CiscoForums.it

Cisco Users Group
https://www.ciscoforums.it/

conifgurazione problema coi nat

https://www.ciscoforums.it/viewtopic.php?f=10&t=5797

Pagina 1 di 1

conifgurazione problema coi nat

Inviato: gio 26 lug , 2007 2:27 pm
da nevarim
Salve a tutti

sono un niubbio dei cisco, ho 1 dubbio da risolvere

allora ho configurato un cisco 1841 con una scheda wic per l'adsl di telecom multigroup star (pacchetto da 7 indirizzi)

chiarisco, per ora sto usando l'interfaccia MDS e non via riga di comando

il mio problema รจ il seguente:

il mio router attualmente in internet ci va, dovrei mettere dei nat per la posta e il desk remoto, solo che appena metto i nat e salvo, mi smette di andare internet, come se i nat interferissero...

iv posto la configurazione


Building configuration...

Current configuration : 3641 bytes
!
! Last configuration change at 15:23:01 PCTime Thu Jul 26 2007 by admin
! NVRAM config last updated at 15:07:36 PCTime Thu Jul 26 2007 by admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname classhotel
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$IPgH$IK2TmwFZeN/1oXU1T.0Gk1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
!
!
ip domain name classhotel.com
ip name-server 151.99.0.100
ip name-server 151.99.125.3
!
crypto pki trustpoint TP-self-signed-2150825013
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2150825013
revocation-check none
rsakeypair TP-self-signed-2150825013
!
!
crypto pki certificate chain TP-self-signed-2150825013
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32313530 38323530 3133301E 170D3037 30373235 31353531
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31353038
32353031 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B18B 97D551E8 5ED3BFB5 61D33008 2DA506D2 AF5C60A7 B3703DA7 2D757788
170143E0 82848995 B548A59E 48D077D9 DA5B5668 E78C6016 E7C64608 62C56677
42C8BD0F 91C0465D B89ECE16 489291C5 454D1F43 8B508DCE EF60EEEE 01D23C14
B6AE02A1 3F84E3CC 1F278F89 F298DC7A 5C76CCBB 1D942B92 F44C701D E913EDF4
0BBF0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 1489B761 9133B2E1 AAFDF9E2 8A27F82D D0BB1952
02301D06 03551D0E 04160414 89B76191 33B2E1AA FDF9E28A 27F82DD0 BB195202
300D0609 2A864886 F70D0101 04050003 818100A2 39F88A93 C89B1767 C911398F
E5D8F5E8 88F11DF2 41FA8720 B492CE3E 94BD457E AE9A910E F61D836E BD9F7763
1EB72C9F F164FB90 B4D77955 871A4681 514F0127 F5B78D9D 686C928E FEFAD036
9E2646E8 A7589F6F 07CD0810 B3F98C47 9C5620A1 8F5E8B7D 5E1115F0 D262F289
27C9B4A6 CB7BC4A0 38152AC4 6FC82BB2 E58295
quit
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$INTF-INFO-FE 0$
ip address ***.***.***.*** 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
ip address **.**.**.** 255.255.255.***
ip nat outside
no snmp trap link-status
pvc 8/35
oam-pvc manage
encapsulation aal5snap
!
!
ip route 0.0.0.0 0.0.0.0 **.**.**.**
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface ATM0/0/0.1 overload
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit ***.***.***.0 0.0.0.255
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
end



qualcuno sa risolvere il mio dilemma?
ci sto cocciando da 3 giorni :S

Inviato: lun 30 lug , 2007 10:47 am
da mondin.luca

Codice: Seleziona tutto

access-list 1 permit ***.***.***.0 0.0.0.255
Con quella acl permetti solo il traffico verso quella rete.
Io userei un'access-list estesa specificando i protocolli e il traffico permesso.
Io userei questa access-list
Access-list 101 permit tcp <ip tua rete> <wildcard> <ip pubblico destinazione> <wildcard> eq <porte da aprire>.
Tutti gli orari sono UTC+01:00
Pagina 1 di 1

Creato da phpBB® Forum Software © phpBB Limited

Traduzione Italiana phpBB-Store.it