 成长值: 54835
|
c7200-adventerprisek9-mz.152-4.M.bin
: A/ z+ T% Z; @, ^* o& I, z: A4 {- v8 Pc7200-adventerprisek9-mz.152-4.M2.bin
; _- U3 F5 l) p( ^c7200-adventerprisek9-mz.152-4.M4.bin, }& Q: ?! K9 \3 g
c7200-adventerprisek9-mz.152-4.M7.bin
" q, x! v: N7 f, ]2 h! G$ Vc7200-adventerprisek9-mz.152-4.M9.bin
0 G% w; v1 x1 p- u' m: H今天做路由器做为服务器拨SLLVPN实验的过程中。我找到如上几个ios8 f2 ^3 y6 J* f/ ?% q* Y7 x
在做到通过ssl client的三层模式也就是通过anyconnect3.0来用ssl远程拨号的实验的时候。能正常拨上去但是拨不通内部的服务器。
1 q: P, M" I: l4 j. a, k上面的所有的IOS我都试了。只有c7200-adventerprisek9-mz.152-4.M2.bin这个可以ping通内部服务器。别的都会提示如下消息。
9 H' I& B$ B* a; p* o
1 o0 {7 R4 T3 l% T8 U2 t( J% D; y3 M$ {+ f, n. r
*Feb 26 13:10:11.127: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z5 f) I* j1 N7 b6 c; I) Z
R2#8 r9 h- S$ ]7 k9 p, c( t( S6 d
*Feb 26 13:10:32.191: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z+ V, V0 o2 W. G9 v
R2#9 ?+ I1 {4 j2 e: s9 Z) A; S
*Feb 26 13:10:36.335: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
# i& N1 x$ ~ I+ |3 XR2#
. s: A- Z6 _6 D" v9 J3 A+ ?, q3 V' t*Feb 26 13:10:38.251: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
4 q5 {2 N- X+ w B' E( F) LR2#
6 d2 M/ F( x- ~0 _+ I' n*Feb 26 13:10:39.359: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
9 s9 v) |, q: N, ?1 ~/ r$ P- `$ ^R2#
+ \) D3 M0 i0 H" S6 U*Feb 26 13:10:45.287: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z
( r. I: y$ O& |5 E6 I7 [R2#
6 M+ e$ P* W' R9 I*Feb 26 13:10:47.287: -Traceback= 64C8AEC0z 64C8CB58z 64D348B4z 64D34964z 64D34AE4z 64D39C58z 61FB4E18z 600103A4z 600DDE04z 600E2660z5 n6 _" V) H( T B
: W% D, l5 T4 ~! P& N$ w- @ping 不通能不服务器。我在内部服务器上开debug是可以收到包的,但是回包回不去1 f3 l* i" X& N/ k
我用c7200-adventerprisek9-mz.152-4.M2.bin也有点问题,就是拨上去访问内部服务器的数据量不能太大。太大的话就直接卡死了。0 u* N# s5 r) P) k: q1 W
大家有没有可以完美做这个实验的ios??
: R. S. I7 q7 C9 \3 \4 X2 oR2-GW#copy ftp://cisco:cisco@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg disk0- N/ m2 K5 F. x$ S8 ]2 u
R2-GW#$/cisco:cisco@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg disk0:/
+ e" u+ q' [1 C0 D0 sDestination filename [anyconnect-win-3.0.0629-k9.pkg]? 2 K2 i4 l7 Z& Z$ ?1 e
Accessing ftp://*****:*****@10.1.1.88/anyconnect-win-3.0.0629-k9.pkg...
/ L* y3 B8 c. s [- Z* hLoading anyconnect-win-3.0.0629-k9.pkg !!!
