[es] - VPN kroz 1841 ruter

Marvin Freestyle
Marvin Freestyle
New York City

Član broj: 4724
Poruke: 315
*.cable.mindspring.com.

ICQ: 35128967

+1 Profil

Re: VPN kroz 1841 ruter

^{14.10.2007. u 18:26 - pre 200 meseci}

Evo config-a.

Code:
show running
yourname#show running-config
Building configuration...

Current configuration : 6433 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret *****
!
--More--         no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name yourdomain.com
ip name-server 205.214.51.16
ip ssh time-out 60
ip ssh authentication-retries 2
--More--         ip ddns update method sdm_ddns1
DDNS both
!
!
!
!
crypto pki trustpoint TP-self-signed-3056399463
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3056399463
revocation-check none
rsakeypair TP-self-signed-3056399463
!
!
crypto pki certificate chain TP-self-signed-3056399463
certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303536 33393934 3633301E 170D3036 30323033 30343030
  32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30353633
  39393436 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B916 0139520A 2446C917 751CF5FF F28C5AE8 E73E4A64 BE7D1139 DBA6DFBE
  5AE13222 A97A43A2 51302BC4 2F0227AB 620633C2 362FDDF0 11E8A7FB 5AE728FF
--More--           02ECCF99 728A0AFE 0161E25E 49D4F6FA 490B3DFF FB4ECA76 898F5DE8 245459A7
  193BF7F5 42F347D7 5BBD2275 ABB3F7B1 5DBFE39F 0485DA6E 039A5640 D550831E
  520F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 1427F30F 118094EC 9B613F5B E60A2DE1 52CCBE09
  FA301D06 03551D0E 04160414 27F30F11 8094EC9B 613F5BE6 0A2DE152 CCBE09FA
  300D0609 2A864886 F70D0101 04050003 81810052 B9579348 B6772CD2 FE23BB0B
  F4FB6E10 4566B0BA 93A4865B 93BD64A2 B86A3F89 CDC483A7 D6D7DF0F F25F0F97
  9019F2B2 B5AF91D7 9C91F30C B85FDDE7 DE20A422 5FBC1963 82A09AE9 7287F827
  90536A31 B1AC5CE4 5349C6D5 BA33EDE0 045EB331 9B8A8D6F 5F3069CD D472467D
  14B9B87B EACA8435 6919DAF9 411E0770 E23834
  quit
username admin privilege 15 secret *****
!
!
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
ip address 10.1.1.1 255.255.255.0
no ip redirects
no ip unreachables
--More--          no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
ip address ***** 255.255.255.252
no ip redirects
no ip unreachables
--More--          no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
!
ip classless
ip route 0.0.0.0 0.0.0.0 209.101.45.21
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat pool test 216.132.233.160 216.132.233.191 prefix-length 24
ip nat inside source list 110 interface Serial0/0/0 overload
ip nat inside source list 199 pool test overload
ip nat inside source static tcp 10.1.1.11 1723 interface Serial0/0/0 1723
ip nat inside source static tcp 10.1.1.11 3389 interface Serial0/0/0 3389
ip nat inside source static tcp 10.1.1.197 407 216.132.233.189 407 extendable
ip nat inside source static tcp 10.1.1.197 1417 216.132.233.189 1417 extendable
ip nat inside source static tcp 10.1.1.197 1418 216.132.233.189 1418 extendable
ip nat inside source static tcp 10.1.1.197 1419 216.132.233.189 1419 extendable
ip nat inside source static tcp 10.1.1.197 1420 216.132.233.189 1420 extendable
ip nat inside source static tcp 10.1.1.197 2525 216.132.233.189 2525 extendable
--More--         ip nat inside source static tcp 10.1.1.197 8181 216.132.233.189 8181 extendable
ip nat inside source static tcp 10.1.1.198 407 216.132.233.190 407 extendable
ip nat inside source static tcp 10.1.1.198 1417 216.132.233.190 1417 extendable
ip nat inside source static tcp 10.1.1.198 1418 216.132.233.190 1418 extendable
ip nat inside source static tcp 10.1.1.198 1419 216.132.233.190 1419 extendable
ip nat inside source static tcp 10.1.1.198 1420 216.132.233.190 1420 extendable
ip nat inside source static tcp 10.1.1.198 2525 216.132.233.190 2525 extendable
ip nat inside source static tcp 10.1.1.198 8181 216.132.233.190 8181 extendable
ip nat outside source static tcp 216.132.233.189 8181 10.1.1.197 8181 extendable
!
ip access-list extended DNS
remark SDM_ACL Category=1
permit ip host 205.214.51.16 any
!
logging trap debugging
access-list 199 deny   tcp host 10.1.1.197 eq smtp any
access-list 199 deny   tcp host 10.1.1.197 eq 407 any
access-list 199 deny   tcp host 10.1.1.197 eq 1417 any
access-list 199 deny   tcp host 10.1.1.197 eq 1418 any
access-list 199 deny   tcp host 10.1.1.197 eq 1419 any
access-list 199 deny   tcp host 10.1.1.197 eq 1420 any
access-list 199 deny   tcp host 10.1.1.198 eq smtp any
access-list 199 deny   tcp host 10.1.1.198 eq 407 any
--More--         access-list 199 deny   tcp host 10.1.1.198 eq 1417 any
access-list 199 deny   tcp host 10.1.1.198 eq 1418 any
access-list 199 deny   tcp host 10.1.1.198 eq 1419 any
access-list 199 deny   tcp host 10.1.1.198 eq 1420 any
access-list 199 permit ip 10.1.1.0 0.0.0.255 any
access-list 199 permit tcp any eq 3389 any eq 3389
access-list 199 permit tcp any any eq 1723 log-input
access-list 199 permit gre any any log-input
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
--More--          privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end

yourname#

Pozdrav

_{optix: izbacene sifre i ip}

_{[Ovu poruku je menjao optix dana 14.10.2007. u 22:49 GMT+1]}

.:. LoOps Of iNfInitY .:.

Sinologic 16, Burdine Intelligent Translator, SoGo7 Data Gloves, GPL Stealth Module, Thompson Eye Phone

Odgovor na temu

blagojevic
Aleksandar Blagojevic
Nis

Član broj: 57477
Poruke: 112
212.200.90.*

+1 Profil

Re: VPN kroz 1841 ruter

^{25.03.2010. u 12:57 - pre 171 meseci}

Pozdrav! Imam slican problem ovome, a konfiguracija je:

Code:

Cisco1841#show run
Building configuration...

Current configuration : 1532 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1841
!
boot-start-marker
boot-end-marker
!
enable password 7 047E05150E731C1F59
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.50
ip dhcp excluded-address 10.10.10.91 10.10.10.254
!
ip dhcp pool sdm-pool1
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
!
!
!
multilink bundle-name authenticated
!
!
!
!
username admin privilege 15 secret 5 $1$k7w9$q010/sskFlc2lvwHwXTLD/
archive
log config
  hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
description $ES_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat outside
no ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!
ip flow-export source FastEthernet0/0
ip flow-export version 5
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
password 7 106B070A0445425A5C
login
line aux 0
line vty 0 4
password 7 14321C180D567A7A74
login
!
scheduler allocate 20000 1000
end

Cisco1841#

Topologija je je kao na sledecoj slici:

Naime, potrebno je da se sa interneta preko ADSL rutera kroz Cisco1841 propusti VPN konekcija ka serveru. Na osnovu posta sam otprilike video sta treba konfigurisati, ali me interesuje sta konkretno treba da konfigurisem na ruteru i koje tacno komande da upotrebim u CLI-u?

Unapred hvala na pomoci,
Aleksandar

Odgovor na temu