Cisco 837 che gestisca 2 Lan Private è Possibile?
Inviato: mar 03 feb , 2009 6:40 pm
Ciao a tutti, premetto che sono alle prime armi con i router Cisco, ma devo configurarne uno per gestire due lan private (se si può).
Inizio inserendo la mia Configurazione:
Using 3415 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service udp-small-servers
!
hostname Miorouter
!
enable secret 5 blablabla.....
!
username service password 7 blablabla.....
no aaa new-model
ip subnet-zero
ip name-server 212.216.112.112
ip name-server 212.216.172.62
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
--More--
interface Ethernet0
description Home
ip address 192.168.0.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 88.xx.xx.xxx 255.255.255.248
ip nat outside
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip nat pool net-ibs 88.xx.xx.xxx 88.xx.xx.xxx netmask 255.255.255.240
ip nat inside source list 1 pool net-ibs overload
ip nat inside source static udp 192.168.0.3 8767 88.xx.xx.xxx 8767 extendable
ip nat inside source static tcp 192.168.0.59 5559 88.xx.xx.xxx 5559 extendable
ip nat inside source static udp 192.168.0.59 5559 88.xx.xx.xxx 5559 extendable
ip nat inside source static tcp 192.168.0.3 8767 88.xx.xx.xxx 8767 extendable
ip nat inside source static udp 192.168.0.9 3390 88.xx.xx.xxx 3390 extendable
ip nat inside source static tcp 192.168.0.9 3390 88.xx.xx.xxx 3390 extendable
ip nat inside source static udp 192.168.0.3 3389 88.xx.xx.xxx 3389 extendable
ip nat inside source static tcp 192.168.0.3 3389 88.xx.xx.xxx 3389 extendable
ip nat inside source static tcp 192.168.0.250 3391 88.xx.xx.xxx 3391 extendable
ip nat inside source static tcp 192.168.0.207 3392 88.xx.xx.xxx 3392 extendable
ip nat inside source static tcp 192.168.0.3 3541 88.xx.xx.xxx 3541 extendable
ip nat inside source static udp 192.168.0.3 3541 88.xx.xx.xxx 3541 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run
banner motd ^CC*********************************************************
* [WARNING] *
* If you are not authorised to access this system *
* exit immediately. *
* Unauthorised access to this system is forbidden by *
* company policies, national, and international laws. *
* Unauthorised users are subject to criminal and civil *
* penalties as well as company initiated disciplinary *
* proceedings. *
* *
* By entry into this system you acknowledge that you *
* are authorised to access it and have the level of *
* privilege at which you subsequently operate on *
* this system *
* You consent by entry into this system to the *
* monitoring of your activities *
*********************************************************
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 5 0
no login
!
scheduler max-task-time 5000
Ok, ora la mia situazione è la seguente; devo creare un server FTP che voglio inserire su una rete interna diversa da quella dei pc dell'ufficio.
La rete è strutturata così: router, switch, server di dominio, client: vorrei tenere il server FTP su una classe di ip privati diversa da quella dei client dell'ufficio, ma che abbia la possibilità di connettersi ed essere visto dall'esterno tramite lo stesso Router; è possibile?
La mia adsl è di tipo business con 8 IP pubblici.
Cosa posso fare?
Grazie a tutti.
Inizio inserendo la mia Configurazione:
Using 3415 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service udp-small-servers
!
hostname Miorouter
!
enable secret 5 blablabla.....
!
username service password 7 blablabla.....
no aaa new-model
ip subnet-zero
ip name-server 212.216.112.112
ip name-server 212.216.172.62
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
--More--
interface Ethernet0
description Home
ip address 192.168.0.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 88.xx.xx.xxx 255.255.255.248
ip nat outside
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip nat pool net-ibs 88.xx.xx.xxx 88.xx.xx.xxx netmask 255.255.255.240
ip nat inside source list 1 pool net-ibs overload
ip nat inside source static udp 192.168.0.3 8767 88.xx.xx.xxx 8767 extendable
ip nat inside source static tcp 192.168.0.59 5559 88.xx.xx.xxx 5559 extendable
ip nat inside source static udp 192.168.0.59 5559 88.xx.xx.xxx 5559 extendable
ip nat inside source static tcp 192.168.0.3 8767 88.xx.xx.xxx 8767 extendable
ip nat inside source static udp 192.168.0.9 3390 88.xx.xx.xxx 3390 extendable
ip nat inside source static tcp 192.168.0.9 3390 88.xx.xx.xxx 3390 extendable
ip nat inside source static udp 192.168.0.3 3389 88.xx.xx.xxx 3389 extendable
ip nat inside source static tcp 192.168.0.3 3389 88.xx.xx.xxx 3389 extendable
ip nat inside source static tcp 192.168.0.250 3391 88.xx.xx.xxx 3391 extendable
ip nat inside source static tcp 192.168.0.207 3392 88.xx.xx.xxx 3392 extendable
ip nat inside source static tcp 192.168.0.3 3541 88.xx.xx.xxx 3541 extendable
ip nat inside source static udp 192.168.0.3 3541 88.xx.xx.xxx 3541 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run
banner motd ^CC*********************************************************
* [WARNING] *
* If you are not authorised to access this system *
* exit immediately. *
* Unauthorised access to this system is forbidden by *
* company policies, national, and international laws. *
* Unauthorised users are subject to criminal and civil *
* penalties as well as company initiated disciplinary *
* proceedings. *
* *
* By entry into this system you acknowledge that you *
* are authorised to access it and have the level of *
* privilege at which you subsequently operate on *
* this system *
* You consent by entry into this system to the *
* monitoring of your activities *
*********************************************************
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 5 0
no login
!
scheduler max-task-time 5000
Ok, ora la mia situazione è la seguente; devo creare un server FTP che voglio inserire su una rete interna diversa da quella dei pc dell'ufficio.
La rete è strutturata così: router, switch, server di dominio, client: vorrei tenere il server FTP su una classe di ip privati diversa da quella dei client dell'ufficio, ma che abbia la possibilità di connettersi ed essere visto dall'esterno tramite lo stesso Router; è possibile?
La mia adsl è di tipo business con 8 IP pubblici.
Cosa posso fare?
Grazie a tutti.