Config Windrose

login as: omniaccess
********************************************************
********************** WARNING ***********************
********************************************************
* *
* UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED *
* You must have explicit, authorized permission to *
* access or configure this device. *
* Unauthorized attempts and actions to access or use *
* this system may result in civil and/or criminal *
* penalties. *
* *
********************************************************
****************** www.omniaccess.com ******************
********************************************************
Using keyboard-interactive authentication.
Password:
rtr-39-01#sh run
Load for five secs: 9%/3%; one minute: 10%; five minutes: 10%
Time source is NTP, *16:01:10.842 UTC Mon Apr 6 2020
Building configuration...
Current configuration : 63941 bytes

!
! Last configuration change at 15:09:21 UTC Thu Mar 19 2020 by omniaccess
!
version 16.6
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 300000
!
hostname rtr-39-01
!
boot-start-marker
boot system flash isr4300-universalk9.16.06.01.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$IDcc$EIR5nnmfM5aCwkMEEu6VG1
!
aaa new-model
!
!
aaa authentication login local_auth local
aaa authorization exec default local if-authenticated
aaa accounting connection h323 start-stop group radius
!
!
!
!
!
!
aaa session-id common
!
!
!
ip host api.opendns.com 67.215.92.210
ip name-server 92.43.224.1 92.43.224.2 8.8.8.8
ip domain name 39.omniaccess.com
ip multicast-routing distributed
ip dhcp excluded-address 10.39.2.1 10.39.2.100
!
ip dhcp pool System
import all
network 10.39.2.0 255.255.255.0
dns-server 92.43.224.1 92.43.224.2 8.8.8.8
domain-name 39.omniaccess.com
default-router 10.39.2.1
lease 0 1
!
ip dhcp pool ThraneLink
import all
network 10.39.3.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2
lease 0 1
!
ip dhcp pool Video
import all
network 10.39.4.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2
lease 0 1
!
ip dhcp pool VoIP
import all
network 10.39.5.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2
option 150 ip 10.39.5.1
lease 0 1
!
ip dhcp pool Navigation
import all
network 10.39.6.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2
lease 0 1
!
ip dhcp pool Windrose
import all
network 10.39.7.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2
lease 0 1
!
ip dhcp pool Guests
import all
network 10.39.11.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2
lease 0 1
!
ip dhcp pool Lan_to_OA
import all
network 10.39.130.0 255.255.255.0
dns-server 172.16.200.242 172.16.200.243 10.39.2.253 92.43.224.1
lease 0 1
!
ip dhcp pool Crew
import all
network 10.39.8.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2
lease 0 1
!
ip dhcp pool Alarm
import all
network 10.39.12.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 8.8.8.8
lease 0 1
!
ip dhcp pool Officers
import all
network 10.39.13.0 255.255.255.0
dns-server 10.39.2.253 92.43.224.1 92.43.224.2 8.8.8.8
lease 0 1
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
parameter-map type regex dns_bypass
pattern nas.sy-windrose.com
parameter-map type umbrella global

token E69CE451541B6DA8281E54EAE5EAFF480025E3F6
local-domain dns_bypass
dnscrypt
udp-timeout 5
multilink bundle-name authenticated
!
flow record PLEXUS_NFR
description Plexus Controller Netflow service record
match datalink mac source address input
match datalink mac source address output
match datalink mac destination address input
match datalink mac destination address output
match ipv4 source address
match ipv4 destination address
match transport icmp ipv4 type
match transport igmp type
match transport tcp source-port
match transport tcp destination-port
match transport udp source-port
match transport udp destination-port
match interface input
match interface output
match application name
collect counter bytes long
collect timestamp sys-uptime first
!
!
flow record PLEXUS_NFR_L3_1
description Plexus Controller WAN accounting service record
collect routing forwarding-status
collect flow direction
!
!
!
!
!
!
!
!
!
!
flow exporter PLEXUS_NFE_L3_WAN_1
description Plexus Controller WAN accounting service exporter for VSAT
destination 10.39.2.253
transport udp 65001
template data timeout 1
option exporter-stats timeout 1
!
!
description Plexus Controller WAN accounting service exporter for 4G
transport udp 65002
!
!
description Plexus Controller WAN accounting service exporter for SHORE
transport udp 65003
!
!
flow exporter PLEXUS_NFE
description Plexus Controller Netflow service exporter
transport udp 65000
!
!
description Plexus Controller WAN accounting service exporter for Idiridium
transport udp 65015
!
!
description Plexus Controller WAN accounting service exporter for WIFI
transport udp 65022
!
!
flow monitor PLEXUS_NFM
description Plexus Controller Netflow service monitor
exporter PLEXUS_NFE
cache type immediate
record PLEXUS_NFR
!
