 成长值: 56020
|
c7200-adventerprisek9-mz.152-4.M.bin1 c- P6 I: j5 v1 G
c7200-adventerprisek9-mz.152-4.M2.bin
: b1 f- f2 ~: [1 Vc7200-adventerprisek9-mz.152-4.M4.bin; u6 u+ L6 P$ x8 y' Q# j
c7200-adventerprisek9-mz.152-4.M7.bin% \+ C P& U+ N0 o) C5 k& g2 Z
c7200-adventerprisek9-mz.152-4.M9.bin1 t- K; S' ]! [& y
今天做路由器做为服务器拨SLLVPN实验的过程中。我找到如上几个ios
$ u8 o4 W& p# R6 F1 |# [# b v* G7 y& _在做到通过ssl client的三层模式也就是通过anyconnect3.0来用ssl远程拨号的实验的时候。能正常拨上去但是拨不通内部的服务器。
8 @9 k* o' f% Y- x上面的所有的IOS我都试了。只有c7200-adventerprisek9-mz.152-4.M2.bin这个可以ping通内部服务器。别的都会提示如下消息。1 x* q& N& s4 M2 M6 l
6 f, F$ t/ a& z
7 [4 [. u' E1 A; X' m( @- U. k* K' {
*Feb 26 13:10:11.127: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
8 n. J; Y4 n+ e: e4 Q6 x& gR2#
8 R" {8 }1 n, A*Feb 26 13:10:32.191: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
/ I5 C- P! W- c9 g& t8 lR2#. v. z* j3 h& J/ W
*Feb 26 13:10:36.335: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z: g9 ]% y* h, i, }; c
R2#* N- f1 u; O+ R, g3 y* M
*Feb 26 13:10:38.251: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z; R% h! y* R+ N
R2#0 q, j4 P: f$ {3 W: S
*Feb 26 13:10:39.359: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z5 E( G$ L7 s6 D/ Y4 X
R2#
7 N* t* h% c1 p*Feb 26 13:10:45.287: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
2 g* Z) w# Q* ]* G% ?6 R& s' Z, MR2#3 [$ {4 r* m5 R8 T( w6 J
*Feb 26 13:10:47.287: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
, _2 I9 M, S: n/ Y# k* p0 H0 F7 K. U, z3 E
ping 不通能不服务器。我在内部服务器上开debug是可以收到包的,但是回包回不去
) r9 L6 H- A7 r7 L7 `' e我用c7200-adventerprisek9-mz.152-4.M2.bin也有点问题,就是拨上去访问内部服务器的数据量不能太大。太大的话就直接卡死了。
8 D: l$ J) P6 g; A+ ?3 s0 b# S: y) b! `大家有没有可以完美做这个实验的ios??
. [% P9 t4 k. i! iR2-GW#copy ftp://cisco:cisco@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg disk0
0 N( V5 T0 c6 @) Z1 v: AR2-GW#$/cisco:cisco@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg disk0:/ % {6 M, n) i! t6 g- l" Y, }
Destination filename [anyconnect-win-3.0.0629-k9.pkg]? ) ^" f$ w" ]& a- w6 N* K" l# S
Accessing ftp://*****:*****@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg...2 ?) e% q1 a8 k3 I8 q8 D
Loading anyconnect-win-3.0.0629-k9.pkg !!!
, b$ k0 z" L9 q: z7 S2 J*Feb 26 13:26:33.799: %DOSFS-5-DIBERR: disk0 is formatted from a different router or PC. A format in this router is required before an image can be booted from this device!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9 J( r1 [, t* ~2 ?3 N6 g0 g b
[OK - 21800354/4096 bytes]
! N$ m: y( z" ]- B* T0 _9 M8 V8 r5 V5 v8 D, G
21800354 bytes copied in 45.508 secs (479044 bytes/sec)
( X k* \3 q2 V. m; S: D9 e( W6 M
2 \, }" ^$ g J, U4 N
3 q/ g3 ? D, b/ }# o! U! l; x7 @crypto vpn anyconnect disk0:/anyconnect-win-3.0.0629-k9.pkg
+ C, m' a b/ d7 B/ z) w% u, K, M
' N3 C( P* D8 |$ e3 C最后就是这个效果。数据量不能太大,太大就挂了。谁有比较完美的ssl vpn实验的ios?8 ]% i: ~$ i1 d% e. b, H g5 S
Building configuration...* |% c3 k: N2 Y# n( l/ M
0 s4 B7 _6 e9 h: O4 ^1 W
Current configuration : 4540 bytes* z" j# N: t5 B! C" E6 P* y
!
