forum.opennet.ru

Составление сообщения

Исходное сообщение

"Странность НАТа"
Отправлено Andrei_V, 11-Дек-08 20:24

>А посмотреть на конфиг кошки 3725 можно? ;)
Можно. Ниже привожу его.
Поясню вкраце: кошка 3725 терминирует pptp-сессии клиентов, выдает им адреса вида 10.1.3.ххх и отправляет на 3620 (10.1.2.2) через интерфейс:
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.252
duplex auto
speed auto
Остальное - это тоже терминация pptp-сессий с выдачей:
- либо реальных адресов для выхода в инет через Loopback1 или  FastEthernet0/0
- либо адресов вида 10.1.1.ххх для выхода в инет через НАТ на этой же кошке 3725.
Ну и немножко диалапа. :)
Собственно конфиг:
Current configuration : 7268 bytes
!
! Last configuration change at 20:07:45 CHE Thu Dec 11 2008 by andrei
! NVRAM config last updated at 20:08:37 CHE Thu Dec 11 2008 by andrei
!
version 12.4
service nagle
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service compress-config
no service dhcp
!
hostname C3725
!
boot-start-marker
boot system flash:c3725-advipservicesk9-mz.124-17.bin
boot-end-marker
!
logging buffered 16384 debugging
no logging console
!
aaa new-model
!
!
aaa group server radius rad_pptp
server-private 87.226.191.5 auth-port 1812 acct-port 1813 key 7 ххххххх
ip radius source-interface FastEthernet0/0
!
aaa group server radius rad_dialup
server-private 87.226.191.5 auth-port 1812 acct-port 1813 key 7 ххххххх
ip radius source-interface FastEthernet0/0
!
aaa authentication banner ^C^C
aaa authentication login default local
aaa authentication ppp PPTP group rad_pptp
aaa authentication ppp DIALUP group rad_dialup
aaa authorization exec default local
aaa authorization network PPTP group rad_pptp
aaa authorization network DIALUP group rad_dialup
aaa accounting delay-start
aaa accounting update periodic 1
aaa accounting network PPTP start-stop group rad_pptp
aaa accounting network DIALUP start-stop group rad_dialup
!
aaa session-id common
memory-size iomem 25
clock timezone CHE 5
clock summer-time CHE recurring last Sun Mar 2:00 last Sun Oct 3:00
modem call-record terse
modem country mica russia
no ip subnet-zero
ip cef
!
!
!
!
ip name-server 87.226.191.1
virtual-profile if-needed
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
!
!
isdn switch-type primary-net5
!
modemcap entry mica-v90v2:MSC=&F&D2S10=100S32=3S39=10S40=0S52=0
modemcap entry mica-NO56FLEX:MSC=&F&D2S10=50S39=15S52=0
modemcap entry mica-V90:MSC=&F&D2S0=3S10=100S16=200S17=200S19=100S32=3S34=15000S39=4S40=12S54=172
modemcap entry mica-V34:MSC=&F&D2S29=1:TPL=MSC\:&F1
modemcap entry mica-1:MSC=&F&D2S34=18000S40=100S53=0S54=456S10=50debugthismodemS71=4
modemcap entry mica-V90v3:MSC=&F&D2S0=0S20=64S34=8000S35=500S40=100S32=3S53=0S39=0S59=0
modemcap entry line
!
!
!
!
!
!
!
!
!
!
!
!
!
username al password 7 ххх
username andrei privilege 15 password 7 ххх
!
!
controller E1 1/0
framing NO-CRC4
pri-group timeslots 1-31
description "To ACK UNIT"
!
!
class-map match-all unlimited_to_rt_day
match access-group name unlimited_to_rt_day
class-map match-all unlimited_to_rt_night
match access-group name unlimited_to_rt_night
class-map match-all unlimited_128K_to_rt
match access-group name unlimited_128K_to_rt
!
!
policy-map inet
class unlimited_to_rt_day
    police 1024000 192000 384000 conform-action transmit  exceed-action drop
class unlimited_to_rt_night
    police 1945500 364800 729600 conform-action transmit  exceed-action drop
class unlimited_128K_to_rt
    police 128000 24000 48000 conform-action transmit  exceed-action drop
!
!
no crypto isakmp enable
!
!
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Loopback1
ip address 212.57.158.17 255.255.255.0
ip route-cache same-interface
!
interface FastEthernet0/0
bandwidth 4096
ip address 87.226.191.6 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
max-reserved-bandwidth 100
service-policy input inet
hold-queue 4096 in
hold-queue 4096 out
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice modem 64
isdn calling-number 52277
no cdp enable
!
interface Virtual-Template1
description PPTP VPN template interface
ip unnumbered Loopback1
no ip redirects
no ip proxy-arp
ip policy route-map to_rt2
no logging event link-status
autodetect encapsulation ppp
peer default ip address pool to_rtk
ppp authentication pap chap callin PPTP
ppp authorization PPTP
ppp accounting PPTP
ppp ipcp dns 87.226.191.1
!
interface Group-Async0
ip unnumbered FastEthernet0/0
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
encapsulation ppp
no logging event link-status
autodetect encapsulation ppp
async mode interactive
peer default ip address pool to_rtk
ppp authentication pap chap callin DIALUP
ppp authorization DIALUP
ppp accounting DIALUP
group-range 65 94
!
ip local pool for_nat 10.1.1.2 10.1.1.254
ip local pool to_usi 212.57.158.18 212.57.158.30 group to_usi
ip local pool to_usi 212.57.158.41 212.57.158.54 group to_usi
ip local pool to_rtk 87.226.191.38 87.226.191.62
ip local pool 128K_to_rtk 87.226.191.33 87.226.191.37
ip local pool nat_to_rt2 10.1.3.10 10.1.3.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 87.226.191.5 100
!
!
no ip http server
no ip http secure-server
ip nat translation max-entries 60000
ip nat translation max-entries all-host 300
ip nat inside source route-map nonat1 interface FastEthernet0/0 overload
!
ip access-list extended unlimited_128K_to_rt
permit ip any host 87.226.191.33
permit ip any host 87.226.191.34
permit ip any host 87.226.191.35
permit ip any host 87.226.191.36
permit ip any host 87.226.191.37
deny   ip any any
ip access-list extended unlimited_to_rt_day
permit ip any host 87.226.191.6 time-range unlim_day
deny   ip any any
ip access-list extended unlimited_to_rt_night
permit ip any host 87.226.191.6 time-range unlim_night
deny   ip any any
!
logging history size 500
logging history debugging
logging source-interface FastEthernet0/0
logging 87.226.191.5
access-list 1 permit 10.1.3.0 0.0.0.255
access-list 10 permit 87.226.191.5
access-list 10 permit 212.57.158.1
access-list 10 deny   any
access-list 99 permit 87.226.191.0 0.0.0.255
access-list 99 permit 212.57.158.0 0.0.0.255
access-list 99 deny   any
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
access-list 100 deny   ip any any
snmp-server community public RO 10
snmp-server enable traps tty
no cdp run
!
route-map nonat1 permit 10
match ip address 100
!
route-map to_rt2 permit 10
match ip address 1
set ip next-hop 10.1.2.2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^C
WARNING: 1. Access to this device or the attached networks
            is prohibited without express written permission.
         2. Any unauthorized use of the system is unlawful,
            and may be subject to civil or criminal penalties.
         3. Any use of the system may be logged or monitored
            without further notice, and the resulting logs
            may be used as evidence in court.
^C
!
line con 0
exec-timeout 0 0
line 65 94
no flush-at-activation
modem Dialin
modem autoconfigure type mica-1
exec-character-bits 8
special-character-bits 8
transport preferred none
transport input all
autoselect during-login
autoselect ppp
no ip tcp input-coalesce-threshold
line aux 0
line vty 0 4
access-class 99 in
exec-timeout 0 0
!
ntp clock-period 17180717
ntp server 87.226.191.5
time-range unlim_day
periodic weekdays 8:00 to 18:30
!
time-range unlim_night
periodic weekdays 0:01 to 8:00
periodic weekend 0:01 to 23:59
periodic weekdays 18:30 to 23:59
!
!
end

