Vi chiedo un aiuto, ho appena aggiornato la iso come in oggetto, sembrova andare tutto beno quando mi accorgo che le access-list non funzionano, adesso per navigare ho access-list 120 permit ip any any
vi porgo la mia conf:
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Bozzolo
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxx
enable password 7 xxxxxxxx
no aaa new-model
memory-size iomem 25
ip cef
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
ip address 10.0.0.1 255.255.255.0
ip nat inside
no ip mroute-cache
speed auto
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxx
ppp chap password 7 xxxxx
ppp pap sent-username xxxxx password 7 xxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
ip nat inside source list 120 interface Dialer0 overload
!
logging 10.0.0.3
access-list 1 permit any
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq 8245
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq ftp
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq telnet
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq smtp
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq www
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq pop3
access-list 120 permit tcp any 10.0.0.0 0.0.0.255 eq telnet
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq 8080
access-list 120 permit tcp any 10.0.0.0 0.0.0.255 eq 8080
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq 443
access-list 120 permit tcp 10.0.0.0 0.0.0.255 any eq 4662
access-list 120 permit udp 10.0.0.0 0.0.0.255 any eq 4672
access-list 120 deny tcp any any eq 135
access-list 120 deny tcp any any eq 139
access-list 120 deny tcp any any eq 445
access-list 120 deny tcp any any eq 1243
access-list 120 deny tcp any any eq 1999
access-list 120 deny tcp any any eq 4950
access-list 120 deny tcp any any eq 12345
access-list 120 deny tcp any any eq 37337
access-list 120 deny tcp any any eq 31337
access-list 120 deny tcp any any eq nntp
access-list 120 deny tcp any any
access-list 120 permit ip host 10.0.0.1 any log
access-list 120 permit ip host 10.0.0.2 any log
access-list 120 permit ip host 10.0.0.3 any log
access-list 120 permit ip host 10.0.0.4 any log
access-list 120 permit ip host 10.0.0.5 any log
access-list 120 permit ip host 10.0.0.6 any log
access-list 120 permit ip host 10.0.0.7 any log
access-list 120 permit ip host 10.0.0.20 any log
access-list 120 deny ip any any
!
control-plane
!
!
line con 0
exec-timeout 120 0
line aux 0
password 7 0008060505
login
line vty 0 4
exec-timeout 0 0
password 7 020A11580A
login
!
end
GRAZIIE
AGGIORNAMENTO ISO DALLA 12.3 ALLA 12.4
Moderatore: Federico.Lagni
-
[Dj][DMX]
- Coamministratore
- Messaggi: 428
- Iscritto il: mer 24 nov , 2004 12:42 am
- Località: Udine
A prescindere dal fatto che ti consiglio di rifare la configurazione da 0 perchè contiene parecchi errori, devi correggere questo:
ip nat inside source list 120 interface Dialer0 overload
in
ip nat inside source list 1 interface Dialer0 overload
e
access-list 1 permit any
in
access-list 1 permit 10.0.0.0 0.0.0.255
Tra gli errori ti segnalo l'acl 120 che non è applicata a nessuna interfaccia, e in più scritta così com'è non ha moltissimo senso...anzi...non ne ha per nulla!
E comunque IOS, non ISO!
ip nat inside source list 120 interface Dialer0 overload
in
ip nat inside source list 1 interface Dialer0 overload
e
access-list 1 permit any
in
access-list 1 permit 10.0.0.0 0.0.0.255
Tra gli errori ti segnalo l'acl 120 che non è applicata a nessuna interfaccia, e in più scritta così com'è non ha moltissimo senso...anzi...non ne ha per nulla!
E comunque IOS, non ISO!
Io non so se Dio esiste, ma se esiste spero abbia una buona scusa!
Piergiorgio Welby
Piergiorgio Welby
