cerebrate/stargate-config

## stargate-config
!
! Last configuration change at 10:05:35 CDT Wed Aug 17 2016 by avatar
! NVRAM config last updated at 09:31:51 CDT Wed Aug 17 2016 by avatar
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
!
hostname stargate
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 16384 informational
logging rate-limit 30 except warnings
enable secret 5 NOTHINGTOSEEHERE
enable password 7 MOVEALONG
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
clock timezone cst -6
clock summer-time CDT recurring
!
!
dot11 syslog
no ip source-route
!
!
!
!
ip cef
ip domain name arkane-systems.lan
ip host stargate 172.16.0.254
ip host calmirie 172.16.0.128
ip host xboxone 172.16.1.14
ip name-server 172.16.0.128
ip inspect udp idle-time 20
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip ddns update method DynDNS
 HTTP
   add http://NOTHINGTOSEEHEREEITHER@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
  remove http://PLEASEDISPERSE@members.dyndns.org/nic/update?syste,=dyndns&hostname=<h>&myip=<a>
 interval maximum 28 0 0 0
 interval minimum 28 0 0 0
!
ipv6 unicast-routing
ipv6 cef
ipv6 inspect name outbound-v6 tcp
ipv6 inspect name outbound-v6 udp
ipv6 inspect name outbound-v6 ftp
ipv6 inspect name outbound-v6 icmp
ipv6 inspect name inbound-v6 tcp
ipv6 inspect name inbound-v6 udp
ipv6 inspect name inbound-v6 ftp
ipv6 inspect name inbound-v6 icmp
!
multilink bundle-name authenticated
!
!
!
username avatar password 7 PUFFTHEMAGICPASSWORD
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
!
!
archive
 log config
  logging enable
  hidekeys
 path flash:
 maximum 3
 write-memory
!
!
!
!
!
interface Loopback0
 ip address 172.20.0.1 255.255.255.252
 ipv6 address FEC0:0:0:9::1/128
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 description LAN Ethernet switch connection
 hold-queue 100 out
!
interface FastEthernet1
 description Xbox One
 hold-queue 100 out
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 description Internet
 bandwidth 16384
 ip dhcp client update dns server none
 ip ddns update DynDNS
 ip address dhcp hostname stargate.arkane-systems.net
 ip access-group 111 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 ipv6 address dhcp
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 traffic-filter exterior-firewall in
 ipv6 nd other-config-flag
 ipv6 dhcp client pd hint ::1/56
 ipv6 dhcp client pd prefix-from-provider
 ipv6 inspect inbound-v6 in
 ipv6 inspect outbound-v6 out
 no cdp enable
!
interface Vlan1
 description Internal network
 ip address 172.16.0.254 255.255.0.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 ipv6 address FDC9:B01A:9D26::FE/48
 ipv6 address prefix-from-provider ::1/56
 ipv6 enable
 ipv6 traffic-filter interior-in6 in
 ipv6 traffic-filter interior-out6 out
 ipv6 nd other-config-flag
 ipv6 inspect outbound-v6 in
 ipv6 virtual-reassembly
!
ip local pool vpn 172.16.2.1 172.16.2.254
ip forward-protocol nd
no ip http server
ip http access-class 75
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static udp 172.16.1.14 3074 interface FastEthernet4 3074
ip nat inside source static udp 172.16.1.14 88 interface FastEthernet4 88
ip nat inside source static udp 172.16.1.14 5060 interface FastEthernet4 5060
ip nat inside source static udp 172.16.1.14 5061 interface FastEthernet4 5061
!
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 remark NAT-enabled addresses
access-list 75 permit 172.16.0.0 0.0.255.255 log
access-list 75 deny   any log
access-list 75 remark Access to router TTYs
access-list 111 deny   ip 172.16.0.0 0.0.255.255 any
access-list 111 permit ip any any
access-list 111 remark prevent spoofing - block external inbounds with local source addrs
ipv6 route 100::/64 Null0
ipv6 route 2001:10::/28 Null0
ipv6 route 2001:DB8::/32 Null0
!
!
!
!
!
ipv6 access-list interior-in6
 permit ipv6 FE80::/10 any
 permit ipv6 FDC9:B01A:9D26::/48 any
!
ipv6 access-list interior-out6
 permit ipv6 any any
!
ipv6 access-list console
 sequence 20 permit ipv6 FDC9:B01A:9D26::/48 any
!
ipv6 access-list exterior-firewall
 permit udp any any eq 546
 sequence 100 deny ipv6 any any
!
control-plane
!
banner exec ^C
Welcome, you have connected to router $(hostname).$(domain)
on line $(line).
^C
banner login ^C
+--------------------------------------------------------------------+
|                              WARNING                               |
|                              -------                               |
| This is a secure system. Do not log in without proper              |
| authorisation.                                                     |
|                                                                    |
| All users of this system consent to having all of their activities |
| monitored and recorded. Unauthorised use will be prosecuted to the |
| full extent permitted by law.                                      |
+--------------------------------------------------------------------+
^C
!
line con 0
 location Living room
 no modem enable
 transport preferred none
 transport output all
 speed 115200
line aux 0
 transport output all
line vty 0 4
 access-class 75 in
 privilege level 15
 ipv6 access-class console in
 transport preferred none
 transport input all
 transport output all
!
scheduler max-task-time 5000
ntp server 172.16.0.128
end
	!
	! Last configuration change at 10:05:35 CDT Wed Aug 17 2016 by avatar
	! NVRAM config last updated at 09:31:51 CDT Wed Aug 17 2016 by avatar
	!
	version 12.4
	no service pad
	service timestamps debug datetime msec
	service timestamps log datetime msec
	service password-encryption
	service linenumber
	!
	hostname stargate
	!
	boot-start-marker
	boot-end-marker
	!
	logging message-counter syslog
	logging buffered 16384 informational
	logging rate-limit 30 except warnings
	enable secret 5 NOTHINGTOSEEHERE
	enable password 7 MOVEALONG
	!
	aaa new-model
	!
	!
	aaa authentication login default local
	!
	!
	aaa session-id common
	clock timezone cst -6
	clock summer-time CDT recurring
	!
	!
	dot11 syslog
	no ip source-route
	!
	!
	!
	!
	ip cef
	ip domain name arkane-systems.lan
	ip host stargate 172.16.0.254
	ip host calmirie 172.16.0.128
	ip host xboxone 172.16.1.14
	ip name-server 172.16.0.128
	ip inspect udp idle-time 20
	ip inspect tcp idle-time 1800
	ip inspect tcp finwait-time 1
	ip inspect tcp synwait-time 15
	ip ddns update method DynDNS
	HTTP
	add http://NOTHINGTOSEEHEREEITHER@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
	remove http://PLEASEDISPERSE@members.dyndns.org/nic/update?syste,=dyndns&hostname=<h>&myip=<a>
	interval maximum 28 0 0 0
	interval minimum 28 0 0 0
	!
	ipv6 unicast-routing
	ipv6 cef
	ipv6 inspect name outbound-v6 tcp
	ipv6 inspect name outbound-v6 udp
	ipv6 inspect name outbound-v6 ftp
	ipv6 inspect name outbound-v6 icmp
	ipv6 inspect name inbound-v6 tcp
	ipv6 inspect name inbound-v6 udp
	ipv6 inspect name inbound-v6 ftp
	ipv6 inspect name inbound-v6 icmp
	!
	multilink bundle-name authenticated
	!
	!
	!
	username avatar password 7 PUFFTHEMAGICPASSWORD
	!
	!
	crypto isakmp policy 10
	encr 3des
	authentication pre-share
	group 2
	!
	!
	archive
	log config
	logging enable
	hidekeys
	path flash:
	maximum 3
	write-memory
	!
	!
	!
	!
	!
	interface Loopback0
	ip address 172.20.0.1 255.255.255.252
	ipv6 address FEC0:0:0:9::1/128
	!
	interface Null0
	no ip unreachables
	!
	interface FastEthernet0
	description LAN Ethernet switch connection
	hold-queue 100 out
	!
	interface FastEthernet1
	description Xbox One
	hold-queue 100 out
	!
	interface FastEthernet2
	shutdown
	!
	interface FastEthernet3
	shutdown
	!
	interface FastEthernet4
	description Internet
	bandwidth 16384
	ip dhcp client update dns server none
	ip ddns update DynDNS
	ip address dhcp hostname stargate.arkane-systems.net
	ip access-group 111 in
	no ip redirects
	no ip unreachables
	no ip proxy-arp
	ip nat outside
	ip virtual-reassembly
	duplex auto
	speed auto
	ipv6 address dhcp
	ipv6 address autoconfig default
	ipv6 enable
	ipv6 traffic-filter exterior-firewall in
	ipv6 nd other-config-flag
	ipv6 dhcp client pd hint ::1/56
	ipv6 dhcp client pd prefix-from-provider
	ipv6 inspect inbound-v6 in
	ipv6 inspect outbound-v6 out
	no cdp enable
	!
	interface Vlan1
	description Internal network
	ip address 172.16.0.254 255.255.0.0
	ip nat inside
	ip virtual-reassembly
	ip tcp adjust-mss 1452
	ipv6 address FDC9:B01A:9D26::FE/48
	ipv6 address prefix-from-provider ::1/56
	ipv6 enable
	ipv6 traffic-filter interior-in6 in
	ipv6 traffic-filter interior-out6 out
	ipv6 nd other-config-flag
	ipv6 inspect outbound-v6 in
	ipv6 virtual-reassembly
	!
	ip local pool vpn 172.16.2.1 172.16.2.254
	ip forward-protocol nd
	no ip http server
	ip http access-class 75
	ip http authentication local
	no ip http secure-server
	ip http timeout-policy idle 5 life 86400 requests 10000
	!
	!
	ip nat inside source list 1 interface FastEthernet4 overload
	ip nat inside source static udp 172.16.1.14 3074 interface FastEthernet4 3074
	ip nat inside source static udp 172.16.1.14 88 interface FastEthernet4 88
	ip nat inside source static udp 172.16.1.14 5060 interface FastEthernet4 5060
	ip nat inside source static udp 172.16.1.14 5061 interface FastEthernet4 5061
	!
	access-list 1 permit 172.16.0.0 0.0.255.255
	access-list 1 remark NAT-enabled addresses
	access-list 75 permit 172.16.0.0 0.0.255.255 log
	access-list 75 deny any log
	access-list 75 remark Access to router TTYs
	access-list 111 deny ip 172.16.0.0 0.0.255.255 any
	access-list 111 permit ip any any
	access-list 111 remark prevent spoofing - block external inbounds with local source addrs
	ipv6 route 100::/64 Null0
	ipv6 route 2001:10::/28 Null0
	ipv6 route 2001:DB8::/32 Null0
	!
	!
	!
	!
	!
	ipv6 access-list interior-in6
	permit ipv6 FE80::/10 any
	permit ipv6 FDC9:B01A:9D26::/48 any
	!
	ipv6 access-list interior-out6
	permit ipv6 any any
	!
	ipv6 access-list console
	sequence 20 permit ipv6 FDC9:B01A:9D26::/48 any
	!
	ipv6 access-list exterior-firewall
	permit udp any any eq 546
	sequence 100 deny ipv6 any any
	!
	control-plane
	!
	banner exec ^C
	Welcome, you have connected to router $(hostname).$(domain)
	on line $(line).
	^C
	banner login ^C
	+--------------------------------------------------------------------+
	\| WARNING \|
	\| ------- \|
	\| This is a secure system. Do not log in without proper \|
	\| authorisation. \|
	\| \|
	\| All users of this system consent to having all of their activities \|
	\| monitored and recorded. Unauthorised use will be prosecuted to the \|
	\| full extent permitted by law. \|
	+--------------------------------------------------------------------+
	^C
	!
	line con 0
	location Living room
	no modem enable
	transport preferred none
	transport output all
	speed 115200
	line aux 0
	transport output all
	line vty 0 4
	access-class 75 in
	privilege level 15
	ipv6 access-class console in
	transport preferred none
	transport input all
	transport output all
	!
	scheduler max-task-time 5000
	ntp server 172.16.0.128
	end