Hi, You better change your passwords and VPN groups because it is now visible to anyone. I can easily establish VPN with you and be able to see your network.
Ask Tyson to delete that post (not archive it at least). Then we can help you with your issue. Regards, Piotr 2010/12/14 Kamran Shakil <[email protected]> > > Hi guys, > > Here is a code snippet for remote access vpn .... just wanted to dicuss > that i am unable to access http and ftp ports on 192.168.0.10 ip which is in > the lan directly connected to router ethernet on 192.168.0.99 . MY VPN is UP > and running fine. > I can ping the backside of VPN Router (192.168.0.99). > > > i can ping 192.168.0.99 and also i can ping 192.168.0.100 which is > another cisco router on the same segment, but the machine 192.168.0.10 is > not able to open http or ftp ..... split tunnel si working fine for vpn > users.... any catch here ? any ideas ?? plz ..advice ... > > version 12.4 > no service pad > service tcp-keepalives-in > service tcp-keepalives-out > service timestamps debug datetime msec localtime show-timezone > service timestamps log datetime msec localtime show-timezone > service password-encryption > service sequence-numbers > no service dhcp > ! > hostname Router-2-Internet > ! > boot-start-marker > boot-end-marker > ! > security authentication failure rate 10 log > security passwords min-length 6 > logging buffered 4096 debugging > enable secret 5 $1$W/jA$bkFGswtK1q5hs.iRvPgZR0 > enable password 7 12170114190A01162B25 > ! > aaa new-model > ! > ! > aaa authentication login local_auth local > aaa authentication login userauthen local > aaa authorization network groupauthor local > ! > aaa session-id common > no ip source-route > no ip gratuitous-arps > ! > ! > ip cef > ip auth-proxy max-nodata-conns 3 > ip admission max-nodata-conns 3 > ! > ! > no ip bootp server > ip domain name KAMRAN.com > ip name-server 212.72.1.186 > ip name-server 198.6.1.1 > login block-for 60 attempts 5 within 5 > ! > ! > ! > ! > username game123 privilege 15 password 7 050C07022443580C0B544541 > username dracula password 7 00051F13075A1902 > username kamran password 7 01110707500F090033 > archive > log config > logging enable > ! > ! > ip ssh time-out 60 > ip ssh authentication-retries 2 > ip ssh version 2 > ! > ! > crypto isakmp policy 3 > hash md5 > authentication pre-share > group 2 > ! > crypto isakmp client configuration group omanpost > key kobayashi > pool ippool > acl 108 > ! > ! > crypto ipsec transform-set myset esp-des esp-md5-hmac > ! > crypto dynamic-map dynmap 10 > set transform-set myset > ! > ! > crypto map clientmap client authentication list userauthen > crypto map clientmap isakmp authorization list groupauthor > crypto map clientmap client configuration address initiate > crypto map clientmap client configuration address respond > crypto map clientmap 10 ipsec-isakmp dynamic dynmap > ! > ! > ! > interface FastEthernet0/0 > description Connected to OMANTEL Internet~ > ip address 82.178.20.36 255.255.255.248 > ip nat outside > ip virtual-reassembly > duplex auto > speed auto > crypto map clientmap > ! > interface FastEthernet0/1 > description Connected to LAN - Servers - > ip address 192.168.0.99 255.255.255.0 > ip nat inside > ip virtual-reassembly > duplex auto > speed auto > ! > ip local pool ippool 197.0.0.3 197.0.0.5 > ip forward-protocol nd > ip route 0.0.0.0 0.0.0.0 82.178.20.35 > ip route 10.25.50.12 255.255.255.252 192.168.0.100 > ip route 10.26.10.0 255.255.255.0 192.168.0.100 > ! > no ip http server > no ip http secure-server > ip nat inside source route-map nonat interface FastEthernet0/0 overload > ip nat inside source static 192.168.0.10 82.178.20.37 > ! > ! > logging trap debugging > logging facility local2 > access-list 1 permit any > access-list 108 permit ip 192.168.0.0 0.0.0.255 197.0.0.0 0.0.0.255 > access-list 108 permit icmp 192.168.0.0 0.0.0.255 197.0.0.0 0.0.0.255 > access-list 199 deny ip 192.168.0.0 0.0.0.255 197.0.0.0 0.0.0.255 > access-list 199 permit ip 192.168.0.0 0.0.0.255 any > route-map nonat permit 10 > match ip address 199 > ! > ! > ! > control-plane > ! > ! > banner motd ^C This is a production box for OmanPost in NDC Muscat . Kindly > make sure you are authrozied personnel > ^C > > line con 0 > exec-timeout 0 0 > login authentication local_auth > transport output telnet > line aux 0 > exec-timeout 15 0 > login authentication local_auth > no exec > transport output telnet > line vty 0 4 > password 7 000F1C0405420A1507280C > login authentication local_auth > transport preferred telnet > transport input all > transport output all > ! > scheduler allocate 20000 1000 > > > > regards, > > Kamran Shakil > ITA NDC Operations Engineer > MidEast Data Systems LLC Oman > Cell: + 968 95804126 > Office: + 968 24576640 > http://www.mynameise.com/kamranshakil77 > > Confidentiality Warning: > "This message and any attachments are intended only for the use of the > intended recipient(s), are confidential, and may be privileged. If you are > not the intended recipient, you are hereby notified that any review, > retransmission, conversion to hard copy, copying, circulation or other use > of all or any portion of this message and any attachments is strictly > prohibited. If you are not the intended recipient, please notify the sender > immediately by return e-mail, and delete this message and any attachments > from your system." > > > > -----Original Message----- > From: [email protected] on behalf of Kingsley > Charles > Sent: Tue 12/14/2010 1:27 PM > To: [email protected] > Subject: [OSL | CCIE_Security] SSL MAC function > > Hi all > > Question bit outside from CCIE lab's scope but still a Security Query :-) > > > > Does SSL use MAC or HMAC. As per the microsoft's technet, I see that SSL > uses just MAC. > > http://technet.microsoft.com/en-us/library/cc784450%28WS.10%29.aspx > > Please share your thoughts. > > > > > With regards > > Kings > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
