Cisco 1760 - NAT pool

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
promenade76
n00b
Messaggi: 1
Iscritto il: mar 13 feb , 2007 4:37 pm

Buona sera, sono nuovo del forum, quindi spero di non fare grossi errori.

La mia consigurazione è la seguente e funziona (le migliorie sono sempre ben accette).

Codice: Seleziona tutto

hostname ####
!
enable secret 5 #########################
enable password #############
!
clock summer-time OL recurring
ip subnet-zero
no ip source-route
!
!
ip domain name Cadan.it
!
!         
!
!
!
interface ATM0/0
 no ip address
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
!
interface ATM0/0.1 point-to-point
 description Rete Wan
 bandwidth 640
 ip address XXX.YYY.193.110 255.255.255.248
 ip nat outside
 pvc 8/35 
  ubr 640
  oam-pvc manage
  oam retry 5 5 1
  encapsulation aal5snap
 !
!
interface FastEthernet0/0
 description Rete LAN
 ip address 192.168.16.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip policy route-map ALBA
 speed auto
 no keepalive
!
interface Ethernet1/0
 description Rete WAN2
 ip address 192.168.1.2 255.255.255.0
 ip nat outside
 half-duplex
!
ip nat inside source list 50 interface ATM0/0.1 overload
ip nat inside source static esp 192.168.16.9 interface ATM0/0.1
ip nat inside source static tcp 192.168.16.2 80 XXX.YYY.193.107 80 extendable
ip nat inside source static tcp 192.168.16.2 110 XXX.YYY.193.107 110 extendable
ip nat inside source static tcp 192.168.16.2 443 XXX.YYY.193.107 443 extendable
ip nat inside source static tcp 192.168.16.2 3389 XXX.YYY.193.107 3389 extendable
ip nat inside source static tcp 192.168.16.2 25 XXX.YYY.193.107 25 extendable
ip nat inside source static tcp 192.168.16.6 3389 XXX.YYY.193.108 3389 extendable
ip nat inside source static tcp 192.168.16.6 80 XXX.YYY.193.108 80 extendable
ip nat inside source static 192.168.16.7 XXX.YYY.193.109
ip nat inside source static tcp 192.168.16.9 22 XXX.YYY.193.106 22 extendable
ip nat inside source static tcp 192.168.16.9 1723 XXX.YYY.193.106 1723 extendable
ip nat inside source static tcp 192.168.16.2 21 XXX.YYY.193.107 21 extendable
ip nat inside source static tcp 192.168.16.3 3389 XXX.YYY.193.106 3389 extendable
ip nat inside source static 192.168.16.201 192.168.1.2
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 ATM0/0.1
ip route 10.0.0.0 255.0.0.0 192.168.16.9 permanent name Linux
ip route 172.16.0.0 255.255.0.0 192.168.16.9 permanent name Linux
no ip http server
!
access-list 50 permit 192.168.16.0 0.0.0.255
access-list 51 permit 192.168.16.201
access-list 52 permit 192.168.16.201
access-list 100 permit ip 192.168.16.0 0.0.0.7 any
access-list 100 permit ip host 192.168.16.9 any
access-list 100 permit icmp 192.168.16.0 0.0.0.255 any
access-list 100 permit gre 192.168.16.0 0.0.0.255 any
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 1723
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq domain
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq www
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq telnet
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq pop3
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq nntp
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq ftp
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq ftp-data
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq echo
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq smtp
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 443
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 1433
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 3389
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 4899
access-list 100 permit udp 192.168.16.0 0.0.0.255 any eq ntp
access-list 100 permit udp 192.168.16.0 0.0.0.255 any eq 4899
access-list 100 permit udp 192.168.16.0 0.0.0.255 any eq domain
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 1863
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 6891
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 6901
access-list 100 permit udp 192.168.16.0 0.0.0.255 any eq 6901
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 81
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 8080
access-list 100 permit tcp 192.168.16.0 0.0.0.255 any eq 42424
access-list 100 permit tcp 192.168.16.0 0.0.0.255 host AAA.BBB.220.20 eq 4000
access-list 100 permit tcp 192.168.16.0 0.0.0.255 host AAA.BBB.220.20 eq 4001
route-map ALBA permit 10
 match ip address 52
 set ip next-hop 192.168.1.1
!
banner motd ^CC
*****************************************
*****  Gli accessi non autorizzati  *****
****          sono proibiti          ****
*****************************************
^C
!
line con 0
line aux 0
line vty 0 4
 password ############
 login
!
sntp server 193.204.114.105
!
end
ma passiamo al problema, devo modificare la configurazione affinchè dalla Rete Albacom (ETH 1/0) escano altri due computer.

la mia idea che non ha funzionato era la seguente
  • access-list 51 permit 192.168.16.3
    access-list 51 permit 192.168.16.60

    access-list 52 permit 192.168.16.3
    access-list 52 permit 192.168.16.60

    ip nat pool albacom 192.168.1.2 192.168.1.2 netmask 255.255.255.0

    no ip nat inside source static 192.168.16.201 192.168.1.2

    ip nat inside aource list 51 pool albacom overload
a questo punto non so cosa fare, qualcuno mi può aiutare

grazie giuseppe
Top
Rispondi

Torna a “Configurazioni”