router Cisco 871 no internet no access
I am studying and practicing fo my ccnent and I am very new to cisco routers and so far have done well until I tried to access the internet. I have a router 871 which has a switch catalyst 2950 branch above. connected to the switch, is this computer, a router cascading and an external network drive. connected to router cascading is an xbox, ps3 and another computer. on both computers I ping the router and the switch but I can't reach beyond the router to lynksis router that I used to connect to my network. also pingin one computer on the other give me "destination host unreachable".
This is my config running. Thanks to SD for any advice
Building configuration...
Current configuration: 3045 bytes
!
! Last modification of the configuration at 11:25:35 UTC Wednesday, January 1, 2014
! NVRAM config updated 11:25:45 UTC Wednesday, January 1, 2014
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname VanRouter
!
boot-start-marker
boot-end-marker
!
forest-meter operation of syslog messages
enable secret 5 $1$ $0tzK iA3tCXqYHVOHPrM1N2yig0
!
No aaa new-model
!
Crypto pki trustpoint TP-self-signed-3288281326
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 3288281326
revocation checking no
rsakeypair TP-self-signed-3288281326
!
!
TP-self-signed-3288281326 crypto pki certificate chain
self-signed certificate 02
30820241 308201AA A0030201 02020102 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 33323838 32383133 6174652D 3236301E 170 3134 30313031 31313232
33365A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 33 32383832 65642D
38313332 3630819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
8100CD3C D7B45599 C442BB9F 7C407C6F 4443DE93 C266494F 5DEE207B 66C9E95A
A6D99B5F 2880A97E DBB0FB69 745870BA BF29BEE6 23242 HAS 17 A271AAAE 48349CCA
91 66093 86663331 BA816DB4 6029C7FF 6229F2F3 FE81F9AE 5E4EACBB 1541878C
A0C89C66 DEAE6AE5 BF372DB7 C8F3E6D5 ED28DC8E C06B60BD 06EC0985 DDF58C07
010001A 3 69306730 1 130101 FF040530 030101FF 30140603 0F060355 AC8D0203
551D 1104 0956616E 0D300B82 526F7574 6572301F 23041830 16801483 0603551D
05465 D 05 D3C5E672 1 060355 1D0E0416 0414836B 91CEBC30 D7B0841A 6BC919AF
C919AF05 465D05D3 C5E672D7 B0841A91 CEBC300D 4886F70D 01010405 A 06092, 86
002F41E8 BA660122 148D3F06 8CADBD62 7E26F5A6 506A60EC 00038181 36B 37541
58F5C139 B8DE5B32 CC1B258B 57988841 3123227F B69D432D 52CC836F 5E51DE5C
C4B01B53 16F4CC5A BEC27BC0 83AD91B5 1F56181C E3901360 32 54 C 95549 HAS 14551
18F92BB0 2000BFB9 E29536AF 223F032A 683B8E66 9E554E02 D1E7F631 704A66F6
222590DC B5
quit smoking
dot11 syslog
IP source-route
!
!
DHCP excluded-address IP 192.168.100.1 192.168.100.10
!
van pool dhcp IP
network 192.168.100.0 255.255.255.0
default router 192.168.100.1
Server DNS 8.8.8.8 8.8.4.4
!
!
IP cef
no ip domain search
8.8.8.8 IP name-server
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
username 0 privilege 15 password van van
!
!
!
Archives
The config log
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
DHCP IP address
automatic duplex
automatic speed
!
interface Vlan1
IP 192.168.100.1 address 255.255.255.0
!
IP forward-Protocol ND
IP http server
local IP http authentication
IP http secure server
!
!
!
!
!
!
!
!
control plan
!
!
Line con 0
Van password
Synchronous recording
no activation of the modem
line to 0
line vty 0 4
privilege level 15
vantel password
Synchronous recording
local connection
transport input telnet ssh
!
max-task-time 5000 Planner
end
VanRouter #.
If you can ping the router on then you should be able to ping from the PC on. Try searching for the source of your ping to the IP Address of the VLAN 1 interface on your router and see if it works.
In addition, you don't need these static routes:
IP route 0.0.0.0 0.0.0.0 71.246.236.11
IP route 0.0.0.0 0.0.0.0 10.1.41.79
Route IP 192.168.0.0 255.255.255.0 192.168.1.1
IP route 192.168.1.0 255.255.255.0 192.168.1.1
IP route 192.168.100.0 255.255.255.0 192.168.100.2
If you don't want to show up at static routing, you might be able to get directions to RIP on the Linksys. You must have access to the Linksys however.
At the end of the day, probably you will need to configure NAT on the interface to the Linksys and the VLAN1 interface and then Overload:
Int fa 0/4
IP NAT outside
Int vlan1
IP NAT inside
Access-list 10
Permit 192.168.100.0 0.0.0.255
IP nat inside source list 10 interface f 0/4 overload
Sent by Cisco Support technique iPhone App
Tags: Cisco Network
Similar Questions
-
Router Cisco 871 as a VPN server
Hello!
I have a Cisco 871 router which I want to implement a VPN (PPTP) server at home, so that I could connect to it from outside (from an Internet café, for example).
All I need is to be able to use my IP of the home across the world just by connecting to the VPN through PPTP. The router would be the only thing connected to the internet in my house and it is not all of the devices connected to the router. Remote access to my IP is all I need.
The problem is that I have no idea how to do that.
So I would really appreciate if someone could help me with this,
Thank you!