Исходное сообщение
"Странность НАТа" Отправлено Andrei_V, 11-Дек-08 20:24
>А посмотреть на конфиг кошки 3725 можно? ;) Можно. Ниже привожу его. Поясню вкраце: кошка 3725 терминирует pptp-сессии клиентов, выдает им адреса вида 10.1.3.ххх и отправляет на 3620 (10.1.2.2) через интерфейс: interface FastEthernet0/1 ip address 10.1.2.1 255.255.255.252 duplex auto speed auto Остальное - это тоже терминация pptp-сессий с выдачей: - либо реальных адресов для выхода в инет через Loopback1 или FastEthernet0/0 - либо адресов вида 10.1.1.ххх для выхода в инет через НАТ на этой же кошке 3725. Ну и немножко диалапа. :) Собственно конфиг: Current configuration : 7268 bytes ! ! Last configuration change at 20:07:45 CHE Thu Dec 11 2008 by andrei ! NVRAM config last updated at 20:08:37 CHE Thu Dec 11 2008 by andrei ! version 12.4 service nagle no service pad service timestamps debug datetime localtime service timestamps log datetime localtime no service password-encryption service compress-config no service dhcp ! hostname C3725 ! boot-start-marker boot system flash:c3725-advipservicesk9-mz.124-17.bin boot-end-marker ! logging buffered 16384 debugging no logging console ! aaa new-model ! ! aaa group server radius rad_pptp server-private 87.226.191.5 auth-port 1812 acct-port 1813 key 7 ххххххх ip radius source-interface FastEthernet0/0 ! aaa group server radius rad_dialup server-private 87.226.191.5 auth-port 1812 acct-port 1813 key 7 ххххххх ip radius source-interface FastEthernet0/0 ! aaa authentication banner ^C^C aaa authentication login default local aaa authentication ppp PPTP group rad_pptp aaa authentication ppp DIALUP group rad_dialup aaa authorization exec default local aaa authorization network PPTP group rad_pptp aaa authorization network DIALUP group rad_dialup aaa accounting delay-start aaa accounting update periodic 1 aaa accounting network PPTP start-stop group rad_pptp aaa accounting network DIALUP start-stop group rad_dialup ! aaa session-id common memory-size iomem 25 clock timezone CHE 5 clock summer-time CHE recurring last Sun Mar 2:00 last Sun Oct 3:00 modem call-record terse modem country mica russia no ip subnet-zero ip cef ! ! ! ! ip name-server 87.226.191.1 virtual-profile if-needed vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! ! isdn switch-type primary-net5 ! modemcap entry mica-v90v2:MSC=&F&D2S10=100S32=3S39=10S40=0S52=0 modemcap entry mica-NO56FLEX:MSC=&F&D2S10=50S39=15S52=0 modemcap entry mica-V90:MSC=&F&D2S0=3S10=100S16=200S17=200S19=100S32=3S34=15000S39=4S40=12S54=172 modemcap entry mica-V34:MSC=&F&D2S29=1:TPL=MSC\:&F1 modemcap entry mica-1:MSC=&F&D2S34=18000S40=100S53=0S54=456S10=50debugthismodemS71=4 modemcap entry mica-V90v3:MSC=&F&D2S0=0S20=64S34=8000S35=500S40=100S32=3S53=0S39=0S59=0 modemcap entry line ! ! ! ! ! ! ! ! ! ! ! ! ! username al password 7 ххх username andrei privilege 15 password 7 ххх ! ! controller E1 1/0 framing NO-CRC4 pri-group timeslots 1-31 description "To ACK UNIT" ! ! class-map match-all unlimited_to_rt_day match access-group name unlimited_to_rt_day class-map match-all unlimited_to_rt_night match access-group name unlimited_to_rt_night class-map match-all unlimited_128K_to_rt match access-group name unlimited_128K_to_rt ! ! policy-map inet class unlimited_to_rt_day police 1024000 192000 384000 conform-action transmit exceed-action drop class unlimited_to_rt_night police 1945500 364800 729600 conform-action transmit exceed-action drop class unlimited_128K_to_rt police 128000 24000 48000 conform-action transmit exceed-action drop ! ! no crypto isakmp enable ! ! ! ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ! interface Loopback1 ip address 212.57.158.17 255.255.255.0 ip route-cache same-interface ! interface FastEthernet0/0 bandwidth 4096 ip address 87.226.191.6 255.255.255.252 ip verify unicast reverse-path no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly speed auto full-duplex max-reserved-bandwidth 100 service-policy input inet hold-queue 4096 in hold-queue 4096 out ! interface FastEthernet0/1 ip address 10.1.2.1 255.255.255.252 duplex auto speed auto ! interface Serial1/0:15 no ip address encapsulation hdlc isdn switch-type primary-net5 isdn incoming-voice modem 64 isdn calling-number 52277 no cdp enable ! interface Virtual-Template1 description PPTP VPN template interface ip unnumbered Loopback1 no ip redirects no ip proxy-arp ip policy route-map to_rt2 no logging event link-status autodetect encapsulation ppp peer default ip address pool to_rtk ppp authentication pap chap callin PPTP ppp authorization PPTP ppp accounting PPTP ppp ipcp dns 87.226.191.1 ! interface Group-Async0 ip unnumbered FastEthernet0/0 ip verify unicast reverse-path no ip redirects no ip proxy-arp encapsulation ppp no logging event link-status autodetect encapsulation ppp async mode interactive peer default ip address pool to_rtk ppp authentication pap chap callin DIALUP ppp authorization DIALUP ppp accounting DIALUP group-range 65 94 ! ip local pool for_nat 10.1.1.2 10.1.1.254 ip local pool to_usi 212.57.158.18 212.57.158.30 group to_usi ip local pool to_usi 212.57.158.41 212.57.158.54 group to_usi ip local pool to_rtk 87.226.191.38 87.226.191.62 ip local pool 128K_to_rtk 87.226.191.33 87.226.191.37 ip local pool nat_to_rt2 10.1.3.10 10.1.3.254 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 87.226.191.5 100 ! ! no ip http server no ip http secure-server ip nat translation max-entries 60000 ip nat translation max-entries all-host 300 ip nat inside source route-map nonat1 interface FastEthernet0/0 overload ! ip access-list extended unlimited_128K_to_rt permit ip any host 87.226.191.33 permit ip any host 87.226.191.34 permit ip any host 87.226.191.35 permit ip any host 87.226.191.36 permit ip any host 87.226.191.37 deny ip any any ip access-list extended unlimited_to_rt_day permit ip any host 87.226.191.6 time-range unlim_day deny ip any any ip access-list extended unlimited_to_rt_night permit ip any host 87.226.191.6 time-range unlim_night deny ip any any ! logging history size 500 logging history debugging logging source-interface FastEthernet0/0 logging 87.226.191.5 access-list 1 permit 10.1.3.0 0.0.0.255 access-list 10 permit 87.226.191.5 access-list 10 permit 212.57.158.1 access-list 10 deny any access-list 99 permit 87.226.191.0 0.0.0.255 access-list 99 permit 212.57.158.0 0.0.0.255 access-list 99 deny any access-list 100 permit ip 10.1.1.0 0.0.0.255 any access-list 100 deny ip any any snmp-server community public RO 10 snmp-server enable traps tty no cdp run ! route-map nonat1 permit 10 match ip address 100 ! route-map to_rt2 permit 10 match ip address 1 set ip next-hop 10.1.2.2 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! banner motd ^C WARNING: 1. Access to this device or the attached networks is prohibited without express written permission. 2. Any unauthorized use of the system is unlawful, and may be subject to civil or criminal penalties. 3. Any use of the system may be logged or monitored without further notice, and the resulting logs may be used as evidence in court. ^C ! line con 0 exec-timeout 0 0 line 65 94 no flush-at-activation modem Dialin modem autoconfigure type mica-1 exec-character-bits 8 special-character-bits 8 transport preferred none transport input all autoselect during-login autoselect ppp no ip tcp input-coalesce-threshold line aux 0 line vty 0 4 access-class 99 in exec-timeout 0 0 ! ntp clock-period 17180717 ntp server 87.226.191.5 time-range unlim_day periodic weekdays 8:00 to 18:30 ! time-range unlim_night periodic weekdays 0:01 to 8:00 periodic weekend 0:01 to 23:59 periodic weekdays 18:30 to 23:59 ! ! end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

