Zum Inhalt wechseln


Foto

Cisco 1812 K9


  • Bitte melde dich an um zu Antworten
53 Antworten in diesem Thema

#31 Wordo

Wordo

    Board Veteran

  • 3.213 Beiträge

 

Geschrieben 25. November 2009 - 15:24

Was sagt "sh int fa1"?

#32 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 15:25

CHOSS-Cisco#sh int fa1
FastEthernet1 is up, line protocol is up
Hardware is PQ3_TSEC, address is 0024.14aa.e601 (bia 0024.14aa.e601)
Description: Internet_Port$FW_OUTSIDE$
Internet address is 88.151.70.82/29
MTU 1452 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex, Auto Speed, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:04:19, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
184 packets input, 15823 bytes
Received 39 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
1961 packets output, 194170 bytes, 0 underruns
0 output errors, 0 collisions, 12 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Iceman ist Überall und Nirgendwo

#33 Wordo

Wordo

    Board Veteran

  • 3.213 Beiträge

 

Geschrieben 25. November 2009 - 15:41

Mach mal ein write und starte beide Geraete neu ...

#34 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 16:00

access-list 1 any 192.168.0.0 255.255.255.0????
kann das sein das der befehl irgend wie falsch ist?
Iceman ist Überall und Nirgendwo

#35 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 16:01

ping vom router geht wieder aber die clients nicht
Iceman ist Überall und Nirgendwo

#36 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 17:12

ich kann von den Clients jeweils bis zum router Pingen aber wenn ich auf den IPS GW pinge geht nix
wenn ich vom Router auf den IPS GW pinge geht es!!!
Welche rechte muss ich noch setzen????
Iceman ist Überall und Nirgendwo

#37 blackbox

blackbox

    Board Veteran

  • 1.078 Beiträge

 

Geschrieben 25. November 2009 - 20:23

Hallo,

dein "NAT" nach aussen fehlt :

ip nat inside source list 1 interface FastEthernet1 overload

(List 1 bitte deine Access Liste kontrollieren - z.B. permit 192.168.2.0 0.0.0.255 wäre was richtiges).

(PS: Hast noch das gute alte "RIP" im Einsatz - staun :-)

#38 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 25. November 2009 - 20:40

hi blackbox,

das hab ich schon drinnen bringt nix sobald ich nen client den GW 192.168.3.254 zuweise geht der ping nicht auf google oder auf den GW vom Provider, soll ich Dir nochmal die Aktuelle Config Posten?
Iceman ist Überall und Nirgendwo

#39 Otaku19

Otaku19

    Expert Member

  • 1.948 Beiträge

 

Geschrieben 25. November 2009 - 21:18

lass aber den ganzen unnötigen krempel weg

Done: 640-801; 640-553; 642-524; 642-515; 642-892; 642-832; 642-504; 640-863; 642-627; 642-874; 642-785; ITIL v3 Foundation
Enterasys Systems Engineer; CompTIA Sec+; CompTIA Mobility+; CISSP; CISSP-ISSAP; Barracuda NGSE/NGSX; CISM


#40 blackbox

blackbox

    Board Veteran

  • 1.078 Beiträge

 

Geschrieben 25. November 2009 - 21:57

Jau gibt mal die Config

#41 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 26. November 2009 - 04:09

Building configuration...

Current configuration : 10769 bytes
!
! Last configuration change at 06:00:00 Berlin Thu Nov 26 2009 by Admin
! NVRAM config last updated at 06:02:53 Berlin Thu Nov 26 2009 by Admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CHOSS-Cisco
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
enable secret 5 $1$yItG$.0vfgfJ7sndOXA/12UkzA0
enable password XXXXXXXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3776332574
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3776332574
revocation-check none
rsakeypair TP-self-signed-3776332574
!
!
crypto pki certificate chain TP-self-signed-3776332574
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373736 33333235 3734301E 170D3039 31313235 31363437
33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37373633
33323537 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AE04 4D2991DF 084E9EDD 82F9B42A 85F2FC53 3994A79D A269A45B B23744BC
B9642EE1 31B415D3 2CBE9D59 6615445D 9CCF5202 151FD06D 4C0159CB 2E41FF5E
87D0A680 C3AF8569 DFC3CD5D 736C569C 98F270FB 92717156 6F333919 69387BD6
BBC42DC5 1976EE4B 3B5018E1 E209EA03 32FC42CE 0F52DAA7 C6D165D5 DCF9F461
3DB70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 1743484F 53532D43 6973636F 2E63686F 73732D69 742E6465
301F0603 551D2304 18301680 14FC9B70 E5CD8081 EA083189 03C636E5 252DFE81
02301D06 03551D0E 04160414 FC9B70E5 CD8081EA 08318903 C636E525 2DFE8102
300D0609 2A864886 F70D0101 04050003 81810010 A066B47A FF220E59 85EDCA96
284BC1D9 7662B1B7 52BEF23B EBE0FECE 75AD126C F3B1A704 B7B0D2F5 BC9714C9
7177E009 37428DDD 823A96AB B27FD133 C1125A8E 05822D12 25FFA934 4FBEF416
70108F27 504F33F0 FDC4C195 6771AFF9 589E2FF2 4B1F2E2A 5232B232 046FFD5E
5645CE9A 2445E960 CB3A1382 835B4878 A511F9
quit
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name choss-it.de
ip name-server 88.151.64.34
ip name-server 88.92.4.176
ip name-server 192.168.0.1
ip name-server 192.168.0.2
ip port-map user-protocol--2 port tcp 20
ip port-map user-protocol--3 port tcp 8333
ip port-map user-protocol--1 port tcp 8000
ip port-map user-protocol--4 port tcp 8787
ip ips notify SDEE
ip ips name myips
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
Iceman ist Überall und Nirgendwo

