PDA

Επιστροφή στο Forum : Cisco 857 και προβλημα με firewall



pexlibanis
21-03-10, 16:23
Καλησπερα. ΈΧω το 857 και δεν μπορω να σετάρω το firewall. Δοκιμάζω απο το SDM και οταν πάει να περάσει τις εντολές μου βγάζει error στην εξης εντολη: class-map type inspect match-any sdm-cls-insp-traffic.
Καμια ιδέα?
Σημειωση: είμαι σχετικά αρχάριος στα cisco!

Παραθέτω και το configuration μου:



Building configuration...

Current configuration : 7347 bytes
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging console
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-47723879
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-47723879
revocation-check none
rsakeypair TP-self-signed-47723879
!
!
crypto pki certificate chain TP-self-signed-47723879
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34373732 33383739 301E170D 30323033 30313031 32323533
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D343737 32333837
3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100ABE7
0F240EFC 7B3947CB 5E075273 644A7753 951E8277 B4D0782C 73F5624E 4E3FF25F
337CC827 DC5B9890 45FABBF3 A25332F9 59DA99CF F98DDCDC 2B6B020F 3F905D9E
49794F27 87D127A7 44E4E9F8 F41CEA82 4316F962 75877595 4D094D74 4E234239
2B433F73 A11734BC 9E8EF1D6 15D942CB 4388937F 8DE170B1 0BA4BE42 AE650203
010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 551D1104
0A300882 06526F75 74657230 1F060355 1D230418 30168014 19523227 457E4B32
36B1A230 0F2A3CDC D089A1A2 301D0603 551D0E04 16041419 52322745 7E4B3236
B1A2300F 2A3CDCD0 89A1A230 0D06092A 864886F7 0D010104 05000381 8100A7C6
2CDC888B 71FEEABB C424D698 F7E8989E 3D998080 AC083AF4 C8D7E767 83C22176
156C2E37 FC18F3FF 001BEDF3 9006A4D4 2435B2A0 260BF8C2 150129EB D056BA94
C89D33BF EE963BD5 C895D9EF 8E78345E B773B102 0C3EFB53 46DAF01E F9A8AE9E
6911EE41 6ED76B61 75BAA140 B964E762 5D1184A6 500DDED1 DCCB1A77 8864
quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.100 10.10.10.254
ip dhcp excluded-address 10.10.10.2
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name INBOUND tcp
ip inspect name INBOUND udp
ip inspect name INBOUND icmp
ip name-server 194.219.227.2
!
!
!
username basilis privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap xxxxxxxxxxxxxxxxx
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
!
interface Dialer2
ip address negotiated
ip access-group INBOUND in
ip access-group OUTBOUND out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer2
!
ip http server
ip http authentication local
ip http secure-server
ip http client username basilis
ip http client password 7 0509071C2840471A
ip nat inside source list 2 interface Dialer2 overload
ip nat inside source list NAT interface Dialer2 overload
!
ip access-list extended INBOUND
permit ip 0.0.0.0 0.0.0.255 any
evaluate TO_REFLECT
ip access-list extended NAT
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended OUTBOUND
permit ip any any reflect TO_REFLECT
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
access-list 102 remark SDM_ACL Category=16
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=128
access-list 103 permit ip host 255.255.255.255 any
access-list 103 permit ip 127.0.0.0 0.255.255.255 any
access-list 111 permit udp any any eq 2310
access-list 111 permit tcp any any eq 2310
access-list 111 permit udp any any eq 2300
access-list 111 permit tcp any any eq 2300
access-list 111 permit udp any any eq 21422
access-list 111 permit tcp any any eq 21422
access-list 111 permit tcp any any eq 6881
access-list 111 permit tcp any any eq 6699
access-list 111 permit tcp any any eq 4711
access-list 111 permit udp any any eq 4665
access-list 111 permit tcp any any eq 4661
access-list 111 permit udp any any eq 22021
access-list 111 permit tcp any any eq 22020
access-list 111 permit tcp any any eq 25566
access-list 111 permit udp any any eq 25566
access-list 111 permit tcp any any eq 2301
access-list 111 permit udp any any eq 2301
access-list 111 permit tcp any any eq 2302
access-list 111 permit udp any any eq 2302
access-list 111 permit tcp any any eq 186
access-list 111 permit udp any any eq 1863
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
access-list 111 permit udp any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
password 7 1511021F0725
login
no modem enable
stopbits 1
line aux 0
line vty 0 4
exec-timeout 120 0
password 7 060506324F41
login
!
scheduler max-task-time 5000
end

@ ADSLgr.com All rights reserved.