Přihlášení | Registrace

napište » Zprávičky

Pwn2Own Ireland 2025

dnes 17:11 | IT novinky

Proběhla hackerská soutěž Pwn2Own Ireland 2025. Celkově bylo vyplaceno 1 024 750 dolarů za 73 unikátních zranitelností nultého dne (0-day). Vítězný Summoning Team si odnesl 187 500 dolarů. Shrnutí po jednotlivých dnech na blogu Zero Day Initiative (1. den, 2. den a 3. den) a na YouTube.

Ladislav Hagara | Komentářů: 1

Novinky z vývoje Asahi Linuxu – říjen 2025 / Linux 6.17

dnes 13:33 | Komunita

Byl publikován říjnový přehled dění a novinek z vývoje Asahi Linuxu, tj. Linuxu pro Apple Silicon. Pracuje se na podpoře M3. Zanedlouho vyjde Fedora Asahi Remix 43. Vývojáře lze podpořit na Open Collective a GitHub Sponsors.

Ladislav Hagara | Komentářů: 0

Projekt Patina, implementace UEFI firmwaru v Rustu

včera 15:44 | Zajímavý software

Iniciativa Open Device Partnership (ODP) nedávno představila projekt Patina. Jedná se o implementaci UEFI firmwaru v Rustu. Vývoj probíhá na GitHubu. Zdrojové kódy jsou k dispozici pod licencí Apache 2.0. Nejnovější verze Patiny je 13.0.0.

Ladislav Hagara | Komentářů: 0

Datacentra využívají pro napájení AI staré proudové motory

včera 05:11 | Zajímavý článek

Obrovská poptávka po plynových turbínách zapříčinila, že datová centra začala používat v generátorech dodávajících energii pro provoz AI staré dobré proudové letecké motory, konvertované na plyn. Jejich výhodou je, že jsou menší, lehčí a lépe udržovatelné než jejich průmyslové protějšky. Proto jsou ideální pro dočasné nebo mobilní použití.

karkar | Komentářů: 7

Typst 0.14

24.10. 19:55 | Nová verze

Typst byl vydán ve verzi 0.14. Jedná se o rozšiřitelný značkovací jazyk a překladač pro vytváření dokumentů včetně odborných textů s matematickými vzorci, diagramy či bibliografií.

Ladislav Hagara | Komentářů: 0

Malware se maskuje za aplikaci ČNB, útočníci pak pomocí NFC technologie vybírají peníze z bankomatů

24.10. 13:33 | Bezpečnostní upozornění

Specialisté společnosti ESET zaznamenali útočnou kampaň, která cílí na uživatele a uživatelky v Česku a na Slovensku. Útočníci po telefonu zmanipulují oběť ke stažení falešné aplikace údajně od České národní banky (ČNB) nebo Národní banky Slovenska (NBS), přiložení platební karty k telefonu a zadání PINu. Malware poté v reálném čase přenese data z karty útočníkovi, který je bezkontaktně zneužije u bankomatu nebo na platebním terminálu.

Ladislav Hagara | Komentářů: 19

Nefunkční automatická aktualizace Ubuntu 25.10

24.10. 13:22 | Upozornění

V Ubuntu 25.10 byl balíček základních nástrojů gnu-coreutils nahrazen balíčkem rust-coreutils se základními nástroji přepsanými do Rustu. Ukázalo se, že nový "date" znefunkčnil automatickou aktualizaci. Pro obnovu je nutno balíček rust-coreutils manuálně aktualizovat.

Ladislav Hagara | Komentářů: 13

VST 3 nově pod licencí MIT

24.10. 04:55 | Komunita

VST 3 je nově pod licencí MIT. S verzí 3.8.0 proběhlo přelicencování zdrojových kódů z licencí "Proprietary Steinberg VST3 License" a "General Public License (GPL) Version 3". VST (Virtual Studio Technology, Wikipedie) je softwarové rozhraní pro komunikaci mezi hostitelským programem a zásuvnými moduly (pluginy), kde tyto moduly slouží ke generování a úpravě digitálního audio signálu.