Read the below URL
http://www.Cisco.com/en/us/products/ps5855/products_configuration_example09186a0080ab7073.shtml
HTH >
-
Help setting up a router Cisco 871 for home...
871
Hello Andrew,.
Alain you provided the entire configuration of what you asked, but I think you also need to configure NAT in order to access internet from PC LAN.
Reason for this is that get you the WAN IP address and default route ISP, for example:
IP: 10.0.0.1
Mask: 255.255.255.0
Gateway: 10.0.0.254
But your ISP guess you connect only a single PC, so only 10.0.0.1 IP address will have access to the internet. ISP will pass all traffic of 192.168.10.0/24 and 192.168.20.0/24 because these networks are unknown to the ISP. You will need to NAT your internal networks to your WAN IP 10.0.0.1.
Here is the configuration:
NAT_ACL extended IP access list
deny ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 any
ip licensing 192.168.20.0 0.0.0.255 any
refuse an entire ip
NAT_MAP route map
corresponds to the IP NAT_ACL
IP nat inside source overload map route NAT_MAP interface FastEthernet4
interface Vlan10
IP nat inside
interface Vlan20
IP nat inside
interface FastEthernet4
NAT outside IP
Last thing, it is not necessary, but maybe you want to prevent users of VLANS to access your internal network:
Restrict_GUESTS extended IP access list
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
ip licensing 192.168.20.0 0.0.0.255 any
refuse an entire ip
interface Vlan20
IP access-group Restrict_GUESTS in
Best regards
Please note all useful messages and close issues resolved
-
Pass Cisco 871 and VPN to the SBS 2008 Server
to precede the questions below, I'm responsible for COMPUTING internal with several years of site / offsite support. I also have very limited knowledge of the inner workings of a Cisco device. That said, I've beaten my head against a wall, trying to configure my router Cisco 871 to allow access to our internal server of SBS 2008 VPN hosting services. I think I, and properly configured the SBS 2008 Server.
I use advanced IP services, version 12.4 (4) T7
Here is the \windows\system32\conifg\system running
Building configuration...
Current configuration: 9414 bytes
!
version 12.4
no service button
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
horodateurs service debug datetime localtime show-timezone msec
Log service timestamps datetime localtime show-timezone msec
encryption password service
sequence numbers service
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
Security of authentication failure rate 3 log
Passwords security min-length 6
logging buffered debugging 51200
recording console critical
enable secret 5 *.!
No aaa new-model
!
resources policy
!
PCTime-5 timezone clock
PCTime of summer time clock day April 6, 2003 02:00 October 26, 2003 02:00
IP subnet zero
no ip source route
IP cef
!
!
!
!
synwait-time of tcp IP 10
no ip bootp Server
"yourdomain.com" of the IP domain name
name of the IP-server 65.24.0.168
name of the IP-server 65.24.0.196
property intellectual ssh time 60
property intellectual ssh authentication-2 retries
inspect the IP name DEFAULT100 appfw DEFAULT100
inspect the IP name DEFAULT100 cuseeme
inspect the IP name DEFAULT100 ftp
inspect the IP h323 DEFAULT100 name
inspect the IP icmp DEFAULT100 name
inspect the IP name DEFAULT100 netshow
inspect the IP rcmd DEFAULT100 name
inspect the IP name DEFAULT100 realaudio
inspect the name DEFAULT100 rtsp IP
inspect the IP name DEFAULT100 sqlnet
inspect the name DEFAULT100 streamworks IP
inspect the name DEFAULT100 tftp IP
inspect the IP udp DEFAULT100 name
inspect the name DEFAULT100 vdolive IP
inspect the name DEFAULT100 http urlfilter IP
inspect the IP router-traffic tcp name DEFAULT100
inspect the IP name DEFAULT100 https
inspect the IP dns DEFAULT100 name
urlfilter IP interface-source FastEthernet4
property intellectual urlfilter allow mode on
urlfilter exclusive-area IP Deny. Facebook.com
refuse the urlfilter exclusive-domain IP. spicetv.com
refuse the urlfilter exclusive-domain IP. AddictingGames.com
urlfilter exclusive-area IP Deny. Disney.com
urlfilter exclusive-area IP Deny. Fest
refuse the urlfilter exclusive-domain IP. freeonlinegames.com
refuse the urlfilter exclusive-domain IP. hallpass.com
urlfilter exclusive-area IP Deny. CollegeHumor.com
refuse the urlfilter exclusive-domain IP. benmaller.com
refuse the urlfilter exclusive-domain IP. gamegecko.com
refuse the urlfilter exclusive-domain IP. ArmorGames.com
urlfilter exclusive-area IP Deny. MySpace.com
refuse the urlfilter exclusive-domain IP. Webkinz.com
refuse the urlfilter exclusive-domain IP. playnow3dgames.com
refuse the urlfilter exclusive-domain IP. ringtonemecca.com
refuse the urlfilter exclusive-domain IP. smashingames.com
urlfilter exclusive-area IP Deny. Playboy.com
refuse the urlfilter exclusive-domain IP. pokemoncrater.com
refuse the urlfilter exclusive-domain IP. freshnewgames.com
refuse the urlfilter exclusive-domain IP. Toontown.com
urlfilter exclusive-area IP Deny .online-Funny - Games.com
urlfilter exclusive-area IP Deny. ClubPenguin.com
refuse the urlfilter exclusive-domain IP. hollywoodtuna.com
refuse the urlfilter exclusive-domain IP. andkon.com
urlfilter exclusive-area IP Deny. rivals.com
refuse the urlfilter exclusive-domain IP. moregamers.com
!