!
flow monitor PLEXUS_NFM_L3_WAN_1
description Plexus Controller WAN accounting service monitor for VSAT
exporter PLEXUS_NFE_L3_WAN_1
record PLEXUS_NFR_L3_1
!
!
description Plexus Controller WAN accounting service monitor for 4G
!
!
description Plexus Controller WAN accounting service monitor for SHORE
!
!
description Plexus Controller WAN accounting service monitor for Idiridium
!
!
description Plexus Controller WAN accounting service monitor for WIFI
!
!
!
!
!
!
!
!
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
!
!
!
voice service voip
ip address trusted list
ipv4 92.43.224.12
ipv4 10.252.135.254
callmonitor
clid network-provided
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
modem passthrough nse codec g711ulaw
sip
bind control source-interface GigabitEthernet0/0/1.5
bind media source-interface GigabitEthernet0/0/1.5
header-passing
registrar server expires max 1200 min 300
pass-thru content unsupp
no call service stop
!
voice class codec 100
codec preference 1 g729r8
codec preference 2 g729br8
codec preference 4 g711ulaw
!
!
!
!
!
voice register global
mode cme
source-address 10.39.5.1 port 5060
max-dn 20
max-pool 20
load 8845 sip8845_65.12-0-1SR1-1
authenticate register
authenticate realm windrose.com
timezone 2
tftp-path flash:
create profile sync 0217331431268436
auto-register
!
!
voice register dn 1
number 13
allow watch
name Owner
no-reg
label 13
!
voice register dn 2
number 12
allow watch
name Saloon
no-reg
label 12
!
voice register dn 3
number 22
allow watch
name Captain
no-reg
label 22
!
voice register dn 4
number 30
allow watch
name 30
no-reg
label Wireless 1 (30)
!
voice register dn 5
number 31
allow watch
name 31
no-reg
label Wireless 2 (31)
!
voice register dn 12
!
voice register pool 1
busy-trigger-per-button 2
id mac 0057.D2C0.F611
type 8845
number 1 dn 1
cor incoming VSATOwner default
username owner password 1234
description Owner
codec g711ulaw
video
!
id mac 0057.D2C0.F837
type 8845
number 1 dn 2
username saloon password 1234
description Saloon
codec g711ulaw
video
!
id mac 0057.D2C0.F835
type 8845
number 1 dn 3
username captain password 1234
description Captain
video
!
id mac F87B.2036.9BBE
type 8821
number 1 dn 4
username wireless1 password 1234
description Wireless 1
!
id mac F87B.2036.9B98
type 8821
number 1 dn 5
username wireless2 password 1234
description Wireless 2
!
voice hunt-group 1 parallel
final 93
list 13,15,16,12,31
timeout 10
pilot 91
!
!
list 21,11,22,23,30
pilot 92
!
!
list 21,11,22,23,30
pilot 93
!
!
!
voice translation-rule 1
rule 1 /.*/ /3039200/
!
rule 1 /^02/ /00/
!
rule 1 /.*/ /3039201/
!
rule 1 /^00/ /01/
!
rule 1 /3039200/ /91/
rule 2 /3039201/ /92/
!
rule 1 /^01/ /00/
!
!
voice translation-profile OA_Incoming
translate called 5
!
voice translation-profile TO_OA_SIP
translate calling 1
!
voice translation-profile To_Iridium
translate called 6
!
voice translation-profile To_VSAT_Crew
translate calling 3
translate called 4
!
voice translation-profile To_VSAT_Owner
translate calling 1
translate called 2
!
!
!
!
!
voice-card 0/1
no watchdog
!
voice-card 0/4
no watchdog
!
cts logging verbose
license udi pid ISR4331/K9 sn FDO213116Z2
file prompt quiet
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
username omniaccess privilege 15 secret 5 $1$Hx9B$m9yldqZ43GliSkBD/tMpj/
!
redundancy
mode none
!
crypto ikev2 proposal L2L-Prop
encryption 3des
integrity sha1
group 2
!
crypto ikev2 policy L2L-Pol
proposal L2L-Prop
!
crypto ikev2 keyring L2L-Keyring
peer 195.55.251.1
address 195.55.251.1
pre-shared-key local 46ee7e02340248286e6b732d00fad44b
pre-shared-key remote 46ee7e02340248286e6b732d00fad44b
!
!
!
crypto ikev2 profile L2L-Prof
match identity remote address 195.55.251.1 255.255.255.255
identity local key-id OAtoWindrose
authentication remote pre-share
authentication local pre-share
keyring local L2L-Keyring
!
!
!
!
track 301 ip sla 301 reachability
delay down 120 up 15
!
delay down 15 up 15
!
delay down 15 up 15
!
delay down 15 up 15
!
delay down 15 up 15
!
