Problem mit Cisco 1802 K9
Hallo und nun habe ich schon wieder das Problem das ich mit meiner FastEthernet0 nicht mehr ins WAN komme
Hier der Config-Code.:
Building configuration...
Current configuration : 11287 bytes
!version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!hostname stern
!boot-start-marker
boot-end-marker
!security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
logging console critical
enable secret 5 XXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXX
!aaa new-model
!!
aaa authentication login local_authen local
aaa authorization exec local_author local
!!
aaa session-id common
ip gratuitous-arps
!!
ip cef
!!
ip finger
ip tcp synwait-time 10
ip domain name XXXX.de
ip name-server 217.237.150.141
ip name-server 217.237.150.255
ip name-server 194.25.2.129
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH http
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
ip inspect name outgoing_middle appfw outgoing_middle
ip inspect name outgoing_middle https
ip inspect name outgoing_middle dns
!appfw policy-name SDM_HIGH
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
strict-http action reset alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!appfw policy-name outgoing_middle
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
port-misuse p2p action reset alarm
port-misuse im action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name messenger.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!multilink bundle-name authenticated
!crypto pki trustpoint TP-self-signed-4105066669
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4105066669
revocation-check none
rsakeypair TP-self-signed-4105066669
!!
crypto pki certificate chain TP-self-signed-4105066669
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
D859AE2E 9428E3F3 98B0
quit
!!
username Administrator privilege 15 secret 5 $1$duNN$4YWX7TKdJbNeBFOxgji1Y0
!!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!!
policy-map sdmappfwp2p_outgoing_middle
class sdm_p2p_gnutella
drop
class sdm_p2p_bittorrent
drop
class sdm_p2p_edonkey
drop
class sdm_p2p_kazaa
drop
policy-map sdmappfwp2p_SDM_HIGH
class sdm_p2p_gnutella
drop
class sdm_p2p_bittorrent
drop
class sdm_p2p_edonkey
drop
class sdm_p2p_kazaa
drop
!!
!!
!!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.101.251 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nat enable
ip virtual-reassembly
ip tcp adjust-mss 1412
speed auto
half-duplex
!interface BRI0
no ip address
ip broadcast-address 0.0.0.0
ip mask-reply
ip directed-broadcast
encapsulation hdlc
shutdown
!interface FastEthernet1
switchport access vlan 120
!interface FastEthernet2
shutdown
!interface FastEthernet3
shutdown
!interface FastEthernet4
shutdown
!interface FastEthernet5
shutdown
!interface FastEthernet6
shutdown
!interface FastEthernet7
shutdown
!interface FastEthernet8
shutdown
!interface ATM0
mtu 1456
no ip address
ip broadcast-address 0.0.0.0
ip mask-reply
ip directed-broadcast
no atm ilmi-keepalive
dsl operating-mode auto
!interface ATM0.1 point-to-point
ip broadcast-address 0.0.0.0
ip mask-reply
ip directed-broadcast
no snmp trap link-status
pvc 1/32
pppoe-client dial-pool-number 1
!
!interface Vlan1
no ip address
!interface Vlan120
ip address 192.168.120.251 255.255.255.0
ip directed-broadcast
ip nat inside
ip virtual-reassembly
no routing dynamic
!interface Dialer0
description $FW_OUTSIDE$
mtu 1456
ip address negotiated
ip mask-reply
ip directed-broadcast
ip mtu 1452
ip nat inside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostnameXXXXXXXXX@XXXXXX.de
ppp chap password 7 XXXXXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXX@XXXXXX.de password 7 XXXXXXXXXXXX
!interface Dialer1
no ip address
ip mask-reply
ip directed-broadcast
ip nat outside
ip virtual-reassembly
ip route-cache flow
no cdp enable
!ip route profile
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.101.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.101.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 194.25.2.129 eq domain any
access-list 101 permit udp host 217.237.150.255 eq domain any
access-list 101 permit udp host 217.237.150.141 eq domain any
access-list 101 deny ip 192.168.101.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.168.101.0 0.0.0.255 any
access-list 102 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!!
!!
!!
control-plane
!banner login ^CBitte einloggen^C
!line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 102 in
password 7 xxxx
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end
Kann mir jemand sagen warum dies nicht geht? Bei dem Test kommt immer die Meldung er würde keine ausgehende Schnittstelle finden...!?
Danke und Gruß
Hier der Config-Code.:
Building configuration...
Current configuration : 11287 bytes
!version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!hostname stern
!boot-start-marker
boot-end-marker
!security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
logging console critical
enable secret 5 XXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXX
!aaa new-model
!!
aaa authentication login local_authen local
aaa authorization exec local_author local
!!
aaa session-id common
ip gratuitous-arps
!!
ip cef
!!
ip finger
ip tcp synwait-time 10
ip domain name XXXX.de
ip name-server 217.237.150.141
ip name-server 217.237.150.255
ip name-server 194.25.2.129
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH http
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
ip inspect name outgoing_middle appfw outgoing_middle
ip inspect name outgoing_middle https
ip inspect name outgoing_middle dns
!appfw policy-name SDM_HIGH
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
strict-http action reset alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!appfw policy-name outgoing_middle
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
port-misuse p2p action reset alarm
port-misuse im action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name messenger.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!multilink bundle-name authenticated
!crypto pki trustpoint TP-self-signed-4105066669
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4105066669
revocation-check none
rsakeypair TP-self-signed-4105066669
!!
crypto pki certificate chain TP-self-signed-4105066669
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
D859AE2E 9428E3F3 98B0
quit
!!
username Administrator privilege 15 secret 5 $1$duNN$4YWX7TKdJbNeBFOxgji1Y0
!!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!!
policy-map sdmappfwp2p_outgoing_middle
class sdm_p2p_gnutella
drop
class sdm_p2p_bittorrent
drop
class sdm_p2p_edonkey
drop
class sdm_p2p_kazaa
drop
policy-map sdmappfwp2p_SDM_HIGH
class sdm_p2p_gnutella
drop
class sdm_p2p_bittorrent
drop
class sdm_p2p_edonkey
drop
class sdm_p2p_kazaa
drop
!!
