! Cisco Fast Step Template ! ! This config enables firewall and PPTP. ! no service pad service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname ! logging buffered 4096 debugging ! ! ! ip subnet-zero ip name-server 202.37.245.17 ip name-server 202.37.245.20 ip dhcp excluded-address ip dhcp excluded-address ! ip dhcp pool dhcppool import all network 255.255.255.0 default-router exit ! vpdn enable ! vpdn-group pptp ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 exit exit ! clock timezone NZST 12 clock summer-time NZDT recurring 1 Sun Oct 2:00 3 Sun Mar 3:00 ! ip inspect name Dialer_0 tcp ip inspect name Dialer_0 udp ip inspect name Dialer_0 cuseeme ip inspect name Dialer_0 ftp ip inspect name Dialer_0 h323 ip inspect name Dialer_0 rcmd ip inspect name Dialer_0 realaudio ip inspect name Dialer_0 streamworks ip inspect name Dialer_0 vdolive ip inspect name Dialer_0 sqlnet ip inspect name Dialer_0 tftp ! interface Loopback0 ip address 192.168.3.254 255.255.255.0 ! interface Ethernet0 ip address 255.255.255.0 ip access-group 102 in ip nat inside no ip directed-broadcast exit ! interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool pptp ppp encrypt mppe 40 ppp authentication ms-chap ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto exit ! interface ATM0.1 point-to-point pvc 0/100 encapsulation aal5mux ppp dialer dialer pool-member 1 ! exit ! interface Dialer0 bandwidth 640 ip address negotiated ip inspect Dialer_0 out ip access-group 101 in no ip redirects no ip unreachables ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 ppp pap sent-username password ppp ipcp dns request no cdp enable exit ! ip nat inside source list 1 interface Dialer0 overload ip local pool pptp 192.168.3.1 192.168.3.253 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ! banner motd |Original config (c)IFM Ltd sales@ifm.net.nz, prepared by /| ! line vty 0 4 login local access-class 1 in exit ! access-list 1 remark The local LAN. access-list 1 permit 0.0.0.255 ! access-list 101 remark Traffic allowed to enter the router from Internet access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip any host 255.255.255.255 access-list 101 permit udp any any eq isakmp access-list 101 permit esp any any access-list 101 permit tcp any any eq 1723 access-list 101 permit gre any any access-list 101 permit udp host 130.123.128.253 any eq 123 access-list 101 permit udp host 207.46.226.34 any eq 123 access-list 101 permit udp host 202.37.245.17 eq 53 any access-list 101 permit udp host 202.37.245.20 eq 53 any access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any traceroute access-list 101 permit icmp any any administratively-prohibited access-list 101 deny ip any any log ! access-list 102 remark Traffic allowed to enter the router from the Ethernet access-list 102 remark Prevent TFTP traffic access-list 102 deny udp any any eq tftp access-list 102 remark DHCP traffic access-list 102 permit ip any host 255.255.255.255 access-list 102 remark ICMP Traffic access-list 102 permit icmp 0.0.0.255 any unreachable access-list 102 permit icmp 0.0.0.255 any echo access-list 102 permit icmp 0.0.0.255 any echo-reply access-list 102 permit icmp 0.0.0.255 any packet-too-big access-list 102 permit icmp 0.0.0.255 any time-exceeded access-list 102 permit icmp 0.0.0.255 any traceroute access-list 102 permit icmp 0.0.0.255 any administratively-prohibited access-list 102 remark DNS traffic access-list 102 permit udp 0.0.0.255 any eq 53 access-list 102 permit tcp 0.0.0.255 any eq 53 access-list 102 remark E-mail traffic access-list 102 permit tcp 0.0.0.255 host eq pop3 access-list 102 permit tcp 0.0.0.255 host eq smtp access-list 102 remark WWW and FTP Browsing access-list 102 permit tcp 0.0.0.255 any eq www access-list 102 permit tcp 0.0.0.255 any eq ftp access-list 102 deny ip any any log ! dialer-list 1 protocol ip permit ! sntp server 130.123.128.253 ! interface Ethernet0 no shutdown exit interface ATM0 no shutdown exit ! end