Authentication of connection Cisco AAA to shelf (MS IAS) Nexus 1000v
Hey
I have a link, I'll add to my radius for the logon server.
On a sw IOS, I need to do more
Number of attribute change to '1 '.
Set the Format of the attribute to "String".
Type "shell: priv-lvl = 15" in the value of the attribute field
But should I put in the "shell", so I'll work on a Nexus 1000v
Shell: roles = "network-admin".
(or replace any role to assign the user to network-admin)
Tags: Cisco Security
Similar Questions
-
Connection Cisco UCS 6120 FI directly to Cisco Catalyst 6500?
I watch a lot of design with the Cisco UCS solution guide and everywhere it is Cisco Nexus 5000/7000 connects to the uplink ports of Cisco UCS 6120 FI with the benefits of technology to the vPC.
How about connect Cisco UCS 6120 FI directly to 10GE ports in Cisco Catalyst 6500 (without VSS and VSS)? It is possible to design?
If I use C6500VSS there will be port-channel of the aggregation of the UCS Nx10GE all the bandwidth?
And what happens if I use C6500 (without VSS) - how it will be on the many links between UCS and two boxes C6500? It will be blocked by STP? A little on the other?
Please explain to me, because we have only C6500 switches in our data center and want to test a Cisco UCS schassis.
Yes, you can connect the 6120 s to cat6500s with or without vs. With VSS, you get a vPC as port channel where 2 links to a single 6120 can be connected to different 2 6500 s in a port LACP-channel.
VSS is not necessary, you can connect a 10 G uplinks / 1 G of 1 or more of a 6120 at cat6500s. I you have 2 cat6500s (non - vss) and 2 uplinks by 6120, then you want to connect 1 cat6500-1 and the other to cat6500-2. I would recommend going ahead and creating a single port-channel port so that you can easily add the uplinks in the furture without interruption of service.
Ideally, for non - vss, I would have 4 10 uplinks by 6120; 2 in a channel port cat6500-1 and 2 in a port in cat6500-2 channel
-
How to connect Cisco SG-300-10 L3 switch selector mode in Mode of L2 SG-300-20
Ladies and gentlemen, please forgive me if you find my question too basic. But, I would really appreciate your help. I have two Cisco switches (SG-300-10 and SG-300-20) and I am struggling to connect with each other.
Requirements: Switch Cisco SG-300-10 which is in needs of L3 mode to send the traffic of VLAN tagged to the switch Cisco SG-300-20, which is the mode of L2
What I've done so now
1 Cisco SG-300-10 (Mode L3) to the router directly connected and configured IP addresses, 192.168.0.21. The GVRP is configured for Port 5. Created the VLAN 1000 with interface IP (192.168.100.1) and configured the Port 5 trunk mode (1U, 1000 t)
2 connected Cisco SG-300-20 (L2 Mode) to the router and set up the IP address management, 192.168.0.22. The GVRP is configured for Port 5. 1000 of VLANS created and configured the Port 5 trunk mode (1U, 1000 t)
What does not work
I can't access the address of management of the L2 (192.168.0.22) switch. Note that the L2 switch only on the uplink, which is to the L3 switch. Since the Port 5 also receives no marked traffic of VLAN1 (192.168.1.1), I'm assuming that he would receive the network management of VLAN1.
Other Observations
When I connect the cable between the two switches Port5, I expect to exchange information of VLAN, by documentation. But the lights flash at all.
I tried other things
I tried to connect Port 2 (1U) L3 Switch switch 2 L3 Port (1U). Yet, I can't access to the management of the L2 switch port. However, when I connect 2-Port L3 switch to my laptop, I get an IP address. That tells me that I have to solve the problem of management network pair before the switches.
Hi Späti,
I think the confusion is the use of the address IP address to you and how you manage your computer.
VLAN 1 = 192.168.1.1
VLAN 1000 = 192.168.0.21
How I read that you connect layer 2 VLAN 1 on 192.168.0.21 switch to layer 3 of the same VLAN 1 interface to 192.168.1.1. It's confusing.
So first thing to do is this - change layer 2 switch network 192.168.1.x IP and confirm management works on VLAN 1.
If you want to layer 2 switch works on VLAN 1000, then you need to change the default VLAN 1000, then you can configure your uplink either as the way which you have 1u, 1000 t, or you can use 1000u.
Your management VLAN on the layer 2 switch is VLAN 1 still unless you changed it (which did you not?)
A next important thing for the layer 2 switch is going to be the default gateway. The switch of level 3, you need to specify the address IP of the VLAN 1000, which I think you did to 192.168.0.21/24. This 192.168.0.21 must be the default gateway for the layer 2 switch.
Finally, the computer you connect to layer 3 switch, what that either VLAN that you choose to connect to (1 unidentified), you need to set the IP and default gateway appropriate. So if you're going to VLAN 1 then your computer is 192.168.1.x with gateway 192.168.1.1
And for the comment extra, GVRP is a horrible Protocol and very pitiful, I don't recommend to use.
-
No authentication of connection - no connection not necessary
Hello
Acutally I won't have this login page and validation as I run the application.
I tried to create no authentication of connection and make it current but his does not work.
Any ideas?
Thanks in advance.
Kind regards
AurélienOK, in my personal workspace on apex.oracle.com, in the sample application.
1. create the authentication scheme:
1.1 click on create
1.2 leave the default - "based on a pre-parameter schema of the gallery.
1.3. do not select "No authentication (with the help of DAD)"
1.4 give a name. I call usually mine "No. Auth".
1.5 click on the button 'create plan '.2. before as I have change to the new regime, make sure application runs as expected. Click run. Because it's the example application, the authentication scheme is username: demo, password: the name of the workspace.
OK, that connects as expected. I click sign out.
3. change the current authentication to the newly created scheme.
3.1 go back into the shared components-> authentication schemes.
3.2. the way I usually do it is via the tab "current change.
3.3. in the downgrade of decline for the field ' available authentication schemes: ", select the newly created scheme." In my case "No. Auth".
3.4 confirmation page is displayed. Review and click "Make Current"(The alternative to this method, on the list of authentication schemes (report), there is a link click "Make Current" for the authentication scheme desired.) Click on that and then step 3.4 is displayed)
4. check that it works.
If you click on run after changing the current regime, it does not (well, at least he didn't the first time I tried)-it just outputs ' Location:
' on a blank white page, so come back to the application interface and click on run from there. At this point, everything works as expected for me. -
Update Virtual Center 5.0 to 5.1 (using Cisco Nexus 1000V)
Need advice on upgrading production please.
current environment
Race of Virtual Center 5.0 as a virtual machine to connect to oracle VM DB
3 groups
1: 8 blades of ESXI 5.0 IBM cluster, CLuster 2: 5 IBM 3850 x 5
2 cisco Nexus 1000v of which cluster only 1 use.
I know that the procedure of upgrading to 5.1
1. create DB SSO, SSO of installation
2 upgrading VC to 5.1
3. install WEB CLient set up AD authentication
IT IS:
I have problems with the Nexus 1000? I hope the upgrade will treat them as he would a distributed switch and I should have no problem.
He wj, treat the Nexus as a dVS.
-
Hello
Thanks for reading.
I have a virtual (VM1) connected to a Nexus 1000V distributed switch. The willing 1000V of a connection to our DMZ (physically, an interface on our Cisco ASA 5520) which has 3 other virtual machines that are used successfully to the top in the demilitarized zone. The problem is that a SHOW on the SAA ARP shows the other VM addresses MAC but not VM1.
The properties for all the VMS (including VM1) participating in the demilitarized zone are the same:
- Tag network
- VLAN ID
- Port group
- State - link up
- DirectPath i/o - inactive "path Direct I/O has been explicitly disabled for this port.
The only important difference between VM1 and the others is that they are multihomed agents and have one foot in our private network. I think that the absence of a private IP VM1 is not the source of the problem. All virtual machines recognized as directly connected to the ASA (except VM1).
Have you ever seen this kind of thing before?
Thanks again for reading!
Bob
The systems team:
- Rebuilt the virtual machine
- Moved to another cluster
- Configured for DMZ interface
Something that they got the visible VM to the FW.
