forum.opennet.ru - "851 не пингуется удаленная сеть через туннель" (3)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"851 не пингуется удаленная сеть через туннель"

Форумы Маршрутизаторы CISCO и др. оборудование. (Public)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"851 не пингуется удаленная сеть через туннель"
Сообщение от Летчик (ok) on 07-Май-08, 12:46
Пытаюсь настроить домашнюю циску для работы с удаленной рабочей локалкой в офисе. Конфиги с обоих сторон прилагаются. В офисе стоит 877 циска, работа в домене. С домашней циски все пингуется и могу в инет выходить, но рабочий сервер локалки с домашнего компьютера с XP не пингуется , адрес сервера 192.168.1.1. Пробовал использовать debug ip packet detail, но в kiwi syslog на ноуте много сообщений, информации почему не пингуется не нашел. Отфильтровать не удалось. Есть всего пару дней на наладку. Заранее спасибо. Конфиг домашней циски 851: ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname murka ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! resource policy ! ip subnet-zero no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ip cef ip domain name yourdomain.com ip name-server 217.77.53.237 ip name-server 217.77.52.252 ! ! interface Tunnel17 ip address 172.22.9.254 255.255.255.0 ip mtu 1412 ip tcp adjust-mss 1396 tunnel source FastEthernet4 tunnel destination 217.77.52.241 tunnel path-mtu-discovery ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ETH-WAN$ mac-address 0018.f8f1.b645 ip address 10.10.104.43 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 192.168.39.199 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! router rip version 2 passive-interface Vlan1 network 172.22.0.0 network 192.168.0.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.104.254 ip route 192.168.1.0 255.255.255.0 Tunnel17 150 ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ! access-list 1 permit 192.168.39.0 0.0.0.255 access-list 23 permit any no cdp run ! control-plane ! ! line con 0 login local no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 end Конфиг офисной циски 877: ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname murka ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! resource policy ! ip subnet-zero no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ip cef ip domain name yourdomain.com ip name-server 217.77.53.237 ip name-server 217.77.52.252 ! ! interface Tunnel17 ip address 172.22.9.254 255.255.255.0 ip mtu 1412 ip tcp adjust-mss 1396 tunnel source FastEthernet4 tunnel destination 217.77.52.241 tunnel path-mtu-discovery ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ETH-WAN$ mac-address 0018.f8f1.b645 ip address 10.10.104.43 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 192.168.39.199 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! router rip version 2 passive-interface Vlan1 network 172.22.0.0 network 192.168.0.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.104.254 ip route 192.168.1.0 255.255.255.0 Tunnel17 150 ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ! access-list 1 permit 192.168.39.0 0.0.0.255 access-list 23 permit any no cdp run ! control-plane ! ! line con 0 login local no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 end
Высказать мнение \| Ответить \| Правка \| Cообщить модератору

Оглавление

851 не пингуется удаленная сеть через туннель, GolDi, 13:06 , 07-Май-08, (1)

851 не пингуется удаленная сеть через туннель, Летчик, 13:18 , 07-Май-08, (2)
851 не пингуется удаленная сеть через туннель, Летчик, 13:21 , 07-Май-08, (3)

Сообщения по теме [Сортировка по времени | RSS]

1. "851 не пингуется удаленная сеть через туннель"

Сообщение от GolDi (??) on 07-Май-08, 13:06

>[оверквотинг удален]
> no modem enable
>line aux 0
>line vty 0 4
> access-class 23 in
> privilege level 15
> login local
> transport input telnet ssh
>!
>scheduler max-task-time 5000
>end
Странно у тебя и дома и в офисе 192.168.39.ХХХ, а ты хочешь видеть
192.168.1.1

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "851 не пингуется удаленная сеть через туннель"

Сообщение от Летчик (ok) on 07-Май-08, 13:18

В офисе 192.168.1.XXX сеть

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "851 не пингуется удаленная сеть через туннель"

