Help port forwarding my WRT54GS

When I go to 192.168.1.1, Internet Explorer alerts me that the page has an error, I look down to see most of the text and images missing on the page. Once I finally get to the port forward section, there were no "apply" or "accept" buttons. If anyone could tell me how to fix this I would be greatly appreciative. ~~Thanks, ~~Brendon

Download and run the tftp.exe utility from the linksys ftp site.
Richard Aichner (Ikester)

Similar Messages

Help Port Forwarding

I have an VersaLink Model 7500 and i need help port forwarding so i can play on Xbox Live i need to have an Open NAT and port forward could some one assit me?
Message Edited by Canquain on 08-20-2009 10:24 AM

#1 Check the IP Address, Subnet Mask, Default Gateway and DNS Servers on your computer.
As how to do, for example if on Windows XP...
a) Go to Start -> Run.
b) Type in
cmd
and press enter.
c) In the new window, called the command prompt, type in
ipconfig /all
and press enter.
#2 With your web browser go to the default gateway, and log-in as need be.
#3 Show the first screen that you see, in your router.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

Can not port forward on WRT54GS v6 "You cannot use the router IP"

Hello, I'm trying to open a port number, but when I try to use my router's IP, the following message appears
"You cannot use the router IP, network, or broadband address"
[IMG]http://i45.tinypic.com/107qond.jpg[/IMG]
My ADSL was working as a NAT behind a NAT connection, so I had to change my Local IP Address to 192.168.2.1.
Router: WRT54GS v6 firmware 1.52.8 (latest) - Bellsouth router: Westell 6100
Microsoft Windows [Version 6.1.7600]
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix . : launchmodem.com
   Link-local IPv6 Address . . . . . : fe80::40a9:a76e:61b3:6435%11
   IPv4 Address. . . . . . . . . . . : 192.168.2.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
So, please help me, how can I open ports on my router? =[
PS: I tried to use 192.168.2.100, and even though it lets me use it, it still seems not to open that port... my IP is dynamic.

Generally: NAT behind NAT is a bad idea. There is usually no need for double NAT. Either configure the ADSL router as bridge and use the WRT for your internet connection or set up the WRT as simple access point behind the ADSL router.
It's also unclear to me what is working or not. First I thought you can't set up forwarding at all because you get that error message. Then, in your PS you write you tried to use 192.168.2.100 and that seemed to be possible. The IP address to forward to must be the IP address of the computer to which you want to forward. Thus 192.168.2.100 is exactly the IP address you have to set up. Does this work or not?
Also remember: with double NAT you must set up two forwardings: first on the ADSL router then on the WRT. Port forwarding is necessary to allow incoming traffic through NAT. All incoming traffic arrives on the ADSL router. Thus setting up port forwarding on the WRT only won't do a thing.
It's also not recommend to use dynamic IPs for forwarding destinations. Dynamic IP addresses may change over time and that requires you to adjust forwardings accordingly. It's better to reserve fixed IP addresses (if your WRT supports this) or set a static IP address on the computer outside the DHCP address pool.

Help: Port forward in Cisco SOHO 97

Hi there!
I have a Cisco SOHO 97.
The IP is: 10.0.0.1/24
Gw: 0.0.0.0
*Default route via DIALER1
I also have a RV042 configured as VPN Server (PPTP and IPSec).
The IP is: 10.0.0.2/24
I need help to configure the router to I be able to connect to VPN server from OUTSIDE-WORLD.
I imagine I need Port forwarding from Cisco SOHO to RV042.
I hope for possibles answers!
Thanks!

Sorry i found the issue.
The problem was that, i wanted to redirect port 443 (https) to an private address.
But by default port 443 is reserved to access ASA via https for management.
I just reserved another port 888 for https management access and now i can redirect port 443 normaly as i wanted.
Using this command: http server enable 888
Germain

Help Port Forwarding My playstation 3!

My Router: WRT54GS
Well, I have already finished opening all the ports on the routers main page, but I have absolutely no idea what to do next!
I opened or forwarded like 8 Ports, so it would be much more compatible with my PS3 and online gaming, but I don't know what to do next! I made a static IP, but I've been hearing that you need to assign a static IP to the PS3. How exactly do I do that? What IP address should I assign my PS3?

Don't use the IP Address assigned to the computer, instead use a different(unique) IP Address(like 192.168.1.60) for your Play Station...While Port Forwarding on your router you should make sure to open the Ports for the static ip address used on your Play Station...

Need help port forwarding on A1264 Airport Express

Hey, I am having some trouble forwarding a port.
I have followed guides online,
My OS is Windows 7
1) I created a static ip for my computer 10.0.1.151
2) Went into Airport Utility, Under Internet > DHCP tab I clicked "+", used my computers mac address, and used 10.0.1.151 for the IPv4 feild.
3) Went to Advanced > Port Mapping, clicked "+" typed in the TCP port i want forwarded, and typed 10.0.1.151 in for private IP feild.
Everytime I test to see if the port is open using this site:
http://www.yougetsignal.com/tools/open-ports/
It says the port is closed.
Is there something I'm doing wrong?
Any Help is apprecieted
Thanks

I assigned a static ip to my ps3 and set these ports up and my NAT type is open.

Help ( Port ForWarding ) SOLVED

Hello Well i need help tryin to open a port on my router so i can host a Game Server From my pc i could do it by my self but i dont know my verizon router panel info i think some one has changed my password or something Pls help me
Message Edited by MH1957 on 07-28-2009 03:22 PM
Message Edited by MH1957 on 07-28-2009 03:58 PM
Solved!
Go to Solution.

the default login to the router is usually either admin / password or admin / password1
If neither of these work, just press the reset button on the back for about 10 seconds and then when the router boots back up it will default back to admin / password
Oh, BTW, Just in case, the IP to log into the router is 192.168.1.1 just in case you didnt already have that
Message Edited by spacedebris on 07-28-2009 03:51 PM
====================================================================================
Error exists between keyboard and chair.

WRT54GS utorrent port forwarding (HELP PLEASE)

Hey everyone, I bought my WRT54GS router yesterday and cant forward utorrent ports. I have a static IP set up and am trying to use port 32069. I am sure all of my settings are correct in the port forwarding section, nad have tried checking/unchecking "enable". I think i've tried everything so far and it still wont work. If anyone can help me with this, it'd be greatly appriciated.
Message Edited by SinInSpira on 06-28-2007 09:28 PM

if the ports are not getting forwarded , try upgrading / reflashing the router's firmware ..

Help with port forwarding for the WRT54G

I need assistance please!
I am having issues trying to setup port forwarding for a ftp. I already have set this up for a SQL Server port and it works remotely. When I setup another rule for ftp using port range 20-21 it does not work.
I have confirmed that I have saved my settings, have the correct IP address, etc. I have firmware version 4.21.1 and not sure how to troubleshoot this. Any help would be great.
Thanks,
John

Yes you do need to have the port already forwarded for port 20~21 with both TCP/IP and UDP enabled unless you know for sure your ftp only uses just one of them. That is why I asked what port your SGL was set to. Follow the link that other guy posted and open port 20 and 21 (I only use 21 with no problems) and make sure it is directed to the IP of the ftp host. Also that PC needs to have the FTP enabled in windows. To do that go to your control panel > add/remove software > and on the left side go to add/remove windows components. Then check the box for the ftp and add it. It should ask for your windows CD do have it handy when you add the ftp component to your PC.
Richard Aichner (Ikester)

Setting up router for port forwarding - WRT54G

Hi all. I'm trying to set up my WRT54G wireless router so.i can port forward the relevant ports for my programs. I understand that you have to set up a static ip address before you can do a port forward which makes sense as you do not want to keep changing the ip address for the forwarding settings every time your network refreshes. But I cant seem to have it set up. And is there a rule that the static ip that you set should not be within the dhcp range?
After setting up the static ip and setting up the port forward settings how do I test if the port is being forwarded correctly?
Please assist! Thanks!

IIt;s usually to set the static IP outside the DHCP range like you said. You can use the router's DHCP reservation feature to set a "static IP", and as for your last question, you can find different methods on how to do that by searching the web.
I don't work for Cisco. I'm just here to help.

RTSP steaming Port Forward (?) problems with 4 (four) WVC54GCA cameras on WRT54G v2 router.

I am having difficulties correctly setting up my four (4) WVC54GCA cameras on a WRT54G v2 router to make them stream RTSP videos that I can view on my BlackBerry Bold. I can access the cameras from the internet, through
http://CAM1_SubDomain.Linksys-Cam.com/1024
http://CAM2_SubDomain.Linksys-Cam.com/1025
http://CAM3_SubDomain.Linksys-Cam.com/1026
http://CAM4_SubDomain.Linksys-Cam.com/1027
so that part works fine.
All the 4 cameras are set up with static IP addresses.
The default RTSP port 554 and RTP Data port at 5000 are forwarded to CAM1 IP address. I can access CAM1 RTSP feed on my Blackberry Bold (and also on a good old Samsung SGH-A706 cell phone).
CAM 1 Settings:
STATIC IP: 192.168.1.201
Alternate HTTP Port: 1024 à Forwarded to 192.168.1.201
RTSP Port: 554 à Forwarded to 192.168.1.201
RTSP Data Port: 5000 à Forwarded to 192.168.1.201
RTSP access on cell phone WORKS only with the following format: rtsp://CAM1_SubDomain.Linksys-Cam.com/1111, where 1111 is the access code.
CAM 2 Settings:
STATIC IP: 192.168.1.202
Alternate HTTP Port: 1025 à Forwarded to 192.168.1.202
RTSP Port: 1029 à Forwarded to 192.168.1.202
RTSP Data Port: NOT SURE IF I NEED TO FORWARD ONE, HELP PLEASE
Despite I have a dedicated subdomain for each camera from TZO, the following link DOESN’T WORK
rtsp://CAM2_SubDomain.Linksys-Cam.com/1111, where 1111 is the access code.
Actually, when I enter the above link, the cellphone brings in the feed from CAM1, I guess due to the identical access code with CAM2. Once I change the access code for CAM2, it doesn’t’t show any feed.
CAM 3 Settings:
STATIC IP: 192.168.1.203
Alternate HTTP Port: 1026 à Forwarded to 192.168.1.203
RTSP Port: 1030 à Forwarded to 192.168.1.203
RTSP Data Port: NOT SURE IF I NEED TO FORWARD ONE HELP PLESE
Despite I have a dedicated subdomain for each camera from TZO, the following link DOESN’T WORK
rtsp://CAM3_SubDomain.Linksys-Cam.com/1111, where 1111 is the access code. This feed also brings in CAM1.
CAM 4 Settings:
STATIC IP: 192.168.1.204
Alternate HTTP Port: 1027 à Forwarded to 192.168.1.204
RTSP Port: 1031 à Forwarded to 192.168.1.203
RTSP Data Port: NOT SURE IF I NEED TO FORWARD ONE HELP PLEASE
Despite I have a dedicated subdomain for each camera from TZO, the following link DOESN’T WORK
rtsp://CAM4_SubDomain.Linksys-Cam.com/1111, where 1111 is the access code. This feed also brings in CAM1
DMZ could probably fix the problem for a second camera, but not for all four CAMs
OS: XP SP2
Question 1: Any idea how can I get all the four cameras RTSP feed on my cell/BlackBerry?
Question 2: I am running out of Port Range forwards. Should I add more port forwards, I have only one more shot. Any workaround?
Each and every help idea is greatly appreciated!