!!
!!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.101.251 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nat enable
ip virtual-reassembly
ip tcp adjust-mss 1412
speed auto
half-duplex
!interface BRI0
no ip address
ip broadcast-address 0.0.0.0
ip mask-reply
ip directed-broadcast
encapsulation hdlc
shutdown
!interface FastEthernet1
switchport access vlan 120
!interface FastEthernet2
shutdown
!interface FastEthernet3
shutdown
!interface FastEthernet4
shutdown
!interface FastEthernet5
shutdown
!interface FastEthernet6
shutdown
!interface FastEthernet7
shutdown
!interface FastEthernet8
shutdown
!interface ATM0
mtu 1456
no ip address
ip broadcast-address 0.0.0.0
ip mask-reply
ip directed-broadcast
no atm ilmi-keepalive
dsl operating-mode auto
!interface ATM0.1 point-to-point
ip broadcast-address 0.0.0.0
ip mask-reply
ip directed-broadcast
no snmp trap link-status
pvc 1/32
pppoe-client dial-pool-number 1
!
!interface Vlan1
no ip address
!interface Vlan120
ip address 192.168.120.251 255.255.255.0
ip directed-broadcast
ip nat inside
ip virtual-reassembly
no routing dynamic
!interface Dialer0
description $FW_OUTSIDE$
mtu 1456
ip address negotiated
ip mask-reply
ip directed-broadcast
ip mtu 1452
ip nat inside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostnameXXXXXXXXX@XXXXXX.de
ppp chap password 7 XXXXXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXX@XXXXXX.de password 7 XXXXXXXXXXXX
!interface Dialer1
no ip address
ip mask-reply
ip directed-broadcast
ip nat outside
ip virtual-reassembly
ip route-cache flow
no cdp enable
!ip route profile
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.101.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.101.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 194.25.2.129 eq domain any
access-list 101 permit udp host 217.237.150.255 eq domain any
access-list 101 permit udp host 217.237.150.141 eq domain any
access-list 101 deny ip 192.168.101.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.168.101.0 0.0.0.255 any
access-list 102 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!!
!!
!!
control-plane
!banner login ^CBitte einloggen^C
!line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 102 in
password 7 xxxx
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end
Kann mir jemand sagen warum dies nicht geht? Bei dem Test kommt immer die Meldung er würde keine ausgehende Schnittstelle finden...!?
Danke und Gruß
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 64672
Url: https://administrator.de/contentid/64672
Ausgedruckt am: 22.11.2024 um 11:11 Uhr
5 Kommentare
Neuester Kommentar
Vermutlich ist dein Dialer 0 Interface das outgoing Interface. Leider kann man nur raten da du mit keinen Wort erwähnst in welchem Umfeld der Router im Einsatz ist und man hier im freien Fall nur spekulieren kann. Die Konfig sieht nach einer PPPoE DSL Konfig aus aber mit Fragezeichen....
Der Fehler liegt vermutlich an deinem Dialer 0 der die Ausgangsverbindung realisiert ! Ein ip nat inside ist hier sehr wahrscheinlich falsch ! Das korrekte NAT Kommando müsste ein ip nat outside sein wie es bereits bei Dialer 1 eingestellt ist.
Ist aber nur ne Vermutung ob deiner mehr als schlechten Beschreibung.
Nebebei bemerkt ist es höchst bedenklich Crypto Keys in einem öffentlichen Forum zu posten. Warum du die Konfig nicht editiert hast und das sowie nichtrelevante Konfig Kommandos entfernt hast ist schleierhaft....
Der Fehler liegt vermutlich an deinem Dialer 0 der die Ausgangsverbindung realisiert ! Ein ip nat inside ist hier sehr wahrscheinlich falsch ! Das korrekte NAT Kommando müsste ein ip nat outside sein wie es bereits bei Dialer 1 eingestellt ist.
Ist aber nur ne Vermutung ob deiner mehr als schlechten Beschreibung.
Nebebei bemerkt ist es höchst bedenklich Crypto Keys in einem öffentlichen Forum zu posten. Warum du die Konfig nicht editiert hast und das sowie nichtrelevante Konfig Kommandos entfernt hast ist schleierhaft....
Was sagt ein debug dialer packet und ein debug PPP oder debug pppoe ???
Ist die Dialer Verbindung eine PPPoE DSL verbindung ??? Darauf hast du noch keine Antwort gegeben !!!
Ggf. fehlt dann noch sowas wie:
interface ATM0.1 point-to-point
description PPPoE DSL Link
no ip address
pppoe enable
pppoe-client dial-pool-number 1
Ist die Dialer Verbindung eine PPPoE DSL verbindung ??? Darauf hast du noch keine Antwort gegeben !!!
Ggf. fehlt dann noch sowas wie:
interface ATM0.1 point-to-point
description PPPoE DSL Link
no ip address
pppoe enable
pppoe-client dial-pool-number 1