nsisg1000-> nsisg1000-> nsisg1000-> get config Total Config size 6066: set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export set protocol ospf set enable exit exit unset alg sip enable unset alg mgcp enable unset alg sccp enable unset alg sunrpc enable unset alg msrpc enable unset alg sql enable unset alg appleichat enable unset alg appleichat re-assembly enable unset alg h323 enable unset alg sctp enable set auth-server "Local" id 0 --- more ---              set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn" set admin auth web timeout 10 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "DMZ" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death --- more ---              set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet1/1" zone "Trust" set interface "ethernet1/2" zone "Untrust" set interface "ethernet1/3" zone "DMZ" set interface "tunnel.1" zone "Untrust" unset interface vlan1 ip set interface ethernet1/1 ip 192.168.1.148/24 set interface ethernet1/1 nat set interface ethernet1/2 ip 1.1.1.1/24 set interface ethernet1/2 route set interface ethernet1/3 ip 20.1.1.1/24 set interface ethernet1/3 route set interface tunnel.1 ip 172.16.1.1/24 set interface tunnel.1 tunnel encap gre set interface tunnel.1 tunnel local-if ethernet1/2 dst-ip 172.16.1.2 unset interface vlan1 bypass-others-ipsec --- more ---              unset interface vlan1 bypass-non-ip set interface ethernet1/1 ip manageable set interface ethernet1/2 ip manageable set interface ethernet1/3 ip manageable set interface ethernet1/1 manage mtrace set interface ethernet1/2 manage ping set interface ethernet1/2 manage ssh set interface ethernet1/2 manage telnet set interface ethernet1/2 manage snmp set interface ethernet1/2 manage ssl set interface ethernet1/2 manage web set interface ethernet1/2 manage mtrace set interface ethernet1/3 manage ssh set interface ethernet1/3 manage telnet set interface ethernet1/3 manage snmp set interface ethernet1/3 manage ssl set interface ethernet1/3 manage web set interface ethernet1/3 manage mtrace unset flow no-tcp-seq-check set flow tcp-syn-check unset flow tcp-syn-bit-check set flow reverse-route clear-text prefer --- more ---              set flow reverse-route tunnel always set pki authority default scep mode "auto" set pki x509 default cert-path partial set dns host dns1 202.163.96.3 set address "Trust" "192.168.1.0/24" 192.168.1.0 255.255.255.0 set address "Untrust" "3.3.3.0/24" 3.3.3.0 255.255.255.0 set ike gateway "vpn-gw" address 2.2.2.1 Main outgoing-interface "ethernet1/2" preshare "2daylwG/N749JNsg6bCLKrYBIHnc45Zs1g==" proposal "pre-g2-3des-sha" set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set vpn "vpn" gateway "vpn-gw" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" set vpn "vpn" id 0x1 bind interface tunnel.1 set vrouter "untrust-vr" --- more ---              exit set vrouter "trust-vr" exit set icap av-vendor-id symantec-5 set url protocol websense exit set vpn "vpn" proxy-id local-ip 0.0.0.0/0 remote-ip 0.0.0.0/0 "ANY" set policy id 6 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log set policy id 6 exit set policy id 1 from "Trust" to "Untrust" "192.168.1.0/24" "3.3.3.0/24" "ANY" permit set policy id 1 disable set policy id 1 exit set policy id 2 from "Untrust" to "Trust" "3.3.3.0/24" "Any" "ANY" permit set policy id 2 disable set policy id 2 exit set policy id 3 from "DMZ" to "Trust" "Any" "192.168.1.0/24" "ANY" permit set policy id 3 exit set policy id 4 from "Trust" to "DMZ" "192.168.1.0/24" "Any" "ANY" permit --- more ---              set policy id 4 exit set policy id 5 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log set policy id 5 exit set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set config lock timeout 5 unset license-key auto-update set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 0.0.0.0/0 interface ethernet1/1 gateway 192.168.1.1 set route 3.3.3.0/24 interface tunnel.1 gateway 2.2.2.1 set route 2.2.2.0/24 gateway 1.1.1.2 exit set interface ethernet1/1 protocol ospf area 0.0.0.0 set interface ethernet1/1 protocol ospf enable set interface ethernet1/1 protocol ospf retransmit-interval 5 --- more ---              set interface ethernet1/1 protocol ospf cost 1 set interface ethernet1/2 protocol ospf area 0.0.0.0 set interface ethernet1/2 protocol ospf enable set interface ethernet1/2 protocol ospf retransmit-interval 5 set interface ethernet1/2 protocol ospf cost 1 set interface ethernet1/3 protocol ospf area 0.0.0.0 set interface ethernet1/3 protocol ospf enable set interface ethernet1/3 protocol ospf retransmit-interval 5 set interface ethernet1/3 protocol ospf cost 1 set interface tunnel.1 protocol ospf area 0.0.0.0 set interface tunnel.1 protocol ospf enable set interface tunnel.1 protocol ospf cost 10 set vrouter "untrust-vr" exit set vrouter "trust-vr" exit nsisg1000-> nsisg1000-> nsisg1000-> nsisg1000-> nsisg1000-> nsisg1000-> nsisg1000-> nsisg1000-> nsisg1000-> nsisg1000-> Router> Router> Router> Router> Router> Router>en Router#sg h run Building configuration... Current configuration : 4319 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! crypto pki trustpoint TP-self-signed-4079704343 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4079704343 revocation-check none rsakeypair TP-self-signed-4079704343 ! --More--  ! crypto pki certificate chain TP-self-signed-4079704343 certificate self-signed 01 3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34303739 37303433 3433301E 170D3038 31323137 31353234 32315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30373937 30343334 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AE44 21F617CB A4403609 FE1C78F8 EEA6E135 2C3B1611 A148C965 974238F6 C389F2C6 D82605EA E53D414E 57480986 60118246 53CB3501 31B67A55 51E1B786 903E1704 9836CBEB 25C84262 54A6A0F1 FBDBB62C 4EC65646 9A25F403 B02B9610 8D25C768 A79013B0 420CD79C EF2D8F99 75C22C74 2411E5D0 4E5A8C2A AE5F1860 C6B30203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 81805B79 B12198B9 4A59AC15 CE57AD5B 4B3E97F0 301D0603 551D0E04 16041481 805B79B1 2198B94A 59AC15CE 57AD5B4B 3E97F030 0D06092A 864886F7 0D010104 05000381 81004961 DF782987 863C44C6 EADDA0D6 2EACF0A4 6350BAC6 F3FE469D 636EC799 ED459062 AAE57FBD 26CFA56C B2CDF676 080D65AE 52BA9656 2B8F30EB 6EB49356 4D6ADDAF EF189DCD 242289A4 8A82AF75 B60F4DD3 525AC4A5 BDB628A1 B5710C81 AA0D618B 2512DB89 7C62BCF6 D2BA36BA 5AEA04E0 9AA8307D DDBCD3AE ECE92F4C F6DE quit dot11 syslog --More--  ip cef ! ! ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! multilink bundle-name authenticated ! ! username badar privilege 15 secret 5 $1$lDzt$W49xnA/nPyyUDa5DSqnN8/ ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key netscreen address 1.1.1.1 crypto isakmp key netscreen address 172.16.1.1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac --More--  crypto ipsec transform-set esp esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac crypto ipsec transform-set esp-3des-sha1 esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to1.1.1.1 set peer 1.1.1.1 set transform-set ESP-3DES-SHA match address 100 ! crypto map SDM_CMAP_2 1 ipsec-isakmp description Tunnel to172.16.1.1 set peer 172.16.1.1 set transform-set esp-3des-sha1 match address 102 ! archive log config hidekeys ! ! ! ! --More--  ! interface Loopback1 ip address 7.7.7.1 255.255.255.0 ! interface Loopback2 ip address 8.8.8.1 255.255.255.0 ! interface Tunnel0 ip address 172.16.1.2 255.255.255.0 ip mtu 1420 ip ospf mtu-ignore tunnel source FastEthernet0/1 tunnel destination 172.16.1.1 tunnel path-mtu-discovery crypto map SDM_CMAP_2 ! interface FastEthernet0/0 ip address 3.3.3.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 2.2.2.1 255.255.255.0 --More--   duplex auto speed auto crypto map SDM_CMAP_2 ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! router ospf 1 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 3.3.3.0 0.0.0.255 area 0 network 7.7.7.0 0.0.0.255 area 0 network 8.8.8.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0 ! ip forward-protocol nd --More--  ip route 1.1.1.0 255.255.255.0 2.2.2.2 ip route 172.16.1.0 255.255.255.252 172.16.1.1 ip route 192.168.1.0 255.255.255.0 1.1.1.1 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! access-list 100 permit gre any any log access-list 100 permit gre host 172.16.1.2 host 172.16.1.1 access-list 102 remark SDM_ACL Category=4 access-list 102 permit gre host 2.2.2.1 host 172.16.1.1 ! ! ! ! ! ! control-plane ! ! --More--  ! line con 0 line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler allocate 20000 1000 end Router# Router# Router# Router# Router# Router# Router# Router# Router# Router# Router#