Hi Community,
Could you please advise me where is my problem:
When I trying to connect Cisco 881 through SSH, it answers me login and password, but deny access.
This is full config:
!
! Last configuration change at 17:08:19 UTC Thu Oct 12 2017 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname blab01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 Ivcw.NXKbPGnUJY1w35CDH7n2ZASu5D1k
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-3570458249
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3570458249
revocation-check none
rsakeypair TP-self-signed-3570458249
!
!
crypto pki certificate chain TP-self-signed-3570458249
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name blrlab.com
ip inspect name outside_fw icmp
ip inspect name outside_fw http
ip inspect name outside_fw https
ip inspect name outside_fw tcp
ip inspect name outside_fw udp
ip inspect name outside_fw dns
ip inspect name outside_fw pptp
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn FGL181021M3
!
!
username admin privilege 15 secret 4 hFK.2TEAvHhQRoMQRkWa26vz.q2Vd7U
username bbbadmin privilege 15 password 7 013D1312F751F6E4D
!
!
!
!
!
ip ftp source-interface Vlan1
ip ftp username cisco
ip ftp password 7 121A0C041104
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh port 5722 rotary 1
ip ssh logging events
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key faltecvpn address MANCH-IP no-xauth
crypto isakmp keepalive 120
!
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map outside_map 10 ipsec-isakmp
description SHRB -- MNCH
set peer MANCH-IP
set transform-set 3DES-MD5
match address data_SHRB_MNCH
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description VIDEOTRON
ip address EXT-IP 255.255.255.252
ip nat outside
ip inspect outside_fw out
ip virtual-reassembly in
duplex full
speed auto
crypto map outside_map
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list NAT_BLAB interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.3 25 EXT-IP 25 extendable
ip nat inside source static tcp 192.168.1.25 80 EXT-IP 80 extendable
ip nat inside source static tcp 192.168.1.25 443 EXT-IP 443 extendable
ip nat inside source static tcp 192.168.1.3 1723 EXT-IP 1723 extendable
ip route 0.0.0.0 0.0.0.0 24.37.183.233
!
ip access-list extended NAT_BLAB
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended OUTSIDE_IN
permit tcp any host EXT-IP eq smtp
permit gre any host EXT-IP
permit tcp any host EXT-IP eq 1723
permit tcp any host EXT-IP eq www
permit tcp any host EXT-IP eq 443
permit udp any eq isakmp host EXT-IP eq isakmp
ip access-list extended data_SHRB_MNCH
remark Traffic entre SHRB et MNCH
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
no cdp run
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
password 7 09625B15F5F246E
logging synchronous
no modem enable
speed 115200
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 0228114D181D295D
logging synchronous
rotary 1
transport input ssh
transport output ssh
line vty 5 15
privilege level 15
password 7 0228114D5B0A5D
transport input all
!
!
end
