Question for Floobie Cisco

This is the place to ask for help or discuss the latest in technology

Moderator: redwarrior666

Question for Floobie Cisco

Postby redwarrior666 » Wed Aug 27, 2008 11:36 pm

Floobie I just bought a Cisco 861W for home use and to learn on. Now I have the Cisco Pix Mentor videos, and I Previously owned a Cisco Pix 501. For the love of Pete I just can't seem to get the 861w going in even a basic config. The command stucture is slightly diferrent for the 501. Is there anywhere online besides the Cisco website (which is rediculous to search on) that I can go for info on commands to get this bitch running in just a basic config , like example pix#(config) dhcpd address 10.0.1.101-10.0.1.110 inside I can't even get that to work. The SDM dosen't work it tells me that it is not supported with the 861W. I prefer the CLI , I'm just frustrated with this 861w but I will not give up. I just want to connect my cable modem have dhcp running on the inside and have nat. I know how to open ports using access list. Any advice would be tremendoudly appreciated.

Red ....red in the face ....Cisco you will not defeat me :D
----------------------------------------
"
User avatar
redwarrior666
Second Lieutenant
Second Lieutenant
 
Posts: 365
Joined: Fri Nov 19, 2004 11:26 am
Location: Fresno HELL CA

Postby Socco » Thu Aug 28, 2008 7:41 am

Geez, you bought a Cisco for home use?

Unfortunately, you'll need Floobie because I don't really know about business-level equipment networking...
Image
User avatar
Socco
First Lieutenant
First Lieutenant
 
Posts: 499
Joined: Sat Dec 04, 2004 4:17 pm

Postby rhonnin » Thu Aug 28, 2008 11:01 am

Oh boy, this is going to be a good one *grabs a box of tissue*.
Image
Image
User avatar
rhonnin
Lieutenant General
Lieutenant General
 
Posts: 3759
Joined: Fri Nov 19, 2004 12:40 pm
Location: New Hampshire

Postby FloobieDoobie » Thu Aug 28, 2008 5:02 pm

I haven't setup one of these guys yet but it has a web gui. Unless you know how to configure and ASA, IOS Switch (layer2), IOS Router (layer 3) and WAP, you're going to want to use the gui.
The number of commands that you have to enter to get the basic setup running is actually really prety long considering all the components in that thing. That's why there's the gui, set it up with that and then do the finishing in cli.



PS. The WAP should support WPA2 (which you really,really want to use) but you'll need to make sure that you have a cert server and raidius server on you network. MS has them both built in you just have to config them.
WWFD?
User avatar
FloobieDoobie
Major
Major
 
Posts: 624
Joined: Mon Nov 22, 2004 3:23 pm

Postby redwarrior666 » Sat Aug 30, 2008 9:53 am

Ok I ahve a GUI and have configured it but I still can't seem to route past my outside interface. I think I'm missing a global nat statement but I'm not sure.

pixy#term len 0
pixy#show run
Building configuration...

Current configuration : 12274 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pixy
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$dbPB$jLtQm4Mm29kEWo8dYQRff/
enable password 7 081A5E4B0D0B101A435C59577E16
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-387923354
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-387923354
revocation-check none
rsakeypair TP-self-signed-387923354
!
!
crypto pki certificate chain TP-self-signed-387923354
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383739 32333335 34301E17 0D303230 33303130 34353830
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3338 37393233
33353430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
9B83660F 4E888EE6 CAC31779 FDFCC0D4 55699843 9F6D28CA 5A1F0442 673F98CD
0916BA43 7708AEB9 64B3B732 B90866EA 5DDFE8D6 8E5C4986 E5C4B6CD E3D21298
2A176615 8693AC80 1602F021 0D5876A4 136A9E03 BF50C6AB CC314305 0209C4DC
DDA2B9BD E9DF6736 0326FC8C C0163C05 D41E823A B8DC92BC BA188575 EE503F83
02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
11041730 15821370 6978792E 796F7572 646F6D61 696E2E63 6F6D301F 0603551D
23041830 1680148D 7FD11ED3 A55546AE 377A0178 7D19ED36 A0E13A30 1D060355
1D0E0416 04148D7F D11ED3A5 5546AE37 7A01787D 19ED36A0 E13A300D 06092A86
4886F70D 01010405 00038181 0062E491 9C5C01FB 010AF451 3503F1E9 EBB4ABB3
B89EBFF9 34CDA2FF A0452999 37431AAF 4C366635 5D774F91 9BFEBE07 0474BD5C
F3F75EB6 EACA75B1 4B7568CA 0FB34D74 592BD7CA C9A524BB 5B2623CB A78BBA3D
2F415F79 B22CEE14 975D9660 F2FC612A 54E22A0E 1C1F536D B3772310 FAADCDEA
42253831 5DD51F53 EB03E088 84
quit
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.4
ip dhcp excluded-address 192.168.2.106 192.168.2.254
!
ip dhcp pool sdm-pool1
network 192.168.2.0 255.255.255.0
dns-server 192.168.2.1
default-router 192.168.2.1
!
!
ip cef
no ip bootp server
ip domain name yourdomain.com
ip name-server 192.168.2.1
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com

!
!
username ayerger privilege 15 secret 5 $1$SKL2$lL5LuZ5ciuLnvmKg7Ylln0
username andyy privilege 15 view root secret 5 $1$RRKN$Hi0FYSRW0fT0Wyaawt60J/
!
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
!
class-map type inspect imap match-any sdm-app-imap
match invalid-command
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect msnmsgr match-any sdm-app-msn-otherservices
match service any
class-map type inspect ymsgr match-any sdm-app-yahoo-otherservices
match service any
class-map type inspect match-all sdm-protocol-pop3
match protocol pop3
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any sdm-app-aol-otherservices
match service any
class-map type inspect pop3 match-any sdm-app-pop3
match invalid-command
class-map type inspect http match-any sdm-http-blockparam
match request port-misuse im
match request port-misuse p2p
match req-resp protocol-violation
class-map type inspect match-all sdm-protocol-im
match class-map sdm-cls-protocol-im
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 101
class-map type inspect ymsgr match-any sdm-app-yahoo
match service text-chat
class-map type inspect msnmsgr match-any sdm-app-msn
match service text-chat
class-map type inspect http match-any sdm-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect http match-any sdm-http-allowparam
match request port-misuse tunneling
class-map type inspect match-all sdm-protocol-http
match protocol http
class-map type inspect match-all sdm-protocol-imap
match protocol imap
class-map type inspect aol match-any sdm-app-aol
match service text-chat
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect http sdm-action-app-http
class type inspect http sdm-http-blockparam
log
reset
class type inspect http sdm-app-httpmethods
log
reset
class type inspect http sdm-http-allowparam
log
allow
policy-map type inspect imap sdm-action-imap
class type inspect imap sdm-app-imap
log
policy-map type inspect pop3 sdm-action-pop3
class type inspect pop3 sdm-app-pop3
log
policy-map type inspect im sdm-action-app-im
class type inspect aol sdm-app-aol
log
allow
class type inspect msnmsgr sdm-app-msn
log
allow
class type inspect ymsgr sdm-app-yahoo
log
allow
class type inspect aol sdm-app-aol-otherservices
log
reset
class type inspect msnmsgr sdm-app-msn-otherservices
log
reset
class type inspect ymsgr sdm-app-yahoo-otherservices
log
reset
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-protocol-http
inspect
service-policy http sdm-action-app-http
class type inspect sdm-protocol-imap
inspect
service-policy imap sdm-action-imap
class type inspect sdm-protocol-pop3
inspect
service-policy pop3 sdm-action-pop3
class type inspect sdm-protocol-im
inspect
service-policy im sdm-action-app-im
class type inspect sdm-insp-traffic
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect sdm-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
router rip
redistribute connected
network 192.168.2.0
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
!
logging trap debugging
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run

!
control-plane
!
----------------------------------------
"
User avatar
redwarrior666
Second Lieutenant
Second Lieutenant
 
Posts: 365
Joined: Fri Nov 19, 2004 11:26 am
Location: Fresno HELL CA

Postby FloobieDoobie » Sun Aug 31, 2008 12:15 pm

yeah I don't see any NAT at all in there. No Global or static nats. I'm guessing that if you set up a sniffer on the outside leg you'd see shit going out to the external world with their internal addresses.
You could set up a span port to see what you can see on the outside port.
WWFD?
User avatar
FloobieDoobie
Major
Major
 
Posts: 624
Joined: Mon Nov 22, 2004 3:23 pm

Postby rhonnin » Sun Aug 31, 2008 12:49 pm

Fap fap fap
Image
Image
User avatar
rhonnin
Lieutenant General
Lieutenant General
 
Posts: 3759
Joined: Fri Nov 19, 2004 12:40 pm
Location: New Hampshire

Postby Damaen » Mon Sep 01, 2008 3:11 am

i think its important to get back to the point here: floobie, i miss you.
Hard pressed on my right. My center is yielding. Impossible to maneuver. Situation excellent, I am attacking!
User avatar
Damaen
Colonel
Colonel
 
Posts: 827
Joined: Sat Jul 30, 2005 5:18 pm
Location: Canada


Return to Tech Corner

Who is online

Users browsing this forum: No registered users and 2 guests

cron