Hallo,
Ben als hobby een netwerk aan het opzetten voor een kennis met een cisco 876 router.
Na een hoop uren is het meeste wel gelukt alleen krijg ik draadloos er niet veel leven in.
De interface komt wel op en ik kan er verbinding mee maken. Alleen ik wil onder dezelfde
regels als de ethernet inteface vlan1, naar internet, de vpn tunnel en naar de computers in
het 192.168.0.0 subnet kunnen verbinden. Na vele uren proberen wil dit niet lukken en het
lijkt me gewoon een kleinigheidje wat ik over het hoofd zie
. Er zijn erg weinig voorbeeld
configuraties te vinden m.b.t. wireless gedeelte van de 876.
Ik hoop dan ook dat hier iemand is die wat verstand heeft van cisco ios en mij kan helpen
met dit probleem. Hieronder zal ik de running config plakken. Wat privedingen heb ik eruit
ge-xed.
Alvast bedankt voor het lezen van de post en alvast bedankt voor de hulp.
Groeten,
Bor
Building configuration...
Current configuration : 12813 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx_xxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-xxxxxxxxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxxxxxx
revocation-check none
rsakeypair TP-self-signed-xxxxxxxxxxxxxxxxxxx
!
!
crypto pki certificate chain TP-self-signed-xxxxxxxxxxxxx
certificate self-signed 01
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
quit
dot11 syslog
dot11 vlan-name WIRELESS vlan 200
!
dot11 ssid Wireless_network
vlan 200
authentication open
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
lease 1 2
!
ip dhcp pool Vlan200
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.0.254
!
!
!
!
!
username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxx
username xxxxxx password 0 xxxxxxx
username xxxxxx password 0 xxxxxxx
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxx address xxxxxxxxxx no-xauth
!
crypto isakmp client configuration group xxxxxxxx
key xxxxxx
pool VPN
!
!
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set vpnset
!
!
crypto map lima 10 ipsec-isakmp
set peer xxxxxxxxxxxxx
set transform-set vpnset
match address 103
crypto map lima 20 ipsec-isakmp dynamic dynmap
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 106
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 105
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 104
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect sdm-permit
class type inspect SDM_VPN_PT
pass
class type inspect sdm-access
inspect
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-VPNOutsideToInside-1
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 200 key 1 size 128bit 0 xxxxxxxxxxxxxxxxxxxxx transmit-key
encryption vlan 200 mode wep mandatory
!
ssid Wireless_network
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.200
encapsulation dot1Q 200 native
ip address 192.168.1.1 255.255.255.0
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 104 in
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxx
ppp chap password 0 xxxxxxxx
ppp pap sent-username xxxxxxxxxxxx password 0 xxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map lima
!
ip local pool VPN 192.168.10.1 192.168.10.20
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=129
access-list 101 permit ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255
access-list 101 permit udp host xxxxxxxxxxxx any eq non500-isakmp
access-list 101 permit udp host xxxxxxxxxxxx any eq isakmp
access-list 101 permit esp host xxxxxxxxxxxx any
access-list 101 permit ahp host xxxxxxxxxxxx any
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 101 permit ip any any
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=4
access-list 103 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 104 remark SDM_ACL Category=129
access-list 104 permit ip any any
access-list 105 remark SDM_ACL Category=128
access-list 105 permit ip host xxxxxxxxxxxx any
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255
access-list 111 remark SDM_ACL Category=1
access-list 111 permit ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255
access-list 111 permit udp host xxxxxxxxxxxx any eq non500-isakmp
access-list 111 permit udp host xxxxxxxxxxxx any eq isakmp
access-list 111 permit esp host xxxxxxxxxxxx any
access-list 111 permit ahp host xxxxxxxxxxxx any
access-list 111 permit ahp any any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit udp any any eq non500-isakmp
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit gre any any
access-list 111 permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 111 permit tcp any any eq telnet
access-list 111 permit ip host 193.172.44.45 any
access-list 111 permit ip host 193.172.44.78 any
access-list 111 permit ip host 194.151.107.44 any
access-list 111 permit ip host 194.151.107.76 any
access-list 111 permit ip any host 193.172.44.45
access-list 111 permit ip any host 193.172.44.78
access-list 111 permit ip any host 194.151.107.44
access-list 111 permit ip any host 194.151.101.76
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit udp any any eq netbios-dgm
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
control-plane
!
banner login ^CCCCCC
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 120 0
privilege level 15
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
end
Ben als hobby een netwerk aan het opzetten voor een kennis met een cisco 876 router.
Na een hoop uren is het meeste wel gelukt alleen krijg ik draadloos er niet veel leven in.
De interface komt wel op en ik kan er verbinding mee maken. Alleen ik wil onder dezelfde
regels als de ethernet inteface vlan1, naar internet, de vpn tunnel en naar de computers in
het 192.168.0.0 subnet kunnen verbinden. Na vele uren proberen wil dit niet lukken en het
lijkt me gewoon een kleinigheidje wat ik over het hoofd zie
. Er zijn erg weinig voorbeeldconfiguraties te vinden m.b.t. wireless gedeelte van de 876.
Ik hoop dan ook dat hier iemand is die wat verstand heeft van cisco ios en mij kan helpen
met dit probleem. Hieronder zal ik de running config plakken. Wat privedingen heb ik eruit
ge-xed.
Alvast bedankt voor het lezen van de post en alvast bedankt voor de hulp.
Groeten,
Bor
Building configuration...
Current configuration : 12813 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx_xxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-xxxxxxxxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxxxxxx
revocation-check none
rsakeypair TP-self-signed-xxxxxxxxxxxxxxxxxxx
!
!
crypto pki certificate chain TP-self-signed-xxxxxxxxxxxxx
certificate self-signed 01
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
quit
dot11 syslog
dot11 vlan-name WIRELESS vlan 200
!
dot11 ssid Wireless_network
vlan 200
authentication open
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
lease 1 2
!
ip dhcp pool Vlan200
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.0.254
!
!
!
!
!
username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxx
username xxxxxx password 0 xxxxxxx
username xxxxxx password 0 xxxxxxx
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxx address xxxxxxxxxx no-xauth
!
crypto isakmp client configuration group xxxxxxxx
key xxxxxx
pool VPN
!
!
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set vpnset
!
!
crypto map lima 10 ipsec-isakmp
set peer xxxxxxxxxxxxx
set transform-set vpnset
match address 103
crypto map lima 20 ipsec-isakmp dynamic dynmap
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 106
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 105
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 104
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect sdm-permit
class type inspect SDM_VPN_PT
pass
class type inspect sdm-access
inspect
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-VPNOutsideToInside-1
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 200 key 1 size 128bit 0 xxxxxxxxxxxxxxxxxxxxx transmit-key
encryption vlan 200 mode wep mandatory
!
ssid Wireless_network
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.200
encapsulation dot1Q 200 native
ip address 192.168.1.1 255.255.255.0
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 104 in
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxx
ppp chap password 0 xxxxxxxx
ppp pap sent-username xxxxxxxxxxxx password 0 xxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map lima
!
ip local pool VPN 192.168.10.1 192.168.10.20
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=129
access-list 101 permit ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255
access-list 101 permit udp host xxxxxxxxxxxx any eq non500-isakmp
access-list 101 permit udp host xxxxxxxxxxxx any eq isakmp
access-list 101 permit esp host xxxxxxxxxxxx any
access-list 101 permit ahp host xxxxxxxxxxxx any
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 101 permit ip any any
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=4
access-list 103 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 104 remark SDM_ACL Category=129
access-list 104 permit ip any any
access-list 105 remark SDM_ACL Category=128
access-list 105 permit ip host xxxxxxxxxxxx any
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255
access-list 111 remark SDM_ACL Category=1
access-list 111 permit ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.0.255
access-list 111 permit udp host xxxxxxxxxxxx any eq non500-isakmp
access-list 111 permit udp host xxxxxxxxxxxx any eq isakmp
access-list 111 permit esp host xxxxxxxxxxxx any
access-list 111 permit ahp host xxxxxxxxxxxx any
access-list 111 permit ahp any any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit udp any any eq non500-isakmp
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit gre any any
access-list 111 permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 111 permit tcp any any eq telnet
access-list 111 permit ip host 193.172.44.45 any
access-list 111 permit ip host 193.172.44.78 any
access-list 111 permit ip host 194.151.107.44 any
access-list 111 permit ip host 194.151.107.76 any
access-list 111 permit ip any host 193.172.44.45
access-list 111 permit ip any host 193.172.44.78
access-list 111 permit ip any host 194.151.107.44
access-list 111 permit ip any host 194.151.101.76
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit udp any any eq netbios-dgm
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
control-plane
!
banner login ^CCCCCC
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 120 0
privilege level 15
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
end
/u/204561/crop5fbec65c0200b_cropped.png?f=community)