!
class-map match-all PLEXUS_limited_class
match access-group name PLEXUS_acl_limited
class-map match-all PLEXUS_limited_class2
match access-group name PLEXUS_acl_limited2
class-map match-all localtraffic_class
match access-group name localtraffic
class-map match-all PLEXUS_localtraffic_class
match access-group name PLEXUS_localtraffic
!
policy-map PLEXUS_limit_policy_16_down
class PLEXUS_localtraffic_class
set qos-group 0
class PLEXUS_limited_class
police cir 480000 bc 90000 be 180000
conform-action transmit
exceed-action drop
policy-map PLEXUS_limit_policy_7_up
set qos-group 0
police cir 8000 bc 1500 be 3000
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
police cir 64000 bc 12000 be 24000
exceed-action drop
class class-default
police cir 960000 bc 180000 be 360000
exceed-action drop
set qos-group 0
exceed-action drop
class class-default
police cir 1008000 bc 189000 be 378000
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
class class-default
police cir 120000 bc 22500 be 45000
exceed-action drop
set qos-group 0
police cir 32000 bc 6000 be 12000
exceed-action drop
class class-default
police cir 224000 bc 42000 be 84000
exceed-action drop
set qos-group 0
police cir 1024000 bc 192000 be 384000
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
class class-default
police cir 112000 bc 21000 be 42000
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
police cir 1024000 bc 192000 be 384000
exceed-action drop
policy-map transit_policy
class localtraffic_class
set qos-group 0
set qos-group 0
exceed-action drop
class class-default
police cir 120000 bc 22500 be 45000
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
police cir 480000 bc 90000 be 180000
exceed-action drop
set qos-group 0
exceed-action drop
set qos-group 0
exceed-action drop
!
gw-accounting syslog
!
!
!
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key iY2CTG90p6Xu276 address 92.43.224.98
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set aes_sha esp-aes esp-sha-hmac
mode tunnel
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map VPN 1 ipsec-isakmp
description Tunnel to OmniAccess
set peer 92.43.224.98
set transform-set aes_sha
set pfs group2
match address VPN_Tunnel
qos pre-classify
!
crypto map vpn 10 ipsec-isakmp
set peer 195.55.251.1
set transform-set ESP-AES-SHA
set ikev2-profile L2L-Prof
match address VPN_Tunnel_2
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface Loopback0
ip address 92.43.229.117 255.255.255.255
ip access-group ACL_Inbound in
umbrella out
!
interface Loopback2
ip address 66.36.205.227 255.255.255.255
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.80
description VSAT WAN interface
encapsulation dot1Q 80
ip flow monitor PLEXUS_NFM_L3_WAN_1 input
ip flow monitor PLEXUS_NFM_L3_WAN_1 output
ip address 10.39.129.254 255.255.255.0
ip nat outside
umbrella out
crypto map vpn
ip virtual-reassembly
!
description 4G WAN interface
ip address 10.39.81.254 255.255.255.0
ip nat outside
umbrella out
crypto map vpn
ip virtual-reassembly
!
description SHORE WAN interface
ip address dhcp
ip nat outside
ip access-group PLEXUS_ACL_SHORE_3_DISABLED out
umbrella out
!
description Idiridium WAN interface
ip address 10.39.83.254 255.255.255.0
ip nat outside
ip access-group PLEXUS_ACL_Idiridium_15_DISABLED in
ip access-group PLEXUS_ACL_Idiridium_15_DISABLED out
umbrella out
!
description WIFI WAN interface
ip address 10.39.84.254 255.255.255.0
ip nat outside
umbrella out
!
description OA Remote Access
ip address 10.39.128.254 255.255.255.0
!
no ip address
negotiation auto
!
description System LAN interface
ip address 10.39.2.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_System_4_Restrictions in
umbrella in System
ip policy route-map PLEXUS_RM_System_PBR
service-policy input PLEXUS_limit_policy_4_up
service-policy output PLEXUS_limit_policy_4_down
!
description ThraneLink LAN interface
ip address 10.39.3.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_ThraneLink_5_Restrictions in
umbrella in Thranelink
ip policy route-map PLEXUS_RM_ThraneLink_PBR
!
description Video LAN interface
ip address 10.39.4.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_Video_6_Restrictions in
umbrella in Video
ip policy route-map PLEXUS_RM_Video_PBR
!
description VoIP LAN interface
ip address 10.39.5.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_VoIP_7_Restrictions in
umbrella in VoIP
ip policy route-map PLEXUS_RM_VoIP_PBR
!
description Navigation LAN interface
ip address 10.39.6.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_Navigation_8_Restrictions in
umbrella in Navigation
ip policy route-map PLEXUS_RM_Navigation_PBR
!
description Windrose LAN interface
ip address 10.39.7.1 255.255.255.0
ip nat inside
ip pim sparse-dense-mode
ip access-group PLEXUS_ACL_Windrose_9_Restrictions in
umbrella in Windrose
ip policy route-map PLEXUS_RM_Windrose_PBR
!
description Crew LAN interface
ip address 10.39.8.1 255.255.255.0
ip nat inside
ip pim sparse-dense-mode
ip access-group PLEXUS_ACL_Crew_16_Restrictions in
umbrella in Crew
ip policy route-map PLEXUS_RM_Crew_PBR
!
description NavNET LAN interface
ip address 172.31.0.1 255.255.0.0
ip nat inside
ip access-group PLEXUS_ACL_NavNET_14_Restrictions in
umbrella in NavNET
ip policy route-map PLEXUS_RM_NavNET_PBR
!
description Guests LAN interface
ip address 10.39.11.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_Guests_13_Restrictions in
umbrella in Guests
ip policy route-map PLEXUS_RM_Guests_PBR
!
description Alarm LAN interface
ip address 10.39.12.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_Alarm_20_Restrictions in
umbrella in Alarm
ip policy route-map PLEXUS_RM_Alarm_PBR
!
description Officers LAN interface
ip address 10.39.13.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_Officers_21_Restrictions in
umbrella in Officers
ip policy route-map PLEXUS_RM_Officers_PBR
!
description Office LAN interface
ip address 10.39.130.1 255.255.255.0
ip nat inside
ip access-group PLEXUS_ACL_Office_19_Restrictions in
umbrella in Office
ip policy route-map LAN_TO_OFFICE
!
description Intellian
ip address 10.39.126.1 255.255.255.0
ip nat inside
!
no ip address
shutdown
negotiation auto
!
interface Service-Engine0/1/0
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip local policy route-map PLEXUS_RM_Tracking
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat pool nat_pool 92.43.229.118 92.43.229.118 prefix-length 30
ip nat pool nat_pool_intelsat 66.36.205.226 66.36.205.226 netmask 255.255.255.25
ip nat inside source static tcp 10.39.2.253 22 10.39.129.254 2222 extendable
ip nat inside source route-map PLEXUS_NAT_4G interface GigabitEthernet0/0/0.81 o
ip nat inside source route-map PLEXUS_NAT_Idiridium interface GigabitEthernet0/0
ip nat inside source route-map PLEXUS_NAT_SHORE interface GigabitEthernet0/0/0.8
ip nat inside source route-map PLEXUS_NAT_VSAT pool nat_pool overload
ip nat inside source route-map PLEXUS_NAT_WIFI interface GigabitEthernet0/0/0.84
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/1
ip http server
no ip http secure-server
ip http path flash:/GUI
ip route 0.0.0.0 0.0.0.0 10.39.129.1 2 track 301
ip route 0.0.0.0 0.0.0.0 10.39.81.2 3 track 302
ip route 0.0.0.0 0.0.0.0 10.39.83.2 5 track 315
ip route 0.0.0.0 0.0.0.0 10.39.84.1 6 track 322
ip route 0.0.0.0 0.0.0.0 Null0 7
!
ip ssh time-out 60
ip ssh source-interface GigabitEthernet0/0/1.2
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip scp server enable
!
!
ip access-list standard PLEXUS_ACL_SNMP_Access
permit 10.39.4.12
permit 10.39.7.2
permit 172.16.5.147
permit 172.16.5.26
permit 172.16.5.21
permit 172.16.5.20
permit 10.39.2.253
ip access-list standard VTY_Filter
permit 172.16.200.1
remark Restrict access to VTY
permit 10.39.2.0 0.0.0.255
permit 172.16.4.0 0.0.0.255
permit 172.16.5.0 0.0.0.255
permit 172.16.254.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
permit 192.168.252.0 0.0.0.255
permit 92.43.224.0 0.0.7.255
permit 10.39.129.0 0.0.0.255
permit 172.16.1.0 0.0.0.255
!
