Cisco 887 alice interbusiness
Inviato: mer 19 mar , 2008 1:00 pm
Buongiorno a tutti, nell'azienda dove lavoro, abbiamo appena acquistato un CISCO 887 con contratto Alice interbusiness (8 ind. IP), dopo svariate prove e aiuti trovati qui sul forum, ho configurato il CISCO in questa maniera:
Using 2979 out of 131072 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$DbVX$uzCHWAI44YqlEX/qSfTE/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name interbusiness.it
ip name-server 151.99.125.1
ip name-server 151.99.125.2
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-589313851
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-589313851
revocation-check none
rsakeypair TP-self-signed-589313851
!
!
crypto pki certificate chain TP-self-signed-589313851
certificate self-signed 01 nvram:IOS-Self-Sig#3102.cer
username davide privilege 15 secret 5 $1$L9FO$wm5yOGI9LBVK0q9odyFBO.
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip address XXX.XXX.XXX.166 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0 secondary
ip address 192.168.100.253 255.255.255.0 secondary
ip address XXX.XXX.XXX.209 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip dns server
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 192.168.100.0 0.0.0.255
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
fin qui tutto ok,navighiamo in internet, i ns server sono visibili dall'esterno , ma rimane solo un problema (grave per noi) dalla ns rete non riusciamo a "pingare" i ns IP pubblici.
La mia esperienza in questo campo è molto bassa
e ora mi trovo in serie difficoltà, ci sarebbe qualcuno in grado di darmi un valido aiuto?
Grazie a tutti.
Using 2979 out of 131072 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$DbVX$uzCHWAI44YqlEX/qSfTE/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name interbusiness.it
ip name-server 151.99.125.1
ip name-server 151.99.125.2
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-589313851
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-589313851
revocation-check none
rsakeypair TP-self-signed-589313851
!
!
crypto pki certificate chain TP-self-signed-589313851
certificate self-signed 01 nvram:IOS-Self-Sig#3102.cer
username davide privilege 15 secret 5 $1$L9FO$wm5yOGI9LBVK0q9odyFBO.
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip address XXX.XXX.XXX.166 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0 secondary
ip address 192.168.100.253 255.255.255.0 secondary
ip address XXX.XXX.XXX.209 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip dns server
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 192.168.100.0 0.0.0.255
no cdp run
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
fin qui tutto ok,navighiamo in internet, i ns server sono visibili dall'esterno , ma rimane solo un problema (grave per noi) dalla ns rete non riusciamo a "pingare" i ns IP pubblici.
La mia esperienza in questo campo è molto bassa
e ora mi trovo in serie difficoltà, ci sarebbe qualcuno in grado di darmi un valido aiuto?Grazie a tutti.