policy-name appfw DEFAULT100
http request
port-bad use p2p action reset alarm
port-abuse im action reset alarm
Yahoo im application
default action reset service
service-chat action reset
Server deny name scs.msg.yahoo.com
Server deny name scsa.msg.yahoo.com
Server deny name scsb.msg.yahoo.com
Server deny name scsc.msg.yahoo.com
Server deny name scsd.msg.yahoo.com
Server deny name messenger.yahoo.com
Server deny name cs16.msg.dcn.yahoo.com
Server deny name cs19.msg.dcn.yahoo.com
Server deny name cs42.msg.dcn.yahoo.com
Server deny name cs53.msg.dcn.yahoo.com
Server deny name cs54.msg.dcn.yahoo.com
Server deny name ads1.vip.scd.yahoo.com
Server deny name radio1.launch.vip.dal.yahoo.com
Server deny name in1.msg.vip.re2.yahoo.com
Server deny name data1.my.vip.sc5.yahoo.com
Server deny name address1.pim.vip.mud.yahoo.com
Server deny name edit.messenger.yahoo.com
Server deny name http.pager.yahoo.com
Server deny name privacy.yahoo.com
Server deny name csa.yahoo.com
Server deny name csb.yahoo.com
Server deny name csc.yahoo.com
audit stop trail
aol im application
default action reset service
service-chat action reset
Server deny name login.oscar.aol.com
Server deny name toc.oscar.aol.com
Server deny name oam - d09a.blue.aol.com
audit stop trail
!
!
Crypto pki trustpoint TP-self-signed-1955428496
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 1955428496
revocation checking no
rsakeypair TP-self-signed-1955428496
!
!
TP-self-signed-1955428496 crypto pki certificate chain
certificate self-signed 01
308201B 8 A0030201 02020101 3082024F 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 31393535 34323834 6174652D 3936301E 170 3032 30333031 30303035
33315A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 39353534 65642D
32383439 3630819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
8100CB6B E980F044 5FFD1DAE CBD35DE8 E3BE2592 DF0B2882 2F522195 4583FA03
40F4DAC6 CEAD479F A92607D4 1 B 033714 51C3A84D EA837959 F5FC6508 4D71F8E6
5B124BB3 31F0499F B0E871DB AF354991 7D45F180 5D8EE435 77C8455D 2E46DE46
67791F49 44407497 DD911CB7 593E121A 0892DF33 3234CF19 B2AE0FFD 36A640DC
2 010001 HAS 3 990203 AND 77307530 1 130101 FF040530 030101FF 30220603 0F060355 D
1104 1B 301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 551D
301F0603 C 551 2304 18301680 145566 4581F9CD 7 5F1A49FB 49AC9EC4 678908FF
2A301D06 04160414 5566 745 81F9CD5F 1A49FB49 AC9EC467 8908FF2A 03551D0E
300 D 0609 2A 864886 818100B 3 04050003 903F5FF8 A2199E9E EA8CDA5D F70D0101
60B2E125 AA3E511A C312CC4F 0130563F 28D3C813 99022966 664D52FA AB1AA0EE
9A5C4823 6B19EAB1 7ACDA55F 6CEC4F83 5292 HAS 867 BFC65DAD A2391400 DA12860B
5A 523033 E6128892 B9BE68E9 73BF159A 28D47EA7 76E19CC9 59576CF0 AF3DDFD1
3CCF96FF EB5EB4C9 08366F8F FEC944CA 248AC7
quit smoking
secret of username admin privilege 15 5 *.!
!
Policy-map sdmappfwp2p_DEFAULT100
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
Description $$$ FW_OUTSIDE$ $ES_WAN$ ETH - WAN
address IP dhcp client id FastEthernet4
IP access-group 101 in
no ip redirection
no ip unreachable
no ip proxy-arp
NAT outside IP
inspect the DEFAULT100 over IP
IP virtual-reassembly
route IP cache flow
automatic duplex
automatic speed
sdmappfwp2p_DEFAULT100 of service-policy input
out of service-policy sdmappfwp2p_DEFAULT100
!
interface Vlan1
Description $ETH - SW - LAUNCH$ $INTF - INFO - HWIC-$4ESW $ES_LAN$ $FW_INSIDE$
the IP 192.168.0.1 255.255.255.0
IP access-group 100 to
no ip redirection
no ip unreachable
no ip proxy-arp
IP nat inside
IP virtual-reassembly
route IP cache flow
IP tcp adjust-mss 1452
!
IP classless
!
!
IP http server
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
the IP nat inside source 1 list the interface FastEthernet4 overload
IP nat inside source static tcp 192.168.0.100 1723 1723 interface FastEthernet4
IP nat inside source static tcp 192.168.0.100 25 25 FastEthernet4 interface
IP nat inside source static tcp interface 192.168.0.100 80 80 FastEthernet4
IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 443 443
IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 987 987
!
recording of debug trap
Note access-list 1 INSIDE_IF = Vlan1
Remark SDM_ACL category of access list 1 = 2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark self-generated by the configuration of the firewall Cisco SDM Express
Access-list 100 = 1 SDM_ACL category note
access-list 100 deny ip 255.255.255.255 host everything
access-list 100 deny ip 127.0.0.0 0.255.255.255 everything
access ip-list 100 permit a whole
access list 101 remark self-generated by the configuration of the firewall Cisco SDM Express
Note access-list 101 = 1 SDM_ACL category
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 987
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp host 65.24.0.169 eq field all
access-list 101 permit udp host 65.24.0.168 eq field all
access-list 101 permit udp host 24.29.1.219 eq field all
access-list 101 permit udp host 24.29.1.218 eq field all
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo response
access-list 101 permit icmp any one time exceed
access-list 101 permit everything all unreachable icmp
access-list 101 deny ip 10.0.0.0 0.255.255.255 everything
access-list 101 deny ip 172.16.0.0 0.15.255.255 all
access-list 101 deny ip 192.168.0.0 0.0.255.255 everything
access-list 101 deny ip 127.0.0.0 0.255.255.255 everything
access-list 101 deny ip 255.255.255.255 host everything
access-list 101 deny ip any one
not run cdp
!
