Router Configuration File

! --- Initialization ---
en
config t
hostname R1
no ip domain lookup
enable secret cisco

line con 0
password cisco
login

exit

line vty 0 15
password cisco
login
exit

service password-encryption

! --- MANAGEMENT Access Control List ---
ip access-list extended MANAGEMENT
permit ip 10.0.1.0 0.0.0.255 any
permit ip 10.0.0.0 0.0.0.255 any
permit ip 10.0.9.0 0.0.0.255 any
deny ip any any
exit

! --- DHCP Exclusions and Pools---
ip dhcp excluded-address 10.0.0.1 10.0.0.50
ip dhcp excluded-address 10.0.1.1 10.0.1.50
ip dhcp excluded-address 10.0.9.1 10.0.9.50
ip dhcp excluded-address 10.1.0.1 10.1.0.50
ip dhcp excluded-address 10.1.1.1 10.1.1.50
ip dhcp excluded-address 10.2.0.1 10.2.0.50
ip dhcp excluded-address 10.2.1.1 10.2.1.50
ip dhcp excluded-address 10.3.0.1 10.3.0.50
ip dhcp excluded-address 10.3.1.1 10.3.1.50
ip dhcp excluded-address 10.99.99.1 10.99.99.50

ip dhcp pool MANAGEMENT
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 10.0.9.10
domain-name internal.FMJSystems.com
exit

ip dhcp pool SIMINTERNET
network 10.99.99.0 255.255.255.0
default-router 10.99.99.1
dns-server 10.99.99.5
exit

ip dhcp pool FMJ-PUB
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 10.0.2.5
domain-name FMJSystems.com
exit

ip dhcp pool FMJ-PRV
network 10.0.2.0 255.255.255.0
default-router 10.0.2.1
dns-server 10.0.2.5
domain-name internal.FMJSystems.com
exit

ip dhcp pool SHARED-SERVICES
network 10.0.9.0 255.255.255.0
default-router 10.0.9.1
dns-server 10.0.9.10
domain-name internal.FMJSystems.com
exit

ip dhcp pool ADATUM-PUB
network 10.1.0.0 255.255.255.0
default-router 10.1.0.1
dns-server 10.1.1.5
domain-name Adatum.com
exit

ip dhcp pool ADATUM-PRV
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
dns-server 10.1.1.5
domain-name internal.Adatum.com
exit

ip dhcp pool CONTOSO-PUB
network 10.2.0.0 255.255.255.0
default-router 10.2.0.1
dns-server 10.2.1.5
domain-name Contoso.com
exit

ip dhcp pool CONTOSO-PRV
network 10.2.1.0 255.255.255.0
default-router 10.2.1.1
dns-server 10.2.1.5
domain-name internal.Contoso.com
exit

ip dhcp pool FABRIKAM-PUB
network 10.3.0.0 255.255.255.0
default-router 10.3.0.1
dns-server 10.3.1.5
domain-name Fabrikam.com
exit

ip dhcp pool FABRIKAM-PRV
network 10.3.1.0 255.255.255.0
default-router 10.3.1.1
dns-server 10.3.1.5
domain-name internal.Fabrikam.com
exit

! --- Interface and subinterface Configuration---
interface GigabitEthernet0/0/0
no shut
exit

interface GigabitEthernet0/0/0.5
description MANAGEMENT
encapsulation dot1q 5
ip address 10.0.0.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.10
description FMJ-PUB
encapsulation dot1q 10
ip address 10.0.1.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.20
description FMJ-PRV
encapsulation dot1q 20
ip address 10.0.2.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.90
description SHARED-SERVICES
encapsulation dot1q 90
ip address 10.0.9.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.100
description ADATUM-PUB
encapsulation dot1q 100
ip address 10.1.0.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.101
description ADATUM-PRV
encapsulation dot1q 101
ip address 10.1.1.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.200
description CONTOSO-PUB
encapsulation dot1q 200
ip address 10.2.0.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.201
description CONTOSO-PRV
encapsulation dot1q 201
ip address 10.2.1.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.300
description FABRIKAM-PUB
encapsulation dot1q 300
ip address 10.3.0.1 255.255.255.0
ip nat inside
no shut

interface GigabitEthernet0/0/0.301
description FABRIKAM-PRV
encapsulation dot1q 301
ip address 10.3.1.1 255.255.255.0
ip nat inside
no shut
exit

! --- Simulated Internet Subinterface ---
interface GigabitEthernet0/0/0.99
description SIMULATED-INTERNET
encapsulation dot1q 99
ip address 10.99.99.1 255.255.255.0
ip nat outside
no shut

interface GigabitEthernet0/0/0
ip nat inside
exit

! --- ACL TO DENY SIMULATED INTERNET FROM REACHING LOCAL ADDRESSESS ---
ip access-list extended SIM-INT-DENY
permit ip 10.99.99.0 0.0.0.255 10.99.99.0 0.255.255.255
deny ip 10.99.99.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip any any
interface GigabitEthernet0/0/0.99
ip access-group SIM-INT-DENY in
exit

! --- NAT Configuration for internet ---
access-list 1 permit 10.0.0.0 0.255.255.255

ip nat inside source list 1 interface GigabitEthernet0/0/0.99 overload
ip route 0.0.0.0 0.0.0.0 10.99.99.254
ip name-server 10.0.9.10

! --- Port Forwarding for Tenant and FMJ VPN ---
ip nat inside source static udp 10.0.0.10 51819 interface g0/0/0.99 51819
ip nat inside source static udp 10.0.1.2 51820 interface g0/0/0.99 51820
ip nat inside source static udp 10.1.0.2 51821 interface g0/0/0.99 51821
ip nat inside source static udp 10.2.0.2 51822 interface g0/0/0.99 51822
ip nat inside source static udp 10.3.0.2 51823 interface g0/0/0.99 51823

! --- STOP HTTP SERVER ---
no ip http server
no ip http secure-server

! --- Port Forwarding Nginx Proxy Manager ---
! --- May have to wait for HTTP/S Server to stop
ip nat inside source static tcp 10.0.9.5 80 interface g0/0/0.99 80
ip nat inside source static tcp 10.0.9.5 443 interface g0/0/0.99 443