ciao a tutti, come vi avevo detto ho acquistato un router cisco 877 però purtroppo mi sa che per prendere la via + facile mi sono messo in problemi... vedendo che il router veniva fornito con il cd del SDM allora ho installato tutto e ho provato... però.. ora non riesco a capire come mai non riesco a navigare con i pc che ci connetto... neanche a pingare un tubo invece dalla CLI6 del router i ping vengono risolti però non finiscono con un echo-reply e quindi non funzia...
ricapitolando i pc connesi non riescono ne a risolvere i nomi ne a navigare... il router attraverso la cli con un ping risolve ma non pinga... io provo a postare lo sh run del router... potete aiutarmi? (le offese sono d'obbligo se ho fatto stupidaggini :D) ps non guardate le policy sono solo delle prove per cercare di far andare qualcosa... ------------------------- router#sh run Building configuration... Current configuration : 6172 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname router ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 $1$dHx3$GzHxZ4GkWJ6o4aDD9soIl/ ! no aaa new-model ! resource policy ! clock timezone PCTime 1 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ip subnet-zero no ip source-route ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.10 ip dhcp excluded-address 192.168.1.201 192.168.1.254 ! ip dhcp pool sdm-pool1 import all network 192.168.1.0 255.255.255.0 dns-server 151.99.125.1 151.99.0.100 default-router 192.168.1.1 ! ! ip inspect tcp max-incomplete host 50 block-time 10 ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip inspect name DEFAULT100 dns ip inspect name DEFAULT100 ntp ip inspect name DEFAULT100 snmp ip inspect name DEFAULT100 ssh ip inspect name DEFAULT100 appleqtc ip tcp synwait-time 10 no ip bootp server ip domain name remoto.mine.nu ip name-server 151.99.125.1 ip name-server 151.99.0.100 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-892860865 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-892860865 revocation-check none rsakeypair TP-self-signed-892860865 ! ! crypto pki certificate chain TP-self-signed-892860865 certificate self-signed 01 3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 38393238 36303836 35301E17 0D303731 32323330 32333033 345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3839 32383630 38363530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 DFCB15D8 FC085DBB 64E682DC 91421945 76C7B2BA E8319944 E083B1B6 98927062 513B4902 D87BCAFC 993F9B95 2632D24A 4B70F7B5 16F156B8 CC8FFE28 1E887CAB D69010F5 9F85B479 AA0E09D8 F1B310EF F39535EA A8AF8254 4F3F0AEB 41A4E33E FC0CD6EB 843E05E4 70A90B3B C6140C9D E087F735 1DE30BA5 F47EFE2F 76B11627 02030100 01A37530 73300F06 03551D13 0101FF04 05300301 01FF3020 0603551D 11041930 17821572 6F757465 722E7265 6D6F746F 2E6D696E 652E6E75 301F0603 551D2304 18301680 1468FAEF AE52149E DC779CC6 47707A9C 443CDE67 4D301D06 03551D0E 04160414 68FAEFAE 52149EDC 779CC647 707A9C44 3CDE674D 300D0609 2A864886 F70D0101 04050003 818100AE 641BBA29 E71B18B2 EE3FB927 4339B77A F81275D0 0ADD29AA 05DDE755 2801CBA4 F28D0125 D971EC3E 2ED512ED 79B6003A 5F17972A 0191116D 51C3A4A5 5D478486 4662E320 2B8F2FAF 22C1C9E0 6F884976 7D84C71B A3125707 5D6D3D4D 92D5A151 B08A97A5 6AF17F61 FCF6F348 EC991B81 62C1B41F ECED5C3C 88D7F209 5B00F7 quit username admin privilege 15 secret 5 $1$.C5q$wzC71/N1iMPvC.lSk1n.j. ! ! ! ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description Modem$FW_OUTSIDE$$ES_WAN$ ip nat outside ip virtual-reassembly pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip access-group sdm_vlan1_in in ip access-group sdm_vlan1_out out ip inspect DEFAULT100 out ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group 101 in ip access-group sdm_dialer0_out out ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname aliceadsl ppp chap password 7 13041B1B0809052E3828 ppp pap sent-username aliceadsl password 7 094D42001A0016161800 ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 permanent ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface ATM0.1 overload ! ip access-list extended sdm_dialer0_out remark SDM_ACL Category=1 permit ip any any permit icmp any any ip access-list extended sdm_vlan1_in remark SDM_ACL Category=1 permit ip any any permit icmp any any ip access-list extended sdm_vlan1_out remark SDM_ACL Category=1 permit ip any any permit icmp any any ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 101 remark auto generated by Cisco SDM Express firewall configuratio n access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 192.168.1.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable dialer-list 1 protocol ip permit no cdp run ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end router# ------------------------- grazie a tutti coloro che mi daranno una mano :D matteo _______________________________________________ Cug mailing list http://www.areanetworking.it/index_docs.php [email protected] http://ml.areanetworking.it/mailman/listinfo/cug
