Вообщем суть проблемы такая...
rfw недобовляет правила в динамические acl на циске. Хотя если скомандовать rsh -l root 172.16.1.3 access-template 110 vpn host 172.17.2.2 any то правила пропишутся. версия биллинга 5.2.1 -003
циска 2611XM
Вот логи rfw
rfw_mail.log
Info : Dec 12 16:13:23 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Dec 12 16:13:23 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Dec 12 16:13:23 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
Info : Dec 12 16:13:23 StreamConnection: Connection successfully authorized, user id <-1>
Info : Dec 12 16:15:30 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Dec 12 16:15:30 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Dec 12 16:15:30 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
Info : Dec 12 16:15:30 StreamConnection: Connection successfully authorized, user id <-1>
Info : Dec 12 16:22:10 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Dec 12 16:22:10 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:22:10 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:22:10 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
Info : Dec 12 16:22:10 StreamConnection: Connection successfully authorized, user id <-1>
Info : Dec 12 16:26:48 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Dec 12 16:26:48 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:26:48 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:26:48 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
Info : Dec 12 16:26:48 StreamConnection: Connection successfully authorized, user id <-1>
Info : Dec 12 16:33:25 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Dec 12 16:33:25 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:33:25 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:33:25 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
Info : Dec 12 16:33:25 StreamConnection: Connection successfully authorized, user id <-1>
Info : Dec 12 16:50:19 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Dec 12 16:50:19 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:50:19 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:50:19 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
Info : Dec 12 16:50:19 StreamConnection: Connection successfully authorized, user id <-1>]
rfw_debug.log
Info : Dec 12 16:13:23 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Dec 12 16:13:23 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Dec 12 16:13:23 StreamConnection: Connection using SSLv3
?Debug : Dec 12 16:13:23 StreamConnection: System message recived
?Debug : Dec 12 16:13:23 StreamConnection: Challenge response sent
?Debug : Dec 12 16:13:23 StreamConnection: System message recived
Info : Dec 12 16:13:23 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Dec 12 16:13:23 StreamFirewall: Sending name: cisco
Info : Dec 12 16:15:30 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Dec 12 16:15:30 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Dec 12 16:15:30 StreamConnection: Connection using SSLv3
?Debug : Dec 12 16:15:30 StreamConnection: System message recived
?Debug : Dec 12 16:15:30 StreamConnection: Challenge response sent
?Debug : Dec 12 16:15:30 StreamConnection: System message recived
Info : Dec 12 16:15:30 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Dec 12 16:15:30 StreamFirewall: Sending name: cisco
Info : Dec 12 16:22:10 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:22:10 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:22:10 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Dec 12 16:22:10 StreamConnection: Connection using TCP socket
?Debug : Dec 12 16:22:10 StreamConnection: System message recived
?Debug : Dec 12 16:22:10 StreamConnection: Challenge response sent
?Debug : Dec 12 16:22:10 StreamConnection: System message recived
Info : Dec 12 16:22:10 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Dec 12 16:22:10 StreamFirewall: Sending name: cisco
Info : Dec 12 16:26:48 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:26:48 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:26:48 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Dec 12 16:26:48 StreamConnection: Connection using TCP socket
?Debug : Dec 12 16:26:48 StreamConnection: System message recived
?Debug : Dec 12 16:26:48 StreamConnection: Challenge response sent
?Debug : Dec 12 16:26:48 StreamConnection: System message recived
Info : Dec 12 16:26:48 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Dec 12 16:26:48 StreamFirewall: Sending name: cisco
Info : Dec 12 16:33:25 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:33:25 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:33:25 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Dec 12 16:33:25 StreamConnection: Connection using TCP socket
?Debug : Dec 12 16:33:25 StreamConnection: System message recived
?Debug : Dec 12 16:33:25 StreamConnection: Challenge response sent
?Debug : Dec 12 16:33:25 StreamConnection: System message recived
Info : Dec 12 16:33:25 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Dec 12 16:33:25 StreamFirewall: Sending name: cisco
Info : Dec 12 16:50:19 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Notice: Dec 12 16:50:19 RFW Config: SSL is disabled. All data is transmitted to/from utm5_core unencrypted!
Info : Dec 12 16:50:19 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Dec 12 16:50:19 StreamConnection: Connection using TCP socket
?Debug : Dec 12 16:50:19 StreamConnection: System message recived
?Debug : Dec 12 16:50:19 StreamConnection: Challenge response sent
?Debug : Dec 12 16:50:19 StreamConnection: System message recived
Info : Dec 12 16:50:19 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Dec 12 16:50:19 StreamFirewall: Sending name: cisco
rfw неставит правила в динамических acl на циске
-
Илегтронный Сотона
- Сообщения: 14
- Зарегистрирован: Пн авг 28, 2006 14:31
- Откуда: Сыктывкар
Скрипты отрабатывают нормально. А вот:
Почему-то не работает..
До этого момента все работало.
Код: Выделить всё
access-template 155 test1 host UIP anyДо этого момента все работало.
-
Chrst
- Сообщения: 370
- Зарегистрирован: Пт май 11, 2007 09:28
- Откуда: Медиахолдинг "ЛеККС"
- Контактная информация:
debug ip tcp rcmd ?Munsera писал(а):Скрипты отрабатывают нормально. А вот:Почему-то не работает..Код: Выделить всё
access-template 155 test1 host UIP any
До этого момента все работало.
firewall ?
Код: Выделить всё
nizh#terminal monitor
nizh#debug ip tcp rcmd
RCMD transactions debugging is on
May 26 10:00:36.857 MSD: %SYS-5-CONFIG_I: Configured from console by alexsiy on vty1 (195.189.137.3)
May 26 10:00:38.957 MSD: %SYS-5-CONFIG_I: Configured from console by alexsiy on vty2 (195.189.137.3)Но правила не добавляются.
Код: Выделить всё
nizh#sh ip access-lists 155Фраервол отключен..
Код: Выделить всё
no ip rcmd domain-lookup
ip rcmd rcp-enable
ip rcmd rsh-enable
ip rcmd remote-host netup IP netup enable
ip rcmd remote-host netup IP root enableКод: Выделить всё
[root@localhost ~]# sudo -u netup rsh -l netup
sudo: unknown user: netup