pkcf
18-03-11, 14:48
Φίλες και φίλοι γειά σας,
Εχω ενα cisco 877 και εχω καταφερει να δρομολογησω σε ενα pc τις πορτες 55752 και 55753, δεν μπορει με τιποτα να ανοιξει για το ιδιο pc η πορτα 8000 καθως και γενικα πορτες για αλλο pc εκτος απο τις δυο πρωτες. Στην otenet εχει απενεργοποιηθει η επιλογη για αυξημενη ασφαλεια. Καμια ιδεα?
Το configuration
Current configuration : 6700 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ***_Vpn
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3887205861
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3887205861
revocation-check none
rsakeypair TP-self-signed-3887205861
!
!
crypto pki certificate chain TP-self-signed-3887205861
certificate self-signed 01
30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383837 32303538 3631301E 170D3032 30333031 30323535
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383732
30353836 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
810094CF 7BBCFBB8 E502FA14 DD3FC7F9 804E3CA8 41B1B496 81D958A4 79F83C3F
C3B635B0 6771D975 888E691E E9F032F3 C686C822 007F9624 B74688ED 0E0560DB
89C49F31 844E0519 9C5D6130 54209194 B7BC283F EF5AC300 537381A3 6D06C681
EA796C58 FA4098DF 798152A9 B4D5462A A2D0305B 7E8FF6E9 E1ACE924 5931F427
8FF50203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
551D1104 22302082 1E4B6F6E 73746164 696E6F75 5F56706E 2E796F75 72646F6D
61696E2E 636F6D30 1F060355 1D230418 30168014 A49068DD 864CB9FF 67DA0627
D60D76C8 E599365D 301D0603 551D0E04 160414A4 9068DD86 4CB9FF67 DA0627D6
0D76C8E5 99365D30 0D06092A 864886F7 0D010104 05000381 81006A70 96F831CD
B2794971 719C317C 0D4BFA0A E810ADE9 EC086743 A44AD5C2 FD90AC7E A12D61F8
6015A0EE B5B4C932 F155DAD2 DD436BC7 0AB927DE F121130E 39B3A4E3 E3361372
1BFEA6C4 67F77693 EE4988B9 A6651843 02E65F2B B346D8C0 4B571A0E D1346EAB
687816AB EFCBC1C8 E5769AD2 63F9F19E 077E57DF 1EB45137 B617
quit
dot11 syslog
ip cef
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
!
!
crypto isakmp client configuration group Vpn_Users
key **************
dns 192.168.1.11
wins 192.168.1.11
pool SDM_POOL_2
acl 105
save-password
max-users 5
max-logins 10
crypto isakmp profile ciscocp-ike-profile-1
match identity group Vpn_Users
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA3
set isakmp-profile ciscocp-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to***********
set peer **************
set transform-set ESP-3DES-SHA
match address 100
!
crypto map SDM_CMAP_2 1 ipsec-isakmp
description Tunnel to************
set peer ************
set transform-set ESP-3DES-SHA1
match address 102
!
crypto map SDM_CMAP_3 1 ipsec-isakmp
description Tunnel to************
set peer ***************
set transform-set ESP-3DES-SHA
match address 103
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template2 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname *****************
ppp chap password 0 ***************
ppp pap sent-username ************** password 0 ************
crypto map SDM_CMAP_3
!
ip local pool SDM_POOL_1 192.168.10.200 192.168.10.250
ip local pool SDM_POOL_2 192.168.11.200 192.168.11.220
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.190 55752 interface Dialer0 55752
ip nat inside source static tcp 192.168.1.190 55753 interface Dialer0 55753
ip nat inside source static tcp 192.168.1.190 8000 interface Dialer0 8000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=16
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
end
Εχω ενα cisco 877 και εχω καταφερει να δρομολογησω σε ενα pc τις πορτες 55752 και 55753, δεν μπορει με τιποτα να ανοιξει για το ιδιο pc η πορτα 8000 καθως και γενικα πορτες για αλλο pc εκτος απο τις δυο πρωτες. Στην otenet εχει απενεργοποιηθει η επιλογη για αυξημενη ασφαλεια. Καμια ιδεα?
Το configuration
Current configuration : 6700 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ***_Vpn
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3887205861
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3887205861
revocation-check none
rsakeypair TP-self-signed-3887205861
!
!
crypto pki certificate chain TP-self-signed-3887205861
certificate self-signed 01
30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383837 32303538 3631301E 170D3032 30333031 30323535
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383732
30353836 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
810094CF 7BBCFBB8 E502FA14 DD3FC7F9 804E3CA8 41B1B496 81D958A4 79F83C3F
C3B635B0 6771D975 888E691E E9F032F3 C686C822 007F9624 B74688ED 0E0560DB
89C49F31 844E0519 9C5D6130 54209194 B7BC283F EF5AC300 537381A3 6D06C681
EA796C58 FA4098DF 798152A9 B4D5462A A2D0305B 7E8FF6E9 E1ACE924 5931F427
8FF50203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
551D1104 22302082 1E4B6F6E 73746164 696E6F75 5F56706E 2E796F75 72646F6D
61696E2E 636F6D30 1F060355 1D230418 30168014 A49068DD 864CB9FF 67DA0627
D60D76C8 E599365D 301D0603 551D0E04 160414A4 9068DD86 4CB9FF67 DA0627D6
0D76C8E5 99365D30 0D06092A 864886F7 0D010104 05000381 81006A70 96F831CD
B2794971 719C317C 0D4BFA0A E810ADE9 EC086743 A44AD5C2 FD90AC7E A12D61F8
6015A0EE B5B4C932 F155DAD2 DD436BC7 0AB927DE F121130E 39B3A4E3 E3361372
1BFEA6C4 67F77693 EE4988B9 A6651843 02E65F2B B346D8C0 4B571A0E D1346EAB
687816AB EFCBC1C8 E5769AD2 63F9F19E 077E57DF 1EB45137 B617
quit
dot11 syslog
ip cef
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
!
!
crypto isakmp client configuration group Vpn_Users
key **************
dns 192.168.1.11
wins 192.168.1.11
pool SDM_POOL_2
acl 105
save-password
max-users 5
max-logins 10
crypto isakmp profile ciscocp-ike-profile-1
match identity group Vpn_Users
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA3
set isakmp-profile ciscocp-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to***********
set peer **************
set transform-set ESP-3DES-SHA
match address 100
!
crypto map SDM_CMAP_2 1 ipsec-isakmp
description Tunnel to************
set peer ************
set transform-set ESP-3DES-SHA1
match address 102
!
crypto map SDM_CMAP_3 1 ipsec-isakmp
description Tunnel to************
set peer ***************
set transform-set ESP-3DES-SHA
match address 103
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template2 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname *****************
ppp chap password 0 ***************
ppp pap sent-username ************** password 0 ************
crypto map SDM_CMAP_3
!
ip local pool SDM_POOL_1 192.168.10.200 192.168.10.250
ip local pool SDM_POOL_2 192.168.11.200 192.168.11.220
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.190 55752 interface Dialer0 55752
ip nat inside source static tcp 192.168.1.190 55753 interface Dialer0 55753
ip nat inside source static tcp 192.168.1.190 8000 interface Dialer0 8000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=16
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
end