ntwrkrbkj
IS-IT--Management
- Jun 2, 2003
- 58
Ok, apparently I'm not understanding IOS 12.4, I hope someone can help me out here. Am I missing an ACL or something that is keeping the forwards from working?
Thanks!
version 12.4
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Comave
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$U2EB$Zg7VIIoWch0ep5uRpYaWN0
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.0.1.1 192.0.1.99
ip dhcp excluded-address 192.0.1.150 192.0.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.0.1.0 255.255.255.0
default-router 192.0.1.40
dns-server 63.90.67.10 63.90.67.11
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name autismwv.com
ip name-server 63.90.67.10
ip name-server 63.90.67.11
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-4187313239
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4187313239
revocation-check none
rsakeypair TP-self-signed-4187313239
!
!
crypto pki certificate chain TP-self-signed-4187313239
certificate self-signed 01 nvram:IOS-Self-Sig#3903.cer
username administrator privilege 15 secret 5 $1$sPT3$9RtpEYPbM7KYCQ.hWMaDy.
!
!
!
bridge irb
!
!
!
interface FastEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface FastEthernet1
description $FW_OUTSIDE$$ES_WAN$
ip address xxx.xxx.29.34 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid ComAve1
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 06535D781F1E5D4D504644
!
world-mode dot11d country US indoor
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
shutdown
!
ssid ComAve1
authentication open
guest-mode
wpa-psk ascii 7 06535D781F1E5D4D504644
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
interface BVI1
description $ES_LAN$
ip address 192.0.1.40 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip route 0.0.0.0 0.0.0.0 xxx.xxx.29.33
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet1 overload
ip nat inside source static udp 192.0.1.5 631 interface FastEthernet1 631
ip nat inside source static tcp 192.0.1.5 631 interface FastEthernet1 631
ip nat inside source static tcp 192.0.1.5 22 interface FastEthernet1 22
ip nat inside source static udp 192.0.1.5 22 interface FastEthernet1 22
ip nat inside source static udp 192.0.1.5 873 interface FastEthernet1 873
ip nat inside source static tcp 192.0.1.5 873 interface FastEthernet1 873
ip nat inside source static tcp 192.0.1.5 524 interface FastEthernet1 524
ip nat inside source static udp 192.0.1.5 524 interface FastEthernet1 524
ip nat inside source static udp 192.0.1.5 123 interface FastEthernet1 123
ip nat inside source static tcp 192.0.1.5 123 interface FastEthernet1 123
ip nat inside source static tcp 192.0.1.5 636 interface FastEthernet1 636
ip nat inside source static tcp 192.0.1.5 443 interface FastEthernet1 443
ip nat inside source static tcp 192.0.1.5 80 interface FastEthernet1 80
ip nat inside source static udp 192.0.1.5 21 interface FastEthernet1 21
ip nat inside source static udp 192.0.1.5 2222 interface FastEthernet1 2222
ip nat inside source static tcp 192.0.1.5 2222 interface FastEthernet1 2222
!
logging trap debugging
access-list 1 permit 192.0.1.0 0.0.0.255
no cdp run
!
!
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Thanks!
version 12.4
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Comave
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$U2EB$Zg7VIIoWch0ep5uRpYaWN0
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.0.1.1 192.0.1.99
ip dhcp excluded-address 192.0.1.150 192.0.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.0.1.0 255.255.255.0
default-router 192.0.1.40
dns-server 63.90.67.10 63.90.67.11
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name autismwv.com
ip name-server 63.90.67.10
ip name-server 63.90.67.11
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-4187313239
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4187313239
revocation-check none
rsakeypair TP-self-signed-4187313239
!
!
crypto pki certificate chain TP-self-signed-4187313239
certificate self-signed 01 nvram:IOS-Self-Sig#3903.cer
username administrator privilege 15 secret 5 $1$sPT3$9RtpEYPbM7KYCQ.hWMaDy.
!
!
!
bridge irb
!
!
!
interface FastEthernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface FastEthernet1
description $FW_OUTSIDE$$ES_WAN$
ip address xxx.xxx.29.34 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid ComAve1
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 06535D781F1E5D4D504644
!
world-mode dot11d country US indoor
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
shutdown
!
ssid ComAve1
authentication open
guest-mode
wpa-psk ascii 7 06535D781F1E5D4D504644
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
interface BVI1
description $ES_LAN$
ip address 192.0.1.40 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip route 0.0.0.0 0.0.0.0 xxx.xxx.29.33
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet1 overload
ip nat inside source static udp 192.0.1.5 631 interface FastEthernet1 631
ip nat inside source static tcp 192.0.1.5 631 interface FastEthernet1 631
ip nat inside source static tcp 192.0.1.5 22 interface FastEthernet1 22
ip nat inside source static udp 192.0.1.5 22 interface FastEthernet1 22
ip nat inside source static udp 192.0.1.5 873 interface FastEthernet1 873
ip nat inside source static tcp 192.0.1.5 873 interface FastEthernet1 873
ip nat inside source static tcp 192.0.1.5 524 interface FastEthernet1 524
ip nat inside source static udp 192.0.1.5 524 interface FastEthernet1 524
ip nat inside source static udp 192.0.1.5 123 interface FastEthernet1 123
ip nat inside source static tcp 192.0.1.5 123 interface FastEthernet1 123
ip nat inside source static tcp 192.0.1.5 636 interface FastEthernet1 636
ip nat inside source static tcp 192.0.1.5 443 interface FastEthernet1 443
ip nat inside source static tcp 192.0.1.5 80 interface FastEthernet1 80
ip nat inside source static udp 192.0.1.5 21 interface FastEthernet1 21
ip nat inside source static udp 192.0.1.5 2222 interface FastEthernet1 2222
ip nat inside source static tcp 192.0.1.5 2222 interface FastEthernet1 2222
!
logging trap debugging
access-list 1 permit 192.0.1.0 0.0.0.255
no cdp run
!
!
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end