Building configuration... Current configuration : 9349 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging enable password 7 0505031B284dedede ! aaa new-model ! ! aaa authentication login default local aaa authorization network groupauthor local ! aaa session-id common ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ip cef ! ! ip inspect name sdm_ins_in_100 cuseeme ip inspect name sdm_ins_in_100 dns ip inspect name sdm_ins_in_100 ftp ip inspect name sdm_ins_in_100 h323 ip inspect name sdm_ins_in_100 https ip inspect name sdm_ins_in_100 icmp ip inspect name sdm_ins_in_100 imap ip inspect name sdm_ins_in_100 pop3 ip inspect name sdm_ins_in_100 netshow ip inspect name sdm_ins_in_100 rcmd ip inspect name sdm_ins_in_100 realaudio ip inspect name sdm_ins_in_100 rtsp ip inspect name sdm_ins_in_100 esmtp ip inspect name sdm_ins_in_100 sqlnet ip inspect name sdm_ins_in_100 streamworks ip inspect name sdm_ins_in_100 tftp ip inspect name sdm_ins_in_100 tcp ip inspect name sdm_ins_in_100 udp ip inspect name sdm_ins_in_100 vdolive ip inspect name sdm_ins_in_100 isakmp ip inspect name sdm_ins_in_100 ipsec-msft ip inspect name sdm_ins_in_100 sip ip inspect name sdm_ins_in_100 pptp ip inspect name sdm_ins_in_100 http urlfilter ! ip ips sdf location flash://sdmips.sdf ip ips sdf location flash://128MB.sdf autosave ip ips notify SDEE ip ips name sdm_ips_rule no ip bootp server ip domain name yourdomain.com ip urlfilter allow-mode on ip urlfilter exclusive-domain deny .download.com ip urlfilter exclusive-domain deny .msn.com ip urlfilter exclusive-domain deny .yahoo.com ip urlfilter exclusive-domain deny .sex.com ip urlfilter exclusive-domain deny www.gmail.com ip urlfilter exclusive-domain deny .vietfun.com ip urlfilter exclusive-domain deny .hotmail.com ip urlfilter exclusive-domain deny .zoho.com ip urlfilter exclusive-domain deny mail.google.com ip urlfilter exclusive-domain deny .lycos.com ip urlfilter exclusive-domain deny chat.parachat.com ip urlfilter exclusive-domain deny .ebuddy.com ip urlfilter exclusive-domain deny .paltalk.com ip urlfilter exclusive-domain deny vietson.com ip urlfilter exclusive-domain deny .zing.vn ip urlfilter exclusive-domain deny .yahoo.com.vn ip urlfilter audit-trail ip urlfilter urlf-server-log vpdn enable ! interface FastEthernet0/0 description FW-Outside-ADSL$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$ ip address 192.168.2.1 255.255.255.0 ip inspect sdm_ins_in_100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ip policy route-map vdc duplex auto speed auto ! interface FastEthernet0/1 description FW-Inside$ETH-WAN$$FW_INSIDE$ no ip address no ip redirects ip route-cache flow ip tcp adjust-mss 1344 speed auto half-duplex pppoe enable pppoe-client dial-pool-number 1 ! interface Serial0/0/0 description FW-Outside-LeasedLine ip address 225.255.33.38 255.255.255.252 ip access-group 102 in ip nat outside no ip virtual-reassembly ip route-cache policy crypto map mymap ! interface Dialer0 description Interface for Internet access ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username sgfdl-081624-115 password 7 014254570F5E50 ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map vdc interface Serial0/0/0 overload ip nat inside source route-map fptadsl interface Dialer0 overload ip nat inside source static tcp 192.168.2.220 625 interface Serial0/0/0 625 ip nat inside source static tcp 192.168.2.254 80 interface Serial0/0/0 80 ip nat inside source static tcp 192.168.2.254 21 interface Serial0/0/0 21 ip nat inside source static tcp 192.168.2.254 443 interface Serial0/0/0 443 ip nat inside source static tcp 192.168.2.254 110 interface Serial0/0/0 110 ip nat inside source static tcp 192.168.2.254 25 interface Serial0/0/0 25 ip nat inside source static tcp 192.168.2.254 1723 interface Serial0/0/0 1723 ip nat inside source static tcp 192.168.2.254 3389 interface Serial0/0/0 33333 ip dns server ! access-list 102 permit tcp any any eq 22 access-list 102 permit udp any any eq 22 access-list 102 permit gre any any access-list 102 permit ahp any any access-list 102 permit esp any any access-list 102 permit tcp any any eq 33333 access-list 102 permit tcp any host 225.255.33.38 eq 1723 access-list 102 permit tcp any any eq smtp access-list 102 permit tcp any any eq pop3 access-list 102 permit tcp any any eq 443 access-list 102 permit tcp any any eq www access-list 102 permit udp any any eq 50 access-list 102 permit udp any any eq 51 access-list 102 permit udp any any eq isakmp access-list 102 permit udp any any eq non500-isakmp access-list 102 permit tcp any host any eq telnet access-list 102 permit tcp any host any eq 625 access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 102 permit ip 10.0.5.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable access-list 110 permit ip host 192.168.2.254 any access-list 110 permit ip host 192.168.2.220 any access-list 110 permit ip host 192.168.2.1 any access-list 110 deny ip any any access-list 120 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 120 deny ip 192.168.2.0 0.0.0.255 10.0.5.0 0.0.0.255 access-list 120 deny ip host 192.168.2.254 any access-list 120 permit ip 192.168.2.0 0.0.0.255 any access-list 120 deny ip any any no cdp run route-map vdc permit 10 match ip address 110 set interface Serial0/0/0 ! route-map fptadsl permit 10 match ip address 120 set interface Dialer0 ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! end Router#