allora adesso inserisco queste due stringhe? cosi come sono?
permit tcp any any established
permit udp any eq domain any
sbaglio?
Configurazione cisco 837
Moderatore: Federico.Lagni
-
nirvanax
- Cisco fan
- Messaggi: 37
- Iscritto il: lun 07 mar , 2005 4:10 pm
ho un'altra domanda da fare, sempre se non vi dispiace.
Come faccio a disattivare l'interfaccia CRWS?
chiedo questa informazione perche ho notato che da fuori posso chiamare il router e lui mi risponde quindi parte l'interfaccia CRWS.
Come faccio a disattivare l'interfaccia CRWS?
chiedo questa informazione perche ho notato che da fuori posso chiamare il router e lui mi risponde quindi parte l'interfaccia CRWS.
-
MrCisco
- Cisco pathologically enlightened user
- Messaggi: 202
- Iscritto il: mar 29 giu , 2004 12:12 pm
da modalità di configurazione:
Codice: Seleziona tutto
no ip http server
-
TheIrish
- Site Admin
- Messaggi: 1840
- Iscritto il: dom 14 mar , 2004 11:26 pm
- Località: Udine
- Contatta:
da modalità configurazione, batti:
Il prompt cambia in Router(config-ext-nacl)#.
A questo punto, batti:
ok l'ACL atm0.1-in è quella appena scritta.
non ti rimane che:
Codice: Seleziona tutto
ip access-list extended atm0.1-in
A questo punto, batti:
Codice: Seleziona tutto
permit tcp any any established
permit udp any eq domain any
exit
non ti rimane che:
Codice: Seleziona tutto
int atm0.1
ip access-group atm0.1-in in
-
nirvanax
- Cisco fan
- Messaggi: 37
- Iscritto il: lun 07 mar , 2005 4:10 pm
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
no logging buffered
enable secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username Router password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
no aaa new-model
ip subnet-zero
no ip source-route
ip domain name 191.it
ip name-server 151.99.229.225
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip access-group 122 out
ip nat inside
no keepalive
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
bandwidth 1500
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip access-group atm0.1-in in
ip nat outside
ip inspect myfw out
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip nat inside source list 1 interface ATM0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
!
!
ip access-list extended atm0.1-in
permit tcp any any established
permit udp any eq domain any
access-list 1 permit xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end
e giusto così?
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
no logging buffered
enable secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username Router password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
no aaa new-model
ip subnet-zero
no ip source-route
ip domain name 191.it
ip name-server 151.99.229.225
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip access-group 122 out
ip nat inside
no keepalive
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
bandwidth 1500
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip access-group atm0.1-in in
ip nat outside
ip inspect myfw out
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip nat inside source list 1 interface ATM0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
!
!
ip access-list extended atm0.1-in
permit tcp any any established
permit udp any eq domain any
access-list 1 permit xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end
e giusto così?
-
TheIrish
- Site Admin
- Messaggi: 1840
- Iscritto il: dom 14 mar , 2004 11:26 pm
- Località: Udine
- Contatta:
se non mi sono perso qualcosa, direi di si, sebbene ancora non capisca a cosa ti serve al 122...
-
TheIrish
- Site Admin
- Messaggi: 1840
- Iscritto il: dom 14 mar , 2004 11:26 pm
- Località: Udine
- Contatta:
ti consiglio di levare completamente l'acl 122 (no access-list 122) e di conseguenza l'assegnazione all'e0 (int e0 [invio] no ip access group 122 out)
