Crypto pki trustpoint tp self signed

crypto pki trustpoint tp self signed

by joeky on Sep 15, 2011 at 00:00 UTC

I published the configuration of my Cisco router 851w that may ping outdoor world but the neighborhood host cannot get admission to net. I’m the use of it for ICND1 and ICND2 exams

! model 12.4 no service pad service timestamps debug datetime msec provider timestamps log datetime msec no provider password-encryption ! hostname LabRouter ! boot-begin-marker boot-stop-marker ! enable secret 5 $1$VWn.$a4ReS/IttYpUJ02zXuUVQ0 ! no aaa new-version ! resource coverage ! ! ! ip cef ip area name www.cisco.com ip call-server 4.2.2.2 ! ! crypto pki trustpoint TP-self-signed-193179119 enrollment selfsigned problem-call cn=IOS-Self-Signed-Certificate-193179119 revocation-test none rsakeypair TP-self-signed-193179119 ! ! crypto pki certificate chain TP-self-signed-193179119 certificate self-signed 01 3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393331 37393131 39301E17 0D303230 33303230 31333832 385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3139 33313739 31313930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 ADF4669F F188A310 677C4299 52184AB8 CE55E8AE DC96A5A1 C64A6ED0 00DAD28F C4C96783 E616C3DE 4FB481CD 2E1FC9AE 31319494 532FE30A D9D10809 94EFBCBD 99155DFA 276E7DFA 39968ADD 463B7C2F C609CC4C FCCA0F71 07B5E98E 51F4DD43 D65F6B0F 064135AC 7894AD93 4D21C544 E73B3D97 94C91441 C14CA85F 202FD1E3 02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D 11041B30 1982174C 6162526F 75746572 2E777777 2E636973 636F2E63 6F6D301F 0603551D 23041830 16801407 A4F9BA88 32307253 4EA24676 CA54CD8D A7EBFA30 1D060355 1D0E0416 041407A4 F9BA8832 3072534E A24676CA 54CD8DA7 EBFA300D 06092A86 4886F70D 01010405 00038181 008D2B9F 01FBCE1E AF8F870F F7BF2E22 0F6A2FA0 E65CCF73 6D46D44E F0661A4C C25A2A73 E51B3EA3 BFBC12E3 4876A48F 82BBAFE2 48A48A52 D52D17D3 246D768E 0350E417 A8C8E3A9 DB581C52 C2E159CA B5DEB897 C856FC05 0C8329FA BF8F1259 21170428 D47A4B0D 67178047 BA50B908 F54992F3 E1CD2710 0D8E36D6 B0C26638 B9 end username Joe password 0 cisco privilege 15 ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip cope with dhcp ip nat out of doors ip virtual-reassembly speed one hundred complete-duplex ! interface Dot11Radio0 no ip deal with shutdown speed simple-1.zero fundamental-2.0 fundamental-5.5 6.0 nine.0 primary-11.0 12.zero 18.0 24.0 36.0 48.0 fifty four.0 station-role root ! interface Vlan1 ip deal with 10.10.10.1 255.255.255.0 ip nat internal ip digital-reassembly ! router rip version 2 community 10.zero.zero.zero ! ip default-gateway 10.221.18.129 ip direction zero.zero.0.0 0.zero.0.0 10.221.18.129 ! no ip http server ip http authentication local ip http steady-server ip nat inside source static tcp 10.221.18.144 80 10.221.18.130 80 extendable ! ! manage-plane !

Pls. see the choices template at http://www.techrepublic.com/article/configuring-the choices-cisco-851w-or-871w-preferred-ios/6112367 that has properly commands to be used and automate the choices introduction of a new configuration. You simplest need to have (or create) a unfastened Techrepublic account for this.

I bet your internal addresses belong to ten.10.10.1/24 community with Fa0-three belonging to Vlan1 (default), and you are receiving an deal with from 10.221.18.0/24 community on the external interface (Fa4).

Therefore pls. have a examine the IP NAT INSIDE, because you must write the choices IP deal with of the inner host first (some thing like 10.10.10.X) and the public IP address acquired on Fa4.

