Cisco 866 Port Weiterleitung funktionert nicht
eHallo hab ein Problem mit meinen Cisco 866VAE-K9.
Leider funktioniert die Port weiterleitung nicht. der Zugang zu VDsl und alles weiter funktioniert top. blos leider didba Port Weiterleitung. Ich hoffe es kann mir einer Helfen.
Hier ist meine Config:
Building configuration...
Current configuration : 9016 bytes
! Last configuration change at 23:30:14 UTC Mon Jan 6 2014 by <user>!
version 15.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname deMUC-WAN-01
boot-start-marker
boot-end-marker
aqm-register-fnf
logging buffered 51200 warnings
no aaa new-model
wan mode dsl
ip dhcp excluded-address 10.10.10.1
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip domain name <meineDomain>
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
crypto pki trustpoint TP-self-signed-711588964
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-711588964
revocation-check none
rsakeypair TP-self-signed-711588964
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-711588964
certificate self-signed 01
<cert>
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
username <user> privilege 15 password 0 <pw>
controller VDSL 0
operating mode vdsl2
no cdp run
no ip ftp passive
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any http
match protocol http
match protocol https
class-map type inspect match-any orga
match protocol https
match protocol http
class-map type inspect match-any Server
match protocol http
match protocol https
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
match protocol http
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-any http_port
match protocol http
match protocol https
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-all ccp-cls--1
match class-map http
match access-group name http
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-policy-http
class type inspect http
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-policy-Server
class type inspect Server
inspect
policy-map type inspect ccp-permit
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-out-zone-in-zone source out-zone destination in-zone
service-policy type inspect ccp-policy-http
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
interface Ethernet0
no ip address
no ip route-cache
interface Ethernet0.7
description $ETH-WAN$
encapsulation dot1Q 7
no ip route-cache
pppoe-client dial-pool-number 1
no cdp enable
interface FastEthernet0
no ip address
interface FastEthernet1
switchport access vlan 100
no ip address
interface FastEthernet2
switchport access vlan 100
no ip address
interface FastEthernet3
switchport access vlan 100
no ip address
interface GigabitEthernet0
switchport access vlan 2
no ip address
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
interface Vlan1
description $ETH_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
interface Vlan2
description $FW_INSIDE$
ip address 10.3.1.250 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Vlan100
description $FW_INSIDE$
ip address 10.30.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname <user>
ppp chap password 0 <pw>
ppp pap sent-username <user> password 0 <pw>
ppp ipcp mask request
ppp ipcp route default
no cdp enable
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.30.1.4 80 interface Dialer0 80
ip access-list extended Server
remark CCP_ACL Category=2
permit tcp any eq www any eq www
dialer-list 1 protocol ip permit
mac-address-table aging-time 10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 1 permit 10.3.1.0 0.0.0.255
access-list 1 permit 10.30.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.3.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
scheduler allocate 60000 1000
end
Similar Messages
-
Does Solaris 10 support cisco Virtual Port Channels over IP?
Does anyone know if Solaris 10 support cisco Virtual Port Channels open IP?
Hi user11114413,
The issue you are seeing actually has little to do with VIP, and more to do with there being multiple IP addresses for us to choose from on your box. For such multi-IP boxes, you'll want to tell us the IP to use, and in your case you want to tell as a VIP. This can be done either by editing your operational configuration file, and including an <address> element within the <unicast-listener> element, or via the tangosol.coherence.localhost system property. For example:
<unicast-listener>
<well-known-addresses>
<socket-address id="1">
<address>1.2.3.260</address> <!--virtual ip -->
<port>8088</port>
</socket-address>
</well-known-addresses>
<address>1.2.3.260</address> <!--virtual ip -->
<port>8088</port>
</unicast-listener>or
java ... -Dtangosol.coherence.localhost=1.2.3.260If you are using the same operational configuration on all nodes in your cluster then the system property approach is likely preferable, and would only be necessary on the two machines sharing the VIP.
As for using VIP or an extended WKA list, the choice is yours, either will work. If you do go the VIP route, it would obviously be a very bad idea to simultaneously use the same VIP and port at the same time from the two machines.
thanks,
Mark
Oracle Coherence -
How to search/Scan Vlan of cisco switch ports
Can any one tell me how i can scan/search vlans of cisco switch port through any monitoring tool (orion/solarwinds).
Consider this scenario as i have no access to switch and i want to know below things:
1-Vlans created on switch?
2-which switch port belongs to which vlan id?
ThanksHi,
You can do it only with hub in between and also please note that when sniffing with Wireshark on Windows the OS would remove VLAN tag so you may need to use Linux machine.
Regards,
Aleksandra -
Cisco iron port feature activation code error how to resolve that?
cisco iron port feature activation code error how to resolve that?
I have fixed this problem successfully.
The problem was with the referral attribute of the cfldap tag.
After adding this (referral="yes") attribute to my code I am able to login into my website.
<cfldap action="QUERY" server="#application.LDAPServer#" port="#application.LDAPPort#" start="#application.LDAPBase#" name="search" attributes="alias, dn, uid, technicalCareerLevel, locationorgunit, givenName, sn" filter="#filter#" scope="SUBTREE" maxRows="2" referral="yes">
Any way thanks for your assistance!!!!! -
Find IP address/machine connected to a cisco switch port
hello,
I need to know which IP/device is connecetd to a cisco Switch port.
I can get the mac-address of that switch port using sh mac-add command, but with the mac address how can i find that which ip belongs to this mac.
is there way i can do this, i know i can do the other way meaning with IP i can find to which port its connected ,but dont know how to find this MAC to IP with switch without the need for additional toolsHey Anantha ,
Hop u r doing good,
If u dont know ip address of devices present on specific vlan and wanted to track end device ip address please try
follow this below
steps 1:ping it to brodcast ip address of subnet
for ex
R1--SW1--SW2--(H1
--H2
R1..1.1.1.1/24
H1..1.1.1.2/24
H2.1.1.1.3/24
So u r brodacast ip is 1.1.1.255
ping 1.1.1.255
Sending 1000, 100-byte ICMP Echos to 1.1.1.255, timeout is 2 seconds:
Reply to request 8 from 1.1.1.2, 28 ms
Reply to request 9 from 1.1.1.3, 64 ms
u will get reply from all host present on that segment and ur arp table will get flood with ip and respective mac on
your L3 device...(R1 in this example)
Step2: then u can use command
sh ip arp ..to see ip and respective mac associate with it
R1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 1.1.1.1 - c000.2498.0000 ARPA Vlan2
Internet 1.1.1.2 0 c003.2498.0000 ARPA Vlan2
Step3: see the mac learned from specific port
R1#sh mac address c003.2498.0000
Destination Address Address Type VLAN Destination Port
c003.2498.0000 Dynamic 2 FastEthernet1/1
Step4:If u have all cisco devices then u can use CDP
to check wht device connect to ur interface
R1#sh cdp ne fa1/1 detail
Device ID: SW1.lab.local
Follow this way, hop u will trace devices present on ur network
Hop this informative,
Regards,
Ashish shirkar -
Cisco 4-Port ISDN-BRI Network Module
Cisco 4-Port ISDN-BRI Network Module
what does the BRI mean?
I have this module in a 2600 series router. Can it be used for basic LAN connection (like a hub)?First, to answer your question: No, you cannot.
ISDN is a Telco technology and protocol suite.
"BRI" stands for "Basic Rate Interface," also described as "2B+D" for two Bearer channels and a "D" channel, which is used for control signaling in some configurations, and additional bandwidth in others.
Max throughput is either 128K (2 X 56K or 64Kbps per channel) or 144Kbps (2B+16K that may be available in the D channel depending on your config.
ISDN requires an intermediate telco-style switch between the clients and can't be used back-to-back directly.
Good Luck
Scott -
Airport Extreme dropping connection with a Cisco 5 port Giga switch
I've connected a Cisco 5 port Giga switch SG100D-05 to one of the LAN ports of the Airport Extreme and for some reason the connection is being dropped or it fails to connect. Any idea of why this is happening and how can it be fixed?
If you have not already done so, you might want to do some basic troubleshooting to try to isolate the cause of the issue.
To do that, temporarily disconnect the switch and power it off. Connect a computer with an Ethernet port on it to the LAN port on AirPort Extreme and turn off the wireless on the computer.
Test to see you can get a good Internet connection this way.
If you can, then you know that the LAN port on the AirPort Extreme is functioning correctly and your troubleshooting efforts will need to focus on testing each port on the Cisco switch.
If you cannot get a good connection with the computer connected directly to the AirPort Extreme, try another Ethernet cable that you know is working to eliminate the possibility of a bad Ethernet cable, which is the culprit more often than you might think.
Please post back on the results of your testing. -
2 Cisco Iron Port (Cisco C370) Email appliances Solution Required
Hi All,
I NEED THE
technical proposal based on below requirements:
2 Cisco Iron Port (Cisco C370) Email appliances with below options for 3000 users licenses:
1) Anti-spam
2) Anti-virus
3) Content Filtering
4) DLP
5) Encryption (Optional)Any technical proposals will need to be provided from your Sales Ops/Account team - or reseller. I would suggest opening a dialouge with them, in order to get the answer you are looking for. It will not come from the support forums.
http://www.cisco.com/web/services/order-services/index.html
https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=4161&KeyCode=195185_1
http://www.cisco.com/en/US/products/ps10154/index.html
Hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
2 Cisco Iron Port (Cisco C370) Email appliances solution
i need
technical proposal based on below requirements:
2 Cisco Iron Port (Cisco C370) Email appliances with below options for 3000 users licenses:
1) Anti-spam
2) Anti-virus
3) Content Filtering
4) DLP
5) Encryption (Optional)Any technical proposals will need to be provided from your Sales Ops/Account team - or reseller. I would suggest opening a dialouge with them, in order to get the answer you are looking for. It will not come from the support forums.
http://www.cisco.com/web/services/order-services/index.html
https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=4161&KeyCode=195185_1
http://www.cisco.com/en/US/products/ps10154/index.html
Hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
HELP!! Cisco RV180 Port Forwarding
Someone please advise as to this is the first time I've tried to setup port forwarding using the Cisco RV180 Router. I have a Cisco RV180 Router, a Ruckus 7055 access point and a power distribution unit. I'd like to be able to access the router remotely and also the devices behind the router (the ruckus access point and the power distribution unit). I'm assuming that I'll need to assign the Cisco RV180 router a static IP address and I'm assuing that this static address should be assigned to the WAN port? I'd also like to configure port forwarding so that I can access the ruckus and the PDU remotely also. I've tried assigning a static IP address to the WAN port of the RV180 but I cannot ping this device remotely. Anyone have any advice on accessing the RV180 remotely? I've populated all of the correct fields for the WAN settings (ip, gateway, subnet, etc.) , and my static ip address is valid.Thank you in advance.
Hello sirflex,
As you have mentioned you need to configure a static nat for the devices which you have done when you configure a port forwarding.
Have you configured access rules under firewall>access Rules. Add the access rules for the ping and the Http and Https services.
Can you capture the packets at the WAN port while you are pinging the WAN port and the firmware version on the device.
Which mode are you running the device gateway or router. You can check it under Netwroking>Routing>Routing Mode.
Thanks,
Prithvi
Please mark answered and rate for helpful posts. -
Hello,
Cisco ISE user guide suggests that all 4 ports can be assigned IP addresses and that's that. No suggestions such as if the all ports should be on different VLANs or if the ports can be bundled, hence saving IP address space. I have read the book by ISE expert Aaron Woland and no suggestions either.
On a Standalone ISE, as soon as I configured Gi1 with a different IP subnet from Gi0, I lost GUI access. So my questions are as follows:
1. Can all 4 ports be bundled
2. If no bundling and all 4 ports are assigned IP addresses, can they be on different IP subnets, whether Standalone or Distributed personas. For example a PSN with 4 ports. Gi0 - 10.0.10.x, Gi1 - 172.16.5.x, Gi2 - 172.16.8.x, Gi - 10.2.5.x
ThanksThe ISE log detailed steps are as follows:
Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
11507 Extracted EAP-Response/Identity
12300 Prepared EAP-Request proposing PEAP with challenge
12625 Valid EAP-Key-Name attribute received
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12501 Extracted EAP-Response/NAK requesting to use EAP-TLS instead
12500 Prepared EAP-Request proposing EAP-TLS with challenge
12625 Valid EAP-Key-Name attribute received
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12502 Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
12800 Extracted first TLS record; TLS handshake started
12805 Extracted TLS ClientHello message
12806 Prepared TLS ServerHello message
12807 Prepared TLS Certificate message
12809 Prepared TLS CertificateRequest message
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
5411 No response received during 120 seconds on last EAP message sent to the client -
Hi,
I have a VIC3-2FXS/DID in Switerzland and my customer has asked for it to be connected to a fax machine through Strucuted cabling and they would like to know what type of cables they required.
They want RJ11 (FXS Port) to RJ45 (Patch Panel) then RJ45 (Patch Panel) to RJ11(Fax Machine).
Could someone explain the pins out of the cables, as it is going to be two RJ11 to RJ45 cables do they need to rollover?
Thanks for any help.All cabling on Cisco voice cards is straight through from the port to the device. RJ11 has 2 pins, for tip and ring. That's blue and white/blue. RJ45 has 8 pins, but if you want to stick with the 568B wiring standard on the RJ45 jacks,you would use this.
Blue: RJ11(pin1)----RJ45(pin 4)--------(pin4)RJ45-----(pin 1)RJ11
White/Blue: RJ11(pin2)----RJ45(pin 5)--------(pin 5)RJ45-----(pin 2)RJ11
If you actually have RJ14 jacks (4 pins), its pins 2 and 3 (the middle pins) which are used. If it is RJ25, it's still the middle pins, which would be 3 and 4. -
Cisco RV042 port forwording case?
Hello,
Here is my situation. I have two real IP addresses on each of my WAN ports. I need to configure:
port forwarding (80,443,3389) from Real_IP1 (configured on WAN1) to 192.168.116.10 (same ports)
port forwarding (80,443,3389) from Real_IP2 (configured on WAN2) to 192.168.117.10 (same ports)
Router is confugured in System Management > Dual WAN as Load balancing.
192.168.116.0 is in vlan1 (port1)
192.168.117.0 is in vlan2 (port2)
Is it possible to make it working using Cisco RV042?
Thanks in advance!Plamen,
Try to create an Access Rule like shown in the following example. On the second rule, select WAN 2 and use the other internal IP. I have never tested this but it looks like it might be a solution. (This is an older RV042)
Please let us know if this works or not.
- Marty -
Cisco E900 ports 1990/tcp and 5916/tcp open on the LAN. Cannot close them.
Hello,
I just bought a Cisco Linksys E900 wireless router. Can someone explain to me why the router (192.168.1.1 on my case) has ports 1990/tcp and 5916/tcp open on the LAN?? I cannot find a way to close those ports.
Just do a simple:
telnet 192.168.1.1 1990
or
telnet 192.168.1.1 5916
and you'll see those ports are open.
1990/tcp = Cisco STUN Priority 1 port
5916/tcp = I have no idea
Every client on the LAN (wired and wireless) can connect to those ports on the router. I do not want that to happen. It is unncessary and it is just not secure. I only want the router to have port 443 open on the LAN for the web mgmt interface. I do not want any other unncessary port open.
It would be great to have a response from Cisco directly.
Thank you for your time.JohnT66 wrote:
Thank you for your response.
The router is already updated to the latest firmware (1.0.04 Build 1).
I had to do the update as soon as I opened the box because the default firmware had an incredible serious bug: after setting up the web management interface on the LAN to work over SSL, it was impossible to access the interface because of an SSL bug in the router. The bug is in the release notes of the firmware... that alone says a lot about the very very poor quality of this router.. you can't have that kind of bug in a finished product....
I was able to close port 1990/tcp by disabling WPS in the router, although doing so was pure luck since the router's UI is terrible..
5916/tcp is still open.. since I was able to close 1990/tcp I don't think this is a defective router.. I cannot return a router to the store just because it leaves a port open, the store, sadly, will not take it back... so please Cisco, can you help with this? this product is faulty, it doesn't work as expected, it's your responsability.. please help
Reset the router manually then reconfigure the settings. -
RV016 Wired 16 Port Cisco Router Port Forwarding Functions
Thank you for your time. I have created and attached a Word Document discussing the Cisco Model RV016 16 port wired Router port forwarding functions for your review. I would appreciate your time in reviewing it with your comments and suggestions.
Thank you very much,
Eddie LeFiles
850-471-1271Thank you for your time. I have created and attached a Word Document discussing the Cisco Model RV016 16 port wired Router port forwarding functions for your review. I would appreciate your time in reviewing it with your comments and suggestions.
Thank you very much,
Eddie LeFiles
850-471-1271
Maybe you are looking for
-
My MacBook Pro turns to black screen randomly
I bought a new MacBook Pro in April 2013 after my old one died after 7 years. I was super excited. I bought the 15 inch retina display (early 2013) with 2.7 GHz Intel Core i7 and 16GB 1600 MHz DDR3. I am having many issues with my laptop. I was h
-
BEx Cell Report - Performance Issue
All, We have a BEx Report in which I have used cell formulas extensively. My BW ver 3.0B and parch 31. From last f32 weeks this report is working only for maximum of 9 materials. Tthe report output comes very fast. The momemnt I give 10th material or
-
How do you delete pictures from photo stream on a iPad
How do you delete a photo from photo stream
-
How do I view more than one image at the same time in CS6?
How do I view more than one image at the same time in CS6?
-
How to input text in the SAP ERP intial screen.
Hello. How to input text when I load the SAP ERP system. before log in. (this screen show me only the ID and password input fields) I saw the initial screen inclued some user-customized text. I can not find any information about initial scrren, as be