>>А посмотреть на конфиг кошки 3725 можно? ;)

> Можно. Ниже привожу его.

> Поясню вкраце: кошка 3725 терминирует pptp-сессии клиентов, выдает им адреса вида 10.1.3.ххх 
> и отправляет на 3620 (10.1.2.2) через интерфейс:

> interface FastEthernet0/1 
>  ip address 10.1.2.1 255.255.255.252 
>  duplex auto 
>  speed auto

> Остальное - это тоже терминация pptp-сессий с выдачей: 
> - либо реальных адресов для выхода в инет через Loopback1 или  
> FastEthernet0/0 
> - либо адресов вида 10.1.1.ххх для выхода в инет через НАТ на 
> этой же кошке 3725.
> Ну и немножко диалапа. :)

> Собственно конфиг:

> Current configuration : 7268 bytes 
> !
> ! Last configuration change at 20:07:45 CHE Thu Dec 11 2008 by 
> andrei 
> ! NVRAM config last updated at 20:08:37 CHE Thu Dec 11 2008 
> by andrei 
> !
> version 12.4 
> service nagle 
> no service pad 
> service timestamps debug datetime localtime 
> service timestamps log datetime localtime 
> no service password-encryption 
> service compress-config 
> no service dhcp 
> !
> hostname C3725 
> !
> boot-start-marker 
> boot system flash:c3725-advipservicesk9-mz.124-17.bin 
> boot-end-marker 
> !
> logging buffered 16384 debugging 
> no logging console 
> !
> aaa new-model 
> !
> !
> aaa group server radius rad_pptp 
>  server-private 87.226.191.5 auth-port 1812 acct-port 1813 key 7 ххххххх 
>  ip radius source-interface FastEthernet0/0 
> !
> aaa group server radius rad_dialup 
>  server-private 87.226.191.5 auth-port 1812 acct-port 1813 key 7 ххххххх 
>  ip radius source-interface FastEthernet0/0 
> !
> aaa authentication banner ^C^C 
> aaa authentication login default local 
> aaa authentication ppp PPTP group rad_pptp 
> aaa authentication ppp DIALUP group rad_dialup 
> aaa authorization exec default local 
> aaa authorization network PPTP group rad_pptp 
> aaa authorization network DIALUP group rad_dialup 
> aaa accounting delay-start 
> aaa accounting update periodic 1 
> aaa accounting network PPTP start-stop group rad_pptp 
> aaa accounting network DIALUP start-stop group rad_dialup 
> !
> aaa session-id common 
> memory-size iomem 25 
> clock timezone CHE 5 
> clock summer-time CHE recurring last Sun Mar 2:00 last Sun Oct 3:00 
 
> modem call-record terse 
> modem country mica russia 
> no ip subnet-zero 
> ip cef 
> !
> !
> !
> !
> ip name-server 87.226.191.1 
> virtual-profile if-needed 
> vpdn enable 
> !
> vpdn-group 1 
> ! Default PPTP VPDN group 
>  accept-dialin 
>   protocol pptp 
>   virtual-template 1 
> !
> !
> isdn switch-type primary-net5 
> !
> modemcap entry mica-v90v2:MSC=&F&D2S10=100S32=3S39=10S40=0S52=0 
> modemcap entry mica-NO56FLEX:MSC=&F&D2S10=50S39=15S52=0 
> modemcap entry mica-V90:MSC=&F&D2S0=3S10=100S16=200S17=200S19=100S32=3S34=15000S39=4S40=12S54=172 
 
> modemcap entry mica-V34:MSC=&F&D2S29=1:TPL=MSC\:&F1 
> modemcap entry mica-1:MSC=&F&D2S34=18000S40=100S53=0S54=456S10=50debugthismodemS71=4 
 
> modemcap entry mica-V90v3:MSC=&F&D2S0=0S20=64S34=8000S35=500S40=100S32=3S53=0S39=0S59=0 
 
