Solved

Cisco 857 firewall

Posted on 2013-01-11
8
499 Views
Last Modified: 2013-02-02
I have a spare cisco 857 in the office that i am trying to use to set up a test site to site connection, however i am having problems configuring the firewall on this router. I also have another 857 that is working as the offices main router infront of an ISA server and its working fine.

I have tried copying over the running config from the working 857 with no joy, i have even tried factory defaulting the router and starting from scratch and still getting the error message. Below i have attached the running config, verision and screenshots of the error.

I am trying to configure it using the wizard in SDM, but get same issues when creating the zones and rules manually in the SDM also.

SDM error
Show Version
Router#show version
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T14, R
ELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 18-Aug-10 02:37 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

Router uptime is 19 hours, 5 minutes
System returned to ROM by reload
System image file is "flash:c850-advsecurityk9-mz.124-15.T14.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory
.
Processor board ID FCZ1512C24Y
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
20480K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

Open in new window


Running Config
Router#show config
Using 2405 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1159343166
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1159343166
 revocation-check none
 rsakeypair TP-self-signed-1159343166
!
!
crypto pki certificate chain TP-self-signed-1159343166
 certificate self-signed 01 nvram:IOS-Self-Sig#18.cer
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.201 192.168.1.254
!
ip dhcp pool basic
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 8.8.8.8
!
!
ip cef
ip name-server 8.8.8.8
!
!
!
username ***** privilege 15 password 0 *****
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap ******
 ppp chap password 0 *****
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool test 192.168.1.2 192.168.1.2 netmask 255.255.255.0
ip nat inside source list 1 interface Dialer0 overload
ip nat outside source static tcp ***** 1723 192.168.1.2 1723 extendable
!
ip access-list extended test
 remark test
 remark SDM_ACL Category=2
 remark tet
 permit tcp any any log
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window


Code trying to run
lass-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
 exit
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
 exit
class-map type inspect match-all sdm-protocol-http
 match protocol http
 exit
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 exit
class-map type inspect match-all sdm-icmp-access
 match class-map sdm-cls-icmp-access
 exit
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-icmp-access
  no drop
  inspect
  exit
 class class-default
  no drop
  pass
  exit
 exit
policy-map type inspect sdm-inspect
 class type inspect sdm-invalid-src
  drop log
  exit
 class type inspect sdm-insp-traffic
  no drop
  inspect
  exit
 class type inspect sdm-protocol-http
  no drop
  inspect
  exit
 class class-default
 exit
policy-map type inspect sdm-permit
 class class-default
 exit
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
 exit
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
 exit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
 exit

Open in new window

0
Comment
Question by:CaptainGiblets
  • 4
  • 4
8 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 38767177
Can you run "show license" and provide the output?
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 38777449
there is no show lisence command on my router.

If i log in via telnet i type in show ? and it cant find license.
0
 
LVL 28

Expert Comment

by:asavener
ID: 38778259
When you log in, and you see the command prompt, does it end with a ">" or a "#"?
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 6

Author Comment

by:CaptainGiblets
ID: 38778588
#

i have tried running the disable command and cant do it from there either.
0
 
LVL 28

Expert Comment

by:asavener
ID: 38779068
My 881 router allows me to do show license at that prompt.
0
 
LVL 28

Expert Comment

by:asavener
ID: 38779083
Whoops.  I'm sorry; I didn't see that you're running 12.4.
0
 
LVL 6

Accepted Solution

by:
CaptainGiblets earned 0 total points
ID: 38826427
managed to figure it out by combining 2 of my working configs.
0
 
LVL 6

Author Closing Comment

by:CaptainGiblets
ID: 38846360
working now.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question