Сообщение от Летчик (ok) on 07-Май-08, 13:21

Виноват, конфиг офисной циски :
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
no service dhcp
!
hostname cis-877-kirova
!
boot-start-marker
boot-end-marker
!
logging userinfo
logging buffered 51200 debugging
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 3
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip domain name onego.local
ip name-server 192.168.1.250
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
bridge irb
!
!
!
interface Tunnel8
description to_parfenova
ip address 172.22.8.1 255.255.255.0
ip mtu 1428
ip tcp adjust-mss 1390
ip ospf mtu-ignore
tunnel source Vlan3
tunnel destination 172.16.51.68
tunnel path-mtu-discovery
!
interface Tunnel4
description to_sampo90
ip address 172.22.10.254 255.255.255.0
ip mtu 1452
ip tcp adjust-mss 1390
tunnel source Vlan3
tunnel destination 217.77.49.177
tunnel path-mtu-discovery
!
interface Tunnel3
description to_baza_nordlink
bandwidth 4000
ip address 192.168.203.1 255.255.255.0
ip mtu 1428
ip tcp adjust-mss 1412
tunnel source BVI1
tunnel destination 172.16.179.241
tunnel path-mtu-discovery
!
interface Tunnel0
description to_baza_spline
bandwidth 10000
ip address 192.168.200.1 255.255.255.0
ip directed-broadcast
ip mtu 1452
ip tcp adjust-mss 1428
delay 500
tunnel source BVI2
tunnel destination 10.1.112.10
tunnel path-mtu-discovery
!
interface Tunnel7
ip address 172.22.3.1 255.255.255.0
tunnel source BVI1
tunnel destination 172.16.195.146
tunnel path-mtu-discovery
!
interface Tunnel17
description to_admin
ip address 172.22.9.1 255.255.255.0
ip mtu 1412
ip tcp adjust-mss 1396
ip ospf mtu-ignore
tunnel source Vlan3
tunnel destination 10.10.104.43
tunnel path-mtu-discovery
!
interface Tunnel202
bandwidth 100000
ip address 192.168.202.1 255.255.255.0
delay 100
tunnel source Vlan3
tunnel destination 10.10.192.134
tunnel path-mtu-discovery
!
interface Tunnel22
ip address 172.22.22.1 255.255.255.0
tunnel source Vlan3
tunnel destination 172.16.129.192
tunnel path-mtu-discovery
!
interface Loopback204
ip address 192.168.204.199 255.255.255.0
!
interface ATM0
mtu 1492
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
!
interface ATM0.1 point-to-point
logging event subif-link-status
no snmp trap link-status
pvc 0/33
  encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
description to_sampo
switchport access vlan 3
!
interface FastEthernet3
description to_spline
switchport access vlan 4
!
interface Virtual-Template1
ip unnumbered Loopback204
ip mtu 1452
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1428
ip mroute-cache
autodetect encapsulation ppp
peer default ip address pool pptp-1
ppp encrypt mppe auto
ppp authentication chap ms-chap ms-chap-v2 callin
!
interface Vlan1
description LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.50.199 255.255.255.0 secondary
ip address 192.168.1.199 255.255.255.0
ip access-group 102 in
ip helper-address 192.168.0.254
ip helper-address 192.168.0.44
ip directed-broadcast
ip mtu 1492
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1428
!
interface Vlan3
description Sampo.ru
ip address 217.77.52.241 255.255.255.252
ip nat outside
ip virtual-reassembly
!
interface Vlan4
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 172.16.76.51 255.255.255.0
ip access-group 104 in
ip mtu 1452
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface BVI2
mac-address 000f.3d1b.87a4
ip address 10.1.140.5 255.255.255.0
ip access-group 100 in
ip access-group 101 out
ip mtu 1492
ip virtual-reassembly
!
router eigrp 9999
traffic-share min across-interfaces
redistribute rip route-map 50
passive-interface ATM0
passive-interface ATM0.1
passive-interface BVI1
passive-interface BVI2
passive-interface Vlan4
network 192.168.1.0
network 192.168.200.0
network 192.168.202.0
network 192.168.203.0
network 192.168.204.0
no auto-summary
!
router rip
version 2
redistribute eigrp 9999
passive-interface ATM0
passive-interface ATM0.1
passive-interface Vlan3
passive-interface BVI1
passive-interface BVI2
passive-interface Vlan4
network 172.22.0.0
network 192.168.1.0
network 192.168.50.0
network 192.168.200.0
network 192.168.201.0
network 192.168.202.0
network 192.168.204.0
neighbor 192.168.201.254
neighbor 192.168.200.254
neighbor 192.168.0.254
distribute-list 50 in
no auto-summary
!
ip local pool pptp-1 192.168.204.210 192.168.204.230
ip forward-protocol udp 3183
ip route 0.0.0.0 0.0.0.0 217.77.52.242 150
ip route 10.1.0.0 255.255.0.0 10.1.140.254 150
ip route 172.16.179.241 255.255.255.255 172.16.76.1 20
ip route 172.16.195.146 255.255.255.255 172.16.76.1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 170 interface Vlan3 overload
ip nat inside source static tcp 192.168.1.1 3389 interface Vlan3 3389
ip nat inside source static tcp 192.168.1.1 80 interface Vlan3 80
ip nat inside source static tcp 192.168.1.1 110 interface Vlan3 110
ip nat inside source static tcp 192.168.1.1 25 interface Vlan3 25
ip nat inside source route-map nordlink-NAT interface BVI1 overload
ip nat inside source route-map spline-NAT interface BVI2 overload
!
logging trap debugging
logging 192.168.1.1
access-list 15 remark nordlink-GW
access-list 15 remark SDM_ACL Category=1
access-list 15 permit 172.16.76.1
access-list 16 remark Spline-GW
access-list 16 remark SDM_ACL Category=1
access-list 16 permit 10.1.140.254
access-list 23 remark SDM_ACL Category=17
access-list 23 permit 172.21.0.25
access-list 23 permit 172.21.0.30
access-list 23 permit 192.168.0.0 0.0.255.255
access-list 23 permit 192.168.17.0 0.0.0.255
access-list 23 permit 172.22.3.0 0.0.0.255
access-list 23 permit 192.168.30.0 0.0.0.255
access-list 23 permit 192.168.32.0 0.0.0.255
access-list 50 remark SDM_ACL Category=1
access-list 50 deny   192.168.50.0 0.0.0.255
access-list 50 deny   192.168.51.0 0.0.0.255
access-list 50 permit 192.168.0.0 0.0.255.255
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip any any
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip any any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 192.168.1.1 eq domain any
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp any any eq 22
access-list 103 permit tcp any any eq 22
access-list 103 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 permit ip 192.168.17.0 0.0.0.255 any
access-list 103 permit ip 172.22.3.0 0.0.0.255 any
access-list 103 permit ip 192.168.30.0 0.0.0.255 any
access-list 103 permit ip 172.21.0.0 0.0.0.255 any
access-list 104 remark Auto generated by SDM Management Access feature
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip any any
access-list 150 remark over nordlink
access-list 150 remark SDM_ACL Category=2
access-list 150 deny   tcp any any eq smtp log
access-list 150 permit ip 192.168.1.0 0.0.0.255 any
access-list 150 permit ip 192.168.39.0 0.0.0.255 any
access-list 160 remark over spline
access-list 160 remark SDM_ACL Category=2
access-list 160 permit icmp 192.168.1.0 0.0.0.255 any
access-list 160 permit tcp host 192.168.1.1 any eq www
access-list 160 permit tcp host 192.168.1.1 any eq 3128
access-list 160 permit tcp host 192.168.1.1 any eq 443
access-list 160 permit tcp host 192.168.1.1 any range 8000 8090
access-list 160 permit tcp host 192.168.1.1 any eq domain
access-list 160 permit udp host 192.168.1.1 any eq domain
access-list 160 permit udp host 192.168.1.1 any eq ntp
access-list 160 permit tcp host 192.168.1.1 any eq ftp
access-list 160 permit tcp host 192.168.1.1 any eq ftp-data
access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq pop3
access-list 160 permit ip 192.168.39.0 0.0.0.255 any
access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq smtp log
access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq 5190
access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 170 remark SDM_ACL Category=2
access-list 170 deny   ip host 217.77.52.241 any
access-list 170 permit ip host 192.168.1.1 any
access-list 170 permit ip host 192.168.1.250 any
access-list 170 permit icmp 192.168.0.0 0.0.0.255 any
access-list 170 permit icmp 192.168.200.0 0.0.0.255 any
access-list 170 permit icmp 192.168.203.0 0.0.0.255 any
access-list 170 deny   ip any any log
snmp-server community public RO
no cdp run
!
!
!
route-map rip-map permit 10
match ip address permit 10 50
!
route-map nordlink-NAT permit 10
match ip address 150
match ip next-hop 15
!
route-map spline-NAT permit 10
match ip address 160
match ip next-hop 16
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 route ip
banner login Kirova router

!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 103 in
exec-timeout 30 0
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "851 не пингуется удаленная сеть через туннель"
Сообщение от GolDi (??) on 07-Май-08, 13:06
>[оверквотинг удален] > no modem enable >line aux 0 >line vty 0 4 > access-class 23 in > privilege level 15 > login local > transport input telnet ssh >! >scheduler max-task-time 5000 >end Странно у тебя и дома и в офисе 192.168.39.ХХХ, а ты хочешь видеть 192.168.1.1
Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору


	2. "851 не пингуется удаленная сеть через туннель"
	Сообщение от Летчик (ok) on 07-Май-08, 13:18
	В офисе 192.168.1.XXX сеть
	Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору


	3. "851 не пингуется удаленная сеть через туннель"
	Сообщение от Летчик (ok) on 07-Май-08, 13:21
	Виноват, конфиг офисной циски : ! version 12.4 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption no service dhcp ! hostname cis-877-kirova ! boot-start-marker boot-end-marker ! logging userinfo logging buffered 51200 debugging no logging console ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default local aaa authorization exec default local aaa authorization network default local ! aaa session-id common ! resource policy ! clock timezone PCTime 3 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ip domain name onego.local ip name-server 192.168.1.250 vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! ! ! bridge irb ! ! ! interface Tunnel8 description to_parfenova ip address 172.22.8.1 255.255.255.0 ip mtu 1428 ip tcp adjust-mss 1390 ip ospf mtu-ignore tunnel source Vlan3 tunnel destination 172.16.51.68 tunnel path-mtu-discovery ! interface Tunnel4 description to_sampo90 ip address 172.22.10.254 255.255.255.0 ip mtu 1452 ip tcp adjust-mss 1390 tunnel source Vlan3 tunnel destination 217.77.49.177 tunnel path-mtu-discovery ! interface Tunnel3 description to_baza_nordlink bandwidth 4000 ip address 192.168.203.1 255.255.255.0 ip mtu 1428 ip tcp adjust-mss 1412 tunnel source BVI1 tunnel destination 172.16.179.241 tunnel path-mtu-discovery ! interface Tunnel0 description to_baza_spline bandwidth 10000 ip address 192.168.200.1 255.255.255.0 ip directed-broadcast ip mtu 1452 ip tcp adjust-mss 1428 delay 500 tunnel source BVI2 tunnel destination 10.1.112.10 tunnel path-mtu-discovery ! interface Tunnel7 ip address 172.22.3.1 255.255.255.0 tunnel source BVI1 tunnel destination 172.16.195.146 tunnel path-mtu-discovery ! interface Tunnel17 description to_admin ip address 172.22.9.1 255.255.255.0 ip mtu 1412 ip tcp adjust-mss 1396 ip ospf mtu-ignore tunnel source Vlan3 tunnel destination 10.10.104.43 tunnel path-mtu-discovery ! interface Tunnel202 bandwidth 100000 ip address 192.168.202.1 255.255.255.0 delay 100 tunnel source Vlan3 tunnel destination 10.10.192.134 tunnel path-mtu-discovery ! interface Tunnel22 ip address 172.22.22.1 255.255.255.0 tunnel source Vlan3 tunnel destination 172.16.129.192 tunnel path-mtu-discovery ! interface Loopback204 ip address 192.168.204.199 255.255.255.0 ! interface ATM0 mtu 1492 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto dsl enable-training-log ! interface ATM0.1 point-to-point logging event subif-link-status no snmp trap link-status pvc 0/33 encapsulation aal5snap ! bridge-group 1 ! interface FastEthernet0 ! interface FastEthernet1 shutdown ! interface FastEthernet2 description to_sampo switchport access vlan 3 ! interface FastEthernet3 description to_spline switchport access vlan 4 ! interface Virtual-Template1 ip unnumbered Loopback204 ip mtu 1452 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1428 ip mroute-cache autodetect encapsulation ppp peer default ip address pool pptp-1 ppp encrypt mppe auto ppp authentication chap ms-chap ms-chap-v2 callin ! interface Vlan1 description LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 192.168.50.199 255.255.255.0 secondary ip address 192.168.1.199 255.255.255.0 ip access-group 102 in ip helper-address 192.168.0.254 ip helper-address 192.168.0.44 ip directed-broadcast ip mtu 1492 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1428 ! interface Vlan3 description Sampo.ru ip address 217.77.52.241 255.255.255.252 ip nat outside ip virtual-reassembly ! interface Vlan4 no ip address bridge-group 2 bridge-group 2 spanning-disabled ! interface BVI1 ip address 172.16.76.51 255.255.255.0 ip access-group 104 in ip mtu 1452 ip nat outside ip virtual-reassembly ip tcp adjust-mss 1412 ! interface BVI2 mac-address 000f.3d1b.87a4 ip address 10.1.140.5 255.255.255.0 ip access-group 100 in ip access-group 101 out ip mtu 1492 ip virtual-reassembly ! router eigrp 9999 traffic-share min across-interfaces redistribute rip route-map 50 passive-interface ATM0 passive-interface ATM0.1 passive-interface BVI1 passive-interface BVI2 passive-interface Vlan4 network 192.168.1.0 network 192.168.200.0 network 192.168.202.0 network 192.168.203.0 network 192.168.204.0 no auto-summary ! router rip version 2 redistribute eigrp 9999 passive-interface ATM0 passive-interface ATM0.1 passive-interface Vlan3 passive-interface BVI1 passive-interface BVI2 passive-interface Vlan4 network 172.22.0.0 network 192.168.1.0 network 192.168.50.0 network 192.168.200.0 network 192.168.201.0 network 192.168.202.0 network 192.168.204.0 neighbor 192.168.201.254 neighbor 192.168.200.254 neighbor 192.168.0.254 distribute-list 50 in no auto-summary ! ip local pool pptp-1 192.168.204.210 192.168.204.230 ip forward-protocol udp 3183 ip route 0.0.0.0 0.0.0.0 217.77.52.242 150 ip route 10.1.0.0 255.255.0.0 10.1.140.254 150 ip route 172.16.179.241 255.255.255.255 172.16.76.1 20 ip route 172.16.195.146 255.255.255.255 172.16.76.1 ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 170 interface Vlan3 overload ip nat inside source static tcp 192.168.1.1 3389 interface Vlan3 3389 ip nat inside source static tcp 192.168.1.1 80 interface Vlan3 80 ip nat inside source static tcp 192.168.1.1 110 interface Vlan3 110 ip nat inside source static tcp 192.168.1.1 25 interface Vlan3 25 ip nat inside source route-map nordlink-NAT interface BVI1 overload ip nat inside source route-map spline-NAT interface BVI2 overload ! logging trap debugging logging 192.168.1.1 access-list 15 remark nordlink-GW access-list 15 remark SDM_ACL Category=1 access-list 15 permit 172.16.76.1 access-list 16 remark Spline-GW access-list 16 remark SDM_ACL Category=1 access-list 16 permit 10.1.140.254 access-list 23 remark SDM_ACL Category=17 access-list 23 permit 172.21.0.25 access-list 23 permit 172.21.0.30 access-list 23 permit 192.168.0.0 0.0.255.255 access-list 23 permit 192.168.17.0 0.0.0.255 access-list 23 permit 172.22.3.0 0.0.0.255 access-list 23 permit 192.168.30.0 0.0.0.255 access-list 23 permit 192.168.32.0 0.0.0.255 access-list 50 remark SDM_ACL Category=1 access-list 50 deny 192.168.50.0 0.0.0.255 access-list 50 deny 192.168.51.0 0.0.0.255 access-list 50 permit 192.168.0.0 0.0.255.255 access-list 100 remark SDM_ACL Category=1 access-list 100 permit ip any any access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip any any access-list 102 remark Auto generated by SDM Management Access feature access-list 102 remark SDM_ACL Category=1 access-list 102 permit udp host 192.168.1.1 eq domain any access-list 102 permit ip any any access-list 103 remark SDM_ACL Category=1 access-list 103 permit udp any any eq 22 access-list 103 permit tcp any any eq 22 access-list 103 permit ip 192.168.0.0 0.0.255.255 any access-list 103 permit ip 192.168.17.0 0.0.0.255 any access-list 103 permit ip 172.22.3.0 0.0.0.255 any access-list 103 permit ip 192.168.30.0 0.0.0.255 any access-list 103 permit ip 172.21.0.0 0.0.0.255 any access-list 104 remark Auto generated by SDM Management Access feature access-list 104 remark SDM_ACL Category=1 access-list 104 permit ip any any access-list 150 remark over nordlink access-list 150 remark SDM_ACL Category=2 access-list 150 deny tcp any any eq smtp log access-list 150 permit ip 192.168.1.0 0.0.0.255 any access-list 150 permit ip 192.168.39.0 0.0.0.255 any access-list 160 remark over spline access-list 160 remark SDM_ACL Category=2 access-list 160 permit icmp 192.168.1.0 0.0.0.255 any access-list 160 permit tcp host 192.168.1.1 any eq www access-list 160 permit tcp host 192.168.1.1 any eq 3128 access-list 160 permit tcp host 192.168.1.1 any eq 443 access-list 160 permit tcp host 192.168.1.1 any range 8000 8090 access-list 160 permit tcp host 192.168.1.1 any eq domain access-list 160 permit udp host 192.168.1.1 any eq domain access-list 160 permit udp host 192.168.1.1 any eq ntp access-list 160 permit tcp host 192.168.1.1 any eq ftp access-list 160 permit tcp host 192.168.1.1 any eq ftp-data access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq pop3 access-list 160 permit ip 192.168.39.0 0.0.0.255 any access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq smtp log access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq 5190 access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq 443 access-list 170 remark SDM_ACL Category=2 access-list 170 deny ip host 217.77.52.241 any access-list 170 permit ip host 192.168.1.1 any access-list 170 permit ip host 192.168.1.250 any access-list 170 permit icmp 192.168.0.0 0.0.0.255 any access-list 170 permit icmp 192.168.200.0 0.0.0.255 any access-list 170 permit icmp 192.168.203.0 0.0.0.255 any access-list 170 deny ip any any log snmp-server community public RO no cdp run ! ! ! route-map rip-map permit 10 match ip address permit 10 50 ! route-map nordlink-NAT permit 10 match ip address 150 match ip next-hop 15 ! route-map spline-NAT permit 10 match ip address 160 match ip next-hop 16 ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip bridge 2 route ip banner login Kirova router ! line con 0 no modem enable line aux 0 line vty 0 4 access-class 103 in exec-timeout 30 0 privilege level 15 transport input telnet ssh ! scheduler max-task-time 5000 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end
	Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору

Архив \| Удалить	Индекс форумов \| Темы \| Пред. тема \| След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 \| 2 \| 3 \| 4 \| 5 ] [Рекомендовать для помещения в FAQ]