Проблема с НАТ, Jetkins, 23-Окт-08, 12:37 [смотреть все]Всем привет, помогите!!! Надо заказчику сделать видимым комп из подсети 10.8.0.77 через порт 8080 например, внешний 193.138.245.50. Вот конфиг, вроде прописал как умею, но не работает. urrent configuration : 4357 bytes ! ! Last configuration change at 10:22:23 UTC Wed Oct 22 2008 by admin ! NVRAM config last updated at 11:11:00 UTC Tue Oct 21 2008 by admin ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Kh-c2620XM ! boot-start-marker boot-end-marker ! enable secret 5 $1$UwPd$g8CONFn03ZopccFmI7JG81 ! memory-size iomem 15 no network-clock-participate slot 1 no network-clock-participate wic 0 no aaa new-model ip subnet-zero ip cef ! ! ip dhcp excluded-address 10.8.0.1 10.8.0.50 ! ip dhcp pool Kharkiv network 10.8.0.0 255.255.255.0 dns-server 192.168.2.10 193.138.244.36 default-router 10.8.0.1 domain-name softline.main netbios-name-server 192.168.2.10 option 150 ip 192.168.2.181 ! ip domain name kharkiv.softline.main ip audit po max-events 100 no ip rcmd domain-lookup ip rcmd rsh-enable ip rcmd remote-host admin 10.3.0.127 root enable ip rcmd remote-host differ 10.3.0.127 differ enable no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! username cisco secret 5 $1$ZsLe$6Fj/Zej/C0F3i5fsGLh3T0 username admin privilege 15 password 7 0822455D0A16 username konst privilege 15 secret 5 $1$ZMe1$CeaKUwX.F3Th7JaGNaKg7/ ! ! ! ! ! crypto isakmp policy 10 encr aes authentication pre-share group 2 crypto isakmp key ufjhbfgjofgjbfgbfgjbffig address 195.245.253.2 ! ! crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set avalanche esp-des esp-md5-hmac ! crypto map Kiev 10 ipsec-isakmp set peer 195.245.253.2 set security-association lifetime seconds 86400 set transform-set avalanche set pfs group2 match address Kiev_VPN ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 description Internet encapsulation dot1Q 10 ip address 193.138.245.50 255.255.255.248 ip access-group Incoming in ip nat outside no snmp trap link-status crypto map Kiev ! interface FastEthernet0/0.2 description Local Lan encapsulation dot1Q 1 native ip address 10.8.0.1 255.255.255.0 ip accounting output-packets ip nat inside no snmp trap link-status ! interface FastEthernet0/0.7 ! interface FastEthernet0/0.9 ! ip nat inside source list ZZZ interface FastEthernet0/0.1 overload ip nat inside source static tcp 10.8.0.63 8080 194.187.155.73 8080 extendable ip nat inside source static tcp 10.8.0.19 25 194.187.155.73 25 extendable ip nat inside source static tcp 10.8.0.60 3389 194.187.155.73 3389 extendable ip nat inside source static tcp 10.8.0.77 8080 193.138.245.50 8080 extendable ip classless ip route 0.0.0.0 0.0.0.0 193.138.245.49 ip route 193.138.244.0 255.255.252.0 193.138.245.52 ! no ip http server no ip http secure-server ! ip access-list standard ssh_access permit 10.1.8.13 permit 10.3.0.127 permit 195.245.253.111 permit 10.1.8.248 permit 10.8.0.0 0.0.0.255 permit 10.1.0.0 0.0.255.255 ip access-list standard telnet_access permit 10.3.0.127 ! ip access-list extended Incoming permit tcp any any established permit udp any any permit icmp any any permit gre any any permit ip 195.245.253.0 0.0.0.255 194.187.155.64 0.0.0.15 permit ip 10.0.0.0 0.3.255.255 10.8.0.0 0.0.0.255 permit ip 192.168.0.0 0.0.255.255 10.8.0.0 0.0.0.255 permit tcp any host 194.187.155.73 eq smtp permit ip 195.245.253.0 0.0.0.255 193.138.245.48 0.0.0.7 permit ip 10.8.0.0 0.7.255.255 any ip access-list extended Kiev_VPN permit ip 10.8.0.0 0.0.0.255 192.168.0.0 0.0.255.255 permit ip 10.8.0.0 0.0.0.255 10.0.0.0 0.7.255.255 permit ip 10.8.0.0 0.0.0.255 10.8.0.0 0.7.255.255 permit ip 10.8.0.0 0.0.0.255 195.245.253.0 0.0.0.7 ip access-list extended ZZZ deny ip 10.8.0.0 0.0.0.255 10.0.0.0 0.7.255.255 deny ip 10.8.0.0 0.0.0.255 10.8.0.0 0.7.255.255 deny ip 10.8.0.0 0.0.0.255 192.168.0.0 0.0.255.255 permit ip any any ! access-list 10 deny 10.0.0.0 0.7.255.255 access-list 10 deny 192.168.0.0 0.0.255.255 access-list 10 permit any access-list 110 deny ip host 193.138.245.50 host 195.245.253.2 access-list 110 permit ip any any ! ! snmp-server community cisco-SNMP-pass RO snmp-server enable traps tty ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class ssh_access in login local transport input ssh line vty 5 7 access-class telnet_access in login transport input telnet ! ntp clock-period 17180216 ntp server 62.149.2.1 ! end
|
- Проблема с НАТ, GolDi, 13:26 , 23-Окт-08 (1)
>[оверквотинг удален] >! >interface FastEthernet0/0.7 >! >interface FastEthernet0/0.9 >! >ip nat inside source list ZZZ interface FastEthernet0/0.1 overload >ip nat inside source static tcp 10.8.0.63 8080 194.187.155.73 8080 extendable >ip nat inside source static tcp 10.8.0.19 25 194.187.155.73 25 extendable >ip nat inside source static tcp 10.8.0.60 3389 194.187.155.73 3389 extendable >ip nat inside source static tcp 10.8.0.77 8080 193.138.245.50 8080 extendable А что остальные трансляции работают? >[оверквотинг удален] >transport input ssh >line vty 5 7 >access-class telnet_access in >login >transport input telnet >! >ntp clock-period 17180216 >ntp server 62.149.2.1 >! >end
- Проблема с НАТ, Jetkins, 13:37 , 23-Окт-08 (2)
остальные не работают, их можно удалять, остались от старого провайдера
- Проблема с НАТ, GolDi, 16:16 , 23-Окт-08 (3)
>[оверквотинг удален] >interface FastEthernet0/0 >no ip address >duplex auto >speed auto >! >interface FastEthernet0/0.1 >description Internet >encapsulation dot1Q 10 >ip address 193.138.245.50 255.255.255.248 >ip access-group Incoming in Попробуйте убрать эту access-group >[оверквотинг удален] >transport input ssh >line vty 5 7 >access-class telnet_access in >login >transport input telnet >! >ntp clock-period 17180216 >ntp server 62.149.2.1 >! >end
|