[cisco-nas] AS5350

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Jun 23 04:37:48 EDT 2004 

Hi Khalid,

well, this is a broad question without an easy answer not knowing your
specific network environment and service requirements. I'd at least
apply some common device security (applying acl to the vty to restrict
telnet access to the box, disabling tcp/udp small servers, check against
any security advisories which might apply to the release you're using,
etc.).

	oli

kh MOh <mailto:eng_khalidsd at yahoo.com> wrote on Tuesday, June 22, 2004
9:24 AM:

> Thank you Oli,
> it works fine. I wonder if you can advice me about any
> security issue I had to be concerned about or any
> other suggestions.
> 
> Thanks in advance
> Khalid M.
> 
> 
> --- "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> wrote:
>> Hi,
>> 
>> you're missing IP config on your group-async1, so
>> PPP will refuse to
>> start IPCP on your async connections. so please add
>> 
>> int loopback0
>>  ip address ...
>> 
>> int group-async1
>>  ip unnumbered loopback0
>> 
>> There is also a typo at "aaa authentication ppp"..
>> it should say
>> "default", not "defult", "if-needed" might not be
>> necessary here. I'd
>> add "aaa authorization network default local" as
>> well, but this is not
>> strictly needed..
>> 
>> 	oli
>> 
>> kh MOh <> wrote on Monday, June 21, 2004 8:56 AM:
>> 
>>> hi, I have a little problem I have an AS5350 for ISP,
>>> the problem is after I configure every thing and try
>>> to login through a modem an error message appear
>>> stating error 770 TCP error here is the Router config
>>> 
>>> ********************************************
>>> 
>>> 
>>> 
>>> 
>>> Current configuration : 2741 bytes
>>> !
>>> version 12.1
>>> no service single-slot-reload-enable
>>> service timestamps debug datetime msec
>>> service timestamps log datetime msec
>>> service password-encryption
>>> !
>>> hostname Router
>>> !
>>> no boot startup-test
>>> logging rate-limit console 10 except errors
>>> aaa new-model
>>> aaa authentication login default local
>>> aaa authentication login defult local
>>> aaa authentication ppp defult if-needed local
>>> enable secret 5 *.*.*.*
>>> !
>>> username admin password 7 020F105508
>>> username itnc password 7 09455A071A
>>> username alfanet password 7 01120A025A05031B
>>> !
>>> 
>>> resource-pool disable
>>> calltracker enable
>>> calltracker call-record terse
>>> !
>>> !
>>> !
>>> !
>>> voice-fastpath enable
>>> ip subnet-zero
>>> no ip finger
>>> no ip domain-lookup
>>> ip name-server *.*.*.*
>>> ip name-server *.*.*.*
>>> !
>>> async-bootp dns-server *.*.*.* *.*.*.*
>>> isdn switch-type primary-net5
>>> call rsvp-sync
>>> !
>>> !
>>> !
>>> !
>>> 
>>> fax interface-type modem
>>> mta receive maximum-recipients 0
>>> !
>>> !
>>> !
>>> controller E1 3/0
>>>  pri-group timeslots 1-31
>>> !
>>> controller E1 3/1
>>>  pri-group timeslots 1-31
>>> !
>>> !
>>> interface FastEthernet0/0
>>>  ip address *.*.*.* *.*.*.*
>>>  duplex auto
>>>  speed auto
>>>  no cdp enable
>>> !
>>> interface FastEthernet0/1
>>>  ip address *.*.*.* *.*.*.*
>>>  duplex full
>>>  speed 100
>>>  --More--          no cdp enable
>>> !
>>> interface Serial0/0
>>>  no ip address
>>>  encapsulation frame-relay
>>>  shutdown
>>>  clockrate 2000000
>>>  frame-relay interface-dlci 16
>>> !
>>> interface Serial0/1
>>>  no ip address
>>>  encapsulation frame-relay
>>> !
>>> interface Serial0/1.1 point-to-point
>>>  ip address *.*.*.*  *.*.*.*
>>>  no cdp enable
>>>  frame-relay interface-dlci 16
>>> !
>>> interface Serial3/0:15
>>>  no ip address
>>>  encapsulation ppp
>>>  isdn switch-type primary-net5
>>>  isdn incoming-voice modem
>>>   no cdp enable
>>> !
>>> interface Serial3/1:15
>>>  no ip address
>>>  encapsulation ppp
>>>  isdn switch-type primary-net5
>>>  isdn incoming-voice modem
>>>  no cdp enable
>>> !
>>> interface Group-Async0
>>>  no ip address
>>>  encapsulation ppp
>>>  async mode interactive
>>>  peer default ip address pool addr-pool
>>>  ppp authentication chap pap
>>>  no group-range
>>> !
>>> interface Group-Async1
>>>  no ip address
>>>  encapsulation ppp
>>>  no logging event link-status
>>>  async mode interactive
>>>  no snmp trap link-status
>>>  peer default ip address pool addr-pool
>>>  ppp authentication chap pap
>>>  group-range 1/00 1/59
>>> !
>>> ip local pool addr-pool *.*.*.* *.*.*.*
>>> ip classless
>>> no ip http server
>>> !
>>> no cdp run
>>> !
>>> !
>>> voice-port 3/0:D
>>> !
>>> voice-port 3/1:D
>>> !
>>> dial-peer voice 1 pots
>>> !
>>> !
>>> line con 0
>>>  transport input none
>>> line aux 0
>>>  autoselect during-login
>>>  autoselect ppp
>>>  line vty 0 4
>>>  autoselect during-login
>>>  autoselect ppp
>>> line vty 5 58
>>>  autoselect during-login
>>>  autoselect ppp
>>> line 1/00 1/59
>>>  no flush-at-activation
>>>  autoselect during-login
>>>  autoselect ppp
>>>  modem InOut
>>> !
>>> scheduler allocate 10000 400
>>> end
>>> 
>>> ***************************************
>>> 
>>> here is the ppp authentication debug output
>>> 
>>> *Jan  1 01:26:44.615: %ISDN-6-CONNECT: Interface
>>> Serial3/1:7 is now connected to 0183782702
>>> *Jan  1 01:27:10.363: AAA: parse name=tty1/36 idb
>>> type=10 tty=252
>>> *Jan  1 01:27:10.363: AAA: name=tty1/36 flags=0x11
>>> type=4 shelf=0 slot=0 adapter=0 port=252 channel=0
>>> *Jan  1 01:27:10.363: AAA: parse name=Serial3/1:7 idb
>>> type=13 tty=-1
>> 
> === message truncated ===
> 
> 
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail

More information about the cisco-nas mailing list