Cisco Forum — Allgemein

gpeter73 · 25.01.2008, 13:58

Hi,

ich habe mir von jemanden ein Cisco Configuration stricken lassen, sie läuft soweit auch ganz gut. Nur bekomme ich nun beim Versucht mich auf den IRC Server irc.freenode.org zu verbinden die Meldung das mein ich einen offenen Proxy habe.
Kann sich mal einer die Konfi anschauen, nicht das der Kollege sich da ein Hintertürchen eingebaut hat.

Danke Peter

Code:

Using 7324 out of 131072 bytes
!
version 12.3
service config
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
no logging on
!
aaa new-model
!
!
aaa authentication login login_check local
aaa authorization console
aaa authorization exec exec_check local
aaa authorization network network_check local
aaa session-id common
ip subnet-zero
!
!
!
!
no ip domain lookup
no ip bootp server
ip cef
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall icmp
ip ips po max-events 100
no ftp-server write-enable
!
!

gpeter73 · 25.01.2008, 13:59

2. Teil

Code:

username xxx privilege 15 secret 5 $1$E2No$8KM6znG6xBH1NXCGIoTQR/
username xxx privilege 15 secret 5 $1$dNJE$lVcNJjzoytthryd76EhaH/
!
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group VPN
 key xxx
 pool VPN
 acl ST
 pfs
 netmask 255.255.255.255
!
!
crypto ipsec transform-set VPN_Transform esp-3des esp-md5-hmac
!
crypto dynamic-map Dynmap 10
 set transform-set VPN_Transform
 reverse-route
!
!
crypto map VPN client authentication list login_check
crypto map VPN isakmp authorization list network_check
crypto map VPN client configuration address respond
crypto map VPN 100 ipsec-isakmp dynamic Dynmap
!
!
!
interface Ethernet0
 ip address 192.168.2.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 no cdp enable
!
interface BRI0
 no ip address
 shutdown
 no cdp enable
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.2 point-to-point
 pvc 1/32
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!

gpeter73 · 25.01.2008, 13:59

3. Teil

Code:

interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer1
 ip address negotiated
 ip access-group Block_Incoming in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly
 encapsulation ppp
 no ip route-cache cef
 no ip route-cache
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxx
 ppp chap password xxxxxxxxxxxxxxxxxxxxxxxxx
 ppp pap sent-username xxx password xxxxxxxxxxxxxxxxxxxxxxxxxx
 crypto map VPN
!
ip local pool VPN 172.16.2.10 172.16.2.20
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 1.0.0.0 255.0.0.0 Null0
ip route 2.0.0.0 255.0.0.0 Null0
ip route 5.0.0.0 255.0.0.0 Null0
ip route 10.0.0.0 255.0.0.0 Null0
ip route 23.0.0.0 255.0.0.0 Null0
ip route 27.0.0.0 255.0.0.0 Null0
ip route 31.0.0.0 255.0.0.0 Null0
ip route 36.0.0.0 255.0.0.0 Null0
ip route 37.0.0.0 255.0.0.0 Null0
ip route 39.0.0.0 255.0.0.0 Null0
ip route 42.0.0.0 255.0.0.0 Null0
ip route 46.0.0.0 255.0.0.0 Null0
ip route 49.0.0.0 255.0.0.0 Null0
ip route 50.0.0.0 255.0.0.0 Null0
ip route 100.0.0.0 255.0.0.0 Null0
ip route 101.0.0.0 255.0.0.0 Null0
ip route 102.0.0.0 255.0.0.0 Null0
ip route 103.0.0.0 255.0.0.0 Null0
ip route 104.0.0.0 255.0.0.0 Null0
ip route 105.0.0.0 255.0.0.0 Null0
ip route 106.0.0.0 255.0.0.0 Null0
ip route 107.0.0.0 255.0.0.0 Null0
ip route 108.0.0.0 255.0.0.0 Null0
ip route 109.0.0.0 255.0.0.0 Null0
ip route 110.0.0.0 255.0.0.0 Null0
ip route 111.0.0.0 255.0.0.0 Null0
ip route 112.0.0.0 255.0.0.0 Null0
ip route 113.0.0.0 255.0.0.0 Null0
ip route 127.0.0.0 255.0.0.0 Null0
ip route 169.254.0.0 255.255.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 173.0.0.0 255.0.0.0 Null0
ip route 174.0.0.0 255.0.0.0 Null0
ip route 175.0.0.0 255.0.0.0 Null0
ip route 176.0.0.0 255.0.0.0 Null0
ip route 177.0.0.0 255.0.0.0 Null0
ip route 178.0.0.0 255.0.0.0 Null0
ip route 179.0.0.0 255.0.0.0 Null0
ip route 180.0.0.0 255.0.0.0 Null0
ip route 181.0.0.0 255.0.0.0 Null0
ip route 182.0.0.0 255.0.0.0 Null0
ip route 183.0.0.0 255.0.0.0 Null0
ip route 184.0.0.0 255.0.0.0 Null0
ip route 185.0.0.0 255.0.0.0 Null0
ip route 192.0.2.0 255.255.255.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
ip route 197.0.0.0 255.0.0.0 Null0
ip route 223.0.0.0 255.0.0.0 Null0
!
no ip http server
no ip http secure-server
ip nat inside source list NAT interface Dialer1 overload
ip nat inside source static tcp 192.168.2.9 25 interface Dialer1 25
ip nat inside source static tcp 192.168.2.176 443 interface Dialer1 443
!
!

