Configurazione ADSL Infostrada

Configurazioni per connettività ADSL, ISDN e switch per privati e piccole network

Moderatori: TheIrish, Wizard, andrewp

Configurazione ADSL Infostrada

Messaggioda therider1290 » mer 14 mar , 2012 11:01 pm

Ciao a tutti, mi sono appena iscritto, vi pongo un quesito che mi sta facendo diventare matto.
Ho un router cisco 877 che non riesco a configurare per Libero ADSL 8 mega.

Incapsulamento PPPoe LLC

lui funziona correttamente solo non riesco a vedere i siti web autenticati (in ebay non entro nel Mio eBay per esempio, non posso vedere i Cisco Supportforums.... ma banca per esempio funziona!! solo CERTI siti in https) oltre una certa lentezza a rispondere.
Inoltre la mia VPN nonostante avevo le acl e il nat corretto non andava.
allego configurazione

hostname ROUTER01

service password-encryption

enable secret <Password>
username <Username> privilege 15 secret <Password>

interface Vlan 1
description Internal Interface
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

interface ATM 0
description DSL Interface
ip directed-broadcast
ip mask-reply
ip route-cache flow
no ip address
dsl operating-mode auto
no shutdown
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1

interface Dialer 1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp pap sent-username <Username> password <Password>
ppp chap hostname <Username>
ppp chap password <Password>
no shut

ip access-list extended DSL_ACCESSLIST
100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list DSL_ACCESSLIST interface dialer 1 overload

ip domain name CavanaSystems.local
ip domain lookup
ip name-server 208.67.222.222
ip name-server 208.67.220.220

ip dhcp pool DSL_DHCP
network 192.168.1.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.1.1
import all

ip route 0.0.0.0 0.0.0.0 dialer 1

ntp server 193.204.114.232 prefer source Dialer1

line con 0
exec-timeout 15 0
logging synchronous
login local
no modem enable
line aux 0
exec-timeout 15 0
logging synchronous
login local
line vty 0 4
exec-timeout 15 0
logging synchronous
login local

Ragazzi chi mi aiuta ha la cena pagata, non so dove sbattere la testa!
therider1290
Cisco fan
 
Messaggi: 27
Iscritto il: mer 14 mar , 2012 10:53 pm

Re: Configurazione ADSL Infostrada

Messaggioda bike70 » mer 14 mar , 2012 11:11 pm

guarda ti allego nelle parti di interesse la mia.Infostrada 7mega.é strano notarlo ma in effetti l'incapuslamento dell'atm e cioè aal5snap è giusto (llc) ma io l'ho fatto in vc-mux e cioè aal4mux e funziona bene.
hostname CIS-877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$bd/8$7OZgnM6spUV9ZRsjOqbce/
!
no aaa new-model
clock timezone CET 1
!
!
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.3
ip dhcp excluded-address 192.168.2.50
ip dhcp excluded-address 192.168.2.190
ip dhcp excluded-address 192.168.2.10
!
ip dhcp pool CLIENT
network 192.168.2.0 255.255.255.0
default-router 192.168.2.190
dns-server 193.70.152.15 193.70.152.25
lease 3
!
!
no ip cef
ip domain name casa.lan
ip name-server 193.70.152.15
ip name-server 193.70.152.25
ip ddns update method DYNDNS
HTTP
add http://user:password@members.dyndns.it/ ... s&hostname>
remove http://user:password@members.dyndns.it/ ... ndns&hostn>
interval maximum 28 0 0 0
!
no ipv6 cef
ntp server 193.204.114.232
!
multilink bundle-name authenticated
!
!
!
!
no spanning-tree vlan 1
username andrea password 7 0865094F0718091E011F0D406F
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key ***** address xx.xx.xx.34 no-xauth
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map myvpn local-address Dialer0
crypto map myvpn 10 ipsec-isakmp
set peer xx.xx.xx.34
set transform-set myset
match address 104
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface FastEthernet0
shutdown
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.2.190 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan10
no ip address
!
interface Dialer0
mtu 1492
ip ddns update hostname ******.ns0.it
ip ddns update DYNDNS
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname infostrada
ppp chap password 7 111E100B13
ppp pap sent-username infostrada password 7 14001B0508
crypto map myvpn
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 102 interface Dialer0 overload
no logging trap
access-list 102 deny ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 104 permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255




OHh, sono anche buono....ti ho messo pure la configurazione della vpn ipsec l2l , che funziona pure.
Ciao
bike70
Cisco fan
 
Messaggi: 55
Iscritto il: sab 15 set , 2007 8:55 am

Re: Configurazione ADSL Infostrada

Messaggioda therider1290 » mer 14 mar , 2012 11:24 pm

che gli venisse un colpo a lui (877) e a tutta la cisco.

stessa roba di prima IDENTICA.

Ma cosa può essere?
therider1290
Cisco fan
 
Messaggi: 27
Iscritto il: mer 14 mar , 2012 10:53 pm

Re: Configurazione ADSL Infostrada

Messaggioda therider1290 » mer 14 mar , 2012 11:46 pm

allego ulteriori dettagli: neanche molti siti non autenticati non vanno, ad esempio linkedin.

questo scherzo mi era già successo una volta settando in pppoa un router netgear, sempre su questa linea, tornando in pppoe la cosa si è risolta.
come se ignorasse la mia configurazione e si connettesse lo stesso in pppoa.
therider1290
Cisco fan
 
Messaggi: 27
Iscritto il: mer 14 mar , 2012 10:53 pm

Re: Configurazione ADSL Infostrada

Messaggioda anubisg1 » gio 15 mar , 2012 10:07 am

questa è la mia config con adsl infostrada

Codice: Seleziona tutto
vpdn enable
!         
!         
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 no ip mroute-cache
 no cdp enable
 hold-queue 100 out
!         
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 hold-queue 224 in
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!         
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no ip mroute-cache
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME
 ppp chap password 7 0859454HY5GH4J5
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip nat inside source list 100 interface Dialer0 overload
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
Cisco CCNA, CCNA Wireless, CCNP R&S Certified
Cisco CCIE Student
Juniper JNCIA Student
Immagine
http://journey4ccie.com
Avatar utente
anubisg1
Cisco pathologically enlightened user
 
Messaggi: 216
Iscritto il: lun 18 ott , 2010 11:05 am

Re: Configurazione ADSL Infostrada

Messaggioda paolomat75 » gio 15 mar , 2012 2:08 pm

La butto li.... non è che stai usando un DNS maffo?
CCNA Pass - CCIE R&S Studying....
Non cade foglia che l'incoscio non voglia (S.B.)
paolomat75
Messianic Network master
 
Messaggi: 2143
Iscritto il: ven 29 gen , 2010 10:25 am
Località: Prov di GE

Re: Configurazione ADSL Infostrada

Messaggioda therider1290 » gio 15 mar , 2012 7:25 pm

I dns sono quelli di opendns.

I nomi li risolvo correttamente, per scrupolo sto provando con un altro 877 con ios fermo alla 12.4 e continua a NON funzionare correttamente.

cavolo ma cosa può essere? a me suona come MTU sbagliato! però è giusto! 1492! qualche anima pia sa il mtu da forzare all'interfaccia ATM?
therider1290
Cisco fan
 
Messaggi: 27
Iscritto il: mer 14 mar , 2012 10:53 pm

Re: Configurazione ADSL Infostrada

Messaggioda therider1290 » gio 15 mar , 2012 8:09 pm

FUNZIONAAAA

datemi un paio di giorni che faccio una configurazione bella ordinata, pulita con ddns e amenità varie che la posto per i posteri )))
therider1290
Cisco fan
 
Messaggi: 27
Iscritto il: mer 14 mar , 2012 10:53 pm

Re: Configurazione ADSL Infostrada

Messaggioda therider1290 » ven 16 mar , 2012 7:58 pm

Come promesso, allego per i posteri la mia configurazione rivelatasi funzionante dopo molte peripezie, il segreto era
vlan 1
ip tcp adjust-mss 1412
therider1290
Cisco fan
 
Messaggi: 27
Iscritto il: mer 14 mar , 2012 10:53 pm

Re: Configurazione ADSL Infostrada

Messaggioda therider1290 » ven 16 mar , 2012 7:58 pm

Allego qui configurazione completa

Router01#sh run
Building configuration...

Current configuration : 6852 bytes
!
! No configuration change since last restart
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router01
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 <Password>
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
!
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1377365583
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1377365583
revocation-check none
rsakeypair TP-self-signed-1377365583
!
!
crypto pki certificate chain TP-self-signed-1377365583
certificate self-signed 01
OMISSIS
quit
dot11 syslog
no ip source-route
!
ip dhcp excluded-address 192.168.1.100 192.168.1.254
!
ip dhcp pool DSL_DHCP
import all
network 192.168.1.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.1.1
!
!
!
ip cef
no ip bootp server
ip domain name <Nome_Dominio>
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
ip ddns update method DynDNS
HTTP
add http://<Username>:<Password>@members.dyndns.org/nic/update?system=dyndns&hostname=<Dominio>&myip=
remove http://<Username>:<Password>@members.dyndns.org/nic/update?system=dyndns&hostname=<Dominio>&myip=
interval maximum 28 0 0 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username luca privilege 15 secret 5 <Password>
!
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
description DSL Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description Outside Interface
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
description Internal Interface$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer1
description $FW_OUTSIDE$
ip ddns update hostname <Dominio>
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname <Username_ADSL>
ppp chap password 7 <Password_ADSL>
ppp pap sent-username <Username_ADSL> password 7 <Password_ADSL>
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 192.168.1.0 0.0.0.255 any
!
logging trap debugging
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp host 208.67.222.222 eq domain any
access-list 101 permit udp host 208.67.220.220 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
login authentication local_authen
no modem enable
transport output telnet
line aux 0
logging synchronous
login authentication local_authen
transport output telnet
line vty 0 4
authorization exec local_author
logging synchronous
login authentication local_authen
transport input telnet
!
scheduler allocate 4000 1000
scheduler interval 500
ntp server 193.204.114.232 prefer source Dialer1
end

Router01#sh ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 15.1(4)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 15-Jun-11 00:44 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

Router01 uptime is 18 hours, 56 minutes
System returned to ROM by reload at 00:12:14 CET Fri Mar 16 2012
System restarted at 00:13:08 CET Fri Mar 16 2012
System image file is "flash:c870-advipservicesk9-mz.151-4.M1.bin"
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 877 (MPC8272) processor (revision 4.0) with 236544K/25600K bytes of memory.
Processor board ID FHK134678JF
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
128K bytes of non-volatile configuration memory.
53248K bytes of processor board System flash (Intel Strataflash)



Configuration register is 0x2102

Router01#
therider1290
Cisco fan
 
Messaggi: 27
Iscritto il: mer 14 mar , 2012 10:53 pm

Re: Configurazione ADSL Infostrada

Messaggioda cosibello » mar 24 giu , 2014 9:51 am

Salve, grazie a questo post di therider1290, sono riuscito a configurare il mio Cisco 887MW, config che va bene anche per aliceadsl in ppoe, ma vorrei segnalare un piccolo problema che sicuramente essendo un neofita, non capisco perchè il DynDns aggiorna l'IP, ma non c'è ingresso sulla porta vorrei capire perchè, allego Grazie anticipatamente! la conf:
hostname Cisco887
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$Ixy2$nKnKVVSHLC2lyBII9vwPL.
!
aaa new-model
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
memory-size iomem 10
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
!ip source-route
!
ip dhcp excluded-address 192.168.111.1
ip dhcp excluded-address 192.168.111.10
ip dhcp excluded-address 192.168.111.15
ip dhcp excluded-address 192.168.111.20
ip dhcp excluded-address 192.168.111.25
!
ip dhcp pool DSL_DHCP
import all
network 192.168.111.0 255.255.255.0
default-router 192.168.111.1
dns-server 8.8.8.8 8.8.4.4
!
ip cef
no ip bootp server
ip domain name pippo.dyndns.org
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
ip ddns update method DynDNS
HTTP
add http://[username]:[Passwd]@members.dyndns.org/nic/update?system=dyndns&hostname=pippo.dyndns.org&myip=204.13.248.116
remove http://[username]:[Passwd]@members.dyndns.org/nic/update?system=dyndns&hostname=pippo.dyndns.org&myip=204.13.248.116
interval maximum 28 0 0 0
interval minimum 28 0 0 0
!
no ipv6 cef
!
license udi pid CISCO887MW-GN-E-K9 sn FGL1543204S
!
ip tcp synwait-time 10
!
interface Null0
no ip unreachables
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
description DSL Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description Outside Interface
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
pppoe-client dial-pool-number 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description Internal Interface$FW_INSIDE$
ip address 192.168.111.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer1
ip ddns update hostname pippo.dyndns.org
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 7 094D42001A0016161800
ppp pap sent-username aliceadsl password 7 045A070F0C244D4A1A15
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip nat inside source static tcp 192.168.111.15 15500 interface Dialer1 15500
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 192.168.111.0 0.0.0.255 any
!
logging trap debugging
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.111.0 0.0.0.255 any
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 101 permit tcp host 204.13.248.116 eq www any log
!
control-plane
!
banner motd ^CC!!! Accesso Vietato!!!^C
!
line con 0
password 7 15130F010D2429282B
no modem enable
line aux 0
line 2
password 7 094D4A04100B151E08
logging synchronous
login authentication local_authen
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
password 7 0207005602080D2D4F
login authentication local_authen
transport output telnet
!
scheduler max-task-time 5000
end

Cisco887#
Forse Dio vuole che incontriamo un po’ di gente sbagliata prima di incontrare quella giusta, cosi quando finalmente la incontreremo... sapremo come essere riconoscenti per quel Regalo!
Avatar utente
cosibello
n00b
 
Messaggi: 7
Iscritto il: lun 05 mag , 2014 10:13 pm
Località: Roma

Re: Configurazione ADSL Infostrada

Messaggioda paolomat75 » mar 24 giu , 2014 10:06 am

Ciao,
siccome hai messo su il firewall (vecchio tipo), devi aggiungere nella ACL 101 il traffico che vuoi in ingresso, se no non passerà mai.

Paolo
CCNA Pass - CCIE R&S Studying....
Non cade foglia che l'incoscio non voglia (S.B.)
paolomat75
Messianic Network master
 
Messaggi: 2143
Iscritto il: ven 29 gen , 2010 10:25 am
Località: Prov di GE

Re: Configurazione ADSL Infostrada

Messaggioda cosibello » mar 24 giu , 2014 1:34 pm

Grazie Paolo per la risposta, come ho scritto sopra, sono una NEOFITA! sono ai primi passi, ho bisogno di un esempio pratico per capire, un riferimento dove devo aggiungere, la config è reale, tranne le Passwd, per questo ti chiedo gentilmente di fare un esempio Pratico:
La porta è 15500, l'IP sul server è 192.168.111.15, cosa devo modificare o aggiungere per accedere dall'esterno?
access-list 1 permit 192.168.111.0 0.0.0.255,
access-list 101 permit tcp any any eq 15500,
oppure questo: access-list 1 permit tcp host 204.13.248.116 eq www any log.
Non so in grado di mettere in pratica quello che hai postato.
Paolo... Ti ringrazio Tantissimo!
Io sono un vecchio ispettore della Polizia di Stato in quiescenza, l'Ozio non fa per me!
seguo e leggo tantissimo i post di questo Forum, ringrazio tutto lo staff.
Forse Dio vuole che incontriamo un po’ di gente sbagliata prima di incontrare quella giusta, cosi quando finalmente la incontreremo... sapremo come essere riconoscenti per quel Regalo!
Avatar utente
cosibello
n00b
 
Messaggi: 7
Iscritto il: lun 05 mag , 2014 10:13 pm
Località: Roma

Re: Configurazione ADSL Infostrada

Messaggioda cosibello » mer 02 lug , 2014 12:34 am

paolomat75 ha scritto:Ciao,
siccome hai messo su il firewall (vecchio tipo), devi aggiungere nella ACL 101 il traffico che vuoi in ingresso, se no non passerà mai.

Paolo


Grazie Paolo per la risposta, come ho scritto sopra, sono una NEOFITA! sono ai primi passi, la config l'ho modificata, diciamo che va, ma... l'unico inconveniete è che il DynDns non mi aggiorna l'IP, devo collegarmi sul sito DynDns.com entrare in My Host e aggiornare a manina l'indirizzo ip, potrei mettere un VPS, ma il problema rimane, per me è importante che il DynDns Funzioni! se puoi cancella tutto quello che non serve, modifica pure, sto diventando matto ci sono 25 PC collegati come client... giorno e notte ma se va via la corrente... va tutto a puttane!

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 LZpNNowC
!
no aaa new-model
!
memory-size iomem 10
!
clock timezone MET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-470017061
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-470017061
revocation-check none
rsakeypair TP-self-signed-470017061
!
crypto pki certificate chain TP-self-signed-470017061
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
ip source-route
!
ip dhcp excluded-address 192.168.111.1
ip dhcp excluded-address 192.168.111.10
ip dhcp excluded-address 192.168.111.15
ip dhcp excluded-address 192.168.111.20
ip dhcp excluded-address 192.168.111.25
!
ip dhcp pool DS_DHCP
import all
network 192.168.111.0 255.255.255.0
update dns both
default-router 192.168.111.1
!
!
ip cef
no ip domain lookup
ip domain name cameltvcc.dyndns.org
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 151.99.125.2
ip name-server 151.99.125.1
ip ddns update method dyndns
HTTP
[add http://[pippo]:[passwd]@members.dyndns.org/nic/update?system=dyndns&hostname=pippo.dyndns.org&myip=<a>]
remove http://[pippo]:[passwd]@members.dyndns.org/nic/update?system=dyndns&hostname=pippo.dyndns.org&myip=<a>]
interval maximum 28 0 0 0
interval minimum 18 0 0 0
!
no ipv6 cef
ipv6 multicast rpf use-bgp
!
multilink bundle-name authenticated
license udi pid CISCO887G-K9 sn FCZ14209233
!
username Cisco privilege 15 password xxx
!
interface ATM0
description DSL Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
hold-queue 224 in
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
description Internal Interface
ip ddns update hostname pippo.dyndns.org
ip ddns update dyndns
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ipv6 address NODE-PD ::1/64
ipv6 enable
!
interface Dialer0
description Connessione ad INTERNET (PPPoA Alice 20 Mega)
mtu 1492
ip ddns update hostname pippo.dyndns.org
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ipv6 address FE80::1 link-local
ipv6 address autoconfig
ipv6 enable
ppp authentication chap callin
ppp chap hostname aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl password 0 aliceadsl
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 5000
ip nat inside source static tcp 192.168.111.15 15500 interface Dialer0 15500
ip nat inside source static udp 192.168.111.15 15500 interface Dialer0 15500
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 9 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended MGMT-IN
permit ip 192.168.111.0 0.0.0.255 any
ip access-list extended NAT
permit ip 192.168.111.0 0.0.0.255 any
ip access-list extended filtri_ingresso
permit tcp host 63.208.196.96 any
!
logging trap debugging
access-list 1 permit 192.168.111.0 0.0.0.255
access-list 9 permit 192.168.111.0 0.0.0.255
access-list 100 deny ip host 255.255.255.255 any
access-list 100 permit tcp host 204.13.248.116 eq www any log
access-list 101 deny ip host 0.0.0.0 any
access-list 101 permit tcp host 204.13.248.116 any
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit tcp host 204.13.248.116 eq www any log
access-list 101 permit tcp host 63.208.196.96 any
access-list 101 permit tcp host 63.208.196.96 eq www any log
access-list 101 deny ip host 255.255.255.255 any
no cdp run
!
ipv6 route 2000::/3 Dialer0
ipv6 route ::/0 Dialer0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line 3
no exec
line vty 0 4
access-class 1 in
exec-timeout 0 0
privilege level 15
password admin
logging synchronous
login
transport input telnet ssh
!
scheduler max-task-time 5000
end
Forse Dio vuole che incontriamo un po’ di gente sbagliata prima di incontrare quella giusta, cosi quando finalmente la incontreremo... sapremo come essere riconoscenti per quel Regalo!
Avatar utente
cosibello
n00b
 
Messaggi: 7
Iscritto il: lun 05 mag , 2014 10:13 pm
Località: Roma


Torna a Configurazioni End User

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti