Byl představen CentOS Stream 10 s kódovým názvem Coughlan. Detaily v poznámkách k vydání. CentOS Stream 10 už neobsahuje balíček s Xorg serverem (xorg-x11-server-Xorg). O zobrazování se stará Wayland s Xwaylandem (xorg-x11-server-Xwayland). Odstraněny byly aplikace Firefox, GIMP, LibreOffice, Inkscape a Thunderbird. Ty jsou k dispozici ve Flatpaku z Flathubu.
Byly vyhlášeny výsledky The Game Awards 2024 (YouTube). Hrou roku se stal Astro Bot (YouTube) běžící pouze na PlayStation 5.
Na GOG.COM probíhá Winter Sale 2024. Při té příležitosti lze každý den do konce roku získat zdarma jinou počítačovou hru, viz kalendář uprostřed stránky Winter Sale 2024. Otevření balíčku se hrou vždy ve tři odpoledne. První hrou je The Whispered World: Special Edition.
Nezisková organizace Internet Security Research Group (ISRG) vydala Výroční zprávu za rok 2024 (pdf). Organizace stojí za certifikační autoritou Let's Encrypt, projektem Prossimo, jehož cílem je používání paměťově bezpečného kódu v kritické internetové infrastruktuře a službou Divvi Up řešící telemetrii respektující soukromí uživatelů.
Vývojáři PeerTube, tj. svobodné alternativy k videoplatformám velkých technologických společností, představili mobilní aplikaci PeerTube (Google Play, App Store). Zdrojové kódy jsou k dispozici na Framagitu.
Google představil Gemini 2.0, tj. novou verzi svého modelu umělé inteligence (YouTube).
Vývojáři KDE oznámili vydání balíku aplikací KDE Gear 24.12. Přehled novinek i s náhledy a videi v oficiálním oznámení.
Byla vydána nová verze 3.27 frameworku Flutter (Wikipedie) pro vývoj mobilních, webových i desktopových aplikací a nová verze 3.6 souvisejícího programovacího jazyka Dart (Wikipedie).
Byla vydána (𝕏) listopadová aktualizace aneb nová verze 1.96 editoru zdrojových kódů Visual Studio Code (Wikipedie). Přehled novinek i s náhledy a animovanými gify v poznámkách k vydání. Ve verzi 1.96 vyjde také VSCodium, tj. komunitní sestavení Visual Studia Code bez telemetrie a licenčních podmínek Microsoftu.
Zdravím, mám jeden starší cisco router 1841. Potreboval by som radu. Nedarí sa mi cez VPN Klienta ping-ať všeký zariadenia v sieti.Dostanem sa iba na niektoré. Konfigurák je robený na rýchlo tak je v nom veľa chýb. Určite tam chýba niekde default route alebo niečo podobné.
FastEthernet0/0.1 - Hlavné pripojenie na net. Tadial ide aj VPN-ka/NAT/ FastEthernet0/0.2 - Záloha iba pre internet FastEthernet0/1 - LAN (priamo do hlavného switcha)
!This is the running config of the router: 192.168.1.1 !---------------------------------------------------------------------------- !version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Edge-01 ! boot-start-marker boot-end-marker ! ! enable secret 5 $1$b/2d$tGeCBy.kXaGx7v90b1DJf. ! aaa new-model ! ! aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization network sdm_vpn_group_ml_1 local ! ! ! ! ! aaa session-id common ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-3394940162 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3394940162 revocation-check none rsakeypair TP-self-signed-3394940162 ! crypto pki trustpoint test_trustpoint_config_created_for_sdm subject-name e=sdmtest@sdmtest.com revocation-check crl ! ! crypto pki certificate chain TP-self-signed-3394940162 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333934 39343031 3632301E 170D3134 30363031 31303239 35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393439 34303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81009E0F 28659FB0 52E542EB 8D9D4AD6 5A449BF1 2FA7F681 BE967C74 EF00464F 8E0E7B23 D10447A7 D06C71D2 1341CF98 1628AB66 911FE6B4 93FA3195 83DFE237 1E7E3749 1FCC2671 8AD8BDF3 59019C6D DD47D02E 0B59C196 65BC0CEF B3D63D7E 0A3DCD18 82A0F445 9C1F42AE C45B74CA 80801BAC D3DF5647 AE8D9279 F11DDB20 45530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14F71933 9102D376 07CD3878 4AA3C1C3 595D8DD3 0E301D06 03551D0E 04160414 F7193391 02D37607 CD38784A A3C1C359 5D8DD30E 300D0609 2A864886 F70D0101 05050003 81810001 226DABCA BD7C85D7 ACF09A9B 483018DD A6C7A4F7 05D892BF 224C1DE1 530EB25D 580AA0D5 B35C4748 1C1EFF71 DF4628DA D5068E9B 038AABEE 8DA35E57 84D02CED EF7A181F 3CE80C4D 1BC21AF9 51151E1A BC573EB9 ADF90AB4 4BFD1492 46F6DB16 93D0220A FEFFBB63 3F4A1A2D 98A6F68F FACC71BE 31BEF4CA E4C5F79A 4D877A quit crypto pki certificate chain test_trustpoint_config_created_for_sdm dot11 syslog ip source-route ! ! ! ! ! ip cef ip domain name redwarf ip name-server 8.8.8.8 ip name-server 192.168.1.31 no ipv6 cef ! multilink bundle-name authenticated ! ! ! license udi pid CISCO1841 sn FCZ1033115W username admin privilege 15 password 7 0214015707091D735F5E ! redundancy ! ! ! track 100 ip sla 100 reachability delay down 10 up 20 ! crypto keyring spokes pre-shared-key address 0.0.0.0 0.0.0.0 key pheonix ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp nat keepalive 20 ! crypto isakmp client configuration group vpngroup key pheonix dns 192.168.1.31 domain redwarf pool SDM_POOL_1 acl 104 include-local-lan netmask 255.255.255.0 crypto isakmp profile L2L description LAN-to-LAN for spoke router(s) connection keyring spokes match identity address 0.0.0.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA match address 101 ! crypto dynamic-map SDM_DYNMAP_2 1 set security-association idle-time 86400 set transform-set ESP-3DES-SHA1 reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_2 ! ! ! ! ! interface FastEthernet0/0 description Trunk no ip address duplex auto speed auto ! interface FastEthernet0/0.1 description VDSL encapsulation dot1Q 2 native ip address 10.0.0.2 255.255.255.0 ip nat outside ip virtual-reassembly in crypto map SDM_CMAP_1 ! interface FastEthernet0/0.2 description ADSL encapsulation dot1Q 3 ip address 10.0.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in ! interface FastEthernet0/1 description LAN ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! ip local pool SDM_POOL_1 10.10.10.10 10.10.10.22 ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! ! ip dns server ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet0/0.1 80 ip nat inside source static tcp 192.168.1.31 587 interface FastEthernet0/0.1 587 ip nat inside source static tcp 192.168.1.31 143 interface FastEthernet0/0.1 143 ip nat inside source static tcp 192.168.1.31 10000 interface FastEthernet0/0.1 10000 ip nat inside source static tcp 192.168.1.31 953 interface FastEthernet0/0.1 953 ip nat inside source static tcp 192.168.1.31 993 interface FastEthernet0/0.1 993 ip nat inside source static tcp 192.168.1.31 995 interface FastEthernet0/0.1 995 ip nat inside source static tcp 192.168.1.31 25 interface FastEthernet0/0.1 25 ip nat inside source static tcp 192.168.1.31 22 interface FastEthernet0/0.1 222 ip nat inside source static tcp 192.168.1.30 3389 interface FastEthernet0/0.1 3333 ip nat inside source route-map adsl interface FastEthernet0/0.2 overload ip nat inside source route-map vdsl interface FastEthernet0/0.1 overload ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100 ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10 ! ip sla 100 icmp-echo 8.8.8.8 source-interface FastEthernet0/0.1 threshold 250 timeout 250 frequency 3 ip sla schedule 100 life forever start-time now access-list 1 permit 0.0.0.0 255.255.255.0 access-list 10 permit 0.0.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=18 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.10 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.11 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.12 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.13 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.14 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.15 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.16 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.17 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.18 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.19 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.20 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.21 access-list 100 deny ip 10.10.10.0 0.0.0.255 host 10.10.10.22 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.10 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.11 