Info Acl Internet
Inviato: lun 08 dic , 2008 6:40 pm
Salve, sono nuovo del forum
Dovrei sostenere a breve l'esame CCNA ma con le acl non ho ancora molta confidenza!
Ho un cisco 1720 con wic adsl nel quale ho creato un acl per il nat overloaded.
Quali acl mi consigliate di configurare per proteggere la mia rete dall'esterno
senza percludere la navigazione, posta elettronica ecc.
Dovrei attivare sull'interfaccia Atm o sul profilo dialer?
Vi posto "sh run"
grazie!
Current configuration : 2012 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CiscoHome
!
boot-start-marker
boot system flash
boot system tftp c.bin 10.0.0.5
boot system rom
boot-end-marker
!
enable secret 5 $1$sJKk$ut1MzNqqBj1nCg/jYBwvn.
!
memory-size iomem 25
clock timezone Rome 1
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
ip host fireblade 10.0.0.5
ip host zyxel 10.0.0.254
ip name-server 151.99.125.1
ip name-server 151.99.125.3
ip name-server 212.216.112.112
ip dhcp excluded-address 10.0.0.1 10.0.0.200
!
ip dhcp pool HomeDhcp
network 10.0.0.0 255.255.255.0
default-router 10.0.0.150
dns-server 151.99.125.3
!
ip cef
!
!
!
!
interface ATM0
description INTERFACCIA FISICA ATM ADSL
bandwidth 7000
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface BRI0
no ip address
shutdown
no cdp enable
!
interface FastEthernet0
ip address 10.0.0.150 255.255.255.0
ip nat inside
speed auto
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxx
ppp chap password 0 xxxxxxx
ppp pap sent-username xxxxxxx password 0 xxxxxxx
!
ip nat translation tcp-timeout 250
ip nat translation udp-timeout 200
ip nat translation syn-timeout 10
ip nat translation dns-timeout 30
ip nat translation icmp-timeout 20
ip nat translation max-entries 500
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.0.0.5 14650 interface Dialer1 14650
ip nat inside source static udp 10.0.0.5 60018 interface Dialer1 60018
ip nat inside source static tcp 10.0.0.5 34692 interface Dialer1 34692
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
!
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
!
line con 0
password xxxxxx
login
line aux 0
password xxxxxx
login
line vty 0 4
access-class 1 in
password xxxxxx
login
!
!
end
Dovrei sostenere a breve l'esame CCNA ma con le acl non ho ancora molta confidenza!
Ho un cisco 1720 con wic adsl nel quale ho creato un acl per il nat overloaded.
Quali acl mi consigliate di configurare per proteggere la mia rete dall'esterno
senza percludere la navigazione, posta elettronica ecc.
Dovrei attivare sull'interfaccia Atm o sul profilo dialer?
Vi posto "sh run"
grazie!
Current configuration : 2012 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CiscoHome
!
boot-start-marker
boot system flash
boot system tftp c.bin 10.0.0.5
boot system rom
boot-end-marker
!
enable secret 5 $1$sJKk$ut1MzNqqBj1nCg/jYBwvn.
!
memory-size iomem 25
clock timezone Rome 1
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
ip host fireblade 10.0.0.5
ip host zyxel 10.0.0.254
ip name-server 151.99.125.1
ip name-server 151.99.125.3
ip name-server 212.216.112.112
ip dhcp excluded-address 10.0.0.1 10.0.0.200
!
ip dhcp pool HomeDhcp
network 10.0.0.0 255.255.255.0
default-router 10.0.0.150
dns-server 151.99.125.3
!
ip cef
!
!
!
!
interface ATM0
description INTERFACCIA FISICA ATM ADSL
bandwidth 7000
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface BRI0
no ip address
shutdown
no cdp enable
!
interface FastEthernet0
ip address 10.0.0.150 255.255.255.0
ip nat inside
speed auto
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxx
ppp chap password 0 xxxxxxx
ppp pap sent-username xxxxxxx password 0 xxxxxxx
!
ip nat translation tcp-timeout 250
ip nat translation udp-timeout 200
ip nat translation syn-timeout 10
ip nat translation dns-timeout 30
ip nat translation icmp-timeout 20
ip nat translation max-entries 500
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.0.0.5 14650 interface Dialer1 14650
ip nat inside source static udp 10.0.0.5 60018 interface Dialer1 60018
ip nat inside source static tcp 10.0.0.5 34692 interface Dialer1 34692
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
!
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
!
line con 0
password xxxxxx
login
line aux 0
password xxxxxx
login
line vty 0 4
access-class 1 in
password xxxxxx
login
!
!
end