[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.0

Cisco 877 change SDM Secure access port

Asked by norgan in Network Routers

Tags: cisco, sdm, secure, port

Trying to change the outside secure SDM access port number to 4343 so i can run a https server behind the router.

config is pasted below in code section. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:
453:
454:
455:
456:
457:
458:
459:
460:
461:
462:
463:
464:
465:
466:
467:
468:
469:
470:
471:
472:
473:
474:
475:
476:
477:
478:
479:
480:
481:
482:
483:
484:
485:
486:
487:
488:
489:
490:
491:
492:
493:
494:
495:
496:
497:
498:
499:
500:
501:
502:
503:
504:
505:
506:
507:
508:
509:

Building configuration...
 
Current configuration : 15941 bytes
!
! Last configuration change at 10:50:44 ACST Fri Feb 6 2009 by norgan
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname norgan-gw
!
boot-start-marker
boot-end-marker
!
logging buffered 65535
logging console informational
enable secret 5 
!
no aaa new-model
clock timezone ACST 9 30
clock summer-time ACST recurring last Sun Oct 2:00 last Sun Mar 2:00
!
crypto pki trustpoint TP-self-signed-4054315601
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4054315601
 revocation-check none
 rsakeypair TP-self-signed-4054315601
!
!
crypto pki certificate chain TP-self-signed-4054315601
 certificate self-signed 01
  3
  	quit
dot11 syslog
no ip source-route
ip cef
!
!
 
!
!
no ip bootp server
ip domain name internode.on.net
ip name-server 192.231.203.132
ip name-server 192.231.203.3
ip port-map user-HTTPSSDM port tcp 4343
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com
 
parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com
 
parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com
 
!
!
username xxxxx..
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 hash md5
 authentication pre-share
!
crypto isakmp policy 3
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key xxxx address xxxx
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac 
!
crypto map SDM_CMAP_1 1 ipsec-isakmp 
 description Tunnel to
 set peer 
 set transform-set ESP-3DES-SHA 
 match address 109
!
archive
 log config
  hidekeys
!
!
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
 match access-group 106
class-map type inspect match-any SDM_HTTPS
 match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
 match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
 match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
 match class-map SDM_HTTPS
 match class-map SDM_SSH
 match class-map SDM_SHELL
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
 match access-group 110
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect imap match-any sdm-app-imap
 match  invalid-command
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
 match protocol user-HTTPSSDM
class-map type inspect match-all SDM_VPN_PT
 match access-group 105
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any Mail
 match protocol smtp
class-map type inspect match-all sdm-cls-sdm-pol-VPNOutsideToInside-1-2
 match class-map Mail
 match access-group name Mail
class-map type inspect gnutella match-any sdm-app-gnutella
 match  file-transfer 
class-map type inspect match-any Web
 match protocol https
 match protocol http
 match protocol dns
class-map type inspect match-all sdm-cls-sdm-pol-VPNOutsideToInside-1-3
 match class-map Web
 match access-group name Web
class-map type inspect ymsgr match-any sdm-app-yahoo-otherservices
 match  service any 
class-map type inspect msnmsgr match-any sdm-app-msn-otherservices
 match  service any 
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect aol match-any sdm-app-aol-otherservices
 match  service any 
class-map type inspect match-any All
 match protocol tcp
 match protocol udp
class-map type inspect pop3 match-any sdm-app-pop3
 match  invalid-command
class-map type inspect match-all sdm-access
 match class-map sdm-cls-access
 match access-group 104
class-map type inspect kazaa2 match-any sdm-app-kazaa2
 match  file-transfer 
class-map type inspect http match-any sdm-http-blockparam
 match  request port-misuse im
 match  request port-misuse p2p
 match  req-resp protocol-violation
class-map type inspect match-all sdm-invalid-src
 match access-group 103
class-map type inspect match-all sdm-icmp-access
 match class-map sdm-cls-icmp-access
class-map type inspect ymsgr match-any sdm-app-yahoo
 match  service text-chat 
class-map type inspect msnmsgr match-any sdm-app-msn
 match  service text-chat 
class-map type inspect edonkey match-any sdm-app-edonkey
 match  file-transfer 
 match  text-chat 
 match  search-file-name 
class-map type inspect http match-any sdm-app-httpmethods
 match  request method bcopy
 match  request method bdelete
 match  request method bmove
 match  request method bpropfind
 match  request method bproppatch
 match  request method connect
 match  request method copy
 match  request method delete
 match  request method edit
 match  request method getattribute
 match  request method getattributenames
 match  request method getproperties
 match  request method index
 match  request method lock
 match  request method mkcol
 match  request method mkdir
 match  request method move
 match  request method notify
 match  request method options
 match  request method poll
 match  request method propfind
 match  request method proppatch
 match  request method put
 match  request method revadd
 match  request method revlabel
 match  request method revlog
 match  request method revnum
 match  request method save
 match  request method search
 match  request method setattribute
 match  request method startrev
 match  request method stoprev
 match  request method subscribe
 match  request method trace
 match  request method unedit
 match  request method unlock
 match  request method unsubscribe
class-map type inspect edonkey match-any sdm-app-edonkeychat
 match  search-file-name 
 match  text-chat 
class-map type inspect http match-any sdm-http-allowparam
 match  request port-misuse tunneling
class-map type inspect fasttrack match-any sdm-app-fasttrack
 match  file-transfer 
class-map type inspect edonkey match-any sdm-app-edonkeydownload
 match  file-transfer 
class-map type inspect aol match-any sdm-app-aol
 match  service text-chat 
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-pol-VPNOutsideToInside-1
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class type inspect sdm-cls-sdm-pol-VPNOutsideToInside-1-3
  inspect
 class type inspect sdm-cls-sdm-pol-VPNOutsideToInside-1-2
  inspect
 class class-default
policy-map type inspect p2p sdm-action-app-p2p
 class type inspect edonkey sdm-app-edonkeychat
  log
  allow
 class type inspect edonkey sdm-app-edonkeydownload
  log
  allow
 class type inspect fasttrack sdm-app-fasttrack
  log
  allow
 class type inspect gnutella sdm-app-gnutella
  log
  allow
 class type inspect kazaa2 sdm-app-kazaa2
  log
  allow
 class class-default
policy-map type inspect sdm-inspect
 class type inspect sdm-invalid-src
  drop log
 class type inspect All
  inspect
 class type inspect sdm-insp-traffic
  inspect
 class class-default
  pass
policy-map type inspect im sdm-action-app-im
 class type inspect aol sdm-app-aol
  log
  allow
 class type inspect msnmsgr sdm-app-msn
  log
  allow
 class type inspect ymsgr sdm-app-yahoo
  log
  allow
 class type inspect aol sdm-app-aol-otherservices
  log
  reset
 class type inspect msnmsgr sdm-app-msn-otherservices
  log
  reset
 class type inspect ymsgr sdm-app-yahoo-otherservices
  log
  reset
 class class-default
policy-map type inspect http sdm-action-app-http
 class type inspect http sdm-http-blockparam
  log
  reset
 class type inspect http sdm-app-httpmethods
  log
  reset
 class type inspect http sdm-http-allowparam
  log
  allow
 class class-default
policy-map type inspect pop3 sdm-action-pop3
 class type inspect pop3 sdm-app-pop3
  log
 class class-default
policy-map type inspect sdm-permit
 class type inspect SDM_VPN_PT
  pass
 class type inspect sdm-access
  inspect
 class class-default
policy-map type inspect imap sdm-action-imap
 class type inspect imap sdm-app-imap
  log
 class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-VPNOutsideToInside-1
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
!
!
!
interface ATM0
 description --- Internode ADSL ---
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
  tx-ring-limit 3
  encapsulation aal5snap
  protocol ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto 
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description --- Ethernet LAN ---$FW_INSIDE$
 ip address 192.168.100.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
!
interface Dialer0
 description --- Internode ADSL ---$FW_OUTSIDE$
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname 
 ppp chap password 7
 crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http port 8080
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.100.1 80 interface Dialer0 80
ip nat inside source static tcp 192.168.100.5 25 interface Dialer0 25
ip nat inside source static tcp 192.168.100.1 53 interface Dialer0 53
ip nat inside source static udp 192.168.100.1 53 interface Dialer0 53
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
ip access-list extended CST_SDMCONF
 remark SDM Https config
 remark SDM_ACL Category=1
 remark HTTPS 4343
 permit tcp any any eq 4343
ip access-list extended Mail
 remark SDM_ACL Category=128
 permit ip any host 192.168.100.5
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended SDM_HTTPS
 remark SDM_ACL Category=1
 permit tcp any any eq 443
 permit tcp any any eq 4343
ip access-list extended SDM_SHELL
 remark SDM_ACL Category=1
 permit tcp any any eq cmd
ip access-list extended SDM_SSH
 remark SDM_ACL Category=1
 permit tcp any any eq 22
ip access-list extended Web
 remark SDM_ACL Category=128
 permit ip any host 192.168.100.1
!
access-list 1 permit 192.83.231.0 0.0.0.255
access-list 1 permit 203.26.95.0 0.0.0.255
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 remark SDM_ACL Category=16
access-list 101 remark IPSec Rule
access-list 101 deny   ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark SDM_ACL Category=128
access-list 103 permit ip host 255.255.255.255 any
access-list 103 permit ip 127.0.0.0 0.255.255.255 any
access-list 103 permit tcp any any eq 4343
access-list 104 remark SDM_ACL Category=128
access-list 104 permit ip any any
access-list 105 remark SDM_ACL Category=128
access-list 105 permit ip host 58.96.21.146 any
access-list 106 remark SDM_ACL Category=0
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 109 remark SDM_ACL Category=4
access-list 109 remark IPSec Rule
access-list 109 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 110 remark SDM_ACL Category=0
access-list 110 remark IPSec Rule
access-list 110 permit ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 101
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 192.231.203.132
end
[+][-]02/05/09 05:54 PM, ID: 23566224Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/05/09 06:24 PM, ID: 23566345Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/06/09 06:12 AM, ID: 23569814Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/06/09 11:16 PM, ID: 23577057Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/07/09 02:56 PM, ID: 23580698Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/07/09 05:36 PM, ID: 23581511Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/07/09 05:44 PM, ID: 23581537Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/08/09 11:07 AM, ID: 23585103Assisted Solution

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 30-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02/08/09 10:13 PM, ID: 23587708Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/09/09 02:42 AM, ID: 23588799Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zone: Network Routers
Tags: cisco, sdm, secure, port
Sign Up Now!
Solution Provided By: norgan
Participating Experts: 1
Solution Grade: A
 
 
Loading Advertisement...
20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20080625