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.12 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.13 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.14 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.15 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.16 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.17 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.18 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.19 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.20 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.21 access-list 100 deny ip 192.168.1.0 0.0.0.255 host 10.10.10.22 access-list 100 deny ip any host 10.10.10.10 access-list 100 deny ip any host 10.10.10.11 access-list 100 deny ip any host 10.10.10.12 access-list 100 deny ip any host 10.10.10.13 access-list 100 deny ip any host 10.10.10.14 access-list 100 deny ip any host 10.10.10.15 access-list 100 deny ip any host 10.10.10.16 access-list 100 deny ip any host 10.10.10.17 access-list 100 deny ip any host 10.10.10.18 access-list 100 deny ip any host 10.10.10.19 access-list 100 deny ip any host 10.10.10.20 access-list 100 deny ip any host 10.10.10.21 access-list 100 deny ip any host 10.10.10.22 access-list 100 permit ip any any access-list 101 remark SDM_ACL Category=4 access-list 101 remark IPSec Rule access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 104 remark SDM_ACL Category=4 access-list 104 permit ip 192.168.1.0 0.0.0.255 any ! ! ! ! route-map vdsl permit 10 match ip address 100 match interface FastEthernet0/0.1 ! route-map adsl permit 10 match ip address 100 match interface FastEthernet0/0.2 ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 transport input ssh ! scheduler allocate 20000 1000 end
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100 ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10Porovnal bych vypis routovacich tabulek po sestaveni VPN na obou stranach.
Pred spustenim VPN klienta na stanici Edge-01#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 10.0.0.1 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 10.0.0.1, FastEthernet0/0.1 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.0.0.0/24 is directly connected, FastEthernet0/0.1 L 10.0.0.2/32 is directly connected, FastEthernet0/0.1 C 10.0.1.0/24 is directly connected, FastEthernet0/0.2 L 10.0.1.2/32 is directly connected, FastEthernet0/0.2 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.0/24 is directly connected, FastEthernet0/1 L 192.168.1.1/32 is directly connected, FastEthernet0/1 Edge-01# Po sputeni VPN clienta na stanici Edge-01#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 10.0.0.1 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 10.0.0.1, FastEthernet0/0.1 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 10.0.0.0/24 is directly connected, FastEthernet0/0.1 L 10.0.0.2/32 is directly connected, FastEthernet0/0.1 C 10.0.1.0/24 is directly connected, FastEthernet0/0.2 L 10.0.1.2/32 is directly connected, FastEthernet0/0.2 S 10.10.10.16/32 [1/0] via 195.91.14.88 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.0/24 is directly connected, FastEthernet0/1 L 192.168.1.1/32 is directly connected, FastEthernet0/1 Edge-01#Stanica Win7 Cisco VPN Client :
Pred spustenim VPN Clienta C:\Users\Dell>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : Dell Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205 Physical Address. . . . . . . . . : A0-88-B4-20-C3-D4 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::8c9a:90b0:25d4:80cf%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.43.