 Настройка Сisco 1811,  Дима, 21-Май-09, 08:51 [смотреть все]Добрый день\ночь..
У меня тут появилась задача внедрить циску... неделю голову ломаю, не понимаю, что я делаю не так...Есть 2 интерфейса на cisco: 192.168.7.254 и 192.168.8.254 192.168.7.254 — сюда подключен юзер
192.168.8.254 — сюда подключен инет ip юзера 192.168.7.131 192.168.8.1 - это шлюз интернета и днс сервер через который cisco Ходит в интернет Если пинговать через циску то и с 7,254 и с 8,254 все пингуется а с юзера нет...
и вот надо чтоб у юзера был инет))
мой конфиг
Cisco#sh conf
Using 3703 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 $1$w/AI$DVm/bKMiMRNb29hv/4zp6.
enable password manager
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3056823457
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3056823457
revocation-check none
rsakeypair TP-self-signed-3056823457
!
!
crypto pki certificate chain TP-self-signed-3056823457
certificate self-signed 03 nvram:IOS-Self-Sig#5.cer
dot11 syslog
!
!
ip cef
!
!
ip name-server 192.168.8.1
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username boss privilege 15 password 0 manager
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any any-1
match protocol http
match protocol https
match protocol icmp
class-map type inspect match-any any-2
match protocol http
match protocol https
match protocol icmp
class-map type inspect match-any allow
match class-map any-1
match class-map any-2
class-map type inspect match-all sdm-cls-sdm-policy-ALLOW-1
match class-map allow
match access-group name all
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any ALLOW
match class-map any-2
match class-map any-1
match protocol http
match protocol https
match protocol tcp
match protocol udp
match protocol router
match protocol icmp
match protocol cisco-net-mgmt
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
!
!
policy-map type inspect sdm-policy-ALLOW
class type inspect sdm-cls-sdm-policy-ALLOW-1
inspect
class type inspect ALLOW
inspect
class class-default
inspect
!
zone security inside
zone security ouside
zone-pair security sdm-zp-inside-ouside source inside destination ouside
service-policy type inspect sdm-policy-ALLOW
!
!
!
interface FastEthernet0
description $ETH-WAN$$FW_OUTSIDE$
ip address 192.168.8.254 255.255.255.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
description $ETH-LAN$$FW_INSIDE$
ip address 192.168.7.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.8.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool internet 192.168.8.254 192.168.8.254 netmask 255.255.255.0
ip nat pool Internet 192.168.8.254 192.168.8.254 netmask 255.255.255.0
ip nat inside source list 1 pool Internet overload
!
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
ip access-list extended all
remark SDM_ACL Category=128
permit ip any any
!
access-list 1 permit 192.168.7.0 0.0.0.255 log
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
password manager
login local
transport input telnet ssh
!
end ЗАРАНЕЕ СПАСИБО ЗА ЛЮБУЮ ПОМОЩЬ =)
|
- Настройка Сisco 1811, CrAzOiD, 09:04 , 21-Май-09 (1)
>[оверквотинг удален]
>privilege level 15
>password manager
>login local
>transport input telnet ssh
>!
>end
>
>
>
>ЗАРАНЕЕ СПАСИБО ЗА ЛЮБУЮ ПОМОЩЬ =) 1. какие сетевые настройки у юзера, в частности DG
2. route print с циски
3. sh ip nat t sum с циски
- Настройка Сisco 1811, Дима, 09:14 , 21-Май-09 (2)
1. какие сетевые настройки у юзера, в частности DG192.168.7.131
255.255.255.0
192.168.7.254
===============
192.168.8.1
192.168.8.2 2. route print с циски мм нет такой команды =) Cisco#show route-map
route-map print, permit, sequence 10
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
3)
Cisco#show ip nat translations ?
esp Show ESP entries
global Display entries in Global/Dest Table - NVI
icmp Show ICMP entries
pptp Show PPTP entries
tcp Show TCP entries
udp Show UDP entries
verbose Show extra information
vrf Display entries of VRF instance
| Output modifiers
<cr>
поподробнее можно чет я не догнал)
- Настройка Сisco 1811, CrAzOiD, 13:43 , 21-Май-09 (3)
>[оверквотинг удален]
>192.168.7.131
>255.255.255.0
>192.168.7.254
>===============
>192.168.8.1
>192.168.8.2
>
>2. route print с циски
>
>мм нет такой команды =) Это я вчера вечером перегрелся
sh ip route
>Cisco#show ip nat translations ?
sh ip nat stat
- Настройка Сisco 1811, Дима, 09:00 , 22-Май-09 (4)
Cisco#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static routeGateway of last resort is 192.168.8.1 to network 0.0.0.0 C 192.168.8.0/24 is directly connected, FastEthernet0
C 192.168.7.0/24 is directly connected, FastEthernet1
S* 0.0.0.0/0 [1/0] via 192.168.8.1
Cisco#
Cisco#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
FastEthernet0
Inside interfaces:
FastEthernet1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool Internet refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Cisco#
- Настройка Сisco 1811, Николай, 17:37 , 22-Май-09 (5)
>[оверквотинг удален]
>privilege level 15
>password manager
>login local
>transport input telnet ssh
>!
>end
>
>
>
>ЗАРАНЕЕ СПАСИБО ЗА ЛЮБУЮ ПОМОЩЬ =) пробуй так
ip nat inside source list 1 int FastEthernet0 overload пул нафик и шоколадка с тебя
|
Версия для распечатки