$ a+ P/ c& {% ]' x9 O! Last configuration change at 13:30:51 UTC Sun Feb 26 2017. v9 u' I( z# A# z" b
upgrade fpd auto
/ f1 d9 }8 d; F8 \: p8 vversion 15.23 W8 [. ?# F# T0 D$ N+ i! {
service timestamps debug datetime msec
0 x. l1 J7 S" Z; }5 d1 ?' Cservice timestamps log datetime msec
! ^4 S8 i- R( j. f" p* Mno service password-encryption
4 @8 C0 Q; c9 l, s!
z1 c ?/ u' t9 {" e4 shostname R2-GW
& f4 q4 B! Z! {/ R6 X; U* g!
m( ^7 y, j1 C! K# g0 i( eboot-start-marker0 X! y7 O7 O0 T. n0 T
boot-end-marker8 B3 z$ ?4 T( o" P/ t
!0 p$ H. Z3 ], d$ U. s0 \
!8 s+ E2 W: _, U+ X" k
!0 @% y: h C! _
aaa new-model
7 u6 m& ]1 Y. `2 B$ l2 A!. [5 @/ r# O, i. _7 S
!8 i$ l& ^: c2 N b5 b
aaa authentication login sslvpn local
9 H, }; n5 Y6 G0 j% S! U5 k!
6 V3 E" p6 Q5 b; ]8 X ^!) C9 O) `" D6 T
!
" o0 G6 x2 i; i, B0 x!
5 X: \7 R4 B! X* r" {!
7 P6 T* d# H. m* R* I. F' R! y& Maaa session-id common
6 p w) V- T- N4 t# s) s4 H, Y1 V& k0 ono ip icmp rate-limit unreachable
* Y0 n3 k* I0 {; c- T: H) }!8 I, g7 x& C/ q! i
!
. ^9 P9 P. P7 X% ?1 ?* S' f!+ _& ?# Z0 S, S G* c ~" |
!
; B, V+ e9 L0 l% ]!- _+ I& ~& T% c5 F4 |2 a+ m
!
6 S {2 _% P: z2 |, Yno ip domain lookup
. u! m5 c0 ^0 z L, ~ip cef
+ X" @" d- z) j$ ano ipv6 cef; U7 h, ?2 |, A
!
- y- B, e4 I7 D/ xmultilink bundle-name authenticated) t- G6 o9 a% d9 H, f5 ^3 b5 ?
!8 u! D" M7 S* N+ i7 j$ s
!" i( R+ ?+ P# k' N8 d: u3 p
!
$ u1 J C' Z1 W; A: Q* J# C# I!
6 U. j; G: E' t& C7 C!- q$ K9 G; o& J3 U; J
!
0 g. _1 }% p" r; x!, m; A% J% i, `+ M+ |2 d
!
0 ]4 t& z$ Y5 `- C0 Scrypto pki trustpoint TP-self-signed-42792565175 K; W0 u. u4 h7 G ^. m
enrollment selfsigned
, j: v2 R3 h( z9 G H; U( T1 g subject-name cn=IOS-Self-Signed-Certificate-4279256517
& F* ~; L0 _' T5 @" U; P+ A* j revocation-check none/ V+ q# K6 |# Q1 c. G/ i2 R( i
rsakeypair TP-self-signed-4279256517, I% h5 ^* m; h7 I$ G
!9 e, N: Q( H: w# ^6 d* V# F
!
