cancelar
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
Avisos
¡Bienvenido a la nueva Comunidad de Soporte de Cisco! Nos encantaría conocer su opinión
New Member

No puedo conectarme por ssh a mi 1841 a traves de la interface Fa0/1

No puedo entrar por ssh a mi router por esa interface. ¿Que jodidos pasa??

Mi configuración:

!This is the running config of the router: 192.168.0.254
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname RoSLPForaneas
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
logging console critical
enable secret 5 $1$6L9v$RFuiBkIxFbQ6tQfdUtYgv.
!
no aaa new-model
clock timezone MX -6
clock summer-time MX recurring
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
no ip bootp server
ip domain name ldimexico.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
crypto pki trustpoint TP-self-signed-3228746931
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3228746931
revocation-check none
rsakeypair TP-self-signed-3228746931
!
!
username smontijo privilege 15 secret 5 $1$AyAK$A31GHTknqjQ70ABBAwNAu1
username esanchez privilege 15 secret 5 $1$IR59$QEwEH.hICUkGwrI0KSZHJ1
username carlosv privilege 15 secret 5 $1$eaDH$j3TqaTZojy7HBAqvIac8h/
username jmartinez privilege 15 secret 5 $1$avwi$2pU8NQsxECrLPEWTgeBpf/
!
!
ip ssh authentication-retries 5
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set vpn-transform esp-3des esp-sha-hmac
crypto ipsec transform-set vpn-transform1 esp-3des esp-md5-hmac
!
crypto dynamic-map vpn-dynamic 2
description San Isidro
set transform-set vpn-transform
set pfs group2
match address 102
crypto dynamic-map vpn-dynamic 3
description Americas
set transform-set vpn-transform
set pfs group2
match address 103
crypto dynamic-map vpn-dynamic 4
description Pablo Neruda
set transform-set vpn-transform
set pfs group2
match address 104
crypto dynamic-map vpn-dynamic 5
description Bodega Vallarta
set transform-set vpn-transform
set pfs group2
match address 105
crypto dynamic-map vpn-dynamic 6
description Palmas Vallarta
set transform-set vpn-transform
set pfs group2
match address 106
crypto dynamic-map vpn-dynamic 7
description Pipila Vallarta
set transform-set vpn-transform
set pfs group2
match address 107
crypto dynamic-map vpn-dynamic 8
description Aralias Vallarta
set transform-set vpn-transform
set pfs group2
match address 108
crypto dynamic-map vpn-dynamic 9
description Marina Vallarta
set transform-set vpn-transform
set pfs group2
match address 109
crypto dynamic-map vpn-dynamic 10
description Olas Vallarta
set transform-set vpn-transform
set pfs group2
match address 110
crypto dynamic-map vpn-dynamic 11
description Ajijic
set transform-set vpn-transform
set pfs group2
match address 111
crypto dynamic-map vpn-dynamic 12
description Colima
set transform-set vpn-transform
set pfs group2
match address 112
!
!
crypto map vpn-static 1 ipsec-isakmp dynamic vpn-dynamic
!
!
!
interface FastEthernet0/0
description $FW_OUTSIDE$$ETH-WAN$
ip address 100.1.130.141 255.255.255.0
ip verify unicast reverse-path
ip mtu 1492
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map vpn-static
!
interface FastEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 100.1.130.5
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map nonat interface FastEthernet0/0 overload
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
remark Auto generated by SDM for NTP (123) 200.23.51.205
permit udp host 200.23.51.205 eq ntp host 100.1.130.141 eq ntp
permit ahp any host 100.1.130.141
permit esp any host 100.1.130.141
permit udp any host 100.1.130.141 eq isakmp
permit udp any host 100.1.130.141 eq non500-isakmp
permit ip 192.168.26.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.210.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.27.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.37.0 0.0.0.255 192.168.0.0 0.0.0.255
remark SSH
permit tcp any any
ip access-list extended sdm_fastethernet0/0_in_100
remark SDM_ACL Category=1
remark Auto generated by SDM for NTP (123) 200.23.51.205
permit udp host 200.23.51.205 eq ntp host 100.1.130.141 eq ntp
permit ahp any host 100.1.130.141
permit esp any host 100.1.130.141
permit udp any host 100.1.130.141 eq isakmp
permit udp any host 100.1.130.141 eq non500-isakmp
permit ip 192.168.26.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.210.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.19.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.27.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.37.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=1
remark sshy
permit tcp any any
ip access-list extended sdm_fastethernet0/1_in_100
remark SDM_ACL Category=1
permit ip any any
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark Auto generated by SDM for NTP (123) 200.23.51.205
access-list 100 permit udp host 200.23.51.205 eq ntp host 192.168.0.254 eq ntp
access-list 100 deny ip 100.1.130.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 8.8.4.4 eq domain host 100.1.130.141
access-list 101 permit udp host 8.8.8.8 eq domain host 100.1.130.141
access-list 101 remark Auto generated by SDM for NTP (123) 200.23.51.205
access-list 101 permit udp host 200.23.51.205 eq ntp host 100.1.130.141 eq ntp
access-list 101 permit ahp any host 100.1.130.141
access-list 101 permit esp any host 100.1.130.141
access-list 101 permit udp any host 100.1.130.141 eq isakmp
access-list 101 permit udp any host 100.1.130.141 eq non500-isakmp
access-list 101 permit ip 192.168.26.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.210.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.19.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.8.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.27.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.37.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any host 100.1.130.141 echo-reply
access-list 101 permit icmp any host 100.1.130.141 time-exceeded
access-list 101 permit icmp any host 100.1.130.141 unreachable
access-list 101 permit tcp any host 100.1.130.141 eq 443
access-list 101 permit tcp any host 100.1.130.141 eq 22
access-list 101 permit tcp any host 100.1.130.141 eq cmd
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark San Isidro
access-list 102 remark SDM_ACL Category=20
access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.37.0 0.0.0.255
access-list 102 deny ip 192.168.0.0 0.0.0.255 any
access-list 103 remark Americas
access-list 103 remark SDM_ACL Category=20
access-list 103 permit ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 103 deny ip 192.168.0.0 0.0.0.255 any
access-list 104 remark Pablo Neruda
access-list 104 permit ip 192.168.0.0 0.0.0.255 192.168.27.0 0.0.0.255
access-list 104 deny ip 192.168.0.0 0.0.0.255 any
access-list 105 remark Bodega Vallarta
access-list 105 permit ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 105 deny ip 192.168.0.0 0.0.0.255 any
access-list 106 remark Palmas Vallarta
access-list 106 remark SDM_ACL Category=20
access-list 106 permit ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 106 deny ip 192.168.0.0 0.0.0.255 any
access-list 107 remark Pipila Vallarta
access-list 107 remark SDM_ACL Category=20
access-list 107 permit ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 107 deny ip 192.168.0.0 0.0.0.255 any
access-list 108 remark Aralias Vallarta
access-list 108 permit ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 108 deny ip 192.168.0.0 0.0.0.255 any
access-list 109 remark Marina Vallarta
access-list 109 permit ip 192.168.0.0 0.0.0.255 192.168.210.0 0.0.0.255
access-list 109 deny ip 192.168.0.0 0.0.0.255 any
access-list 110 remark Olas Vallarta
access-list 110 permit ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 110 deny ip 192.168.0.0 0.0.0.255 any
access-list 111 remark Ajijic
access-list 111 permit ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 111 deny ip 192.168.0.0 0.0.0.255 any
access-list 112 remark Colima
access-list 112 permit ip 192.168.0.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 112 deny ip 192.168.0.0 0.0.0.255 any
access-list 113 remark auto generated by SDM firewall configuration
access-list 113 remark SDM_ACL Category=1
access-list 113 deny ip 100.1.130.0 0.0.0.255 any
access-list 113 deny ip host 255.255.255.255 any
access-list 113 deny ip 127.0.0.0 0.255.255.255 any
access-list 113 permit ip any any
access-list 114 remark auto generated by SDM firewall configuration
access-list 114 remark SDM_ACL Category=1
access-list 114 permit udp host 8.8.4.4 eq domain host 100.1.130.141
access-list 114 permit udp host 8.8.8.8 eq domain host 100.1.130.141
access-list 114 remark Auto generated by SDM for NTP (123) 200.23.51.205
access-list 114 permit udp host 200.23.51.205 eq ntp host 100.1.130.141 eq ntp
access-list 114 permit ahp any host 100.1.130.141
access-list 114 permit esp any host 100.1.130.141
access-list 114 permit udp any host 100.1.130.141 eq isakmp
