Cosi ho optato per un secondary eth0 con li ip fissi ext direttamente sulle macchine; solo 1 problema .. non funziona
Penso di sbagliare nelle acl, boh ..
Codice: Seleziona tutto
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$3L8s$XVx8oBw/gjx5XuLQm9gew1
!
aaa new-model
!
!
!
aaa session-id common
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
!
!
!
ip cef
ip name-server 62.94.0.41
ip name-server 62.94.0.42
i
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
password encryption aes
!
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.240.0
ip address 80.86.xx.xx 255.255.255.224 secondary
ip access-group 100 in
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface Ethernet2
no ip address
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip access-group 102 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username xxxxxxxxx password 0 xxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
ip http server
ip http access-class 2
ip http secure-server
!
!
no logging trap
access-list 1 permit 192.168.0.0 0.0.15.255
access-list 2 permit 192.168.0.0 0.0.15.255
access-list 100 permit tcp 192.168.0.0 0.0.15.255 host 192.168.1.1 eq telnet
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit tcp 192.168.0.0 0.0.15.255 host 192.168.1.1 eq 22
access-list 100 permit tcp 192.168.0.0 0.0.15.255 host 192.168.1.1 eq www
access-list 100 permit tcp 192.168.0.0 0.0.15.255 host 192.168.1.1 eq 443
access-list 100 permit tcp 192.168.0.0 0.0.15.255 host 192.168.1.1 eq cmd
access-list 100 permit udp 192.168.0.0 0.0.15.255 host 192.168.1.1 eq snmp
access-list 100 deny tcp any host 192.168.1.1 eq telnet
access-list 100 deny tcp any host 192.168.1.1 eq 22
access-list 100 deny tcp any host 192.168.1.1 eq www
access-list 100 deny tcp any host 192.168.1.1 eq 443
access-list 100 deny tcp any host 192.168.1.1 eq cmd
access-list 100 deny udp any host 192.168.1.1 eq snmp
access-list 100 permit udp host 62.94.7.9 eq ntp host 192.168.1.1 eq ntp
access-list 100 permit ip any any
access-list 101 permit ip 192.168.0.0 0.0.15.255 any
access-list 102 permit udp host 62.94.0.2 eq domain any
access-list 102 permit udp host 62.94.0.1 eq domain any
access-list 102 permit udp host 62.94.0.42 eq domain any
access-list 102 permit udp host 62.94.0.41 eq domain any
access-list 102 permit udp host 62.94.7.9 eq ntp any eq ntp
access-list 102 deny ip 192.168.0.0 0.0.15.255 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 102 permit ip 80.86.xx.xx 255.255.255.224 any
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 100 in
exec-timeout 120 0
password
transport input telnet ssh
!
scheduler max-task-time 5000
ntp server 62.94.7.9
sntp server 62.94.7.9
end
