forum.opennet.ru

Составление сообщения

Исходное сообщение

"Настроить wic-1shdsl help!!!"
Отправлено Алексей Кузнецов, 05-Апр-07 10:21

>>Нет.
>
>Вот конфиг с рабочего роутера, подправь под свои данные, попробуй.
>
>!version 12.4
>no service pad
>service timestamps debug datetime msec
>service timestamps log datetime msec
>no service password-encryption
>!
>hostname ADSL_Encap
>!
>boot-start-marker
>boot-end-marker
>!
>logging buffered 52000 debugging
>!
>no aaa new-model
>!
>resource policy
>!
>!
>!
>ip cef
>!
>!
>crypto pki trustpoint TP-self-signed-2365164210
> enrollment selfsigned
> subject-name cn=IOS-Self-Signed-Certificate-2365164210
> revocation-check none
> rsakeypair TP-self-signed-2365164210
>!
>!
>crypto pki certificate chain TP-self-signed-2365164210
> certificate self-signed 01
>  3082025C 308201C5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
>  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
>  69666963 6174652D 32333635 31363432 3130301E 170D3032 30333031 30333031
>  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
>  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33363531
>  36343231 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
>  8100C51C 1AB7D18C 18BE977C 9B79F568 1D677451 8F59CD52 C6AFE6DA 3DA23A62
>  31D7F139 607F73F9 0CBF0FEF 8229B446 2613EFDD B7FE5613 9D42EB84 8E14992F
>  63C00016 A925E177 39F2FBE6 B7412865 34633CBC 8585F8EB 4E374F34 A1E3D563
>  48C8D744 D5FF58C5 C78BD0C7 7CB18474 CE5BC3CA 80563517 97846F01 51C6FD27
>  5F090203 010001A3 81833081 80300F06 03551D13 0101FF04 05300301 01FF302D
>  0603551D 11042630 24822241 44534C5F 56504E5F 50736B6F 765F4661 62726963
>  69757361 2E535042 4D415855 53301F06 03551D23 04183016 801481A0 9A850D05
>  69E7C3C3 47F68C67 64269C5A 9681301D 0603551D 0E041604 1481A09A 850D0569
>  E7C3C347 F68C6764 269C5A96 81300D06 092A8648 86F70D01 01040500 03818100
>  B586B036 E8488C10 3652D5A5 E7FDA970 9057C4B1 6B2CDF32 23FBA4AA 78992AE9
>  B301F59A 239B8F34 E0B52D30 21D392E6 6A28DBC5 D428AC09 D31AD3A2 D1BF7885
>  BEA3E0E1 8D0D15BD D776ED61 861E995A 5E506CBA E7DF5570 5B7C2B4D D77D00D1
>  9BFBF00A 68A31A67 7AD11591 182DAEEA 37A81C9E 000A6BAA 7292A3C3 E5B74921
>  quit
>!
>!
>crypto isakmp policy 1
> encr 3des
> hash md5
> authentication pre-share
> group 2
>crypto isakmp key hfdybyysqukfveh address x.x.x.x 255.255.255.248 no-xauth
>!
>!
>crypto ipsec transform-set adsl_to_office esp-3des esp-md5-hmac
>!
>crypto map policy_adsl 1 ipsec-isakmp
> description crypto_map
> set peer x.x.x.x
> set security-association lifetime seconds 57600
> set transform-set adsl_to_office
> set pfs group2
> match address 100
>!
>!
>!
>interface ATM0
> no ip address
> no atm ilmi-keepalive
> dsl operating-mode auto
>!
>interface ATM0.1 point-to-point
> description $FW_OUTSIDE$
> ip address y.y.y.y 255.255.255.252
> ip access-group 102 in
> ip verify unicast reverse-path
> no snmp trap link-status
> atm route-bridged ip
> pvc 0/100
>  encapsulation aal5snap
> !
> crypto map policy_adsl
>!
>interface FastEthernet0
>!
>interface FastEthernet1
>!
>interface FastEthernet2
>!
>interface FastEthernet3
>!
>interface Vlan1
> description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
> ip address 192.168.3.241 255.255.255.248
> ip access-group 101 in
> ip route-cache flow
> ip tcp adjust-mss 1300
>!
>ip route 0.0.0.0 0.0.0.0 y.y.y.y-1 permanent
>ip flow-top-talkers
> top 50
> sort-by bytes
> cache-timeout 2
>!
>ip http server
>ip http authentication local
>ip http secure-server
>ip http timeout-policy idle 5 life 86400 requests 10000
>!
>access-list 100 remark SDM_ACL Category=4
>access-list 100 permit ip 192.168.3.240 0.0.0.7 192.168.0.0 0.0.255.255
>access-list 100 permit ip 192.168.3.240 0.0.0.7 host 195.239.148.186
>access-list 100 deny   ip any any
>access-list 101 remark auto generated by SDM firewall configuration
>access-list 101 remark SDM_ACL Category=1
>access-list 101 deny   ip y.y.y.y 0.0.0.3 any
>access-list 101 deny   ip host 255.255.255.255 any
>access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
>access-list 101 permit ip any any
>access-list 102 remark auto generated by SDM firewall configuration
>access-list 102 remark SDM_ACL Category=1
>access-list 102 permit ip host y.y.y.y 192.168.3.240 0.0.0.7
>access-list 102 permit ip host z.z.z.z 192.168.3.240 0.0.0.7
>access-list 102 permit ip 192.168.0.0 0.0.255.255 192.168.3.240 0.0.0.7
>access-list 102 permit udp host x.x.x.x host y.y.y.y eq non500-isakmp
>access-list 102 permit udp host x.x.x.x host y.y.y.y eq isakmp
>access-list 102 permit esp host x.x.x.x host y.y.y.y
>access-list 102 permit ahp host x.x.x.x host y.y.y.y
>access-list 102 deny   ip 192.168.3.240 0.0.0.7 any
>access-list 102 permit icmp any host y.y.y.y echo
>access-list 102 permit icmp any host y.y.y.y echo-reply
>access-list 102 permit icmp any host y.y.y.y time-exceeded
>access-list 102 permit icmp any host y.y.y.y unreachable
>access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
>access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
>access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
>access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
>access-list 102 deny   ip host 255.255.255.255 any
>access-list 102 deny   ip host 0.0.0.0 any
>access-list 102 deny   ip any any log
>no cdp run
>!
>control-plane
>!
>!
>line con 0
> login local
> no modem enable
>line aux 0
>line vty 0 4
> privilege level 15
> login local
> transport input telnet ssh
>!
>scheduler max-task-time 5000
>end
Попробовал вроде провайдера увидел буду настраивать дальше. Огромное спасибо за помощь.

Исходное сообщение
"Настроить wic-1shdsl help!!!" Отправлено Алексей Кузнецов, 05-Апр-07 10:21
>>Нет. > >Вот конфиг с рабочего роутера, подправь под свои данные, попробуй. > >!version 12.4 >no service pad >service timestamps debug datetime msec >service timestamps log datetime msec >no service password-encryption >! >hostname ADSL_Encap >! >boot-start-marker >boot-end-marker >! >logging buffered 52000 debugging >! >no aaa new-model >! >resource policy >! >! >! >ip cef >! >! >crypto pki trustpoint TP-self-signed-2365164210 > enrollment selfsigned > subject-name cn=IOS-Self-Signed-Certificate-2365164210 > revocation-check none > rsakeypair TP-self-signed-2365164210 >! >! >crypto pki certificate chain TP-self-signed-2365164210 > certificate self-signed 01 > 3082025C 308201C5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 > 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 > 69666963 6174652D 32333635 31363432 3130301E 170D3032 30333031 30333031 > 34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 > 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33363531 > 36343231 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 > 8100C51C 1AB7D18C 18BE977C 9B79F568 1D677451 8F59CD52 C6AFE6DA 3DA23A62 > 31D7F139 607F73F9 0CBF0FEF 8229B446 2613EFDD B7FE5613 9D42EB84 8E14992F > 63C00016 A925E177 39F2FBE6 B7412865 34633CBC 8585F8EB 4E374F34 A1E3D563 > 48C8D744 D5FF58C5 C78BD0C7 7CB18474 CE5BC3CA 80563517 97846F01 51C6FD27 > 5F090203 010001A3 81833081 80300F06 03551D13 0101FF04 05300301 01FF302D > 0603551D 11042630 24822241 44534C5F 56504E5F 50736B6F 765F4661 62726963 > 69757361 2E535042 4D415855 53301F06 03551D23 04183016 801481A0 9A850D05 > 69E7C3C3 47F68C67 64269C5A 9681301D 0603551D 0E041604 1481A09A 850D0569 > E7C3C347 F68C6764 269C5A96 81300D06 092A8648 86F70D01 01040500 03818100 > B586B036 E8488C10 3652D5A5 E7FDA970 9057C4B1 6B2CDF32 23FBA4AA 78992AE9 > B301F59A 239B8F34 E0B52D30 21D392E6 6A28DBC5 D428AC09 D31AD3A2 D1BF7885 > BEA3E0E1 8D0D15BD D776ED61 861E995A 5E506CBA E7DF5570 5B7C2B4D D77D00D1 > 9BFBF00A 68A31A67 7AD11591 182DAEEA 37A81C9E 000A6BAA 7292A3C3 E5B74921 > quit >! >! >crypto isakmp policy 1 > encr 3des > hash md5 > authentication pre-share > group 2 >crypto isakmp key hfdybyysqukfveh address x.x.x.x 255.255.255.248 no-xauth >! >! >crypto ipsec transform-set adsl_to_office esp-3des esp-md5-hmac >! >crypto map policy_adsl 1 ipsec-isakmp > description crypto_map > set peer x.x.x.x > set security-association lifetime seconds 57600 > set transform-set adsl_to_office > set pfs group2 > match address 100 >! >! >! >interface ATM0 > no ip address > no atm ilmi-keepalive > dsl operating-mode auto >! >interface ATM0.1 point-to-point > description $FW_OUTSIDE$ > ip address y.y.y.y 255.255.255.252 > ip access-group 102 in > ip verify unicast reverse-path > no snmp trap link-status > atm route-bridged ip > pvc 0/100 > encapsulation aal5snap > ! > crypto map policy_adsl >! >interface FastEthernet0 >! >interface FastEthernet1 >! >interface FastEthernet2 >! >interface FastEthernet3 >! >interface Vlan1 > description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ > ip address 192.168.3.241 255.255.255.248 > ip access-group 101 in > ip route-cache flow > ip tcp adjust-mss 1300 >! >ip route 0.0.0.0 0.0.0.0 y.y.y.y-1 permanent >ip flow-top-talkers > top 50 > sort-by bytes > cache-timeout 2 >! >ip http server >ip http authentication local >ip http secure-server >ip http timeout-policy idle 5 life 86400 requests 10000 >! >access-list 100 remark SDM_ACL Category=4 >access-list 100 permit ip 192.168.3.240 0.0.0.7 192.168.0.0 0.0.255.255 >access-list 100 permit ip 192.168.3.240 0.0.0.7 host 195.239.148.186 >access-list 100 deny ip any any >access-list 101 remark auto generated by SDM firewall configuration >access-list 101 remark SDM_ACL Category=1 >access-list 101 deny ip y.y.y.y 0.0.0.3 any >access-list 101 deny ip host 255.255.255.255 any >access-list 101 deny ip 127.0.0.0 0.255.255.255 any >access-list 101 permit ip any any >access-list 102 remark auto generated by SDM firewall configuration >access-list 102 remark SDM_ACL Category=1 >access-list 102 permit ip host y.y.y.y 192.168.3.240 0.0.0.7 >access-list 102 permit ip host z.z.z.z 192.168.3.240 0.0.0.7 >access-list 102 permit ip 192.168.0.0 0.0.255.255 192.168.3.240 0.0.0.7 >access-list 102 permit udp host x.x.x.x host y.y.y.y eq non500-isakmp >access-list 102 permit udp host x.x.x.x host y.y.y.y eq isakmp >access-list 102 permit esp host x.x.x.x host y.y.y.y >access-list 102 permit ahp host x.x.x.x host y.y.y.y >access-list 102 deny ip 192.168.3.240 0.0.0.7 any >access-list 102 permit icmp any host y.y.y.y echo >access-list 102 permit icmp any host y.y.y.y echo-reply >access-list 102 permit icmp any host y.y.y.y time-exceeded >access-list 102 permit icmp any host y.y.y.y unreachable >access-list 102 deny ip 10.0.0.0 0.255.255.255 any >access-list 102 deny ip 172.16.0.0 0.15.255.255 any >access-list 102 deny ip 192.168.0.0 0.0.255.255 any >access-list 102 deny ip 127.0.0.0 0.255.255.255 any >access-list 102 deny ip host 255.255.255.255 any >access-list 102 deny ip host 0.0.0.0 any >access-list 102 deny ip any any log >no cdp run >! >control-plane >! >! >line con 0 > login local > no modem enable >line aux 0 >line vty 0 4 > privilege level 15 > login local > transport input telnet ssh >! >scheduler max-task-time 5000 >end Попробовал вроде провайдера увидел буду настраивать дальше. Огромное спасибо за помощь.

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

>>>Нет.
>> 
>>Вот конфиг с рабочего роутера, подправь под свои данные, попробуй.
>> 
>>!version 12.4 
>>no service pad 
>>service timestamps debug datetime msec 
>>service timestamps log datetime msec 
>>no service password-encryption 
>>!
>>hostname ADSL_Encap 
>>!
>>boot-start-marker 
>>boot-end-marker 
>>!
>>logging buffered 52000 debugging 
>>!
>>no aaa new-model 
>>!
>>resource policy 
>>!
>>!
>>!
>>ip cef 
>>!
>>!
>>crypto pki trustpoint TP-self-signed-2365164210 
>> enrollment selfsigned 
>> subject-name cn=IOS-Self-Signed-Certificate-2365164210 
>> revocation-check none 
>> rsakeypair TP-self-signed-2365164210 
>>!
>>!
>>crypto pki certificate chain TP-self-signed-2365164210 
>> certificate self-signed 01 
>>  3082025C 308201C5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
>>  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
>>  69666963 6174652D 32333635 31363432 3130301E 170D3032 30333031 30333031 
>>  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
>>  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33363531 
>>  36343231 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
>>  8100C51C 1AB7D18C 18BE977C 9B79F568 1D677451 8F59CD52 C6AFE6DA 3DA23A62 
>>  31D7F139 607F73F9 0CBF0FEF 8229B446 2613EFDD B7FE5613 9D42EB84 8E14992F 
>>  63C00016 A925E177 39F2FBE6 B7412865 34633CBC 8585F8EB 4E374F34 A1E3D563 
>>  48C8D744 D5FF58C5 C78BD0C7 7CB18474 CE5BC3CA 80563517 97846F01 51C6FD27 
>>  5F090203 010001A3 81833081 80300F06 03551D13 0101FF04 05300301 01FF302D 
>>  0603551D 11042630 24822241 44534C5F 56504E5F 50736B6F 765F4661 62726963 
>>  69757361 2E535042 4D415855 53301F06 03551D23 04183016 801481A0 9A850D05 
>>  69E7C3C3 47F68C67 64269C5A 9681301D 0603551D 0E041604 1481A09A 850D0569 
>>  E7C3C347 F68C6764 269C5A96 81300D06 092A8648 86F70D01 01040500 03818100 
>>  B586B036 E8488C10 3652D5A5 E7FDA970 9057C4B1 6B2CDF32 23FBA4AA 78992AE9 
>>  B301F59A 239B8F34 E0B52D30 21D392E6 6A28DBC5 D428AC09 D31AD3A2 D1BF7885 
>>  BEA3E0E1 8D0D15BD D776ED61 861E995A 5E506CBA E7DF5570 5B7C2B4D D77D00D1 
>>  9BFBF00A 68A31A67 7AD11591 182DAEEA 37A81C9E 000A6BAA 7292A3C3 E5B74921 
>>  quit 
>>!
>>!
>>crypto isakmp policy 1 
>> encr 3des 
>> hash md5 
>> authentication pre-share 
>> group 2 
>>crypto isakmp key hfdybyysqukfveh address x.x.x.x 255.255.255.248 no-xauth 
>>!
>>!
>>crypto ipsec transform-set adsl_to_office esp-3des esp-md5-hmac 
>>!
>>crypto map policy_adsl 1 ipsec-isakmp 
>> description crypto_map 
>> set peer x.x.x.x 
>> set security-association lifetime seconds 57600 
>> set transform-set adsl_to_office 
>> set pfs group2 
>> match address 100 
>>!
>>!
>>!
>>interface ATM0 
>> no ip address 
>> no atm ilmi-keepalive 
>> dsl operating-mode auto 
>>!
>>interface ATM0.1 point-to-point 
>> description $FW_OUTSIDE$ 
>> ip address y.y.y.y 255.255.255.252 
>> ip access-group 102 in 
>> ip verify unicast reverse-path 
>> no snmp trap link-status 
>> atm route-bridged ip 
>> pvc 0/100 
>>  encapsulation aal5snap 
>> !
>> crypto map policy_adsl 
>>!
>>interface FastEthernet0 
>>!
>>interface FastEthernet1 
>>!
>>interface FastEthernet2 
>>!
>>interface FastEthernet3 
>>!
>>interface Vlan1 
>> description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ 
>> ip address 192.168.3.241 255.255.255.248 
>> ip access-group 101 in 
>> ip route-cache flow 
>> ip tcp adjust-mss 1300 
>>!
>>ip route 0.0.0.0 0.0.0.0 y.y.y.y-1 permanent 
>>ip flow-top-talkers 
>> top 50 
>> sort-by bytes 
>> cache-timeout 2 
>>!
>>ip http server 
>>ip http authentication local 
>>ip http secure-server 
>>ip http timeout-policy idle 5 life 86400 requests 10000 
>>!
>>access-list 100 remark SDM_ACL Category=4 
>>access-list 100 permit ip 192.168.3.240 0.0.0.7 192.168.0.0 0.0.255.255 
>>access-list 100 permit ip 192.168.3.240 0.0.0.7 host 195.239.148.186 
>>access-list 100 deny   ip any any 
>>access-list 101 remark auto generated by SDM firewall configuration 
>>access-list 101 remark SDM_ACL Category=1 
>>access-list 101 deny   ip y.y.y.y 0.0.0.3 any 
>>access-list 101 deny   ip host 255.255.255.255 any 
>>access-list 101 deny   ip 127.0.0.0 0.255.255.255 any 
>>access-list 101 permit ip any any 
>>access-list 102 remark auto generated by SDM firewall configuration 
>>access-list 102 remark SDM_ACL Category=1 
>>access-list 102 permit ip host y.y.y.y 192.168.3.240 0.0.0.7 
>>access-list 102 permit ip host z.z.z.z 192.168.3.240 0.0.0.7 
>>access-list 102 permit ip 192.168.0.0 0.0.255.255 192.168.3.240 0.0.0.7 
>>access-list 102 permit udp host x.x.x.x host y.y.y.y eq non500-isakmp 
>>access-list 102 permit udp host x.x.x.x host y.y.y.y eq isakmp 
>>access-list 102 permit esp host x.x.x.x host y.y.y.y 
>>access-list 102 permit ahp host x.x.x.x host y.y.y.y 
>>access-list 102 deny   ip 192.168.3.240 0.0.0.7 any 
>>access-list 102 permit icmp any host y.y.y.y echo 
>>access-list 102 permit icmp any host y.y.y.y echo-reply 
>>access-list 102 permit icmp any host y.y.y.y time-exceeded 
>>access-list 102 permit icmp any host y.y.y.y unreachable 
>>access-list 102 deny   ip 10.0.0.0 0.255.255.255 any 
>>access-list 102 deny   ip 172.16.0.0 0.15.255.255 any 
>>access-list 102 deny   ip 192.168.0.0 0.0.255.255 any 
>>access-list 102 deny   ip 127.0.0.0 0.255.255.255 any 
>>access-list 102 deny   ip host 255.255.255.255 any 
>>access-list 102 deny   ip host 0.0.0.0 any 
>>access-list 102 deny   ip any any log 
>>no cdp run 
>>!
>>control-plane 
>>!
>>!
>>line con 0 
>> login local 
>> no modem enable 
>>line aux 0 
>>line vty 0 4 
>> privilege level 15 
>> login local 
>> transport input telnet ssh 
>>!
>>scheduler max-task-time 5000 
>>end

> Попробовал вроде провайдера увидел буду настраивать дальше. Огромное спасибо за помощь.

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру