!RANCID-CONTENT-TYPE: cisco-clean
!
!
!
!
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname TrollSystems_1GB_13KRGN615081PT_24950AnzaDr
!
boot-start-marker
boot system flash bootflash:asr1001-universalk9.03.13.01.S.154-3.S1-ext.bin
boot-end-marker
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 20000
no logging console
!
aaa new-model
!
aaa authentication fail-message ^CCCCCCCC****TACACS+************^C
aaa authentication login default group tacacs+ local
aaa authentication login userauthen local
aaa authentication enable default group tacacs+ none
aaa authorization network groupauthor local 
!
aaa session-id common
clock timezone PST -8 0
clock summer-time PST recurring
!


ip domain name auto
ip name-server 216.116.96.2
ip name-server 216.116.96.3
ip name-server 64.239.184.125

!
ipv6 multicast rpf use-bgp
ipv6 multicast vrf Mgmt-intf rpf use-bgp
!
subscriber templating
!
multilink bundle-name authenticated
!
license udi pid ASR1001 sn JAE1815095N
spanning-tree extend system-id
!
username Bcoleman privilege 0 password 7 107A1B49091B243B2255
username DDamiani password 7 06321D2E40425B
username Fkhalaf password 7 1526195C08261D140662
username Hellis password 7 1526195C08261D140662
username Jtreptow privilege 0 password 7 046F1956032D7A7E2748
username Mking password 7 033049040A0370
username Shermesh password 7 053F145F2D40783937161F
username TrollGuest1 privilege 0 password 7 075E114D5D1A0E0A0516
username TrollGuest2 privilege 0 password 7 107E080A16001D190856
username bardizzone password 7 046F1909032D1D
username dheg privilege 0 password 7 0948460C1E
username gparrish privilege 7 password 7 0030010908575A
username jhopkins privilege 0 password 7 107A1B16091B
username jpina password 7 033049040A0370
username jscott privilege 0 password 7 1351454058
username mrc privilege 0 password 7 046F1909032D
username mscott privilege 0 password 7 06121D2E4042
username nehul password 7 070124445B05
username tzcare privilege 15 secret 5 $1$QcDi$cx/mqm7rFUUwXiVU5g0OJ.
username westcom privilege 0 password 7 142300040008
!
redundancy
 mode none
!
ip tftp source-interface GigabitEthernet0
ip ssh version 2
!
class-map match-all VOIP
 match access-group 110
class-map match-all BANDWIDTH
 match any 
!
policy-map VOIP-POLICE
 class VOIP
  priority percent 40
 class class-default
  fair-queue
  random-detect dscp-based
  random-detect ecn
policy-map BANDWIDTH_1GB
 class BANDWIDTH
  shape average 1000000000
   service-policy VOIP-POLICE
 class class-default
  fair-queue
  random-detect dscp-based
  random-detect ecn
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp policy 20
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 30
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp nat keepalive 300
!
crypto isakmp client configuration group trollsystems
 key Trollsyskey123
 dns 192.168.3.21 192.168.3.22
 domain trollsystems.com
 pool vpnpool-ipsec
 acl 150
!
crypto isakmp client configuration group trollguestgpoup
 key Trollword1
 dns 192.168.3.21 192.168.3.22
 domain trolhsystems.com
 pool vpnpool-ipsec
 acl 150
!
crypto ipsec transform-set trollguestgroup esp-aes 256 esp-sha-hmac 
 mode tunnel
crypto ipsec transform-set trollsystems esp-aes 256 esp-sha-hmac 
 mode tunnel
!
crypto dynamic-map dynmap 10
 set transform-set trollguestgroup 
 reverse-route
!
crypto map Trollsysmap client authentication list userauthen
crypto map Trollsysmap isakmp authorization list groupauthor
crypto map Trollsysmap client configuration address respond
crypto map Trollsysmap 10 ipsec-isakmp dynamic dynmap 
!
interface GigabitEthernet0/0/0
 description TrollSystems=13KRGN615081PT
 no ip address
 load-interval 30
 negotiation auto
 service-policy output BANDWIDTH_1GB
!
interface GigabitEthernet0/0/0.1
 encapsulation dot1Q 2530
 ip address 216.31.138.134 255.255.255.252
 ip nat outside
 crypto map Trollsysmap
!
interface GigabitEthernet0/0/1
 description CustomerLAN
 ip address 216.31.139.1 255.255.255.192
 ip nat inside
 ip access-group inbound5 in
 ip access-group outbound8 out
 load-interval 30
 negotiation auto
 service-policy output BANDWIDTH_1GB
!
interface GigabitEthernet0/0/2
 description CISCO to ADTRAN
 ip address 208.179.135.37 255.255.255.252
 load-interval 30
 negotiation auto
 service-policy output BANDWIDTH_1GB
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
ip local pool vpnpool-ipsec 192.168.254.1 192.168.254.100
ip nat translation tcp-timeout 900
ip nat translation udp-timeout 900
ip nat inside source route-map nonat interface GigabitEthernet0/0/0.1 overload
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 216.31.138.133
ip route 192.168.2.0 255.255.255.0 192.168.3.18
ip route 192.168.4.0 255.255.255.0 192.168.3.18
ip route 192.168.5.0 255.255.255.0 192.168.3.18
!
ip access-list extended SOURCE_ROUTING
 permit ip host 99.186.242.77 any
 permit ip host 99.186.242.78 any
 deny   ip any any
ip access-list extended inbound5
 deny   tcp any any eq 3389
 deny   ip host 222.186.52.86 any
 permit ip any any
ip access-list extended inbound7
ip access-list extended inbound8
 permit ip 192.168.254.0 0.0.0.255 192.168.0.0 0.0.255.255
 deny   ip host 199.0.200.34 any
 deny   ip host 174.120.219.177 any
 deny   ip host 213.8.172.131 any
 deny   ip host 195.168.58.107 any
 deny   ip host 190.120.227.30 any
 deny   ip any host 190.120.227.30
 permit ip any host 216.31.138.134
 permit ip 76.171.0.0 0.0.255.255 any
 permit udp any eq domain any
 permit udp any eq ntp any
 permit udp any any range 2000 2099
 permit tcp any any range 2000 2099
 permit udp any eq tftp any
 permit tcp any any established
 permit tcp any host 216.31.139.2 range 4500 5000
 permit udp any host 216.31.139.2 eq 21
 permit tcp any host 216.31.139.6 eq ftp
 permit tcp any host 216.31.139.6 eq ftp-data
 permit tcp any host 216.31.139.6 range 55536 55663
 permit tcp any host 216.31.139.2 eq ftp
 permit tcp any host 216.31.139.2 eq ftp-data
 permit tcp any host 216.31.139.2 eq www
 permit tcp any host 216.31.139.2 eq 443
 permit tcp any host 216.31.139.2 eq 5721
 permit tcp any host 216.31.139.5 range 4500 5000
 permit udp any host 216.31.139.5 eq 21
 permit tcp any host 216.31.139.5 eq ftp
 permit tcp any host 216.31.139.5 eq ftp-data
 permit tcp any host 216.31.139.5 eq www
 permit tcp any host 216.31.139.5 eq 443
 permit tcp any host 216.31.139.5 eq 5721
 permit udp any host 216.31.139.3 eq 8877
 permit udp any host 216.31.139.3 eq 8878
 permit udp any host 216.31.139.3 eq 8879
 permit udp any host 216.31.139.8 eq 8879
 permit tcp any host 216.31.139.8 eq 8879
 permit udp any host 216.31.139.9 eq 8879
 permit tcp any host 216.31.139.9 eq 8879
 permit udp any host 216.31.139.9 eq echo
 permit tcp any host 216.31.139.9 eq echo
 permit tcp any host 216.31.139.10 eq 443
 permit tcp host 54.69.61.164 host 216.31.139.10 eq 3306
 permit udp any host 216.31.139.10 eq 443
 permit ip any 208.179.135.36 0.0.0.3
 permit udp any eq isakmp any
 permit udp any eq 1723 any
 permit tcp any eq 5721 any
 permit udp any eq 1701 any
 deny   tcp any eq 4430 any
 deny   tcp any eq 118 any
 permit ip 74.43.146.0 0.0.0.255 host 216.31.139.4
 permit ip 208.86.215.0 0.0.0.255 host 216.31.139.4
 permit ip any host 216.31.139.4
 permit udp any host 216.31.139.5 eq isakmp
 permit udp any host 216.31.139.5 eq 1723
 permit udp any host 216.31.139.5 eq 1701
 deny   ip any host 216.31.139.2
 permit tcp any host 216.31.139.7 eq www
 permit tcp any host 216.31.139.10 eq www
