Migliorare configurazione 1841 - VPN - WOL - DDNS
Inviato: lun 25 ott , 2010 9:23 pm
Salve a tutti
di seguito la configurazione del mio cisco1841 con adsl alice.
Con tale configurazione, premetto, navigo su internet senza problemi, però vorrei dei consigli su alcune cose, e risposte ad alcuni dubbi:
1) dai log il ddns sembra funzionare correttamente, ma la richiesta del ddns è corretta lasciarla sia nella eth che nella dialer?
2) con il collegamento vpn, riesco a collegarmi senza problemi, ma navigo solo nella lan, ma non riesco ad uscire su internet con l'ip della connessione remota
3) il WOL funziona solo se sono collegato in vpn, ma non se sono collegato su internet
Ringrazio tutti per l'aiuto
Cisco1841#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(9)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 30-Aug-06 14:54 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
Cisco1841 uptime is 22 hours, 46 minutes
System returned to ROM by power-on
System restarted at 23:15:05 CET Sun Oct 24 2010
System image file is "flash:c1841-adventerprisek9-mz.124-9.T1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 1841 (revision 6.0) with 118784K/12288K bytes of memory.
Processor board ID FCZ094038N0
2 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Cisco1841#
Cisco1841#sh conf
Using 5246 out of 196600 bytes
!
! Last configuration change at 21:05:59 CET Mon Oct 25 2010 by admin
! NVRAM config last updated at 21:06:01 CET Mon Oct 25 2010 by admin
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1841
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 XXXXXXXXXX
enable password XXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone CET 1
clock summer-time CET recurring
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.201 192.168.1.254
!
ip dhcp pool POOL_DHCP
import all
network 192.168.1.0 255.255.255.0
dns-server 212.216.172.62 212.216.112.112
default-router 192.168.1.254
!
!
ip domain name domain.com
ip host members.dyndns.org 204.13.248.112
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip ddns update method DynDNS
HTTP
add http://XXXXXXXXXX:[email protected] ... h>&myip=<a>
remove http://XXXXXXXXXX:[email protected] ... h>&myip=<a>
interval maximum 0 0 8 0
!
!
!
crypto pki trustpoint TP-self-signed-2910638223
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2910638223
revocation-check none
rsakeypair TP-self-signed-2910638223
!
!
crypto pki certificate chain TP-self-signed-2910638223
certificate self-signed 01 nvram:IOS-Self-Sig#3317.cer
username admin privilege 15 secret 5 XXXXXXXXXX
username test secret 5 XXXXXXXXXX
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Pool_VPN
key XXXXXXXXXX
pool SDM_POOL_1
netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
match identity group XXXXXXXXX
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address initiate
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip ddns update hostname XXXXXXXXXX
ip ddns update DynDNS host members.dyndns.org
ip address 192.168.1.254 255.255.255.0
ip directed-broadcast
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0/0/0.1 point-to-point
no ip route-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Dialer0
ip ddns update hostname XXXXXXXXXX
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip directed-broadcast
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username XXXXXXXXXX password 0 XXXXXXXXXX
!
ip local pool SDM_POOL_1 10.0.0.100 10.0.0.110
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.190 9 interface Dialer0 9
ip nat inside source static udp 192.168.1.190 2304 interface Dialer0 2304
ip nat inside source static tcp 192.168.1.101 80 interface Dialer0 9091
ip nat inside source static tcp 192.168.1.101 443 interface Dialer0 9092
ip nat inside source static tcp 192.168.1.190 2304 interface Dialer0 2304
ip nat inside source static udp 192.168.1.190 43833 interface Dialer0 43833
ip nat inside source static tcp 192.168.1.129 39989 interface Dialer0 39989
ip nat inside source static udp 192.168.1.129 7806 interface Dialer0 7806
ip nat inside source static tcp 192.168.1.99 8080 interface Dialer0 9099
ip nat inside source static tcp 192.168.1.190 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.190 3389 interface Dialer0 3389
ip nat inside source static udp 192.168.1.190 3389 interface Dialer0 3389
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
access-list 100 permit tcp any any
access-list 100 permit udp any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 40 0
password dierad
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
sntp server 193.204.114.232
end
di seguito la configurazione del mio cisco1841 con adsl alice.
Con tale configurazione, premetto, navigo su internet senza problemi, però vorrei dei consigli su alcune cose, e risposte ad alcuni dubbi:
1) dai log il ddns sembra funzionare correttamente, ma la richiesta del ddns è corretta lasciarla sia nella eth che nella dialer?
2) con il collegamento vpn, riesco a collegarmi senza problemi, ma navigo solo nella lan, ma non riesco ad uscire su internet con l'ip della connessione remota
3) il WOL funziona solo se sono collegato in vpn, ma non se sono collegato su internet
Ringrazio tutti per l'aiuto
Cisco1841#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(9)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 30-Aug-06 14:54 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
Cisco1841 uptime is 22 hours, 46 minutes
System returned to ROM by power-on
System restarted at 23:15:05 CET Sun Oct 24 2010
System image file is "flash:c1841-adventerprisek9-mz.124-9.T1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 1841 (revision 6.0) with 118784K/12288K bytes of memory.
Processor board ID FCZ094038N0
2 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Cisco1841#
Cisco1841#sh conf
Using 5246 out of 196600 bytes
!
! Last configuration change at 21:05:59 CET Mon Oct 25 2010 by admin
! NVRAM config last updated at 21:06:01 CET Mon Oct 25 2010 by admin
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1841
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 XXXXXXXXXX
enable password XXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone CET 1
clock summer-time CET recurring
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.201 192.168.1.254
!
ip dhcp pool POOL_DHCP
import all
network 192.168.1.0 255.255.255.0
dns-server 212.216.172.62 212.216.112.112
default-router 192.168.1.254
!
!
ip domain name domain.com
ip host members.dyndns.org 204.13.248.112
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip ddns update method DynDNS
HTTP
add http://XXXXXXXXXX:[email protected] ... h>&myip=<a>
remove http://XXXXXXXXXX:[email protected] ... h>&myip=<a>
interval maximum 0 0 8 0
!
!
!
crypto pki trustpoint TP-self-signed-2910638223
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2910638223
revocation-check none
rsakeypair TP-self-signed-2910638223
!
!
crypto pki certificate chain TP-self-signed-2910638223
certificate self-signed 01 nvram:IOS-Self-Sig#3317.cer
username admin privilege 15 secret 5 XXXXXXXXXX
username test secret 5 XXXXXXXXXX
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Pool_VPN
key XXXXXXXXXX
pool SDM_POOL_1
netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
match identity group XXXXXXXXX
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address initiate
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip ddns update hostname XXXXXXXXXX
ip ddns update DynDNS host members.dyndns.org
ip address 192.168.1.254 255.255.255.0
ip directed-broadcast
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0/0/0.1 point-to-point
no ip route-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Dialer0
ip ddns update hostname XXXXXXXXXX
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip directed-broadcast
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username XXXXXXXXXX password 0 XXXXXXXXXX
!
ip local pool SDM_POOL_1 10.0.0.100 10.0.0.110
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.190 9 interface Dialer0 9
ip nat inside source static udp 192.168.1.190 2304 interface Dialer0 2304
ip nat inside source static tcp 192.168.1.101 80 interface Dialer0 9091
ip nat inside source static tcp 192.168.1.101 443 interface Dialer0 9092
ip nat inside source static tcp 192.168.1.190 2304 interface Dialer0 2304
ip nat inside source static udp 192.168.1.190 43833 interface Dialer0 43833
ip nat inside source static tcp 192.168.1.129 39989 interface Dialer0 39989
ip nat inside source static udp 192.168.1.129 7806 interface Dialer0 7806
ip nat inside source static tcp 192.168.1.99 8080 interface Dialer0 9099
ip nat inside source static tcp 192.168.1.190 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.190 3389 interface Dialer0 3389
ip nat inside source static udp 192.168.1.190 3389 interface Dialer0 3389
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
access-list 100 permit tcp any any
access-list 100 permit udp any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 40 0
password dierad
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
sntp server 193.204.114.232
end