Auth-proxyAuthentication

3640 Router

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3640

!

aaa new-model

aaa group server tacacs+ RTP

server 171.68.118.115

!

aaa authentication login default group RTP none

aaa authorization exec default group RTP none

aaa authorization auth-proxy default group RTP

enable secret 5 $1$CQHC$R/07uQ44E2JgVuCsOUWdG1

enable password ww

!

ip subnet-zero

!

ip auth-proxy auth-proxy-banner

ip auth-proxy auth-cache-time 10

ip auth-proxy name list_a http

ip audit notify log

ip audit po max-events 100

cns event-service server

!

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key cisco123 address 0.0.0.0

crypto isakmp client configuration address-pool local RTP-POOL

!

crypto ipsec transform-set RTP-TRANSFORM esp-des esp-md5-hmac

!

crypto dynamic-map RTP-DYNAMIC 10

set transform-set RTP-TRANSFORM

!

crypto map RTPCLIENT client configuration address initiate

crypto map RTPCLIENT client configuration address respond

crypto map RTPCLIENT 10 ipsec-isakmp dynamic RTP-DYNAMIC

!

interface FastEthernet0/0

ip address 40.31.1.111 255.255.255.0

ip access-group 118 in

no ip directed-broadcast

ip auth-proxy list_a

no ip route-cache

no ip mroute-cache

speed auto

half-duplex

crypto map RTPCLIENT

!

interface FastEthernet1/0

ip address 14.14.14.14 255.255.255.0

no ip directed-broadcast

speed auto

half-duplex

!

!

ip local pool RTP-POOL 20.20.20.25 20.20.20.50

ip nat translation timeout never

ip nat translation tcp-timeout never

ip nat translation udp-timeout never

ip nat translation finrst-timeout never

ip nat translation syn-timeout never

ip nat translation dns-timeout never

ip nat translation icmp-timeout never

ip classless

ip route 0.0.0.0 0.0.0.0 14.14.14.15

ip route 171.68.118.0 255.255.255.0 40.31.1.1

ip http server

ip http authentication aaa

!

access-list 118 permit esp 171.68.118.0 0.0.0.255 host 40.31.1.111

access-list 118 permit udp 171.68.118.0 0.0.0.255 host 40.31.1.111 eq isakmp

access-list 118 permit tcp host 171.68.118.115 host 40.31.1.111

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipx permit

!

tacacs-server host 171.68.118.115

!

line con 0

transport input none

line aux 0

line vty 0 4

password ww

!

end