandwidth receive 1024
!
interface Vlan1
no ip address
shutdown
!
interface Vlan50
description ISP2
bandwidth 10000
ip address aaa.aaa.aaa.226 255.255.255.224
ip access-group From-INTERNET in
ip nat outside
ip virtual-reassembly
crypto map temp
!
interface Vlan60
description to ISP1
bandwidth 10000
ip address bbb.bbb.bbb.18 255.255.255.248
ip access-group From-INTERNET in
ip nat outside
ip virtual-reassembly
!
interface Vlan70
description to WiFi-AP
ip unnumbered Loopback20
ip access-group WiFi-Net-Inp in
ip access-group WiFi-Net-Out out
ip virtual-reassembly
!
router rip
version 2
passive-interface default
no passive-interface Tunnel1
no passive-interface Tunnel2
no passive-interface Tunnel3
no passive-interface Tunnel4
no passive-interface Tunnel5
no passive-interface Tunnel6
network 192.168.0.0
network 192.168.10.0
network 192.168.40.0
network 192.168.100.0
network 192.168.111.0
!
ip local pool PPTP_VPN 192.168.111.100 192.168.111.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 aaa.aaa.aaa.225 track 10
ip route 0.0.0.0 0.0.0.0 bbb.bbb.bbb.17 5 track 20
ip route 172.16.10.0 255.255.255.0 192.168.100.111 name TEST-route-forISG
ip route 172.16.20.0 255.255.255.0 192.168.100.111 name TEST-route-forISG
ip route 192.168.101.0 255.255.255.0 192.168.100.111 name TEST-route-forISG
!
ip flow-cache timeout active 5
ip flow-export source Loopback10
ip flow-export version 5
ip flow-export interface-names
ip flow-export destination 192.168.100.242 9996
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation timeout 20
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 60
ip nat translation dns-timeout 80
ip nat translation icmp-timeout 10
ip nat pool POOL-Prometey-1 aaa.aaa.aaa.226 aaa.aaa.aaa.226 netmask 255.255.255.224
ip nat pool POOL-Prometey-2 aaa.aaa.aaa.227 aaa.aaa.aaa.227 netmask 255.255.255.224
ip nat pool POOL-Petrstar-1 bbb.bbb.bbb.18 bbb.bbb.bbb.18 netmask 255.255.255.248
ip nat pool POOL-Petrstar-2 bbb.bbb.bbb.19 bbb.bbb.bbb.19 netmask 255.255.255.248
ip nat inside source route-map For-NAT-1 pool POOL-Prometey-1 overload
ip nat inside source route-map For-NAT-2 pool POOL-Prometey-2 overload
ip nat inside source route-map For-Reserve-NAT-1 pool POOL-Petrstar-1 overload
ip nat inside source route-map For-Reserve-NAT-2 pool POOL-Petrstar-2 overload
ip nat inside source static tcp 192.168.100.253 25 aaa.aaa.aaa.227 25 extendable
ip nat inside source static tcp 192.168.100.253 80 aaa.aaa.aaa.227 80 extendable
ip nat inside source static tcp 192.168.100.253 110 aaa.aaa.aaa.227 110 extendable
ip nat inside source static tcp 192.168.100.248 20 aaa.aaa.aaa.228 20 extendable
ip nat inside source static tcp 192.168.100.248 21 aaa.aaa.aaa.228 21 extendable
ip nat inside source static tcp 192.168.100.248 22 aaa.aaa.aaa.228 22 extendable
!
ip access-list standard SNMP_ACCESS
permit 192.168.100.241
ip access-list standard VTY_ACCESS
permit 192.168.40.0 0.0.0.255
!
ip access-list extended For-NAT-1
deny ip 192.168.0.0 0.0.255.255 192.168.200.0 0.0.0.255
deny ip 192.168.0.0 0.0.255.255 192.168.220.0 0.0.0.255
deny ip 192.168.0.0 0.0.255.255 192.168.221.0 0.0.0.255
permit udp host 192.168.100.254 any eq domain
permit tcp host 192.168.100.254 any eq domain
permit ip host 192.168.100.100 any
permit ip host 192.168.100.111 any
permit ip host 192.168.100.247 any
permit ip host 192.168.100.248 any
permit ip host 192.168.100.249 any
permit ip host 192.168.100.251 any
permit ip host 192.168.100.244 any
permit ip host 192.168.30.100 any
permit ip host 192.168.50.100 any
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.40.0 0.0.0.255 any
permit ip 192.168.111.0 0.0.0.255 any
permit ip 172.16.10.0 0.0.0.255 any
permit ip 172.16.20.0 0.0.0.255 any
ip access-list extended For-NAT-2
deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.30.0 0.0.0.255 any
permit ip host 192.168.100.210 any
permit ip host 192.168.100.220 any
permit ip host 192.168.100.225 any
permit ip host 192.168.100.235 any
permit ip host 192.168.100.239 any
permit ip host 192.168.100.240 any
permit ip host 192.168.100.241 any
permit ip host 192.168.100.242 any
permit ip host 192.168.100.243 any
permit ip host 192.168.100.245 any
permit ip host 192.168.100.246 any
permit ip host 192.168.100.250 any
permit ip host 192.168.100.253 any
permit ip host 192.168.99.242 any
permit ip host 192.168.4.32 any
permit ip host 192.168.0.251 any
permit ip host 192.168.100.165 any
ip access-list extended From-INTERNET
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 255.255.255.255 any
deny ip host 0.0.0.0 any
deny udp any any eq 5060
deny tcp any any eq 5060
deny tcp any any eq 2000
deny udp any any eq 1720
deny tcp any any eq 1720
permit ip any any
ip access-list extended Kill-SMB-in
deny tcp any any eq 139
permit ip any any
ip access-list extended Kill-SMB-out
deny tcp any eq 139 any
permit ip any any
ip access-list extended REDIRECT_HTTP
deny tcp 192.168.40.0 0.0.0.255 192.168.100.0 0.0.0.255 eq www
deny tcp 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255 eq www
deny tcp host 192.168.40.37 any eq www
permit tcp 192.168.0.0 0.0.0.255 any eq www
permit tcp 192.168.40.0 0.0.0.255 any eq www
permit tcp 192.168.30.0 0.0.0.255 any eq www
ip access-list extended VPN-Archangelsk
permit ip 192.168.0.0 0.0.255.255 192.168.220.0 0.0.0.255
ip access-list extended VPN-Intersol
permit ip 192.168.0.0 0.0.255.255 192.168.200.0 0.0.0.255
ip access-list extended WiFi-Net-Inp
permit esp 192.168.110.0 0.0.0.255 any
permit udp any eq bootpc any eq bootps
permit udp 192.168.110.0 0.0.0.255 any eq domain
permit udp 192.168.110.0 0.0.0.255 any eq isakmp
permit tcp host 192.168.110.2 any established
permit icmp 192.168.110.0 0.0.0.255 host 192.168.110.1
ip access-list extended WiFi-Net-Out
permit esp any 192.168.110.0 0.0.0.255
permit udp any eq domain 192.168.110.0 0.0.0.255
permit tcp any host 192.168.110.2 eq 22 telnet
permit icmp host 192.168.110.1 192.168.110.0 0.0.0.255
ip access-list extended remote_access
permit ip 192.168.40.0 0.0.0.255 any
permit ip 192.168.100.0 0.0.0.255 any
!
ip radius source-interface GigabitEthernet0/0.100
ip sla 10
icmp-echo aaa.aaa.aaa.225 source-ip aaa.aaa.aaa.226
timeout 2000
threshold 400
frequency 5
ip sla schedule 10 life forever start-time now
ip sla 11
icmp-echo 198.41.0.4 source-ip aaa.aaa.aaa.226
timeout 2000
threshold 400
frequency 5
ip sla schedule 11 life forever start-time now
ip sla 20
icmp-echo bbb.bbb.bbb.17 source-ip bbb.bbb.bbb.18
timeout 2000
threshold 400
frequency 5
ip sla schedule 20 life forever start-time now
ip sla 21
icmp-echo 198.41.0.4 source-ip bbb.bbb.bbb.18
timeout 2000
threshold 400
frequency 5
ip sla schedule 21 life forever start-time now
logging origin-id hostname
logging server-arp
logging 192.168.100.241
snmp-server community public RO SNMP_ACCESS
snmp-server ifindex persist
snmp-server location bla-bla_main
snmp-server contact admin@bla-bla.ru
snmp-server chassis-id c2821
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bstun
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dlsw
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls vpn
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps stun
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vsimaster
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps director server-up server-down
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps rf
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps voice
snmp-server enable traps dnis
snmp-server host 192.168.100.241 public
!
