sorry .... got really busy.... here's a simple template but it does not have everything.... pay attention to .... You'll need to replace them with data. There are a LOT of additional things you can add to lock it down further but not knowing your infrastructure will limit what I can do... This was written in a rush so try it and let me know if this is good enough....
You may want to add an acl with the GLOBAL address you internal systems are natted from to the vty 0 15... that way you can telnet to it from inside your network....
service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone ! hostname ! logging buffered 4096 debugging < YOU MAY WANT TO BUMP THIS UP TO 8-16 MB>
no logging console ! clock timezone clock summer-time recurring ip subnet-zero ip cef ! username privilege 15 secret 5 ! no ip domain-lookup ip domain-name
! ! interface Loopback0 ip address !
----------------------IF FRAME-RELAY-------------------------------------------------------------------------------------- interface Serial0/0 no ip address encapsulation frame-relay no fair-queue service-module t1 timeslots 1-6 < this is a 384k config... just think of each timeslot as 64k...all the way to 24slots.>
frame-relay lmi-type cisco ! interface Serial0/0.1 point-to-point description remote link ip address 255.255.255.252 frame-relay interface-dlci
ip access-group border in !
-------------------------------------------------------------------------------------------------------------------------- !
-------------------------------IF A POINT-TO-POINT---------------------------------------------------------------------
interface Serial0/0 ip address no fair-queue service-module t1 timeslots 1-6 < this is a 384k config... just think of each timeslot as 64k...all the way to 24slots.>
ip access-group border in no ip redirects
--------------------------------------------------------------------------------------------------------------------------- ! interface FastEthernet0/0 description
******************************************************************************
******************************************************************************
- !!!! for use by authorized personnel only !!!! *
- This system is for the use of authorized IT personnel only *
- Individuals using this system without authority, or in excess *
- of their authority, are subject to having all of their activities on *
- this system monitored and recorded by system personnel. *
- In the course of monitoring individuals improperly using this system, *
- or in the course of system maintenance, the activities of authorized *
- users may also be monitored. *
- Anyone using this system expressly consents to such monitoring and is *
- advised that if such monitoring reveals possible evidence of criminal *
- activity, system personnel may provide the evidence of such monitoring *
- to law enforcement officials. *
****************************************************************************** ^C ! line con 0 password 7 login local ! line aux 0 password 7 logging synchronous login modem InOut transport input all flowcontrol hardware ! line vty 0 15 privilege level 15 password 7 logging synchronous login local transport input telnet ssh !