access-list 114 permit udp any host 100.1.130.141 eq non500-isakmp
access-list 114 permit ip 192.168.26.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.210.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.19.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.8.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.27.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 permit ip 192.168.37.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 114 deny ip 192.168.0.0 0.0.0.255 any
access-list 114 permit icmp any host 100.1.130.141 echo-reply
access-list 114 permit icmp any host 100.1.130.141 time-exceeded
access-list 114 permit icmp any host 100.1.130.141 unreachable
access-list 114 deny ip 10.0.0.0 0.255.255.255 any
access-list 114 deny ip 172.16.0.0 0.15.255.255 any
access-list 114 deny ip 192.168.0.0 0.0.255.255 any
access-list 114 deny ip 127.0.0.0 0.255.255.255 any
access-list 114 deny ip host 255.255.255.255 any
access-list 114 deny ip host 0.0.0.0 any
access-list 114 deny ip any any log
access-list 115 remark auto generated by SDM firewall configuration
access-list 115 remark SDM_ACL Category=1
access-list 115 permit udp host 8.8.4.4 eq domain host 100.1.130.141
access-list 115 permit udp host 8.8.8.8 eq domain host 100.1.130.141
access-list 115 remark Auto generated by SDM for NTP (123) 200.23.51.205
access-list 115 permit udp host 200.23.51.205 eq ntp host 100.1.130.141 eq ntp
access-list 115 permit ahp any host 100.1.130.141
access-list 115 permit esp any host 100.1.130.141
access-list 115 permit udp any host 100.1.130.141 eq isakmp
access-list 115 permit udp any host 100.1.130.141 eq non500-isakmp
access-list 115 permit ip 192.168.26.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.210.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.19.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.8.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.27.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.6.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 permit ip 192.168.37.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 115 deny ip 192.168.0.0 0.0.0.255 any
access-list 115 permit icmp any host 100.1.130.141 echo-reply
access-list 115 permit icmp any host 100.1.130.141 time-exceeded
access-list 115 permit icmp any host 100.1.130.141 unreachable
access-list 115 deny ip 10.0.0.0 0.255.255.255 any
access-list 115 deny ip 172.16.0.0 0.15.255.255 any
access-list 115 deny ip 192.168.0.0 0.0.255.255 any
access-list 115 deny ip 127.0.0.0 0.255.255.255 any
access-list 115 deny ip host 255.255.255.255 any
access-list 115 deny ip host 0.0.0.0 any
access-list 115 deny ip any any log
access-list 151 remark SDM_ACL Category=18
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.210.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.37.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.27.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.19.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.26.0 0.0.0.255
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 151 permit ip any any
snmp-server community draco RO
snmp-server community m0n1t0r30 RO
snmp-server enable traps tty
no cdp run
route-map nonat permit 10
match ip address 151
!
!
!
control-plane
!
banner login ^CCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
privilege level 15
logging synchronous
login local
transport input telnet ssh
transport output ssh
line vty 5 15
privilege level 15
login local
transport input ssh
!
scheduler allocate 4000 1000
ntp clock-period 17179959
ntp server 200.23.51.205
end

1 RESPUESTA
Cisco Employee

Necesitaríamos entender un

Necesitaríamos entender un poco más desde dónde estás tratando de conectarte y qué tipo de error tienes, pero de entrada yo sugeriría cambiar tu access-list de NAT (151). Al final de dicha access-list tienes una instrucción de "permit ip any any". Esta configuración no está soportada ya que puede tener un comportamiento inesperado. De entre los comportamientos más usuales que yo he encontrado es que el router intenta hacer NAT a protocolos de ruteo y sesiones de telnet y ssh, dejándolos inservibles.

De acuerdo con tu configuración esa línea debería cambiarse por lo siguiente:

access-list 151 permit ip 192.168.0.0 0.0.0.255 any

El siguiente link contiene información sobre este tipo de problemas en configuración con permit ip any any:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html#Q26

36
Visitas
5
ÚTIL
1
Respuestas