[V200R005C20SPC200]

#
sysname GOADVERTISING_LISBOA_142971
header shell information "
================================================================
=
=
GOADVERTISING SA
=
=
Morada: Avenida dos Combatentes, 43, 5 A, 1600-042,Lisboa
=
=
SITE 1 - LISBOA
=
================================================================
"
header login information "
================================================================
=
=
NOS
=
=
-Acesso Reservado= Acesso nao autorizado punido pelo decreto lei: 109/91 ; 67/98
=
Unauthorized access punished by law
=
================================================================
"
#
drop illegal-mac alarm
#
vlan batch 100 300
#
domain default_admin
#
dhcp enable
#
vlan 100
name centrex
#
hwtacacs-server template line_vty
hwtacacs-server authentication 213.205.81.90 1041
hwtacacs-server authorization 213.205.81.90 1041
hwtacacs-server accounting 213.205.81.90 1041
hwtacacs-server shared-key cipher %@%@\JxrSP3}l3CqKmSx;nMS<0+s>@Xk6$Y.c'!BUD2s5
FZ!0+v<%@%@
undo hwtacacs-server user-name domain-included
#
pki realm default
enrollment self-signed
#
acl number 2087
description ### SNMP Entuity ###
rule 10 deny
acl number 2090
description ### Acesso VTY ###
rule 10 permit source 109.50.0.0 0.0.0.15
rule 20 permit source 212.0.175.112 0.0.0.15
rule 30 permit source 212.113.190.0 0.0.0.15
rule 40 permit source 213.205.81.88 0.0.0.7
rule 50 permit source 193.126.90.212 0.0.0.3
rule 60 permit source 10.223.9.128 0.0.0.7
rule 70 deny

acl number 2096

description ### SNMP ilmi ###
rule 5 deny
acl number 2097
description ### SNMP Solarwinds ###
rule 10 permit source 212.113.190.0 0.0.0.15
rule 20 permit source 109.50.0.0 0.0.0.15
rule 30 deny
#
acl number 3102
description ### Outbound ###
rule 5 permit ip
acl number 3103
description ### Inbound ###
rule 5 deny ip source 127.0.0.0 0.255.255.255
rule 10 deny ip source 224.0.0.0 31.255.255.255
rule 15 deny ip source 10.0.0.0 0.255.255.255
rule 20 deny ip source 172.16.0.0 0.15.255.255
rule 25 permit ip
acl number 3501
description ### CRYPTO ACL ###
rule 10 permit ip source 192.168.150.0 0.0.0.255 destination 10.90.22.0 0.0.0.2
55
acl number 3502
description ### NAT ###
rule 5 deny ip source 192.168.150.0 0.0.0.255 destination 10.90.22.0 0.0.0.255
rule 10 permit ip
#
ipsec proposal novistrans
esp authentication-algorithm sha1
esp encryption-algorithm aes-256
#
ike proposal 10
encryption-algorithm aes-cbc-256
dh group5
authentication-algorithm sha2-256
sa duration 28800
#
ike peer noviscryptomap2 v1
pre-shared-key simple 3nTeR10ff1c3#2
ike-proposal 10
remote-address 193.126.246.33
#
ipsec policy policy1 10 isakmp
security acl 3501
pfs dh-group5
ike-peer noviscryptomap2
proposal novistrans
#
traffic classifier default operator or
if-match any
#
traffic behavior SHAPE_50Mbps
gts cir 50000 cbs 1250000 queue-length 64
statistic enable
#
traffic policy WAN_50Mbps
classifier default behavior SHAPE_50Mbps
#
ip pool DHCP

gateway-list 192.168.150.1
network 192.168.150.0 mask 255.255.255.0
excluded-ip-address 192.168.150.2 192.168.150.101
excluded-ip-address 192.168.150.225 192.168.150.253
dns-list 10.90.22.131 194.79.69.222
domain-name BET.pt
#
aaa
authentication-scheme default
authentication-mode hwtacacs local
authentication-scheme line_vty
authentication-mode hwtacacs local
authorization-scheme default
authorization-scheme line_vty
authorization-mode hwtacacs if-authenticated
authorization-cmd 15 hwtacacs local
accounting-scheme default
accounting-scheme line_vty
accounting-mode hwtacacs
accounting start-fail online
recording-scheme line_vty
recording-mode hwtacacs line_vty
cmd recording-scheme line_vty
outbound recording-scheme line_vty
system recording-scheme line_vty
domain default
domain default_admin
authentication-scheme line_vty
accounting-scheme line_vty
authorization-scheme line_vty
hwtacacs-server line_vty
undo local-user admin
local-user x142971 password cipher %@%@gbq0~M</\HQ&eW/h/h_%<1>}%@%@
local-user x142971 ftp-directory sd1:
local-user x142971 service-type terminal ssh ftp
#
firewall zone trust
priority 15
#
firewall zone untrust
priority 1
#
firewall zone Local
priority 16
#
firewall interzone trust untrust
packet-filter 3103 inbound
packet-filter 3102 outbound
detect aspf ftp
detect aspf sip
detect aspf rtsp
detect aspf http
detect aspf http java-blocking
detect aspf http activex-blocking
#
nat alg dns enable
nat alg ftp enable
nat alg rtsp enable
nat alg sip enable
nat alg pptp enable

#
nat dns-map bet.pt interface GigabitEthernet 0/0/0.211 55555 tcp
#
interface Vlanif1
ip address 192.168.150.1 255.255.255.0
dhcp select global
#
interface Vlanif100
description CENTREX
ip address 10.223.9.129 255.255.255.192
dhcp select relay
dhcp relay server-ip 192.168.9.225
dhcp relay server-ip 192.168.9.226
#
interface Vlanif300
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
description *** Ligao ao SW ID151369 ***
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
port link-type access
port default vlan 300
loopback internal
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
qos gts cir 52600 cbs 1315000
qos lr pct 68
#
interface GigabitEthernet0/0/0.211
description *** WAN - NET: LIS1-163_LIS154-23_NS_5 ***
dot1q termination vid 211
ip address 88.157.148.122 255.255.255.252
ipsec policy policy1
nat server protocol tcp global current-interface 55555 inside 10.90.22.131 5555
5
nat outbound 3502
zone untrust
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.210
dot1q termination vid 210
ip address 10.255.252.2 255.255.255.252
#
interface Cellular0/0/0
#

interface Cellular0/0/1
#
interface NULL0
#
interface LoopBack1
#
interface LoopBack11
#
bgp 65000
router-id 10.255.252.2
peer 10.255.252.1 as-number 2860
peer 10.255.252.1 timer keepalive 15 hold 45
#
ipv4-family unicast
undo synchronization
network 10.223.9.128 255.255.255.192
network 109.50.34.176 255.255.255.255
peer 10.255.252.1 enable
#
snmp-agent local-engineid 800007DB03D4B110B6A9ED
snmp-agent community read %@%@$W}PG"dn!UY3>a=k1o~(,.F2k58e5AOx3!x+8#RQ,iW*.F5,/
o#|A{eQd75BGTHYkI.QF>,.%@%@ acl 2097
snmp-agent community read %@%@1vExFQJ#AYx'Bx@HB'!*,.F.[q:q=>MiJ5!S7S.^UV1T.F1,V
3L>!V\Bd0>9xUR;hJv0F:,.%@%@ acl 2096
snmp-agent sys-info location GOADVERTISING_LISBOA, Portugal
snmp-agent target-host trap-hostname SERVER address 212.113.190.3 udp-port 161
trap-paramsname L23B1U
snmp-agent
#
ssh server compatible-ssh1x enable
stelnet server enable
#
http timeout 3
http server enable
http secure-server enable
#
ip route-static 0.0.0.0 0.0.0.0 88.157.148.121 description Default-Route
ip route-static 109.50.0.0 255.255.255.240 88.157.148.121 description GestaoRemo
ta
ip route-static 109.50.34.176 255.255.255.255 10.223.9.130
ip route-static 212.0.175.0 255.255.255.252 88.157.148.121 description GestaoRem
ota
ip route-static 213.205.81.88 255.255.255.248 88.157.148.121 description GestaoR
emota
#
nqa test-instance PROBE ICMP1
test-type icmp
destination-address ipv4 10.90.22.2
source-address ipv4 192.168.150.1
frequency 30
start now
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
acl 2090 inbound
authentication-mode aaa
user privilege level 15
protocol inbound all
#

wlan
wmm-profile name wmmf id 0
traffic-profile name traf id 0
security-profile name secf id 0
radio-profile name radiof id 0
wmm-profile id 0
#
interface Wlan-Radio0/0/0
#
ntp-service unicast-server 194.79.69.129
#
return