hallo, vreemd probleem hier thuis. Ik kan sinds ik een Cisco 877 thuis heb staan niet meer op de intranet site van mijn werk komen (https://IPADDRESS:444), sommige VPN's naar klanten werken niet, andere wel... etc...
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
User Access Verification
Password:
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
CISCO877#sh run
Building configuration...
Current configuration : 6962 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxx.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2488428791
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2488428791
revocation-check none
rsakeypair TP-self-signed-2488428791
!
!
crypto pki certificate chain TP-self-signed-2488428791
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343838 34323837 3931301E 170D3032 30333137 31303436
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383834
32383739 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81008F3E 6FBB8FDC 0E01A3F4 249B5FA3 ED3965A0 73CBCD15 EA828D15 BA74C42D
A00ACB0D 45C8FC23 063D7992 140A6BB7 9A0FCF2C EE5B7565 34ED3401 0C23E7F6
8466C8A9 F0C077EB 36234C23 76086C7B C55E7CEE 5F60DC31 5C3837AE CC491A6E
24974D8E 16E2137B A567E45A E3CF8D53 6450EBBA EA9DBC2A 0D4DD32B 329F666F
4B7B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14A6D8B2 4648EC69 D124EDEF 905AB483 84227F64
4C301D06 03551D0E 04160414 A6D8B246 48EC69D1 24EDEF90 5AB48384 227F644C
300D0609 2A864886 F70D0101 04050003 81810050 D4458279 A391FCB3 FAB40E37
5467A30C B4F42D8F A38B809D ADA36433 FE72BA1D 87F8B6CA 63392B5F AC74EAEA
7824727B 49A1F0E7 D4C8E73F BBA7DFEB 59BA2796 7EE84E4D 73308170 5D5A221F
720EFBDB 00AAF6D6 CCA2A98A B29560F5 4994A71F E20B7BF2 2331F30D 429E770A
2E870AE5 582B7308 184D721E D307B671 788BD1
quit
dot11 syslog
!
dot11 ssid xxxxxx
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxx
!
no ip cef
no ip dhcp use vrf connected
!
ip dhcp pool dhcppool
import all
network 192.168.16.0 255.255.255.0
default-router 192.168.16.254
dns-server 203.208.64.11 203.208.88.11
lease 3
!
!
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall pptp
ip inspect name firewall rtsp
ip inspect name firewall skinny
no ip domain lookup
ip domain name yourdomain.com
!
!
!
username admin privilege 15 secret 5 xxxxxxxxxx
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
switchport mode trunk
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid Dr.Evil
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description ***LAN network***
no ip address
ip virtual-reassembly
ip tcp adjust-mss 1400
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
description **** WAN ****
ip address dhcp
ip inspect firewall out
ip nat outside
ip virtual-reassembly
!
interface Dialer1
no ip address
no cdp enable
!
interface BVI1
ip address 192.168.16.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Vlan2
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 11 interface Vlan2 overload
ip nat inside source static tcp 192.168.16.230 36467 interface BVI1 36467
ip nat inside source static tcp 192.168.16.4 3389 interface FastEthernet0 3391
!
access-list 11 remark *** LAN NAT***
access-list 11 permit 192.168.16.0 0.0.0.255
access-list 23 permit 192.168.16.0 0.0.0.255
no cdp run
!
!
!
control-plane
!
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password xxxxxxxxx
login
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
CISCO877#
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
User Access Verification
Password:
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
CISCO877#sh run
Building configuration...
Current configuration : 6962 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxx.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2488428791
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2488428791
revocation-check none
rsakeypair TP-self-signed-2488428791
!
!
crypto pki certificate chain TP-self-signed-2488428791
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343838 34323837 3931301E 170D3032 30333137 31303436
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383834
32383739 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81008F3E 6FBB8FDC 0E01A3F4 249B5FA3 ED3965A0 73CBCD15 EA828D15 BA74C42D
A00ACB0D 45C8FC23 063D7992 140A6BB7 9A0FCF2C EE5B7565 34ED3401 0C23E7F6
8466C8A9 F0C077EB 36234C23 76086C7B C55E7CEE 5F60DC31 5C3837AE CC491A6E
24974D8E 16E2137B A567E45A E3CF8D53 6450EBBA EA9DBC2A 0D4DD32B 329F666F
4B7B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14A6D8B2 4648EC69 D124EDEF 905AB483 84227F64
4C301D06 03551D0E 04160414 A6D8B246 48EC69D1 24EDEF90 5AB48384 227F644C
300D0609 2A864886 F70D0101 04050003 81810050 D4458279 A391FCB3 FAB40E37
5467A30C B4F42D8F A38B809D ADA36433 FE72BA1D 87F8B6CA 63392B5F AC74EAEA
7824727B 49A1F0E7 D4C8E73F BBA7DFEB 59BA2796 7EE84E4D 73308170 5D5A221F
720EFBDB 00AAF6D6 CCA2A98A B29560F5 4994A71F E20B7BF2 2331F30D 429E770A
2E870AE5 582B7308 184D721E D307B671 788BD1
quit
dot11 syslog
!
dot11 ssid xxxxxx
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxx
!
no ip cef
no ip dhcp use vrf connected
!
ip dhcp pool dhcppool
import all
network 192.168.16.0 255.255.255.0
default-router 192.168.16.254
dns-server 203.208.64.11 203.208.88.11
lease 3
!
!
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall pptp
ip inspect name firewall rtsp
ip inspect name firewall skinny
no ip domain lookup
ip domain name yourdomain.com
!
!
!
username admin privilege 15 secret 5 xxxxxxxxxx
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
switchport mode trunk
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid Dr.Evil
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description ***LAN network***
no ip address
ip virtual-reassembly
ip tcp adjust-mss 1400
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
description **** WAN ****
ip address dhcp
ip inspect firewall out
ip nat outside
ip virtual-reassembly
!
interface Dialer1
no ip address
no cdp enable
!
interface BVI1
ip address 192.168.16.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Vlan2
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 11 interface Vlan2 overload
ip nat inside source static tcp 192.168.16.230 36467 interface BVI1 36467
ip nat inside source static tcp 192.168.16.4 3389 interface FastEthernet0 3391
!
access-list 11 remark *** LAN NAT***
access-list 11 permit 192.168.16.0 0.0.0.255
access-list 23 permit 192.168.16.0 0.0.0.255
no cdp run
!
!
!
control-plane
!
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password xxxxxxxxx
login
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
CISCO877#