- Помогите настроить доступ,
 sh_, 18:34 , 26-Сен-06 (1)На интерфейсах ip nat inside и ip nat outsideА лучше конфиг покажите...
- Помогите настроить доступ, goo230663, 19:03 , 26-Сен-06 (2)
Вот конфиг без попыток организовать то, что надоinterface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.252 255.255.255.0
ip access-group 105 in
ip access-group 102 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip ddns update sdm_ddns1
ip address 200.200.200.100 255.255.255.0
ip access-group 106 in
ip access-group 102 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect SDM_LOW in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ***
ppp chap password 7 *******
ppp pap sent-username ******* password 7 ***********
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool 1 200.200.200.0 200.200.200.100 netmask 255.255.255.0
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host (здесь dns провайдера) eq domain host 200.200.200.100
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any host 200.200.200.100 echo-reply
access-list 101 permit icmp any host 200.200.200.100 time-exceeded
access-list 101 permit icmp any host 200.200.200.100 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 101 permit tcp any any gt 1023 established
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit ip host 192.168.1.1 any
access-list 105 deny ip any any
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 permit udp host (здесь dns провайдера) eq domain host 200.200.200.100
access-list 106 deny ip 192.168.1.0 0.0.0.255 any
access-list 106 permit icmp any host 200.200.200.100 echo-reply
access-list 106 permit icmp any host 200.200.200.100 time-exceeded
access-list 106 permit icmp any host 200.200.200.100 unreachable
access-list 106 deny ip 10.0.0.0 0.255.255.255 any
access-list 106 deny ip 172.16.0.0 0.15.255.255 any
access-list 106 deny ip 192.168.0.0 0.0.255.255 any
access-list 106 deny ip 127.0.0.0 0.255.255.255 any
access-list 106 deny ip host 255.255.255.255 any
access-list 106 deny ip host 0.0.0.0 any
access-list 106 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
- Помогите настроить доступ, goo230663, 17:36 , 27-Сен-06 (3)
В проблеме Разобрался
Спасибо
|
Версия для распечатки
Помогите настроить доступ, 