) I) d" L- U( {# Kcrypto pki certificate chain TP-self-signed-42792565174 p& z2 t) {/ L8 e3 t' C
certificate self-signed 01
1 w: y' p% g+ a- D- ]" i; H 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 ! R- O) t6 Y; V" c" u8 p
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
8 D. `# ]# y3 w& S" M, p 69666963 6174652D 34323739 32353635 3137301E 170D3137 30323236 31333137 * Z- X1 ]# L; L" r0 C* R% P
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 ) X" Z) [' S. ~
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 n1 ~8 L# |1 L1 v2 m
35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
/ y# Q0 K) N0 \0 b' S+ Z 8100C828 24CA6C93 191CEBDA 7AF7BD35 D3EA15DC A183BFF6 4BB0E219 5A59793B 0 u" N4 `5 a( o, `
E8C65FB4 3AFF1893 C23A38D6 D37E44B0 C6E4E749 641F4878 7E5A8B8C AEAC65FC 9 ~' F$ f" `' O: n
F0F8C3D0 71804410 45D2E1E2 42C4BA68 1470C7A9 60D91814 ECB33961 210EC0A0 + M( ~1 ?. u5 v0 U% f
DC9BBC49 BDD6666D F3B48EAA 3EA0DD9F C3C4F116 F194E629 472FF525 5F88E95A
# X7 b; V p8 m) m 76AF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 , m- s ~7 f) ~# O1 e/ s7 }
551D2304 18301680 141F08C4 C3C11AB8 2DCCE07E 2D126AF0 7E137C70 E1301D06 , {# o4 K8 }+ K- j, n
03551D0E 04160414 1F08C4C3 C11AB82D CCE07E2D 126AF07E 137C70E1 300D0609
) {; I+ M% m/ X2 @/ F 2A864886 F70D0101 05050003 818100AC CCF1FC9D 9DBA658A 485ADCE1 49279A7C ' m: a% c$ d6 Y" C% ], m
288FAC1F AEE760A2 B3261F42 59CE166B 27645862 0814B98C F56375B2 6372BAB1
$ Y5 E% n6 `% x5 C7 E$ P9 Q( [1 c 44DFCACA D6F67BDC 3A69112A 1C9216B7 FD86663C 0679B6FF 998C0E88 472EE140
; ]; t7 |6 J2 v& K0 p4 F& y% Q 3911B8D0 5FD7A356 533A7542 7119059E 738BC624 525EE840 201E392C 651557D8 9 U5 b7 p; A! S& i( t
330257EA 0E394DA5 C05B8B42 6C0882
8 C- \) ?" c8 E0 r7 A quit
& `. _2 s3 e p, ^2 M6 T1 f7 U" J: vusername user1 privilege 15 password 0 cisco
- d9 P. D% z' J( a8 V( Z!
1 f; z+ H) C7 H3 Kredundancy: }" l6 H5 ~/ N
!0 C; Y) b) n7 x' @
!" S8 t4 E: @: Q# a
ip tcp synwait-time 5
: Y8 W* O/ p( V T" h4 pcsdb tcp synwait-time 30$ C; x- X7 @4 v
csdb tcp idle-time 3600! v: b4 }& r: J
csdb tcp finwait-time 56 i/ o) J1 g D2 r* }
csdb tcp reassembly max-memory 10244 Z" c5 M: R6 z3 ~: c
csdb tcp reassembly max-queue-length 16
, K4 i5 u! @) k8 ]7 ]csdb udp idle-time 30: I% W; `: g6 h$ J& W( a4 {
csdb icmp idle-time 10+ x3 m" Y# Q( d1 w8 {5 M
csdb session max-session 655358 @) d2 t2 ]! H3 Y7 }# n# C( E
!
) l0 K% z9 v9 v& K/ M0 `+ h!
5 U9 h0 b- b/ R7 i. B6 s8 pcrypto vpn anyconnect disk0:/webvpn/anyconnect-win-3.0.0629-k9.pkg sequence 12 d6 e: c) N" v6 z6 k9 M
! 7 T& E/ p) K3 W3 ]
!
. h8 T4 u/ V: S# l, w!" ^7 f1 s9 ]0 t: H+ G
!$ \; x* g) V+ Q0 X" p
!
3 |- T% j0 D1 I7 [0 G/ x/ D+ d!# ` |/ z: D' l h9 X1 j3 u
!. r4 o" W3 i" ^/ p
!8 k4 e4 m, ?- Q! u- p1 U/ L+ ]
!
2 C% T( ~; q! s) D3 m( o6 @interface FastEthernet0/0, f8 u" Y0 E c- ]# @8 \7 K
no ip address1 `9 N3 G, f4 b& G/ Z0 O
shutdown
5 I1 X4 x0 J% o5 V7 t% |* K duplex half
; ^1 t+ p1 r% k- U4 T/ x!" | _5 W( U% _ o0 _
interface Ethernet1/0+ g! ~0 v2 i. ^ ]" O
ip address 201.100.1.254 255.255.255.0! f( m! [7 E4 i
duplex half
8 r- T0 g; S, Q" K3 `2 I!
