Re: credentinals issue in cisco router. please advice all the cisco masters in the list!

["Burian, Matthew J. (mjb)" <mjb () burianit com>]

I'm thinking you'll want to add the configuration statement "login
local" to your telnet interface (line vty 0 4).  This will enable
telnet authentication against the local user database on the router.
Then you can create as many user names and passwords as you want,
locally on the router, for administration use.

Matt


On Sun, Mar 21, 2010 at 1:00 PM,  <mzcohen2682 () aim com> wrote:
> hi,
>
> I am posting here the configuration of the router. I have a strange problem.
> after configuring vpn so the users of the company can connect throw vpn
> client to site to the company. suddenly when I want to connect to the router
> it self throw telnet in order to change router config etc the router prompt
> me to supply username and password so I need to supply the same
> username/password for the vpn users ! I want to have a different
> user/password to connect to the router! what went wrong in the router
> configuration?
>
> thanks a lot !
>
> Marco
>
>
> MARIO>enable
> Password:
> MARIO#sh run
> Building configuration...
>
> Current configuration : 4851 bytes
> !
> version 12.3
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> service password-encryption
> no service dhcp
> !
> hostname mario
> !
> boot-start-marker
> boot-end-marker
> !
> logging buffered 4096 debugging
> enable secret 5 $1$3XXXXXkRQonH.zmpZ3XXX1G0
> enable password 7 0111XXXXXXXX800
> !
> username martin password 7 0XXXXXXXXXX00
> aaa new-model
> !
> !
> aaa authentication login default local
> aaa authentication ppp default local
> aaa authorization network default none
> aaa session-id common
> ip subnet-zero
> ip cef
> no ip dhcp conflict logging
> ip dhcp excluded-address 192.168.8.1 192.168.8.100
> !
> ip dhcp pool pool1
> network 192.168.8.0 255.255.255.0
> default-router 192.168.8.2
> dns-server 20.XXXXXX 192.XXXXX 20.XXXXXX
> !
> !
> ip dhcp-server 192.168.8.2
> vpdn enable
> !
> vpdn-group 1
> ! Default PPTP VPDN group
> accept-dialin
> protocol pptp
> virtual-template 1
> !
> no ftp-server write-enable
> !
> !
> !
> !
> !
> !
> !
> interface Tunnel8
> description Tunel Central
> ip unnumbered FastEthernet4
> ip route-cache flow
> no ip mroute-cache
> tunnel source FastEthernet4
> tunnel destination 19XXXXXXX
> !
> interface Tunnel351
> description Tunel sucursal
> ip unnumbered FastEthernet4
> ip route-cache flow
> no ip mroute-cache
> tunnel source FastEthernet4
> tunnel destination 20.XXXXXXXXXX
> !
> interface FastEthernet0
> no ip address
> !
> interface FastEthernet1
> no ip address
> !
> interface FastEthernet2
> no ip address
> !
> interface FastEthernet3
> no ip address
> !
> interface FastEthernet4
> ip address 22.XXXXXXXX 255.255.255.252
> ip access-group 110 in
> no ip unreachables
> no ip proxy-arp
> ip nat outside
> ip virtual-reassembly
> duplex auto
> speed auto
> !
> interface Virtual-Template1
> ip unnumbered FastEthernet4
> peer default ip address pool gruPTP
> no keepalive
> ppp authentication ms-chap ms-chap-v2
> !
> interface Vlan1
> ip address 192.XXXXX 255.255.255.0
> ip access-group 111 in
> ip nat inside
> ip virtual-reassembly
> ip route-cache flow
> !
> ip local pool grupoIPclientePPTP 192.168.XXXXX 192.168.XXXXXX
> ip default-gateway 20XXXXXX
> ip classless
> ip route 0.0.0.0 0.0.0.0 204.60.72.194
> ip route 192.168.0.0 255.255.0.0 Tunnel8
> ip route 192.168.1.0 255.255.255.0 Tunnel8
> ip route 192.168.5.0 255.255.255.0 Tunnel8
> ip route 192.168.8.0 255.255.255.0 Vlan1
> ip route 192.168.81.0 255.255.255.0 Tunnel351
> !
> no ip http server
> no ip http secure-server
> ip nat pool traduccion 204XXXXXXXXX 20XXXXXXXX  netmask 255.255.255.252
> ip nat inside source list 100 pool traduccion overload
> ip nat inside source static tcp 192.168.8.7 25 20XXXXXXXXX 25 extendable
> ip nat inside source static tcp 192.168.8.7 80 20.XXXXXXXX 80 extendable
> ip nat inside source static tcp 192.168.8.7 110 20.XXXXXXXXX 110 extendable
> ip nat inside source static tcp 192.168.8.7 143 20.XXXXXXX 143 extendable
> ip nat inside source static tcp 192.168.8.7 5900 20.XXXXXXXXXXXXX 6007
> extendable
> !
> access-list 100 permit ip 192.168.8.0 0.0.0.255 any
> access-list 110 permit ip 192.168.0.0 0.0.255.255 any
> access-list 110 permit ip 19XXXXXXXX 0.0.31.255 any
> a
> access-list 110 permit gre host 20.xxxxxxxx host 20.xxxxxxxxxxx
> access-list 111 permit ip any any
> !
> control-plane
> !
> !
> line con 0
> no modem enable
> transport preferred all
> transport output all
> line aux 0
> transport preferred all
> transport output all
> line vty 0 4
> password 7 105C060C111200535B55
> transport preferred all
> transport input all
> transport output all
> !
> scheduler max-task-time 5000
> end
>
> mARIO#
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------