version 17.12 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname R1 ! boot-start-marker boot-end-marker ! ! logging buffered 10240000 no logging console no aaa new-model clock timezone GMT 0 0 clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00 ! ip domain name cisco.router ! ! ! ! ! ! ip dhcp excluded-address 192.168.1.0 192.168.1.10 ip dhcp excluded-address 192.168.1.240 192.168.1.254 ! ip dhcp pool VLAN_1 network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 dns-server 1.1.1.1 8.8.8.8 ! ! ! login on-failure log login on-success log ! ! ! enable secret XXXXXXX ! username XXXXXXX privilege 15 secret XXXXXXX ! redundancy mode none ! ! ! ! ! ! ! ! class-map type inspect match-any CM_ZBFW_ROUTER_TO_OUTSIDE match access-group name ACL_ZBFW_ROUTER_TO_OUTSIDE class-map type inspect match-any CM_ZBFW_INSIDE_TO_OUTSIDE match access-group name ACL_ZBFW_INSIDE_TO_OUTSIDE ! policy-map type inspect PM_ZBFW_ROUTER_TO_OUTSIDE class type inspect CM_ZBFW_ROUTER_TO_OUTSIDE inspect class class-default policy-map type inspect PM_ZBFW_INSIDE_TO_OUTSIDE class type inspect CM_ZBFW_INSIDE_TO_OUTSIDE inspect class class-default ! ! zone security OUTSIDE zone security INSIDE zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE service-policy type inspect PM_ZBFW_INSIDE_TO_OUTSIDE zone-pair security ROUTER_TO_OUTSIDE source self destination OUTSIDE service-policy type inspect PM_ZBFW_ROUTER_TO_OUTSIDE ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0/0 description ### PPPoE INTERFACE - TO ISP FIBER MODEM ### no ip address negotiation auto pppoe enable pppoe-client dial-pool-number 1 no cdp enable no shutdown ! interface GigabitEthernet0/1/0 description ### ACCESS PORT ### switchport mode access spanning-tree portfast ! interface GigabitEthernet0/1/1 description ### ACCESS PORT ### switchport mode access spanning-tree portfast ! interface GigabitEthernet0/1/2 description ### ACCESS PORT ### switchport switchport mode access spanning-tree portfast ! interface GigabitEthernet0/1/3 description ### ACCESS PORT ### switchport switchport mode access spanning-tree portfast ! interface Vlan1 description ### LAN DEFAULT GATEWAY ### ip address 192.168.1.254 255.255.255.0 ip nat inside zone-member security INSIDE ! interface Dialer1 description ### OUTSIDE INTERFACE ### mtu 1492 ip address negotiated no ip redirects no ip unreachables ip nat outside zone-member security OUTSIDE encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname XXXXXXX ppp chap password XXXXXXX ppp ipcp route default ppp ipcp address accept ! no ip http server no ip http secure-server ! ip nat inside source list NAT interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 name DEFAULT_VIA_VDSL ! ip access-list standard SECURE_VTY 10 permit 192.168.1.0 0.0.0.255 ! ip access-list extended ACL_ZBFW_INSIDE_TO_OUTSIDE 10 permit ip any any ip access-list extended ACL_ZBFW_ROUTER_TO_OUTSIDE 10 permit ip any any ip access-list extended NAT 10 permit ip 192.168.1.0 0.0.0.255 any ! ! ! ! ! line con 0 session-timeout 15 password XXXXXXX login local transport input none stopbits 1 line vty 0 4 session-timeout 15 access-class SECURE_VTY in password XXXXXXX login local transport input ssh line vty 5 15 session-timeout 15 access-class SECURE_VTY in password XXXXXXX login local transport input ssh ! ntp server 134.226.81.3 ! ! ! ! ! ! end