* R) @' l9 W" T7 L7 B*Feb 26 13:26:33.799: %DOSFS-5-DIBERR: disk0 is formatted from a different router or PC. A format in this router is required before an image can be booted from this device!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!0 T9 w/ E4 F! W' J" r2 Y& O
[OK - 21800354/4096 bytes]
" E! z' c% D C- n9 r+ |
4 F, w# D, q+ F3 R21800354 bytes copied in 45.508 secs (479044 bytes/sec), g+ Z: R) @7 D* ~5 S, l2 `( l
" Y) N1 \1 Z! L5 e3 [3 t: x
4 T- j' E" ~7 m+ c/ w0 G s2 Wcrypto vpn anyconnect disk0:/anyconnect-win-3.0.0629-k9.pkg& `7 u! C% m' y1 W6 L+ F
2 Q9 D) C( [7 p* A) `8 p
, \0 r. C. M3 s7 |: r
最后就是这个效果。数据量不能太大,太大就挂了。谁有比较完美的ssl vpn实验的ios?; y ^2 K1 w5 G4 H8 |6 j8 w
Building configuration...4 l) W% g8 x$ T( j( ~
% O4 y' h- G- V7 f$ U' p' wCurrent configuration : 4540 bytes3 K/ f) T7 |. |$ l" O0 O' i- P
!- U! ?2 l" O7 l8 b2 X6 B) R
! Last configuration change at 13:30:51 UTC Sun Feb 26 2017
8 h# {4 d- v: s" W2 h; f: _9 pupgrade fpd auto
0 O: e) y. [2 e! Vversion 15.2
9 C$ Y! j+ O) r4 W. l1 n0 |$ x' xservice timestamps debug datetime msec
3 X8 ]3 n2 C: X3 K3 fservice timestamps log datetime msec8 h- c4 C7 v4 `& V+ q
no service password-encryption6 ]4 }& J# _+ l1 @+ ^* `8 V6 b
!9 K1 \* v8 E5 o; M; F
hostname R2-GW
; J; B/ ]( D* s. W& h( ~0 @!
* B) f; s. b$ U: y! H6 o5 t+ b$ I# |8 a) |; Sboot-start-marker
9 s& U, }9 {3 j+ iboot-end-marker
) L. x9 W0 A& I2 F!/ O( }9 K: H. v; G+ S- ]# P( T
!
7 Z' H4 p1 V# p!
# E* t! X' F. O G; Gaaa new-model
& N4 S) G7 E6 m( u4 Z' A7 Q5 @!
8 m" G- V. n! J!
7 Z0 z- z6 S9 h; V$ Paaa authentication login sslvpn local
/ G. H9 [) _) [8 R0 v0 b!
. k: U+ H) p* [/ r! I, L!& O3 S0 U) a- i, F' a& t. q
! 8 l+ b4 i& N* X$ `
!' M- A) ]- l' p7 ~
!
2 m' `. j) e$ [0 Q# Uaaa session-id common
$ {& a. K6 @4 z5 O0 zno ip icmp rate-limit unreachable& [1 a/ q7 b* r1 y; {+ g
!9 k7 |) [" f3 ^/ W8 j
!
v+ {9 Q' v/ `- D/ r0 ?5 I; k!
2 n' l: n& }; J5 m8 G' R!
! @% |0 W* l/ C" b+ V" p!# u+ p8 B! b& U# Y d
!0 u. x7 Q! |" s/ e0 A
no ip domain lookup9 y8 f6 c% K, G7 r# R' D. A; i& `% J
ip cef
3 W* o) g3 d7 `9 Eno ipv6 cef. n! e* Q* p6 z Z9 G; U6 Q! k
!
. A, E" f% {( e% vmultilink bundle-name authenticated, N, L' J2 F( |4 D
!
: h% @ C- L' _/ X# a; Y!
1 `/ J, [1 D' a0 F ^ }& b!
9 a( O" B4 X/ o5 P- L!% Q$ x; D' l) d7 S
!
! |- j" {5 }* Y% L* R0 S!% W: K! {3 r2 A. X
!
0 K/ H9 U2 j5 D, n0 E& Q U. g! 7 l6 y$ E9 e' i4 Z
crypto pki trustpoint TP-self-signed-4279256517; c, y" L8 [, g9 r5 j# ?
enrollment selfsigned2 f; E3 D/ G' M
subject-name cn=IOS-Self-Signed-Certificate-4279256517
0 Q4 V; v1 V9 G* V. s" ~ revocation-check none
( \3 a/ z7 a8 _ rsakeypair TP-self-signed-42792565171 B$ x1 B& a4 ?) f4 j+ K
!
