Ciao a tutti,
Ho un problema di questo genere, presso un cliente devo utilizzare il pool di indirizzi pubblici assegnatomi dal provider unicamente per i server
Ora il Router è un Cisco 1841, sulla fastethernt 0/0 ho messo gli ip privati 192.168.1.0/24 che nattano fuori sull'IP della punto punto.
Ho messo tutti gli IP Wan assegnati al cliente sulla Fastethernt 0/1 per i Server. Dall'interno verso l'esterno funziona tutto senza problemi.
Ma se provo a collegarmi dall'esterno raggiungo solo l'interfaccia Fastethernet 0/1 e non i server che stanno dietro.
Ho disabilitato anche il FW sul Router pensando potesse essere quello il motivo ma nulla. mi sfugge qualcosa a livello di Routing
Posto la Conf:
show run
Building configuration...
Current configuration : 5493 bytes
!
! Last configuration change at 08:11:01 UTC Fri Nov 27 2009
! NVRAM config last updated at 08:11:02 UTC Fri Nov 27 2009
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname C1841-Centre
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$32QR$GM.l05vQrmpw9YprVgDRt1
!
no aaa new-model
dot11 syslog
ip cef
!
!
!
!
ip inspect name FwCentre tcp router-traffic
ip inspect name FwCentre udp router-traffic
ip inspect name FwCentre http
ip inspect name FwCentre https
ip inspect name FwCentre pop3
ip inspect name FwCentre imap
ip inspect name FwCentre h323
ip inspect name FwCentre dns
ip inspect name FwCentre ftp
ip inspect name FwCentre telnet
ip inspect name FwCentre ssh
ip inspect name FwCentre cuseeme
ip inspect name FwCentre tftp
no ip domain lookup
ip domain name xxxxxxxxx.xx.it
ip name-server 212.216.112.112
ip name-server 212.216.172.62
!
multilink bundle-name authenticated
isdn switch-type basic-net3
!
crypto pki trustpoint TP-self-signed-3821865202
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3821865202
revocation-check none
rsakeypair TP-self-signed-3821865202
!
!
crypto pki certificate chain TP-self-signed-3821865202
certificate self-signed 01
30820254 308201BD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383231 38363532 3032301E 170D3039 31303134 31353236
31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38323138
36353230 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BB46 57D9BC3B DEA859ED FBDDEB24 1676FFB7 A344B0CD F5978F15 3B922294
B6D398E5 B6CB25C5 0A5BF0FD 4BB36DE0 248A6126 4E6767C3 6BD3915C 1978AE82
02CBF6D2 4A44018E 18184EBD 90C4A185 60B46D60 F4A2CC87 3573D95A DA5CAC87
5BBD301F 75BBB790 F3BF29EF 1B1EDCF7 2E96ABE0 71F0CFED D84B892E 00A6829E
5E930203 010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603
551D1104 20301E82 1C433138 34312D43 726F6365 2E63726F 63657665 7264652E
72652E69 74301F06 03551D23 04183016 8014BF69 1317336A 0600C7A7 4A945876
C9786A91 6C1D301D 0603551D 0E041604 14BF6913 17336A06 00C7A74A 945876C9
786A916C 1D300D06 092A8648 86F70D01 01040500 03818100 661723EF 6AE16967
B9F4934D C61802D6 5E6ED0D7 1B8BB645 89A28297 A466C9C3 12635821 A5A11367
CF7F1D3C B1527BA2 F3265352 9880EB09 09BB4774 4C7C1D62 8ED32FC5 58D5B103
CE81E6CE E8CBB8C7 8A607CE4 AFFB8B5B 99B5EC22 36E494CA A1033003 8A43EE82
441AEF67 0F9E1E72 9FCC07C1 19A89DAB A5D486CC 9302F961
quit
!
!
username xxxxxx password 7 xxxxxxxxxxxxxxxxxx
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 6 xxxxxxxxxxx address x.x.x.x no-xauth
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set SetVPN esp-3des esp-sha-hmac
!
crypto map MapVPN 1 ipsec-isakmp
set peer x.x.x.x
set transform-set SetVPN
match address 110
!
!
!
ip ssh time-out 10
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
description "Lan Sede centrale"
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface FastEthernet0/1
description "Bridge verso Firewall"
ip address x.x.x.x 255.255.255.248
no ip proxy-arp
duplex auto
speed auto
!
interface Serial0/0/0
description "TGU HDSL xxxxxxxx"
bandwidth 2048
no ip address
encapsulation frame-relay IETF
!
interface Serial0/0/0.1 point-to-point
bandwidth 2048
ip address xx.xx.xx.xx 255.255.255.252
ip inspect FwCroce out
ip nat outside
ip virtual-reassembly
snmp trap link-status
frame-relay interface-dlci xxx IETF
crypto map MapVPN
!
interface BRI0/1/0
description "Interfaccia fisica di Backup"
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
isdn point-to-point-setup
!
interface Dialer0
description "Interfaccia logica di Backup"
ip address negotiated
ip virtual-reassembly
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 180
dialer hold-queue 10
ppp authentication chap pap callin
ppp chap hostname telecom
ppp chap password 7 120D001B17080309
ppp pap sent-username telecom password 7 06120A2D494D0614
!
interface Dialer1
no ip address
encapsulation ppp
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1
ip route 0.0.0.0 0.0.0.0 Dialer0 2
!
!
ip http server
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map Rmap interface Serial0/0/0.1 overload
!
logging source-interface Serial0/0/0
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
route-map Rmap permit 1
match ip address 120
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxx
login
transport input telnet ssh
line vty 5 15
login
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179456
ntp server 193.204.114.232
end
Ip Pubblici su DMZ
Moderatore: Federico.Lagni