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 11. júna 2014 19:11:54 Lease Expires . . . . . . . . . . : 11. júna 2014 20:11:54 Default Gateway . . . . . . . . . : 192.168.43.1 DHCP Server . . . . . . . . . . . : 192.168.43.1 DHCPv6 IAID . . . . . . . . . . . : 362842292 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-85-A3-8D-5C-26-0A-52-57-0E DNS Servers . . . . . . . . . . . : 192.168.43.1 NetBIOS over Tcpip. . . . . . . . : Enabled C:\Users\Dell>route print IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.6 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.43.0 255.255.255.0 On-link 192.168.43.6 281 192.168.43.6 255.255.255.255 On-link 192.168.43.6 281 192.168.43.255 255.255.255.255 On-link 192.168.43.6 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.43.6 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.43.6 281 =========================================================================== Persistent Routes: None Po spusteni VPN Clienta C:\Users\Dell>ipconfig /all Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : redwarf Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit Windows Physical Address. . . . . . . . . : 00-05-9A-3C-78-00 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::3197:faec:8205:c198%29(Preferred) IPv4 Address. . . . . . . . . . . : 10.10.10.15(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.1.31 NetBIOS over Tcpip. . . . . . . . : Enabled C:\Users\Dell>route print IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.6 25 10.10.10.0 255.255.255.0 On-link 10.10.10.15 281 10.10.10.15 255.255.255.255 On-link 10.10.10.15 281 10.10.10.255 255.255.255.255 On-link 10.10.10.15 281 87.197.115.166 255.255.255.255 192.168.43.1 192.168.43.6 100 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 10.10.10.1 10.10.10.15 100 192.168.43.0 255.255.255.0 On-link 192.168.43.6 281 192.168.43.1 255.255.255.255 On-link 192.168.43.6 100 192.168.43.6 255.255.255.255 On-link 192.168.43.6 281 192.168.43.255 255.255.255.255 On-link 192.168.43.6 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.43.6 281 224.0.0.0 240.0.0.0 On-link 10.10.10.15 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.43.6 281 255.255.255.255 255.255.255.255 On-link 10.10.10.15 281 =========================================================================== Persistent Routes: None
S 10.10.10.16/32 [1/0] via 195.91.14.88Toto, pokud se nepletu, zaridi direktiva reverse-route, ale mozna je problem v tom, ze router se snazi smerovat provoz na 195.91.14.88 pres interface s nizsi metrikou f0/0.1 a tudiz mimo VPN. Zkusil bych tuto direktivu odstranit a nakonfigurovat stratickou routu pro sit 10.10.10.0 pres rozhrani VPN.
root@pete:~# tcpdump -i eth2 -qtln icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes -------------------------------PING z LAN------------------------------ IP 192.168.1.50 > 192.168.1.20: ICMP echo request, id 1, seq 3, length 40 IP 192.168.1.20 > 192.168.1.50: ICMP echo reply, id 1, seq 3, length 40 -------------------------------PING z VPN------------------------------ IP 10.10.10.21 > 192.168.1.20: ICMP echo request, id 1, seq 1, length 40 IP 10.10.10.21 > 192.168.1.20: ICMP echo request, id 1, seq 2, length 40
Edge-01#show running-config Building configuration... Current configuration : 6252 bytes ! ! Last configuration change at 15:16:21 UTC Sat Jun 14 2014 by admin version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Edge-01 ! boot-start-marker boot-end-marker ! ! enable secret 5 $1$b/2d$tGeCBy.kXaGx7v90b1DJf. ! aaa new-model ! ! aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization network sdm_vpn_group_ml_1 local ! ! ! ! ! aaa session-id common ! crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-3394940162 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3394940162 revocation-check none rsakeypair TP-self-signed-3394940162 ! crypto pki trustpoint test_trustpoint_config_created_for_sdm subject-name e=sdmtest@sdmtest.com revocation-check crl ! ! crypto pki certificate chain TP-self-signed-3394940162 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33333934 39343031 3632301E 170D3134 30363031 31303239 35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393439 34303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81009E0F 28659FB0 52E542EB 8D9D4AD6 5A449BF1 2FA7F681 BE967C74 EF00464F 8E0E7B23 D10447A7 D06C71D2 1341CF98 1628AB66 911FE6B4 93FA3195 83DFE237 1E7E3749 1FCC2671 8AD8BDF3 59019C6D DD47D02E 0B59C196 65BC0CEF B3D63D7E 0A3DCD18 82A0F445 9C1F42AE C45B74CA 80801BAC