Académique Documents
Professionnel Documents
Culture Documents
!
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
clock timezone WIB 7 0
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name xnet.corp.bi.go.id
!
!
!
ip wccp 61 redirect-list FROM-BANK
ip wccp 62 redirect-list TO-BANK
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
flow record RECORD
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
!
!
flow exporter EXPORTER-1
destination 0.0.0.0
!
!
flow monitor FLOW-MONITOR-1
exporter EXPORTER-1
record RECORD
flow exporter NETFLOW
destination 172.100.100.1
source Loopback0
transport udp 2055
export-protocol netflow-v5
!
!
flow exporter SOLARWINDS
destination 172.100.100.1
source GigabitEthernet0/0/0
transport udp 2055
export-protocol netflow-v5
!
!
flow exporter Netflow-to-Orion
destination 172.100.100.1
transport udp 2055
!
!
flow monitor FLOW-MONITOR-1
exporter EXPORTER-1
record RECORD
!
!
flow monitor Netflow-Monitor-In
exporter Netflow-to-Orion
cache timeout inactive 10
cache timeout active 60
record Netflow-In
!
!
flow monitor Netflow-Monitor-Out
exporter Netflow-to-Orion
cache timeout inactive 10
cache timeout active 60
record Netflow-Out
!
!
!
!
key chain KEY-EIGRP
key 1
key-string XN3T-BI-TLKM
!
!
!
spanning-tree extend system-id
!
username cisco privilege 15 secret tlk@admin
enable secret tlk@admin
!
ip ssh time-out 60
ip ssh version 2
!
crypto key generate rsa modulus 2048 general-keys
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
class-map match-any QOS-RTGS2-CM
match access-group name QOS-RTGS2-ACL
class-map match-any QOS-SKN-CM
match access-group name QOS-SKN-ACL
class-map match-any QOS-ROUTING-CM
match access-group name QOS-ROUTING-ACL
class-map match-any PREC-3
match ip precedence 3
class-map match-any PREC-2
match ip precedence 2
class-map match-any PREC-5
match ip precedence 5
!
!
policy-map QOS-MANAGE-TLK
class PREC-2
shape average 256000
queue-limit 256000 packets
class PREC-3
shape average 512000
queue-limit 51200 packets
class PREC-5
shape average 128000
queue-limit 128000 packets
class class-default
shape average 128000
policy-map QOS-CHECK-TLK
class PREC-5
class PREC-3
class PREC-2
class class-default
policy-map QOS-MARK-PREC
class QOS-SKN-CM
set ip precedence 2
class QOS-RTGS2-CM
set ip precedence 3
class QOS-ROUTING-CM
set ip precedence 5
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 43200
crypto isakmp key (*xn3t*) address 0.0.0.0
!
!
crypto ipsec transform-set BANK-TRANSFORM esp-aes esp-sha-hmac
mode transport
crypto ipsec df-bit clear
!
crypto ipsec profile VPN-XNET
set transform-set BANK-TRANSFORM
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.26.x.119 255.255.255.255
!
interface Loopback1
ip address 172.26.x.120 255.255.255.255
!
interface Loopback2
ip address 172.26.x.121 255.255.255.255
!
interface Loopback3
ip address 172.26.x.122 255.255.255.255
!
interface Tunnel1
bandwidth www
ip address 172.27.0.x 255.255.252.0
no ip redirects
ip mtu 1400
ip wccp 62 redirect in
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 KEY-EIGRP
ip nhrp authentication cisco
ip nhrp map multicast 172.27.255.125
ip nhrp map 172.27.3.254 172.27.255.125
ip nhrp network-id 100001
ip nhrp holdtime 600
ip nhrp nhs 172.27.3.254
ip tcp adjust-mss 1360
load-interval 30
delay 1000
qos pre-classify
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile VPN-XNET
!
interface Tunnel2
bandwidth www
ip address 172.27.4.x 255.255.252.0
no ip redirects
ip mtu 1400
ip wccp 62 redirect in
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 KEY-EIGRP
ip nhrp authentication cisco
ip nhrp map multicast 172.27.255.126
ip nhrp map 172.27.7.254 172.27.255.126
ip nhrp network-id 100002
ip nhrp holdtime 600
ip nhrp nhs 172.27.7.254
ip tcp adjust-mss 1360
load-interval 30
delay 3000
qos pre-classify
tunnel source Loopback1
tunnel mode gre multipoint
tunnel key 100002
tunnel protection ipsec profile VPN-XNET
!
interface Tunnel3
bandwidth www
ip address 172.27.8.x 255.255.252.0
no ip redirects
ip mtu 1400
ip wccp 62 redirect in
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 KEY-EIGRP
ip nhrp authentication cisco
ip nhrp map multicast 172.27.255.253
ip nhrp map 172.27.11.254 172.27.255.253
ip nhrp network-id 100003
ip nhrp holdtime 600
ip nhrp nhs 172.27.11.254
ip tcp adjust-mss 1360
delay 5000
qos pre-classify
tunnel source Loopback2
tunnel mode gre multipoint
tunnel key 100003
tunnel protection ipsec profile VPN-XNET
!
interface Tunnel4
bandwidth www
ip address 172.27.12.x 255.255.252.0
no ip redirects
ip mtu 1400
ip wccp 62 redirect in
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 KEY-EIGRP
ip nhrp authentication cisco
ip nhrp map multicast 172.27.255.254
ip nhrp map 172.27.15.254 172.27.255.254
ip nhrp network-id 100004
ip nhrp holdtime 600
ip nhrp nhs 172.27.15.254
ip tcp adjust-mss 1360
load-interval 30
delay 7000
qos pre-classify
tunnel source Loopback3
tunnel mode gre multipoint
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
permit
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
host
192.168.32.39
192.168.32.40
192.168.32.41
192.168.32.42
192.168.32.43
192.168.32.44
192.168.32.45
192.168.32.46
192.168.32.47
192.168.96.38
192.168.96.39
192.168.96.40
192.168.96.41
192.168.96.42
192.168.96.43
192.168.96.44
192.168.96.45
192.168.96.46
192.168.96.47
192.168.32.7
192.168.32.8
192.168.32.9
192.168.96.7
192.168.96.8
192.168.96.9
192.168.32.245
192.168.32.249
192.168.32.250
192.168.96.245
192.168.96.249
192.168.96.250
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-STATIC
PREFIX-STATIC
PREFIX-STATIC
PREFIX-STATIC
permit
permit
permit
permit
172.25.x.224/29
172.25.x.232/29
172.25.x.0/26
172.25.x.254/32
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-XNET-IN
PREFIX-XNET-IN
PREFIX-XNET-IN
PREFIX-XNET-IN
PREFIX-XNET-IN
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
permit
permit
permit
permit
permit
permit
permit
permit
permit
172.16.16.v/30
172.26.x.119/32
172.26.x.120/32
172.26.x.121/32
172.26.x.122/32
172.26.x.123/32
172.26.x.124/32
172.26.x.125/32
172.26.x.126/32
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
prefix-list
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
PREFIX-XNET-OUT
permit
permit
permit
permit
permit
permit
permit
172.26.x.0/29
172.26.x.8/29
172.25.x.224/29
172.25.x.232/29
172.25.x.254/32
172.25.x.0/26 le 32
172.26.x.0/24 le 32
permit
permit
permit
permit
permit
172.27.255.0/24 le 32
192.168.32.0/24
192.168.96.0/24
172.16.8.32/30
172.16.6.0/30
!
route-map ClearDFBit permit 10
match ip address LAN-BANK
set ip df 0
!
route-map XNET-IN permit 10
match ip address prefix-list PREFIX-XNET-IN
set local-preference 500
!
route-map STATIC-TO-EIGRP permit 10
match ip address prefix-list PREFIX-STATIC
!
route-map XNET-OUT permit 10
match ip address prefix-list PREFIX-XNET-OUT
set community 65xxx:100
!
snmp-server community %BI-TELKOM% RO