 成长值: 54835
|
c7200-adventerprisek9-mz.152-4.M.bin
5 f4 Q" S& _4 v3 b% k7 w5 Mc7200-adventerprisek9-mz.152-4.M2.bin5 F. R3 W3 I+ H, j& K3 b
c7200-adventerprisek9-mz.152-4.M4.bin5 ~8 @( @' u1 H2 |! W" @# d. c
c7200-adventerprisek9-mz.152-4.M7.bin1 P9 D8 A i- ?& m ~" R/ ~8 S
c7200-adventerprisek9-mz.152-4.M9.bin* O2 F% e5 o/ _. e& s( Y! k( V! w3 m
今天做路由器做为服务器拨SLLVPN实验的过程中。我找到如上几个ios
2 B( L1 k1 `3 ~7 F* C/ |在做到通过ssl client的三层模式也就是通过anyconnect3.0来用ssl远程拨号的实验的时候。能正常拨上去但是拨不通内部的服务器。
& w7 _7 F% |' k! g& o2 p上面的所有的IOS我都试了。只有c7200-adventerprisek9-mz.152-4.M2.bin这个可以ping通内部服务器。别的都会提示如下消息。
3 B8 c _1 Z7 ^# P( t: R
' X( p0 Z5 w' X# K6 K! a& p# r0 T* {7 g x( C4 T0 Z5 J
*Feb 26 13:10:11.127: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
0 A. m) B- s. |0 e7 W+ _% j& AR2#& V; d. V% h4 n; d0 j+ O' ~
*Feb 26 13:10:32.191: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
! M | k8 l2 s, w. XR2#+ G7 G" U# T8 c
*Feb 26 13:10:36.335: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z# \+ P+ e6 Z" O1 C" Y# L2 H! u
R2#1 d' J5 ^/ @+ |* a: a& p, ?
*Feb 26 13:10:38.251: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z6 t* R+ d, k7 |
R2#6 Q( j$ M0 { m: P
*Feb 26 13:10:39.359: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
7 }+ A# K( M. E- u9 jR2#
, O& [+ K0 P( J% e*Feb 26 13:10:45.287: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
. Q+ S- Q3 U, d2 eR2#
' V. r& |# \6 j5 O3 I6 v+ O0 D*Feb 26 13:10:47.287: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z4 ^# b0 h( `4 c9 l
( B% t2 c. I+ |0 x3 Q9 A
ping 不通能不服务器。我在内部服务器上开debug是可以收到包的,但是回包回不去 w4 a1 k4 U& l* o- ]% L* Q3 f
我用c7200-adventerprisek9-mz.152-4.M2.bin也有点问题,就是拨上去访问内部服务器的数据量不能太大。太大的话就直接卡死了。
" K& P; i" P( p9 F& h大家有没有可以完美做这个实验的ios??/ d+ e9 R# ?6 N; ]( S6 y8 T' @
R2-GW#copy ftp://cisco:cisco@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg disk0% o3 F+ k& D- J& q) a" _. ?0 i
R2-GW#$/cisco:cisco@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg disk0:/
# E% J, U K0 N$ k# t( R# U+ V8 W. gDestination filename [anyconnect-win-3.0.0629-k9.pkg]? ; V; L& h, J2 Q& C
Accessing ftp://*****:*****@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg...; H2 W+ S3 P2 \5 S6 f
Loading anyconnect-win-3.0.0629-k9.pkg !!!
" [6 c# w+ Q# ?& `1 g$ l*Feb 26 13:26:33.799: %DOSFS-5-DIBERR: disk0 is formatted from a different router or PC. A format in this router is required before an image can be booted from this device!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$ @: d# G. G2 V2 T
[OK - 21800354/4096 bytes]
4 v8 w! G2 j0 j- D0 [: U: d8 [
# O+ K/ o9 Z4 H6 m: D5 A6 |' L21800354 bytes copied in 45.508 secs (479044 bytes/sec)
3 P. g/ b$ c' [5 ]$ W9 [) C3 n$ ?3 F- Q* N0 G& U% @
# Y: ?. E m/ d% L5 Ecrypto vpn anyconnect disk0:/anyconnect-win-3.0.0629-k9.pkg3 @* ` M% {2 y( V4 J& z- ^* |- d
& t" o6 v/ d9 M# t8 Z/ r" M
( \8 h5 G( \- d最后就是这个效果。数据量不能太大,太大就挂了。谁有比较完美的ssl vpn实验的ios?; T' \/ j( y! I( S. o& E
Building configuration...
h2 M: x5 |" B# m+ p5 l" A: c8 r0 q" i5 s- }( `0 S" o2 D
Current configuration : 4540 bytes$ ]& D9 q9 X4 f2 l' b" c2 z) A
!8 |, T$ @& |' }$ M x
! Last configuration change at 13:30:51 UTC Sun Feb 26 20174 ]/ K" z# E4 D8 Y! I! _; C
upgrade fpd auto
9 i7 A# E% Z) ]# bversion 15.2
0 m# v3 z& g8 s0 x( _7 r9 wservice timestamps debug datetime msec# i& {. t" O5 a4 g" }
service timestamps log datetime msec
* W. D8 R/ Y% Q4 ?; Q c8 ano service password-encryption$ C6 L6 E* g% e* O, e8 Z
!+ `( v) e9 O5 F+ ^1 N0 {5 ]
hostname R2-GW
# n& m7 D0 ^( C( X!
+ y% f+ z6 S: U0 w$ pboot-start-marker
7 v/ M1 U6 a1 P& N; y6 rboot-end-marker' `6 `3 P. n9 P9 Y: _
!6 t4 x5 N+ H! W" I" v+ u- w- A
!
, A, N& J. x8 p- N, F- _!
/ c5 U- C+ a" T+ C y9 m6 Daaa new-model
" i" P' u/ r% }8 D6 A+ T, P!- ~4 E: R: N1 X- [5 C) `/ k2 a
!
4 r0 k8 [% Q/ Z. f, q e1 h$ p* Jaaa authentication login sslvpn local5 {0 q. O7 n4 R. Y# R# B% k- b
!; }* A1 E& d: B) o% ?: C. ~
!
! @ `! ]2 i& v( {2 n& q$ \; T! % Z0 V" L6 X1 _! {% ^* R" d
!# T, v3 J$ ?& O; Z4 q! X
!7 I9 p# `: g3 W; M9 N& N% @# c# L3 t
aaa session-id common. o$ `' Q$ v. N0 o0 r' j! B
no ip icmp rate-limit unreachable
2 T. R. B1 V ]+ y, W2 ?8 b; H!
; c- o8 h8 A$ ~$ E) Y5 U5 O!/ i+ o- g8 {- l; ?1 Z, z+ O; t
!9 ^' L% y1 H+ ]- p, \7 e# z
!
" s" ?/ A8 m& o6 Q0 B!
1 z: P. u2 D7 G# x' P/ n: F* m! _% q!; J3 u6 p2 e5 y5 A/ d( i$ ^
no ip domain lookup
) y6 K$ i9 l# O9 v! Z" r' C" gip cef3 _9 ?8 c5 p9 Y. ^/ a1 @
no ipv6 cef
; e Y5 O4 g) _4 [* s!
5 @' o) X+ v8 I" C3 Ymultilink bundle-name authenticated
9 s; g e. n! n$ B9 H9 X! P# D! G. s; W* O. b3 X
!9 H# {& C8 z" P) m8 A1 G
!
8 N P. K; e& m!
/ w0 ]" }4 z+ I/ Z, R$ n% @2 \! t! H!
2 C: Q& d9 ?. s; h: O% t; `6 @" B!; R5 e* I# w7 U0 o0 M
!
4 r0 R& r. f) O5 y: R4 _. H6 @1 t! ! i! W; a% V; h6 O
crypto pki trustpoint TP-self-signed-4279256517
: w# f% [7 R1 @6 m1 _: l enrollment selfsigned
# b3 d8 m+ D- s' Y subject-name cn=IOS-Self-Signed-Certificate-4279256517/ t i0 E+ k8 Y- B: F
revocation-check none+ A& {/ b# ?/ @* D B# A+ C' m
rsakeypair TP-self-signed-4279256517
/ |- }" S& A- b4 E!: U2 N/ v6 D) _, C5 B
!% {& S5 p" X9 x% W2 c! ?
crypto pki certificate chain TP-self-signed-4279256517/ O7 s1 \& A7 `
certificate self-signed 01
4 V# \! L) r# I 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 0 f8 i3 b! Q! I# t
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 $ j/ x8 s! f1 x+ i6 C4 w N$ i
69666963 6174652D 34323739 32353635 3137301E 170D3137 30323236 31333137
( U! w" ^6 p! |- ?) }# E! X+ m 31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 0 e. Q' N x" S2 q! R# ^5 ]% i8 Q4 E
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 9 U( B* b6 s2 D7 ^& d, B5 Q
35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 & c9 F' k2 [: u' y" g
8100C828 24CA6C93 191CEBDA 7AF7BD35 D3EA15DC A183BFF6 4BB0E219 5A59793B ) N# J4 J& g/ L
E8C65FB4 3AFF1893 C23A38D6 D37E44B0 C6E4E749 641F4878 7E5A8B8C AEAC65FC
" z8 V- N% d; `- P& k F0F8C3D0 71804410 45D2E1E2 42C4BA68 1470C7A9 60D91814 ECB33961 210EC0A0 ; D) A9 B4 I; |
DC9BBC49 BDD6666D F3B48EAA 3EA0DD9F C3C4F116 F194E629 472FF525 5F88E95A
0 @$ O. t* |; E p; F1 h/ m6 v( g 76AF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
& {; Y' b) [$ T1 m+ }0 w 551D2304 18301680 141F08C4 C3C11AB8 2DCCE07E 2D126AF0 7E137C70 E1301D06
+ r& ^* v0 {9 s4 M S8 ~) k 03551D0E 04160414 1F08C4C3 C11AB82D CCE07E2D 126AF07E 137C70E1 300D0609 " X5 i! b# E" x! V
2A864886 F70D0101 05050003 818100AC CCF1FC9D 9DBA658A 485ADCE1 49279A7C [2 B( w3 q) R
288FAC1F AEE760A2 B3261F42 59CE166B 27645862 0814B98C F56375B2 6372BAB1
, w q( T, v# E# j. x: Y% ?# A5 Q 44DFCACA D6F67BDC 3A69112A 1C9216B7 FD86663C 0679B6FF 998C0E88 472EE140 0 s" \# ?5 y; f! [2 y
3911B8D0 5FD7A356 533A7542 7119059E 738BC624 525EE840 201E392C 651557D8
( k# d: s8 m3 D" s 330257EA 0E394DA5 C05B8B42 6C0882; @7 g8 C; H2 m: ^! i
quit. ]( b ~' m" k2 E
username user1 privilege 15 password 0 cisco
! r7 ~0 c4 G# Z!% _. D7 S- s2 O5 g- O
redundancy* e7 L4 ~, m) n8 [
!! S9 S/ P& B: W2 {1 G0 p2 \
!6 E2 s7 `5 O2 d# m
ip tcp synwait-time 53 e" k3 W3 n. u7 _
csdb tcp synwait-time 300 ?: a% S" r f1 ^% y" W
csdb tcp idle-time 36007 V8 m/ S! I( a& E7 z
csdb tcp finwait-time 5
3 g1 D, K/ d- ]: `6 l9 Bcsdb tcp reassembly max-memory 1024. r* o! R8 L3 m0 m% z! e0 L' Q
csdb tcp reassembly max-queue-length 16
, O5 E+ k- } N! [6 G J4 Ucsdb udp idle-time 30/ w# C) b1 e) l
csdb icmp idle-time 10
r9 ~$ S7 C7 b2 I( F. O1 Mcsdb session max-session 65535# X8 Q4 Z7 m) n9 `" Q4 w% O$ n
!
2 G8 J! |/ ~ x% h; C- B7 x1 v$ |* [: w!
5 t- H+ Y* A7 }; ecrypto vpn anyconnect disk0:/webvpn/anyconnect-win-3.0.0629-k9.pkg sequence 1
" }- \/ S( V5 d( r- W9 Q9 [' M!
3 t6 v, Q# l3 _, N; N! l& z8 t) ]) {$ k D+ a
!
* \) d4 _+ i& b% E6 k/ G+ P!1 S+ W# M" D" ]6 b3 H* g& v
!
R; ^, B W+ d; s" J!9 X5 k# N5 g Y2 P" O( h1 M# k5 M
!
4 p/ Z* i# m! M, P5 N!
# v3 W1 x. S; B# Y- ?$ R! z5 y7 a; |& o5 u
interface FastEthernet0/0% P5 b( S: { }
no ip address
; x3 V- J: G+ {# B; z3 r" z shutdown
& e9 C( }4 o6 S/ I duplex half+ \( R) [2 D0 }9 [ l: i6 _& c! W
!
$ p0 E1 P+ G, k4 G5 L" minterface Ethernet1/09 a6 @6 ]6 T, i% a- C3 O
ip address 201.100.1.254 255.255.255.09 Y. u6 u* v& v3 i
duplex half. n9 k* g6 p) U, n+ ?
!6 R% H$ Z# |9 }6 o* Y1 S
interface Ethernet1/1% `, p1 A9 l: Z" g( I; A
ip address 10.1.1.254 255.255.255.02 \' E8 z! f4 k
duplex half
8 Y% \. E* d$ C, L6 T) Q6 g8 q!
! ~' K5 G) x% ]6 |# \interface Ethernet1/24 \9 ]! {2 u( L% O5 _
no ip address7 C" @; L Y' w6 G1 x0 V- v
shutdown
1 Q2 ]9 v" p1 u0 C! w" } duplex half
" k6 r' E- H" V* g/ x% J. \!
. T5 e- ?4 }1 `' einterface Ethernet1/38 ^. k/ j7 t g
no ip address i" C; m4 ]8 u
shutdown
b, R3 A6 Y' b9 j; N duplex half
1 A* j% ^5 J8 k: c& i _!
$ N4 }9 U, r) ]: P+ K: ?2 ~interface Serial2/0/ E" J1 A1 q3 c+ z6 N9 O
no ip address# ?. Q+ F- S3 R' d
shutdown
" h) Y" x9 u# a$ P serial restart-delay 0
: |( e S8 b# L6 ]6 c!
x2 ^% p! e) F/ @interface Serial2/1' `& A* p& _ e/ M& T5 S% e/ G
no ip address! v7 ~5 m+ R3 \6 ~9 T% z6 |
shutdown0 x0 k" n. T: t( `- [, u' P
serial restart-delay 0
, P7 V1 q9 a. i4 S9 G) ^" M!! ]- \! J9 ^+ W' Q
interface Serial2/2( X: V, S1 P, Y- s. v: ]
no ip address! z# s/ J5 X1 u" _
shutdown
5 B9 G% W7 K" m serial restart-delay 0/ C, v* G( I4 i0 Z
!
1 B. ]4 X% t$ z! \+ `interface Serial2/3! l( Z4 c5 I- o2 x% m- [) K
no ip address
% x7 V8 E M2 ]- j [ shutdown/ k {: C5 q2 D3 |4 ~- o# X3 w
serial restart-delay 0
# F v9 K* n/ o8 x+ @/ k$ x!! E& `6 E% l( u0 u* O7 d) G9 }
interface Virtual-Template1
; W! `4 k* } n) V& X+ X" J ip unnumbered Ethernet1/0
- }6 H* w1 {# c) l" P) E; l v!
2 j3 O% V B2 eip local pool sslpool 123.1.1.100 123.1.1.110/ y# A- c$ c0 @5 g
ip forward-protocol nd7 k0 j2 i& V U {
no ip http server
+ j7 W, F9 f- k3 r' wno ip http secure-server
; l* K1 F* s8 M- C; h$ k; v5 i2 _!' C7 L6 F) a2 _- w: n
!5 O) w! m+ V6 A8 |# {3 g9 Q
ip route 0.0.0.0 0.0.0.0 201.100.1.10# Z7 G$ U; \( l9 B% c1 K
!
; `1 R p3 `& I( U+ t8 f6 a- t( Yno cdp log mismatch duplex' k+ U3 s) V# v1 h
!
7 A e. h! V1 }5 d* R!
p9 _6 m+ E% g, a# x!5 [7 z. b. b! h9 ~3 P3 [5 X
!
3 }' L+ Z+ P( A( t) H!
; T( M6 m0 s5 z( gcontrol-plane
" J- G! N; K* l6 I+ ^!5 r# E6 F. n" p6 m4 l
!0 ?) @9 j6 P- b1 C
!* O4 v t* E& a5 O
mgcp profile default0 i# P8 G" t- M5 S% S8 _# G0 z
!
: o ` f3 T" u4 C0 V( h!( w1 z' m1 w9 T8 S$ p" Z/ D- v
!
& @/ D! A' x* L) |' i4 Sgatekeeper& u, \. p; ^0 F+ c- v a
shutdown
7 V. q$ C& A/ W) Z8 y; G; ~# u!* k, k0 Q9 |& Q9 ^$ z; d6 p1 d
!5 D R. D& u* g3 D+ h3 q
line con 0
6 S1 D5 o. a& k. p% \- R exec-timeout 0 0
7 h; G# P b& o, t& X T2 L privilege level 15
4 O4 S% ?4 v$ T. H8 ` logging synchronous4 l$ ^6 U: j& L
stopbits 1
9 Y# d" o) W. ?1 f$ d% d; cline aux 05 I: y% c7 [% M5 [* c
exec-timeout 0 0
" e! I: ^, f" ?; r# i! Y. ? privilege level 15) @/ c: Z0 u; y, B! w5 R- ~; C) C w
logging synchronous% I7 D4 K# [2 g
stopbits 1
4 n3 p E% L+ W1 _line vty 0 4% ^4 J0 Y9 h6 f' \, e* Y1 n; d
transport input all7 l# k! ?) y. _+ o
!
5 x2 S# X9 j5 s1 ]/ P!; P( t+ P: N% v- |% g( U; M2 P( |
!
3 t+ r* y* F/ z- \webvpn gateway gw i2 M, A8 r) C
ip address 201.100.1.254 port 443 - E c9 ]% s% g! s3 U1 o# c* R5 ~
ssl trustpoint TP-self-signed-42792565174 J+ ~% C* j2 r& i1 J
inservice: a4 v2 @+ s8 V9 |' S4 g: I
!
+ `6 K2 l8 W5 y, B/ O( {6 f5 V# j; Gwebvpn context c1
) K1 L5 W; E7 f7 u0 _+ T !
/ P+ m. Q7 _# D0 o. n8 w; b port-forward "telnet.port.forward"
* a2 w5 q! J6 V- K* D+ L local-port 5000 remote-server "10.1.1.1" remote-port 23 description "port-forwad-thinclient"
3 z7 ?5 e8 Y, a1 ? !4 J9 A- O( b+ ^: ]9 g% H
smart-tunnel list "smart-tunnel"
4 _1 _3 G7 w& m appl "remote.disktop" "mstsc.exe" windows- V7 B2 O% m4 W7 T5 {
appl "ssh" "putty.exe" windows s: c4 g4 ?+ n( k7 _
appl "ie" "iexplore.exe" windows
2 A" H5 \* [& C; t$ E; P gateway gw* H, P4 p( C; J9 L, P* S& T
logging enable9 F- R( i' |3 c( W6 Y
!" U% U8 x) m! m6 u- x( C% I G7 j
ssl authenticate verify all/ l! h( c4 t" j5 u9 r
! 1 }1 v7 q3 J1 d
url-list "inside.http.name"
2 p r: N9 _2 S" b heading "inside.http.heading"
* n- a3 F; N, N: y url-text "inside.http.label" url-value "http://10.1.1.1"
7 T: m8 K% Q: @6 O7 Y# ?+ u* d' C/ f inservice
3 }$ A2 p- d$ | Z) r$ w2 Z# w+ N !
& C: h* y+ e$ j. y policy group grouppolicy1
' I- G' a) u% [" S$ a/ g {* ^- y port-forward "telnet.port.forward"4 D+ ?9 |# N- i
smart-tunnel list "smart-tunnel"
% T' A0 G9 e4 G; s$ K! R# i) ` functions svc-enabled
- }- ?4 \& _. [- T+ H+ a svc address-pool "sslpool" netmask 255.255.255.0
( J$ T1 J0 [( Q- V5 l! f8 L7 |; U svc default-domain "cisco.com"
4 q" T2 D% z, U# u6 s url-list "inside.http.name"( m# c- t; R4 r$ R+ ]/ Q! X
default-group-policy grouppolicy1 l8 U1 `: e! Q
!/ @+ Y/ z1 V' f$ u5 @. e
end; h* F! x! w9 I! r/ H" m5 U
A8 g6 l! A* x* W. b n0 z c
6 G! c# Z. O, g' ? ?7 a* v1 t) ` f7 S# M! @5 n8 g
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2017-2-26 13:36:18
置顶卡
喧嚣卡
变色卡
千斤顶
楼主