ip access-list extended ACL_Inbound
permit ip 10.39.129.0 0.0.0.255 any
remark Prevent IP Spoofing from WAN Interfaces
deny ip 10.39.0.0 0.0.255.255 any
remark Permit SIP & SMTP Access from OA servers
permit udp 92.43.224.0 0.0.0.63 any eq 5060
permit tcp 92.43.224.0 0.0.0.63 any eq 5060
permit tcp 92.43.224.0 0.0.0.63 any eq smtp
permit udp 92.43.224.0 0.0.0.63 any eq ntp
permit tcp host 92.43.229.117 any eq 4001
remark Deny SIP & SMTP from external servers
deny udp any any eq 5060
deny tcp any any eq 5060
deny tcp any any eq smtp
deny udp any any eq ntp
deny tcp any any eq 4001
remark Permit any other traffic
permit ip any any
ip access-list extended ACL_LAN_TO_OA_OFFICE
remark Permit traffic from LAN to OmniAccess
permit ip 10.39.130.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip 10.39.130.0 0.0.0.255 192.168.252.0 0.0.0.255
permit ip 10.39.130.0 0.0.0.255 host 192.168.20.4
permit ip 10.39.130.0 0.0.0.255 10.252.128.0 0.0.31.255
permit ip 10.39.130.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended NAT_Filter
permit ip 10.39.129.0 0.0.0.255 host 67.215.92.210
deny ip 10.39.129.0 0.0.0.255 any
deny ip 10.39.128.0 0.0.127.255 host 92.43.224.98
deny ip 10.39.0.0 0.0.127.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 10.39.129.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.171.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.206.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.132.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
deny ip 10.39.0.0 0.0.255.255 10.252.64.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.65.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.66.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.67.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.130.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.128.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.131.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.132.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.133.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.134.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.135.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 10.252.0.0 0.0.31.255
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_4G_2_DISABLED
remark Permit WAN gateway device
permit ip any host 10.39.81.2
permit icmp any host 10.39.81.2
permit ip host 10.39.81.2 any
permit icmp host 10.39.81.2 any
remark Exclude any other traffic
deny icmp any any
deny ip any any
ip access-list extended PLEXUS_ACL_4G_Tracking
ip access-list extended PLEXUS_ACL_4G_TrackingSystem
ip access-list extended PLEXUS_ACL_Alarm_20_Restrictions
remark permit allow_all
permit ip any any
ip access-list extended PLEXUS_ACL_Alarm_PBR
remark Exclude WAN gateway devices
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
remark Exclude local traffic
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
remark Exclude VPN traffic
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
remark Internet traffic
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_Banned_Hosts
deny ip any any
ip access-list extended PLEXUS_ACL_Crew_16_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_Crew_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_Guests_13_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_Guests_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_Idiridium_15_DISABLED
deny icmp any any
deny ip any any
ip access-list extended PLEXUS_ACL_Idiridium_Tracking
ip access-list extended PLEXUS_ACL_Idiridium_TrackingSystem
ip access-list extended PLEXUS_ACL_NavNET_14_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_NavNET_PBR
deny ip 172.31.0.0 0.0.255.255 host 10.39.129.1
deny ip 172.31.0.0 0.0.255.255 host 10.39.81.2
deny ip 172.31.0.0 0.0.255.255 host 10.39.83.2
deny ip 172.31.0.0 0.0.255.255 host 10.39.84.1
deny ip 172.31.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 172.31.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 172.31.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 172.31.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 172.31.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 172.31.0.0 0.0.255.255 host 192.168.20.4
permit ip 172.31.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_Navigation_8_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_Navigation_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_Office_19_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_Officers_21_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_Officers_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_SHORE_3_DISABLED
deny icmp any any
deny ip any any
ip access-list extended PLEXUS_ACL_SHORE_TrackingSystem
ip access-list extended PLEXUS_ACL_System_4_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_System_DNS
remark DNS Cache traffic
permit udp 10.39.0.0 0.0.255.255 any eq domain
ip access-list extended PLEXUS_ACL_System_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_ThraneLink_5_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_ThraneLink_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_VSAT_1_DISABLED
deny icmp any any
deny ip any any
ip access-list extended PLEXUS_ACL_VSAT_Tracking
ip access-list extended PLEXUS_ACL_VSAT_TrackingSystem
ip access-list extended PLEXUS_ACL_Video_6_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_Video_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_VoIP_7_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_VoIP_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_ACL_WIFI_22_DISABLED
deny icmp any any
deny ip any any
ip access-list extended PLEXUS_ACL_WIFI_Tracking