So perhaps you will want:

ip nat interior source static tcp 10.10.10.X 10.221.18.one hundred thirty 80 extendable

For the other hosts from inner you need something like:

ip nat inside supply listing 7 interface Fa4 overload

Also, there is no need for rip so long as you are doing NAT.

Further info can be located at http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

I wish it helps,

Thank you but it did not paintings my default-gateway is 10.221.18.129 and the choices subnet mask is 255.255.255.128 and try to assign 10.221.18.130 and it overlap with the my dhcp fa4. I try one-of-a-kind one it failed to : 10.10.20.1 and 192.168.1.1 underneath is my latest configuration

! model 12.4 no service pad provider timestamps debug datetime msec carrier timestamps log datetime msec carrier password-encryption ! hostname Yajay ! boot-start-marker boot-quit-marker ! ! no aaa new-version ! resource policy ! ! ! ip cef ip area call yajay.cn ip call-server four.2.2.2 ! ! crypto pki trustpoint TP-self-signed-193179119 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-193179119 revocation-take a look at none rsakeypair TP-self-signed-193179119 ! ! crypto pki certificates chain TP-self-signed-193179119 certificates self-signed 01 30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393331 37393131 39301E17 0D303230 33303230 32323435 325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3139 33313739 31313930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 E3EDF691 50BFC04A 937C1272 2727CD20 9C92E5C9 A5E31530 C19178B4 0453AF6F 68A96DA9 FFE2CFD1 19773816 59542490 5D50DD76 6AFC7E8E A9683050 59D6BB0E 30AA2862 3B675FE9 2EB5542A 10A67424 9F9F094D 5E9BBC06 0CB8ED01 DA531BEA B30CAF2C 24881F4B 5A5077AF 2DD5D201 4E0054A3 61A1DC76 0208B1E1 661CBA23 02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D 11041230 10820E59 616A6179 2E79616A 61792E63 6E301F06 03551D23 04183016 8014048F 44FAD42A 910CD00D A0F82C7B F986834F 3893301D 0603551D 0E041604 14048F44 FAD42A91 0CD00DA0 F82C7BF9 86834F38 93300D06 092A8648 86F70D01 01040500 03818100 B44F2824 B4D090A8 B4CC00F4 E1325B53 5D4A1069 EA544E62 183C2C0E 94151AF9 B6464C9E 63E33A3A 89056A9D 6EC55931 E5DAC235 FBD29C51 32BB0C3B 87073588 55383549 880F49C8 E897FA01 9315B274 A1CEE4E4 8D14E247 C32656D5 81AF622B 378E1888 22B553CA 1B4FE393 B173D62B 0BF2D1D3 3FC5E340 1185CC42 9F1EC1B5 give up username Joe privilege 15 password 7 0822455D0A16 ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip cope with dhcp ip nat outdoor ip digital-reassembly duplex auto speed car ! interface Dot11Radio0 no ip cope with shutdown velocity fundamental-1.zero basic-2.zero simple-five.5 6.zero nine.zero simple-11.zero 12.zero 18.zero 24.0 36.0 forty eight.0 fifty four.zero station-position root ! interface Vlan1 ip deal with dhcp ip nat internal ip digital-reassembly ! ip default-gateway 10.221.18.129 ! ip http server ip http authentication nearby ip http stable-server ip nat interior supply listing 1 interface FastEthernet4 overload ! get entry to-listing 1 permit any get right of entry to-listing 1 observation ! manage-aircraft ! ! line con zero no modem allow line aux zero line vty zero 4 login neighborhood ! scheduler max-undertaking-time 5000 give up Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)#do ping yahaoo.com Translating “yahaoo.com”…area server (sixty one.153.177.two hundred) [OK] Type get away sequence to abort. Sending 5, a hundred-byte ICMP Echos to 206.one hundred ninety.60.37, timeout is two seconds: !!!!! Success fee is a hundred percentage (five/five), round-trip min/avg/max = 256/258/260 ms Yajay(config)# *Mar 2 03:18:27.139: %LINEPROTO-five-UPDOWN: Line protocol on Interface FastEthern et0, changed nation to down *Mar 2 03:18:27.139: %LINEPROTO-five-UPDOWN: Line protocol on Interface Vlan1, cha nged nation to down *Mar 2 03:18:28.143: %LINK-three-UPDOWN: Interface FastEthernet0, modified country to down *Mar 2 03:18:31.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et4, changed nation to down Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)#config t ^ % Invalid enter detected at ‘^’ marker. Yajay(config)#en Yajay(config)#do display run Building configuration… Current configuration : 2769 bytes ! version 12.four no provider pad service timestamps debug datetime msec service timestamps log datetime msec provider password-encryption ! hostname Yajay ! boot-start-marker boot-quit-marker ! ! no aaa new-model ! aid coverage ! ! ! ip cef ip domain name yajay.cn Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)# Yajay(config)#do show startup-config Using 1398 out of 131072 bytes ! version 12.four no service pad carrier timestamps debug datetime msec carrier timestamps log datetime msec carrier password-encryption ! hostname Yajay ! boot-start-marker boot-end-marker ! ! no aaa new-version ! useful resource policy ! ! ! ip cef ip area call yajay.cn ip call-server four.2.2.2 ! ! crypto pki trustpoint TP-self-signed-193179119 enrollment selfsigned problem-name cn=IOS-Self-Signed-Certificate-193179119 revocation-test none rsakeypair TP-self-signed-193179119 ! ! crypto pki certificates chain TP-self-signed-193179119 certificates self-signed 01 nvram:IOS-Self-Sig#3902.cer username Joe privilege 15 password 7 0822455D0A16 ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip address dhcp ip nat outside ip virtual-reassembly duplex vehicle pace vehicle ! interface Dot11Radio0 no ip address shutdown velocity basic-1.zero simple-2.zero primary-5.five 6.zero 9.0 basic-11.zero 12.zero 18.0 24.zero 36.zero forty eight.0 54.zero station-function root ! interface Vlan1 ip deal with dhcp ip nat internal ip digital-reassembly ! ip default-gateway 10.221.18.129 ! ip http server ip http authentication local ip http stable-server ip nat inner supply listing 1 interface FastEthernet4 overload ! access-listing 1 allow any ! manipulate-plane ! ! line con 0 no modem allow line aux 0 line vty zero four login neighborhood ! scheduler max-undertaking-time 5000 quit