Ladislav Hagara | Komentářů: 1

Open 3D Engine (O3DE) 25.10

24.10. 03:22 | Nová verze

Open source 3D herní a simulační engine Open 3D Engine (O3DE) byl vydán v nové verzi 25.10. Podrobný přehled novinek v poznámkách k vydání.

Ladislav Hagara | Komentářů: 0

Ubuntu Summit 25.10

23.10. 20:11 | Komunita

V Londýně probíhá dvoudenní Ubuntu Summit 25.10. Na programu je řada zajímavých přednášek. Zhlédnout je lze také na YouTube (23. 10. a 24. 10.).

Ladislav Hagara | Komentářů: 0

Centrum | Napsat | Starší

navrhněte » Anketa

Jaké řešení používáte k vývoji / práci?

Github (36%)

Gitlab (48%)

Atlassian (20%)

Bitbucket (20%)

Gitea (23%)

Mercurial (17%)

jen git (20%)

jen svn (17%)

Jiné (uvedu v diskusi) (18%)

Celkem 274 hlasů

Komentářů: 14, poslední 14.10. 09:04

Rozcestník

AbcLinuxu

HDmag.cz

AbcLinuxu:/ Poradna / Hardwarová poradna / Cisco router 1841 VPN

Štítky: aaa, ACL, admin, ADSL, Cisco, config, DNS, duplex, For, chyba, IDE, input, Internet, IPsec, IPv6, LAN, login, NAT, net, password, route, router, server, sítě, SSH, TCP, token, VDSL, VPN, záloha, 3333

Dotaz: Cisco router 1841 VPN

11.6.2014 12:39 dastin517 | skóre: 3
Cisco router 1841 VPN

Přečteno: 669×

Odpovědět | Admin

Zdravím, mám jeden starší cisco router 1841. Potreboval by som radu. Nedarí sa mi cez VPN Klienta ping-ať všeký zariadenia v sieti.Dostanem sa iba na niektoré. Konfigurák je robený na rýchlo tak je v nom veľa chýb. Určite tam chýba niekde default route alebo niečo podobné.

FastEthernet0/0.1   - Hlavné pripojenie na net. Tadial ide aj VPN-ka/NAT/
FastEthernet0/0.2  - Záloha iba pre internet
FastEthernet0/1    - LAN (priamo do hlavného switcha)

!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Edge-01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$b/2d$tGeCBy.kXaGx7v90b1DJf.
!
aaa new-model
!
!
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local 
!
!
!
!
!
aaa session-id common
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3394940162
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3394940162
 revocation-check none
 rsakeypair TP-self-signed-3394940162
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
 subject-name e=sdmtest@sdmtest.com
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3394940162
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33333934 39343031 3632301E 170D3134 30363031 31303239 
  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393439 
  34303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81009E0F 28659FB0 52E542EB 8D9D4AD6 5A449BF1 2FA7F681 BE967C74 EF00464F 
  8E0E7B23 D10447A7 D06C71D2 1341CF98 1628AB66 911FE6B4 93FA3195 83DFE237 
  1E7E3749 1FCC2671 8AD8BDF3 59019C6D DD47D02E 0B59C196 65BC0CEF B3D63D7E 
  0A3DCD18 82A0F445 9C1F42AE C45B74CA 80801BAC D3DF5647 AE8D9279 F11DDB20 
  45530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 14F71933 9102D376 07CD3878 4AA3C1C3 595D8DD3 0E301D06 
  03551D0E 04160414 F7193391 02D37607 CD38784A A3C1C359 5D8DD30E 300D0609 
  2A864886 F70D0101 05050003 81810001 226DABCA BD7C85D7 ACF09A9B 483018DD 
  A6C7A4F7 05D892BF 224C1DE1 530EB25D 580AA0D5 B35C4748 1C1EFF71 DF4628DA 
  D5068E9B 038AABEE 8DA35E57 84D02CED EF7A181F 3CE80C4D 1BC21AF9 51151E1A 
  BC573EB9 ADF90AB4 4BFD1492 46F6DB16 93D0220A FEFFBB63 3F4A1A2D 98A6F68F 
  FACC71BE 31BEF4CA E4C5F79A 4D877A
  	quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip domain name redwarf
ip name-server 8.8.8.8
ip name-server 192.168.1.31
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1841 sn FCZ1033115W
username admin privilege 15 password 7 0214015707091D735F5E
!
redundancy
!
!
!
track 100 ip sla 100 reachability
 delay down 10 up 20
! 
crypto keyring spokes  
  pre-shared-key address 0.0.0.0 0.0.0.0 key pheonix
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group vpngroup
 key pheonix
 dns 192.168.1.31
 domain redwarf
 pool SDM_POOL_1
 acl 104
 include-local-lan
 netmask 255.255.255.0
crypto isakmp profile L2L
   description LAN-to-LAN for spoke router(s) connection 
   keyring spokes
   match identity address 0.0.0.0 
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac 
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA 
 match address 101
!
crypto dynamic-map SDM_DYNMAP_2 1
 set security-association idle-time 86400
 set transform-set ESP-3DES-SHA1 
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_2 
!
!
!
!
!
interface FastEthernet0/0
 description Trunk
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 description VDSL
 encapsulation dot1Q 2 native
 ip address 10.0.0.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 crypto map SDM_CMAP_1
!
interface FastEthernet0/0.2
 description ADSL
 encapsulation dot1Q 3
 ip address 10.0.1.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
!
interface FastEthernet0/1
 description LAN
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip local pool SDM_POOL_1 10.10.10.10 10.10.10.22
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet0/0.1 80
ip nat inside source static tcp 192.168.1.31 587 interface FastEthernet0/0.1 587
ip nat inside source static tcp 192.168.1.31 143 interface FastEthernet0/0.1 143
ip nat inside source static tcp 192.168.1.31 10000 interface FastEthernet0/0.1 10000
ip nat inside source static tcp 192.168.1.31 953 interface FastEthernet0/0.1 953
ip nat inside source static tcp 192.168.1.31 993 interface FastEthernet0/0.1 993
ip nat inside source static tcp 192.168.1.31 995 interface FastEthernet0/0.1 995
ip nat inside source static tcp 192.168.1.31 25 interface FastEthernet0/0.1 25
ip nat inside source static tcp 192.168.1.31 22 interface FastEthernet0/0.1 222
ip nat inside source static tcp 192.168.1.30 3389 interface FastEthernet0/0.1 3333
ip nat inside source route-map adsl interface FastEthernet0/0.2 overload
ip nat inside source route-map vdsl interface FastEthernet0/0.1 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10
!
ip sla 100
 icmp-echo 8.8.8.8 source-interface FastEthernet0/0.1
 threshold 250
 timeout 250
 frequency 3
ip sla schedule 100 life forever start-time now
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 10 permit 0.0.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=18
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.10
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.11
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.12
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.13
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.14
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.15
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.16
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.17
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.18
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.19
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.20
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.21
access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.22
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.10
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.11
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.12
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.13
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.14
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.15
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.16
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.17
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.18
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.19
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.20
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.21
access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.22
access-list 100 deny   ip any host 10.10.10.10
access-list 100 deny   ip any host 10.10.10.11
access-list 100 deny   ip any host 10.10.10.12
access-list 100 deny   ip any host 10.10.10.13
access-list 100 deny   ip any host 10.10.10.14
access-list 100 deny   ip any host 10.10.10.15
access-list 100 deny   ip any host 10.10.10.16
access-list 100 deny   ip any host 10.10.10.17
access-list 100 deny   ip any host 10.10.10.18
access-list 100 deny   ip any host 10.10.10.19
access-list 100 deny   ip any host 10.10.10.20
access-list 100 deny   ip any host 10.10.10.21
access-list 100 deny   ip any host 10.10.10.22
access-list 100 permit ip any any

access-list 101 remark SDM_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
route-map vdsl permit 10
 match ip address 100
 match interface FastEthernet0/0.1
!
route-map adsl permit 10
 match ip address 100
 match interface FastEthernet0/0.2
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 transport input ssh
!
scheduler allocate 20000 1000
end

Nástroje: Začni sledovat (0) ?

Odpovědi

11.6.2014 18:13 NN
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

Default route nechybi:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10

Porovnal bych vypis routovacich tabulek po sestaveni VPN na obou stranach.

11.6.2014 19:29 dastin517 | skóre: 3
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

Pozeral som to a nieco mi tam chyba....Router Edge-01 nastavi route 10.10.10.16/32 [1/0] via 195.91.14.88 ale urcite to treba este niekde nasmerovat. Bud 192.168.1.0 alebo fastethernet0/1.... :/

Pred spustenim VPN klienta na stanici

Edge-01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.0.0.1, FastEthernet0/0.1
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.0.0.0/24 is directly connected, FastEthernet0/0.1
L        10.0.0.2/32 is directly connected, FastEthernet0/0.1
C        10.0.1.0/24 is directly connected, FastEthernet0/0.2
L        10.0.1.2/32 is directly connected, FastEthernet0/0.2
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, FastEthernet0/1
L        192.168.1.1/32 is directly connected, FastEthernet0/1
Edge-01#

Po sputeni VPN clienta na stanici

Edge-01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.0.0.1, FastEthernet0/0.1
      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C        10.0.0.0/24 is directly connected, FastEthernet0/0.1
L        10.0.0.2/32 is directly connected, FastEthernet0/0.1
C        10.0.1.0/24 is directly connected, FastEthernet0/0.2
L        10.0.1.2/32 is directly connected, FastEthernet0/0.2
S        10.10.10.16/32 [1/0] via 195.91.14.88
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, FastEthernet0/1
L        192.168.1.1/32 is directly connected, FastEthernet0/1
Edge-01#

Stanica Win7 Cisco VPN Client :

Pred spustenim VPN Clienta

C:\Users\Dell>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Dell
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
   Physical Address. . . . . . . . . : A0-88-B4-20-C3-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8c9a:90b0:25d4:80cf%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.43.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 11. júna 2014 19:11:54
   Lease Expires . . . . . . . . . . : 11. júna 2014 20:11:54
   Default Gateway . . . . . . . . . : 192.168.43.1
   DHCP Server . . . . . . . . . . . : 192.168.43.1
   DHCPv6 IAID . . . . . . . . . . . : 362842292
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-85-A3-8D-5C-26-0A-52-57-0E

   DNS Servers . . . . . . . . . . . : 192.168.43.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


C:\Users\Dell>route print

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1     192.168.43.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.43.0    255.255.255.0         On-link      192.168.43.6    281
     192.168.43.6  255.255.255.255         On-link      192.168.43.6    281
   192.168.43.255  255.255.255.255         On-link      192.168.43.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.43.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.43.6    281
===========================================================================
Persistent Routes:
  None




Po spusteni VPN Clienta




C:\Users\Dell>ipconfig /all


Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . : redwarf
   Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit Windows
   Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3197:faec:8205:c198%29(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.10.10.15(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


C:\Users\Dell>route print

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1     192.168.43.6     25
       10.10.10.0    255.255.255.0         On-link       10.10.10.15    281
      10.10.10.15  255.255.255.255         On-link       10.10.10.15    281
     10.10.10.255  255.255.255.255         On-link       10.10.10.15    281
   87.197.115.166  255.255.255.255     192.168.43.1     192.168.43.6    100
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0       10.10.10.1      10.10.10.15    100
     192.168.43.0    255.255.255.0         On-link      192.168.43.6    281
     192.168.43.1  255.255.255.255         On-link      192.168.43.6    100
     192.168.43.6  255.255.255.255         On-link      192.168.43.6    281
   192.168.43.255  255.255.255.255         On-link      192.168.43.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.43.6    281
        224.0.0.0        240.0.0.0         On-link       10.10.10.15    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.43.6    281
  255.255.255.255  255.255.255.255         On-link       10.10.10.15    281
===========================================================================
Persistent Routes:
  None

11.6.2014 22:13 NN
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

S        10.10.10.16/32 [1/0] via 195.91.14.88

Toto, pokud se nepletu, zaridi direktiva reverse-route, ale mozna je problem v tom, ze router se snazi smerovat provoz na 195.91.14.88 pres interface s nizsi metrikou f0/0.1 a tudiz mimo VPN. Zkusil bych tuto direktivu odstranit a nakonfigurovat stratickou routu pro sit 10.10.10.0 pres rozhrani VPN.

12.6.2014 09:01 dastin517 | skóre: 3
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

Skusal som to cez ip route 10.10.10.0 255.255.255.0 192.168.1.1 aj ip route 10.10.10.0 255.255.255.0 10.10.10.1

Ale nepodarilo sa mi to. Az do obeda som skoncil lebo som zmazal default route (neviem naco som myslel) a musim to ist ozivit. Shit.

12.6.2014 09:45 NN
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

Tak jinak, ten routing vypada dobre. Muzes overit jestli ICMP dorazi na koncovy box a odejde spatky?

12.6.2014 20:55 dastin517 | skóre: 3
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

Hm, zaujimave. Stroj poziadavku spracuje ale neodpovie...

root@pete:~# tcpdump -i eth2 -qtln icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
-------------------------------PING z LAN------------------------------
IP 192.168.1.50 > 192.168.1.20: ICMP echo request, id 1, seq 3, length 40
IP 192.168.1.20 > 192.168.1.50: ICMP echo reply, id 1, seq 3, length 40
-------------------------------PING z VPN------------------------------
IP 10.10.10.21 > 192.168.1.20: ICMP echo request, id 1, seq 1, length 40
IP 10.10.10.21 > 192.168.1.20: ICMP echo request, id 1, seq 2, length 40

12.6.2014 23:27 NN
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

Tak to si to pravdepodobne sam blokuje firewallem..

14.6.2014 15:18 dastin517 | skóre: 3
Rozbalit Rozbalit vše Re: Cisco router 1841 VPN

Už som to vyriešil, ak by niekto potreboval tak tu je moj "spastačený" konfig.


Edge-01#show running-config
Building configuration...

Current configuration : 6252 bytes
!
! Last configuration change at 15:16:21 UTC Sat Jun 14 2014 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Edge-01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$b/2d$tGeCBy.kXaGx7v90b1DJf.
!
aaa new-model
!
!
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3394940162
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3394940162
 revocation-check none
 rsakeypair TP-self-signed-3394940162
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
 subject-name e=sdmtest@sdmtest.com
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3394940162
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33333934 39343031 3632301E 170D3134 30363031 31303239
  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393439
  34303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009E0F 28659FB0 52E542EB 8D9D4AD6 5A449BF1 2FA7F681 BE967C74 EF00464F
  8E0E7B23 D10447A7 D06C71D2 1341CF98 1628AB66 911FE6B4 93FA3195 83DFE237
  1E7E3749 1FCC2671 8AD8BDF3 59019C6D DD47D02E 0B59C196 65BC0CEF B3D63D7E
  0A3DCD18 82A0F445 9C1F42AE C45B74CA 80801BAC D3DF5647 AE8D9279 F11DDB20
  45530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14F71933 9102D376 07CD3878 4AA3C1C3 595D8DD3 0E301D06
  03551D0E 04160414 F7193391 02D37607 CD38784A A3C1C359 5D8DD30E 300D0609
  2A864886 F70D0101 05050003 81810001 226DABCA BD7C85D7 ACF09A9B 483018DD
  A6C7A4F7 05D892BF 224C1DE1 530EB25D 580AA0D5 B35C4748 1C1EFF71 DF4628DA
  D5068E9B 038AABEE 8DA35E57 84D02CED EF7A181F 3CE80C4D 1BC21AF9 51151E1A
  BC573EB9 ADF90AB4 4BFD1492 46F6DB16 93D0220A FEFFBB63 3F4A1A2D 98A6F68F
  FACC71BE 31BEF4CA E4C5F79A 4D877A
        quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip domain name redwarf
ip name-server 8.8.8.8
ip name-server 192.168.1.31
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1841 sn FCZ1033115W
username admin privilege 15 password 7 0214015707091D735F5E
!
redundancy
!
!
!
track 100 ip sla 100 reachability
 delay down 10 up 20
!
crypto keyring spokes
  pre-shared-key address 0.0.0.0 0.0.0.0 key pheonix
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group vpngroup
 key pheonix
 dns 192.168.1.31
 domain redwarf
 pool SDM_POOL_1
 acl 104
 save-password
 include-local-lan
 netmask 255.255.255.0
 banner ^CWelcome to private VPN on mgula.eu ^C
crypto isakmp profile L2L
   description LAN-to-LAN for spoke router(s) connection
   keyring spokes
   match identity address 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 ! Incomplete
 set transform-set ESP-3DES-SHA
 match address 101
!
crypto dynamic-map SDM_DYNMAP_2 1
 set security-association idle-time 86400
 set transform-set ESP-3DES-SHA1
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
!
!
!
!
!
interface FastEthernet0/0
 description Trunk
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 description VDSL
 encapsulation dot1Q 2 native
 ip address 10.0.0.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 crypto map SDM_CMAP_1
!
interface FastEthernet0/0.2
 description ADSL
 encapsulation dot1Q 3
 ip address 10.0.1.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
!
interface FastEthernet0/1
 description LAN
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip local pool SDM_POOL_1 192.168.10.10 192.168.10.20
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet0/0.1 80
ip nat inside source static tcp 192.168.1.31 587 interface FastEthernet0/0.1 587
ip nat inside source static tcp 192.168.1.31 143 interface FastEthernet0/0.1 143
ip nat inside source static tcp 192.168.1.31 10000 interface FastEthernet0/0.1 10000
ip nat inside source static tcp 192.168.1.31 953 interface FastEthernet0/0.1 953
ip nat inside source static tcp 192.168.1.31 993 interface FastEthernet0/0.1 993
ip nat inside source static tcp 192.168.1.31 995 interface FastEthernet0/0.1 995
ip nat inside source static tcp 192.168.1.31 25 interface FastEthernet0/0.1 25
ip nat inside source static tcp 192.168.1.31 22 interface FastEthernet0/0.1 222
ip nat inside source static tcp 192.168.1.30 3389 interface FastEthernet0/0.1 3333
ip nat inside source route-map adsl interface FastEthernet0/0.2 overload
ip nat inside source route-map vdsl interface FastEthernet0/0.1 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10
!
ip sla 100
 icmp-echo 8.8.8.8 source-interface FastEthernet0/0.1
 threshold 250
 timeout 250
 frequency 3
ip sla schedule 100 life forever start-time now
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 10 permit 0.0.0.0 0.0.0.255
access-list 100 permit ip any any
access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
route-map vdsl permit 10
 match ip address 100
 match interface FastEthernet0/0.1
!
route-map adsl permit 10
 match ip address 100
 match interface FastEthernet0/0.2
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 transport input ssh
!
scheduler allocate 20000 1000
end

Edge-01#

Založit nové vlákno • Nahoru

Tiskni Sdílej:

Píšeme jinde

ISSN 1214-1267 www.czech-server.cz

Redakce | Inzerce | Podmínky použití | Osobní údaje