ip access-list extended PLEXUS_ACL_WIFI_TrackingSystem
ip access-list extended PLEXUS_ACL_Windrose_9_Restrictions
permit ip any any
ip access-list extended PLEXUS_ACL_Windrose_PBR
deny ip 10.39.0.0 0.0.255.255 host 10.39.129.1
deny ip 10.39.0.0 0.0.255.255 host 10.39.81.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.83.2
deny ip 10.39.0.0 0.0.255.255 host 10.39.84.1
deny ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 10.39.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 192.168.252.0 0.0.0.255
deny ip 10.39.0.0 0.0.255.255 host 192.168.20.4
permit ip 10.39.0.0 0.0.255.255 any
ip access-list extended PLEXUS_acl_limited
remark Limited ratelimit ACL for
deny ip any any
ip access-list extended PLEXUS_acl_limited2
deny ip any any
ip access-list extended PLEXUS_localtraffic
permit ip 172.31.0.0 0.0.255.255 172.31.0.0 0.0.255.255
permit ip 172.31.0.0 0.0.255.255 10.39.0.0 0.0.255.255
permit ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
permit ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
ip access-list extended VPN_Tunnel
permit ip 10.39.0.0 0.0.127.255 10.252.128.0 0.0.0.31
permit ip 10.39.0.0 0.0.127.255 172.16.0.0 0.0.255.255
permit ip 10.39.0.0 0.0.127.255 192.168.1.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 192.168.252.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 host 192.168.20.4
ip access-list extended VPN_Tunnel_2
permit ip 10.39.0.0 0.0.127.255 10.252.64.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.65.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.66.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.128.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.130.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.131.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.132.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.133.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.134.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.67.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.135.0 0.0.0.255
permit ip 10.39.0.0 0.0.127.255 10.252.0.0 0.0.31.255
ip access-list extended localtraffic
permit ip 172.31.0.0 0.0.255.255 172.31.0.0 0.0.255.255
permit ip 172.31.0.0 0.0.255.255 10.39.0.0 0.0.255.255
permit ip 10.39.0.0 0.0.255.255 172.31.0.0 0.0.255.255
permit ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
ip access-list extended vpn
ip sla 10
icmp-echo 10.252.64.2 source-interface GigabitEthernet0/0/1.2
threshold 1800
timeout 1800
frequency 5
ip sla schedule 10 life forever start-time now
ip sla 11
threshold 1800
timeout 1800
frequency 5
ip sla 12
threshold 1800
timeout 1800
frequency 5
ip sla 13
threshold 1800
timeout 1800
frequency 5
ip sla 14
threshold 1800
timeout 1800
frequency 5
ip sla 15
threshold 1800
timeout 1800
frequency 5
ip sla 16
threshold 1800
timeout 1800
frequency 5
ip sla 17
threshold 1800
timeout 1800
frequency 5
ip sla 18
threshold 1800
timeout 1800
frequency 5
ip sla 19
threshold 4500
timeout 4500
frequency 5
ip sla 301
threshold 4500
timeout 4500
frequency 5
ip sla 302
threshold 1800
timeout 1800
frequency 5
ip sla 303
threshold 1800
timeout 1800
frequency 5
ip sla 315
frequency 300
timeout 1800
threshold 1800
ip sla 322
threshold 1800
timeout 1800
frequency 5
logging history size 60
logging host 10.39.2.253 transport udp port 64999
!
!
route-map PLEXUS_RM_NavNET_PBR permit 1
match ip address PLEXUS_ACL_Banned_Hosts
set interface Null0
!
route-map PLEXUS_RM_NavNET_PBR permit 30
match ip address PLEXUS_ACL_NavNET_PBR
set default interface Null0
!
route-map PLEXUS_RM_ThraneLink_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_ThraneLink_PBR permit 30
match ip address PLEXUS_ACL_ThraneLink_PBR
!
route-map NAT_VSAT permit 10
match ip address NAT_Filter
match interface GigabitEthernet0/0/0.80
!
route-map PLEXUS_NAT_Idiridium permit 10
!
route-map PLEXUS_NAT_SHORE permit 10
!
route-map PLEXUS_RM_System_PBR permit 1
set interface Null0
!
match ip address PLEXUS_ACL_VSAT_TrackingSystem
set ip next-hop 10.39.129.1
set interface GigabitEthernet0/0/0.80
!
match ip address PLEXUS_ACL_4G_TrackingSystem
!
match ip address PLEXUS_ACL_SHORE_TrackingSystem
!
match ip address PLEXUS_ACL_Idiridium_TrackingSystem
!
match ip address PLEXUS_ACL_WIFI_TrackingSystem
!
match ip address PLEXUS_ACL_System_PBR
set ip next-hop verify-availability 10.39.81.2 1 track 302
!
route-map PLEXUS_RM_Crew_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_Crew_PBR permit 30
match ip address PLEXUS_ACL_Crew_PBR
!
route-map PLEXUS_RM_Guests_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_Guests_PBR permit 30
match ip address PLEXUS_ACL_Guests_PBR
!
route-map PLEXUS_RM_Officers_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_Officers_PBR permit 30
match ip address PLEXUS_ACL_Officers_PBR
!
route-map PLEXUS_RM_VoIP_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_VoIP_PBR permit 30
match ip address PLEXUS_ACL_VoIP_PBR
!
route-map PLEXUS_RM_Navigation_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_Navigation_PBR permit 30
match ip address PLEXUS_ACL_Navigation_PBR
!
route-map PLEXUS_NAT_4G permit 10
!
route-map PLEXUS_RM_Banned_Hosts permit 1
set interface Null0
!
route-map PLEXUS_RM_Tracking permit 1
match ip address PLEXUS_ACL_VSAT_Tracking
!
match ip address PLEXUS_ACL_4G_Tracking
!
match ip address PLEXUS_ACL_Idiridium_Tracking
!
match ip address PLEXUS_ACL_WIFI_Tracking
!
route-map PLEXUS_RM_Windrose_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_Windrose_PBR permit 30
match ip address PLEXUS_ACL_Windrose_PBR
!
route-map PLEXUS_RM_TRANSIT_PBR permit 1
set interface Null0
!
route-map PLEXUS_NAT_VSAT permit 10
!