In your brand new config, you don’t have any IP deal with assigned to Vlan1. You want to assign it an cope with (just like the 10.10.10.1 you had before) otherwise the router might not exist in your internal network.

Do you have a DHCP server somewhere on your internal network?

Is your outside interface (Fa4) choosing up an cope with from DHCP?

Thank you another time I did assigned 10.10.10.1 and it failed to work. Yeah I were given internal DHCP server is 10.221.18.129 and the DNS server is also 61.153.177.2 hundred; sixty one.15.177.202. That’s in which my Fa4 were given it cope with from. I have been strive the choices complete night is not operating. That’s the choices cause why I did assign Vlan1 to the choices DHCP but it now not yield fruitful result. My DHCP is a Campus server

Anything linked to Fa4 is ‘outside’ or ‘outdoor’. Anything related to Fa0 to Fa3 is ‘internal’ or ‘internal’. Your 851W won’t allow DHCP information into your inner community from the Campus. If you need to get it setup proper, you may want to setup a DHCP pool for the inner network (on 10.10.10.x) on your 851W and assign it to Vlan1. That’ll get the choices devices on your inner network speaking to your router. Can the gadgets (ie your laptop) ping your router at the moment?

Pls. see the choices template at http://www.techrepublic.com/article/configuring-the -cisco-851w-or-871w-standard-ios/6112367 that has true instructions for use and automate the choices creation of a brand new configuration. You best want to have (or create) a unfastened Techrepublic account for this.

Thank you I had able to configure my 851w Cisco router simply this is bit slow, but, I gonna try to do a little troubleshooting. Please thanks plenty for time and energy spent on me. The trouble become the DHCP Pool configuration. Thank you over again

You need to learn that so long as you get a short answer for a trouble possibly you recognize thoroughly the matter or nothing was teach to you. Experience and know-how need time and difficult running.

That become a very excellent Quote and I gonna remember this all of the time. Thank you ‘purpose I’m absolutely new in this enterprise. Preparing for my CCNA checks. Thanks for the citation

To continue this discussion, please ask a new question.