877 con la F5 NGI [risolto]
Inviato: lun 05 ott , 2009 9:55 am
Ragazzi, ho un problema con 877 e la linea NGI.
Precisamente:
entrando in ssh nel router riesco a pingare con successo dei IP esterni.
Collegando invece un PC direttamente dietro il router - non navigo e non pingo dei IP esterni...forse mi manca qualche riga nel config?
Sarei molto grato se potreste dargli un'occhiatina veloce..
Ecco il mio conf attuale...
Cisco877#sh run
Building configuration...
Current configuration : 4369 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco877
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GMsk$J4NfGyWWivL95..NBZ7hU0
enable password XXXXxxxXX
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2724824706
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2724824706
revocation-check none
rsakeypair TP-self-signed-2724824706
!
!
crypto pki certificate chain TP-self-signed-2724824706
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373234 38323437 3036301E 170D3032 30333031 31313538
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37323438
32343730 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009DE5 8D1E0A5B 131627F0 7EE0F603 C94ADD6A F6392CCC 4867C3D3 AE58F8A6
CF8C4FD8 F5DBAA3A F6C9F01F AF1CBE5A EC1C23C9 E00D213E FB0E025F CF3A088B
C679ED7C 48076695 58440224 4010EE7A 2EF3F7E0 18D6E030 FD647FFA 27976DC2
623B9FC3 B2CF97BB 0507B571 ECE1B34A 3053843B 9BBDFA2A 723E5B16 C39EDB9E
8F810203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08436973 636F3837 37301F06 03551D23 04183016 80145785
9522C503 8EF33640 586BED9C 4DD2C818 8615301D 0603551D 0E041604 14578595
22C5038E F3364058 6BED9C4D D2C81886 15300D06 092A8648 86F70D01 01040500
03818100 537DEEBE 88BCED77 4710D765 9273C2F9 26A8A54C B4E6BBEE D29E0075
45AD340F 882375D2 952A407D 44207D0D A386FEE5 F3DA1B06 BEA9C5AC 330BE091
F647912E A3C8C27C 9586916C A189E4B7 618D5EAA D472620D 594C5E96 5CF85D07
9DA25EE2 E8E64104 FF5283D7 6781D040 14776650 5945EA5E 35BF05A6 2F31C46D 35E8C239
quit
dot11 syslog
ip cef
!
!
!
!
!
username administrator privilege 15 secret 5 $1$K1G3$caADZCFZO/N06vP4h9WZO/
username admin secret 5 $1$mO6.$EDyl5t4.uh5FawMrpXozc1
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.0.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username XXXXXX password 0 XXXxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 81.174.0.1
ip route 10.0.3.0 255.255.255.0 10.0.1.254
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat source static tcp 10.0.1.5 909 interface Dialer0 909
ip nat source static tcp 10.0.1.10 222 interface Dialer0 222
ip nat source static tcp 10.0.1.10 4445 interface Dialer0 4445
ip nat source static tcp 10.0.1.10 5060 interface Dialer0 5060
ip nat source static udp 10.0.1.10 5060 interface Dialer0 5060
ip nat source static tcp 10.0.1.252 8001 interface Dialer0 80
ip nat source static tcp 10.0.1.200 143 interface Dialer0 143
ip nat source static tcp 10.0.1.200 53 interface Dialer0 53
ip nat source static tcp 10.0.1.200 900 interface Dialer0 900
ip nat source static tcp 10.0.1.253 2302 interface Dialer0 23
ip nat source static tcp 10.0.1.254 2200 interface Dialer0 22
ip nat source static tcp 10.0.1.254 44300 interface Dialer0 443
ip nat source static tcp 10.0.1.200 903 interface Dialer0 903
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.0.1.5
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password xXXXx
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Cisco877#
Precisamente:
entrando in ssh nel router riesco a pingare con successo dei IP esterni.
Collegando invece un PC direttamente dietro il router - non navigo e non pingo dei IP esterni...forse mi manca qualche riga nel config?
Sarei molto grato se potreste dargli un'occhiatina veloce..
Ecco il mio conf attuale...
Cisco877#sh run
Building configuration...
Current configuration : 4369 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco877
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GMsk$J4NfGyWWivL95..NBZ7hU0
enable password XXXXxxxXX
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2724824706
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2724824706
revocation-check none
rsakeypair TP-self-signed-2724824706
!
!
crypto pki certificate chain TP-self-signed-2724824706
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373234 38323437 3036301E 170D3032 30333031 31313538
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37323438
32343730 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009DE5 8D1E0A5B 131627F0 7EE0F603 C94ADD6A F6392CCC 4867C3D3 AE58F8A6
CF8C4FD8 F5DBAA3A F6C9F01F AF1CBE5A EC1C23C9 E00D213E FB0E025F CF3A088B
C679ED7C 48076695 58440224 4010EE7A 2EF3F7E0 18D6E030 FD647FFA 27976DC2
623B9FC3 B2CF97BB 0507B571 ECE1B34A 3053843B 9BBDFA2A 723E5B16 C39EDB9E
8F810203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08436973 636F3837 37301F06 03551D23 04183016 80145785
9522C503 8EF33640 586BED9C 4DD2C818 8615301D 0603551D 0E041604 14578595
22C5038E F3364058 6BED9C4D D2C81886 15300D06 092A8648 86F70D01 01040500
03818100 537DEEBE 88BCED77 4710D765 9273C2F9 26A8A54C B4E6BBEE D29E0075
45AD340F 882375D2 952A407D 44207D0D A386FEE5 F3DA1B06 BEA9C5AC 330BE091
F647912E A3C8C27C 9586916C A189E4B7 618D5EAA D472620D 594C5E96 5CF85D07
9DA25EE2 E8E64104 FF5283D7 6781D040 14776650 5945EA5E 35BF05A6 2F31C46D 35E8C239
quit
dot11 syslog
ip cef
!
!
!
!
!
username administrator privilege 15 secret 5 $1$K1G3$caADZCFZO/N06vP4h9WZO/
username admin secret 5 $1$mO6.$EDyl5t4.uh5FawMrpXozc1
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.0.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username XXXXXX password 0 XXXxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 81.174.0.1
ip route 10.0.3.0 255.255.255.0 10.0.1.254
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat source static tcp 10.0.1.5 909 interface Dialer0 909
ip nat source static tcp 10.0.1.10 222 interface Dialer0 222
ip nat source static tcp 10.0.1.10 4445 interface Dialer0 4445
ip nat source static tcp 10.0.1.10 5060 interface Dialer0 5060
ip nat source static udp 10.0.1.10 5060 interface Dialer0 5060
ip nat source static tcp 10.0.1.252 8001 interface Dialer0 80
ip nat source static tcp 10.0.1.200 143 interface Dialer0 143
ip nat source static tcp 10.0.1.200 53 interface Dialer0 53
ip nat source static tcp 10.0.1.200 900 interface Dialer0 900
ip nat source static tcp 10.0.1.253 2302 interface Dialer0 23
ip nat source static tcp 10.0.1.254 2200 interface Dialer0 22
ip nat source static tcp 10.0.1.254 44300 interface Dialer0 443
ip nat source static tcp 10.0.1.200 903 interface Dialer0 903
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.0.1.5
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password xXXXx
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Cisco877#
