2 Replies Latest reply on Apr 7, 2014 9:52 AM by levi

    3448 https connection no longer working - ssh is working

    dlazure New Member

      Hi

       

      since a couple of days I can`t connect to my router via HTTPS. The admin access is programmed in the firewall and i have HTTPS and SSH checked.

      i can connect via SSH without issue.

       

      here is the CFG file

       

      !

      !

      ! ADTRAN, Inc. OS version R10.9.1.E

      ! Boot ROM version 13.03.00.SB

      ! Platform: NetVanta 3448, part number 1200821E1

      ! Serial number LBADTN1113AG368

      !

      !

      hostname "AQTR_QC"

      no enable password

      !

      clock timezone -5-Eastern-Time

      !

      ip subnet-zero

      ip classless

      ip default-gateway XX.XX.XX.XX

      ip routing

      ipv6 unicast-routing

      !

      !

      domain-name "aqtr.qc.ca"

      domain-proxy

      name-server 4.2.2.1 8.8.8.8

      !

      !

      auto-config

      !

      event-history on

      no logging forwarding

      no logging email

      !

      no service password-encryption

      !

      username "Adm1n" password "Pa55w0rd"

      !

      !

      ip firewall

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      no ip firewall alg sip

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      !

      !

      !

      ip dhcp excluded-address 192.168.30.10 192.168.30.11

      !

      ip dhcp pool "Management"

        network 192.168.30.0 255.255.255.0

        domain-name "aqtr.qc.ca"

        dns-server 4.2.2.1 8.8.8.8

        default-router 192.168.30.1

      !

      !

      !

      !

      !

      !

      !

      ip crypto

      !

      crypto ike policy 100

        initiate main

        respond anymode

        local-id address XX.XX.XX.XX

        peer XX.XX.XX.XX

        attribute 1

          encryption 3des

          hash md5

          authentication pre-share

      !

      crypto ike remote-id address XX.XX.XX.XX preshared-key AQTR5236444 ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

      !

      !

      ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac

        mode tunnel

      !

      ip crypto map VPN 10 ipsec-ike

        description VPN TO MTL

        match address ip VPN-10-vpn-selectors

        set peer 207.253.176.42

        set transform-set esp-3des-esp-md5-hmac

        ike-policy 100

      !

      !

      !

      !

      vlan 1

        name "Default"

      !

      !

      !

      no ethernet cfm

      !

      interface eth 0/1

        description Connection acces internet

        ip address  XX.XX.XX.XX  255.255.255.248

        ip access-policy Public

        ip crypto map VPN

        media-gateway ip primary

        no shutdown

      !

      !

      interface eth 0/2

        ip address dhcp

        shutdown

      !

      !

      !

      interface switchport 0/1

        no shutdown

      !

      interface switchport 0/2

        no shutdown

      !

      interface switchport 0/3

        no shutdown

      !

      interface switchport 0/4

        no shutdown

      !

      interface switchport 0/5

        no shutdown

      !

      interface switchport 0/6

        no shutdown

      !

      interface switchport 0/7

        no shutdown

      !

      interface switchport 0/8

        no shutdown

      !

      !

      !

      interface vlan 1

        description Connection systeme Tel

        ip address  192.168.30.1  255.255.255.0

        ip access-policy Private

        media-gateway ip primary

        no shutdown

      !

      !

      interface t1 1/1

        shutdown

      !

      !

      !

      !

      !

      !

      !

      ip access-list extended VPN-10-vpn-selectors

        permit ip 192.168.30.0 0.0.0.255  192.168.25.0 0.0.0.255   

      !

      ip access-list extended web-acl-2

        remark NEC SV8100

        permit tcp any eq 8000 any eq 8000   log

      !

      ip access-list extended web-acl-3

        remark admin access

        permit tcp any  any eq https   log

        permit tcp any  any eq ssh   log

      !

      ip access-list extended web-acl-5

        remark traffic to unit

        permit ip any  any     log

      !

      ip access-list extended web-acl-6

        remark NAT

        permit ip any  any     log

      !

      ip access-list extended web-acl-7

        remark Pcpro Debug

        permit tcp any eq 5963 any eq 5963   log

      !

      !

      !

      !

      ip policy-class Private

        allow list VPN-10-vpn-selectors

        allow list web-acl-5 self

        nat source list web-acl-6 interface eth 0/1 overload

      !

      ip policy-class Public

        allow reverse list VPN-10-vpn-selectors stateless

        allow list web-acl-3 self

        nat destination list web-acl-2 address 192.168.30.10

        nat destination list web-acl-7 address 192.168.30.10

      !

      !

      !

      no tftp server

      no tftp server overwrite

      http server

      no http secure-server

      no snmp agent

      no ip ftp server

      ip ftp server default-filesystem flash

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      !

      !

      sip udp 5060

      sip tcp 5060

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      line con 0

        no login

      !

      line telnet 0 4

        login

        no shutdown

      line ssh 0 4

        login local-userlist

        no shutdown

      !

      !

      !

      !

      !

      !

      !

      end