gpeter73 · 25.01.2008, 14:01

4. Teil

Code:

ip access-list extended Block_Incoming
 deny   ip 0.0.0.0 0.255.255.255 any
 deny   ip 1.0.0.0 0.255.255.255 any
 deny   ip 2.0.0.0 0.255.255.255 any
 deny   ip 5.0.0.0 0.255.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 23.0.0.0 0.255.255.255 any
 deny   ip 27.0.0.0 0.255.255.255 any
 deny   ip 31.0.0.0 0.255.255.255 any
 deny   ip 36.0.0.0 0.255.255.255 any
 deny   ip 37.0.0.0 0.255.255.255 any
 deny   ip 39.0.0.0 0.255.255.255 any
 deny   ip 42.0.0.0 0.255.255.255 any
 deny   ip 46.0.0.0 0.255.255.255 any
 deny   ip 49.0.0.0 0.255.255.255 any
 deny   ip 50.0.0.0 0.255.255.255 any
 deny   ip 100.0.0.0 0.255.255.255 any
 deny   ip 101.0.0.0 0.255.255.255 any
 deny   ip 102.0.0.0 0.255.255.255 any
 deny   ip 103.0.0.0 0.255.255.255 any
 deny   ip 104.0.0.0 0.255.255.255 any
 deny   ip 105.0.0.0 0.255.255.255 any
 deny   ip 106.0.0.0 0.255.255.255 any
 deny   ip 107.0.0.0 0.255.255.255 any
 deny   ip 108.0.0.0 0.255.255.255 any
 deny   ip 109.0.0.0 0.255.255.255 any
 deny   ip 110.0.0.0 0.255.255.255 any
 deny   ip 111.0.0.0 0.255.255.255 any
 deny   ip 112.0.0.0 0.255.255.255 any
 deny   ip 113.0.0.0 0.255.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 173.0.0.0 0.255.255.255 any
 deny   ip 174.0.0.0 0.255.255.255 any
 deny   ip 175.0.0.0 0.255.255.255 any
 deny   ip 176.0.0.0 0.255.255.255 any
 deny   ip 177.0.0.0 0.255.255.255 any
 deny   ip 178.0.0.0 0.255.255.255 any
 deny   ip 179.0.0.0 0.255.255.255 any
 deny   ip 180.0.0.0 0.255.255.255 any
 deny   ip 181.0.0.0 0.255.255.255 any
 deny   ip 182.0.0.0 0.255.255.255 any
 deny   ip 183.0.0.0 0.255.255.255 any
 deny   ip 184.0.0.0 0.255.255.255 any
 deny   ip 185.0.0.0 0.255.255.255 any
 deny   ip 192.0.2.0 0.0.0.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 197.0.0.0 0.255.255.255 any
 deny   ip 223.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   icmp any any fragments
 permit tcp any any eq smtp
 permit tcp any any eq 443
 permit udp any any eq isakmp
 permit udp any any eq non500-isakmp
 permit tcp any any eq telnet
ip access-list extended NAT
 deny   ip 192.168.2.0 0.0.0.255 172.16.2.0 0.0.0.255
 permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended ST
 permit ip 192.168.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
 exec-timeout 5 0
 authorization exec exec_check
 logging synchronous level all
 login authentication login_check
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 5 0
 authorization exec exec_check
 logging synchronous level all
 login authentication login_check
 transport input none
!
scheduler max-task-time 5000
!
end

Cisco Forum — Allgemein

Cisco Forum: Alles zum Thema CISCO Zertifizierungen CCNA, CCNP, CCSP, CCIE etc. — Q & A zum Thema CISCO Router, Switches und Firewalls