I have six of these cams and used the tutorial and review at http://www.Myhomserver.com for help. First thing, set ALL the RTSP access codes the SAME, so all you need to do is increment the port for each cam
Cam 1 - 192.168.1.200 - set at port 80 TCP - RTSP port default at 554, forward port 5000 UDP/TCP and the RTSP access code 12345
Cam 2 - 192.168.1.201 - set at port 1024 TCP - RTSP port at 1029, forward port 5001 UDP/TCP and the RTSP access code 12345
Cam 3 - 192.168.1.202 - set at port 1025 TCP - RTSP port at 1030, forward port 5002 UDP/TCP and the RTSP access code 12345
Cam 4 - 192.168.1.203 - set at port 1026 TCP - RTSP port at 1031, forward port 5003 UDP/TCP and the RTSP access code 12345
Cam 5 - 192.168.1.204 - set at port 1027 TCP - RTSP port at 1032, forward port 5004 UDP/TCP and the RTSP access code 12345
Cam 6 - 192.168.1.205 - set at port 1028 TCP - RTSP port at 1033, forward port 5005 UDP/TCP and the RTSP access code 12345
This worked for me using the above settings....take your time, plan out the ports, all RTSP ports must be different on each cam
Accessing CAMS can be done via your cell phone below:
Camera 1---> RTSP://<your TZO camera domain>:554/12345
Camera 2---> RTSP://<your TZO camera domain>:1029/12345
Camera 3---> RTSP://<your TZO camera domain>:1030/12345
Camera 4---> RTSP://<your TZO camera domain>:1031/12345
Camera 5---> RTSP://<your TZO camera domain>:1032/12345
Camera 6---> RTSP://<your TZO camera domain>:1033/12345
http://www.MyHomeServer.com
Linksys IP camera reviews, Tutorials and How-To's on Web & Mobile Streaming

WRT54G v6 Port Forwarding Fails

Replaced a dead WRT54G v1.1 witrh a much newer unused v6, and it works fine, except the same settings for port forwarding, for smtp, port 2525, for pop3, port 995, to my mailserver at static address 192.168.1.104, do not seem to work.
That is, no mail. Outlook says it can see the mailserver, but no response.
A lot of new settings on the v6, not sure what they all are. Like Port Triggering for a forwarded range. ???
Are there some other settings that need changing, too? Help!

The only change you need to do is the static IP Address...It should be 192.168.1.20(it should be out of the range of the router's DHCP)...

Port forwarding not working on WRT54G v5 Firmware Version: v1.02.2

Hi
Yesterday i updated firmware on my WRT54G v5 from v1.00.1 to v1.02.2 and now port forwarding does not work.
I have 2 PCs connected to my router. Both PCs have static ip (192.168.1.103 & 192.168.1.105). DHCP server in the router is ofcourse disabled.
For some reason i can not get port forwarding it to work. The weird thing is that
ALL requests are now forwarded to 105 regardless how i configure.
* I have set up different port forwarding rules that points to my 103 PC.
* I have put the 103 PC in DMZ.
* I have disabled DMZ and removed all port forward rules.
Still ALL requests are forwarded to 105??
What i am doing wrong? Why does it default send everything to 105?
Note that I had no problems with port forwarding before the upgrade.
Everything was working fine.
I upgraded because i wanted a fix for "DynDNS abusive updates".
I have seearched the forum for tips and tried setting MTU size to 1396 and shutting down my entire network and then restart everything. Also tried to uncheck "Block Anonymous Internet Requests" but still same behaviour.
I really need help!!
Thanks
D_M

well it is weird...anyways try resetting the router back to factory default settings and reconfigure it...check whether it works for you or not.

HELP!! asa 5505 8.4(5) problem with port forwarding-smtp

Hi I am having a big problem with port forwarding on my asa. I am trying to forward smtp through the asa to my mail server.
my mail server ip is 10.0.0.2 and my outside interface is 80.80.80.80 , the ASA is setup with pppoe (I get internet access no problem and that seems fine)
When I run a trace i get "(ACL-Drop) - flow is deied by configured rule"
below is my config file , any help would be appreciated
Result of the command: "show running-config"
: Saved
ASA Version 8.4(5)
hostname ciscoasa
domain-name domain.local
enable password mXa5sNUu4rCZ.t5y encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ISPDsl
ip address 80.80.80.80 255.255.255.255 pppoe setroute
ftp mode passive
dns server-group DefaultDNS
domain-name domain.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Server_SMTP
host 10.0.0.2
access-list outside_access_in extended permit tcp any object server_SMTP eq smtp
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (inside,outside) dynamic interface
object network server_SMTP
nat (inside,outside) static interface service tcp smtp smtp
nat (inside,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group ISP request dialout pppoe
vpdn group ISP localname [email protected]
vpdn group ISP ppp authentication chap
vpdn username [email protected] password *****
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c5570d7ddffd46c528a76e515e65f366
: end

Hi Jennifer
I have removed that nat line as suggested but still no joy.
here is my current config
Result of the command: "show running-config"
: Saved
ASA Version 8.4(5)
hostname ciscoasa
domain-name domain.local
enable password mXa5sNUu4rCZ.t5y encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ISP
ip address 80.80.80.80 255.255.255.255 pppoe setroute
ftp mode passive
dns server-group DefaultDNS
domain-name domain.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Server_Mail
host 10.0.0.2
access-list outside_access_in extended permit tcp any object Server_Mail eq smtp
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (inside,outside) dynamic interface
object network Server_Mail
nat (inside,outside) static interface service tcp smtp smtp
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group ISP request dialout pppoe
vpdn group ISP localname [email protected]
vpdn group ISP ppp authentication chap
vpdn username [email protected] password *****
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f3bd954d1f9499595aab4f9da8c15795
: end
also here is the packet trace
and my acl
Thanks

Please Help - Only Some Port Forwards Working

Hi all,
I have the most annoying issue with a Cisco 887VA-K9 port forwarding. Some port work while other don’t and I just can’t see why, however I suspect it is a zone based firewall (ZBF) issue.
Port forwards on the follow ports all work fine:
External port 8021 to 192.168.4.253 on port 80 works
External port 8022 to 192.168.4.253 on port 8022 works
All the rest don’t. I also have SIP phones sitting outside the LAN which are unable to register through the internet with the PBX unit which is in the DMZ network 192.168.4..0
Any help would be great appreciated as this sending me mad. Fully running config below.
Louise ;-)
Building configuration...
Current configuration : 36870 bytes
! Last configuration change at 12:49:03 Magadan Fri Nov 8 2013 by cpadmin
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname QQQ_ADSL_Gateway
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 64000
enable secret 4 gim.lMOdQK/21R4Wu.QJfOMAv3CIkRyN.hbSTG5xAxE
aaa new-model
aaa authentication login local_authen local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec local_author local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone Magadan 11 0
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3471381936
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3471381936
revocation-check none
rsakeypair TP-self-signed-3471381936
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-3471381936
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343731 33383139 3336301E 170D3132 30373132 31313332
34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34373133
38313933 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AB76 5F7EE03F 306F52A0 91E82E04 7A69528D 1839409C 55BCC55A 47F180A9
7B522E9B FBB96A32 715178FE B96B737E 788947A4 CF4791AA 15609E37 A3F66F07
AD1B8A34 A2877711 E33A613D 8E50AE40 A106DE9C B2B03B95 73392ADB 4BB51FAD
6F2D6F8D A90BA0B5 BD1A209C F54126A9 2E2FF5B7 85041B7E C72032C0 CECE7F79
51550203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 141713AB B7F927E5 50C242DF 9912C3B6 61D93313 80301D06
03551D0E 04160414 1713ABB7 F927E550 C242DF99 12C3B661 D9331380 300D0609
2A864886 F70D0101 05050003 81810099 8EBE5630 2E6734A8 4D2FD0A5 F09A98F8
9E49125F AECEF4BB E0DEBB3A 1A449E38 99B02114 7EC84845 B53C2F88 046B7290
AE44967A 8BE20F5E 9D4A1CFC E1F64FE8 59F51892 23B88B4E 3416808A 68E65660
644C7DA0 E3A7A525 14FE8E54 67C35F8E CF69EB40 34DFB13D EA302F66 102C822A
3D7107BA AA4E7273 1D43690E C4A5D4
                quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
ip dhcp excluded-address 192.168.0.230 192.168.0.255
ip dhcp excluded-address 192.168.0.1 192.168.0.200
ip dhcp pool QQQ_LAN
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
dns-server 192.168.0.6 202.1.161.36
netbios-name-server 192.168.0.6
domain-name QQQ.Local
lease 3
ip cef
no ip bootp server
ip domain name QQQ.Local
ip name-server 192.168.0.6
ip name-server 202.1.161.37
ip name-server 202.1.161.36
ip inspect log drop-pkt
no ipv6 cef
parameter-map type inspect global
log dropped-packets enable
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
password encryption aes
license udi pid CISCO887VA-K9 sn FGL162321CT
object-group service MAIL-PORTS
description QQQ User Mail Restrictions
tcp eq smtp
tcp eq pop3
tcp eq 995
tcp eq 993
udp lt rip
udp lt domain
tcp eq telnet
udp lt ntp
udp lt tftp
tcp eq ftp
tcp eq domain
tcp eq 5900
tcp eq ftp-data
tcp eq 3389
tcp eq 20410
object-group network Network1
description QQQ Management Network
192.168.1.0 255.255.255.0
192.168.4.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.7.0 255.255.255.0
192.168.8.0 255.255.255.0
range 192.168.0.200 192.168.0.254
range 192.168.0.1 192.168.0.25
object-group network Network2
description QQQ User Network
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.6.0 255.255.255.0
range 192.168.0.26 192.168.0.199
object-group network QQQ.Local
description QQQ_Domain
192.168.0.0 255.255.255.0
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.4.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.6.0 255.255.255.0
192.168.8.0 255.255.255.0
192.168.7.0 255.255.255.0
192.168.10.0 255.255.255.0
10.1.0.0 255.255.0.0
object-group network QQQ_Management_Group
description QQQ I.T. Devices With UnRestricted Access
range 192.168.0.200 192.168.0.254
range 192.168.0.1 192.168.0.25
192.168.1.0 255.255.255.0
192.168.8.0 255.255.255.0
192.168.7.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.4.0 255.255.255.0
10.1.0.0 255.255.0.0
192.168.10.0 255.255.255.0
10.8.0.0 255.255.255.0
192.168.9.0 255.255.255.0
192.168.100.0 255.255.255.0
192.168.20.0 255.255.255.0
192.168.21.0 255.255.255.0
192.168.22.0 255.255.255.0
192.168.23.0 255.255.255.0
object-group network QQQ_User_Group
description QQQ I.T. Devices WIth Restricted Access
range 192.168.0.26 192.168.0.199
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.6.0 255.255.255.0
object-group service WEB
description QQQ User Web Restrictions
tcp eq www
tcp eq 443
tcp eq 8080
tcp eq 1863
tcp eq 5190
username cpadmin privilege 15 password 7 1406031A2C172527
username QQQVPN privilege 15 secret 4 Hk2tP2GgJ1xXtJUqIZr4gmNSgw6q1E.rvzWiYnDAZHU
controller VDSL 0
ip tcp synwait-time 10
no ip ftp passive
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 118
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
match access-group 121
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
match access-group 120
class-map type inspect imap match-any ccp-app-imap
match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
match access-group 122
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 117
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect gnutella match-any ccp-app-gnutella
match file-transfer
class-map type inspect match-any SDM_HTTP
match access-group name SDM_HTTP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-all sdm-cls-http
match access-group name dmz-traffic
match protocol http
class-map type inspect match-any Telnet
match protocol telnet
class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
match service any
class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
match service any
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any ccp-app-aol-otherservices
match service any
class-map type inspect match-all ccp-protocol-pop3
match protocol pop3
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any FIREWALL_EXCEPTIONS_CLASS
match access-group name FIREWALL_EXCEPTIONS_ACL
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any SDM_EASY_VPN_CTCP_SERVER_PT
match access-group 102
match access-group 103
match access-group 104
match access-group 105
match access-group 106
match access-group 107
match access-group 108
match access-group 109
match access-group 110
match access-group 111
match access-group 112
match access-group 113
match access-group 114
match access-group 115
class-map type inspect match-any SIP
match protocol sip
class-map type inspect pop3 match-any ccp-app-pop3
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect sip match-any ccp-cls-sip-pv-2
match protocol-violation
class-map type inspect kazaa2 match-any ccp-app-kazaa2
match file-transfer
class-map type inspect match-all ccp-protocol-p2p
match class-map ccp-cls-protocol-p2p
class-map type inspect match-all ccp-cls-ccp-permit-1
match access-group name ETS1
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect msnmsgr match-any ccp-app-msn
match service text-chat
class-map type inspect ymsgr match-any ccp-app-yahoo
match service text-chat
class-map type inspect match-all ccp-cls-ccp-pol-outToIn-1
match access-group name ETS
class-map type inspect match-all ccp-protocol-im
match class-map ccp-cls-protocol-im
class-map type inspect match-all ccp-cls-ccp-pol-outToIn-2
match class-map Telnet
match access-group name Telnet
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect http match-any ccp-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect match-any ccp-dmz-protocols
match user-group qqq
match protocol icmp
match protocol http
class-map type inspect edonkey match-any ccp-app-edonkey
match file-transfer
match text-chat
match search-file-name
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all sdm-cls-sip
match access-group name dmz-traffic
match protocol sip
class-map type inspect match-all ccp-dmz-traffic
match access-group name dmz-traffic
match class-map ccp-dmz-protocols
class-map type inspect http match-any ccp-http-blockparam
match request port-misuse im
match request port-misuse p2p
class-map type inspect edonkey match-any ccp-app-edonkeydownload
match file-transfer
class-map type inspect match-all ccp-protocol-imap
match protocol imap
class-map type inspect aol match-any ccp-app-aol
match service text-chat
class-map type inspect edonkey match-any ccp-app-edonkeychat
match search-file-name
match text-chat
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-1
match class-map SIP
match access-group name SIP
class-map type inspect fasttrack match-any ccp-app-fasttrack
match file-transfer
class-map type inspect http match-any ccp-http-allowparam
match request port-misuse tunneling
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect p2p ccp-action-app-p2p
class type inspect edonkey ccp-app-edonkeychat
log
allow
class type inspect edonkey ccp-app-edonkeydownload
log
allow
class type inspect fasttrack ccp-app-fasttrack
log
allow
class type inspect gnutella ccp-app-gnutella
log
allow
class type inspect kazaa2 ccp-app-kazaa2
log
allow
policy-map type inspect PF_OUT_TO_IN
class type inspect FIREWALL_EXCEPTIONS_CLASS
pass
policy-map type inspect PF_IN_TO_OUT
class type inspect FIREWALL_EXCEPTIONS_CLASS
pass
policy-map type inspect im ccp-action-app-im
class type inspect aol ccp-app-aol
log
allow
class type inspect msnmsgr ccp-app-msn
log
allow
class type inspect ymsgr ccp-app-yahoo
log
allow
class type inspect aol ccp-app-aol-otherservices
log
reset
class type inspect msnmsgr ccp-app-msn-otherservices
log
reset
class type inspect ymsgr ccp-app-yahoo-otherservices
log
reset
policy-map type inspect http ccp-action-app-http
class type inspect http ccp-http-blockparam
log
reset
class type inspect http ccp-app-httpmethods
log
reset
class type inspect http ccp-http-allowparam
log
allow