# T7 {3 W0 }0 d/ [2 Q!/ b& a5 \: `1 G. d" g& u, B( H
crypto pki certificate chain TP-self-signed-4279256517
& n- j; H& g0 ]9 r% h) w& B6 C certificate self-signed 01
5 a5 `% V# G& F 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 $ b7 s1 y# }& Y
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
+ K- b0 d; v9 {$ }7 j, X, s 69666963 6174652D 34323739 32353635 3137301E 170D3137 30323236 31333137 7 E" Z/ o* T( @
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 7 M! B% e O1 B8 J6 P
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932
' t7 S! T! j+ w4 a 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
& d8 x5 F# ]. W& `& v% {' H! m/ m1 z 8100C828 24CA6C93 191CEBDA 7AF7BD35 D3EA15DC A183BFF6 4BB0E219 5A59793B
& P6 _0 @2 X. h) N- Y E8C65FB4 3AFF1893 C23A38D6 D37E44B0 C6E4E749 641F4878 7E5A8B8C AEAC65FC , s3 e) H; E( ~5 Z
F0F8C3D0 71804410 45D2E1E2 42C4BA68 1470C7A9 60D91814 ECB33961 210EC0A0 4 r w# Y0 M8 g; r
DC9BBC49 BDD6666D F3B48EAA 3EA0DD9F C3C4F116 F194E629 472FF525 5F88E95A 9 L# Q" G$ j2 c; X4 l5 J) V1 i
76AF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 * [4 N7 ?) K* f m
551D2304 18301680 141F08C4 C3C11AB8 2DCCE07E 2D126AF0 7E137C70 E1301D06
8 ^3 t( L# A) H( Y1 W# y 03551D0E 04160414 1F08C4C3 C11AB82D CCE07E2D 126AF07E 137C70E1 300D0609 7 w" E5 a4 Y8 n {! G& @; F
2A864886 F70D0101 05050003 818100AC CCF1FC9D 9DBA658A 485ADCE1 49279A7C 2 p8 e5 k5 e% `) E7 x: T
288FAC1F AEE760A2 B3261F42 59CE166B 27645862 0814B98C F56375B2 6372BAB1
+ E8 L% e: a( P y& D" a! f 44DFCACA D6F67BDC 3A69112A 1C9216B7 FD86663C 0679B6FF 998C0E88 472EE140
" ?7 D) s7 t; S# f X1 G1 ] 3911B8D0 5FD7A356 533A7542 7119059E 738BC624 525EE840 201E392C 651557D8
; k4 `0 U+ q( h0 @- _5 L 330257EA 0E394DA5 C05B8B42 6C0882: J6 {$ q! m, O- Y: x
quit5 l6 v7 @. t- N" A+ H
username user1 privilege 15 password 0 cisco* y" w7 u; _. d2 z# m
!& }; q0 u$ \3 O4 ?& m% u
redundancy
% `) v0 z4 |& A! Z4 Y!
& f& q1 Y, b$ t4 s* t+ }, u!
1 O2 u2 d6 \( s! Cip tcp synwait-time 5
/ p% f4 A( s* i. ?2 Ecsdb tcp synwait-time 30; i% q* b. I8 F- Y
csdb tcp idle-time 3600
' _/ Z: n, u0 U% L# C4 J& _/ Z" Fcsdb tcp finwait-time 5+ `. ]6 q D2 m- o/ d
csdb tcp reassembly max-memory 1024/ M" [, G* f/ _3 s
csdb tcp reassembly max-queue-length 16* K0 }; D- Z' C- S/ O4 v7 V
csdb udp idle-time 30; a6 Y6 F- s* {* @( B
csdb icmp idle-time 10& F! H4 n1 S7 V d$ F9 M* p2 ~' v
csdb session max-session 65535
0 l. k$ Z' H0 w7 G0 L* z9 h- p* ^! & U+ A& D9 X6 ~' V
!
9 q" N8 ~) k& c/ a4 qcrypto vpn anyconnect disk0:/webvpn/anyconnect-win-3.0.0629-k9.pkg sequence 1
) g+ ]; C9 G: T" A! & D. c, v \. k, w, n6 U! R2 l
!( A9 Z( V3 h" u( T/ m
!
! m5 n- O, g, h' e!
6 ]8 o. T. p/ ~# ?1 R4 n. M!
2 n6 W: o! G& u" h!
9 F7 F3 l% O& ?# i5 B( L" K!
3 o2 A5 b2 V. d7 q!
) O9 i/ g7 U1 ]: k!
/ v) }0 M0 ?; N9 Y! \- g. H+ Zinterface FastEthernet0/0
, {' r( \% u! z9 E- }! G, f. | no ip address: N% l, H) F6 d2 S! _) ]
shutdown
) m0 ?: n7 D* M: R) y duplex half G% |& F ~. \, F) z
!
3 K) Q( @/ r& l) O. k( iinterface Ethernet1/0. {$ H1 @9 n( X+ I# W6 k
ip address 201.100.1.254 255.255.255.0! w$ j) q @5 _; P# A6 p
duplex half4 i8 \4 O% t6 W
!
+ e4 @1 ]0 b6 B/ U. d1 L% ^interface Ethernet1/1
$ r. t4 @ [1 c5 u t, `# x2 u) k ip address 10.1.1.254 255.255.255.0
* `9 E, r6 I C2 z duplex half: m9 t9 s7 ~. ?
!
+ C- F: ?0 v) l" ~7 @interface Ethernet1/2* O9 F( i7 \$ H- R8 S2 g" W' O
no ip address; ^& U2 L& |! Q" h5 n
shutdown/ X! |# r4 Q" ?" j' J3 _/ h
duplex half
( M4 Y s* q% D6 ^5 F!
9 d* r( v% F7 b& z& {1 y, ~interface Ethernet1/3
5 D2 h5 ?* Z P# A( v3 o4 E; Z7 W no ip address# T/ [3 V5 y, `6 q# e0 i9 U
shutdown
/ }" a8 q+ f# i+ ^; o duplex half( k& z4 m# W5 O. A2 {
!4 Y) ], n1 [. k* H) D. S, Y5 I
interface Serial2/0
- |7 R: b# }. @( l; s& _5 M no ip address1 Z6 e* m0 G. w# V! k2 V
shutdown U1 \& @8 n7 N2 M/ Q
serial restart-delay 0
, @/ g5 W4 ^2 C8 o ~; B, ]! r% v; [$ M7 T" M: I
interface Serial2/13 p6 t# C. ?# _ F2 S' f ^
no ip address
8 l8 p- L' q; H; a shutdown% k, f# M7 w& m ?& p" E- Y
serial restart-delay 0, V! G0 I: J8 [+ z% T% G" n; J
!
1 C7 V# w3 q( Z9 T7 c. |; pinterface Serial2/2
7 J9 `# [6 Z4 h0 y2 C5 z$ ^2 ]8 t no ip address
. K, n8 G/ I) n# R shutdown% {& o/ l; f$ Q; Y- C) B
serial restart-delay 0
0 H; x r) L- o4 d& O1 m! . ^/ Y3 x Z9 {6 H, D. ~, ~4 Q
interface Serial2/3
2 K- N/ X% P) D# j& ?9 Y7 ? no ip address
7 j1 K* G3 O7 N! H6 T- L! u shutdown& W* b' `" D- z9 ^
serial restart-delay 04 t& S- C2 c) R0 u
!
3 {( R: A+ b0 Y5 W7 B+ Minterface Virtual-Template1
+ [3 \" e+ G' D4 Q3 J, L ^ ip unnumbered Ethernet1/09 [; p- p& Y6 c2 R, \4 [! u
!8 @) ]' s+ r5 X* F3 Q1 T; d0 M# Z
ip local pool sslpool 123.1.1.100 123.1.1.110
4 `! m5 C' ]" x" E! i# f+ [; s5 Nip forward-protocol nd
) a2 C0 k* `8 i. E; r* E3 Ino ip http server, y9 m& X% M) r! [. X
no ip http secure-server
$ i! s7 p* b2 D9 q- D!& J) a# K+ i/ A+ a
!/ W$ P' W6 z* s' j
ip route 0.0.0.0 0.0.0.0 201.100.1.10
7 \/ w% i( ?% J! e7 K) L!( Q4 ^) C. r `' S( V
no cdp log mismatch duplex
8 L# N) e5 Y. u& F; G!
/ J" O; A; H+ V% e: r" m' U!2 }* C6 E& H7 Q C$ _
!. N4 C7 I* B, |4 s( u6 N
!
5 Y% F5 d% N) d$ L/ o1 G- J# a; i!$ D4 y; |- r7 ?. i- l
control-plane
8 @' L2 `/ ]5 m! S; i!& c/ T, B" ?- v& r3 V4 H
!/ K d- i! { E
!
/ O: h9 ^5 G9 rmgcp profile default
8 h; ]9 Z, J0 \$ H9 u" k!9 u) v7 j/ A5 \
!
