karoto
22-05-07, 16:28
Καλησπερα
Εχω σοβαρο προβλημα με το Wireless :( καταφερα να το κανω να μου ζητήσει Open Authentication αλλα δε ξερω πως θα το βάλω σε καποιο Pool id για να μπεί στο εσωτερικό δίκτυο της εταιρίας , συγκεκριμένα πως θα το αντιστοιχίσω να παίρνει μια απο τις ελεύθερες IP απο το DHCP :( σας επισυνάπτω το show running
Αυτο που μου κάνει τώρα ειναι οτι Βρίσκει το δίκτυο Κανει connect αλλα το windows xp δε παιρνει καποια IP και χειροκίνητο να το βάλω παλι δε κανει Ping πουθενα..τι εχω γράψει λάθος ?
Current configuration : 17661 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname heimdall
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec local_author local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_1 local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 2
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.24
ip dhcp excluded-address 192.168.1.51 192.168.1.254
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
domain-name shit.gr
default-router 192.168.1.2
dns-server 192.168.1.200 <snip>1.4
!
ip dhcp pool wlan
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
!
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM pptp
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW pptp
ip inspect name SDM_LOW l2tp
ip inspect name SDM_LOW gtpv0
ip inspect name SDM_LOW gtpv1
ip inspect name SDM_LOW ddns-v3
ip inspect name SDM_LOW dnsix
ip inspect name SDM_LOW ldap-admin
ip inspect name SDM_LOW ldap
ip inspect name SDM_LOW ldaps
ip inspect name SDM_LOW netbios-ns
ip inspect name SDM_LOW wins
ip inspect name SDM_LOW daytime
ip inspect name SDM_LOW ntp
ip inspect name SDM_LOW time
ip inspect name SDM_LOW timed
ip inspect name SDM_LOW hsrp
ip inspect name SDM_LOW router
ip inspect name SDM_LOW fragment maximum 256 timeout 1
ip inspect name SDM_LOW snmp
ip inspect name SDM_LOW snmptrap
ip inspect name SDM_LOW syslog
ip inspect name SDM_LOW syslog-conn
ip inspect name SDM_LOW tacacs
ip inspect name SDM_LOW kerberos
ip inspect name SDM_LOW radius
ip inspect name SDM_LOW tacacs-ds
ip inspect name SDM_LOW ident
ip inspect name SDM_LOW ace-svr
ip inspect name SDM_LOW bootpc
ip inspect name SDM_LOW bootps
ip inspect name SDM_LOW dhcp-failover
ip inspect name SDM_LOW discard
ip inspect name SDM_LOW echo
ip inspect name SDM_LOW finger
ip inspect name SDM_LOW gopher
ip inspect name SDM_LOW igmpv3lite
ip inspect name SDM_LOW ipx
ip inspect name SDM_LOW pwdgen
ip inspect name SDM_LOW rsvd-tcp
ip inspect name SDM_LOW rsvp-encap
ip inspect name SDM_LOW rsvp_tunnel
ip inspect name SDM_LOW socks
ip inspect name SDM_LOW vqp
ip inspect name sdm_ins_in_100 ms-sql
ip inspect name sdm_ins_in_100 ms-sql-m
ip inspect name sdm_ins_in_100 sqlserv
ip inspect name sdm_ins_in_100 sqlsrv
ip flow-cache timeout active 1
ip tcp synwait-time 10
no ip bootp server
ip domain name shit.gr
ip name-server 192.168.1.200
ip name-server <snip>1.4
ip ssh time-out 60
ip ssh authentication-retries 2
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
!
!
crypto pki trustpoint TP-self-signed-3728515407
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3728515407
revocation-check none
rsakeypair TP-self-signed-3728515407
!
!
crypto pki certificate chain TP-self-signed-3728515407
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373238 35313534 3037301E 170D3032 30333031 30303038
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37323835
31353430 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B5DB B3C1CA7C 1CA308C0 0C93E0C8 4FCEDED6 7AA2EAA8 6BBBC54C 47D79FD6
19D69AB5 4FDD327A 5AC62E18 B33CFAB3 E952B771 B28D627C 8C2F2478 61CCF4CC
ADCB9AAA 2124AE62 D737BF9E 4E596A4D 6D152F99 144BD1F0 EF225F43 E363C815
quit
username root privilege 15 secret 5
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Staff
key <snip>
dns 192.168.1.200
domain shit.gr
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
encryption mode ciphers tkip
!
ssid lab
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 1111111111111111
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip address 10.10.10.1 255.255.255.0
no snmp trap link-status
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect sdm_ins_in_100 in
ip inspect SDM_LOW out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname EXMEXM
ppp chap password 7 EXMEXM
ppp pap sent-username
crypto map SDM_CMAP_1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.1.2 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip local pool SDM_POOL_1 10.1.1.1 10.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip flow-export source FastEthernet0
ip flow-export version 5
ip flow-export destination 192.168.1.200 9996
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool inside 192.168.1.1 192.168.1.255 netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.220 1433 interface Dialer0 1433
ip nat inside source static tcp 192.168.1.60 873 interface Dialer0 873
ip nat inside source static tcp 192.168.1.111 5900 interface Dialer0 5900
ip nat inside source static tcp 192.168.1.60 5912 interface Dialer0 5912
ip nat inside source static tcp 192.168.1.60 5901 interface Dialer0 5901
ip nat inside source static tcp 192.168.1.60 5500 interface Dialer0 5500
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.11 4699 interface Dialer0 4699
ip nat inside source static tcp 192.168.1.11 4689 interface Dialer0 4689
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp host 192.168.1.200 eq domain any
access-list 100 deny ip <snip>31.40 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host <snip>1.2 eq domain any
access-list 101 permit udp host <snip>0.2 eq domain any
access-list 101 permit udp host <snip>0.2 eq domain host <snip>31.43
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any host <snip>31.43 echo-reply
access-list 101 permit icmp any host <snip>31.43 time-exceeded
access-list 101 permit icmp any host <snip>31.43 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ahp any host <snip>28.106
access-list 102 permit esp any host <snip>28.106
access-list 102 permit udp any host <snip>28.106 eq isakmp
access-list 102 permit udp any host <snip>31.44 eq non500-isakmp
access-list 102 remark ping
access-list 102 permit icmp any any echo
access-list 102 deny tcp any host <snip>31.43 eq 873
access-list 102 permit tcp any host <snip>31.43 eq 1433
access-list 102 remark uvnc listen
access-list 102 permit tcp any host <snip>31.43 eq 5901
access-list 102 remark uvnc listen
access-list 102 permit tcp any host <snip>31.43 eq 5912
access-list 102 remark uvnc
access-list 102 permit tcp any host <snip>31.43 eq 5500
access-list 102 remark uvnc direct
access-list 102 permit tcp any host <snip>31.43 eq 5900
access-list 102 permit udp host <snip>1.4 eq domain any
access-list 102 permit udp host <snip>0.2 eq domain any
access-list 102 permit ip host 10.1.1.1 any
access-list 102 permit ip host 10.1.1.2 any
access-list 102 permit ip host 10.1.1.3 any
access-list 102 permit ip host 10.1.1.4 any
access-list 102 permit ip host 10.1.1.5 any
access-list 102 permit udp any host <snip>31.43 eq non500-isakmp
access-list 102 permit udp any any eq non500-isakmp
access-list 102 permit udp any host <snip>31.43 eq isakmp
access-list 102 permit udp any any eq isakmp
access-list 102 permit esp any host <snip>31.43
access-list 102 permit esp any any
access-list 102 permit ahp any host <snip>31.43
access-list 102 permit ahp any any
access-list 102 remark uTorrent Panos
access-list 102 permit tcp any host <snip>31.43 eq 52555
access-list 102 permit udp any host <snip>31.43 eq 4699
access-list 102 permit tcp any host <snip>31.43 eq 4689
access-list 102 permit udp host <snip>1.2 eq domain host <snip>31.43
access-list 102 permit udp host <snip>0.2 eq domain host <snip>31.43
access-list 102 remark GRE tunneling
access-list 102 permit gre any any log
access-list 102 deny ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any host <snip>31.43 echo-reply
access-list 102 permit icmp any host <snip>31.43 time-exceeded
access-list 102 permit icmp any host <snip>31.43 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip any host 10.1.1.1
access-list 103 deny ip any host 10.1.1.2
access-list 103 deny ip any host 10.1.1.3
access-list 103 deny ip any host 10.1.1.4
access-list 103 deny ip any host 10.1.1.5
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 remark VTY Access-class list
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 deny ip any any
dialer-list 1 protocol ip permit
snmp-server community router RO
snmp-server ifindex persist
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 103
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 104 in
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Εχω σοβαρο προβλημα με το Wireless :( καταφερα να το κανω να μου ζητήσει Open Authentication αλλα δε ξερω πως θα το βάλω σε καποιο Pool id για να μπεί στο εσωτερικό δίκτυο της εταιρίας , συγκεκριμένα πως θα το αντιστοιχίσω να παίρνει μια απο τις ελεύθερες IP απο το DHCP :( σας επισυνάπτω το show running
Αυτο που μου κάνει τώρα ειναι οτι Βρίσκει το δίκτυο Κανει connect αλλα το windows xp δε παιρνει καποια IP και χειροκίνητο να το βάλω παλι δε κανει Ping πουθενα..τι εχω γράψει λάθος ?