-
Cisco Nexus 1000V Virtual Switch Module investment series in the Cisco Unified Computing System
Hi all
I read an article by Cisco entitled "Best practices in Deploying Cisco Nexus 1000V Switches Cisco UCS B and C Series series Cisco UCS Manager servers" http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/white_paper_c11-558242.htmlA lot of excellent information, but the section that intrigues me, has to do with the implementation of module of the VSM in the UCS. The article lists 4 options in order of preference, but does not provide details or the reasons underlying the recommendations. The options are the following:
============================================================================================================================================================
Option 1: VSM external to the Cisco Unified Computing System on the Cisco Nexus 1010In this scenario, the virtual environment management operations is accomplished in a method identical to existing environments not virtualized. With multiple instances on the Nexus 1010 VSM, multiple vCenter data centers can be supported.
============================================================================================================================================================Option 2: VSM outside the Cisco Unified Computing System on the Cisco Nexus 1000V series MEC
This model allows to centralize the management of virtual infrastructure, and proved to be very stable...
============================================================================================================================================================Option 3: VSM Outside the Cisco Unified Computing System on the VMware vSwitch
This model allows to isolate managed devices, and it migrates to the model of the device of the unit of Services virtual Cisco Nexus 1010. A possible concern here is the management and the operational model of the network between the MSM and VEM devices links.
============================================================================================================================================================Option 4: VSM Inside the Cisco Unified Computing System on the VMware vSwitch
This model was also stable in test deployments. A possible concern here is the management and the operational model of the network links between the MSM and VEM devices and switching infrastructure have doubles in your Cisco Unified Computing System.
============================================================================================================================================================As a beginner for both 100V Nexus and UCS, I hope someone can help me understand the configuration of these options and equally important to provide a more detailed explanation of each of the options and the resoning behind preferences (pro advantages and disadvantages).
Thank you
PradeepNo, they are different products. vASA will be a virtual version of our ASA device.
ASA is a complete recommended firewall.
-
Why is - that someone would need Cisco Nexus 1000v when DvSwitch is so Kool
Why is - that someone would need Cisco Nexus 1000v when DvSwitch is so Kool
Or is it something that DvSwitch cannot always do that Cisco Nexus 1KV possible?
Use of 1kV Nexus are clear enough, if you want to segregation, the advanced settings of COS, use Cisco VSG, etc. etc., you must use Nexus 1kV. But if you do not use one of these, why would you pay more money to use a Nexus 1kV, while you can use dvSwitch, giving you more or less the same basic features. After all, the 1kV has been developed using the dvSwitch framework.
-
Hi, I have 2 questions about the Switch Cisco Nexus 1000v.
First of all, why use it rather than the standard vswitch distributed?
Second, if an environment currently works using distributed vswitches, what are the impacts and the problems likely to introduce a Switch Cisco Nexus 1000v? Is there a process for the upgrade?
See you soon
Here is a comparison for the most up-to-date between the optioins network:
http://www.Cisco.com/en/us/prod/collateral/switches/ps9441/ps9902/solution_overview_c22-526262.PDF
The great driver with most of the people running the 1000v I talked to is give visibility to the network team and streamlining changes made to the virtual network environment. In a great organazation with a network operations team, they will create an IVR to route a new VLAN, and then create the new VLAN on all switches distribution and access in the area of layer 2, just 1000v allows them to move forward and it create on the hypervisor using a set of commands that they already know.
-
help required for cisco nexus 1000v
Hello
I have three esxi host in my environment and I want to integrate these hosts with cisco nexus 1000v switch.
I installed vsm on host1 and adding the remaining host via vsm Update Manager. exchanges I have already create in SMV shown in the welcome that I've added to the vsm, but the port group is not shown on the host1 esx on which I have installed vsm, should I also add the host that contains MSM in the cisco nexus switch?
I want to say that I have installed the MEC on any army three esxi. is it good?
Hi Mohsin,
Where did you read that? In the past, we have added the guests, including one who executes the VSM. Usually run us both VSMs (primamry and secondary) and add anti rules affinity so that the two VSMs are on different hosts. I'm not a person CISCO, but having worked with CISCO engineers, we had no problem with what you have just mentioned. It would really be a waste of host in my opinion. I don't see why this could be a problem... As long as you have all your trade (PGs for your packages VSM etc etc) in place, you should be able to add all hosts in my experience.
Follow me @ Cloud - Buddy.com
-
Doubt sober licenciamento Cisco Nexus 1000V
Algume pode me dar uma luz como works o licenciamento sequence Cisco Nexus 1000V?