D3DF5647 AE8D9279 F11DDB20 45530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14F71933 9102D376 07CD3878 4AA3C1C3 595D8DD3 0E301D06 03551D0E 04160414 F7193391 02D37607 CD38784A A3C1C359 5D8DD30E 300D0609 2A864886 F70D0101 05050003 81810001 226DABCA BD7C85D7 ACF09A9B 483018DD A6C7A4F7 05D892BF 224C1DE1 530EB25D 580AA0D5 B35C4748 1C1EFF71 DF4628DA D5068E9B 038AABEE 8DA35E57 84D02CED EF7A181F 3CE80C4D 1BC21AF9 51151E1A BC573EB9 ADF90AB4 4BFD1492 46F6DB16 93D0220A FEFFBB63 3F4A1A2D 98A6F68F FACC71BE 31BEF4CA E4C5F79A 4D877A quit crypto pki certificate chain test_trustpoint_config_created_for_sdm dot11 syslog ip source-route ! ! ! ! ! ip cef ip domain name redwarf ip name-server 8.8.8.8 ip name-server 192.168.1.31 no ipv6 cef ! multilink bundle-name authenticated ! ! ! license udi pid CISCO1841 sn FCZ1033115W username admin privilege 15 password 7 0214015707091D735F5E ! redundancy ! ! ! track 100 ip sla 100 reachability delay down 10 up 20 ! crypto keyring spokes pre-shared-key address 0.0.0.0 0.0.0.0 key pheonix ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp nat keepalive 20 ! crypto isakmp client configuration group vpngroup key pheonix dns 192.168.1.31 domain redwarf pool SDM_POOL_1 acl 104 save-password include-local-lan netmask 255.255.255.0 banner ^CWelcome to private VPN on mgula.eu ^C crypto isakmp profile L2L description LAN-to-LAN for spoke router(s) connection keyring spokes match identity address 0.0.0.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 ! Incomplete set transform-set ESP-3DES-SHA match address 101 ! crypto dynamic-map SDM_DYNMAP_2 1 set security-association idle-time 86400 set transform-set ESP-3DES-SHA1 ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_2 ! ! ! ! ! interface FastEthernet0/0 description Trunk no ip address duplex auto speed auto ! interface FastEthernet0/0.1 description VDSL encapsulation dot1Q 2 native ip address 10.0.0.2 255.255.255.0 ip nat outside ip virtual-reassembly in crypto map SDM_CMAP_1 ! interface FastEthernet0/0.2 description ADSL encapsulation dot1Q 3 ip address 10.0.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in ! interface FastEthernet0/1 description LAN ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! ip local pool SDM_POOL_1 192.168.10.10 192.168.10.20 ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! ! ip dns server ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet0/0.1 80 ip nat inside source static tcp 192.168.1.31 587 interface FastEthernet0/0.1 587 ip nat inside source static tcp 192.168.1.31 143 interface FastEthernet0/0.1 143 ip nat inside source static tcp 192.168.1.31 10000 interface FastEthernet0/0.1 10000 ip nat inside source static tcp 192.168.1.31 953 interface FastEthernet0/0.1 953 ip nat inside source static tcp 192.168.1.31 993 interface FastEthernet0/0.1 993 ip nat inside source static tcp 192.168.1.31 995 interface FastEthernet0/0.1 995 ip nat inside source static tcp 192.168.1.31 25 interface FastEthernet0/0.1 25 ip nat inside source static tcp 192.168.1.31 22 interface FastEthernet0/0.1 222 ip nat inside source static tcp 192.168.1.30 3389 interface FastEthernet0/0.1 3333 ip nat inside source route-map adsl interface FastEthernet0/0.2 overload ip nat inside source route-map vdsl interface FastEthernet0/0.1 overload ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100 ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10 ! ip sla 100 icmp-echo 8.8.8.8 source-interface FastEthernet0/0.1 threshold 250 timeout 250 frequency 3 ip sla schedule 100 life forever start-time now access-list 1 permit 0.0.0.0 255.255.255.0 access-list 10 permit 0.0.0.0 0.0.0.255 access-list 100 permit ip any any access-list 104 remark SDM_ACL Category=4 access-list 104 permit ip 192.168.1.0 0.0.0.255 any ! ! ! ! route-map vdsl permit 10 match ip address 100 match interface FastEthernet0/0.1 ! route-map adsl permit 10 match ip address 100 match interface FastEthernet0/0.2 ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 transport input ssh ! scheduler allocate 20000 1000 end Edge-01#
Tiskni Sdílej: