âVelocitymasterâ
Gawd
- Joined
- Dec 12, 2004
- Messages
- 584
I will show you my current sh run of my router to make it easier for you to help me.
The thing is I use ssh instead of telnet for login or the internet from any remote computer to my router.
Also unable aaa and set the login for the line vty 0 4 to transport ssh. I can log in to my router over the internet fine buy using my password that I set for line.
Problem is, I can't get to privilege mode, after logon to router.
metavers> when I type en it give me "% error in authentication" message.
I need to be able to configure the router over WAN which means i need to be in privilege mode, (Metaverse#). I'm able to get in to privilege mode over the console or hyper terminal from my server with the com port, but not line. When logging in to line I use my password that I set for line, I try using the console password but it won't let me in which is normal. I use SSH client or a program call putty.
Last thing I need to know how to enable port range for certain applications.
I have no problem in port froward on a single port for an application, example;
(ip nat inside source static tcp 192.168.0.10 21 interface FastEthernet4 21) which i use for my ftp server in my Lan for outsiders to access it.
What if some apps require a port range?
Building configuration...
Current configuration : 3319 bytes
!
! Last configuration change at 02:18:14 est Sun Feb 4 2007
! NVRAM config last updated at 20:06:19 est Thu Feb 1 2007
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Metaverse
!
boot-start-marker
boot-end-marker
!
logging buffered 5000000 debugging
!
aaa new-model
!
!
aaa authentication login default line
--More-- aaa authorization console
--More-- !
--More-- aaa session-id common
--More-- !
--More-- resource policy
--More-- !
--More-- clock timezone est -5
--More-- clock summer-time edt recurring
--More-- ip cef
--More-- !
--More-- !
--More-- !
--More-- !
--More-- ip vrf forwarding
--More-- !
--More-- ip domain name x.x.x.net
--More-- ip ssh time-out 6
--More-- ip inspect log drop-pkt
--More-- ip inspect udp idle-time 10
--More-- ip inspect name walloffire ftp audit-trail on timeout 60
--More-- ip inspect name walloffire tcp timeout 60
--More-- ip inspect name walloffire bootps
--More-- ip inspect name walloffire icmp timeout 10
--More-- ip ips name YuriIPS
--More-- login block-for 120 attempts 2 within 150
--More-- login on-failure log
--More-- !
--More-- !
--More-- !
--More-- username xxxxxxxxx
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- interface FastEthernet0
--More-- description Main Rig
--More-- no cdp enable
--More-- !
--More-- interface FastEthernet1
--More-- description lappy
--More-- !
--More-- interface FastEthernet2
--More-- shutdown
--More-- !
--More-- interface FastEthernet3
--More-- shutdown
--More-- !
--More-- interface FastEthernet4
--More-- description WAN connection
--More-- ip dhcp client update dns
--More-- ip address dhcp
--More-- ip access-group 102 in
--More-- no ip redirects
--More-- no ip unreachables
--More-- no ip proxy-arp
--More-- ip nbar protocol-discovery
--More-- ip nat outside
--More-- ip inspect walloffire in
--More-- ip ips YuriIPS in
--More-- ip virtual-reassembly
--More-- ip route-cache flow
--More-- load-interval 30
--More-- duplex auto
--More-- speed auto
--More-- no cdp enable
--More-- !
--More-- interface Vlan1
--More-- description Home maga LAN
--More-- ip address 192.168.0.1 255.255.255.0
--More-- ip nat inside
--More-- ip virtual-reassembly
--More-- !
--More-- interface Vlan2
--More-- no ip address
--More-- shutdown
--More-- !
--More-- !
--More-- !
--More-- no ip http server
--More-- no ip http secure-server
--More-- ip dns server
--More-- ip nat inside source list 1 interface FastEthernet4 overload
--More-- ip nat inside source static tcp 192.168.0.10 3389 interface FastEthernet4 3389
--More-- ip nat inside source static tcp 192.168.0.10 2302 interface FastEthernet4 2302
--More-- ip nat inside source static tcp 192.168.0.10 21 interface FastEthernet4 21
--More-- ip nat inside source static tcp 192.168.0.10 5922 interface FastEthernet4 5922
--More-- ip nat inside source static tcp 192.168.0.10 55000 interface FastEthernet4 55000
--More-- ip nat inside source static tcp 192.168.0.11 45011 interface FastEthernet4 45011
--More-- ip nat inside source static tcp 192.168.0.10 46541 interface FastEthernet4 46541
--More-- !
--More-- !
--More-- logging history debugging
--More-- logging trap debugging
--More-- logging server-arp
--More-- logging 192.168.0.10
--More-- access-list 1 permit 192.168.0.0 0.0.0.255
--More-- access-list 1 deny any
--More-- access-list 102 deny icmp any host x.x.x.x log
--More-- access-list 102 deny ip 66.177.58.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 deny ip 66.180.205.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 deny ip 209.204.61.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 deny ip 216.151.155.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 permit ip any any
--More-- !
--More-- !
--More-- !
--More-- !
--More-- control-plane
--More-- !
--More-- banner motd ^C
--More-- Welcome to the Metaverse, Don't screw with my networks or I'll will be after you!! All actions will be taken!
--More-- ^C
--More-- !
--More-- line con 0
--More-- password 7 09181C5E41574741535E547C7E75
--More-- no modem enable
--More-- transport preferred none
--More-- transport output all
--More-- line aux 0
--More-- transport output all
--More-- line vty 0 4
--More-- password 7 13514545535E54797C757D61
--More-- transport input ssh
--More-- transport output all
--More-- !
--More-- scheduler max-task-time 5000
--More-- end
--More--
Metaverse#
The thing is I use ssh instead of telnet for login or the internet from any remote computer to my router.
Also unable aaa and set the login for the line vty 0 4 to transport ssh. I can log in to my router over the internet fine buy using my password that I set for line.
Problem is, I can't get to privilege mode, after logon to router.
metavers> when I type en it give me "% error in authentication" message.
I need to be able to configure the router over WAN which means i need to be in privilege mode, (Metaverse#). I'm able to get in to privilege mode over the console or hyper terminal from my server with the com port, but not line. When logging in to line I use my password that I set for line, I try using the console password but it won't let me in which is normal. I use SSH client or a program call putty.
Last thing I need to know how to enable port range for certain applications.
I have no problem in port froward on a single port for an application, example;
(ip nat inside source static tcp 192.168.0.10 21 interface FastEthernet4 21) which i use for my ftp server in my Lan for outsiders to access it.
What if some apps require a port range?
Building configuration...
Current configuration : 3319 bytes
!
! Last configuration change at 02:18:14 est Sun Feb 4 2007
! NVRAM config last updated at 20:06:19 est Thu Feb 1 2007
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Metaverse
!
boot-start-marker
boot-end-marker
!
logging buffered 5000000 debugging
!
aaa new-model
!
!
aaa authentication login default line
--More-- aaa authorization console
--More-- !
--More-- aaa session-id common
--More-- !
--More-- resource policy
--More-- !
--More-- clock timezone est -5
--More-- clock summer-time edt recurring
--More-- ip cef
--More-- !
--More-- !
--More-- !
--More-- !
--More-- ip vrf forwarding
--More-- !
--More-- ip domain name x.x.x.net
--More-- ip ssh time-out 6
--More-- ip inspect log drop-pkt
--More-- ip inspect udp idle-time 10
--More-- ip inspect name walloffire ftp audit-trail on timeout 60
--More-- ip inspect name walloffire tcp timeout 60
--More-- ip inspect name walloffire bootps
--More-- ip inspect name walloffire icmp timeout 10
--More-- ip ips name YuriIPS
--More-- login block-for 120 attempts 2 within 150
--More-- login on-failure log
--More-- !
--More-- !
--More-- !
--More-- username xxxxxxxxx
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- !
--More-- interface FastEthernet0
--More-- description Main Rig
--More-- no cdp enable
--More-- !
--More-- interface FastEthernet1
--More-- description lappy
--More-- !
--More-- interface FastEthernet2
--More-- shutdown
--More-- !
--More-- interface FastEthernet3
--More-- shutdown
--More-- !
--More-- interface FastEthernet4
--More-- description WAN connection
--More-- ip dhcp client update dns
--More-- ip address dhcp
--More-- ip access-group 102 in
--More-- no ip redirects
--More-- no ip unreachables
--More-- no ip proxy-arp
--More-- ip nbar protocol-discovery
--More-- ip nat outside
--More-- ip inspect walloffire in
--More-- ip ips YuriIPS in
--More-- ip virtual-reassembly
--More-- ip route-cache flow
--More-- load-interval 30
--More-- duplex auto
--More-- speed auto
--More-- no cdp enable
--More-- !
--More-- interface Vlan1
--More-- description Home maga LAN
--More-- ip address 192.168.0.1 255.255.255.0
--More-- ip nat inside
--More-- ip virtual-reassembly
--More-- !
--More-- interface Vlan2
--More-- no ip address
--More-- shutdown
--More-- !
--More-- !
--More-- !
--More-- no ip http server
--More-- no ip http secure-server
--More-- ip dns server
--More-- ip nat inside source list 1 interface FastEthernet4 overload
--More-- ip nat inside source static tcp 192.168.0.10 3389 interface FastEthernet4 3389
--More-- ip nat inside source static tcp 192.168.0.10 2302 interface FastEthernet4 2302
--More-- ip nat inside source static tcp 192.168.0.10 21 interface FastEthernet4 21
--More-- ip nat inside source static tcp 192.168.0.10 5922 interface FastEthernet4 5922
--More-- ip nat inside source static tcp 192.168.0.10 55000 interface FastEthernet4 55000
--More-- ip nat inside source static tcp 192.168.0.11 45011 interface FastEthernet4 45011
--More-- ip nat inside source static tcp 192.168.0.10 46541 interface FastEthernet4 46541
--More-- !
--More-- !
--More-- logging history debugging
--More-- logging trap debugging
--More-- logging server-arp
--More-- logging 192.168.0.10
--More-- access-list 1 permit 192.168.0.0 0.0.0.255
--More-- access-list 1 deny any
--More-- access-list 102 deny icmp any host x.x.x.x log
--More-- access-list 102 deny ip 66.177.58.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 deny ip 66.180.205.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 deny ip 209.204.61.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 deny ip 216.151.155.0 0.0.0.255 host x.x.x.x log
--More-- access-list 102 permit ip any any
--More-- !
--More-- !
--More-- !
--More-- !
--More-- control-plane
--More-- !
--More-- banner motd ^C
--More-- Welcome to the Metaverse, Don't screw with my networks or I'll will be after you!! All actions will be taken!
--More-- ^C
--More-- !
--More-- line con 0
--More-- password 7 09181C5E41574741535E547C7E75
--More-- no modem enable
--More-- transport preferred none
--More-- transport output all
--More-- line aux 0
--More-- transport output all
--More-- line vty 0 4
--More-- password 7 13514545535E54797C757D61
--More-- transport input ssh
--More-- transport output all
--More-- !
--More-- scheduler max-task-time 5000
--More-- end
--More--
Metaverse#