Zum Inhalt wechseln


Foto

Cisco 1812 K9


  • Bitte melde dich an um zu Antworten
53 Antworten in diesem Thema

#16 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 13:55

ist gemacht aber keine verbindung möglich
Ping nicht möglich....
Iceman ist Überall und Nirgendwo

#17 Wordo

Wordo

    Board Veteran

  • 3.213 Beiträge

 

Geschrieben 25. November 2009 - 14:07

Kannst du die komplette Config (bis auf Passwoerter) mal posten?

#18 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 14:10

Using 10140 out of 196600 bytes
!
! Last configuration change at 15:10:23 Berlin Wed Nov 25 2009 by Admin
! NVRAM config last updated at 15:10:23 Berlin Wed Nov 25 2009 by Admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CHOSS-Cisco
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXX
enable password XXXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3776332574
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3776332574
revocation-check none
rsakeypair TP-self-signed-3776332574
!
!
crypto pki certificate chain TP-self-signed-3776332574
certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name choss-it.de
ip name-server 88.151.64.34
ip name-server 88.92.4.176
ip port-map user-protocol--2 port tcp 20
ip port-map user-protocol--3 port tcp 8333
ip port-map user-protocol--1 port tcp 8000
ip port-map user-protocol--4 port tcp 8787
ip ips notify SDEE
ip ips name myips
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
parameter-map type regex sdm-regex-nonascii
Iceman ist Überall und Nirgendwo

#19 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 14:13

pattern [^\x00-\x80]

parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com

!
!
username admin privilege 15 password 0 VA2704$a
!
!
crypto isakmp policy 1
crypto isakmp key helferchen hostname 192.168.0.1 no-xauth
!
crypto isakmp client configuration group Global
key helferchen
dns 192.168.0.1 192.168.0.2
wins 192.168.0.1
domain choss-it.local
pool SDM_POOL_1
max-users 50
netmask 255.255.255.0
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_HTTPS
Iceman ist Überall und Nirgendwo

#20 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 14:14

match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
!
!
!
!
interface FastEthernet0
description Programmier Interface$ETH-LAN$$FW_INSIDE$
ip address 192.168.0.251 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
description Internet_Port$FW_OUTSIDE$
mtu 1452
ip address 88.151.70.82 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no keepalive
no cdp enable
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
no cdp enable
!
interface FastEthernet2
description Netgear_UPLINK
duplex full
speed 100
no cdp enable
!
interface FastEthernet3
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet4
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet5
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet6
description HP_2600N
duplex full
speed 100
no cdp enable
--More--
Iceman ist Überall und Nirgendwo

#21 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 14:14

interface FastEthernet7
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet8
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet9
shutdown
duplex full
speed 100
no cdp enable
!
interface Vlan1
description 192.168.0.0_Knoten$FW_INSIDE$
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
no ip split-horizon
!
router rip
passive-interface FastEthernet1
passive-interface Vlan1
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
no auto-summary
!
ip local pool SDM_POOL_1 192.168.1.110 192.168.1.111
ip default-gateway 88.151.70.81
ip forward-protocol nd
ip route 192.168.0.0 255.255.255.0 192.168.0.1
ip route 192.168.1.0 255.255.255.0 192.168.0.1
ip route 192.168.2.0 255.255.255.0 192.168.0.1
ip route 192.168.3.0 255.255.255.0 192.168.0.1
ip route 192.168.4.0 255.255.255.0 192.168.0.1
ip http server
ip http authentication local
ip http secure-server
!
ip flow-cache timeout active 1
!
ip nat pool Global 192.168.0.1 192.168.0.254 netmask 255.255.255.0
ip nat inside source static tcp 192.168.0.1 80 interface FastEthernet1 80
ip nat inside source static tcp 192.168.0.200 25 interface FastEthernet1 25
ip nat inside source static tcp 192.168.0.2 8000 interface FastEthernet1 8000
ip nat inside source static tcp 192.168.0.1 21 interface FastEthernet1 21
ip nat inside source static tcp 192.168.0.1 20 interface FastEthernet1 20
ip nat inside source static tcp 192.168.0.2 8333 interface FastEthernet1 8333
ip nat inside source static tcp 192.168.0.7 8787 interface FastEthernet1 8787
!
ip access-list standard local
!
ip access-list extended SDM_HTTPS
Iceman ist Überall und Nirgendwo

#22 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 14:15

ip access-list standard local
!
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
logging trap debugging
logging facility syslog
logging 192.168.0.21
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 deny ip any any
access-list 102 deny udp any eq netbios-dgm any
access-list 102 deny udp any eq netbios-ns any
access-list 102 deny udp any eq netbios-ss any
access-list 102 deny udp any range snmp snmptrap any
access-list 102 deny udp any range bootps bootpc any
access-list 102 deny tcp any eq 137 any
access-list 102 deny tcp any eq 138 any
access-list 102 deny tcp any eq 139 any
access-list 102 permit ip any any
access-list 150 permit ip 192.168.0.0 0.0.255.255 any
access-list 150 permit ip 0.0.0.0 255.255.255.0 any
snmp-server community puplic RO
snmp-server community public RW
snmp-server community cisco RW
snmp-server trap-source FastEthernet1
snmp-server location Munich
snmp-server contact Alexander Voigt
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps flash insertion removal
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps envmon
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dlsw
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps frame-relay
Iceman ist Überall und Nirgendwo

#23 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 14:16

snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps pw vc
snmp-server enable traps event-manager
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server host 192.168.0.1 public
no cdp run

!
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
password VA2704$a
transport input telnet ssh
!
no process cpu extended
no process cpu autoprofile hog
ntp master
ntp server 192.168.0.1
ntp server 192.168.0.254
Iceman ist Überall und Nirgendwo

#24 Wordo

Wordo

    Board Veteran

  • 3.213 Beiträge

 

Geschrieben 25. November 2009 - 14:18

Puh, von der Config wird doch nur 10% gebraucht oder?

Mach mal statt:

ip default-gateway 88.151.70.81

ip route 0.0.0.0 0.0.0.0 88.151.70.81


Bin mir jetzt nicht sicher ob das hilft, aber ist mir sofort aufgefallen.



EDIT: Den Ping machst du definitiv vom Router aus?
Poste noch ein "sh int fa1"

#25 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 14:43

der ping vom oute aus gh jetzt super a schn weiter geholfen
alerdings bekomme ich ite clients noch kein verbindung
obwohl ich den gateway auf 192.168.3.254 getellt hatte
Iceman ist Überall und Nirgendwo

#26 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 15:00

jetzt geht der ping nicht mehr
Iceman ist Überall und Nirgendwo

#27 Wordo

Wordo

    Board Veteran

  • 3.213 Beiträge

 

Geschrieben 25. November 2009 - 15:01

An welchem Port haengt das Kabel zu deinem LAN? FastEthernet0?

#28 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 15:11

auf dem mache ich die Programmierung falls ich nicht übe das V-lan rann komme
ander fa2 hängt der switch
Iceman ist Überall und Nirgendwo

#29 Wordo

Wordo

    Board Veteran

  • 3.213 Beiträge

 

Geschrieben 25. November 2009 - 15:14

Kannst du von Router aus einen Client auf 192.168.3 pingen (Client-Firewall deaktivieren)?

Poste mal ein "sh arp" vom Router (nach den Pingversuchen)

#30 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 15:21

CHOSS-Cisco#ping google.de

Translating "google.de"...domain server (88.151.64.34) (88.92.4.176)
% Unrecognized host or address, or protocol not running.

CHOSS-Cisco#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 88.151.70.81 47 0001.38e1.a61f ARPA FastEthernet1
Internet 88.151.70.82 - 0024.14aa.e601 ARPA FastEthernet1
Internet 192.168.0.1 0 000d.6118.66ae ARPA FastEthernet0
Internet 192.168.0.7 0 000c.2970.b715 ARPA FastEthernet0
Internet 192.168.0.21 0 001e.8cb4.2f57 ARPA FastEthernet0
Internet 192.168.0.250 0 0023.08a7.75e3 ARPA FastEthernet0
Internet 192.168.0.251 - 0024.14aa.e600 ARPA FastEthernet0
Internet 192.168.0.254 3 0009.5bc0.557e ARPA FastEthernet0
Internet 192.168.3.254 - 0024.14aa.e600 ARPA Vlan1
CHOSS-Cisco#ping 88.151.70.81

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 88.151.70.81, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Iceman ist Überall und Nirgendwo