CiscoForums.it

Building configuration...

Current configuration : 14181 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname linomatz
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging rate-limit
logging console critical
enable secret 5 $1$bMvJ$onZ26GCZjT1o7xbcZtIY7/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW appleqtc
ip inspect name SDM_LOW h323callsigalt
ip inspect name SDM_LOW h323gatestat
ip inspect name SDM_LOW sip-tls
ip inspect name SDM_LOW sip
ip inspect name SDM_LOW 802-11-iapp
ip inspect name SDM_LOW microsoft-ds
ip inspect name SDM_LOW ms-cluster-net
ip inspect name SDM_LOW ms-dotnetster
ip inspect name SDM_LOW ms-sna
ip inspect name SDM_LOW ms-sql
ip inspect name SDM_LOW ms-sql-m
ip inspect name SDM_LOW msexch-routing
ip inspect name SDM_LOW netbios-dgm
ip inspect name SDM_LOW netbios-ssn
ip inspect name SDM_LOW r-winsock
ip inspect name SDM_LOW clp
ip inspect name SDM_LOW cisco-net-mgmt
ip inspect name SDM_LOW cisco-sys
ip inspect name SDM_LOW cisco-tna
ip inspect name SDM_LOW cisco-fna
ip inspect name SDM_LOW cisco-tdp
ip inspect name SDM_LOW cisco-svcs
ip inspect name SDM_LOW stun
ip inspect name SDM_LOW tr-rsrb
ip inspect name SDM_LOW dbcontrol_agent
ip inspect name SDM_LOW giop
ip inspect name SDM_LOW net8-cman
ip inspect name SDM_LOW orasrv
ip inspect name SDM_LOW oem-agent
ip inspect name SDM_LOW oracle
ip inspect name SDM_LOW oraclenames
ip inspect name SDM_LOW oracle-em-vp
ip inspect name SDM_LOW rdb-dbs-disp
ip inspect name SDM_LOW rtc-pm-port
ip inspect name SDM_LOW ttc
ip inspect name SDM_LOW citrix
ip inspect name SDM_LOW citriximaclient
ip inspect name SDM_LOW ica
ip inspect name SDM_LOW icabrowser
ip inspect name SDM_LOW cddbp
ip inspect name SDM_LOW dbase
ip inspect name SDM_LOW mysql
ip inspect name SDM_LOW sqlsrv
ip inspect name SDM_LOW sqlserv
ip inspect name SDM_LOW ftps
ip inspect name SDM_LOW kermit
ip inspect name SDM_LOW uucp
ip inspect name SDM_LOW nfs
ip inspect name SDM_LOW exec
ip inspect name SDM_LOW telnet
ip inspect name SDM_LOW telnets
ip inspect name SDM_LOW rtelnet
ip inspect name SDM_LOW login
ip inspect name SDM_LOW ssh
ip inspect name SDM_LOW shell
ip inspect name SDM_LOW sshell
ip inspect name SDM_LOW pcanywheredata
ip inspect name SDM_LOW pcanywherestat
ip inspect name SDM_LOW x11
ip inspect name SDM_LOW xdmcp
ip inspect name SDM_LOW entrust-svcs
ip inspect name SDM_LOW n2h2server
ip inspect name SDM_LOW realsecure
ip inspect name SDM_LOW creativeserver
ip inspect name SDM_LOW creativepartnr
ip inspect name SDM_LOW cifs
ip inspect name SDM_LOW fcip-port
ip inspect name SDM_LOW hp-alarm-mgr
ip inspect name SDM_LOW hp-collector
ip inspect name SDM_LOW hp-managed-node
ip inspect name SDM_LOW irc
ip inspect name SDM_LOW irc-serv
ip inspect name SDM_LOW ircs
ip inspect name SDM_LOW ircu
ip inspect name SDM_LOW ipass
ip inspect name SDM_LOW netstat
ip inspect name SDM_LOW nntp
ip inspect name SDM_LOW tarantella
ip inspect name SDM_LOW iscsi-target
ip inspect name SDM_LOW iscsi
ip inspect name SDM_LOW sms
ip inspect name SDM_LOW webster
ip inspect name SDM_LOW who
ip inspect name SDM_LOW pptp
ip inspect name SDM_LOW l2tp
ip inspect name SDM_LOW gtpv0
ip inspect name SDM_LOW gtpv1
ip inspect name SDM_LOW ddns-v3
ip inspect name SDM_LOW dnsix
ip inspect name SDM_LOW ldap-admin
ip inspect name SDM_LOW ldap
ip inspect name SDM_LOW ldaps
ip inspect name SDM_LOW netbios-ns
ip inspect name SDM_LOW wins
ip inspect name SDM_LOW daytime
ip inspect name SDM_LOW ntp
ip inspect name SDM_LOW time
ip inspect name SDM_LOW timed
ip inspect name SDM_LOW hsrp
ip inspect name SDM_LOW router
ip inspect name SDM_LOW fragment maximum 256 timeout 1
ip inspect name SDM_LOW snmp
ip inspect name SDM_LOW snmptrap
ip inspect name SDM_LOW syslog
ip inspect name SDM_LOW syslog-conn
ip inspect name SDM_LOW tacacs
ip inspect name SDM_LOW kerberos
ip inspect name SDM_LOW radius
ip inspect name SDM_LOW tacacs-ds
ip inspect name SDM_LOW ident
ip inspect name SDM_LOW ace-svr
ip inspect name SDM_LOW bootpc
ip inspect name SDM_LOW bootps
ip inspect name SDM_LOW dhcp-failover
ip inspect name SDM_LOW discard
ip inspect name SDM_LOW echo
ip inspect name SDM_LOW finger
ip inspect name SDM_LOW gopher
ip inspect name SDM_LOW igmpv3lite
ip inspect name SDM_LOW ipx
ip inspect name SDM_LOW pwdgen
ip inspect name SDM_LOW rsvp-encap
ip inspect name SDM_LOW rsvp_tunnel
ip inspect name SDM_LOW socks
ip inspect name SDM_LOW vqp
ip inspect name SDM_LOW gdoi
ip inspect name SDM_LOW isakmp
ip inspect name SDM_LOW ipsec-msft
ip inspect name SDM_LOW ssp
ip tcp synwait-time 10
no ip bootp server
ip domain name 191.it
ip name-server 151.99.125.2
ip name-server 151.99.0.100
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
username xxxxx privilege 15 secret 5 $1$geaO$/VcuCBZtlPrVksFsyA2b1/
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group mazzoccospa_vpn
key xxxxx
dns 151.99.125.2 151.99.0.100
wins 192.168.1.3
pool SDM_POOL_1
acl 102
save-password
include-local-lan
max-users 9
max-logins 9
banner ^CBenvenuto sul "VPN Server" della xxxxx ^C
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
bandwidth 2048
ip address 85.43.7.xxx 255.255.255.252
ip access-group 101 in
ip verify unicast reverse-path
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0 secondary
ip address 85.43.63.xxx 255.255.255.248
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
crypto map SDM_CMAP_1
hold-queue 100 out
!
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.9
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool net-ibs 85.43.63.xxx 85.43.63.xxx netmask 255.255.255.248
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.3 21 85.43.63.xxx 21 route-map SDM_RMAP_2 extendable
ip nat inside source static tcp 192.168.1.3 80 85.43.63.xxx 80 route-map SDM_RMAP_3 extendable
!
logging trap debugging
access-list 2 remark SDM_ACL Category=16
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 permit 85.43.63.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip host 192.168.2.1 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.2 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.3 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.4 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.5 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.6 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.7 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.8 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.2.9 192.168.1.0 0.0.0.255
access-list 100 permit udp any host 85.43.63.xxx eq non500-isakmp
access-list 100 permit udp any host 85.43.63.xxx eq isakmp
access-list 100 permit esp any host 85.43.63.xxx
access-list 100 permit ahp any host 85.43.63.xxx
access-list 100 deny ip 85.43.7.xxx 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any host 85.43.63.xxx eq www
access-list 101 permit tcp any host 85.43.63.xxx eq ftp
access-list 101 permit ip host 192.168.2.1 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.2 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.3 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.4 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.5 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.6 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.7 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.8 192.168.1.0 0.0.0.255
access-list 101 permit ip host 192.168.2.9 192.168.1.0 0.0.0.255
access-list 101 permit udp any host 85.43.7.xxx eq non500-isakmp
access-list 101 permit udp any host 85.43.7.xxx eq isakmp
access-list 101 permit esp any host 85.43.7.xxx
access-list 101 permit ahp any host 85.43.7.xxx
access-list 101 permit udp host 151.99.0.100 eq domain host 85.43.7.xxx
access-list 101 permit udp host 151.99.125.2 eq domain host 85.43.7.xxx
access-list 101 deny ip 85.43.63.xxx 0.0.0.7 any
access-list 101 permit icmp any host 85.43.7.xxx echo-reply
access-list 101 permit icmp any host 85.43.7.xxx time-exceeded
access-list 101 permit icmp any host 85.43.7.xxx unreachable
access-list 101 permit tcp any host 85.43.7.xxx eq 443
access-list 101 permit tcp any host 85.43.7.xxx eq 22
access-list 101 permit tcp any host 85.43.7.xxx eq cmd
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark SDM_ACL Category=4
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip host 192.168.1.3 any
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.1
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.2
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.3
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.4
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.5
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.6
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.7
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.8
access-list 103 deny ip 192.168.1.0 0.0.0.255 host 192.168.2.9
access-list 103 permit ip 85.43.63.0 0.0.0.255 any
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 192.168.1.3 host 192.168.2.9
access-list 104 deny ip host 192.168.1.3 host 192.168.2.8
access-list 104 deny ip host 192.168.1.3 host 192.168.2.7
access-list 104 deny ip host 192.168.1.3 host 192.168.2.6
access-list 104 deny ip host 192.168.1.3 host 192.168.2.5
access-list 104 deny ip host 192.168.1.3 host 192.168.2.4
access-list 104 deny ip host 192.168.1.3 host 192.168.2.3
access-list 104 deny ip host 192.168.1.3 host 192.168.2.2
access-list 104 deny ip host 192.168.1.3 host 192.168.2.1
access-list 104 permit ip host 192.168.1.3 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 192.168.1.3 host 192.168.2.9
access-list 105 deny ip host 192.168.1.3 host 192.168.2.8
access-list 105 deny ip host 192.168.1.3 host 192.168.2.7
access-list 105 deny ip host 192.168.1.3 host 192.168.2.6
access-list 105 deny ip host 192.168.1.3 host 192.168.2.5
access-list 105 deny ip host 192.168.1.3 host 192.168.2.4
access-list 105 deny ip host 192.168.1.3 host 192.168.2.3
access-list 105 deny ip host 192.168.1.3 host 192.168.2.2
access-list 105 deny ip host 192.168.1.3 host 192.168.2.1
access-list 105 permit ip host 192.168.1.3 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 103
!
route-map SDM_RMAP_2 permit 1
match ip address 104
!
route-map SDM_RMAP_3 permit 1
match ip address 105
!
!
control-plane
!
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Wizard ha scritto:Il netbios funziona x broadcast e il router li blocca...