Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > C871 Remote access

Reply
Thread Tools

C871 Remote access

 
 
Andreas Heinzelmann
Guest
Posts: n/a
 
      11-05-2007
Hi Again,

I have a little issue with my C871 box. I would like to access the routers
management console through ssh & https (SDM) from the Internet.
At the moment this does not work. I am able to ping the device but I am not
able to access the box through ssh or https although I opened the FW on the
Box.

Maybe somebody can check my config? Here we go:


Building configuration...

Current configuration : 13029 bytes
!
! Last configuration change at 21:39:52 Berlin Mon Nov 5 2007 by root
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname EDGE-GW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 0000000000000
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login local_authen local
aaa authorization exec default local
aaa authorization exec local_author local
!
!
aaa session-id common
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name abc.de
ip name-server 194.8.194.70
ip name-server 194.8.194.60
ip ssh time-out 60
ip ssh authentication-retries 2
ip ddns update method dyndns
HTTP
add
http://xxxx(E-Mail Removed)/nic/update?system=dyndns&hostname=xxxx.homeip.net&myip =<a>
interval maximum 0 12 0 0
interval minimum 0 12 0 0
!
!
!
crypto pki trustpoint TP-self-signed-00000000000
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-0000000000
revocation-check none
rsakeypair TP-self-signed-465119209
!
!
crypto pki certificate chain TP-self-signed-000000
certificate self-signed 01

quit
!
!
username root privilege 15 secret 5 $1$xxxxxxxxxxxxxxxxxxx/
!
!
class-map type inspect match-any ECHO
match protocol icmp
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-all sdm-cls-sdm-permit-icmpreply-1
match access-group name USENET
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any SSH
match protocol ssh
class-map type inspect match-any SSL
match protocol https
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 101
class-map type inspect match-all sdm-cls-sdm-permit-3
match class-map SSL
match access-group name SSL
class-map type inspect match-all sdm-cls-sdm-permit-2
match class-map ECHO
match access-group name ECHO
class-map type inspect match-any ICMPEchoReply
match protocol icmp
class-map type inspect match-all sdm-cls-sdm-permit-1
match class-map ICMPEchoReply
match access-group name ICMPEchoReply
class-map type inspect match-all sdm-cls-sdm-permit-4
match class-map SSH
match access-group name SSH
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
policy-map type inspect sdm-permit
class type inspect sdm-cls-sdm-permit-4
pass
class type inspect sdm-cls-sdm-permit-3
pass
class type inspect sdm-access
inspect
class type inspect sdm-cls-sdm-permit-2
inspect
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.0.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip ddns update hostname xxxx.homeip.net
ip ddns update dyndns
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname http://www.velocityreviews.com/forums/(E-Mail Removed)
ppp chap password 7 000000000000
ppp pap sent-username (E-Mail Removed) password 7 0000000000
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 192.168.0.1
!
no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended ECHO
remark SDM_ACL Category=128
permit ip any any
ip access-list extended HTTPS_MANAGEMENT
remark SDM_ACL Category=1
permit udp host 194.8.194.60 eq domain any
permit udp host 194.8.194.70 eq domain any
remark Auto generated by SDM for NTP (123) 80.67.17.101
permit udp host 80.67.17.101 eq ntp any eq ntp
remark Auto generated by SDM for NTP (123) 192.53.103.103
permit udp host 192.53.103.103 eq ntp any eq ntp
permit tcp any any eq 443 log
remark SDM_ACL Category=1
remark Auto generated by SDM for NTP (123) 80.67.17.101
remark Auto generated by SDM for NTP (123) 192.53.103.103
ip access-list extended ICMPEchoReply
remark SDM_ACL Category=128
permit ip any any
remark SDM_ACL Category=128
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
remark SDM_ACL Category=1
remark SDM_ACL Category=1
remark SDM_ACL Category=1
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
remark SDM_ACL Category=1
remark SDM_ACL Category=1
remark SDM_ACL Category=1
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
remark Auto generated by SDM for NTP (123) 80.67.17.101
permit udp host 80.67.17.101 eq ntp any eq ntp
remark Auto generated by SDM for NTP (123) 192.53.103.103
permit udp host 192.53.103.103 eq ntp any eq ntp
permit tcp any any eq 22
permit tcp any any eq 443
permit tcp any any
remark SDM_ACL Category=1
remark Auto generated by SDM for NTP (123) 80.67.17.101
remark Auto generated by SDM for NTP (123) 192.53.103.103
ip access-list extended SSH
remark SDM_ACL Category=128
permit ip any any
ip access-list extended SSL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended USENET
remark SDM_ACL Category=128
permit ip any any
remark SDM_ACL Category=128
remark SDM_ACL Category=128
remark SDM_ACL Category=128
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 2 deny any
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 remark SDM_ACL Category=128
access-list 100 remark SDM_ACL Category=128
access-list 100 remark SDM_ACL Category=128
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip any any
access-list 101 remark SDM_ACL Category=128
access-list 101 remark SDM_ACL Category=128
access-list 101 remark SDM_ACL Category=128
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 deny ip any any
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 104 remark VTY Access-class list
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip 192.168.0.0 0.0.0.255 any
access-list 104 deny ip any any
access-list 104 remark VTY Access-class list
access-list 104 remark SDM_ACL Category=1
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp any eq www any
access-list 105 permit udp host 194.8.194.60 eq domain any
access-list 105 permit udp host 194.8.194.70 eq domain any
access-list 105 remark Auto generated by SDM for NTP (123) 80.67.17.101
access-list 105 permit udp host 80.67.17.101 eq ntp any eq ntp
access-list 105 remark Auto generated by SDM for NTP (123) 192.53.103.103
access-list 105 permit udp host 192.53.103.103 eq ntp any eq ntp
access-list 105 permit tcp any any eq 443
access-list 105 permit tcp any any eq 22
access-list 105 permit tcp any any eq cmd
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 remark Auto generated by SDM for NTP (123) 80.67.17.101
access-list 105 remark Auto generated by SDM for NTP (123) 192.53.103.103
access-list 106 remark VTY Access-class list
access-list 106 remark SDM_ACL Category=1
access-list 106 permit ip 192.168.0.0 0.0.0.255 any
access-list 106 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner login ^CThis is a secure System! No unauthorized access!^C
!
line con 0
password 7 00000000000000
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 23 in
password 7 0000000000000
authorization exec local_author
login authentication local_authen
transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17174758
ntp source Dialer0
ntp server 192.53.103.103 source Dialer0 prefer
ntp server 80.67.17.101
end

Thanx...Andy


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question on VPN Termination on C871 Andy Doe Cisco 1 04-02-2009 09:59 AM
Re: Help with FW Config on C871 Trendkill Cisco 2 02-10-2009 07:03 AM
C871 Access from WAN-Side (internet)? Andreas Heinzelmann Cisco 2 11-06-2007 08:44 AM
C871 Remote access Andreas Heinzelmann Cisco 0 11-05-2007 08:51 PM
C871 Remote access Andreas Heinzelmann Cisco 9 11-05-2007 08:45 PM



Advertisments