ACL NAT OVERLOAD

Mettete al sicuro la vostra rete!

Moderators: Federico.Lagni, TheIrish, Wizard, andrewp

ACL NAT OVERLOAD

Postby Luca83 » Wed 12 Aug , 2015 1:33 pm

Buon giorno,
ho un problema che non riesco a capire dove sbaglio :?: :?:

Ho un acl di tipo extendet "Internet" se assegno "permit ip any any" tutto funziona se invece configuro l'indirizzo del firewall "permit ip host 10.254.254.10 any"
la navigazione funziona a singhiozzi, ossia non tutti i siti vengono aperti.

Questa la mia configurazione:

Code: Select all
interface GigabitEthernet0/0
 description EOLO-ANTENNA-1
 no ip address
 ip mtu 1452
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 description WAN 1 Firewall
 no ip address
 ip virtual-reassembly in
 ip tcp adjust-mss 1400
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 description Services Web
 encapsulation dot1Q 2
 ip address 10.254.254.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
 description Services Mail
 encapsulation dot1Q 3
 ip address 10.254.254.5 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.4
 description Connessione Internet
 encapsulation dot1Q 4
 ip address 10.254.254.9 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/2
 ip address 192.168.6.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1400
 duplex auto
 speed auto
!
interface Serial0/1/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/1/1
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/0/0
 no ip address
 shutdown
!
interface FastEthernet0/0/1
 no ip address
 shutdown
!
interface FastEthernet0/0/2
 no ip address
 shutdown
!
interface FastEthernet0/0/3
 no ip address
 shutdown
!
interface Vlan1
 no ip address
!
interface Dialer1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in max-reassemblies 1000
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 ppp pap sent-username XXXX password 0 XXXXX
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list Internet interface Dialer1 overload
ip nat inside source static 10.254.254.6 88.XXXX
ip nat inside source static 10.254.254.2 88.XXXX
ip nat inside source static 192.168.6.253 88.XXX
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended Internet
 permit ip any any
 permit ip host 10.254.254.10 any
 deny   ip any any log
ip access-list extended ssh-access
 permit ip host 10.254.254.10 any
 permit ip host 192.168.6.253 any
 deny   ip any any log
Luca83
n00b
 
Posts: 15
Joined: Tue 06 Apr , 2010 10:25 pm

Re: ACL NAT OVERLOAD

Postby paolomat75 » Wed 09 Sep , 2015 8:30 am

Ciao. Probabilmente il firewall non natta tutto.

Paolo
CCNA R&S and CCNP Route Pass - Studing....
Non cade foglia che l'inconscio non voglia (S.B.)
paolomat75
Messianic Network master
 
Posts: 2896
Joined: Fri 29 Jan , 2010 10:25 am
Location: Prov di GE


Return to Sicurezza

Who is online

Users browsing this forum: No registered users and 1 guest