Configurazione ADSL Infostrada

Configurazioni per connettività ADSL, ISDN e switch per privati e piccole network

Moderatore: Federico.Lagni

Rispondi
bike70
Cisco fan
Messaggi: 55
Iscritto il: sab 15 set , 2007 8:55 am

guarda ti allego nelle parti di interesse la mia.Infostrada 7mega.é strano notarlo ma in effetti l'incapuslamento dell'atm e cioè aal5snap è giusto (llc) ma io l'ho fatto in vc-mux e cioè aal4mux e funziona bene.
hostname CIS-877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$bd/8$7OZgnM6spUV9ZRsjOqbce/
!
no aaa new-model
clock timezone CET 1
!
!
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.3
ip dhcp excluded-address 192.168.2.50
ip dhcp excluded-address 192.168.2.190
ip dhcp excluded-address 192.168.2.10
!
ip dhcp pool CLIENT
network 192.168.2.0 255.255.255.0
default-router 192.168.2.190
dns-server 193.70.152.15 193.70.152.25
lease 3
!
!
no ip cef
ip domain name casa.lan
ip name-server 193.70.152.15
ip name-server 193.70.152.25
ip ddns update method DYNDNS
HTTP
add http://user:[email protected]/ ... s&hostname>
remove http://user:[email protected]/ ... ndns&hostn>
interval maximum 28 0 0 0
!
no ipv6 cef
ntp server 193.204.114.232
!
multilink bundle-name authenticated
!
!
!
!
no spanning-tree vlan 1
username andrea password 7 0865094F0718091E011F0D406F
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key ***** address xx.xx.xx.34 no-xauth
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map myvpn local-address Dialer0
crypto map myvpn 10 ipsec-isakmp
set peer xx.xx.xx.34
set transform-set myset
match address 104
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface FastEthernet0
shutdown
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.2.190 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan10
no ip address
!
interface Dialer0
mtu 1492
ip ddns update hostname ******.ns0.it
ip ddns update DYNDNS
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname infostrada
ppp chap password 7 111E100B13
ppp pap sent-username infostrada password 7 14001B0508
crypto map myvpn
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 102 interface Dialer0 overload
no logging trap
access-list 102 deny ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 104 permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255

OHh, sono anche buono....ti ho messo pure la configurazione della vpn ipsec l2l , che funziona pure.
Ciao
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

questa è la mia config con adsl infostrada

Codice: Seleziona tutto

vpdn enable
!         
!         
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 no ip mroute-cache
 no cdp enable
 hold-queue 100 out
!         
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 hold-queue 224 in
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!         
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no ip mroute-cache
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME
 ppp chap password 7 0859454HY5GH4J5
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip nat inside source list 100 interface Dialer0 overload
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
paolomat75
Messianic Network master
Messaggi: 2965
Iscritto il: ven 29 gen , 2010 10:25 am
Località: Prov di GE

La butto li.... non è che stai usando un DNS maffo?
Non cade foglia che l'inconscio non voglia (S.B.)
Avatar utente
cosibello
n00b
Messaggi: 7
Iscritto il: lun 05 mag , 2014 10:13 pm
Località: Roma

Salve, grazie a questo post di therider1290, sono riuscito a configurare il mio Cisco 887MW, config che va bene anche per aliceadsl in ppoe, ma vorrei segnalare un piccolo problema che sicuramente essendo un neofita, non capisco perchè il DynDns aggiorna l'IP, ma non c'è ingresso sulla porta vorrei capire perchè, allego Grazie anticipatamente! la conf:
hostname Cisco887
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$Ixy2$nKnKVVSHLC2lyBII9vwPL.
!
aaa new-model
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
memory-size iomem 10
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
!ip source-route
!
ip dhcp excluded-address 192.168.111.1
ip dhcp excluded-address 192.168.111.10
ip dhcp excluded-address 192.168.111.15
ip dhcp excluded-address 192.168.111.20
ip dhcp excluded-address 192.168.111.25
!
ip dhcp pool DSL_DHCP
import all
network 192.168.111.0 255.255.255.0
default-router 192.168.111.1
dns-server 8.8.8.8 8.8.4.4
!
ip cef
no ip bootp server
ip domain name pippo.dyndns.org
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
ip ddns update method DynDNS
HTTP
add http://[username]:[Passwd]@members.dynd ... 13.248.116
remove http://[username]:[Passwd]@members.dynd ... 13.248.116
interval maximum 28 0 0 0
interval minimum 28 0 0 0
!
no ipv6 cef
!
license udi pid CISCO887MW-GN-E-K9 sn FGL1543204S
!
ip tcp synwait-time 10
!
interface Null0
no ip unreachables
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
description DSL Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description Outside Interface
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
pppoe-client dial-pool-number 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description Internal Interface$FW_INSIDE$
ip address 192.168.111.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer1
ip ddns update hostname pippo.dyndns.org
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 7 094D42001A0016161800
ppp pap sent-username aliceadsl password 7 045A070F0C244D4A1A15
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip nat inside source static tcp 192.168.111.15 15500 interface Dialer1 15500
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 192.168.111.0 0.0.0.255 any
!
logging trap debugging
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.111.0 0.0.0.255 any
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 101 permit tcp host 204.13.248.116 eq www any log
!
control-plane
!
banner motd ^CC!!! Accesso Vietato!!!^C
!
line con 0
password 7 15130F010D2429282B
no modem enable
line aux 0
line 2
password 7 094D4A04100B151E08
logging synchronous
login authentication local_authen
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
password 7 0207005602080D2D4F
login authentication local_authen
transport output telnet
!
scheduler max-task-time 5000
end

Cisco887#
Forse Dio vuole che incontriamo un po’ di gente sbagliata prima di incontrare quella giusta, cosi quando finalmente la incontreremo... sapremo come essere riconoscenti per quel Regalo!
paolomat75
Messianic Network master
Messaggi: 2965
Iscritto il: ven 29 gen , 2010 10:25 am
Località: Prov di GE

Ciao,
siccome hai messo su il firewall (vecchio tipo), devi aggiungere nella ACL 101 il traffico che vuoi in ingresso, se no non passerà mai.

Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
Avatar utente
cosibello
n00b
Messaggi: 7
Iscritto il: lun 05 mag , 2014 10:13 pm
Località: Roma

Grazie Paolo per la risposta, come ho scritto sopra, sono una NEOFITA! sono ai primi passi, ho bisogno di un esempio pratico per capire, un riferimento dove devo aggiungere, la config è reale, tranne le Passwd, per questo ti chiedo gentilmente di fare un esempio Pratico:
La porta è 15500, l'IP sul server è 192.168.111.15, cosa devo modificare o aggiungere per accedere dall'esterno?
access-list 1 permit 192.168.111.0 0.0.0.255,
access-list 101 permit tcp any any eq 15500,
oppure questo: access-list 1 permit tcp host 204.13.248.116 eq www any log.
Non so in grado di mettere in pratica quello che hai postato.
Paolo... Ti ringrazio Tantissimo!
Io sono un vecchio ispettore della Polizia di Stato in quiescenza, l'Ozio non fa per me!
seguo e leggo tantissimo i post di questo Forum, ringrazio tutto lo staff.
Forse Dio vuole che incontriamo un po’ di gente sbagliata prima di incontrare quella giusta, cosi quando finalmente la incontreremo... sapremo come essere riconoscenti per quel Regalo!
Avatar utente
cosibello
n00b
Messaggi: 7
Iscritto il: lun 05 mag , 2014 10:13 pm
Località: Roma

paolomat75 ha scritto:Ciao,
siccome hai messo su il firewall (vecchio tipo), devi aggiungere nella ACL 101 il traffico che vuoi in ingresso, se no non passerà mai.

Paolo
Grazie Paolo per la risposta, come ho scritto sopra, sono una NEOFITA! sono ai primi passi, la config l'ho modificata, diciamo che va, ma... l'unico inconveniete è che il DynDns non mi aggiorna l'IP, devo collegarmi sul sito DynDns.com entrare in My Host e aggiornare a manina l'indirizzo ip, potrei mettere un VPS, ma il problema rimane, per me è importante che il DynDns Funzioni! se puoi cancella tutto quello che non serve, modifica pure, sto diventando matto ci sono 25 PC collegati come client... giorno e notte ma se va via la corrente... va tutto a puttane!

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 LZpNNowC
!
no aaa new-model
!
memory-size iomem 10
!
clock timezone MET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-470017061
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-470017061
revocation-check none
rsakeypair TP-self-signed-470017061
!
crypto pki certificate chain TP-self-signed-470017061
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
ip source-route
!
ip dhcp excluded-address 192.168.111.1
ip dhcp excluded-address 192.168.111.10
ip dhcp excluded-address 192.168.111.15
ip dhcp excluded-address 192.168.111.20
ip dhcp excluded-address 192.168.111.25
!
ip dhcp pool DS_DHCP
import all
network 192.168.111.0 255.255.255.0
update dns both
default-router 192.168.111.1
!
!
ip cef
no ip domain lookup
ip domain name cameltvcc.dyndns.org
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 151.99.125.2
ip name-server 151.99.125.1
ip ddns update method dyndns
HTTP
[add http://[pippo]:[passwd]@members.dyndns. ... rg&myip=<a>]
remove http://[pippo]:[passwd]@members.dyndns. ... rg&myip=<a>]
interval maximum 28 0 0 0
interval minimum 18 0 0 0
!
no ipv6 cef
ipv6 multicast rpf use-bgp
!
multilink bundle-name authenticated
license udi pid CISCO887G-K9 sn FCZ14209233
!
username Cisco privilege 15 password xxx
!
interface ATM0
description DSL Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
hold-queue 224 in
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
description Internal Interface
ip ddns update hostname pippo.dyndns.org
ip ddns update dyndns
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ipv6 address NODE-PD ::1/64
ipv6 enable
!
interface Dialer0
description Connessione ad INTERNET (PPPoA Alice 20 Mega)
mtu 1492
ip ddns update hostname pippo.dyndns.org
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ipv6 address FE80::1 link-local
ipv6 address autoconfig
ipv6 enable
ppp authentication chap callin
ppp chap hostname aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl password 0 aliceadsl
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 5000
ip nat inside source static tcp 192.168.111.15 15500 interface Dialer0 15500
ip nat inside source static udp 192.168.111.15 15500 interface Dialer0 15500
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 9 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended MGMT-IN
permit ip 192.168.111.0 0.0.0.255 any
ip access-list extended NAT
permit ip 192.168.111.0 0.0.0.255 any
ip access-list extended filtri_ingresso
permit tcp host 63.208.196.96 any
!
logging trap debugging
access-list 1 permit 192.168.111.0 0.0.0.255
access-list 9 permit 192.168.111.0 0.0.0.255
access-list 100 deny ip host 255.255.255.255 any
access-list 100 permit tcp host 204.13.248.116 eq www any log
access-list 101 deny ip host 0.0.0.0 any
access-list 101 permit tcp host 204.13.248.116 any
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit tcp host 204.13.248.116 eq www any log
access-list 101 permit tcp host 63.208.196.96 any
access-list 101 permit tcp host 63.208.196.96 eq www any log
access-list 101 deny ip host 255.255.255.255 any
no cdp run
!
ipv6 route 2000::/3 Dialer0
ipv6 route ::/0 Dialer0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line 3
no exec
line vty 0 4
access-class 1 in
exec-timeout 0 0
privilege level 15
password admin
logging synchronous
login
transport input telnet ssh
!
scheduler max-task-time 5000
end
Forse Dio vuole che incontriamo un po’ di gente sbagliata prima di incontrare quella giusta, cosi quando finalmente la incontreremo... sapremo come essere riconoscenti per quel Regalo!
Rispondi