!
control plan
!
connection of the banner ^ CCCCCAuthorized access only!
Unplug IMMEDIATELY if you are not an authorized user. ^ C
!
Line con 0
local connection
no activation of the modem
telnet output transport
line to 0
local connection
telnet output transport
line vty 0 4
privilege level 15
local connection
transport input telnet ssh
!
max-task-time 5000 Planner
Scheduler allocate 4000 1000
Scheduler interval 500
endAll that top has been configured with the SDM interface. I hope someone here can take a look at this and see what my question is, and why I can't connect through the router.
All thanks in advance to help me with this.
Jason
Based on your description, I am assuming that you are trying the traffic PPTP passthrough via the router 871, and the PPTP Protocol ends on your SBS 2008 Server.
If this is the correct assumption, PPTP uses 2 protocols: TCP/1723 and GRE. Your configuration only allow TCP/1723, but not the GRE protocol.
On 101 ACL, you must add "allow accord any any" before the declarations of refusal:
101 extended IP access list
1 allow any one
I guess that the PPTP control connection works fine? Are you able to telnet to the router outside the ip address of the interface on port 1723?
-
Cisco router some computers were able to access the internet.
I'm having a weird problem recently that some computers were unable to browse some site. I even try to put in place a different router from cisco (cisco 2811) with IOS version 15.0 and the same configuration but still no luck. Tried to reboot all devices and I also try to use the computer that is having problem to access the web connect directly to the router, but the result is the same. FYI the router being works well for a month a few without this problem. I try to use the inexpensive router like the dlink / tplink and there is no problem. Another piece of information, it's the computer that could not browse some site were able to ping the website, but fail to load in the web browser. 10 computer there are 3 unit have this problem and new features such as my customer/guest computer also were unable to browse some site. There are no firewall or any security in our regard. It makes me crazy!
My circuit diagram as below;
WAN-> router (Cisco 2821)-> switch-> computer
-See the version-
Cisco IOS software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4 (24) T6, VERSION of the SOFTWARE (fc2)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Updated Wednesday, Aug 23, 11 01:30 by prod_rel_teamROM: System Bootstrap, Version 12.4 (13r) T, RELEASE SOFTWARE (fc1)
Linear_Router uptime is 2 weeks, 3 days, 21 hours, 56 minutes
System return to the ROM to reload at 12:49:51 MAS Thu Sep 1 2016
System image file is "flash: c2800nm-adventerprisek9 - mz.124 - 24.T6.bin".This product contains cryptographic features and is under the United States
States and local laws governing the import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third party approval to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. laws and local countries. By using this product you
agree to comply with the regulations and laws in force. If you are unable
to satisfy the United States and local laws, return the product.A summary of U.S. laws governing Cisco cryptographic products to:
http://www.Cisco.com/WWL/export/crypto/tool/stqrg.htmlIf you need assistance please contact us by mail at
[email protected] / * /.Cisco 2821 (revision 53.51) with 249856K / 12288K bytes of memory.
Card processor ID FHK1235F3T0
2 gigabit Ethernet interfaces
2 interfaces Serial (sync/async)
1 ATM interface
1 module of virtual private network (VPN)
Configuration of DRAM is wide with parity 64-bit capable.
239K bytes of non-volatile configuration memory.
1000944K bytes of ATA CompactFlash (read/write)Configuration register is 0 x 2102
-show running-config-
Building configuration...
Current configuration: 8378 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime localtime
encryption password service
!
hostname Linear_Router
!
boot-start-marker
start the flash system: c2800nm-adventerprisek9 - mz.124 - 24.T6.bin
boot-end-marker
!
forest-meter operation of syslog messages
logging buffered 16000
enable password 7
!
AAA new-model
!
!
AAA authentication login sdm_vpn_xauth_ml_1 local
AAA authorization sdm_vpn_group_ml_1 LAN
!
!
AAA - the id of the joint session
clock timezone 8 MAS
!
dot11 syslog
IP source-route
!
!
IP cef
No dhcp use connected vrf ip
dhcp IP 30 binding cleanup interval
DHCP excluded-address IP 192.168.88.1 192.168.88.141
DHCP excluded-address IP 192.168.88.180 192.168.88.254
!
pool of dhcp IP LAN
network 192.168.88.0 255.255.255.0
router by default - 192.168.88.254
domain losb.local
Server DNS 8.8.8.8 8.8.4.4
0 0 15 rental
!
!
IP domain name losb.local
8.8.8.8 IP name-server
IP-server names 8.8.4.4
!
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
Crypto pki trustpoint test_trustpoint_config_created_for_sdm
e subject name =[email protected] / * /
crl revocation checking
!
Crypto pki trustpoint TP-self-signed-3132623275
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 3132623275
revocation checking no
rsakeypair TP-self-signed-3132623275
!
!
for the crypto pki certificate chain test_trustpoint_config_created_for_sdm
TP-self-signed-3132623275 crypto pki certificate chain
certificate self-signed 01
30820250 308201B 9 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 33313332 36323332 6174652D 3735301E 170 3134 31323032 31393436
35385A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 33 31333236 65642D
32333237 3530819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
8569B 674 5F07B434 8E5F9D59 D298DB7E 51FBB58A B 460084 9 34AE8461 8100D01A
471637 C F6CFC65F 9639C1C6 2 50CF9117 D459482F 1EF22E29 322F39AA 88 42306
F4B6686A 161FDD3D 69B0647B 46FC7CD0 966C03E8 D6CF9181 8E2B3514 300D980B
EE9225A6 173F7673 655A1DE8 FB720F13 0FD8E550 A7DDB314 50461510 A72C5DBE
010001A 3 78307630 1 130101 FF040530 030101FF 30230603 0F060355 A1CF0203
551D 1104 1C301A82 184C696E 6561725F 526F7574 65722E6C 6F73622E 6C6F6361
23 04183016 8014FA7F D98E6D69 462EEAED 41BEC8D3 7042F812 03551D 6C301F06
95B3301D 0603551D 0E041604 14FA7FD9 8E6D6946 2EEAED41 BEC8D370 42F81295
B3300D06 092 HAS 8648 01040500 03818100 043EC1A4 7363A7FD 3AED777D 86F70D01
CAAEC570 99 HAS 02166 A3958A66 0E5A5DD2 368C2F8B D9A96E69 9F57852C ACE0C67F
73 D 17753 53BE14C4 824BE043 B8A52822 E38DBC3C C3F33787 813FD207 0AB04004
E0303A2F 2A3BF5AA 81481429 F53C1EDD 8AC2EC48 D64DF89A 4D047B7C 6B 516970
55EAFF10 B1453DBD ABC96845 FDF7AAF9 77B8C381
quit smoking
!
!
password username privilege 15 7 kent
Archives
The config log
hidekeys
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
!
Configuration group customer crypto isakmp 11
11 key
DNS 8.8.8.8 8.8.4.4
losb.local field
pool SDM_POOL_1
ACL 100
Max-users 11
ISAKMP crypto sdm-ike-profile-1 profile
identity group game 11
client authentication list sdm_vpn_xauth_ml_1
ISAKMP authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-model 1
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
!
Profile of crypto ipsec SDM_Profile1
game of transformation-ESP-3DES-SHA
isakmp-profile sdm-ike-profile-1 game
!
!
Crypto ctcp port 10000
!
!
!
!
!
!
interface GigabitEthernet0/0
Description of connection WAN to Unifi BTU
no ip address
no ip-cache cef route
no ip route cache
automatic duplex
automatic speed
No mop enabled
!
interface GigabitEthernet0/0.500
encapsulation dot1Q 500
no ip route cache
PPPoE enable global group
PPPoE-client dial-pool-number 1
!
interface GigabitEthernet0/1
internal network LAN Description
IP 192.168.88.254 255.255.255.0
IP access-group UDP/TCP in
IP nat inside
IP virtual-reassembly
no ip-cache cef route
no ip route cache
automatic duplex
automatic speed
!
ATM0/0/0 interface
no ip address
Shutdown
ATM 300 restart timer
No atm ilmi-keepalive
!
interface Serial0/1/0
no ip address
Shutdown
2000000 clock frequency
!
interface Serial0/1/1
no ip address
Shutdown
2000000 clock frequency
!
type of interface virtual-Template1 tunnel
11 description
Dialer1 IP unnumbered
ipv4 ipsec tunnel mode
Tunnel SDM_Profile1 ipsec protection profile
!
interface Dialer1
the negotiated IP address
IP mtu 1480
NAT outside IP
IP virtual-reassembly
encapsulation ppp
Dialer pool 1
Dialer idle-timeout 0
persistent Dialer
Dialer-Group 1
PPP authentication chap callin pap
PPP chap hostname [email protected] / * /
password PPP chap 7 15381
PPP pap sent-username [email protected] / * / 132F0 password 7
!
local IP SDM_POOL_1 192.168.88.130 pool 192.168.88.141
default IP gateway - 192.168.88.254
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 Dialer1
IP http server
local IP http authentication
IP http secure server
!
!
overload of IP nat inside source list Internet_List interface Dialer1
IP nat inside source static tcp 192.168.88.89 8001 interface 3389 Dialer1
IP nat inside source static udp 192.168.88.89 8001 interface 3389 Dialer1
IP nat inside interface 80 static udp 192.168.88.102 source Dialer1 5555
IP nat inside source static tcp 192.168.88.102 80 5555 Dialer1 interface
IP nat inside source static tcp 192.168.88.90 80 Dialer1 8080 interface
IP nat inside interface 80 static udp 192.168.88.90 source Dialer1 8080
IP nat inside source static tcp 192.168.88.101 interface 8888-8888 Dialer1
IP nat inside source static udp 192.168.88.101 interface 8888-8888 Dialer1
IP nat inside source static tcp 192.168.88.101 80 Dialer1 7777 interface
IP nat inside interface 80 static udp 192.168.88.101 7777 Dialer1 source
!
Internet_List extended IP access list
IP 192.168.88.0 allow 0.0.0.255 any
!
Access-list 100 = 4 SDM_ACL category note
access-list 100 permit ip 192.168.88.0 0.0.0.255 any
Dialer-list 1 ip protocol allow
!
!
!
!
!
!
control plan
!
!
!
!
!
!
!
!
!
Banner motd ^ CC
#####################################################################
# WARNING!!! #
# This system is for the use of only authorized customers. #
# Who is using the computer network system without #.
authorization of #, or their permission, are #.
# subject to having their activities on this computer.
# Network monitored and recorded by system #.
staff of #. To protect the computer network system of #.
# unauthorized use and to ensure that computer network systems #.
# does not work properly, system administrators monitor this #.
system of #. Anyone using this computer system #.
# consents to such monitoring and is expressly informed that #.
# If this control reveals possible criminal conduct.
activity #, the system can provide evidence of #.
# This activity to police officers. #
# #
# Access is limited to authorized users only. #
# Unauthorized access is a violation of # State and federal.
# civil and criminal. #
#####################################################################^C
!
Line con 0
line to 0
line vty 0 4
privilege level 15
password 7
transport input telnet ssh
exit telnet ssh transport
!
Scheduler allocate 20000 1000
NTP-Calendar Update
endHello
try changing the size of the "ip mtu" on your Dialer interface to 1492, and/or the 'ip tcp adjust-mss' on your GigabitEthernet interfaces to 1452 and see if that makes a difference.
-
Hello.
I have a Cisco 871 router with this network diagram
10.218.10.117 host - 10.218.10.118 4 | CISCO 871 | 172.18.122.5-FE0 - 172.18.122.6 host
I want the 172.18.122.6 host can do ping to the 10.218.10.117 host at the other end of the router, but its does not work, what is the problem with this config? could someone give me a hand?
With the help of 1222 off 131072 bytes
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname ALCALÁ-CNT-UIO
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
activate the password XXXXXXXXXXXXXXX
!
No aaa new-model
!
resources policy
!
IP subnet zero
IP cef
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
IP 10.218.10.118 255.255.255.252
automatic speed
full-duplex
!
interface Vlan1
IP 172.18.122.5 255.255.255.0
!
router RIP
redistribute connected
10.0.0.0 network
network 172.18.0.0
!
IP classless
!
!
no ip address of the http server
no ip http secure server
!
Dialer-list 1 ip protocol allow
!
!
control plan
!
!
Line con 0
no activation of the modem
line to 0
line vty 0 4
password XXXXXXXXXXXX
opening of session
!
max-task-time 5000 Planner
end
Better compliance
The f
Jeff,
Each host can ping their side? You have default gateways configured on the hosts?
HTH,
JohnPlease note all useful messages *.
-
As in the title, power storm seems to have fried the step-down transformer and router DLink. Replaced this morning and only took a few minutes to operate wireless router Cisco Valet for wire hard PC and wireless laptops.
However, it seems that my Canon MX860 printer is not found by the network. It can be located by control panel of Windows Vista and I have uninstalled and reinstalled twice. But when I try to print I get the error message "printer not found."
Help.
Hello
If this is a network printer ready to reconfigure the printer to match the new router.
If it resets in a different IP, you need to set the printer to the computer for the game too (see the manual of the printer).
Jack-MVP Windows Networking. WWW.EZLAN.NET
-
Installation easy vpn Cisco 871
I have a Cisco 871 router sitting behind my adsl router and I have configured to accept vpn connections from clients from outside (partially configured by cli and partly by SDM).
It works well, in that I can connect my LAN and access my network inside resources, however I can't access the web when connected via vpn.
Is it perhaps to nat? I hope that someone can see why in my config. Thank you.
Hi Chris,
The only reason I understand here, customers lose their ability to achieve internet when connected by VPN is, according to the current configuration, all traffic (including the NetBIOS) runs through the tunnel. So when a package leaves the machine with a source of intellectual property (one of the private ip address of the pool set) of the client and the destination 4.2.2.2 (can be any ip on the internet), there is no translation defined for the ip address of the VPN client on the router.
Thus, package from the computer of the customer with an address NON-Routable cannot access the internet for obivous reasons.
To work around the problem, try this.
access-list 5 by 192.168.1.0 0.0.0.255
(assuming that 192.168.1.0 is that the VPN client subnet have access)
Then,
Crypto home isakmp client configuration group
key xxxx
ACL 5< binding="" the="" acl="">
By creating the acl the binder to the configuration of the client, and 5 am Division of traffic in the tunnel. In other words, only for the 192.168.1.x subnet traffic will pass through the tunnel and rest will take the path of the LOCAL ISP.
I hope this helps...!
Concerning
M.
-
VPN site to Site on both ends using Cisco 871
I would like to configure VPN Site to Site using the Cisco 871 templates at both ends, but a hard time to set it up. Can someone tell me how to do or if you know of a link that may help me set up as soon as possible?
I can learn it, but it's time that banned me in the implementation. The other end is already configured to provide Internet access to all users.
Tom,
########################################################################################
Router 1 VPN config:
Internal = 10.0.0.0/24
Public = 196.1.161.65access-list 101 permit ip 10.0.0.0 0.0.0.255 10.193.12.0 0.0.3.255
access-list 102 deny ip 10.0.0.0 0.0.0.255 10.193.12.0 0.0.3.255
access-list 102 permit ip 10.0.0.0 0.0.0.255 anyIP nat inside source list 102 in interface (check the name of the external interface) overload
crypto ISAKMP policy 10
3des encryption
sha hash
Group 2ISAKMP crypto key cisco123 address 196.1.161.66
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
MYmap 10 ipsec-isakmp crypto map
defined by peer 196.1.161.66
Set transform-set RIGHT
match address 101interface (check the name of the interface inside)
IP nat insideinterface (check the name of the external interface)
NAT outside IP
crypto mymap map########################################################################################
Router 2 VPN config:
Internal = 10.193.12.0/22
Public = 196.1.161.66access-list 101 permit ip 10.193.12.0 0.0.3.255 10.0.0.0 0.0.0.255
access-list 102 deny ip 10.193.12.0 0.0.3.255 10.0.0.0 0.0.0.255
access-list 102 permit ip 10.193.12.0 0.0.3.255 allIP nat inside source list 102 in the fast4 interface overload
crypto ISAKMP policy 10
3des encryption
sha hash
Group 2ISAKMP crypto key cisco123 address 196.1.161.65
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
MYmap 10 ipsec-isakmp crypto map
defined by peer 196.1.161.65
Set transform-set RIGHT
match address 101interface vlan1
IP nat insidefast4 interface
NAT outside IP
crypto mymap map########################################################################################
The above is an example of configuration.