# K! a' H! O' _7 c( o& m0 m!% r- L5 Y2 e* c) F
gatekeeper
0 X& H6 P2 v" u7 a shutdown
. G' ~5 `4 O, v9 D: W!/ P" A% h; N4 H: L; Z4 x
!9 @$ v1 K, y$ U+ P+ d9 _6 c( J( G: l
line con 0) w C3 {7 e5 u: Q8 E4 `/ [1 O$ u
exec-timeout 0 0
$ V B; z/ ?1 B. r privilege level 15
, @, ^% i ]( O3 ? logging synchronous- j! h* C3 o; i z1 t$ y' I- C2 ^
stopbits 14 e, b$ ^/ T5 a& b" t" j" f8 E. L
line aux 0
& s+ l' @5 \" a% X exec-timeout 0 01 f/ r! W2 {8 X S& M/ q9 X
privilege level 15
0 v( h9 o' O5 v$ H" C logging synchronous
% a r# x E! T$ k. U7 V stopbits 1
2 F; o4 x6 K$ ?$ V. Fline vty 0 4
6 a4 O5 m W5 c1 h4 Y transport input all
6 B8 G6 l* B, m( V!
9 j4 ]% V' t+ v1 `!' G! `; Q' }8 G! s \# N7 X
!
. B* g. i$ W+ ~# G6 Wwebvpn gateway gw& }$ \. `$ |! x
ip address 201.100.1.254 port 443 * q8 f5 u+ f ?4 N0 _1 m
ssl trustpoint TP-self-signed-42792565174 w" u$ Q3 O+ _1 p+ w& A4 D
inservice5 m Z7 o1 X3 P
!
; {& ~& t4 d! @: p0 U2 s$ pwebvpn context c1
* R* k& ? X( a% o7 Q6 U' s !
* d4 F' ^6 J5 d) W4 w, U port-forward "telnet.port.forward"
3 \6 w, U3 O- @* t# o$ @ local-port 5000 remote-server "10.1.1.1" remote-port 23 description "port-forwad-thinclient"4 T2 \, F+ `" j# x* H1 h- ]- I
!# C9 Y; Z+ o/ U+ T
smart-tunnel list "smart-tunnel"/ ?7 e/ G- l" q& F, Y6 f% R
appl "remote.disktop" "mstsc.exe" windows
6 V* L7 R$ ~9 f/ h9 \( E! ]8 p: s. o' @" u appl "ssh" "putty.exe" windows
( J* e5 G" ^8 Z8 r! \ appl "ie" "iexplore.exe" windows
/ Y7 K6 l8 a, v5 M gateway gw
& e' L* t. G: m& I- u logging enable
# j. D f( e9 ]6 i6 s# Q !
' [! o2 ^: O7 D7 m* F# G% } ssl authenticate verify all/ O+ C" ?3 a- p& A* X a* w
!
! E7 m" K* @9 Z) m N- Z* U1 M/ _ url-list "inside.http.name"( A8 L7 Y& H4 m4 x2 ~, G" w# E0 t
heading "inside.http.heading"
# w. h& h" d( j9 F: p url-text "inside.http.label" url-value "http://10.1.1.1"8 m {' s/ e: H2 V$ ~$ G# j; p* ?7 r
inservice! }* \/ m& u G6 V
!. k! k# q0 D2 F& W u9 m% H
policy group grouppolicy1, D, l! C+ V: ?0 A3 B- ?
port-forward "telnet.port.forward"; @9 N. k5 v+ K9 G' {+ N
smart-tunnel list "smart-tunnel"+ {# b5 F. |) N3 J4 b5 O
functions svc-enabled
! b# ?9 L/ w& F svc address-pool "sslpool" netmask 255.255.255.0
" B: r- U+ ] R. V n/ N: y/ Z svc default-domain "cisco.com": t' N4 U+ P7 ^" V5 K- l8 f! G0 V$ ?
url-list "inside.http.name"
% M) L% g/ p7 u x default-group-policy grouppolicy13 s2 P8 A' ]" _2 I6 Q
!
( ^4 e* K9 J: K# {8 J, v, kend% i# t( k' n3 o3 x( M% I
& b& O6 X( }! H4 n5 f
4 r5 j8 I' B5 g. M7 g) Y% J$ J* K6 a0 t7 s; D) ^0 A
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2017-2-26 13:36:18
置顶卡
喧嚣卡
变色卡
千斤顶
楼主