!
!
route-map For-NAT-1 permit 1
match ip address For-NAT-1
match interface Vlan50
!
route-map For-NAT-2 permit 1
match ip address For-NAT-2
match interface Vlan50
!
route-map For-Reserve-NAT-1 permit 1
match ip address For-NAT-1
match interface Vlan60
!
route-map For-Reserve-NAT-2 permit 1
match ip address For-NAT-2
match interface Vlan60
!
!
!
radius-server attribute 44 include-in-access-req
radius-server attribute 44 extend-with-addr
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute nas-port format d
radius-server dead-criteria time 5 tries 3
radius-server configure-nas
radius-server host 192.168.100.242 auth-port 1812 acct-port 1813 key XXXXXXXXXXXXXX
radius-server deadtime 5
!
control-plane
!
call fallback active
!
!
voice-port 0/0/0:15
translation-profile incoming world-to-me
input gain 4
local-alerting
cptone RU
timeouts interdigit 20
timeouts call-disconnect 3
timeouts wait-release 10
!
voice-port 0/2/0
trunk-group CO
translation-profile incoming world-to-me
supervisory disconnect dualtone mid-call
output attenuation 0
cptone RU
timeouts call-disconnect 1
timeouts ringing 20
timeouts wait-release 1
timing hookflash-out 300
connection plar opx YYYYYYY
station-id name CO-0
caller-id enable
!
voice-port 0/2/1
trunk-group CO
translation-profile incoming world-to-me
supervisory disconnect dualtone mid-call
output attenuation 0
cptone RU
timeouts call-disconnect 1
timeouts ringing 20
timeouts wait-release 1
timing hookflash-out 300
connection plar opx YYYYYYY
station-id name CO-1
caller-id enable
!
!
!
sccp local GigabitEthernet0/0.30
sccp ccm 192.168.30.2 identifier 1 priority 1
sccp
!
sccp ccm group 1
bind interface GigabitEthernet0/0.30
associate ccm 1 priority 1
associate profile 1 register IOSconfBR
associate profile 2 register IOStranscoder
!
dspfarm profile 2 transcode
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729br8
codec g729r8
associate application SCCP
shutdown
!
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
associate application SCCP
shutdown
!
dial-peer cor custom
name IVR
name LOCAL
!
!
dial-peer cor list IVRCalls
member IVR
!
dial-peer cor list LOCALCalls
member LOCAL
!
!
dial-peer voice 2000 voip
description CCM1
destination-pattern 2...
voice-class codec 15
session protocol sipv2
session target ipv4:192.168.30.2:5060
dtmf-relay rtp-nte
no vad
!
dial-peer voice 9020 pots
trunkgroup CO
corlist outgoing LOCALCalls
preference 2
destination-pattern 9T
!
dial-peer voice 9000 pots
corlist outgoing LOCALCalls
preference 1
destination-pattern 9T
port 0/0/0:15
!
dial-peer voice 4020 pots
corlist incoming IVRCalls
service ivrtest
incoming called-number YYYYYYY
port 0/2/0
!
dial-peer voice 4021 pots
corlist incoming IVRCalls
service ivrtest
incoming called-number YYYYYYY
port 0/2/1
!
dial-peer voice 4000 pots
corlist incoming IVRCalls
service ivrtest
incoming called-number YYYYYYY
port 0/0/0:15
!
!
!
!
call-manager-fallback
max-conferences 8 gain -6
transfer-system full-consult
user-locale RU
limit-dn 7910 2
limit-dn 7935 2
limit-dn 7940 2
limit-dn 7960 2
limit-dn 7970 2
ip source-address 192.168.30.1 port 2000
max-ephones 50
max-dn 100 dual-line preference 1
transfer-pattern 2...
!
banner login 
-----------------------------------------------------------------------
bla-bla-bla Corporate router. No unautorized access allowed.
-----------------------------------------------------------------------

!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
absolute-timeout 1440
transport input ssh
line vty 5 15
access-class VTY_ACCESS in
exec-timeout 120 0
privilege level 15
absolute-timeout 1440
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180159
ntp master
ntp server 213.41.245.21
ntp server 216.58.31.84
ntp server 216.52.237.153
!
end