policy-map type inspect imap ccp-action-imap
class type inspect imap ccp-app-imap
log
policy-map type inspect pop3 ccp-action-pop3
class type inspect pop3 ccp-app-pop3
log
policy-map type inspect ccp-inspect
class type inspect ccp-protocol-http
inspect
service-policy http ccp-action-app-http
class type inspect ccp-protocol-imap
inspect
service-policy imap ccp-action-imap
class type inspect ccp-protocol-pop3
inspect
service-policy pop3 ccp-action-pop3
class type inspect ccp-protocol-p2p
inspect
service-policy p2p ccp-action-app-p2p
class type inspect ccp-protocol-im
inspect
service-policy im ccp-action-app-im
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class type inspect ccp-invalid-src
drop log
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_VPN_PT
pass
class type inspect ccp-cls-ccp-permit-1
pass
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class type inspect SDM_EASY_VPN_CTCP_SERVER_PT
inspect
class class-default
drop
policy-map type inspect sip ccp-app-sip-2
class type inspect sip ccp-cls-sip-pv-2
allow
policy-map type inspect ccp-permit-dmzservice
class type inspect ccp-cls-ccp-permit-dmzservice-1
pass
class type inspect ccp-dmz-traffic
inspect
class type inspect sdm-cls-http
inspect
service-policy http ccp-action-app-http
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
pass
class class-default
pass
policy-map type inspect ccp-pol-outToIn
class type inspect ccp-cls-ccp-pol-outToIn-1
pass
class type inspect ccp-cls-ccp-pol-outToIn-2
pass
class type inspect CCP_PPTP
pass
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
pass
class type inspect sdm-cls-VPNOutsideToInside-4
inspect
class class-default
drop log
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
pass
class type inspect sdm-cls-VPNOutsideToInside-4
inspect
class class-default
drop log
zone security dmz-zone
zone security in-zone
zone security out-zone
zone security ezvpn-zone
zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone
service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-zone-To-in-zone source out-zone destination in-zone
service-policy type inspect ccp-pol-outToIn
zone-pair security ccp-zp-in-dmz source in-zone destination dmz-zone
service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security dmz-to-in source dmz-zone destination in-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-ezvpn2 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-ezvpn1 source dmz-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in2 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination dmz-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in3 source ezvpn-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
crypto ctcp port 10000 1723 6299
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 2
encr aes 256
authentication pre-share
group 2
crypto isakmp key 6 PbKM_WfaCM[hYNXAFOUgCNgCB_ZdJEAAB address 220.245.109.219
crypto isakmp key 6 NddQRR[O^KY`GRDC[VZUEPE`CSJ^CDAAB address 0.0.0.0 0.0.0.0
crypto isakmp client configuration group QQQ
key 6 UWVBhb`Lgc_AZbDYWDFZiGZTTadNYTAAB
dns 192.168.0.6 202.1.161.36
wins 192.168.0.6
domain QQQ.Local
pool SDM_POOL_1
include-local-lan
max-users 20
max-logins 1
netmask 255.255.255.0
banner ^CCWelcome to QQQ VPN!!!!1                 ^C
crypto isakmp profile ciscocp-ike-profile-1
   match identity group QQQ
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address initiate
   client configuration address respond
   keepalive 10 retry 2
   virtual-template 1
crypto ipsec transform-set ESP_AES_SHA esp-aes 256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 43200
set transform-set ESP_AES_SHA
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to220.245.109.219
set peer 220.245.109.219
set transform-set ESP-3DES-SHA
match address 119
interface Loopback0
description QQQ_VPN
ip address 192.168.9.254 255.255.255.0
interface Null0
no ip unreachables
interface Ethernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no fair-queue
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description Telekom_ADSL
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
zone-member security out-zone
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
description QQQ_LAN-VLAN_1
switchport access vlan 1
no ip address
interface FastEthernet1
description QQQ_LAN-VLAN_1
no ip address
interface FastEthernet2
description QQQ_WAN-VLAN_2
switchport access vlan 2
no ip address
interface FastEthernet3
description QQQ_DMZ-IP_PBX-VLAN_3
switchport access vlan 3
no ip address
interface Virtual-Template1 type tunnel
description QQQ_Easy_VPN
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
description QQQ_LAN-VLAN1$FW_INSIDE$
ip address 192.168.0.254 255.255.255.0
ip access-group QQQ_ACL in
ip mask-reply
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
interface Vlan2
description QQQ_WAN-VLAN2$FW_INSIDE$
ip address 192.168.5.254 255.255.255.0
ip access-group QQQ_ACL in
ip mask-reply
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
interface Vlan3
description QQQ_IP-PBX_WAN-VLAN3
ip address 192.168.4.254 255.255.255.0
ip mask-reply
ip nat inside
ip virtual-reassembly in
zone-member security dmz-zone
interface Vlan4
description VLAN4 - 192.168.20.xxx (Spare)
ip address 192.168.20.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description ATM Dialer
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
no cdp enable
interface Dialer2
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxx0 password 7 xxxxxxxxxxxxxxxxxxxxx
no cdp enable
crypto map SDM_CMAP_1
router rip
version 2
redistribute static
passive-interface ATM0
passive-interface ATM0.1
passive-interface Dialer0
passive-interface Dialer2
passive-interface Ethernet0
passive-interface Loopback0
network 10.0.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.5.0
network 192.168.6.0
network 192.168.7.0
network 192.168.8.0
network 192.168.10.0
network 192.168.100.0
ip local pool SDM_POOL_1 192.168.5.100 192.168.5.200
ip forward-protocol nd
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip nat pool NAT_IP 192.168.0.210 192.168.0.235 netmask 255.255.255.0
ip nat inside source static tcp 192.168.4.253 5060 interface Dialer2 5060
ip nat inside source static tcp 192.168.0.240 20408 interface Dialer2 6208
ip nat inside source static tcp 192.168.0.240 20409 interface Dialer2 6209
ip nat inside source static tcp 192.168.0.240 20410 interface Dialer2 6200
ip nat inside source static tcp 192.168.1.240 20408 interface Dialer2 6218
ip nat inside source static tcp 192.168.1.240 20409 interface Dialer2 6219
ip nat inside source static tcp 192.168.1.240 20410 interface Dialer2 6210
ip nat inside source static tcp 192.168.7.240 20408 interface Dialer2 6278
ip nat inside source static tcp 192.168.7.240 20409 interface Dialer2 6279
ip nat inside source static tcp 192.168.7.240 20410 interface Dialer2 6270
ip nat inside source static tcp 192.168.8.240 20408 interface Dialer2 6288
ip nat inside source static tcp 192.168.8.240 20409 interface Dialer2 6289
ip nat inside source static tcp 192.168.8.240 20410 interface Dialer2 6280
ip nat inside source static tcp 192.168.0.6 1723 interface Dialer2 1723
ip nat inside source static tcp 192.168.0.6 3389 interface Dialer2 6389
ip nat inside source static tcp 192.168.0.24 3389 interface Dialer2 6390
ip nat inside source static tcp 192.168.4.253 8022 interface Dialer2 8022
ip nat inside source static tcp 192.168.4.253 80 interface Dialer2 8021
ip nat inside source static tcp 192.168.0.254 23 interface Dialer2 8023
ip nat inside source static tcp 192.168.0.6 443 interface Dialer2 443
ip nat inside source route-map SDM_RMAP_1 interface Dialer2 overload
ip default-network 192.168.0.0
ip default-network 192.168.4.0
ip route 0.0.0.0 0.0.0.0 Dialer2 permanent
ip route 10.1.0.0 255.255.0.0 Vlan2 permanent
ip route 10.8.0.0 255.255.255.0 Vlan2 permanent
ip route 192.168.0.0 255.255.255.0 Vlan1 permanent
ip route 192.168.4.0 255.255.255.0 Vlan3 permanent
ip route 192.168.5.0 255.255.255.0 Vlan2 permanent
ip route 192.168.100.0 255.255.255.0 Dialer2 permanent
ip access-list extended ACCESS_FROM_INSIDE
permit ip object-group QQQ_Management_Group any
permit tcp object-group QQQ_User_Group any eq smtp pop3
permit tcp object-group QQQ_User_Group any eq 993 995
permit tcp 192.168.0.0 0.0.0.255 any eq smtp pop3
permit tcp 192.168.0.0 0.0.0.255 any eq 993 995
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.7.0 0.0.0.255 any
permit ip 192.168.8.0 0.0.0.255 any
permit tcp 192.168.2.0 0.0.0.255 any eq www 443 8080 domain
permit tcp 192.168.2.0 0.0.0.255 any eq www 443 8080 domain time-range QQQ_Control
permit tcp 192.168.3.0 0.0.0.255 any eq www 443 8080 domain time-range QQQ_Control
permit tcp 192.168.4.0 0.0.0.255 any eq www 443 8080 domain time-range QQQ_Control
permit udp 192.168.2.0 0.0.0.255 any eq domain time-range QQQ_Control
permit udp 192.168.3.0 0.0.0.255 any eq domain time-range QQQ_Control
permit udp 192.168.4.0 0.0.0.255 any eq domain time-range QQQ_Control
ip access-list extended ETS
remark CCP_ACL Category=128
permit ip host 203.219.237.252 any
ip access-list extended ETS1
remark CCP_ACL Category=128
permit ip host 203.219.237.252 any
ip access-list extended FIREWALL_EXCEPTIONS_ACL
permit tcp any host 192.168.0.100 eq 25565
permit tcp any eq 25565 host 192.168.0.100
ip access-list extended QQQ_ACL
permit ip any host 192.168.4.253
permit udp any any eq bootps bootpc
permit ip any 192.168.4.0 0.0.0.255
permit ip host 203.219.237.252 any
remark QQQ Internet Control List
remark CCP_ACL Category=17
remark Auto generated by CCP for NTP (123) 203.12.160.2
permit udp host 203.12.160.2 eq ntp any eq ntp
remark AD Services
permit udp host 192.168.0.6 eq domain any
remark Unrestricted Access
permit ip object-group QQQ_Management_Group any
remark Restricted Users
permit object-group MAIL-PORTS object-group QQQ_User_Group any
permit ip 192.168.0.0 0.0.0.255 any time-range QQQ_Control
permit ip 192.168.2.0 0.0.0.255 any time-range QQQ_Control
permit ip 192.168.3.0 0.0.0.255 any time-range QQQ_Control
permit ip 192.168.6.0 0.0.0.255 any time-range QQQ_Control
remark ICMP Full Access
permit icmp object-group QQQ_User_Group any
permit tcp 192.168.2.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit tcp 192.168.3.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit tcp 192.168.6.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.6.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
permit tcp 192.168.0.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.0.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.2.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.3.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
ip access-list extended QQQ_NAT
remark CCP_ACL Category=18
remark IPSec Rule
deny   ip 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255
permit ip any any
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
ip access-list extended SDM_HTTP
remark CCP_ACL Category=0
permit tcp any any eq telnet
ip access-list extended SDM_HTTPS
remark CCP_ACL Category=0
permit tcp any any eq 443
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
ip access-list extended SIP
remark CCP_ACL Category=128
permit ip any 192.168.4.0 0.0.0.255
ip access-list extended Telnet
remark CCP_ACL Category=128
permit ip any any
ip access-list extended dmz-traffic
remark CCP_ACL Category=1
