jolianharrison
asked on
I cannot PING or TELNET into my cisco routers from the internet
Hi there, I am a newbie to Cisco equipment, I have got a basic handle on how they work, but I have a problem with a few of them, I cannot ping or telnet into some of them from the internet. I need to have this enabled for another program to function correctly
I also need to be able to VPN out from within the network.
They all had the same configuration file entered onto them, but they are not all working the same, (very strange I know)
Is the a series of commands I can enter from the config interface that will allow me to enable these features?
Many Thanks
Jolian
I also need to be able to VPN out from within the network.
They all had the same configuration file entered onto them, but they are not all working the same, (very strange I know)
Is the a series of commands I can enter from the config interface that will allow me to enable these features?
Many Thanks
Jolian
ASKER
This is the config from one of the routers that I can ping and telnet into:
Building configuration...
Current configuration : 6341 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blah
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 .
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00 ip subnet-zero ip cef !
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 213.140.133.43 213.140.133.42
default-router 192.168.0.1
!
!
ip domain name blahblah.com
ip name-server 213.140.133.43
ip name-server 213.140.133.42
ip port-map user-protocol--2 port tcp 3389 ip port-map user-protocol--1 port tcp 3542 !
!
crypto pki trustpoint TP-self-signed-754785768 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certifi cate-75478 5768
revocation-check none
rsakeypair TP-self-signed-754785768
!
!
crypto pki certificate chain TP-self-signed-754785768 certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37353437 38353736 38301E17 0D303230 34323031 38353235
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3735 34373835
37363830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BE6D4243 914F906B AECDA4A3 F1F7FBD9 31CDCB76 8F1991DF 9F80D158 010601AA
5F795673 D80959C3 5E99D286 2C6C40EF 718C141A BF580F2F BEDEDCFB 6F2B15A5
6669CF37 CE4F7142 F76BE6C7 7110966D AE76B0C9 765DB2CC 35FF654A 8FC997F0
C691FF67 75682EB9 5C592B66 9A1E0E62 72497D55 4B3CC015 1AAF8CC3 350B0767
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821361 786F732E 62617272 6F6F6D62 61722E63 6F6D301F 0603551D
23041830 16801483 575F8C0D CD2E5942 9C586B62 2AE07D92 5D88C030 1D060355
1D0E0416 04148357 5F8C0DCD 2E59429C 586B622A E07D925D 88C0300D 06092A86
4886F70D 01010405 00038181 0079112B F1022317 AC3565FD FBB6CB3B 85C1C6C0
17DF80AD 019890DD DFFA9DD5 6CCBA880 DAF2CA5C 9907A128 AC87429A 12000E97
AFCA1CEB BC61C3D5 7693E080 B4A7E556 F04F518A 0380F7F7 32ED7E73 F3E82977
B0ABFF4F 200D3F78 F633A4FA 2468E338 D035A9AF 06040A3A 91BF6DCC 369603D5
EBB6F7FD EA72899C 688E2405 AB
quit
username admin privilege 15 secret 5 archive log config
hidekeys
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO- HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 !
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname adsl@adslconnect.co.uk ppp chap password 0 bloomindale !
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.2 61 interface Dialer0 61 ip nat inside source static tcp 192.168.0.2 3524 interface Dialer0 3524 ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 3389 ip nat inside source static tcp 192.168.0.2 5631 interface Dialer0 5631 ip nat inside source static udp 192.168.0.2 5632 interface Dialer0 5632 ip nat inside source static tcp 192.168.0.2 143 interface Dialer0 143 ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443 ip nat inside source static tcp 192.168.0.2 80 interface Dialer0 80 ip nat inside source static tcp 192.168.0.2 3542 interface Dialer0 3542 !
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=0 access-list 101 permit ip any host 192.168.0.2 access-list 102 remark SDM_ACL Category=0 access-list 102 permit ip any host 192.168.0.2 access-list 103 remark SDM_ACL Category=0 access-list 103 permit ip any host 192.168.0.2 access-list 104 remark SDM_ACL Category=0 access-list 104 permit ip any host 192.168.0.2 access-list 105 remark SDM_ACL Category=0 access-list 105 permit ip any host 192.168.0.2 access-list 106 remark SDM_ACL Category=0 access-list 106 permit ip any host 192.168.0.2 access-list 107 remark SDM_ACL Category=0 access-list 107 permit ip any host 192.168.0.2 dialer-list 1 protocol ip permit no cdp run !
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-------------------------- ---------- ---------- ---------- ---------- -----
Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to use.
-------------------------- ---------- ---------- ---------- ---------- -----
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C !
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -------
And this is the config from one of the machine that I cannot telnet or ping into, they are all the same series router and the ADSL provider is the same for all the routers, they have all been set up the same way, I simply changed the username and password for the ADSL connection before loading the config to each box:
Building configuration...
Current configuration : 9462 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blah
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 .
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00 ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.1 !
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 213.140.133.43 213.140.133.42
default-router 192.168.0.1
!
!
ip port-map user-protocol--2 port tcp 3389 ip port-map user-protocol--1 port tcp 3542 ip domain name blahblah.com ip name-server 213.140.133.43 ip name-server 213.140.133.42 !
!
crypto pki trustpoint TP-self-signed-46823576 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certifi cate-46823 576
revocation-check none
rsakeypair TP-self-signed-46823576
!
!
crypto pki certificate chain TP-self-signed-46823576 certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363832 33353736 301E170D 30323039 30323132 31393532
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D343638 32333537
3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A3AD
65A08D3F 3BA3207A 0BA148D5 290C1130 4E3A3224 03B2FA33 83ADFCF2 D1773CD8
107E7C6C E8F2131B 5D010E10 B48A5AB3 84E78EB0 FEEA6AE5 302E1374 CCC356AE
2AAC9A95 F5956782 0DDDFB27 ED15B3F7 2457074E 4FFC39C2 433BBAC4 F6A8CAC5
BA90D5AD DEB7FF49 1325EC75 2F4A59A7 002FE55C 1A730077 AC652570 A1630203
010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603 551D1104
17301582 1361786F 732E6261 72726F6F 6D626172 2E636F6D 301F0603 551D2304
18301680 14606FAD 8FE76C79 A140AAFC DA544CAA 21847EED C3301D06 03551D0E
04160414 606FAD8F E76C79A1 40AAFCDA 544CAA21 847EEDC3 300D0609 2A864886
F70D0101 04050003 81810091 71EB6F30 A02B8C1C 1327715B DC379CE2 A46CEDEC
3480BC2F 80B58E14 930D6647 D399CC1E 6949B77D 307A6A17 0A897511 C2D9E706
2C86A4C8 66B2726F 920FC580 EB619703 F140FC03 BB722116 C564632F D54BAE8B
2093017F FE48AE3C 75E4AD23 ABBC82BF 710268A9 9499342B E6C5B040 9081F964
A371D35A 561D89B7 EB304E
quit
username admin privilege 15 secret 5 archive log config
hidekeys
!
!
class-map type inspect match-all sdm-nat-pcanywheredata-1 match access-group 106 match protocol pcanywheredata class-map type inspect match-all sdm-nat-http-1 match access-group 102 match protocol http class-map type inspect match-all sdm-nat-user-protocol--2-1 match access-group 107 match protocol user-protocol--2 class-map type inspect match-all sdm-nat-user-protocol--1-1 match access-group 101 match protocol user-protocol--1 class-map type inspect match-all sdm-nat-pcanywherestat-1 match access-group 105 match protocol pcanywherestat class-map type inspect match-all sdm-nat-imap-1 match access-group 104 match protocol imap class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-protocol-http match protocol http class-map type inspect match-all sdm-nat-https-1 match access-group 103 match protocol https !
!
policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside -1 class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-imap-1
inspect
class type inspect sdm-nat-pcanywherestat-1
inspect
class type inspect sdm-nat-pcanywheredata-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
policy-map type inspect sdm-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-NATOutsideToInside- 1 source out-zone destination in-zone service-policy type inspect sdm-pol-NATOutsideToInside -1 zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect !
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO- HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone ip tcp adjust-mss 1452 !
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname adsl@adslconnect.co.uk ppp chap password 0 bloomindale !
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.2 61 interface Dialer0 61 ip nat inside source static tcp 192.168.0.2 3524 interface Dialer0 3524 ip nat inside source static tcp 192.168.0.2 3542 interface Dialer0 3542 ip nat inside source static tcp 192.168.0.2 80 interface Dialer0 80 ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443 ip nat inside source static tcp 192.168.0.2 143 interface Dialer0 143 ip nat inside source static udp 192.168.0.2 5632 interface Dialer0 5632 ip nat inside source static tcp 192.168.0.2 5631 interface Dialer0 5631 ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 3389 !
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=0 access-list 101 permit ip any host 192.168.0.2 access-list 102 remark SDM_ACL Category=0 access-list 102 permit ip any host 192.168.0.2 access-list 103 remark SDM_ACL Category=0 access-list 103 permit ip any host 192.168.0.2 access-list 104 remark SDM_ACL Category=0 access-list 104 permit ip any host 192.168.0.2 access-list 105 remark SDM_ACL Category=0 access-list 105 permit ip any host 192.168.0.2 access-list 106 remark SDM_ACL Category=0 access-list 106 permit ip any host 192.168.0.2 access-list 107 remark SDM_ACL Category=0 access-list 107 permit ip any host 192.168.0.2 dialer-list 1 protocol ip permit no cdp run !
!
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-------------------------- ---------- ---------- ---------- ---------- -----
Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to use.
-------------------------- ---------- ---------- ---------- ---------- -----
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C !
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
The size of the config is different on the 2 machines even though it was from the same original file, there did seem to be some variation in the way that the machines reloaded after the config went in. You have to remember that I am a real newbie with Cisco, I need to get the TELNET and PING enabled on these machines to give me some breathing space, then I'm taking a course on the matter.
Jolian
Building configuration...
Current configuration : 6341 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blah
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 .
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00 ip subnet-zero ip cef !
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 213.140.133.43 213.140.133.42
default-router 192.168.0.1
!
!
ip domain name blahblah.com
ip name-server 213.140.133.43
ip name-server 213.140.133.42
ip port-map user-protocol--2 port tcp 3389 ip port-map user-protocol--1 port tcp 3542 !
!
crypto pki trustpoint TP-self-signed-754785768 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-754785768
!
!
crypto pki certificate chain TP-self-signed-754785768 certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37353437 38353736 38301E17 0D303230 34323031 38353235
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3735 34373835
37363830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BE6D4243 914F906B AECDA4A3 F1F7FBD9 31CDCB76 8F1991DF 9F80D158 010601AA
5F795673 D80959C3 5E99D286 2C6C40EF 718C141A BF580F2F BEDEDCFB 6F2B15A5
6669CF37 CE4F7142 F76BE6C7 7110966D AE76B0C9 765DB2CC 35FF654A 8FC997F0
C691FF67 75682EB9 5C592B66 9A1E0E62 72497D55 4B3CC015 1AAF8CC3 350B0767
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821361 786F732E 62617272 6F6F6D62 61722E63 6F6D301F 0603551D
23041830 16801483 575F8C0D CD2E5942 9C586B62 2AE07D92 5D88C030 1D060355
1D0E0416 04148357 5F8C0DCD 2E59429C 586B622A E07D925D 88C0300D 06092A86
4886F70D 01010405 00038181 0079112B F1022317 AC3565FD FBB6CB3B 85C1C6C0
17DF80AD 019890DD DFFA9DD5 6CCBA880 DAF2CA5C 9907A128 AC87429A 12000E97
AFCA1CEB BC61C3D5 7693E080 B4A7E556 F04F518A 0380F7F7 32ED7E73 F3E82977
B0ABFF4F 200D3F78 F633A4FA 2468E338 D035A9AF 06040A3A 91BF6DCC 369603D5
EBB6F7FD EA72899C 688E2405 AB
quit
username admin privilege 15 secret 5 archive log config
hidekeys
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname adsl@adslconnect.co.uk ppp chap password 0 bloomindale !
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.2 61 interface Dialer0 61 ip nat inside source static tcp 192.168.0.2 3524 interface Dialer0 3524 ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 3389 ip nat inside source static tcp 192.168.0.2 5631 interface Dialer0 5631 ip nat inside source static udp 192.168.0.2 5632 interface Dialer0 5632 ip nat inside source static tcp 192.168.0.2 143 interface Dialer0 143 ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443 ip nat inside source static tcp 192.168.0.2 80 interface Dialer0 80 ip nat inside source static tcp 192.168.0.2 3542 interface Dialer0 3542 !
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=0 access-list 101 permit ip any host 192.168.0.2 access-list 102 remark SDM_ACL Category=0 access-list 102 permit ip any host 192.168.0.2 access-list 103 remark SDM_ACL Category=0 access-list 103 permit ip any host 192.168.0.2 access-list 104 remark SDM_ACL Category=0 access-list 104 permit ip any host 192.168.0.2 access-list 105 remark SDM_ACL Category=0 access-list 105 permit ip any host 192.168.0.2 access-list 106 remark SDM_ACL Category=0 access-list 106 permit ip any host 192.168.0.2 access-list 107 remark SDM_ACL Category=0 access-list 107 permit ip any host 192.168.0.2 dialer-list 1 protocol ip permit no cdp run !
!
control-plane
!
banner exec ^CC
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to use.
--------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C !
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
--------------------------
And this is the config from one of the machine that I cannot telnet or ping into, they are all the same series router and the ADSL provider is the same for all the routers, they have all been set up the same way, I simply changed the username and password for the ADSL connection before loading the config to each box:
Building configuration...
Current configuration : 9462 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blah
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 .
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00 ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.1 !
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 213.140.133.43 213.140.133.42
default-router 192.168.0.1
!
!
ip port-map user-protocol--2 port tcp 3389 ip port-map user-protocol--1 port tcp 3542 ip domain name blahblah.com ip name-server 213.140.133.43 ip name-server 213.140.133.42 !
!
crypto pki trustpoint TP-self-signed-46823576 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-46823576
!
!
crypto pki certificate chain TP-self-signed-46823576 certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363832 33353736 301E170D 30323039 30323132 31393532
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D343638 32333537
3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A3AD
65A08D3F 3BA3207A 0BA148D5 290C1130 4E3A3224 03B2FA33 83ADFCF2 D1773CD8
107E7C6C E8F2131B 5D010E10 B48A5AB3 84E78EB0 FEEA6AE5 302E1374 CCC356AE
2AAC9A95 F5956782 0DDDFB27 ED15B3F7 2457074E 4FFC39C2 433BBAC4 F6A8CAC5
BA90D5AD DEB7FF49 1325EC75 2F4A59A7 002FE55C 1A730077 AC652570 A1630203
010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603 551D1104
17301582 1361786F 732E6261 72726F6F 6D626172 2E636F6D 301F0603 551D2304
18301680 14606FAD 8FE76C79 A140AAFC DA544CAA 21847EED C3301D06 03551D0E
04160414 606FAD8F E76C79A1 40AAFCDA 544CAA21 847EEDC3 300D0609 2A864886
F70D0101 04050003 81810091 71EB6F30 A02B8C1C 1327715B DC379CE2 A46CEDEC
3480BC2F 80B58E14 930D6647 D399CC1E 6949B77D 307A6A17 0A897511 C2D9E706
2C86A4C8 66B2726F 920FC580 EB619703 F140FC03 BB722116 C564632F D54BAE8B
2093017F FE48AE3C 75E4AD23 ABBC82BF 710268A9 9499342B E6C5B040 9081F964
A371D35A 561D89B7 EB304E
quit
username admin privilege 15 secret 5 archive log config
hidekeys
!
!
class-map type inspect match-all sdm-nat-pcanywheredata-1 match access-group 106 match protocol pcanywheredata class-map type inspect match-all sdm-nat-http-1 match access-group 102 match protocol http class-map type inspect match-all sdm-nat-user-protocol--2-1
!
policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside
inspect
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-imap-1
inspect
class type inspect sdm-nat-pcanywherestat-1
inspect
class type inspect sdm-nat-pcanywheredata-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
policy-map type inspect sdm-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-NATOutsideToInside-
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname adsl@adslconnect.co.uk ppp chap password 0 bloomindale !
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.2 61 interface Dialer0 61 ip nat inside source static tcp 192.168.0.2 3524 interface Dialer0 3524 ip nat inside source static tcp 192.168.0.2 3542 interface Dialer0 3542 ip nat inside source static tcp 192.168.0.2 80 interface Dialer0 80 ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443 ip nat inside source static tcp 192.168.0.2 143 interface Dialer0 143 ip nat inside source static udp 192.168.0.2 5632 interface Dialer0 5632 ip nat inside source static tcp 192.168.0.2 5631 interface Dialer0 5631 ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 3389 !
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=0 access-list 101 permit ip any host 192.168.0.2 access-list 102 remark SDM_ACL Category=0 access-list 102 permit ip any host 192.168.0.2 access-list 103 remark SDM_ACL Category=0 access-list 103 permit ip any host 192.168.0.2 access-list 104 remark SDM_ACL Category=0 access-list 104 permit ip any host 192.168.0.2 access-list 105 remark SDM_ACL Category=0 access-list 105 permit ip any host 192.168.0.2 access-list 106 remark SDM_ACL Category=0 access-list 106 permit ip any host 192.168.0.2 access-list 107 remark SDM_ACL Category=0 access-list 107 permit ip any host 192.168.0.2 dialer-list 1 protocol ip permit no cdp run !
!
!
control-plane
!
banner exec ^CC
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to use.
--------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C !
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
The size of the config is different on the 2 machines even though it was from the same original file, there did seem to be some variation in the way that the machines reloaded after the config went in. You have to remember that I am a real newbie with Cisco, I need to get the TELNET and PING enabled on these machines to give me some breathing space, then I'm taking a course on the matter.
Jolian
By default in SDM access-list 100 is associated with Telnet/SSH below is what your permitting . . .
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
and
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
and
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
I would modify those to ip any any it you want to telnet/ssh from any remote location or specify your ip ranges in there if you want to do from inside only
Jolian,
Can you paste the configs in a code snippet? Commands and lines are all messed up :(
Can you paste the configs in a code snippet? Commands and lines are all messed up :(
To VPN out you might consider in SDM modifing your confguration to look this way, i attached a screen shot
ASKER
This is the first code snippet, this is from one of the routers that I can telnet and ping into
Jolian
second one on the way
Jolian
second one on the way
Building configuration...
Current configuration : 6341 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname axos
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 .
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00 ip subnet-zero ip cef !
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 212.139.132.42 212.139.132.41
default-router 192.168.0.1
!
!
ip domain name blahblah.com
ip name-server 212.139.132.42
ip name-server 212.139.132.41
ip port-map user-protocol--2 port tcp 3389 ip port-map user-protocol--1 port tcp 3542 !
!
crypto pki trustpoint TP-self-signed-754785768 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-754785768
revocation-check none
rsakeypair TP-self-signed-754785768
!
!
crypto pki certificate chain TP-self-signed-754785768 certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37353437 38353736 38301E17 0D303230 34323031 38353235
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3735 34373835
37363830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BE6D4243 914F906B AECDA4A3 F1F7FBD9 31CDCB76 8F1991DF 9F80D158 010601AA
5F795673 D80959C3 5E99D286 2C6C40EF 718C141A BF580F2F BEDEDCFB 6F2B15A5
6669CF37 CE4F7142 F76BE6C7 7110966D AE76B0C9 765DB2CC 35FF654A 8FC997F0
C691FF67 75682EB9 5C592B66 9A1E0E62 72497D55 4B3CC015 1AAF8CC3 350B0767
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821361 786F732E 62617272 6F6F6D62 61722E63 6F6D301F 0603551D
23041830 16801483 575F8C0D CD2E5942 9C586B62 2AE07D92 5D88C030 1D060355
1D0E0416 04148357 5F8C0DCD 2E59429C 586B622A E07D925D 88C0300D 06092A86
4886F70D 01010405 00038181 0079112B F1022317 AC3565FD FBB6CB3B 85C1C6C0
17DF80AD 019890DD DFFA9DD5 6CCBA880 DAF2CA5C 9907A128 AC87429A 12000E97
AFCA1CEB BC61C3D5 7693E080 B4A7E556 F04F518A 0380F7F7 32ED7E73 F3E82977
B0ABFF4F 200D3F78 F633A4FA 2468E338 D035A9AF 06040A3A 91BF6DCC 369603D5
EBB6F7FD EA72899C 688E2405 AB
quit
username admin privilege 15 secret 5 $ archive log config
hidekeys
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 !
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname adsl@adslconnect.co.uk ppp chap password 0 bloomindale !
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.2 61 interface Dialer0 61 ip nat inside source static tcp 192.168.0.2 3524 interface Dialer0 3524 ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 3389 ip nat inside source static tcp 192.168.0.2 5631 interface Dialer0 5631 ip nat inside source static udp 192.168.0.2 5632 interface Dialer0 5632 ip nat inside source static tcp 192.168.0.2 143 interface Dialer0 143 ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443 ip nat inside source static tcp 192.168.0.2 80 interface Dialer0 80 ip nat inside source static tcp 192.168.0.2 3542 interface Dialer0 3542 !
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=0 access-list 101 permit ip any host 192.168.0.2 access-list 102 remark SDM_ACL Category=0 access-list 102 permit ip any host 192.168.0.2 access-list 103 remark SDM_ACL Category=0 access-list 103 permit ip any host 192.168.0.2 access-list 104 remark SDM_ACL Category=0 access-list 104 permit ip any host 192.168.0.2 access-list 105 remark SDM_ACL Category=0 access-list 105 permit ip any host 192.168.0.2 access-list 106 remark SDM_ACL Category=0 access-list 106 permit ip any host 192.168.0.2 access-list 107 remark SDM_ACL Category=0 access-list 107 permit ip any host 192.168.0.2 dialer-list 1 protocol ip permit no cdp run !
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to use.
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C !
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
In case that screen shot did make it heres a direct link
http://www.focusu.com/gall ery/data/b bf94b34eb3 2268ada57a 3be5062fe7 d/800_p213 36.jpeg
http://www.focusu.com/gall
ASKER
This is from one that I cannot PING/TELNET into
(secong snippet)
(secong snippet)
Building configuration...
Current configuration : 9462 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname axos
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 .
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00 ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.1 !
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 212.139.132.42 212.139.132.41
default-router 192.168.0.1
!
!
ip port-map user-protocol--2 port tcp 3389 ip port-map user-protocol--1 port tcp 3542 ip domain name barroombar.com ip name-server 212.139.132.42 ip name-server 212.139.132.41 !
!
crypto pki trustpoint TP-self-signed-46823576 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-46823576
revocation-check none
rsakeypair TP-self-signed-46823576
!
!
crypto pki certificate chain TP-self-signed-46823576 certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363832 33353736 301E170D 30323039 30323132 31393532
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D343638 32333537
3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A3AD
65A08D3F 3BA3207A 0BA148D5 290C1130 4E3A3224 03B2FA33 83ADFCF2 D1773CD8
107E7C6C E8F2131B 5D010E10 B48A5AB3 84E78EB0 FEEA6AE5 302E1374 CCC356AE
2AAC9A95 F5956782 0DDDFB27 ED15B3F7 2457074E 4FFC39C2 433BBAC4 F6A8CAC5
BA90D5AD DEB7FF49 1325EC75 2F4A59A7 002FE55C 1A730077 AC652570 A1630203
010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603 551D1104
17301582 1361786F 732E6261 72726F6F 6D626172 2E636F6D 301F0603 551D2304
18301680 14606FAD 8FE76C79 A140AAFC DA544CAA 21847EED C3301D06 03551D0E
04160414 606FAD8F E76C79A1 40AAFCDA 544CAA21 847EEDC3 300D0609 2A864886
F70D0101 04050003 81810091 71EB6F30 A02B8C1C 1327715B DC379CE2 A46CEDEC
3480BC2F 80B58E14 930D6647 D399CC1E 6949B77D 307A6A17 0A897511 C2D9E706
2C86A4C8 66B2726F 920FC580 EB619703 F140FC03 BB722116 C564632F D54BAE8B
2093017F FE48AE3C 75E4AD23 ABBC82BF 710268A9 9499342B E6C5B040 9081F964
A371D35A 561D89B7 EB304E
quit
username admin privilege 15 secret 5 $10OvI50 archive log config
hidekeys
!
!
class-map type inspect match-all sdm-nat-pcanywheredata-1 match access-group 106 match protocol pcanywheredata class-map type inspect match-all sdm-nat-http-1 match access-group 102 match protocol http class-map type inspect match-all sdm-nat-user-protocol--2-1 match access-group 107 match protocol user-protocol--2 class-map type inspect match-all sdm-nat-user-protocol--1-1 match access-group 101 match protocol user-protocol--1 class-map type inspect match-all sdm-nat-pcanywherestat-1 match access-group 105 match protocol pcanywherestat class-map type inspect match-all sdm-nat-imap-1 match access-group 104 match protocol imap class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-protocol-http match protocol http class-map type inspect match-all sdm-nat-https-1 match access-group 103 match protocol https !
!
policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1 class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-imap-1
inspect
class type inspect sdm-nat-pcanywherestat-1
inspect
class type inspect sdm-nat-pcanywheredata-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
policy-map type inspect sdm-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone service-policy type inspect sdm-pol-NATOutsideToInside-1 zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect !
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone ip tcp adjust-mss 1452 !
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname adsl@dslconnect.co.uk ppp chap password 0 bloomingdale !
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.2 61 interface Dialer0 61
ip nat inside source static tcp 192.168.0.2 3524 interface Dialer0 3524
ip nat inside source static tcp 192.168.0.2 3542 interface Dialer0 3542
ip nat inside source static tcp 192.168.0.2 80 interface Dialer0 80
ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.2 143 interface Dialer0 143
ip nat inside source static udp 192.168.0.2 5632 interface Dialer0 5632
ip nat inside source static tcp 192.168.0.2 5631 interface Dialer0 5631
ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 3389 !
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.0.2
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.0.2
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.0.2
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.0.2
access-list 105 remark SDM_ACL Category=0
access-list 105 permit ip any host 192.168.0.2
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.0.2
access-list 107 remark SDM_ACL Category=0
access-list 107 permit ip any host 192.168.0.2 dialer-list 1 protocol ip permit no cdp run !
!
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to use.
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C !
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
ASKER
Also, some of the routers do not have the SDM console installed, I assume that I can just install it from the cd and then modify the rules on screen, (I dont want to kill the router)
So what you are saying is that access list 100 is for telnet, and if I include the IP addresses that I want to ping from then that will open it up?
will that also do ping requests as well?
Jolian
So what you are saying is that access list 100 is for telnet, and if I include the IP addresses that I want to ping from then that will open it up?
will that also do ping requests as well?
Jolian
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
righto, will log into the router now and add the commands, give me 20 minutes or so
Jolian
Jolian
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys, it was a combination of both of these things that put me on the right track, all ok now
I'll split the points evenly
Many Thanks
Jolian
I'll split the points evenly
Many Thanks
Jolian
ASKER
Thanks for the help on this, it put me on the right track
Many Thanks
Jolian
Many Thanks
Jolian
Can you post the sanitized config? I am assuming you have already entered transport input telnet but you did not permit telnet in inbound ACL.
Regards