Вот весь конфиг , если честно я таже думаю ,что что то с NAT или ACL , но не имею большого опыта работы . Помогите решить эту проблему , уже 1 месяц не могу исправить ошибку!
! Last configuration change at 09:07:57 Kamensk Fri Apr 13 2007 by cisco
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco3725
!
boot-start-marker
boot-end-marker
!
card type e1 2
no logging on
enable secret 5 $1$MQBj$00wIeDwWJ3REK3B1euW/z0
!
clock timezone Kamensk 4
modem country mica e1-default
aaa new-model
!
aaa authentication password-prompt password:
aaa authentication username-prompt login:
aaa authentication login default local-case
aaa authentication ppp default group radius
aaa authorization exec default local if-authenticated
aaa authorization network default local if-authenticated
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
aaa session-id common
ip subnet-zero
ip cef
!
!
!
ip domain name yourdomain.com
ip host stat.ru 192.168.0.99
ip name-server 80.254.111.254
no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host netup 192.168.0.хх netup enable
async-bootp dns-server 80.254.111.254
isdn switch-type primary-net5
!
username all
!
!
controller E1 2/0
framing NO-CRC4
pri-group timeslots 1-31
!
!
interface Loopback0
ip address 192.168.101.1 255.255.255.0
ip route-cache policy
ip route-cache flow
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FastEthernet 0/0$
no ip address
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0.1
description Local
encapsulation dot1Q 1 native
ip address 192.168.0.16 255.255.255.0
ip nat inside
ip flow ingress
!
interface FastEthernet0/0.22
description Office
encapsulation dot1Q 22
ip address 192.168.8.99 255.255.255.0
ip nat inside
ip flow ingress
!
interface FastEthernet0/0.31
description Donpac
bandwidth 2048
encapsulation dot1Q 31
ip address 80.254.118.ххх 255.255.255.252
ip access-group inside in
ip nat outside
ip flow ingress
rate-limit input access-group 2 2048000 2700 2700 conform-action transmit exceed-action drop
ip policy route-map MAP
!
!
interface FastEthernet0/0.101
description ADSL sub1
encapsulation dot1Q 101
ip address 10.10.10.2 255.255.255.252
ip nat inside
ip flow ingress
!
interface FastEthernet0/0.102
description ADSL sub2
encapsulation dot1Q 102
ip address 10.10.10.6 255.255.255.252
ip nat inside
ip flow ingress
!
interface FastEthernet0/0.103
description ADSL sub3
encapsulation dot1Q 103
ip address 10.10.10.10 255.255.255.252
ip nat inside
ip flow ingress
!
interface FastEthernet0/0.104
description ADSL sub4
encapsulation dot1Q 104
ip address 10.10.10.14 255.255.255.252
ip nat inside
ip flow ingress
!
interface Serial0/0
no ip address
ip nat outside
ip policy route-map MAP_UTKS
autodetect encapsulation ppp
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0:15
no ip address
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
!
interface Group-Async0
physical-layer async
no ip address
ip access-group 11 in
ip access-group 11 out
encapsulation slip
shutdown
no group-range
!
interface Group-Async1
ip unnumbered FastEthernet0/0.1
ip nat inside
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer-group 1
async dynamic routing
async mode interactive
peer default ip address pool dialin
ppp authentication chap
group-range 33 62
!
ip local pool dialin 192.168.100.1 192.168.100.32
ip nat translation timeout 300
ip nat translation tcp-timeout 600
ip nat translation icmp-timeout 300
ip nat pool Inet 80.254.118.ххх 80.254.118.ххх netmask 255.255.255.252
ip nat inside source list 1 pool Inet overload
ip nat inside source list 2 pool Inet overload
ip nat inside source list 3 pool Inet overload
ip nat inside source list 4 pool Inet overload
ip nat inside source list 5 pool Inet overload
ip nat inside source list 6 pool Inet overload
ip nat inside source static tcp 192.168.0.99 22 80.254.118.ххх 22 extendable
ip nat inside source static tcp 192.168.0.99 80 80.254.118.ххх 80 extendable
ip nat inside source static tcp 192.168.0.18 23 80.254.118.ххх 110 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 80.254.118.ххх
ip flow-export version 5
ip flow-export destination 192.168.0.ххх 9996
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 1 permit 192.168.8.55
access-list 2 permit 192.168.100.0 0.0.0.255
access-list 3 permit 192.168.0.0 0.0.0.255
access-list 4 permit 10.10.10.0 0.0.0.255
access-list 5 permit 10.10.20.0 0.0.0.255
access-list 6 permit 10.10.30.0 0.0.0.255
access-list 101 permit ip any host 192.168.8.55
access-list 101 permit ip any 192.168.0.0 0.0.0.255
access-list 101 permit ip any 10.10.10.0 0.0.0.255
access-list 101 permit ip any 10.10.20.0 0.0.0.255
access-list 101 permit ip any 10.10.30.0 0.0.0.255
access-list 101 permit ip any 192.168.100.0 0.0.0.255
access-list 101 deny ip any any
access-list 102 permit ip any 10.10.40.0 0.0.0.255
access-list 102 deny ip any any
access-list 111 deny ip 10.10.20.0 0.0.0.3 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
route-map MAP permit 10
match ip address 101 102 103 104 105 106 107 108
set interface Loopback0
!
radius-server host 192.168.0.ххх auth-port 1812 acct-port 1813
radius-server key mysecret
�
privilege exec level 8 access-template
privilege exec level 8 clear access-template
privilege exec level 8 clear
!
line con 0
line 33 62
modem InOut
modem autoconfigure type mica
transport input all
autoselect during-login
autoselect ppp
line aux 0
line vty 0 4
transport input telnet
!
ntp clock-period 17180565
ntp server 129.240.64.3
ntp server 192.43.244.18
end
