telecom ip statico su cisco 877 (nodo juniper)

[@lan72]

salve vi scrivo perche dovrei configurare questa ip statico ma nn riesco proprio girando quà e la ho scoperto che adesso ci sono questi nodo juniper con subnet 0.. vi posto la conf magari dateci un'occhiata

Codice: Seleziona tutto

version 12.4
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname C877
!
boot-start-marker
boot-end-marker
!
logging exception 100000
logging count
logging userinfo
logging queue-limit 10000
logging buffered 150000 notifications
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
dot11 syslog
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name domain.it
ip name-server 151.99.125.1
ip name-server 208.67.222.222
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name IDS tcp
ip inspect name IDS udp
ip inspect name IDS ftp
login block-for 1 attempts 3 within 30
login on-failure
login on-success
!
multilink bundle-name authenticated
!
!
username Admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
archive
 log config
  hidekeys
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!
!
!
interface Null0
 no ip unreachables
!
interface ATM0
 no ip address
 ip mtu 1500
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 ip address 95.227.144.xxx 255.255.255.0
 ip access-group 131 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip mtu 1500
 ip nat outside
 ip inspect IDS out
 ip virtual-reassembly
 no ip mroute-cache
 pvc 8/35
  encapsulation aal5snap
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description Connessione LAN Virtuale
 ip address 10.xxx.33.228 255.255.255.0
 ip accounting output-packets
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 no ip mroute-cache
 hold-queue 100 out
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 95.227.144.254 (modo juniper invece di mettere atm01)
!
!
no ip http server
no ip http secure-server
ip nat pool INTERNET 95.227.144.xxx 95.227.144.xxx netmask 255.255.255.0
ip nat inside source list 100 pool INTERNET overload
ip nat inside source static tcp 10.xxx.33.220 25 95.227.144.xxx 25 extendable
ip nat inside source static tcp 10.xxx.33.220 143 95.227.144.xxx 143 extendable
ip nat inside source static tcp 10.xxx.33.220 443 95.227.144.xxx 443 extendable
!
!
no logging trap
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 100 permit ip 10.xxx.33.0 0.0.0.255 any
access-list 131 remark *** ACL ANTI-SPOOFING ***
access-list 131 deny   ip host 0.0.0.0 any log
access-list 131 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 131 deny   ip 192.0.2.0 0.0.0.255 any log
access-list 131 deny   ip 224.0.0.0 31.255.255.255 any log
access-list 131 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 131 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 131 deny   ip 192.168.0.0 0.0.255.255 any log
access-list 131 remark *** ACL PER CONTROLLARE TRAFFICO ICMP ***
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 permit icmp any any time-exceeded
access-list 131 permit icmp any any unreachable
access-list 131 permit icmp any any administratively-prohibited
access-list 131 permit icmp any any packet-too-big
access-list 131 permit icmp any any traceroute
access-list 131 deny   icmp any any
access-list 131 remark *** ACL PER BLOCCARE L'ACCESSO A VIRUS E ATTACCHI ***
access-list 131 deny   tcp any any eq 135
access-list 131 deny   udp any any eq 135
access-list 131 deny   udp any any eq netbios-ns
access-list 131 deny   udp any any eq netbios-dgm
access-list 131 deny   tcp any any eq 139
access-list 131 deny   udp any any eq netbios-ss
access-list 131 deny   tcp any any eq 445
access-list 131 deny   tcp any any eq 593
access-list 131 deny   tcp any any eq 2049
access-list 131 deny   udp any any eq 2049
access-list 131 deny   tcp any any eq 2000
access-list 131 deny   tcp any any range 6000 6010
access-list 131 deny   udp any any eq 1433
access-list 131 deny   udp any any eq 1434
access-list 131 deny   udp any any eq 5554
access-list 131 deny   udp any any eq 9996
access-list 131 deny   udp any any eq 113
access-list 131 deny   udp any any eq 3067
access-list 131 remark *** ACL PER CONSENTIRE ACCESSI AUTORIZZATI ***
access-list 131 permit tcp any any eq smtp
access-list 131 permit tcp any any eq 143
access-list 131 permit tcp any any eq 443
access-list 131 permit udp host 151.99.125.1 eq domain any
access-list 131 permit udp host 208.67.222.222 eq domain any
access-list 131 permit udp host 207.46.232.42 eq ntp any
access-list 131 permit udp host 192.43.244.18 eq ntp any
access-list 131 remark *** ACL PER BLOCCARE ACCESSI NON AUTORIZZATI ***
access-list 131 deny   ip any any log
no cdp run
!
!
!
!
control-plane
!
banner login ^C.::.::. Cisco Systems, Inc
Cisco 877 Router - IOS 12.4(15)T14 - FW 4.0.15!^C
!
line con 0
 exec-timeout 120 0
 login local
 no modem enable
 transport output ssh
 stopbits 1
line aux 0
 login local
 transport output ssh
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 login local
 transport input telnet ssh
 transport output telnet ssh
!
scheduler max-task-time 5000
no scheduler allocate
scheduler interval 500
sntp server 207.46.232.42
sntp server 192.43.244.18
end

non riesco ad uscire verso internet ho provato anche a disabilitare le acl ma niente, facendo un sh ip int brief e tutto su up

suggerimenti...

[paolomat75]

Ciao,
se fai ping a 95.227.144.254 ci arrivi?

[Rizio]

!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!

Tu sei proprio sicuro che questi parametri vadano bene vero ? Soprattutto la windows-size.

Rizio

[@lan72]

!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!

Tu sei proprio sicuro che questi parametri vadano bene vero ? Soprattutto la windows-size.

Rizio

no purtroppo non pingo ne il 254 ne l'ip pubblico ma che puo essere

per i parametri sopra elencati si dovrebbero andare bene, credo che sia per via di questo modo juniper con subnet 0 ma nn avendone configurati mai nn so...

[Rizio]

per i parametri sopra elencati si dovrebbero andare bene, credo che sia per via di questo modo juniper con subnet 0 ma nn avendone configurati mai nn so...

Fidati ammmè, prova a salvarti questa conf su un file e ripartire con una conf pulita pulita da zero configurando solo il necessario per la navigazione e togliti il dubbio di dove possa essere davvero il problema.

Rizio