OlafBahr 10 Geschrieben 28. August 2012 Melden Teilen Geschrieben 28. August 2012 :cry::confused::cry: Hi @all, hab einen Cisco 2921 den ich über einen FTTH mittels PPPOE einwählen möchte. Als Bridge verwenden wir einen Zyxel FSG 1100HN . Die Zyxel-Büchse als Bridge scheint zu funktionieren, wenn ich vom Rechner aus mit der Bridge eine PPPOE-Verbindung aufbaue klappt alles wunderbar. Hänge ich den Router mit seinem WAN-Port da dran bekomme ich immer einen "Padi timer expire", also keine Antwort. Die Port-LED beim Router und bei der Bridge leuchten wenn sie verbunden sind. Hat einer eine Idee was da los sein könnte? Besten Dank Olaf Zitieren Link zu diesem Kommentar
blackbox 10 Geschrieben 28. August 2012 Melden Teilen Geschrieben 28. August 2012 Die Meldung bedeutet - das keine Anwort vom ISP kommt auf den Reqeuest. Hast du evtl. mal die COnfig - evtl. ist da ja was falsch gebunden... Zitieren Link zu diesem Kommentar
OlafBahr 10 Geschrieben 28. August 2012 Autor Melden Teilen Geschrieben 28. August 2012 Current configuration : 9029 bytes ! ! No configuration change since last restart version 15.1 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service sequence-numbers ! hostname rt01 ! boot-start-marker boot-end-marker ! ! logging buffered 51200 logging console critical enable secret 4 xyz ! aaa new-model ! ! aaa authentication login default local aaa authentication login clientVPN local aaa authentication enable default group ADMINS enable aaa authorization exec default local aaa authorization network default local ! ! ! ! ! aaa session-id common ! clock timezone MEZ 1 0 clock summer-time MESZ recurring ! no ipv6 cef ip source-route ip cef ! ! ! ! ! ip domain name ociyacht.com ! multilink bundle-name authenticated ! ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-3013015771 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3013015771 revocation-check none rsakeypair TP-self-signed-3013015771 ! ! crypto pki certificate chain TP-self-signed-3013015771 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33303133 30313537 3731301E 170D3132 30343330 31353032 35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30313330 31353737 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A056 57EFAF1B 8C53B21E 3064889D F125358D F88283DD 8B1FAEEC F0BC4AF6 D282FAC0 0DF8804B 8479227E 712A3411 268830BA 0CE4F928 741F2C90 FA331BF7 EAC788B3 5FFCCE00 BB51A5DB 649AE08E 282B2905 33A1821A 13CDAB55 34511095 030D2DB4 13EFE880 CCB38504 507A3CCB 0EC6236A 85D65570 F0AE35A9 0D766924 525D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14375784 E20C2425 1690E801 C986F4A4 14B633D3 1C301D06 03551D0E 04160414 375784E2 0C242516 90E801C9 86F4A414 B633D31C 300D0609 2A864886 F70D0101 05050003 8181009D 9D431D3A FE7D8375 BCC5E723 8F021099 11D5BF55 D62ACE82 A8544653 B8E92B5A B34F75AF FBA3297D D8C649E8 6258921F 5D0360D0 77725CDE 58AF4A5B D5CD7ED8 BA18F51F 0C561061 6B7B04F2 83E1FE29 21098432 B4DDD2C3 62277BE3 9AA5DD76 B11BEE43 3CC08396 111F04DB 12D56CC9 36175B33 D16C3F4A BC8733B8 DD3A8C quit license udi pid CISCO2921/K9 sn 1234567890 ! ! username abc privilege 15 secret 4 xyz username abc privilege 15 secret 4 xyz username abc privilege 15 secret 5 xyz ! redundancy ! ! ! ! ip tcp synwait-time 10 ! ! crypto isakmp policy 2 encr aes 256 authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key xyz address 5.6.7.8 crypto isakmp key xyz address 1.2.3.4 ! crypto isakmp client configuration group VPNlocal key xyz pool iprangelocal crypto isakmp profile AuthClient description *** Authentication by Router *** match identity group VPNlocal client authentication list clientVPN isakmp authorization list default client configuration address respond ! crypto ipsec security-association lifetime seconds 28800 ! crypto ipsec transform-set SET esp-aes 256 esp-sha-hmac crypto ipsec transform-set SET2 esp-3des esp-md5-hmac crypto ipsec transform-set SET3 esp-3des esp-sha-hmac ! crypto dynamic-map dynmap 5 set transform-set SET set isakmp-profile AuthClient ! ! Zitieren Link zu diesem Kommentar
OlafBahr 10 Geschrieben 28. August 2012 Autor Melden Teilen Geschrieben 28. August 2012 crypto map OceanVPN 2 ipsec-isakmp dynamic dynmap crypto map OceanVPN 100 ipsec-isakmp description ** VPN L2L conn to RZ ** set peer 5.6.7.8 set transform-set SET set pfs group2 match address 104 crypto map OceanVPN 101 ipsec-isakmp description ** VPN L2L to Service** set peer 1.2.3.4 set transform-set SET set pfs group2 match address 105 ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address ip flow ingress shutdown ! interface GigabitEthernet0/0 description ** Management LAN ** ip address 10.41.10.160 255.255.255.0 ip flow ingress duplex auto speed auto ! interface GigabitEthernet0/1 description ** DMZ to ASA ** ip address 192.168.99.2 255.255.255.0 ip flow ingress ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/2 description ** Access to Internet ** no ip address no ip redirects no ip unreachables no ip proxy-arp ip tcp adjust-mss 1452 duplex full speed 100 pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface Dialer1 ip address negotiated ip accounting output-packets ip mtu 1452 ip nat outside no ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname username@provider ppp chap password 7 xyz ppp pap sent-username username@provider password 7 xyz ppp ipcp dns request no cdp enable crypto map OceanVPN ! ip local pool iprangelocal 192.168.254.1 192.168.254.31 ip forward-protocol nd ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source list 102 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 permanent ip route 10.0.2.0 255.255.255.0 10.41.10.2 ip route 192.168.1.0 255.255.255.0 192.168.99.1 ip route 192.168.100.0 255.255.255.0 192.168.99.1 ! ip access-list extended INTERNET permit udp any any eq non500-isakmp permit udp any any eq isakmp permit esp any any permit ahp any any permit udp host 82.220.2.2 any eq ntp permit tcp any any eq 123 permit udp any any eq bootpc permit udp any any eq bootps deny tcp any any eq ftp deny tcp any any eq smtp deny tcp any any eq finger deny tcp any any eq 139 deny tcp any any eq domain deny tcp any any eq 443 deny tcp any any eq 22 deny tcp any any eq telnet deny udp any any eq tftp deny udp any any eq netbios-ns deny udp any any eq netbios-dgm deny udp any any eq netbios-ss deny udp any any eq snmp deny udp any any eq 135 deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip host 255.255.255.255 any permit icmp any any echo-reply deny icmp any any log permit ip any any ! logging trap debugging access-list 23 permit 10.10.10.0 0.0.0.7 access-list 23 permit 87.234.202.0 0.0.0.255 access-list 23 permit 10.0.21.0 0.0.0.255 access-list 23 permit 10.0.2.0 0.0.0.15 access-list 23 permit 10.41.10.0 0.0.0.255 access-list 23 permit 10.49.10.0 0.0.0.255 access-list 23 permit 192.168.1.0 0.0.0.255 access-list 23 permit 10.0.6.0 0.0.0.15 access-list 23 permit 192.168.254.0 0.0.0.255 Zitieren Link zu diesem Kommentar
OlafBahr 10 Geschrieben 28. August 2012 Autor Melden Teilen Geschrieben 28. August 2012 access-list 102 deny ip 192.168.1.0 0.0.0.255 10.0.21.0 0.0.0.255 access-list 102 deny ip 192.168.1.0 0.0.0.255 10.0.2.0 0.0.0.255 access-list 102 deny ip 192.168.1.0 0.0.0.255 10.0.6.0 0.0.0.255 access-list 102 deny ip 192.168.99.0 0.0.0.255 10.0.21.0 0.0.0.255 access-list 102 deny ip 192.168.99.0 0.0.0.255 10.0.2.0 0.0.0.255 access-list 102 deny ip 192.168.99.0 0.0.0.255 10.0.6.0 0.0.0.255 access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.168.0 0.0.0.255 access-list 102 deny ip 192.168.100.0 0.0.0.255 192.168.168.0 0.0.0.255 access-list 102 deny ip 192.168.254.0 0.0.0.255 192.168.168.0 0.0.0.255 access-list 102 permit ip 192.168.0.0 0.0.255.255 any access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.168.0 0.0.0.255 access-list 104 permit ip 192.168.100.0 0.0.0.255 192.168.168.0 0.0.0.255 access-list 104 permit ip 192.168.254.0 0.0.0.255 192.168.168.0 0.0.0.255 access-list 105 permit ip 192.168.1.0 0.0.0.255 10.0.6.0 0.0.0.255 access-list 105 permit ip 192.168.99.0 0.0.0.255 10.0.6.0 0.0.0.255 dialer-list 1 protocol ip permit ! ! ! ! ! ! ! ! control-plane ! ! banner motd ^C ************************************************************************** * * * ! UNAUTHORIZED USE IS PROHIBITED ! * * * ************************************************************************** ^C ! line con 0 privilege level 15 transport output telnet line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 access-class 23 in privilege level 15 password 7 xyz transport input telnet ssh escape-character 3 line vty 5 15 access-class 23 in privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ntp server 82.220.2.2 end rt01# Zitieren Link zu diesem Kommentar
blackbox 10 Geschrieben 29. August 2012 Melden Teilen Geschrieben 29. August 2012 Hi, vermisse : vpdn enable vpdn-group 1 Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.