conf 1841 modificata

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
scansione
Cisco fan
Messaggi: 32
Iscritto il: mer 30 mag , 2012 8:38 pm
Località: Provincia di MB

ciao a tutti ho modificato questa configurazione ma qualcosa non funziona correttamente. non navigo e una voce del nat che non mi convince per niente. Riuscite a darmi una mano?

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname c1841
!
boot-start-marker
boot-end-marker
!
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
aaa session-id common
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.200 192.168.0.209
!
ip dhcp pool xxxxxxxx
import all
network 192.168.0.0 255.255.255.0
domain-name xxxxxxxxx
dns-server 8.8.8.8 192.168.0.1
default-router 192.168.0.1
lease infinite
!
!
ip name-server 80.244.118.75
ip name-server 192.168.0.1
ip name-server 8.8.8.8
!
!
crypto pki trustpoint TP-self-signed-2088314514
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2088314514
revocation-check none
rsakeypair TP-self-signed-2088314514
!
!
crypto pki certificate chain TP-self-signed-2088314514
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303838 33313435 3134301E 170D3137 30313238 32313038
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383833
31343531 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B050 6DF51A66 049DF541 01F77BEB 46FF62ED 4B641CD3 CB931A9F A84C8DF4
3CE68F7E 693B866C 69C566F8 10AAB459 2899B1E1 3FCAE0A9 9948C94D F3E32FF5
C6167E07 51C6370D FCE34674 0804E5DB FA01EF90 8C3EFC82 D2DD6575 AAAACE19
6E6C2C62 5425E46C 1327DDD2 7B580802 96D5AACA AAB77DF2 363AA6FD A754804B
C8910203 010001A3 65306330 0F060355 1D130101 FF040530 030101FF 30100603
551D1104 09300782 05633138 3431301F 0603551D 23041830 16801423 B71193B7
A8207C81 6FE9099B A5E73FC2 E046D730 1D060355 1D0E0416 041423B7 1193B7A8
207C816F E9099BA5 E73FC2E0 46D7300D 06092A86 4886F70D 01010405 00038181
000F6F23 43DB5DD0 071A3A03 85A95F3F 44CA6CE8 329B712D AE08B41F 35D277F7
290A4077 50ED72A2 74C432E1 487CCDFE 262548A2 652187BD 921FF717 DDAA1074
2192C7FE 9200712E 1830B37B E6A16EA4 D9B5F5C9 61F8BDA5 F8486C3A 953BC120
90D9728C F7596FC8 2F5AB92E 657EF62E B0C6D9DA 37EDE318 8BD99EA3 09443594 69
quit
username xxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxx
username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxx
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxxxxxx
key xxxxxxxxxxxx
dns 8.8.8.8 192.168.0.1
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list ciscocp_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list ciscocp_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
description lan
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex auto
speed auto
!
interface FastEthernet0/1
description wan dmz
no shutdown
ip address 192.168.1.50 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!


!
ip local pool SDM_POOL_1 192.168.0.200 192.168.0.209
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=2
access-list 100 deny ip any host 192.168.0.200
access-list 100 deny ip any host 192.168.0.201
access-list 100 deny ip any host 192.168.0.202
access-list 100 deny ip any host 192.168.0.203
access-list 100 deny ip any host 192.168.0.204
access-list 100 deny ip any host 192.168.0.205
access-list 100 deny ip any host 192.168.0.206
access-list 100 deny ip any host 192.168.0.207
access-list 100 deny ip any host 192.168.0.208
access-list 100 deny ip any host 192.168.0.209
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit (VOCE A MIO AVVISO ERRATA)
route-map SDM_RMAP_1 permit 1
match ip address 100
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.140 8001 interface FastEthernet0/0 8001
ip nat inside source static tcp 192.168.0.151 8002 interface FastEthernet0/0 8002
ip nat inside source static tcp 192.168.0.152 8003 interface FastEthernet0/0 8003
ip nat inside source static tcp 192.168.0.153 8004 interface FastEthernet0/0 8004
ip nat inside source static tcp 192.168.0.154 8005 interface FastEthernet0/0 8005
ip nat inside source static tcp 192.168.0.24 3389 interface FastEthernet0/0 3389
!
!
!
control-plane
!

!
line con 0
line aux 0
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
end

Grazie
Rispondi