Cisco web content filtering on c1800

Discussion in 'Cisco' started by mmark751969, Sep 30, 2009.

  1. mmark751969

    mmark751969 Guest

    Has anyone been able to get this to work. I am getting no status when
    i enter this command
    show ip trm subscription status
    the output is as follows:
    Package Name: Security & Productivity
    ------------------------------------------------
    Status: No subscription information available.
    Status Update Time: N/A
    Expiration-Date: N/A
    Last Req Status: Request Aborted
    Last Req Sent Time: 21:13:28 PCTime Tue Sep 29 2009

    I believe this is why the router is not blocking category connection
    attempts. The sh run is as follows:

    sh run
    Building configuration...

    Current configuration : 17038 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname cyrusone2
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging message-counter syslog
    logging buffered 51200
    logging console critical
    enable secret 5 $1$cX/Z$l/1LdRNza7zHZaESnzaNb.
    !
    no aaa new-model
    clock timezone PCTime -6
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    !
    crypto pki trustpoint pcl2
    enrollment terminal
    serial-number
    revocation-check crl
    !
    crypto pki trustpoint MS
    enrollment selfsigned
    serial-number
    ip-address fastethernet0
    revocation-check crl
    !
    !
    crypto pki certificate chain pcl2
    certificate ca 35DEF4CF
    30820320 30820289 A0030201 02020435 DEF4CF30 0D06092A 864886F7
    0D010105
    0500304E 310B3009 06035504 06130255 53311030 0E060355 040A1307
    45717569
    66617831 2D302B06 0355040B 13244571 75696661 78205365 63757265
    20436572
    74696669 63617465 20417574 686F7269 7479301E 170D3938 30383232
    31363431
    35315A17 0D313830 38323231 36343135 315A304E 310B3009 06035504
    06130255
    53311030 0E060355 040A1307 45717569 66617831 2D302B06 0355040B
    13244571
    75696661 78205365 63757265 20436572 74696669 63617465 20417574
    686F7269
    74793081 9F300D06 092A8648 86F70D01 01010500 03818D00 30818902
    818100C1
    5DB15867 0862EEA0 9A2D1F08 6D911468 980A1EFE DA046F13 846221C3
    D17CCE9F
    05E0B801 F04E34EC E28A9504 64ACF16B 535F05B3 CB6780BF 42028EFE
    DD0109EC
    E100144F FCFBF00C DD43BA5B 2BE11F80 70991557 9316F10F 976AB7C2
    68231CCC
    4D5930AC 511E3BAF 2BD6EE63 457BC5D9 5F50D2E3 500F3A88 E7BF14FD
    E0C7B902
    03010001 A3820109 30820105 30700603 551D1F04 69306730 65A063A0
    61A45F30
    5D310B30 09060355 04061302 55533110 300E0603 55040A13 07457175
    69666178
    312D302B 06035504 0B132445 71756966 61782053 65637572 65204365
    72746966
    69636174 65204175 74686F72 69747931 0D300B06 03550403 13044352
    4C31301A
    0603551D 10041330 11810F32 30313830 38323231 36343135 315A300B
    0603551D
    0F040403 02010630 1F060355 1D230418 30168014 48E668F9 2BD2B295
    D747D823
    20104F33 98909FD4 301D0603 551D0E04 16041448 E668F92B D2B295D7
    47D82320
    104F3398 909FD430 0C060355 1D130405 30030101 FF301A06 092A8648
    86F67D07
    4100040D 300B1B05 56332E30 63030206 C0300D06 092A8648 86F70D01
    01050500
    03818100 58CE29EA FCF7DEB5 CE02B917 B585D1B9 E3E095CC 25310D00
    A6926E7F
    B692639E 5095D19A 6FE411DE 63856E98 EEA8FF5A C8D355B2 667157DE
    C021EB3D
    2AA72349 01048642 7BFCEE7F A21652B5 6767D340 DB3B2658 B228773D
    AE147761
    D6FA2A66 27A00DFA A7735CEA 70F19421 65445FFA FCEF2968 A9A28779
    EF79EF4F AC0777
    38
    quit
    crypto pki certificate chain MS
    certificate self-signed 01
    30820217 308201C1 A0030201 02020101 300D0609 2A864886 F70D0101
    04050030
    57315530 12060355 0405130B 46545831 32323259 314D5630 1806092A
    864886F7
    0D010908 130B3139 322E3136 382E312E 32302506 092A8648 86F70D01
    09021618
    63797275 736F6E65 322E796F 7572646F 6D61696E 2E636F6D 301E170D
    30393039
    33303034 31363438 5A170D32 30303130 31303030 3030305A 30573155
    30120603
    55040513 0B465458 31323232 59314D56 30180609 2A864886 F70D0109
    08130B31
    39322E31 36382E31 2E323025 06092A86 4886F70D 01090216 18637972
    75736F6E
    65322E79 6F757264 6F6D6169 6E2E636F 6D305C30 0D06092A 864886F7
    0D010101
    0500034B 00304802 4100C079 635ED10D 08271375 1992286D 8B21D96F
    EF53FC88
    22F44FDB 8599ABC5 CFF0D314 BE91ED31 F1452945 19F33B74 AB130878
    50D5BD0D
    8D18F800 2575170E 0DD30203 010001A3 78307630 0F060355 1D130101
    FF040530
    030101FF 30230603 551D1104 1C301A82 18637972 75736F6E 65322E79
    6F757264
    6F6D6169 6E2E636F 6D301F06 03551D23 04183016 8014A268 C97D5239
    3DA8BC10
    4E93EC57 BF4A8491 B8A4301D 0603551D 0E041604 14A268C9 7D52393D
    A8BC104E
    93EC57BF 4A8491B8 A4300D06 092A8648 86F70D01 01040500 034100A5
    22C406DF
    76F692D5 607F9DC7 E74EE43B D393DD76 8ECCC00A 3CBF6805 2F529798
    9536FD68
    9AA91377 8746DAC5 E1E4DEF8 8F275365 7B9426B0 839FFA39 80ABDE
    quit
    certificate ca 35DEF4CF
    30820320 30820289 A0030201 02020435 DEF4CF30 0D06092A 864886F7
    0D010105
    0500304E 310B3009 06035504 06130255 53311030 0E060355 040A1307
    45717569
    66617831 2D302B06 0355040B 13244571 75696661 78205365 63757265
    20436572
    74696669 63617465 20417574 686F7269 7479301E 170D3938 30383232
    31363431
    35315A17 0D313830 38323231 36343135 315A304E 310B3009 06035504
    06130255
    53311030 0E060355 040A1307 45717569 66617831 2D302B06 0355040B
    13244571
    75696661 78205365 63757265 20436572 74696669 63617465 20417574
    686F7269
    74793081 9F300D06 092A8648 86F70D01 01010500 03818D00 30818902
    818100C1
    5DB15867 0862EEA0 9A2D1F08 6D911468 980A1EFE DA046F13 846221C3
    D17CCE9F
    05E0B801 F04E34EC E28A9504 64ACF16B 535F05B3 CB6780BF 42028EFE
    DD0109EC
    E100144F FCFBF00C DD43BA5B 2BE11F80 70991557 9316F10F 976AB7C2
    68231CCC
    4D5930AC 511E3BAF 2BD6EE63 457BC5D9 5F50D2E3 500F3A88 E7BF14FD
    E0C7B902
    03010001 A3820109 30820105 30700603 551D1F04 69306730 65A063A0
    61A45F30
    5D310B30 09060355 04061302 55533110 300E0603 55040A13 07457175
    69666178
    312D302B 06035504 0B132445 71756966 61782053 65637572 65204365
    72746966
    69636174 65204175 74686F72 69747931 0D300B06 03550403 13044352
    4C31301A
    0603551D 10041330 11810F32 30313830 38323231 36343135 315A300B
    0603551D
    0F040403 02010630 1F060355 1D230418 30168014 48E668F9 2BD2B295
    D747D823
    20104F33 98909FD4 301D0603 551D0E04 16041448 E668F92B D2B295D7
    47D82320
    104F3398 909FD430 0C060355 1D130405 30030101 FF301A06 092A8648
    86F67D07
    4100040D 300B1B05 56332E30 63030206 C0300D06 092A8648 86F70D01
    01050500
    03818100 58CE29EA FCF7DEB5 CE02B917 B585D1B9 E3E095CC 25310D00
    A6926E7F
    B692639E 5095D19A 6FE411DE 63856E98 EEA8FF5A C8D355B2 667157DE
    C021EB3D
    2AA72349 01048642 7BFCEE7F A21652B5 6767D340 DB3B2658 B228773D
    AE147761
    D6FA2A66 27A00DFA A7735CEA 70F19421 65445FFA FCEF2968 A9A28779
    EF79EF4F AC0777
    38
    quit
    dot11 syslog
    no ip source-route
    !
    !
    !
    !
    ip cef
    no ip bootp server
    no ip domain lookup
    ip domain name yourdomain.com
    ip host trps.trendmicro.com 216.99.133.100
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !

    parameter-map type inspect global

    parameter-map type urlfpolicy trend g1-trend-pm
    max-request 2147483647
    max-resp-pak 20000
    allow-mode on
    truncate hostname
    block-page message "group1: 10.10.10.0 is blocked by Trend."

    parameter-map type trend-global global-param-map
    server trps.trendmicro.com
    cache-entry-lifetime 1
    parameter-map type tms global-param-map
    no logging tms events syslog
    no logging tms events snmp
    registration retry interval 180
    heartbeat retry interval 120
    heartbeat retry count 2
    message retry interval 10
    message retry count 3
    !
    !
    username admin privilege 15 secret 5 $1$u.Lt$K5teDVeuDVmBrSQbtQ/mt.
    username url-eft privilege 15 secret 5 $1$qdNS$/8qXtnQjX74VR9iGkGCBH1
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip tcp synwait-time 10
    !
    class-map type urlfilter match-any untrusted-domain-class
    class-map type inspect match-all g1-http-class
    match protocol http
    class-map type inspect match-any tcp-class
    match protocol tcp
    class-map type urlfilter trend match-any drop-category
    match url category Adult-Mature-Content
    match url category Pornography
    match url category Gambling
    match url category Nudity
    match url category Gay-Lesbian
    match url category Violence-hate-racism
    match url category Personals-Dating
    !
    !
    policy-map type inspect urlfilter g1-trend-policy
    parameter type urlfpolicy trend g1-trend-pm
    class type urlfilter trend drop-category
    reset
    policy-map type inspect icmp_permit
    policy-map type inspect trend-global-policy
    class type inspect g1-http-class
    inspect global
    service-policy urlfilter g1-trend-policy
    class type inspect tcp-class
    inspect global
    class class-default
    pass
    !
    !
    !
    !
    interface FastEthernet0
    description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
    ip address 192.168.1.2 255.255.255.0
    ip verify unicast reverse-path
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    snmp trap ip verify drop-rate
    !
    interface FastEthernet1
    ip address 192.168.0.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    switchport access vlan 2
    !
    interface FastEthernet4
    switchport access vlan 3
    !
    interface FastEthernet5
    !
    interface FastEthernet6
    !
    interface FastEthernet7
    !
    interface FastEthernet8
    !
    interface FastEthernet9
    !
    interface Vlan1
    no ip address
    !
    interface Async1
    no ip address
    encapsulation slip
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    !
    ip nat translation tcp-timeout 300
    ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0
    overload
    !
    logging trap debugging
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.20.0 0.0.0.255
    access-list 1 permit 192.168.100.0 0.0.0.255
    access-list 1 permit 10.10.20.0 0.0.0.255
    access-list 2 remark SDM_ACL Category=2
    access-list 2 permit 192.168.20.0 0.0.0.255
    access-list 2 permit 192.168.100.0 0.0.0.255
    access-list 2 permit 10.10.20.0 0.0.0.255
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    access-list 102 remark auto generated by SDM firewall configuration

    no cdp run

    !
    !
    !
    !
    route-map SDM_RMAP_5 permit 1
    match ip address nonat2
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 101
    !
    !
    !
    !
    control-plane
    !
    banner exec ^C
    % Password expiration warning.
    -----------------------------------------------------------------------

    Cisco Router and Security Device Manager (SDM) is installed on this
    device and
    it provides the default username "cisco" for one-time use. If you
    have already
    used the username "cisco" to login to the router and your IOS image
    supports the

    "one-time" user option, then this username has already expired. You
    will not be
    able to login to the router with this username after you exit this
    session.

    It is strongly suggested that you create a new username with a
    privilege level
    of 15 using the following command.

    username <myuser> privilege 15 secret 0 <mypassword>

    Replace <myuser> and <mypassword> with the username and password you
    want to
    use.

    -----------------------------------------------------------------------
    ^C
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    transport output telnet
    line 1
    modem InOut
    stopbits 1
    speed 115200
    flowcontrol hardware
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    password 7 104308150712001F
    login local
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler allocate 4000 1000
    scheduler interval 500
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end


    I have followed the manual certificate install method to install the
    cert. Thanks
     
    mmark751969, Sep 30, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.