I have a cluster of 8 hosts com 4 processors hexacore, esx 3.5.
Good afternoon Romeu.
O recurso CISCO NEXUS e licenciado a parte e voce so you can use-lo com a versão o more VMware vSphere Enterprise edition. O Preço image para licenciamento CISCO NEXUS $ 695.00 por processador e.
Para maiores information, you can access site o produto:
http://www.VMware.com/products/Cisco-Nexus-1000V/
Veja has comparison between NEXUS o e recursos other Soluções como vSwitch ESX 3.5:
http://www.VMware.com/products/vNetwork-distributed-switch/features.html
Espero ter colaborado.
Att.
Brahell
-
Restoration of Cisco Nexus 1000V - Host-ID fingerprint
Someone find some information about how to restore a Cisco Nexus 1000V?
The license is the result of a fingerprint of the identifier of the VSM. In case we lose the VM with VSM or host ESX Server must be reinstalled, this print is different. So that would mean the licensekey need, it's be regenerated.
Has anyone found information on it?
Tom
Q: can you a VSM manage it's own VEM?
R: Yes
...
Can Q: you a VSM vMotion?
A: we do not recommend it.
-
Cannot connect Cisco 2621 to AWS EC2 Openswan vpn site to site
Hello, I'm setting up Site to Site vpn between my Cisco 2621 router and Amazon EC2 instance running openswan.
I get on the following message on the openswan server: 'NO_PROPOSAL_CHOSEN '.
My router config Cisco 2621 and Openswan config are displayed below, I know im missing something small, but can't
understand what is :-) any help would be appreciated.Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: STATE_MAIN_I3: sent MI3, expect MR3
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. port/protocol Phase 1 ID payload is 17/0. agreed with port_floating NAT - T
' Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: hand mode peer ID is ID_IPV4_ADDR: ' 192.168.1.253.
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: transition of State STATE_MAIN_I3 of State STATE_MAIN_I4
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "House paulaga" #1: STATE_MAIN_I4: ISAKMP Security Association established {auth = PRESHARED_KEY oakley_3des_cbc_192 integ = md5 = MODP1536 group = cipher}
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga home" #2: quick launch Mode PSK + ENCRYPT + TUNNEL + PFS + UP + IKEV1_ALLOW + IKEV2_ALLOW + SAREF_TRACK + IKE_FRAG_ALLOW {using isakmp #1 proposal of msgid:17d23abf = default pfsgroup = OAKLEY_GROUP_MODP1536}
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: regardless of the payload information NO_PROPOSAL_CHOSEN, msgid = 00000000, length = 160
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. ISAKMP Notification payload
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. 00 00 00 a0 0e 00 00 00 01 03 04 00
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: received and ignored the information messageThe schema looks like this:
192.168.0.0/24:FA0/1[router]FA0/0 192.168.1.253 - 192.168.1.254 [Modem] 64.231.25.93 (pub ip attributed to my modem)Cisco 2621 router configuration:
Current configuration: 2649 bytes
!
version 12.3
no cache Analyzer
no service timestamps debug uptime
no service the timestamps don't log uptime
encryption password service
!
cisco2600 hostname
!
boot-start-marker
start the system flash c2600-ik9o3s3 - mz.123 - 26.bin
boot-end-marker
!
logging buffered debugging 10000
no logging monitor
!
No aaa new-model
IP subnet zero
IP cef
!
!
name-server IP 192.168.0.10
!
Max-events of po verification IP 100
!username admin privilege 15 password 7 01100F175804
!crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 5
ISAKMP crypto key mysecretkey address 52.39.49.77
!
life crypto ipsec security association seconds 28800
!
Crypto ipsec transform-set AMAZON-TRANSFORM-SET esp-3des esp-md5-hmac!
11 INTERNET-CRYPTO ipsec-isakmp crypto map
! Incomplete
description Amazon EC2 instance
defined by peer 52.39.49.77
transformation-AMAZON-TRANSFORM-SET game
match address 111
!
!
!
!
interface FastEthernet0/0
Connection to the Bell Modem description
IP 192.168.1.253 255.255.255.0
NAT outside IP
automatic duplex
automatic speed
crypto CRYPTO-INTERNET card
!
interface Serial0/0
no ip address
!
interface FastEthernet0/1
Description of the connection to the local network
IP 192.168.0.254 255.255.255.0
192.168.0.10 IP helper-address
IP nat inside
automatic duplex
automatic speed
No cdp enable
!
interface FastEthernet0/1.2
Service Description Vlan
encapsulation dot1Q 2
IP 10.0.0.254 255.0.0.0
192.168.0.10 IP helper-address
IP nat inside
!
