Nat e acl

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
uvula
n00b
Messaggi: 19
Iscritto il: mer 19 gen , 2011 8:46 am

Ragazzi ciao,

una richiesta di aiuto:

router cisco ip statico, nella lan ho un computer con server web attivo.
devo riuscire ad accedere a quel computer solo da 3 ip pubblici.

vi posto una configurazione intera del router:
Building configuration...

Current configuration : 2053 bytes
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$xaa3$uCaOj1WBETC0LM3WL6aW9/
!
no aaa new-model
!
!
dot11 syslog
!
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip domain lookup
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
ip address 91.**** 255.255.255.0
ip nat outside
ip virtual-reassembly
pvc 0/32
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description VLan1 - Connessa alla rete locale LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 120 interface ATM0.1 overload
!
access-list 23 permit 217.****
ccess-list 23 permit 91.***
access-list 23 permit 62.***
access-list 23 permit 62.***
access-list 23 permit 217.***
access-list 23 permit 192.***
access-list 23 permit 80.*** 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
access-list 120 permit ip 192.168.0.0 0.0.0.255 any
snmp-server community public RO 4
snmp-server enable traps tty
no cdp run
!
control-plane
!
!
line con 0
exec-timeout 120 0
password 7 01030C17540D12
login
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
privilege level 15
password 7 02160E4804001B
login
transport input telnet ssh
!
scheduler max-task-time 5000
end


ho preparato queste configurazioni, ma come ho provato a inserirle ho perso la connettività.

ip nat inside source static tcp 192.168.0.197 80 91.**** 80

access-list 101 permit tcp 178.**** 0.0.0.0 host 192.168.0.197 eq www
access-list 101 permit tcp 91.**** 0.0.0.0 host 192.168.0.197 eq www
access-list 101 permit tcp 80.**** 0.0.0.0 host 192.168.0.197 eq www

interface ATM0.1
access-group 101 in permit

sembrano giuste a voi?

grazie.
Top
uvula
n00b
Messaggi: 19
Iscritto il: mer 19 gen , 2011 8:46 am

Niente, ho risolto...
Top
Rispondi

Torna a “Configurazioni”