, _2 q. Q2 d( e' D5 P3 e9 winterface Ethernet1/1. h7 H# x: B: ~' t1 K
ip address 10.1.1.254 255.255.255.0
3 Z2 \8 P7 Y% d5 s4 E W N' ~ duplex half* C' t8 s2 p: S, r1 _
!# G( P( e) G" E+ z0 H6 p, X! b
interface Ethernet1/2
6 C1 w3 e Y" n9 R( o! R no ip address* n8 S: M0 N5 D) g8 G% f
shutdown
& G0 L8 b5 J$ s1 c3 J# g1 X% ? duplex half
2 a8 W9 X2 ^. w; P8 j!
1 f6 N8 h$ k2 s9 X# [) finterface Ethernet1/3
3 k6 v P3 F" r6 M' X no ip address
1 E7 R! @8 q# G0 p4 ]$ d* s shutdown5 e; M8 r0 s e1 ^
duplex half6 \' S2 `0 J6 }7 t. K+ X
!- Q+ o/ ~4 a* a" d, o+ b8 e7 ~7 ~' i
interface Serial2/06 Y$ v" z0 l ?# b1 D6 a
no ip address
. c7 U" g" r7 b/ {1 A3 e* U shutdown
1 o6 \2 Q' Y" [! N' d/ t7 o0 j serial restart-delay 01 R w( t4 I! [. I- Y Z
!0 y; u) H! F, y
interface Serial2/1
3 q, Y b+ ^- @* y no ip address
; h: i ]1 C2 s shutdown
E# }" s! O' L" g serial restart-delay 0
5 q- B! _! N9 n!; p% c ^$ O4 a/ G& v* Z
interface Serial2/2
) [. p+ z: ]" X. g$ Z* z5 O no ip address* e' a z0 V$ }
shutdown0 m- L' K0 k5 M
serial restart-delay 00 S3 w% K7 A& f0 ^" ?' a# e' i- J" D
!
" T6 B3 H2 i4 N$ h* jinterface Serial2/3
, Q& w6 e! x6 r& O$ r no ip address
Y# B$ X6 K3 m5 i- Y; {' {; T shutdown! F, N" ~; j2 e- [- s1 ?) q
serial restart-delay 0
' C Y) j/ p q4 D7 L8 `2 k: _!
: z) f; H" s y B* einterface Virtual-Template1
e6 ~+ ~) z7 C. [# u3 K& n ip unnumbered Ethernet1/0! B! O0 g# u& I# l6 q+ w
!; V( G8 ^5 @6 U5 a
ip local pool sslpool 123.1.1.100 123.1.1.110% A: C- ^. g4 H+ Z
ip forward-protocol nd
' y% B7 F1 u L) H+ \no ip http server
% J! B0 r0 x5 q) vno ip http secure-server+ O \) C! Z% P6 d5 H
!. x; O1 W$ z0 I4 `$ r
!
+ f. F/ l1 }' ~7 dip route 0.0.0.0 0.0.0.0 201.100.1.10
1 M4 y+ m% |/ H6 K+ Z) _ e( {!
' z& ^) [+ p9 Q" n' Y7 ?no cdp log mismatch duplex# f3 [+ u1 o& T& ?8 Q& ?
!
/ Q& o8 d6 }2 p7 T!
; G, e' B) y; w7 K4 l7 ^2 S!+ R s! x4 O# x$ Y; w4 T8 N
!
% [% w' c: t; {' Z h!
/ c R" ~) D- X* `8 ~- p" H. zcontrol-plane5 ^, p" R1 L$ h' t3 b
!
, Q5 i2 O! ~" Q6 |$ W& ~/ U! |!+ a6 |% _% _) L% b
!- O# [7 J" n7 _* \" d
mgcp profile default
2 W5 ^+ G1 a; r5 N% _$ C2 [& i a!
- G4 o- y6 \7 i0 R( W. z; X! Q3 A) G!$ i) c: H, j3 F9 o& [' P9 B! E
!
