The System image file is
"flash:c2801-adventerprisek9_ivs-mz.124-24.T1.bin". I am still trying to
get it to work. With the configuration below I try to ping 4.2.2.2 from the
inside interface and it times out....any ideas?
Cisco2801#sh run
Building configuration...
Current configuration : 5051 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco2801
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 128000
no logging console
enable secret 5 ********
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
!
!
aaa session-id common
errdisable recovery cause bpduguard
errdisable recovery interval 400
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name datasc.local
ip inspect udp idle-time 1800
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-2766443098
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2766443098
revocation-check none
rsakeypair TP-self-signed-2766443098
!
!
crypto pki certificate chain TP-self-signed-2766443098
certificate self-signed 01
!
!
username ******* privilege 15 secret 5 *******
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
!
class-map type inspect match-any inspecttraffic
match protocol tcp
match protocol udp
match protocol icmp
!
!
policy-map type inspect inspecttrafficpolicy
class type inspect inspecttraffic
inspect
class class-default
drop
!
zone security private
zone security internet
zone security dmz
zone-pair security private-internet source private destination internet
service-policy type inspect inspecttrafficpolicy
zone-pair security private-dmz source private destination dmz
service-policy type inspect inspecttrafficpolicy
zone-pair security dmz-internet source dmz destination internet
service-policy type inspect inspecttrafficpolicy
!
!
!
!
interface FastEthernet0/0
bandwidth 16000
ip address dhcp
ip access-group internet in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
zone-member security internet
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.200.1 255.255.255.252
ip nat inside
ip virtual-reassembly
zone-member security private
duplex auto
speed auto
!
interface FastEthernet0/1/0
switchport access vlan 150
spanning-tree portfast
!
interface FastEthernet0/1/1
switchport access vlan 150
spanning-tree portfast
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Vlan1
no ip address
!
interface Vlan150
ip address 10.1.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security dmz
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 24.126.129.1
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list NATNETWORKS interface FastEthernet0/0 overload
ip nat inside source static tcp 10.1.150.150 80 24.126.129.229 8080
extendable
!
ip access-list extended NATNETWORKS
permit ip 10.1.0.0 0.0.255.255 any
ip access-list extended internet
permit udp any any eq isakmp
permit tcp any any eq 22
permit udp any eq bootps any eq bootpc
permit gre any any
permit esp any any
permit tcp any any eq 5001
permit tcp any any eq www
permit tcp any any eq 8080
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input ssh
line vty 5 15
privilege level 15
transport input ssh
!
scheduler allocate 20000 1000
end
Cisco2801#
On Wed, Aug 26, 2009 at 7:44 AM, Iwan Hoogendoorn <iwan_at_ipexpert.com> wrote: