Hi guys, Here is a code snippet for remote access vpn .... just wanted to dicuss that i am unable to access http and ftp ports on 192.168.0.10 ip which is in the lan directly connected to router ethernet on 192.168.0.99 . MY VPN is UP and running fine. I can ping the backside of VPN Router (192.168.0.99).
i can ping 192.168.0.99 and also i can ping 192.168.0.100 which is another cisco router on the same segment, but the machine 192.168.0.10 is not able to open http or ftp ..... split tunnel si working fine for vpn users.... any catch here ? any ideas ?? plz ..advice ... version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers no service dhcp ! hostname Router-2-Internet ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging buffered 4096 debugging enable secret 5 $1$W/jA$bkFGswtK1q5hs.iRvPgZR0 enable password 7 12170114190A01162B25 ! aaa new-model ! ! aaa authentication login local_auth local aaa authentication login userauthen local aaa authorization network groupauthor local ! aaa session-id common no ip source-route no ip gratuitous-arps ! ! ip cef ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! no ip bootp server ip domain name KAMRAN.com ip name-server 212.72.1.186 ip name-server 198.6.1.1 login block-for 60 attempts 5 within 5 ! ! ! ! username game123 privilege 15 password 7 050C07022443580C0B544541 username dracula password 7 00051F13075A1902 username kamran password 7 01110707500F090033 archive log config logging enable ! ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ! ! crypto isakmp policy 3 hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group omanpost key kobayashi pool ippool acl 108 ! ! crypto ipsec transform-set myset esp-des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address initiate crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! interface FastEthernet0/0 description Connected to OMANTEL Internet~ ip address 82.178.20.36 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto crypto map clientmap ! interface FastEthernet0/1 description Connected to LAN - Servers - ip address 192.168.0.99 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! ip local pool ippool 197.0.0.3 197.0.0.5 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 82.178.20.35 ip route 10.25.50.12 255.255.255.252 192.168.0.100 ip route 10.26.10.0 255.255.255.0 192.168.0.100 ! no ip http server no ip http secure-server ip nat inside source route-map nonat interface FastEthernet0/0 overload ip nat inside source static 192.168.0.10 82.178.20.37 ! ! logging trap debugging logging facility local2 access-list 1 permit any access-list 108 permit ip 192.168.0.0 0.0.0.255 197.0.0.0 0.0.0.255 access-list 108 permit icmp 192.168.0.0 0.0.0.255 197.0.0.0 0.0.0.255 access-list 199 deny ip 192.168.0.0 0.0.0.255 197.0.0.0 0.0.0.255 access-list 199 permit ip 192.168.0.0 0.0.0.255 any route-map nonat permit 10 match ip address 199 ! ! ! control-plane ! ! banner motd ^C This is a production box for OmanPost in NDC Muscat . Kindly make sure you are authrozied personnel ^C line con 0 exec-timeout 0 0 login authentication local_auth transport output telnet line aux 0 exec-timeout 15 0 login authentication local_auth no exec transport output telnet line vty 0 4 password 7 000F1C0405420A1507280C login authentication local_auth transport preferred telnet transport input all transport output all ! scheduler allocate 20000 1000 regards, Kamran Shakil ITA NDC Operations Engineer MidEast Data Systems LLC Oman Cell: + 968 95804126 Office: + 968 24576640 http://www.mynameise.com/kamranshakil77 Confidentiality Warning: "This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system." -----Original Message----- From: [email protected] on behalf of Kingsley Charles Sent: Tue 12/14/2010 1:27 PM To: [email protected] Subject: [OSL | CCIE_Security] SSL MAC function Hi all Question bit outside from CCIE lab's scope but still a Security Query :-) Does SSL use MAC or HMAC. As per the microsoft's technet, I see that SSL uses just MAC. http://technet.microsoft.com/en-us/library/cc784450%28WS.10%29.aspx Please share your thoughts. With regards Kings _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
