Ho acquistato su ebay un cisco 1721 per fare un po' di pratica.
Attualmente lo sto usando come router ADSL e poco più (tramite l'utilizzo di due VLAN ho creato una LAN e una "DMZ").
Vorrei configurarlo per consentirmi l'accesso da remoto con un client vpn cisco (in modalità roadwarrior) sia alle reti LAN che "DMZ".
Su internet ho fatto un po' di ricerche ma si trovano soprattutto informazioni su come creare VPN LAN-to-LAN.
Avete per caso un link a un tutorial o delle configurazioni di esempio... o anche del tempo x darmi una mano...
Allego, per completezza, lo sh ver e lo sh run
Grazie!!
Codice: Seleziona tutto
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-ADVSECURITYK9-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Tue 24-May-05 21:33 by ssearch
Image text-base: 0x8000816C, data-base: 0x81012AF4
ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)
ROM: C1700 Software (C1700-ADVSECURITYK9-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
cisco1721 uptime is 5 days, 6 hours, 25 minutes
System returned to ROM by reload at 16:16:31 CEST Thu Oct 22 2009
System restarted at 16:18:33 CEST Thu Oct 22 2009
System image file is "flash:C1700-Advsecurityk9-Mz.123-15.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco 1721 (MPC860P) processor (revision 0x100) with 39049K/10103K bytes of memory.
Processor board ID FOC06350TFT (4107937148), with hardware revision 0000
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Codice: Seleziona tutto
Current configuration : 6212 bytes
!
! No configuration change since last restart
!
version 12.3
service nagle
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname cisco1721
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 XXXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXXXXXXX
!
memory-size iomem 25
clock timezone CET 1
clock summer-time CEST recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
no ip dhcp conflict logging
!
ip dhcp pool LAN
network 192.168.75.0 255.255.255.0
default-router 192.168.75.1
dns-server 192.168.75.1
domain-name sandrohome
lease 0 1
!
!
ip audit po max-events 100
no ip bootp server
ip domain name ngi.it
ip name-server 88.149.128.12
ip name-server 88.149.128.22
!
!
!
!
!
!
!
interface Loopback0
description loop
no ip address
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
ip address 192.168.0.177 255.255.255.0
shutdown
full-duplex
!
interface FastEthernet0
no ip address
no ip mroute-cache
speed 100
full-duplex
no keepalive
!
interface FastEthernet0.5
description LAN INTERFACE
encapsulation dot1Q 5
ip address 192.168.75.1 255.255.255.0
ip nat inside
no snmp trap link-status
!
interface FastEthernet0.6
description DMZ INTERFACE
encapsulation dot1Q 6
ip address 192.168.76.1 255.255.255.0
ip access-group dmz_acl_in in
ip nat inside
no snmp trap link-status
!
interface Dialer0
ip address negotiated
ip access-group external_acl_in in
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username XXXXXXXX password 7 XXXXXXXXXXXXXX
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source static tcp 192.168.76.5 50000 interface Dialer0 50000
ip nat inside source static udp 192.168.76.5 50000 interface Dialer0 50000
ip nat inside source static tcp 192.168.76.16 22 interface Dialer0 2222
ip nat inside source static tcp 192.168.76.15 10000 interface Dialer0 10000
ip nat inside source static udp 192.168.76.15 10001 interface Dialer0 10001
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
ip dns server
!
ip access-list extended dmz_acl_in
permit tcp any any established
deny tcp 192.168.76.0 0.0.0.255 192.168.75.0 0.0.0.255 lt 2
deny tcp 192.168.76.0 0.0.0.255 192.168.75.0 0.0.0.255 syn log
permit ip any any
ip access-list extended external_acl_in
deny ip 192.168.76.0 0.0.0.255 any log
deny ip 192.168.75.0 0.0.0.255 any log
permit tcp any any established
permit tcp any any eq 10000
permit tcp any any eq 50000
permit udp any any eq 10001
permit udp any any eq 50000
permit tcp any any eq 2222
deny tcp any any lt 2
deny tcp any any syn log
permit ip any any
!
logging source-interface FastEthernet0.6
logging 192.168.76.6
access-list 1 permit 192.168.75.0 0.0.0.255
access-list 2 permit 192.168.76.0 0.0.0.255
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
access-class 1 in
password 7 0100070A5904145877
login
!
scheduler interval 500
ntp clock-period 17179817
ntp server 146.48.81.102
end