 permit tcp any host 216.31.139.10 eq 5443
 permit tcp any host 216.31.139.10 eq 1935
 permit tcp any host 216.31.139.10 eq 8086
 permit tcp any host 216.31.139.10 eq 8087
 permit tcp any host 216.31.139.10 eq 8088
 permit tcp host 54.69.61.164 host 216.31.139.10 eq 1935
 permit tcp host 54.69.61.164 host 216.31.139.10 eq 5443
 permit tcp any host 216.31.139.9 eq 22
 permit tcp any host 216.31.139.9 eq 12002
 permit udp any host 216.31.139.9 eq 12002
 permit tcp any host 216.31.139.7 eq 8080
 permit tcp any host 216.31.139.5 eq 8000
 permit tcp any host 216.31.139.5 eq 6036
 deny   ip any host 216.31.139.5
ip access-list extended outbound8
 deny   tcp host 192.168.2.21 any eq smtp
 deny   tcp any host 192.168.2.21 eq smtp
 deny   tcp host 192.168.2.21 any eq 443
 deny   tcp any host 192.168.2.21 eq 443
 permit ip any any
!
logging trap debugging
logging facility local1
logging source-interface GigabitEthernet0/0/0.1
logging host 216.116.96.3
access-list 25 permit 64.239.128.0 0.0.63.255
access-list 25 permit 72.18.0.0 0.0.255.255
access-list 25 permit 208.179.0.0 0.0.255.255
access-list 25 permit 216.31.128.0 0.0.63.255
access-list 25 permit 216.116.96.0 0.0.31.255
access-list 25 deny   any
access-list 110 permit ip any host 64.239.185.8
access-list 110 permit ip any host 64.239.185.9
access-list 110 permit ip any host 64.239.185.5
access-list 110 permit ip any host 64.239.188.8
access-list 110 permit ip any host 64.239.188.9
access-list 150 permit ip 192.168.2.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 150 permit ip 192.168.3.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 150 permit ip 192.168.4.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 151 deny   ip 192.168.3.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 151 deny   ip 192.168.254.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 151 permit ip 192.168.2.0 0.0.0.255 any
access-list 151 permit ip 192.168.3.0 0.0.0.255 any
access-list 151 permit ip 192.168.4.0 0.0.0.255 any
access-list 151 permit ip 192.168.254.0 0.0.0.255 any
access-list 152 deny   ip 192.168.2.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 152 deny   ip 192.168.3.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 152 deny   ip 192.168.4.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 152 deny   ip 192.168.254.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 152 permit ip 192.168.2.0 0.0.0.255 any
access-list 152 permit ip 192.168.3.0 0.0.0.255 any
access-list 152 permit ip 192.168.4.0 0.0.0.255 any
access-list 152 permit ip 192.168.254.0 0.0.0.255 any
access-list 198 deny   ip any any log
!
route-map SOURCE-ROUTING permit 10
 match ip address SOURCE_ROUTING
 set ip next-hop 192.168.3.115
!
route-map nonat permit 10
 match ip address 152
!
snmp-server engineID local 0000000902000050547D0984
snmp-server community tierzero RO
!
tacacs-server host 216.116.96.47
tacacs-server timeout 10
tacacs-server directed-request
tacacs-server key 7 01040E554F58165F2F5501
!
control-plane
!
 !
 !
 !
 !
!
banner motd ^CCCCCCCCC
*************************************************************
Tierzero:
Unauthorized access to this device or the attached
networks is prohibited without express written permission.
Violators may be prosecuted to the fullest extent of the law.
Phone: 213-784-1400 option 1
Email: [tac@tierzero.net]
*********TACACS+*************************
^C
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 25 in
line vty 5 15
 access-class 25 in
!
ntp server 204.152.184.72
ntp server 216.31.128.192
ntp server 216.116.96.3
!
end