info ping
Inviato: ven 28 mag , 2010 12:01 pm
ciao ho questo dilemma e non capisco dove sbaglio..
allora da questo router se scrivo ping www.google.com non mi risolve il nome
se metto l'ip di google.com source 192.168.17.1 lo riesco a pingare
i dns ci sono ma solo che non riesco da router ad uscire direttamente con ping www.google.com o IP
Mi date un consiglio
Grazie
ip name-server 151.99.125.1
ip name-server 151.99.0.100
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
class-map LIMITER-CLASS
match access-group 170
!
class-map match-any ADULT-URL
match protocol http url "*porn"
match protocol http url "porn*"
match protocol http url ".*xxx*."
match protocol http url ".xxx*."
match protocol http url ".*xxx."
match protocol http url "*facebook*"
match protocol http url "*youtube*"
match protocol http host "*youtube.com*|*video.google.com*"
match protocol http mime "video/flv|video/x-flv|video/mp4|video/x-m4v|audio/mp4"
match protocol http mime "video/3gpp|video/quicktime"
match protocol http url "*.flv|*.mp4|*.m4v|*.m4a|*.3gp|*.mov"
match protocol http host "*.facebook.*"
match protocol http host "*porn.*"
match protocol http host "*youtube*"
match protocol http host "*megavideo*"
!
!
policy-map FILTER-ADULT
class ADULT-URL
drop
!
policy-map LIMITER
class LIMITER-CLASS
policy rate 500000 conform-action transmit excees-action drop
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
!
crypto isakmp key xxxx address 89.97.186.xx
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map mymap local-address Loopback0
crypto map mymap 10 ipsec-isakmp
set peer 89.97.186.xx
set security-association lifetime kilobytes 86400
set security-association lifetime seconds 28800
set transform-set myset
match address 101
!
!
!
interface Loopback0
description *** Indirizzo Pubblico ***
ip address 85.47.x.x 255.255.255.248
ip virtual-reassembly
!
!
!
!
interface FastEthernet0/0
description *** LAN Inside valerio ***
ip address 192.168.17.1 255.255.255.0
ip access-group 160 out
ip access-group 103 in
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip policy route-map DENY-ADULT
duplex auto
speed auto
no keepalive
service-policy input FILTER-ADULT
no shut
!
interface FastEthernet0/1
description *** Lan Inside alessandro **
ip address 192.168.20.1 255.255.255.0
ip access-group 160 out
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1500
ip policy route-map DENY-ADULT
duplex auto
speed auto
no keepalive
service-policy input FILTER-ADULT
service-policy input LIMITER
no shut
!
interface ATM0/0/0
no ip address
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
no shut
!
interface ATM0/0/0.1 point-to-point
description *** Point-to-Point Telecom ***
ip address 88.61.69.xx 255.255.255.252
ip virtual-reassembly
ip nat out
pvc 8/35
crypto map mymap
encapsulation aal5snap
!
!
interface Dialer0
no ip address
!
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
!
!
no ip http server
no ip http authentication local
no ip http secure-server
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation finrst-timeout 300
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 500
!
!
!
logging history notifications
ip nat inside source route-map valerio interface Loopback0 overload
ip nat inside source route-map alessandro interface Loopback0 overload
!
access-list 1 remark *************************************************
access-list 1 remark ** NAT Roules **
access-list 1 permit 192.168.17.0 0.0.0.255
access-list 2 permit 192.168.20.0 0.0.0.255
access-list 101 remark *************************************************
access-list 101 remark ** VPN Nat/Pat **
access-list 101 permit ip 192.168.17.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 102 deny ip 192.168.17.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 102 permit ip 192.168.17.0 0.0.0.255 any
access-list 103 remark *************************************************
access-list 103 remark ** Anti Spoofing **
access-list 103 deny ip host 0.0.0.0 any log
access-list 103 deny ip 127.0.0.0 0.255.255.255 any log
access-list 103 deny ip 10.0.0.0 0.255.255.255 any log
access-list 103 deny ip 172.16.0.0 0.15.255.255 any log
access-list 103 permit tcp any any established
access-list 103 permit ip any any
access-list 150 remark *************************************************
access-list 150 remark ** Deny URL Roules **
access-list 150 permit ip any any dscp 5
access-list 150 deny ip any any
access-list 160 remark *************************************************
access-list 160 remark ** Blocco Accesso segmenti Lan inside **
access-list 160 deny ip 192.168.17.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 160 deny ip 192.168.20.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 160 deny ip 192.168.20.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 160 permit ip any any
access-list 170 remark *************************************************
access-list 170 remark ** NAT alessandro Roules **
access-list 170 permit ip 192.168.20.0 0.0.0.255 any
no cdp run
!
route-map DENY-ADULT permit 10
match ip address 150
set interface Null0
route-map valerio permit 1
match ip address 102
route-map alessando permit 2
match ip address 170
allora da questo router se scrivo ping www.google.com non mi risolve il nome
se metto l'ip di google.com source 192.168.17.1 lo riesco a pingarei dns ci sono ma solo che non riesco da router ad uscire direttamente con ping www.google.com o IP
Mi date un consiglio
Grazie
ip name-server 151.99.125.1
ip name-server 151.99.0.100
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
class-map LIMITER-CLASS
match access-group 170
!
class-map match-any ADULT-URL
match protocol http url "*porn"
match protocol http url "porn*"
match protocol http url ".*xxx*."
match protocol http url ".xxx*."
match protocol http url ".*xxx."
match protocol http url "*facebook*"
match protocol http url "*youtube*"
match protocol http host "*youtube.com*|*video.google.com*"
match protocol http mime "video/flv|video/x-flv|video/mp4|video/x-m4v|audio/mp4"
match protocol http mime "video/3gpp|video/quicktime"
match protocol http url "*.flv|*.mp4|*.m4v|*.m4a|*.3gp|*.mov"
match protocol http host "*.facebook.*"
match protocol http host "*porn.*"
match protocol http host "*youtube*"
match protocol http host "*megavideo*"
!
!
policy-map FILTER-ADULT
class ADULT-URL
drop
!
policy-map LIMITER
class LIMITER-CLASS
policy rate 500000 conform-action transmit excees-action drop
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
!
crypto isakmp key xxxx address 89.97.186.xx
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map mymap local-address Loopback0
crypto map mymap 10 ipsec-isakmp
set peer 89.97.186.xx
set security-association lifetime kilobytes 86400
set security-association lifetime seconds 28800
set transform-set myset
match address 101
!
!
!
interface Loopback0
description *** Indirizzo Pubblico ***
ip address 85.47.x.x 255.255.255.248
ip virtual-reassembly
!
!
!
!
interface FastEthernet0/0
description *** LAN Inside valerio ***
ip address 192.168.17.1 255.255.255.0
ip access-group 160 out
ip access-group 103 in
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip policy route-map DENY-ADULT
duplex auto
speed auto
no keepalive
service-policy input FILTER-ADULT
no shut
!
interface FastEthernet0/1
description *** Lan Inside alessandro **
ip address 192.168.20.1 255.255.255.0
ip access-group 160 out
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1500
ip policy route-map DENY-ADULT
duplex auto
speed auto
no keepalive
service-policy input FILTER-ADULT
service-policy input LIMITER
no shut
!
interface ATM0/0/0
no ip address
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
no shut
!
interface ATM0/0/0.1 point-to-point
description *** Point-to-Point Telecom ***
ip address 88.61.69.xx 255.255.255.252
ip virtual-reassembly
ip nat out
pvc 8/35
crypto map mymap
encapsulation aal5snap
!
!
interface Dialer0
no ip address
!
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
!
!
no ip http server
no ip http authentication local
no ip http secure-server
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation finrst-timeout 300
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 500
!
!
!
logging history notifications
ip nat inside source route-map valerio interface Loopback0 overload
ip nat inside source route-map alessandro interface Loopback0 overload
!
access-list 1 remark *************************************************
access-list 1 remark ** NAT Roules **
access-list 1 permit 192.168.17.0 0.0.0.255
access-list 2 permit 192.168.20.0 0.0.0.255
access-list 101 remark *************************************************
access-list 101 remark ** VPN Nat/Pat **
access-list 101 permit ip 192.168.17.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 102 deny ip 192.168.17.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 102 permit ip 192.168.17.0 0.0.0.255 any
access-list 103 remark *************************************************
access-list 103 remark ** Anti Spoofing **
access-list 103 deny ip host 0.0.0.0 any log
access-list 103 deny ip 127.0.0.0 0.255.255.255 any log
access-list 103 deny ip 10.0.0.0 0.255.255.255 any log
access-list 103 deny ip 172.16.0.0 0.15.255.255 any log
access-list 103 permit tcp any any established
access-list 103 permit ip any any
access-list 150 remark *************************************************
access-list 150 remark ** Deny URL Roules **
access-list 150 permit ip any any dscp 5
access-list 150 deny ip any any
access-list 160 remark *************************************************
access-list 160 remark ** Blocco Accesso segmenti Lan inside **
access-list 160 deny ip 192.168.17.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 160 deny ip 192.168.20.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 160 deny ip 192.168.20.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 160 permit ip any any
access-list 170 remark *************************************************
access-list 170 remark ** NAT alessandro Roules **
access-list 170 permit ip 192.168.20.0 0.0.0.255 any
no cdp run
!
route-map DENY-ADULT permit 10
match ip address 150
set interface Null0
route-map valerio permit 1
match ip address 102
route-map alessando permit 2
match ip address 170