IP nat inside source list ACL - NAT interface FastEthernet0/0 overload
IP nat inside source static tcp 192.168.0.47 3389 interface FastEthernet0/0 3389
IP http server
local IP http authentication
no ip http secure server
no ip classless
IP route 0.0.0.0 0.0.0.0 192.168.1.254
!
!!
!
!
extended ACL - NAT IP access list
allow an ip
allow a full tcp
allow a udp
recording of debug trap
ease check syslog
record 192.168.0.47
access-list 111 allow ip 192.168.0.0 0.0.0.255 172.31.1.0 0.0.0.255
!
!
!
Dial-peer cor custom
!
!
!
Line con 0
password 7 05080F1C2243
opening of session
line to 0
line vty 0 4
privilege level 15
local connection
transport telnet entry
telnet output transport
line vty 5 15
privilege level 15
local connection
transport telnet entry
telnet output transport
!
!
endOpenswan Configuration:
file paulaga.secrets:
64.231.25.93 192.168.1.253 52.39.49.77: PSK "mysecretkey.
file paulaga.conf:
Conn paulaga-home
left = % defaultroute
subnet # EC2 My leftsubnet=172.31.0.0/16
leftid = 52.39.49.77 # EC2 my public ip
right = 64.231.25.93 # My Home Modem public ip
rightid = router 192.168.1.253 # My Home Cisco 2621 outside interface ip
rightsubnet=192.168.0.0/24 # My Home LAN Cisco 2621
authby secret =
PFS = yes
start = autoHello
Since we are getting the following error NO_PROPOSAL_CHOSEN could you please add the following on the router policies then check :
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 5crypto ISAKMP policy 20
BA 3des
md5 hash
preshared authentication
Group 2crypto ISAKMP policy 30
BA 3des
sha hash
preshared authentication
Group 2crypto ISAKMP policy 40
BA aes
md5 hash
preshared authentication
Group 2Please test with the latter and keep us informed of the results.
Kind regards
Aditya
Please evaluate the useful messages and mark the correct answers.
-
IOS VPN will not respond to connections Cisco VPN Client.
Hi all
I'll put my routers fire here.
I have two 2921 SRI both with licenses of security concerning leased lines separated. I configured one to accept our workers to remote Client VPN Cisco VPN connections.
I have followed the set up process I used on another site with a router 1841/s and the same customers and I have also checked against the config given in the last guide of IOS15 EasyVPN.
With debugs all assets, all I see is
038062: 14:03:04.519 Dec 8: ISAKMP (0): received x.y.z.z dport-60225 Global (N) SA NEW 500 sport package
038063: 14:03:04.519 Dec 8: ISAKMP: created a struct peer x.y.z.z, peer port 60225
038064: 14:03:04.519 Dec 8: ISAKMP: new position created post = 0x3972090C peer_handle = 0x8001D881
038065: 14:03:04.523 Dec 8: ISAKMP: lock struct 0x3972090C, refcount 1 to peer crypto_isakmp_process_block
038066: 14:03:04.523 Dec 8: ISAKMP: (0): client setting Configuration parameters 3E156D70
038067: 14:03:10.027 Dec 8: ISAKMP (0): packet received x.y.z.z dport 500 sport 60225 Global (R) MM_NO_STATEHere is the abbreviated config.
System image file is "flash0:c2900 - universalk9-mz.» Spa. 154 - 1.T1.bin.
AAA new-model
!
!
AAA authentication login default local
local VPNAUTH AAA authentication login
AAA authorization exec default local
local authorization AAA VPN network
!
!
!
!
!
AAA - the id of the joint sessioncrypto ISAKMP policy 10
BA aes
preshared authentication
Group 14ISAKMP crypto group configuration of VPN client
key ****-****-****-****
DNS 192.168.177.207 192.168.177.3
xxx.local field
pool VPNADDRESSES
ACL REVERSEROUTECrypto ipsec transform-set aes - esp esp-sha-hmac HASH
tunnel modeProfile of crypto ipsec IPSECPROFILE
the HASH transform-set valuedynamic-map crypto VPN 1
the HASH transform-set value
market arriere-route
!