route-map PLEXUS_NAT_WIFI permit 10
!
route-map PLEXUS_RM_Alarm_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_Alarm_PBR permit 30
match ip address PLEXUS_ACL_Alarm_PBR
!
route-map PLEXUS_RM_Video_PBR permit 1
set interface Null0
!
route-map PLEXUS_RM_Video_PBR permit 30
match ip address PLEXUS_ACL_Video_PBR
!
route-map LAN_TO_OFFICE permit 10
match ip address ACL_LAN_TO_OA_OFFICE
!
snmp-server community plexuscommunity RW PLEXUS_ACL_SNMP_Access
snmp-server system-shutdown
snmp-server enable traps config-copy
snmp-server host 10.39.7.2 public config-copy config
snmp ifmib ifindex persist
tftp-server flash:ip_phones/6901/APP6901SCCP.9-3-1-2.zz.sgn alias APP6901SCCP.9-
tftp-server flash:ip_phones/6901/KNL6901SCCP.9-3-1-2.zz.sgn alias KNL6901SCCP.9-
tftp-server flash:ip_phones/6901/SCCP6901.9-3-1-2.loads alias SCCP6901.9-3-1-2.l
tftp-server flash:ip_phones/8845/vc48845_65.12-0-1SR1-1.sbn alias vc48845_65.12-
tftp-server flash:ip_phones/8845/sip8845_65.12-0-1SR1-1.loads alias sip8845_65.1
tftp-server flash:ip_phones/8845/sb28845_65.BEV-01-015.sbn alias sb28845_65.BEV-
tftp-server flash:ip_phones/8845/rootfs8845_65.12-0-1SR1-1.sbn alias rootfs8845_
tftp-server flash:ip_phones/8845/kern8845_65.12-0-1SR1-1.sbn alias kern8845_65.1
tftp-server flash:ip_phones/8845/fbi8845_65.BEV-01-006.sbn alias fbi8845_65.BEV-
!
!
!
!
control-plane
!
!
voice-port 0/1/0
connection plar 92
description Iridium for Crew
!
voice-port 0/1/1
connection plar 91
description Iridium for Owner
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
telephony-service
sdspfarm units 2
sdspfarm transcode sessions 2
sdspfarm tag 1 xcode1
sdspfarm tag 2 confer1
conference hardware
video
no auto-reg-ephone
authentication credential omniaccess cmematq2
max-ephones 20
max-dn 30
ip source-address 10.39.5.1 port 2000
service phone videoCapability 1
service phone webAccess 0
service phone ehookEnable 1
service dnis overlay
service dnis dir-lookup
system message OmniAccess S.L.
url services http://10.39.5.1/voiceview/common/login.do
url authentication http://10.39.5.1/CCMCIP/authenticate.asp
cnf-file location flash:
cnf-file perphone
load 6901 SCCP6901.9-3-1-2
time-zone 28
time-format 24
date-format dd-mm-yy
voicemail 499
max-conferences 8 gain -6
hunt-group report delay 2 hours
hunt-group report every 1 hours
moh enable-g711 "flash:sailing.au"
web admin system name omniaccess password cmematq3
dn-webedit
time-webedit
transfer-system full-consult
transfer-pattern .T
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
dial-peer cor custom
name VSATOwnerCOR
name VSATCrewCOR
!
!
dial-peer cor list VSATOwner
member VSATOwnerCOR
member VSATCrewCOR
!
dial-peer cor list VSATCrew
member VSATCrewCOR
!
dial-peer cor list VSATOwnerCOR
member VSATOwnerCOR
!
dial-peer cor list VSATCrewCOR
member VSATCrewCOR
!
!
dial-peer voice 100 voip
description Outbound calls through OmniAccess
translation-profile outgoing TO_OA_SIP
destination-pattern 10...
session protocol sipv2
session target sip-server
voice-class codec 100
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
corlist outgoing VSATOwnerCOR
description Outgoing Guest and Owner
translation-profile outgoing To_VSAT_Owner
destination-pattern 02T
dtmf-relay rtp-nte
fax protocol pass-through g711ulaw
no vad
!
corlist outgoing VSATCrewCOR
description Outgoing Crew
translation-profile outgoing To_VSAT_Crew
dtmf-relay rtp-nte
!
translation-profile incoming OA_Incoming
incoming called-number 3039200
no vad
!
translation-profile incoming OA_Incoming
incoming called-number 3039201
no vad
!
dial-peer voice 103 pots
corlist outgoing VSATOwnerCOR
description Iridium Outgoing Guest and Owner
translation-profile outgoing To_Iridium
port 0/1/1
!
description call to Portals
destination-pattern [4-6].
session target ipv4:10.252.135.254
dtmf-relay rtp-nte
no vad
!
!
!
sip-ua
credentials number 3039200 username 3039200 password 7 000912540D0F0A550A realm
credentials number 3039201 username 3039201 password 7 04560A5406754D1D0C realm
authentication username 3039200 password 7 000912540D0F0A550A realm sip01.omnip
retry invite 1
retry bye 2
timers trying 1000
timers expires 60000
timers connect 1000
timers disconnect 1000
timers prack 1000
timers rel1xx 1000
timers refer 1000
timers register 1000
timers buffer-invite 100
registrar ipv4:92.43.224.12 expires 300
sip-server ipv4:92.43.224.12:5060
!
!
ephone-dn 1 dual-line
number 11 no-reg primary
label 11
description Bridge
name Bridge
corlist incoming VSATOwner
!
!
label 14
description Guest Aft
name Guest Aft
!
!
label 15
description Guest Port
name Guest Port
!
!
label 16
description Guest Starboard
name Guest Starboard
!
!
label 21
description Crewmess
name Crewmess
corlist incoming VSATCrew
!
!
label 23
description Engineroom
name Engineroom
!
!
label 24
description Engineer
name Engineer
!
!
label 25
description Crew Port
name Crew Port
!
!
label 26
description Crew Starboard
name Crew Starboard
!
!
label 27
description Lazarette
name Lazarette
!
!
ephone 1
device-security-mode none
description Bridge
mac-address 042A.E270.A005
max-calls-per-button 2
type 6901
button 1:1
!
!
!
ephone 4
!
!
!
ephone 5
mac-address 042A.E270.9A2D
type 6901
button 1:5
!
!
!
ephone 6
mac-address 042A.E270.9B02
type 6901
button 1:6
!
!
!
ephone 7
mac-address 042A.E270.A22A
type 6901
button 1:7
!
!
!
ephone 10
mac-address 00CA.E540.58D1
type 6901
button 1:10
!
!
!
ephone 11
mac-address 042A.E270.A2B2
type 6901
button 1:11
!
!
!
ephone 12
mac-address 042A.E270.9BC6
type 6901
button 1:12
!
!
!
ephone 13
mac-address 042A.E270.68D6
type 6901
button 1:9
!
!
banner login ^C
********************************************************
********************** WARNING ***********************
********************************************************
* *
* UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED *
* You must have explicit, authorized permission to *
* access or configure this device. *
* Unauthorized attempts and actions to access or use *
* this system may result in civil and/or criminal *
* penalties. *
* *
********************************************************
****************** www.omniaccess.com ******************
********************************************************
^C
alias exec dhcp-gw tclsh flash:get_dhcp_gw.tcl
alias exec clear_nat tclsh flash:clear_nat.tcl
!
line con 0
exec-timeout 15 0
logging synchronous
login authentication local_auth
exec prompt timestamp
transport input none
stopbits 1
line aux 0
exec-timeout 0 1
no exec
transport output none
stopbits 1
line vty 0 4
access-class VTY_Filter in
exec-timeout 15 0
privilege level 15
logging synchronous
length 0
transport preferred ssh
transport input ssh
line vty 5 15
access-class VTY_Filter in
exec-timeout 15 0
privilege level 15
logging synchronous
transport preferred ssh
transport input ssh
!
ntp source GigabitEthernet0/0/1.2
ntp peer 10.252.130.8
ntp peer 172.16.0.1
ntp peer 192.168.252.65
ntp peer 10.252.67.1
ntp server 192.168.20.4 minpoll 10
ntp peer 10.252.65.100
ntp peer 10.252.66.100
ntp peer 10.252.128.100
ntp peer 10.252.130.100
ntp peer 10.252.131.100
ntp peer 10.252.132.100
ntp peer 10.252.133.100
ntp peer 10.252.134.100
ntp peer 10.252.135.100
ntp peer 10.39.2.100
ntp peer 10.252.64.100
ntp peer 192.168.1.254
ntp peer 192.168.252.254
!
!
!
!
event manager applet PLEXUS_EM_VSAT
event track 301 state any
action 1 cli command "enable"
action 1.1 cli command "clear_nat GigabitEthernet0/0/0.80"
action 4 syslog msg "CLEAR-NAT: Track Event VSAT"
event manager applet PLEXUS_EM_4G
action 4 syslog msg "CLEAR-NAT: Track Event 4G"
event manager applet PLEXUS_EM_SHORE
action 4 syslog msg "CLEAR-NAT: Track Event SHORE"
event manager applet PLEXUS_EM_Idiridium
action 4 syslog msg "CLEAR-NAT: Track Event Idiridium"
event manager applet PLEXUS_EM_WIFI
action 4 syslog msg "CLEAR-NAT: Track Event WIFI"
!
end
rtr-39-01#

Config Windrose

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Config Windrose

Uploaded by

Copyright:

Available Formats

login as: omniaccess

Current configuration : 63941 bytes

parameter-map type umbrella global

You might also like