HP_InHand_IG502/InHand IG502 configs/ACU302_WIFI_No_Internet_Verizon.cnf

!
#system config
language English
hostname EdgeGateway
ip domain-name edgegateway.com.cn
clock timezone CST6CDT,M3.2.0/2,M11.1.0/2
service password-encryption
!
#log config
log persistent severity 7
!
#user config
username ASS privilege 15 password $1$EmiUWl8i$lO4gaFNPRI3xC9tJXSl7/0
!
enable password $1$kvwao0Sc$zzKGmDaqupdkXYaaObwJx/
!
#aaa config
!
#cron config
chronos reboot every day 3 5
remote-login retry 20
!
#alarm config
!
#loopback config
interface loopback 1
  ip address 127.0.0.1 255.0.0.0
!
!
#ethernet interface config
interface fastethernet 0/1
  track l2-state
!
interface fastethernet 0/2
!
!
#Ethernet sub interface config
!
#cellular config
cellular 1 gsm profile 1 so01.vzwstatic use-blank-dialno auto  
cellular 1 gsm profile 2 ss01.vzwstatic use-blank-dialno auto  
cellular 1 dial interval 10
cellular 1 signal interval 120
cellular 1 network auto
cellular 1 dual-sim enable
cellular 1 dual-sim main 1
cellular 1 dual-sim policy redial 5
cellular 1 sms mode text
cellular 1 sms interval 30
!
interface cellular 1
  dialer profile 1
  dialer profile 1 secondary
  dialer timeout 120
  dialer activate auto
  ip address negotiated
  ip mru 1500
  ip mtu 1500
  ppp ipcp dns request
  ppp keepalive 55 5
!
!
#dot11 config
dot11 ssid 0x416D657275735F43616D6572615F547261696C65725F333032
  authentication key-management wpa 2
  guest-mode
  wpa-psk ascii $AES$141379B1941FC8B4F060D86C067FEA7D
!
interface dot11radio 1
  ip address 192.168.2.1 255.255.255.0
  ssid 0x416D657275735F43616D6572615F547261696C65725F333032
  encryption mode ciphers aes-ccm
  802.11n bandwidth 20
!
!
#bridge config
!
bridge 1
!
interface bridge 1
  ip address 192.168.1.1 255.255.255.0
!
interface fastethernet 0/2
  bridge-group 1
!
interface fastethernet 0/1
  bridge-group 1
!
!
!
#dialer config
!
#ipsec config
crypto ipsec-daemon stop
!
#l2tp config
!
#openvpn config
!
#openvpn server config
!
#web config
ip web-access timeout 300
ip https server port 9191
ip https access enable
!
#device-manager config
device-manager enable
device-manager server iot.inhandnetworks.com
device-manager tls
device-manager account nmelone@henry-pump.com
device-manager location gps
!
#InConnect config
!
#Erlang config
erlang mode off
!
#telnet server config
no ip telnet server
no ip telnet access enable
!
#ssh server config
ip ssh server port 22
crypto ssh-key generate rsa modulus 1024
ip ssh access enable
!
#dhcp-relay config
!
#dns-relay config
ip dns-relay server
!
#dhcp server config
interface bridge 1
  ip dhcp-server enable
  ip dhcp-server range 192.168.1.2 192.168.1.254
  ip dhcp-server lease 1440
!
interface dot11radio 1
  ip dhcp-server enable
  ip dhcp-server range 192.168.2.2 192.168.2.254
  ip dhcp-server lease 1440
!
!
#dns config
!
#ip host config
!
#ddns config
!
#snmp config

#ovdp config
!
!

#dockerd config
!

#portainer config
!

#Azure IoT Edge config
!

#AWS IoT Greengrass config
!
#ntp server config
  ntp master 2
  ntp server 0.pool.ntp.org
  ntp server 1.pool.ntp.org
  ntp server 2.pool.ntp.org
  ntp server 3.pool.ntp.org
!
!

#Telegraf config
!
#email config
!
#sntp client config
sntp-client
sntp-client server 0.pool.ntp.org port 123
sntp-client server 1.pool.ntp.org port 123
sntp-client server 2.pool.ntp.org port 123
sntp-client server 3.pool.ntp.org port 123
!
#gre config
!
#static route config
ip route 0.0.0.0 0.0.0.0 cellular 1 253
!
#rip config
!
!
#ospf config
!
!
#filtering config
!
#bgp config
!
!
#firewall config
!
!
interface cellular 1
  ip access-group 192 admin
!
interface dot11radio 1
  ip access-group 150 in
  ip access-group 150 out
!
access-list 100 10 permit ip any any 
access-list 101 10 permit ip any any 
access-list 102 10 permit ip any any 
access-list 150 9 permit tcp any 192.168.1.0 0.0.0.255 eq 8000 
access-list 150 9 remark Allow to NVR
access-list 150 10 deny tcp 192.168.2.0 0.0.0.255 any 
access-list 150 10 remark Block Internet
access-list 192 10 permit tcp any any eq 443 log
access-list 192 20 deny tcp any any eq 80 
access-list 192 30 deny tcp any any eq 23 
access-list 192 50 deny tcp any any eq 53 
access-list 192 60 deny udp any any eq 53 
access-list 192 70 permit tcp 216.82.205.207 0.0.0.0 any eq 22 log
access-list 192 80 permit tcp 172.85.171.82 0.0.0.0 any eq 22 log
access-list 192 90 deny tcp any any eq 22 log
interface fastethernet 0/1
  ip nat outside
!
interface bridge 1
  ip nat inside
!
interface cellular 1
  ip nat outside
!
!
ip snat inside list 101 interface fastethernet 0/1 
ip snat inside list 100 interface cellular 1 
ip dnat outside static tcp interface cellular 1 3327 192.168.1.27 3327 description Ubiquiti 
ip dnat outside static tcp interface cellular 1 8000 192.168.1.22 8000 description NVR_IVMS 
ip dnat outside static udp interface cellular 1 554 192.168.1.22 554 description RTSP 
ip dnat outside static tcp interface cellular 1 554 192.168.1.22 554 description NVR 
ip dnat outside static tcp interface cellular 1 559 192.168.1.22 559 description NVR 
ip dnat outside static tcp interface cellular 1 22 192.168.1.22 22 description NVR 
ip dnat outside static tcp interface cellular 1 3200 192.168.1.22 80 description NVR 
ip dnat outside static tcp interface cellular 1 3322 192.168.1.22 3322 description NVR 
!
!
!
!
!
#tcp mss config
ip tcp adjust-mss 1360
!
!
!
#netwatcher config
!
!
#sla config
!
#track config
!
#vrrpd config
!
#backup config
!
#mroute config
!
#cert config
!
!
#cert enroll config
crypto key generate rsa general-keys modulus 1024
!
!
#dls config
!
#gps config
  gps enable
!
#gps serial config
!
#gps server config
!
#gps client config
!
#Serial Configuration
serial 1
!
serial 2
!
!
#python config
python enable
python log username adm password $AES$BFA541FA10FA3B041CBA4412D12C52B8
python app 1 on
python appcmd 1 logsize 1 2
device_supervisor 
quit
!
!
#Modbus IO Configuration
!
#traffic-stated config
interface cellular 1
    traffic-stated statistic
!
!
#data-usage config
data-usage sim1
  daily units MB
  daily limit 35
  monthly units GB
  monthly limit 1
!
interface cellular 1
    traffic-stated sim 1 data-usage sim1
    traffic-stated sim 1 daily-action only-report
    traffic-stated sim 1 monthly-action only-report
    traffic-stated sim 1 monitoring
!
#end of configuration