acl number 3000
rule 5 permit ip source 10.2.208.0 0.0.1.255 destination 10.2.235.0 0.0.0.255
rule 10 permit ip source 10.2.208.0 0.0.1.255 destination 172.16.2.0 0.0.0.255
acl number 3001
rule 5 deny ip source 10.2.208.0 0.0.1.255 destination 10.2.235.0 0.0.0.255
rule 10 permit ip
#
ipsec proposal map115
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#
ike proposal 1
encryption-algorithm aes-cbc-128
dh group2
#
ike peer map115 v1
pre-shared-key cipher %$%$mppm<nt'U/;+L:IR>}_#,.2n%$%$
ike-proposal 1
remote-address 219.145.61.162
#
ipsec policy map1 15 isakmp
security acl 3000
ike-peer map115
proposal map115
firewall zone Local
priority 64
#
nat address-group 1 117.36.197.65 117.36.197.94
#
interface GigabitEthernet0/0/0
tcp adjust-mss 1460
ip address 124.89.70.119 255.255.255.192
ipsec policy map1
nat server protocol tcp global interface GigabitEthernet 0/0/0 1082 inside 10.2.208.243 1082
nat server protocol tcp global interface GigabitEthernet 0/0/0 11111 inside 10.2.208.243 11111
nat server protocol udp global interface GigabitEthernet 0/0/0 1082 inside 10.2.208.243 1082
nat server protocol udp global current-interface 1083 inside 10.2.208.132 1083
nat server protocol tcp global current-interface 1083 inside 10.2.208.132 1083
nat server protocol tcp global current-interface 38001 inside 10.2.208.202 38001
nat server protocol tcp global current-interface 38007 inside 10.2.208.202 38007
nat server protocol tcp global current-interface 38005 inside 10.2.208.202 38005
nat server protocol tcp global current-interface 38004 inside 10.2.208.202 38004
nat server protocol tcp global current-interface 38003 inside 10.2.208.202 38003
nat server protocol tcp global current-interface 38002 inside 10.2.208.202 38002
nat server protocol tcp global current-interface 6060 inside 10.2.208.202 6060
nat server protocol tcp global current-interface 1090 inside 10.2.208.132 1090
nat server protocol udp global current-interface 1090 inside 10.2.208.132 1090
nat server protocol tcp global current-interface 1091 inside 10.2.208.132 1091
nat server protocol udp global current-interface 1091 inside 10.2.208.132 1091
nat server protocol tcp global current-interface 1084 inside 10.2.208.216 4084
nat server protocol udp global current-interface 1084 inside 10.2.208.216 1084
nat server protocol tcp global current-interface 1086 inside 10.2.208.216 1086
nat server protocol udp global current-interface 1086 inside 10.2.208.216 1086
nat server protocol tcp global current-interface 1111 inside 10.2.208.132 1111
nat outbound 3001
#
interface GigabitEthernet0/0/1
tcp adjust-mss 1460
ip address 10.2.208.254 255.255.254.0
#
interface GigabitEthernet0/0/2
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
ssh user huawei authentication-type all
sftp server enable
stelnet server enable
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 124.89.70.65
ip route-static 10.2.235.0 255.255.255.0 GigabitEthernet0/0/0 preference 20
#