#42 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 26. November 2009 - 04:10

parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com

!
!
username XXXXXXX privilege 15 password 0 XXXXXXXXXXXXX
!
!
!
Iceman ist Überall und Nirgendwo

#43 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 26. November 2009 - 04:11

archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
!
!
!
!
interface FastEthernet0
description Programmier Interface$ETH-LAN$$FW_INSIDE$
ip address 192.168.0.251 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
description Internet_Port$FW_OUTSIDE$
mtu 1452
ip address 88.151.70.82 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no keepalive
no cdp enable
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
no cdp enable
!
interface FastEthernet2
description Netgear_UPLINK
duplex full
speed 100
no cdp enable
!
interface FastEthernet3
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet4
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet5
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet6
description HP_2600N
duplex full
speed 100
no cdp enable
!
interface FastEthernet7
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet8
shutdown
duplex full
speed 100
no cdp enable
!
interface FastEthernet9
shutdown
duplex full
speed 100
no cdp enable
!
interface Vlan1
description 192.168.0.0_Knoten$FW_INSIDE$
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip split-horizon
!
Iceman ist Überall und Nirgendwo

#44 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 26. November 2009 - 04:12

router rip
passive-interface FastEthernet1
passive-interface Vlan1
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
no auto-summary
!
ip local pool SDM_POOL_1 192.168.1.110 192.168.1.111
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 88.151.70.81
ip http server
ip http authentication local
ip http secure-server
!
ip flow-cache timeout active 1
!
ip nat inside source static tcp 192.168.0.1 80 interface FastEthernet1 80
ip nat inside source static tcp 192.168.0.200 25 interface FastEthernet1 25
ip nat inside source static tcp 192.168.0.2 8000 interface FastEthernet1 8000
ip nat inside source static tcp 192.168.0.1 21 interface FastEthernet1 21
ip nat inside source static tcp 192.168.0.1 20 interface FastEthernet1 20
ip nat inside source static tcp 192.168.0.2 8333 interface FastEthernet1 8333
ip nat inside source static tcp 192.168.0.7 8787 interface FastEthernet1 8787
ip nat inside source list 1 interface FastEthernet1 overload
!
ip access-list standard local
!
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
logging trap debugging
logging facility syslog
logging 192.168.0.21
access-list 101 deny ip any any
access-list 102 deny udp any eq netbios-dgm any
access-list 102 deny udp any eq netbios-ns any
access-list 102 deny udp any eq netbios-ss any
access-list 102 deny udp any range snmp snmptrap any
access-list 102 deny udp any range bootps bootpc any
access-list 102 deny tcp any eq 137 any
access-list 102 deny tcp any eq 138 any
access-list 102 deny tcp any eq 139 any
access-list 102 permit ip any any
snmp-server community puplic RO
snmp-server community public RW
snmp-server community cisco RW
snmp-server trap-source FastEthernet1
snmp-server location Munich
snmp-server contact Alexander Voigt
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps flash insertion removal
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps envmon
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
Iceman ist Überall und Nirgendwo

#45 Iceman7

Iceman7

    Member

  • 228 Beiträge

 

Geschrieben 26. November 2009 - 04:13

snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dlsw
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps pw vc
snmp-server enable traps event-manager
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server host 192.168.0.1 public
no cdp run

!
!
!
Iceman ist Überall und Nirgendwo