* Y( S5 `' ]4 Z: L" N. c# l @$ m4 [gatekeeper. `4 B) ]/ A) ?3 ~+ ]- @
shutdown
9 k% W, n' X1 G7 r" y# ?' h( K!
, p$ U N1 u, e5 g) U!
* [$ M* L' J# n+ I6 Jline con 0
& \& v. ?6 d( J3 V8 f' T exec-timeout 0 03 Q! y7 M. M- }( q7 k) U0 c- h" \/ O
privilege level 15
7 f% \" Q6 k/ f! e logging synchronous" n; r# g3 Q8 Q0 o7 A
stopbits 1
. u2 C0 \0 \ @line aux 0
& W- c8 y4 ?! @2 s exec-timeout 0 07 j3 i& T, @7 X3 j2 G. V9 b
privilege level 15
- x! l$ a. U! a logging synchronous2 ]: P, b2 I& E5 _+ Z% h1 u
stopbits 1$ f; }( x& m/ o) N" U6 A
line vty 0 48 T& W' g6 D* X' m! @2 l0 Q
transport input all" N) E- Y7 h& Z" ]1 R
!
* n( ^, V! K& e/ P9 K! y!& G& W" Q, J4 e2 v* E
!- W0 M. p. g w+ R
webvpn gateway gw+ u- D' _/ j2 c+ L8 E
ip address 201.100.1.254 port 443 8 u# f) U( t; Z" M1 v: [" G( i
ssl trustpoint TP-self-signed-4279256517% U. @. U- {4 F: H- D& {# S5 ` b/ q# y
inservice' s7 {4 C, [5 U7 n0 F* _# v
!
$ w$ g- D$ x) o5 C5 |webvpn context c1$ [+ y2 h2 l9 Y+ z3 V Z
!
- e9 `$ F7 W, m+ C2 `% E port-forward "telnet.port.forward"" Z+ S% m3 ^1 \6 m. F
local-port 5000 remote-server "10.1.1.1" remote-port 23 description "port-forwad-thinclient"
& C- S, J8 |8 i0 J !
9 Q9 J7 B2 m" w3 w smart-tunnel list "smart-tunnel"
d, b- S, s9 O" x: d appl "remote.disktop" "mstsc.exe" windows5 x3 q. k" }: o5 I: y
appl "ssh" "putty.exe" windows
. V0 c# V. I, m$ q3 f appl "ie" "iexplore.exe" windows! G: Y! ]0 C- P. _( c8 }- |
gateway gw
9 j1 e* c$ Y, w) r5 ?9 k8 ~5 M logging enable
% [5 N7 i2 [0 X+ N# X Y !6 i2 p, g4 b" u5 x* |* y1 ]5 O
ssl authenticate verify all
8 O8 e1 d0 s$ P. J+ \. z !
0 H5 k9 g2 v- ?: t0 [ url-list "inside.http.name"' Y7 Z! z1 m6 c; p& L/ ]
heading "inside.http.heading"
' H! I% ]5 s( X url-text "inside.http.label" url-value "http://10.1.1.1"
, Y3 g& L. u0 L" q9 Z4 T8 O {6 W8 C: E inservice$ Q9 J1 Z( G G' L+ M
!
9 {4 t& y& x( h0 [7 t9 t policy group grouppolicy1
* z: s* Y. S- _) ^$ h, y6 e1 U port-forward "telnet.port.forward"
! X% r: Y6 J4 l6 G6 r# h8 ~2 R0 m smart-tunnel list "smart-tunnel"- _9 O$ \* h1 G% _2 [
functions svc-enabled0 h z' ~% Y9 p7 x, R8 s9 [
svc address-pool "sslpool" netmask 255.255.255.04 v4 c! o E5 i& u1 |" w
svc default-domain "cisco.com"
, {( H2 u& L& K. \ url-list "inside.http.name"9 L7 X" {; |7 e6 ~
default-group-policy grouppolicy1
5 o5 j' S2 P) u. K# Y! s!
2 w; ]: @& u# p$ E' Qend0 h( Z4 F9 X9 j8 C& h& J
! ]/ h) i X: p. ~2 Q; W7 n
. T: W$ J' W, b2 E. @
7 a$ O7 }8 g7 ]9 [ |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2017-2-26 13:36:18
置顶卡
喧嚣卡
变色卡
千斤顶