It is always recommended to change the pre shared key to something else.Federico.
-
VPN router Cisco 2611XM VPN client
I have 2611XM router on a Central site with two FastEthernet interfaces? XA; (FastEthernet0/0 and FastEtherne0/1). FE0/0 has private ip address?xa;192.168.1.1/24 and it connects on LAN 192.168.1.0/24. FE0/1A public? XA; address x.x.x.x/30 and his connects to Internet. There on this NAT router? XA; with overload. ? XA; This router is to give customers remote access with Cisco VPN client on? XA; Internet to the LAN and at the same time, the users local access to the Internet. ? XA; I did a config that establish the tunnel between the clients and the router but? XA; I can't ping all devices on the local network. ? XA; The router must also give remote access and LAN in the scenarios from site to site? XA;
I can establish the tunnel between my PC and the router via a dial-up Internet connection. But when the tunnel is established that except my public IP address of the router, I can't ping any public IP address. I can ping all other customers who owns the ip address of the pool for customers.
Addition of the sheep route map should not make you lose the connection to the router.
Are the commands that you will need to put in
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
sheep allowed 10 route map
corresponds to the IP 101
You need to delete translations of nat or remove commands 'ip nat outside' and 'ip nat inside' temporarily while you are taking the following off the coast
no nat ip inside the source list 7 pool internet overload
and add the command
IP nat inside source map route sheep pool internet overload
Make sure that you reapply the "nat inside ip' and ' ip nat outside of ' orders return of your internal users will not be able to go to the internet.
You can search this config in the link that sent Glenn-
http://www.Cisco.com/warp/public/707/ios_D.html
I pasted the lines that you should look into setting up the example below
! - Except the private network and the VPN Client from the NAT process traffic.
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.100.0 0.0.0.255 any
! - Except the private network and the VPN Client from the NAT process traffic.
sheep allowed 10 route map
corresponds to the IP 110
-Except the private network and the VPN Client from the NAT process traffic.
IP nat inside source map route sheep interface FastEthernet0/0 overload
Thank you
Ranjana
-
Hi all
I have a problem and will apprecaite all the help I can get. I think I will find an answer here.
I have a small network, Linksys WRT350N (wireless router) attached to a modem and then connected to a desktop computer and with 3 wireless laptops connected to the router. All 3 are really great to work and access the internet very well.
Currently, I have the need to expand the network to 3 floors, so I bought 3 Points of access wireless of Linksys (WAP4400N).
I ran 3 cables CAT5e cable from the router and which ends individually all 3 floors, the top floor is less than the router 40meters. With the cables that came in their boxes, I connected the APs to the router and I have correctly set up the 3 Access Points with them attached to the router, all 3 works perfectly (I can access wireless internet via 3-point). However when I take the points of access to the upper floors and connect cables cat5e APs no longer work but connect after some time with the message "limited connectivity".
Why can I connect when the APs are connected to the ground floor via a short cable that came in the box and not when it is connected to put cables from the ground floor to the upper floors but rather make the "LIMITED SERVICE" message and cannot connect to the internet.
Also if I connect the cat5e cables directly to a laptop computer on all the floors, I can connect to the internet (the work of cables fine when connected directly to a laptop computer), but when it is connected to the connection of the APs has failed and I begin to see strange IP addresses from the APs.
Oh, one more piece of important information: when I connect cables CAT5e cable on all floors direct to a laptop I can connect to the internet (the work of cables very well when it is connected directly to a laptop) but when connected to the failed to connect APs and I begin to see strange IP addresses from the APs.
HEPL!
I think I have the forum a status report on my post. As I mentioned in my last post, the problem has been as a result of lower cable at my provider. The network is running smoothly. Has been in place since last week when I replaced the lower quality cat5e cable cat5e cable.
A Board here please be careful and make sure you complete the cable. A bad end can lead to connection problems I discovered in this case when my team confidence terminated cable incorrectly.
Network up to & operational: Linksys WRT350N router without wire + 3 Linksys Wireless Access Points WAP4400N + Modem providing access to (1 computer (cable), 6 workstations (wireless), & 5 laptops (wireless).) Network to grow shortly.
Thanks to everyone who helped make this project a reality.
-
WRT54GS Wireless Router recently started disconnecting Internet connection after 9 months
Hello, I have read some and see that it is a problem common but of are to be decided.
I have a Lynksys WRT54GS with the latest Firmware update v7.2 27 July 2009 (FW_WRT54GSv7.2_7.2.07.013_EN_20090727)
I ran 2 desktop computers as well as my DVR security by the security cameras for remote monitoring, also portable hook upward wireless sometimes as well without any problem using this router for over 9 months now with no problems until the last few days... I never log out and leave it on 24/7 for 9 months without problem and now recently I had to pull on the power cord from the back of the router and reconnect it to re power on the router to establish an internet connection.