permit ip any 192.168.4.0 0.0.0.255
access-list 1 remark CCP_ACL Category=2
access-list 1 remark QQQ_DMZ
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 remark QQQ_LAN
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 3 remark QQQ Insid NAT
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.0.0 0.0.0.255
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 permit 192.168.2.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 3 permit 192.168.4.0 0.0.0.255
access-list 3 permit 192.168.5.0 0.0.0.255
access-list 3 permit 192.168.6.0 0.0.0.255
access-list 3 permit 192.168.7.0 0.0.0.255
access-list 3 permit 192.168.8.0 0.0.0.255
access-list 3 permit 192.168.9.0 0.0.0.255
access-list 3 permit 192.168.10.0 0.0.0.255
access-list 4 remark QQQ_NAT
access-list 4 remark CCP_ACL Category=2
access-list 4 permit 10.1.0.0 0.0.255.255
access-list 4 permit 10.8.0.0 0.0.0.255
access-list 4 permit 192.168.0.0 0.0.0.255
access-list 4 permit 192.168.1.0 0.0.0.255
access-list 4 permit 192.168.2.0 0.0.0.255
access-list 4 permit 192.168.3.0 0.0.0.255
access-list 4 permit 192.168.4.0 0.0.0.255
access-list 4 permit 192.168.5.0 0.0.0.255
access-list 4 permit 192.168.6.0 0.0.0.255
access-list 4 permit 192.168.7.0 0.0.0.255
access-list 4 permit 192.168.8.0 0.0.0.255
access-list 4 permit 192.168.9.0 0.0.0.255
access-list 4 permit 192.168.10.0 0.0.0.255
access-list 5 remark HTTP Access-class list
access-list 5 remark CCP_ACL Category=1
access-list 5 permit 192.168.4.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 5 deny   any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip host 255.255.255.255 any
access-list 101 remark QQQ_Extended_ACL
access-list 101 remark CCP_ACL Category=1
access-list 101 permit tcp any host 192.168.0.254 eq 10000
access-list 101 permit udp any host 192.168.0.254 eq non500-isakmp
access-list 101 permit udp any host 192.168.0.254 eq isakmp
access-list 101 permit esp any host 192.168.0.254
access-list 101 permit ahp any host 192.168.0.254
access-list 101 remark Auto generated by CCP for NTP (123) 203.12.160.2
access-list 101 permit udp host 203.12.160.2 eq ntp host 192.168.4.254 eq ntp
access-list 101 permit udp host 192.168.0.6 eq domain any
access-list 101 remark NTP (123) 203.12.160.2
access-list 101 permit udp host 203.12.160.2 eq ntp any eq ntp
access-list 101 remark QQQ_ANY_Any
access-list 101 permit ip object-group QQQ.Local any
access-list 101 remark QQQ_DMZ
access-list 101 permit ip any 192.168.4.0 0.0.0.255
access-list 101 remark QQQ_GRE
access-list 101 permit gre any any
access-list 101 remark QQQ_Ping
access-list 101 permit icmp any any
access-list 102 remark CCP_ACL Category=1
access-list 102 permit tcp any any eq 10000
access-list 103 permit tcp any 192.168.0.0 0.0.0.255 eq 443
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp any any eq 10000
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq 8022
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq telnet
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq www
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq 5060
access-list 103 permit tcp any eq telnet host 192.168.0.254
access-list 103 permit tcp any 192.168.0.0 0.0.0.255 eq telnet
access-list 103 permit udp any 192.168.4.0 0.0.0.255 eq 5060
access-list 103 permit udp any 192.168.4.0 0.0.0.255 range 10001 12000
access-list 104 remark CCP_ACL Category=1
access-list 104 permit tcp any any eq 10000
access-list 105 remark CCP_ACL Category=1
access-list 105 permit tcp any any eq 10000
access-list 106 remark CCP_ACL Category=1
access-list 106 permit tcp any any eq 10000
access-list 107 remark CCP_ACL Category=1
access-list 107 permit tcp any any eq 10000
access-list 108 remark CCP_ACL Category=1
access-list 108 permit tcp any any eq 10000
access-list 109 remark CCP_ACL Category=1
access-list 109 permit tcp any any eq 10000
access-list 110 remark CCP_ACL Category=1
access-list 110 permit tcp any any eq 10000
access-list 111 remark CCP_ACL Category=1
access-list 111 permit tcp any any eq 10000
access-list 112 remark CCP_ACL Category=1
access-list 112 permit tcp any any eq 10000
access-list 113 remark CCP_ACL Category=1
access-list 113 permit tcp any any eq 10000
access-list 114 remark CCP_ACL Category=1
access-list 114 permit tcp any any eq 10000
access-list 115 remark CCP_ACL Category=1
access-list 115 permit tcp any any eq 10000
access-list 116 remark CCP_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255
access-list 117 remark CCP_ACL Category=128
access-list 117 permit ip any any
access-list 117 permit ip host 220.245.109.219 any
access-list 118 remark CCP_ACL Category=0
access-list 118 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 119 remark CCP_ACL Category=4
access-list 119 remark IPSec Rule
access-list 119 permit ip 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255
access-list 120 remark CCP_ACL Category=0
access-list 120 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 121 remark CCP_ACL Category=0
access-list 121 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 remark CCP_ACL Category=0
access-list 122 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address QQQ_NAT
banner login ^CCWelcome to QQQ ADSL Gateway

It turns out the problem had nothing to do with wires or splitters. The Verizon tech was at my house yesterday and the ONT was failing. He replaced part of the ONT and it fixed the problem (finally!). At least I was able to watch the Celtics game last night.
I have a Tellabs ONT. Not sure the model but it's older like the ones in this thread.
http://www.dslreports.com/forum/r19982000-Mounting-board-for-612-ONT

Help port forwarding my WRT54GS

Similar Messages

Maybe you are looking for