service timestamps debug uptime service timestamps log uptime service password-encryption no service tcp-small-servers no service udp-small-servers ! hostname Cisco2611 ! enable password cisco2611 ! ip source-route no ip name-server ! ip subnet-zero no ip domain-lookup ip routing ! ! Context-Based Access Control ! no ip inspect audit-trail ip inspect tcp synwait-time 30 ip inspect tcp finwait-time 5 ip inspect tcp idle-time 3600 ip inspect udp idle-time 30 ip inspect dns-timeout 5 ip inspect one-minute low 900 ip inspect one-minute high 1100 ip inspect max-incomplete low 900 ip inspect max-incomplete high 1100 ip inspect tcp max-incomplete host 50 block-time 0 ! ! IP inspect Ethernet_0_0 ! no ip inspect name Ethernet_0_0 ip inspect name Ethernet_0_0 smtp ip inspect name Ethernet_0_0 ftp ip inspect name Ethernet_0_0 tcp ip inspect name Ethernet_0_0 udp ! ! IP inspect Serial_0_0 ! no ip inspect name Serial_0_0 ip inspect name Serial_0_0 tcp ip inspect name Serial_0_0 smtp ! interface Ethernet 0/0 no shutdown description connected to EthernetLAN ip address 172.16.0.2 255.255.0.0 ip nat inside ip inspect Ethernet_0_0 in ip access-group 100 in keepalive 10 ! interface Ethernet 0/1 no description no ip address shutdown ! interface Serial 0/0 no shutdown description connected to Internet service-module t1 clock source line service-module t1 data-coding normal service-module t1 remote-loopback full service-module t1 framing esf service-module t1 linecode b8zs service-module t1 lbo none service-module t1 remote-alarm-enable ip address 206.0.121.1 255.255.255.252 ip nat outside ip inspect Serial_0_0 in ip access-group 101 in encapsulation hdlc ! ! Access Control List 1 ! no access-list 1 access-list 1 permit 172.16.0.0 0.0.255.255 ! ! Access Control List 100 ! no access-list 100 access-list 100 permit udp any eq rip any eq rip access-list 100 permit tcp host 172.16.0.7 any eq 25 access-list 100 permit tcp host 172.16.0.7 any range 20 21 access-list 100 deny ip host 172.16.0.7 any access-list 100 permit tcp any any range 20 21 access-list 100 permit tcp any any eq 80 access-list 100 permit tcp any any eq 144 access-list 100 permit tcp any any eq 25 access-list 100 permit udp any any eq domain ! ! Access Control List 101 ! no access-list 101 access-list 101 deny ip host 206.0.122.5 any access-list 101 permit tcp any host 206.0.122.5 eq 144 access-list 101 permit tcp any host 206.0.122.5 eq 25 access-list 101 permit tcp any host 206.0.122.5 eq 23 ! ! Static NAT ! ip nat inside source static 172.16.0.7 206.0.122.5 ! ! Dynamic NAT ! ip nat translation timeout 86400 ip nat translation tcp-timeout 86400 ip nat translation udp-timeout 300 ip nat translation dns-timeout 60 ip nat translation finrst-timeout 60 ip nat pool Cisco2611-natpool-1 206.0.122.50 206.0.122.100 netmask 255.255.255.0 ip nat inside source list 1 pool Cisco2611-natpool-1 overload ! ! DHCP Server ! service dhcp ip dhcp pool 1 network 172.16.0.0 255.255.0.0 default-router 172.16.0.2 ! router rip version 2 network 172.16.0.0 passive-interface Serial 0/0 no auto-summary ! ! ip classless ! ! IP Static Routes ip route 0.0.0.0 0.0.0.0 Serial 0/0 no ip http server snmp-server community public RO no snmp-server location no snmp-server contact ! line console 0 exec-timeout 0 0 password cisco2611 login ! line vty 0 4 password cisco2611 login ! end