Есть маршрутизатор Cisco 871. Подскажите плиз с настройкой, возможно ли настроить его так что:
1.в WAN (Fa4) приходит интернет от провайдера с белым ИП
2.настроить FA3 интерфейс для того чтобы развернуть маршрутизацию выделенных провайдером 3.еще белых IP адресов...
4.Настроить интерфейс FA2 c ип адресом 10.10.201.253 для того чтобы использовать этот роутер в качестве шлюза для доступа в голосувую сеть через через ВПН тунель настроенные на этом маршрутизаторе.
Вообщем вот конфиг как я себе это представляю, может кто чего подскажет или я где то ошибаюсь...
Building configuration...Current configuration : 4530 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Synt_WAN2
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login default local-case none
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.20.65
ip dhcp excluded-address 192.168.36.81
!
ip dhcp pool POS_KRR
network 192.168.20.64 255.255.255.240
default-router 192.168.20.65
dns-server 192.168.10.131
domain-name XXXXXXX.ru
option 176 ascii "L2Q=1,L2QVLAN=40"
!
ip dhcp pool voice_KRR
network 192.168.36.80 255.255.255.240
default-router 192.168.36.81
option 176 ascii "MCIPADD=192.168.11.138,MCPORT=1719,TFTPSRVR=192.168.10.81"
!
!
ip domain name XXXXXXXXX
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
password encryption aes
!
!
username XXXXXX privilege 15 password 7 1419171D09167E3F2C2D6264270014
username XXXXXX privilege 15 password 7 0257540B5A545F711C
!
!
class-map match-all voice_pos_KRR
match access-group name voice_pos_KRR
!
!
policy-map voice_pos_KRR
description Voice traffic prioritization for KRR POS
class voice_pos_KRR
priority 128
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 6 XXXXXXXXXXXXXXXX address 81.95.132.181
!
!
crypto ipsec transform-set VPN esp-3des esp-md5-hmac
!
crypto map Map_VPN_RUM 10 ipsec-isakmp
set peer 81.95.132.181 default
set security-association lifetime seconds 86000
set security-association idle-time 60
set transform-set VPN
match address ACL_IPSEC
!
!
!
!
interface FastEthernet0
switchport mode trunk
!
interface FastEthernet1
switchport access vlan 60
!
interface FastEthernet2
switchport access vlan 60
!
interface FastEthernet3
switchport access vlan 50
!
interface FastEthernet4
description *To Internet*
ip address 217.19.105.110 255.255.255.252
ip nat outside
ip virtual-reassembly
ip route-cache flow
speed auto
full-duplex
no cdp enable
crypto map Map_VPN_RUM
service-policy output voice_pos_KRR
!
interface Vlan1
no ip address
!
interface Vlan5
description *Internal LAN*
ip address 192.168.20.65 255.255.255.240
ip nat inside
ip virtual-reassembly
!
interface Vlan40
description *Voice Vlan*
ip address 192.168.36.81 255.255.255.240
ip helper-address 192.168.10.131
!
interface Vlan50
description *White pool*
ip address 109.106.213.121 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface Vlan60
ip address 10.10.201.253 255.255.254.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 217.19.105.109
!
!
no ip http server
no ip http secure-server
ip nat inside source list 110 interface FastEthernet4 overload
!
ip access-list extended ACL_IPSEC
permit ip 192.168.20.64 0.0.0.15 192.168.11.0 0.0.0.255
permit ip 192.168.20.64 0.0.0.15 192.168.32.0 0.0.3.255
permit ip 192.168.36.80 0.0.0.15 192.168.11.0 0.0.0.255
permit ip 192.168.36.80 0.0.0.15 192.168.32.0 0.0.3.255
permit ip 192.168.36.80 0.0.0.15 host 192.168.10.81
ip access-list extended voice_pos_KRR
permit ip 192.168.20.64 0.0.0.15 192.168.11.0 0.0.0.255
permit ip 192.168.20.64 0.0.0.15 192.168.32.0 0.0.3.255
permit ip 10.10.200.0 0.0.1.255 192.168.11.0 0.0.0.255
permit ip 10.10.200.0 0.0.1.255 192.168.32.0 0.0.3.255
!
access-list 110 deny ip 192.168.20.64 0.0.0.15 192.168.0.0 0.0.255.255
access-list 110 deny ip 192.168.36.80 0.0.0.15 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.20.64 0.0.0.15 host 195.68.159.98
access-list 110 permit ip 192.168.20.64 0.0.0.15 host 195.170.197.1
access-list 110 permit ip 192.168.20.64 0.0.0.15 host 69.20.46.210
access-list 110 permit ip 192.168.20.64 0.0.0.15 host 57.250.220.25
access-list 110 permit ip 192.168.20.64 0.0.0.15 host 212.158.160.250
access-list 110 permit ip 192.168.20.64 0.0.0.15 host 217.19.105.109
access-list 110 permit ip 192.168.20.64 0.0.0.15 62.105.147.152 0.0.0.7
access-list 110 permit ip 192.168.20.64 0.0.0.15 81.95.132.176 0.0.0.15
access-list 110 permit ip 109.106.213.120 0.0.0.7 any
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
end