!
list of authentication of card crypto client VPN VPNAUTH
card crypto VPN VPN isakmp authorization list
crypto map VPN client configuration address respond
card crypto 65535-isakmp dynamic VPN ipsec VPN
!
!
local IP VPNADDRESSES 172.16.198.16 pool 172.16.198.31REVERSEROUTE extended IP access list
IP 192.168.0.0 allow 0.0.255.255 everything
Licensing ip 10.0.0.0 0.0.0.255 anyscope of IP-FIREWALL access list
2 allow any host a.b.c.d eq non500-isakmp udp
3 allow any host a.b.c.d eq isakmp udp
4 ahp permits any host a.b.c.d
5 esp of the permit any host a.b.c.dIf anyone can see anything wrong, I would be very happy and it would save the destruction of a seemingly innocent router.
Thank you
Paul
> I would be so happy and it would save the destruction of a seemingly innocent router.
No, which won't work! But instead of destroying the router, I can do it for you. Just send it to me... ;-)
OK, now more serious...
- The default Cisco IPSec client uses only DH group 2, while you set up the 14. Try to use Group 2 in your isakmp policy.
- You have your virtual model in place? She is not in the config.
-
PPTP connected cisco VPN but Internet not working
What wrong with my setup but my device not "connected to the internet, I use ubuntu 12.04 LTS
Cisco 1841version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash c1841-ipbasek9-mz.124-24.T.bin
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$eb9Q$7kMUF5Am0kVn/QXwssfrD/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
!
!
aaa session-id common
dot11 syslog
no ip source-route
!
!
!
!
ip cef
ip name-server 202.134.1.10
ip name-server 202.134.0.155
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group PPTP
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
username ala***n password 7 051B131C2A4343
username fa***ul privilege 15 password 7 03520B59565F701C16594B51
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 222.124.152.181 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description ====LOCAL=====
ip address 192.168.100.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface Virtual-Template1
description ##PPTP TUNNEL##
ip unnumbered FastEthernet0/0
no ip redirects
no ip unreachables
no ip proxy-arp
peer default ip address pool PPTP_POOL
no keepalive
ppp authentication pap chap ms-chap
ppp timeout idle 360
!
ip local pool PPTP_POOL 192.168.101.110 192.168.101.125
ip default-gateway 222.124.152.161
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 222.124.152.161
!
no ip http server
no ip http secure-server
!
ip nat pool fahrul 222.124.152.181 222.124.152.181 prefix-length 29
ip nat inside source list 77 pool fahrul overload
!
access-list 23 permit 10.10.20.0 0.0.0.255
access-list 77 permit 192.168.2.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.100.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 203.197.12.30 eq domain host 121.243.96.154
access-list 101 permit ip 10.10.20.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 deny ip 192.168.100.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
Inside the network is also not in the definition of NAT. Add the following:
access-list 77 allow 192.168.100.0 0.0.0.255
Sent by Cisco Support technique iPad App
Maybe you are looking for
-
Installation of Windows XP on Win 7
Is Hey, possible to get rid of Windows 7 pre-installed on new Toshiba and install Windows XP instead? Windows (confound it!) not allowed to downgrade to previous versions, but - I just clean my computer of this parasite, install from scratch XP, or t
-
Try World of Warcraft to play on my laptop Windows 7 64 bit.
I recently updated my laptop to Windows 7 64 bit window Vista and now my world of warcraft will not play due to this error.But I get a "" unable to find a suitable display device. "" Now leaving the program. »I went on HP website and downloaded the d
-
My computer will not go into sleep mode affter thedesignated time. I need to go to the start menu and maually click on it. I have tried to re-setting the time and which has not helped. It began started about 1 week ago. I have updated virus definitio
-
restoring qic. extention files
Hello... I do my back before improve my system from vista to 7... then I get a problem with my backup, QIC file name extension is not possible to open... and I need to open as is extremely important information for me... can anyone help with this pro
-
Hi allEBS R12.2.411 GR 2Rhel6.5Our applications after you run all day, sometimes get error and users that are not able to connect the page to the form with the following message:I usually have to stop/start applications to solved the problem, but the