Here is my Cisco router Cube confiuration with Cbeyond. This device is also routing internet traffic with NAT and VPN
Building configuration…
Current configuration : 9249 bytes
!
! Last configuration change at 17:06:31 UTC Wed Mar 23 2011 by admin
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
!
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip domain name fintechcommunications.com
ip name-server 66.180.96.12
ip name-server 64.238.96.12
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice service voip
ip address trusted list
ipv4 192.168.22.212
ipv4 192.168.1.8
ipv4 192.168.1.4
ipv4 192.168.1.6
ipv4 192.168.1.7
ipv4 192.168.1.5
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
sip
header-passing sip-sip
error-passthru
registrar server expires max 3600 min 3600
asserted-id pai
localhost dns:sipconnect.lax0.cbeyond.net
no update-callerid
history-info
midcall-signaling passthru
privacy-policy passthru
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
!
voice class sip-profiles 3
request INVITE sip-header Diversion remove
!
!
voice register global
max-dn 56
max-pool 14
!
!
!
voice translation-rule 103
rule 1 /^\([2-9]………\)/ /+1\1/
rule 2 /^\(………..\)/ /+\1/
rule 3 /^\(………..\)/ /+\1/
!
!
voice translation-profile AddPlusForOCS
translate calling 103
!
!
voice-card 0
dsp services dspfarm
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-4115930597
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4115930597
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-4115930597
certificate self-signed 01
30820259 308201C2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313135 39333035 3937301E 170D3130 31303233 32303134
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31313539
33303539 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E484 DAF0ED87 E1F979E8 D0A6C630 6369BAFD 2F8C4B3C 07CF9A67 6B1A6BEE
B9506A0F B7200800 8BD32A9B F458EA47 26E16E25 3C9CEC9E 6A0CFF3E 0A5FD71E
533E407D 464EBCE4 BAA207DB 91C7DD91 E90FD5BE F8227A83 AF142B88 F3567B3F
0CFC7BD4 5FDB91E7 25A80338 1A7919AA B30A8AE3 27709D93 3C536EFA A9180CBA
63010203 010001A3 8180307E 300F0603 551D1301 01FF0405 30030101 FF302B06
03551D11 04243022 8220526F 75746572 2E66696E 74656368 636F6D6D 756E6963
6174696F 6E732E63 6F6D301F 0603551D 23041830 16801488 C0A982B5 B855FEA9
01638892 F686E641 9109DD30 1D060355 1D0E0416 041488C0 A982B5B8 55FEA901
638892F6 86E64191 09DD300D 06092A86 4886F70D 01010405 00038181 00A8FD12
813B61B7 FA59258C 33DF9492 ABA41BCC CEE24A6D 91AD0660 E246BC77 0774CF61
1A7A31B2 3D149F97 C780CD4B C8306F96 75EE6DB9 F29A4CF1 BA09C3EA D052B8BC
7B990641 C98A509B 8FCE7ABB 10BD91F8 67CB7916 571A5B45 AECC228D 37730139
A977E465 8D8D04C5 8A5F19CB 468C3DED 3D221847 37A8851E E481C864 9D
quit
!
!
license udi pid CISCO2811 sn FTX1236A3AZ
username admin privilege 15 password 0 XXXXX
username fintech secret 5 XXXXXXXX!
redundancy
!
!
controller T1 0/0/0
!
!
crypto ctcp
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXX address 0.0.0.0 0.0.0.0
!
crypto isakmp client configuration group fintech
key XXXXX pool SDM_POOL_1
acl 101
save-password
crypto isakmp profile sdm-ike-profile-1
match identity group fintech
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set pfs group2
set isakmp-profile sdm-ike-profile-1
!
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA1
match address 100
!
!
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.6 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-WAN$
ip address 74.7.XXX.XXX 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
ip local pool SDM_POOL_1 192.168.1.225 192.168.1.235
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.2 25 74.7.221.xxx.xxx route-map nonat extendable
ip nat inside source static tcp 192.168.1.2 443 74.7.221.xxx.xxx 443 route-map nonat extendable
ip nat inside source static tcp 192.168.1.2 1328 74.7.221.xxx.xxx 1328 route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 22 74.7.221.xxx.xxx 22 route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 25 74.7.221.xxx.xxx 25 route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 53 74.7.221.xxx.xxx 53 route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 80 74.7.221.xxx.xxx route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 110 74.7.221.xxx.xxx route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 143 74.7.221.xxx.xxx route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 443 74.7.221.xxx.xxx route-map nonat extendable
ip nat inside source static tcp 192.168.1.3 10000 74.7.221.xxx.xxx10000 route-map nonat extendable
ip route 0.0.0.0 0.0.0.0 74.7.221.xxx.xxx
!
logging esm config
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=16
access-list 102 remark IPSec Rule
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 150 deny ip host 192.168.1.2 192.168.2.0 0.0.0.255
access-list 150 permit ip host 192.168.1.2 any
access-list 150 deny ip host 192.168.1.3 192.168.2.0 0.0.0.255
access-list 150 permit ip host 192.168.1.3 any
access-list 150 deny ip host 192.168.1.7 192.168.2.0 0.0.0.255
access-list 150 permit ip host 192.168.1.7 any
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
route-map nonat permit 10
match ip address 150
!
!
!
!
control-plane
!
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
!
!
mgcp profile default
!
!
dial-peer voice 9 voip
destination-pattern .T
session protocol sipv2
session target sip-server
incoming called-number 9T
voice-class codec 1
dtmf-relay rtp-nte
!
dial-peer voice 1 voip
description lync
translation-profile outgoing AddPlusForOCS
destination-pattern 949…….
session protocol sipv2
session target ipv4:192.168.1.7
session transport tcp
incoming called-number 949…….
voice-class sip dtmf-relay force rtp-nte
voice-class sip early-offer forced
voice-class sip profiles 3
voice-class sip block 183 sdp present
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 2 voip
description Cucm8
destination-pattern 9492003010
session protocol sipv2
session target ipv4:192.168.1.4
incoming called-number 9492003010
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
no vad
!
!
sip-ua
credentials username 949XXXXXXX password 7 XXXX realm default
authentication username 949XXXXXXX password 7 XXXXX no remote-party-id
retry invite 2
retry register 10
timers connect 100
registrar dns:sipconnect.lax0.cbeyond.net expires 3600
sip-server dns:sipconnect.lax0.cbeyond.net
connection-reuse
host-registrar
!
!
!
telephony-service
no auto-reg-ephone
max-ephones 35
max-dn 144
max-redirect 5
max-conferences 8 gain -6
web admin system name admin secret 5 XXXXXXX transfer-system full-consult
!
!
ephone-dn 34
number 9492003010
description SIP VM trunk registration
preference 10
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
transport output telnet ssh
line vty 5 100
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
end