Enable a cftv server to cisco router to publish the acess on public network
Hi,
i have a cftv server on the network, but i need to configure the router to publish thease conted on the internet.
how i can do that, i have a cisco 2921 witch sec ios.
The reason why you can't remote desktop is because you have configured the following static PAT statement that unfortunately take precedence over your NAT exemption:
ip nat inside source static tcp 10.10.1.2 3389 192.198.46.14 3389 extendable
Do you require RDP with the public IP? if you don't and only require RDP via VPN, then please take the static PAT statement out, and RDP via VPN will work.
Similar Messages
-
After Adobe server maintenance, I can't publish the folios.
Hi all,
After adobe sever maintenance, I can't publish the foils as attached error.
When will the server become normal again?
shimoawazuI does not appear to. All services have now recovered. We have verified that other users are able use their analytics at this time. Please try again.
Michelle -
Remote access VPN with Cisco Router - Can not get the Internal Lan .
Dear Sir ,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Below is the IP address of the device.
Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
IP address:10.10.10.1
Mask:255.255.255.0 F0/0
IP Address :20.20.20.1
Mask :255.255.255.0
F0/1
IP address :192.168.1.3
Mask:255.255.255.0
F0/0
IP address :20.20.20.2
Mask :255.255.255.0
F0/1
IP address :192.168.1.1
Mask:255.255.255.0
I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
Need your help to fix the problem.
Router R2 Configuration :!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip tcp synwait-time 5
interface FastEthernet0/0
ip address 20.20.20.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
end
Router R1 Configuration :
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login USERAUTH local
aaa authorization network NETAUTHORIZE local
aaa session-id common
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
username vpnuser password 0 strongpassword
ip tcp synwait-time 5
crypto keyring vpnclientskey
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group remotevpn
key cisco123
dns 192.168.1.2
wins 192.168.1.2
domain mycompany.com
pool vpnpool
acl VPN-ACL
crypto isakmp profile remoteclients
description remote access vpn clients
keyring vpnclientskey
match identity group remotevpn
client authentication list USERAUTH
isakmp authorization list NETAUTHORIZE
client configuration address respond
crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
crypto dynamic-map DYNMAP 10
set transform-set TRSET
set isakmp-profile remoteclients
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
interface FastEthernet0/0
ip address 20.20.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPNMAP
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpnpool 192.168.50.1 192.168.50.10
ip forward-protocol nd
ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
no ip http server
no ip http secure-server
ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
ip access-list extended NAT-ACL
deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended VPN-ACL
permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
endDear All,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Waiting for your responce .
--Milon -
Trouble connecting Cisco router with cable modem for Internet purposes
So I am requesting help from the Cisco community on this issue as the cable company states there equipment is working fine. At all my facilities I have a guest Internet service setup through a local Internet provide to provide Internet services to the residents and guests. I have the cable modem usually a Motorola SBG6580 or a SMC 8014 (both provided by cable company) connected to my router on a FE or GE interface. I am using static IPs and using the cable modem just as a modem (bridge mode). Over the past several months these connections have just stopped working. I have not made any drastic changes to my router configs; however, the cable company has updated the firmware on these modems. I am wondering if that could affected how the modem and router talk. I was told by the cable company that the modem sees the Cisco router but that the port is inactive. My router shows the port is active and traffic passing. Does anyone have any ideas that could point where the problem lies? I will post a basic config to one that currently does not work. I am using a VRF to route a certain group out, using NAT. Please let me know if I need to post additional info. Any help would be greatly appreciated.
Cisco CISCO2911/K9
Version 15.2(3)T1
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1204RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-3.T.bin
boot-end-marker
card type t1 0 0
logging buffered 64000
aaa new-model
aaa session-id common
clock timezone cst -6 0
clock summer-time CDT recurring
no ipv6 cef
no ip source-route
ip vrf 5
rd 5:1
ip multicast-routing
1
ip dhcp pool Guest
vrf 5
network 10.51.XXX.0 255.255.255.0
default-router 10.51.XXX.XXX
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
multilink bundle-name authenticated
application
global
service alternate default
license udi pid CISCO2911/K9 sn FTX1508AHTM
hw-module pvdm 0/0
redundancy
ip tcp synwait-time 10
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding 5
ip address 10.51.xx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/2
description Guest Intenet access
ip vrf forwarding 5
ip address 24.242.182.182 255.255.255.252 <--Cable company IP, Modem IP is 24.242.182.181
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 9 interface GigabitEthernet0/2 vrf 5 overload
ip route vrf 5 0.0.0.0 0.0.0.0 24.242.182.181
access-list 9 permit 10.51.204.0 0.0.0.255Ok, mysteriously this location just started working yesterday, but I still am dealing with seven others and I really would like to know what is going on. I will give you everything you may need and let me know.