Current configuration : 17661 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname heimdall
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec local_author local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_1 local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 2
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.24
ip dhcp excluded-address 192.168.1.51 192.168.1.254
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
domain-name shit.gr
default-router 192.168.1.2
dns-server 192.168.1.200 <snip>1.4
!
ip dhcp pool wlan
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
!
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM pptp
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW pptp
ip inspect name SDM_LOW l2tp
ip inspect name SDM_LOW gtpv0
ip inspect name SDM_LOW gtpv1
ip inspect name SDM_LOW ddns-v3
ip inspect name SDM_LOW dnsix
ip inspect name SDM_LOW ldap-admin
ip inspect name SDM_LOW ldap
ip inspect name SDM_LOW ldaps
ip inspect name SDM_LOW netbios-ns
ip inspect name SDM_LOW wins
ip inspect name SDM_LOW daytime
ip inspect name SDM_LOW ntp
ip inspect name SDM_LOW time
ip inspect name SDM_LOW timed
ip inspect name SDM_LOW hsrp
ip inspect name SDM_LOW router
ip inspect name SDM_LOW fragment maximum 256 timeout 1
ip inspect name SDM_LOW snmp
ip inspect name SDM_LOW snmptrap
ip inspect name SDM_LOW syslog
ip inspect name SDM_LOW syslog-conn
ip inspect name SDM_LOW tacacs
ip inspect name SDM_LOW kerberos
ip inspect name SDM_LOW radius
ip inspect name SDM_LOW tacacs-ds
ip inspect name SDM_LOW ident
ip inspect name SDM_LOW ace-svr
ip inspect name SDM_LOW bootpc
ip inspect name SDM_LOW bootps
ip inspect name SDM_LOW dhcp-failover
ip inspect name SDM_LOW discard
ip inspect name SDM_LOW echo
ip inspect name SDM_LOW finger
ip inspect name SDM_LOW gopher
ip inspect name SDM_LOW igmpv3lite
ip inspect name SDM_LOW ipx
ip inspect name SDM_LOW pwdgen
ip inspect name SDM_LOW rsvd-tcp
ip inspect name SDM_LOW rsvp-encap
ip inspect name SDM_LOW rsvp_tunnel
ip inspect name SDM_LOW socks
ip inspect name SDM_LOW vqp
ip inspect name sdm_ins_in_100 ms-sql
ip inspect name sdm_ins_in_100 ms-sql-m
ip inspect name sdm_ins_in_100 sqlserv
ip inspect name sdm_ins_in_100 sqlsrv
ip flow-cache timeout active 1
ip tcp synwait-time 10
no ip bootp server
ip domain name shit.gr
ip name-server 192.168.1.200
ip name-server <snip>1.4
ip ssh time-out 60
ip ssh authentication-retries 2
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
!
!
crypto pki trustpoint TP-self-signed-3728515407
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3728515407
revocation-check none
rsakeypair TP-self-signed-3728515407
!
!
crypto pki certificate chain TP-self-signed-3728515407
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373238 35313534 3037301E 170D3032 30333031 30303038
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37323835
31353430 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B5DB B3C1CA7C 1CA308C0 0C93E0C8 4FCEDED6 7AA2EAA8 6BBBC54C 47D79FD6
19D69AB5 4FDD327A 5AC62E18 B33CFAB3 E952B771 B28D627C 8C2F2478 61CCF4CC
ADCB9AAA 2124AE62 D737BF9E 4E596A4D 6D152F99 144BD1F0 EF225F43 E363C815
quit
username root privilege 15 secret 5
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Staff
key <snip>
dns 192.168.1.200
domain shit.gr
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
encryption mode ciphers tkip
!