Now the last 3 days the router loses its internet connection each monutes a few... hours... the time it disconnects are random moments and I have the programs I need to run all day but can't because the router loses its connections...
I applied the firmware again... re factory - configure the router... rebooted the computer... tried cloning the MAC address... all seem to be doing nothing... the same problem still exists.
All of the minutes or hours so it disconnects the interent.
I ran the office computer directly to the DSL Modem and I'm online very well with a desktop computer without disconnections for hours and hours (18hrs to date is not a problem), so I know this isn't the access provider. I had this problem I believe before with a previous Lynksys router and then bought it and now after this short period it seems to do the same thing again with this one. What a pain in the but.
All solutions and more...
Re application firmware... then
factory re set the router... then
re - connect computers as if it were a new router... the MAC address cloning? Geezus... it must be one simple solution other then buy another brand router.
Thanks in advance...
What is the IP address, find the modem directly...? Connect the computer directly to the modem and check the ip address? What is the ip address, you get the router...?
Try the following settings on the router and check the connection...
-Change the channel to 11-2 wireless, 462 GHz
-Under the Advance wireless settings tab, change the tag at 50, Fragmentation threshold to 2304, interval RTS threshold to 2304
-
WRT54G VG/wusb54g V4 no internet no access
WRT54G VG/wusb54g V4 no internet no access
Everything worked fine last night and then collapsed. Reset, Hard Reset, called the cable operator. Can directly get Internet when pulgged in. Can connect to my network but the router now as everything, but I can't get online via the router.
Manager hardware says that the apadter is very good...
Any ideas?
Upgade frimware I guess it's more of a replacement for the fixed... Yes!
-
Help to configure the router Cisco 1941
Help!
I just bought a router cisco 1941, I understand, it came with the Cisco CP, but I don't know how get you to the part where I can use it.
Also, how can I connect to the router directly without using the HyperTerminal console, all I want to be able to do is configure the address IP of the ISP and my IP address so I can use it for surfing the internet.
Help, please.
Hello
Thanks for the screenshots and show the output! You will need a few lines of command for CCP to work:
Configure the terminal
username username privilege 15 secret PASSWORD
IP http server
local IP authentication
Sent by Cisco Support technique iPad App
-
Router Cisco 1941 - crypto isakmp policy command missing - IPSEC VPN
Hi all
I was looking around and I can't find the command 'crypto isakmp policy' on this router Cisco 1941. I wanted to just a regular Lan IPSEC to surprise and Lan installation tunnel, the command isn't here. Have I not IOS bad? I thought that a picture of K9 would do the trick.
Any suggestions are appreciated
That's what I get:
Router (config) #crypto?
CA Certification Authority
main activities key long-term
public key PKI componentsSEE THE WORM
Cisco IOS software, software C1900 (C1900-UNIVERSALK9-M), Version 15.0 (1) M2, VERSION of the SOFTWARE (fc2)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Updated Thursday, March 10, 10 22:27 by prod_rel_teamROM: System Bootstrap, Version 15.0 M6 (1r), RELEASE SOFTWARE (fc1)
The availability of router is 52 minutes
System returned to ROM by reload at 02:43:40 UTC Thursday, April 21, 2011
System image file is "flash0:c1900 - universalk9-mz.» Spa. 150 - 1.M2.bin.
Last reload type: normal charging
Reload last reason: reload commandThis product contains cryptographic features...
Cisco CISCO1941/K9 (revision 1.0) with 487424K / 36864K bytes of memory.
Card processor ID FTX142281F4
2 gigabit Ethernet interfaces
2 interfaces Serial (sync/async)
Configuration of DRAM is 64 bits wide with disabled parity.
255K bytes of non-volatile configuration memory.
254464K bytes of system CompactFlash ATA 0 (read/write)License info:
License IDU:
-------------------------------------------------
Device SN # PID
-------------------------------------------------
* 0 FTX142281F4 CISCO1941/K9Technology for the Module package license information: "c1900".
----------------------------------------------------------------
Technology-technology-package technology
Course Type next reboot
-----------------------------------------------------------------
IPBase ipbasek9 ipbasek9 Permanent
security, none none none
given none none noneConfiguration register is 0 x 2102
You need get the license of security feature to configure the IPSec VPN.
Currently, you have 'none' for the security feature:
----------------------------------------------------------------
Technology-technology-package technology
Course Type next reboot
-----------------------------------------------------------------
IPBase ipbasek9 ipbasek9 Permanent
security, none none none
given none none noneHere is the information about the licenses on router 1900 series:
Maybe you are looking for
-
in fact, I want to install windows os (not authentic) because I'm fond of counter strike so, mac support this game? or it takes 8 GB ram to play counter strike? operating system windows (not authentic) will cause no effect on mac? If I install the wi
-
Quick glance refill or restarts every few seconds, so if I open a PDF file or play a MP3 quicklook will open and display it, but then goes back to the start after a few seconds. I have had this problem for a while and tried every fix I found to clear
-
I have Windows 7 and FireFox 24.0 I'm doing a standard Microsoft Media Video file. MWV run. When I click on the video link to plant video, I get a message saying that I need a plugin to run the file. I already ran into Setup on the link below. This i
-
I don't see the video call option. Also, I doDon t hear what friends call me, but they hear me. Thank you for your immediate action.
-
reinstalled my windows but forward button does not work
reinstalled my windows but forward button does not work or hibernation modded shows in power options