Config:
version 15.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1112RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-1.T.bin
boot-end-marker
aaa new-model
aaa session-id common
clock timezone CDT -6 0
clock summer-time CDT recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
no ipv6 cef
no ip source-route
ip vrf GuestVRF
rd 5:1
ip multicast-routing
ip dhcp pool Guest
vrf GuestVRF
network 10.51.112.0 255.255.255.0
default-router 10.51.112.1
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
application
global
service alternate default
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding GuestVRF
ip address 10.51.112.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
description Guest Internet (Time Warner Connection)
ip vrf forwarding GuestVRF
ip address 97.77.116.234 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
ip nat inside source list 5 interface GigabitEthernet0/1 vrf GuestVRF overload
ip route vrf GuestVRF 0.0.0.0 0.0.0.0 97.77.116.233
access-list 5 permit 10.51.112.0 0.0.0.255
control-plane
end
router#sh ip arp vrf GuestVRF
router#Internet 97.77.116.233 2 f80b.bee7.e09f ARPA GigabitEthernet0/1
Protocol Address Age (min) Hardware Addr Type Interface
Internet 97.77.116.234 - 8843.e13c.8d99 ARPA GigabitEthernet0/1
router#ping vrf GuestVRF 97.77.116.233
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 97.77.116.233, timeout is 2 seconds:
Success rate is 0 percent (0/5)
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:10
Input queue: 76/75/15/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
81 packets input, 4860 bytes, 0 no buffer
Received 81 broadcasts (0 IP multicasts)
0 runts, 0 giants, 12 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
16 packets output, 1193 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:42
Input queue: 76/75/67/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 1000 bits/sec, 2 packets/sec
408 packets input, 24480 bytes, 0 no buffer
Received 408 broadcasts (0 IP multicasts)
0 runts, 0 giants, 61 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
72 packets output, 5669 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
I am receiving packets in and out of the interface but I cannot ping the modem through the VRF.
router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 97.77.116.234:3169 10.51.112.39:3169 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:8534 10.51.112.39:8534 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:12244 10.51.112.39:12244 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:14002 10.51.112.39:14002 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:23623 10.51.112.39:23623 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:24489 10.51.112.39:24489 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:24550 10.51.112.39:24550 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:27458 10.51.112.39:27458 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:28603 10.51.112.39:28603 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:37404 10.51.112.39:37404 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:53942 10.51.112.39:53942 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:58125 10.51.112.39:58125 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:64797 10.51.112.39:64797 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:62342 10.51.112.52:62342 209.18.47.62:53 209.18.47.62:53
tcp 97.77.116.234:36559 10.51.112.69:36559 199.167.177.46:1227 199.167.177.46:1227
tcp 97.77.116.234:48895 10.51.112.69:48895 54.195.253.126:5223 54.195.253.126:5223
tcp 97.77.116.234:58385 10.51.112.69:58385 54.195.243.137:5223 54.195.243.137:5223
Pro Inside global Inside local Outside local Outside global
tcp 97.77.116.234:58658 10.51.112.71:58658 31.13.66.165:443 31.13.66.165:443
udp 97.77.116.234:3066 10.51.112.72:3066 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:3884 10.51.112.72:3884 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:6656 10.51.112.72:6656 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:11194 10.51.112.72:11194 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:11774 10.51.112.72:11774 209.18.47.62:53 209.18.47.62:53
Let me know if you need anything else. I need to figure this out and I just don't get it because the other site wasn't working a few days ago and all of a sudden it is working again but others are still not. -
Does cisco router support "tcp reset" mesg when the traffic blocked by access lit ?
hi ,
im trying to know if i blocked a destination with an access list on cisco.
can i make "tcp-rest " to that connection instead on dropping it ??
i belive it supported on ASA appliance , but not sure if supported on cisco routers.
im trying to migrate from linux router to cisco router and apply the same config , one of the challenging task is , i have
"reject-with=tcp-reset"
im wondering if i can do it on cisco router
waiting ur responce
regardsOne of the things that keeps me engaged with these forums is that they challenge me and give me opportunities to learn new things. My initial reaction to your question about IPS on IOS router was to say that this is not supported. But I did some research and find that apparently IPS functionality is now supported on some (but not all) of Cisco IOS routers. See this link for additional detail:
http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/product_data_sheet0900aecd803137cf.html
HTH
Rick -
Cisco router 877M capability to use Unified Communications technology?
Hi all,
Can Cisco router 877M have the features or capability to use VOIP or Unified Communications technology?
Cheers,Hi Tai,
You may want to take a look at the 2800 series routers. There are bundles to support the number of users you currently have.
If you were to install a 2800 series at your headquarters your remote sites could VPN to headquarters and receive their phone service from headquarters.
Doing this will eliminate any toll charges for calls between the offices.
There is the need to maintain connections to the PSTN in case you lose your WAN connection you will maintain telephony services utilizing the PSTN.
At your remote sites you may want to consider the 880 series routers which have a provision for Survivable remote site telephony (SRST).
This feature allows the router at the remote site to maintain call management if the remote site loses the WAN connection to headquarters.
These calls would then be automatically routed through the PSTN until the WAN connection is restored.
The savings from eliminating charges for calls between your sites may justify the purchase of the new technology.
I would suggest you do a cost study to see how much you spend monthly on calls between the offices.
Hope this helps.
Mark -
Rebooting a 3g card on a cisco router
Is there a way to reboot only the 3G modem card on a cisco router without rebooting the router? We have a cisco 881G with a PCEX-3G-HSPA-A card and sometime our ISP ask us to reboot the modem. We use the 3G card has a backup connection. If we reboot the router, we will lose the communication with the head office. So this is why we would like to know if there is a way to connect on the 3G card and reboot only the modem.
Thanks for your help on this issue.I have found the correct procedure.
Router(config)#service internal
Router(config)#exit
Router#test cellular 0 modem-power-cycle
000048: *Feb 8 16:04:50.975: %CISCO800-2-MODEM_REMOVAL_DETECTED: Cellular0 modem is now REMOVED
000049: *Feb 8 16:04:50.975: %CISCO800-2-CELLULAR_INTERFACE_NOT_SHUTDOWN: WARNING: Cellular0 interface sh
ould be shutdown before removing modem. Reload Required to reset interface
000050: *Feb 8 16:04:50.975: %CELLWAN-2-MODEM_DOWN: Cellular0 modem is DOWN
000051: *Feb 8 16:04:55.523: %CISCO800-2-MODEM_INSERTED_DETECTED: Cellular0 modem is now INSERTED
Modem Power cycled successfully
Router# -
Configuring Cisco Router for use with Syslog Server
Configuring Cisco Router for use with Syslog Server:
Does anyone know of a good doc for this?
-AshleyStart with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
And if you need more informations, just ask what you want to achieve.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
I switched to a Cisco Router model EA6500, in now periodically receive a message on both of my email accounts "cannot get email" the connection to the server failed" it's happening on both by iPad and iPhone. I've talked to Cisco and they couldn't help
Start by working throudh the Troubleshooting iOS and WiFi knowledge base article and see if that helps the situation. When you get to shutting down the router, be sure to disconnect power as shutdown on some is really just standby mode.
-
Can Apple OSX server replace my Cisco router?
I run a small business. I have 5 computers (windows) & a network printer. I have a Cisco router routing internet access to all of these computers. The router is connected to a T-1. The T-1 is to the ISP.
What I want to do is use and apple computer with OSX server to route the internet to these computer. I also want to only allow certain websites to be accessed through the server. I may also set up a VPN. May also host a website.
Can I do all this with OSX server? How difficult is it?
Thanks
RaySo based on what you are telling me...
- "limited knowledge when it comes to servers and cisco routers...."
- "the cisco has been up and running for a looong time without any problems"
I would not recommend you change to OS X Server as your NAT router.
To fully manage NAT on OS X Server, you need to do command-line editing for port mapping. Even with experience, I would prefer to leave that function to the router.
I've had good luck with linksys when it comes to basic routing requirements. I'm not sure what trouble you had in the past, but for me they've been very stable and great bang for the buck.
If you would like to block specific sites, for < $100 this router will provide NAT and a pretty decent set of firewall features:
<a class="jive-link-external-small" href="http://">http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayo ut&packedargs=c%3DLProductC2%26cid%3D1130276636538&pagename=Linksys%2FCommon%2FVisitorWrapper
If that link doesn't work, it's model# BEFSX41
Jeff -
how to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server
Hi ,
Have you got any additional public IP Address from your service provider , If yes on router you can have static route for those additional IP Address pointing to your ASA outside interface .
Accordingly you can configure NAT
HTH
Sandy . -
SIP trunking between Microsoft OCS server and Cisco Voice GW router.
Hello All,
I have a client with an existing Microsoft OCS (office communications server) environment with the OCS server in their head office. The OCS clients in the remote Office registers with the OCS server in the head office. The WAN connectivity between the remote office and the Head office is MPLS.I would like to facilitate local call (PSTN) features at the remote site through a newly proposed Voice gateway router.
Can I achieve this by doing a SIP trunk between the OCS server in the head office to the newly proposed voice GW router in the remote office through the existing MPLS link. If yes, Could any one please assist me in this regards or suggest any other best solution to achieve the same.
Thank you in advance,
Mohammed Ameen RHi David,
this is a normal behaviour. To CUCM, OCS is a remote destination (just like your mobile phone). When your mobile phone hangs up, the system will put the call on hold for 10 sec.
This is there for the mobile user to go to his desk to pick up the call and continue the conversation (part of single number reach feature)
The best practise will be for the user to ensure that the other party hangs up the call first before he hang up.
Please grade if you think it's useful =) -
Cant ping behind cisco router (site2site vpn)
Dears;
After configure site to site vpn between cisco router and fortigate firewall,
site A : 10.0.0.0/24 behind fortigate
site B: 10.10.10.0/24 behind cisco router
the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
my cisco router configuration is
Current configuration : 2947 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
boot-start-marker
boot-end-marker
enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
no aaa new-model
memory-size iomem 10
clock timezone cairo 2 0
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool GUEST
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 8.8.4.4
ip cef
controller VDSL 0
ip ssh version 2
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key 6 *********** address 4.x.x.x no-xauth
crypto ipsec transform-set myset esp-aes esp-sha256-hmac
crypto map kon-map 10 ipsec-isakmp
set peer 4.x.x.x
set transform-set myset
set pfs group5
match address 105
interface Ethernet0
no ip address
no fair-queue
interface ATM0
no ip address
ip mtu 1452
ip tcp adjust-mss 1452
no atm ilmi-keepalive
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map kon-map
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
banner motd ^C^C
end
when ping from cisco router
konsuler#ping 10.0.0.27 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Success rate is 0 percent (0/5)
help pleaseThank you karsten
I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
-counters in
# sh crypto ipsec sa
increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
r#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer1
Uptime: 00:03:12
Session status: UP-ACTIVE
Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.x.x.x
Desc: (none)
IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
Capabilities:(none) connid:2001 lifetime:22:39:59
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407 -
Help with Remote access VPN on Cisco router 3925 via Dialer Interface
Hi Everybody,
I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link. I want config VPN Remote Access and using software Cisco VPN client. But it doesn't work.. Here my config router :
HUNRE#show running-config
Building configuration...
Current configuration : 5515 bytes
! No configuration change since last restart
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HUNRE
boot-start-marker
boot-end-marker
enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
enable password cisco
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-1050416327
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1050416327
revocation-check none
rsakeypair TP-self-signed-1050416327
crypto pki certificate chain TP-self-signed-1050416327
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
35A0B9FB FB76E976 3D2A19D7 006078
quit
ip name-server 210.245.1.253
ip name-server 210.245.1.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
vpdn-group 2
license udi pid C3900-SPE100/K9 sn FOC1823839B
license boot module c3900 technology-package securityk9
username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
redundancy
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group VPN-HUNRE
key hunre
dns 8.8.8.8
domain hunre
pool IP-VPN
acl 199
max-users 100
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
crypto dynamic-map DYNMAP 1
set transform-set encrypt-method-1
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
interface GigabitEthernet0/1
description FPT
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
description Connect to CMC
no ip address
ip mtu 1442
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp dns request
crypto map VPN
interface Dialer2
description Logical ADSL Interface 2
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1344
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp address accept
no cdp enable
ip local pool IP-VPN 10.252.252.2 10.252.252.245
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
ip nat inside source static 10.159.217.10 interface Dialer1
ip nat inside source list 199 interface Dialer1 overload
ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.159.217.0 255.255.255.0 192.168.1.8
ip sla auto discovery
ip sla responder
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
access-list 10 permit any
access-list 11 permit any
access-list 101 permit icmp any any
access-list 199 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
transport input all
line vty 5 15
password cisco
transport input all
scheduler allocate 20000 1000
ntp master
end
However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
Hopeful for your answers !
ThanksHi David Castro,
Thanks for your answer,
I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE and my router receive IP from ISP. Here show ip int brief :
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM up up
Dialer1 210.245.54.49 YES IPCP up up
Dialer2 101.99.7.73 YES IPCP up up
NVI0 192.168.1.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Virtual-Access3 unassigned YES unset up up
But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
Thanks very much ! -
How to setup Guest Network Name in Cisco Router
Hello everyone!
The first. Sorry my english =)
I want tald you how to change guest network name in cisco (what have different name)
What we need.
1. Cisco Connect for Mac OSX (i use snow leopard and Cisco Connect for E3000)
2. Terminal
Okay. Let's go.
1. Install Cisco Connect for OSX
2. After setup - slighty setup your cisco router (give something name and password), then, when cisco connect say you "You now connected the internet" and going to main screen - exit from cisco connect
3. Open Terminal (Or you can use Finder (go to Application, show package content Cisco Connect))
4. Go to /Application/Cisco Connect.app/Contents/Resources/lcid/<your setup language, for english - go 1033>/
5. Edit resource_strings.pus (vi resource_strings.pus)
6. Change "-guest" in string <LocalizableString RcFileId='10019' BaseTextHash='0xA65E286D' BaseText='-guest'/> for something what you want. For example, i changed for ' Guest Network'
7. Save
8. Open Cisco Setup
9. Go to router configuration and change desired name. I changed to 'Grizlly Bear'
10. After setup name - go to Guest Setting and Enable. As you can si, your guest network name set as 'Grizlly Bear Guest Network'
11.Exit Cisco Setup
12. Go to web interface setup
13. Setup Wifi manual and change SSID for diferent names. I change 5Gh to 'Grizlly Bear Hi-Speed Network' and 2.4GHz to 'Grizlly Bear Main Network'
14. Setup your hostname for all services (fileserver, media server, etc)
Woala!
We have three diferent names network!
Questions?In order to enable Guest networking, the AirPort Extreme must be configured as your "main" Internet router. In this configuration, Connection Sharing = Share a Public IP address. The Extreme would be connected directly to the Internet modem and NOT downstream of another router with NAT enabled.
In this configuration, the Guest network would provide access ONLY to the Internet and NOT to your LAN.
Maybe you are looking for
-
Not able to enable SSH user equivalency for RAC on RHEL 4
Hi All, I am trying to install oracle RAC 11g on RHEL4 (on VMware), I am using below document for reference. http://www.oracle-base.com/articles/11g/OracleDB11gR1RACInstallationOnOEL5UsingVMware.php Every thing went fine till "SSH user equivalency",
-
How can I download the boot camp drivers for windows 7 64-bits?
I have a macbook pro Retina (no disk tray) purchased in mids 2012. I have no internet access on my macbook since my wifi is a cablemodem one. And the whole problem is that I've recently installed a copy of windows 7 64bits using BOOT CAMP and I can't
-
How to reboot a ipad mini?
how to reboot an ipad mini?
-
Entering invoice for a blanket PO
Dear Experts, please I need your assistance, as I have created a blanket PO , In the invoice for the blanket PO I entered the amount and the tax, the balance was still showing red, could not calculate the tax as it was giving me 0.00, since the blan
-
I've read different solutions (that haven't worked as of yet) as well as it's impossible. Any one else trying to do this? and/or should i just switch to iPhone and iCal? Post relates to: Treo 755p (Verizon)