Ciao a tutti
il mio router quando mi collego dall'esterno in ssh, ftp, o quello che è fa un drop della connessione ogni tot minuti e poi si ricollega. invece le connessioni in uscita rimangono tranquillamente attive..non è un problemadi keepalive sui server nattati.. credo sia qualcosa nella configurazione..
aiutooo! grazie:-)
sh run
Building configuration...
Current configuration : 8427 bytes
!
! Last configuration change at 17:15:56 CEST Tue May 9 2006 by
!
version 12.3
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
service tcp-small-servers
!
hostname xxxxxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxxxx
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 3:00 last Sun Oct 3:00
aaa new-model
!
!
aaa session-id common
ip subnet-zero
ip icmp redirect host
no ip rcmd domain-lookup
ip rcmd rcp-enable
ip rcmd rsh-enable
ip rcmd remote-host xxxxxxxx xxxxxxxx xxxxxxxx
ip rcmd source-interface Ethernet0
ip dhcp excluded-address 10.0.0.1 10.0.0.119
ip dhcp excluded-address 10.0.0.131 10.0.0.254
!
ip dhcp pool CLIENT
import all
network 10.0.0.0 255.255.255.0
dns-server aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd
default-router 10.0.0.254
domain-name chevy
!
!
ip name-server aaa.bbb.ccc.ddd
ip name-server aaa.bbb.ccc.ddd
ip inspect name Firewall tcp
ip inspect name Firewall http
ip inspect name Firewall ftp
ip inspect name Firewall udp
ip inspect name Firewall h323
ip inspect name Firewall tftp
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g729r8
!
!
!
!
!
!
!
!
!
!
!
username xxxx password 7 xxxxxxxxx
username xxxxxxxx password 7 xxxxxxxxxx
!
!
translation-rule 1
Rule 0 ..% 847852477349##
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
no crypto isakmp ccm
!
crypto isakmp client configuration group 800client
key xxxxxxxxx
pool ippool
!
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set vpn
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
ip address 10.0.0.254 255.255.255.0 secondary
ip address 192.168.0.254 255.255.255.0
ip access-group 102 in
ip nat inside
ip inspect Firewall in
ip virtual-reassembly
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
description Tiscali
ip address negotiated
ip access-group 101 in
ip nat outside
ip inspect Firewall in
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp chap hostname xxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxx
crypto map clientmap
!
ip local pool ippool 10.0.0.120 10.0.0.130
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
ip nat service sip udp port 5061
ip nat inside source list 1 interface Dialer1 overload
----- cut---
!
logging trap debugging
logging 192.168.0.22
access-list 1 remark The local LAN.
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 60 remark Traffic allowed telnetting from Internet
access-list 60 permit 192.168.0.0 0.0.0.255
access-list 60 deny any log
access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
access-list 101 deny ip 127.0.0.0 0.255.255.255 any log
access-list 101 deny ip 255.0.0.0 0.255.255.255 any log
access-list 101 deny ip 224.0.0.0 7.255.255.255 any log
access-list 101 deny ip host 0.0.0.0 any log
access-list 101 deny ip 192.168.0.0 0.0.0.255 any log
access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
access-list 101 permit tcp any 192.168.0.0 0.0.0.255 gt 1023 established
access-list 101 permit icmp any 192.168.0.0 0.0.0.255 net-unreachable
access-list 101 permit icmp any 192.168.0.0 0.0.0.255 host-unreachable
access-list 101 permit icmp any 192.168.0.0 0.0.0.255 port-unreachable
access-list 101 permit icmp any 192.168.0.0 0.0.0.255 packet-too-big
access-list 101 permit icmp any 192.168.0.0 0.0.0.255 administratively-prohibited
access-list 101 permit icmp any 192.168.0.0 0.0.0.255 source-quench
access-list 101 permit icmp any 192.168.0.0 0.0.0.255 ttl-exceeded ----- cut---
snmp-server community public RO 1
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps dial
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rsvp
snmp-server enable traps voice poor-qov
snmp-server host 192.168.0.22 public
no cdp run
!
!
control-plane
!
!
voice-port 1
echo-cancel coverage 32
no vad
bearer-cap Speech
caller-id enable
!
voice-port 2
echo-cancel coverage 32
no vad
bearer-cap Speech
caller-id enable
!
voice-port 3
echo-cancel coverage 32
no vad
bearer-cap Speech
caller-id enable
!
voice-port 4
echo-cancel coverage 32
no vad
bearer-cap Speech
caller-id enable
!
dial-peer voice 2 pots
destination-pattern 5304017
port 1
!
dial-peer voice 1 voip
destination-pattern .T
voice-class codec 1
session protocol sipv2
session target sip-server
session transport udp
dtmf-relay sip-notify
no vad
!
sip-ua
authentication username xxxxx xxx password xxxxxx
retry invite 4
retry response 3
retry bye 2
retry cancel 2
registrar dns:212.97.59.76:5061 expires 3600
sip-server dns:212.97.59.76:5061
!
!
line con 0
exec-timeout 0 0
password 7 xxxxxxxxxxxxx
history size 100
stopbits 1
speed 19200
line vty 0 4
!
scheduler max-task-time 5000
sntp server 193.204.114.233
sntp server 193.204.114.232
sntp broadcast client
end
Drop Connessioni su 827
Moderatore: Federico.Lagni