ssid lab
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 1111111111111111
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip address 10.10.10.1 255.255.255.0
no snmp trap link-status
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect sdm_ins_in_100 in
ip inspect SDM_LOW out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname EXMEXM
ppp chap password 7 EXMEXM
ppp pap sent-username
crypto map SDM_CMAP_1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.1.2 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip local pool SDM_POOL_1 10.1.1.1 10.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip flow-export source FastEthernet0
ip flow-export version 5
ip flow-export destination 192.168.1.200 9996
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool inside 192.168.1.1 192.168.1.255 netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.220 1433 interface Dialer0 1433
ip nat inside source static tcp 192.168.1.60 873 interface Dialer0 873
ip nat inside source static tcp 192.168.1.111 5900 interface Dialer0 5900
ip nat inside source static tcp 192.168.1.60 5912 interface Dialer0 5912
ip nat inside source static tcp 192.168.1.60 5901 interface Dialer0 5901
ip nat inside source static tcp 192.168.1.60 5500 interface Dialer0 5500
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.11 4699 interface Dialer0 4699
ip nat inside source static tcp 192.168.1.11 4689 interface Dialer0 4689
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp host 192.168.1.200 eq domain any
access-list 100 deny ip <snip>31.40 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host <snip>1.2 eq domain any
access-list 101 permit udp host <snip>0.2 eq domain any
access-list 101 permit udp host <snip>0.2 eq domain host <snip>31.43
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any host <snip>31.43 echo-reply
access-list 101 permit icmp any host <snip>31.43 time-exceeded
access-list 101 permit icmp any host <snip>31.43 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ahp any host <snip>28.106
access-list 102 permit esp any host <snip>28.106
access-list 102 permit udp any host <snip>28.106 eq isakmp
access-list 102 permit udp any host <snip>31.44 eq non500-isakmp
access-list 102 remark ping
access-list 102 permit icmp any any echo
access-list 102 deny tcp any host <snip>31.43 eq 873
access-list 102 permit tcp any host <snip>31.43 eq 1433
access-list 102 remark uvnc listen
access-list 102 permit tcp any host <snip>31.43 eq 5901
access-list 102 remark uvnc listen
access-list 102 permit tcp any host <snip>31.43 eq 5912
access-list 102 remark uvnc
access-list 102 permit tcp any host <snip>31.43 eq 5500
access-list 102 remark uvnc direct
access-list 102 permit tcp any host <snip>31.43 eq 5900
access-list 102 permit udp host <snip>1.4 eq domain any
access-list 102 permit udp host <snip>0.2 eq domain any
access-list 102 permit ip host 10.1.1.1 any
access-list 102 permit ip host 10.1.1.2 any
access-list 102 permit ip host 10.1.1.3 any
access-list 102 permit ip host 10.1.1.4 any
access-list 102 permit ip host 10.1.1.5 any
access-list 102 permit udp any host <snip>31.43 eq non500-isakmp
access-list 102 permit udp any any eq non500-isakmp
access-list 102 permit udp any host <snip>31.43 eq isakmp
access-list 102 permit udp any any eq isakmp
access-list 102 permit esp any host <snip>31.43
access-list 102 permit esp any any
access-list 102 permit ahp any host <snip>31.43
access-list 102 permit ahp any any
access-list 102 remark uTorrent Panos
access-list 102 permit tcp any host <snip>31.43 eq 52555
access-list 102 permit udp any host <snip>31.43 eq 4699
access-list 102 permit tcp any host <snip>31.43 eq 4689
access-list 102 permit udp host <snip>1.2 eq domain host <snip>31.43
access-list 102 permit udp host <snip>0.2 eq domain host <snip>31.43
access-list 102 remark GRE tunneling
access-list 102 permit gre any any log
access-list 102 deny ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any host <snip>31.43 echo-reply
access-list 102 permit icmp any host <snip>31.43 time-exceeded
access-list 102 permit icmp any host <snip>31.43 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip any host 10.1.1.1
access-list 103 deny ip any host 10.1.1.2
access-list 103 deny ip any host 10.1.1.3
access-list 103 deny ip any host 10.1.1.4
access-list 103 deny ip any host 10.1.1.5
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 remark VTY Access-class list
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 deny ip any any
dialer-list 1 protocol ip permit
snmp-server community router RO
snmp-server ifindex persist
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 103
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 104 in
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end