> modemcap entry line 
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> username al password 7 ххх 
> username andrei privilege 15 password 7 ххх 
> !
> !
> controller E1 1/0 
>  framing NO-CRC4 
>  pri-group timeslots 1-31 
>  description "To ACK UNIT" 
> !
> !
> class-map match-all unlimited_to_rt_day 
>  match access-group name unlimited_to_rt_day 
> class-map match-all unlimited_to_rt_night 
>  match access-group name unlimited_to_rt_night 
> class-map match-all unlimited_128K_to_rt 
>  match access-group name unlimited_128K_to_rt 
> !
> !
> policy-map inet 
>  class unlimited_to_rt_day 
>     police 1024000 192000 384000 conform-action transmit  exceed-action 
> drop 
>  class unlimited_to_rt_night 
>     police 1945500 364800 729600 conform-action transmit  exceed-action 
> drop 
>  class unlimited_128K_to_rt 
>     police 128000 24000 48000 conform-action transmit  exceed-action 
> drop 
> !
> !
> no crypto isakmp enable 
> !
> !
> !
> !
> interface Loopback0 
>  ip address 10.1.1.1 255.255.255.0 
> !
> interface Loopback1 
>  ip address 212.57.158.17 255.255.255.0 
>  ip route-cache same-interface 
> !
> interface FastEthernet0/0 
>  bandwidth 4096 
>  ip address 87.226.191.6 255.255.255.252 
>  ip verify unicast reverse-path 
>  no ip redirects 
>  no ip proxy-arp 
>  ip nat outside 
>  ip virtual-reassembly 
>  speed auto 
>  full-duplex 
>  max-reserved-bandwidth 100 
>  service-policy input inet 
>  hold-queue 4096 in 
>  hold-queue 4096 out 
> !
> interface FastEthernet0/1 
>  ip address 10.1.2.1 255.255.255.252 
>  duplex auto 
>  speed auto 
> !
> interface Serial1/0:15 
>  no ip address 
>  encapsulation hdlc 
>  isdn switch-type primary-net5 
>  isdn incoming-voice modem 64 
>  isdn calling-number 52277 
>  no cdp enable 
> !
> interface Virtual-Template1 
>  description PPTP VPN template interface 
>  ip unnumbered Loopback1 
>  no ip redirects 
>  no ip proxy-arp 
>  ip policy route-map to_rt2 
>  no logging event link-status 
>  autodetect encapsulation ppp 
>  peer default ip address pool to_rtk 
>  ppp authentication pap chap callin PPTP 
>  ppp authorization PPTP 
>  ppp accounting PPTP 
>  ppp ipcp dns 87.226.191.1 
> !
> interface Group-Async0 
>  ip unnumbered FastEthernet0/0 
>  ip verify unicast reverse-path 
>  no ip redirects 
>  no ip proxy-arp 
>  encapsulation ppp 
>  no logging event link-status 
>  autodetect encapsulation ppp 
>  async mode interactive 
>  peer default ip address pool to_rtk 
>  ppp authentication pap chap callin DIALUP 
>  ppp authorization DIALUP 
>  ppp accounting DIALUP 
>  group-range 65 94 
> !
> ip local pool for_nat 10.1.1.2 10.1.1.254 
> ip local pool to_usi 212.57.158.18 212.57.158.30 group to_usi 
> ip local pool to_usi 212.57.158.41 212.57.158.54 group to_usi 
> ip local pool to_rtk 87.226.191.38 87.226.191.62 
> ip local pool 128K_to_rtk 87.226.191.33 87.226.191.37 
> ip local pool nat_to_rt2 10.1.3.10 10.1.3.254 
> ip forward-protocol nd 
> ip route 0.0.0.0 0.0.0.0 87.226.191.5 100 
> !
> !
> no ip http server 
> no ip http secure-server 
> ip nat translation max-entries 60000 
> ip nat translation max-entries all-host 300 
> ip nat inside source route-map nonat1 interface FastEthernet0/0 overload 
> !
> ip access-list extended unlimited_128K_to_rt 
>  permit ip any host 87.226.191.33 
>  permit ip any host 87.226.191.34 
>  permit ip any host 87.226.191.35 
>  permit ip any host 87.226.191.36 
>  permit ip any host 87.226.191.37 
>  deny   ip any any 
> ip access-list extended unlimited_to_rt_day 
>  permit ip any host 87.226.191.6 time-range unlim_day 
>  deny   ip any any 
> ip access-list extended unlimited_to_rt_night 
>  permit ip any host 87.226.191.6 time-range unlim_night 
>  deny   ip any any 
> !
> logging history size 500 
> logging history debugging 
> logging source-interface FastEthernet0/0 
> logging 87.226.191.5 
> access-list 1 permit 10.1.3.0 0.0.0.255 
> access-list 10 permit 87.226.191.5 
> access-list 10 permit 212.57.158.1 
> access-list 10 deny   any 
> access-list 99 permit 87.226.191.0 0.0.0.255 
> access-list 99 permit 212.57.158.0 0.0.0.255 
> access-list 99 deny   any 
> access-list 100 permit ip 10.1.1.0 0.0.0.255 any 
> access-list 100 deny   ip any any 
> snmp-server community public RO 10 
> snmp-server enable traps tty 
> no cdp run 
> !
> route-map nonat1 permit 10 
>  match ip address 100 
> !
> route-map to_rt2 permit 10 
>  match ip address 1 
>  set ip next-hop 10.1.2.2 
> !
> !
> !
> !
> control-plane 
> !
> !
> !
> !
> !
> !
> !
> !
> !
> banner motd ^C 
> WARNING: 1. Access to this device or the attached networks 
>             
> is prohibited without express written permission.
>          2. Any unauthorized 
> use of the system is unlawful, 
>             
> and may be subject to civil or criminal penalties.
>          3. Any use 
> of the system may be logged or monitored 
>             
> without further notice, and the resulting logs 
>             
> may be used as evidence in court.
> ^C 
> !
> line con 0 
>  exec-timeout 0 0 
> line 65 94 
>  no flush-at-activation 
>  modem Dialin 
>  modem autoconfigure type mica-1 
>  exec-character-bits 8 
>  special-character-bits 8 
>  transport preferred none 
>  transport input all 
>  autoselect during-login 
>  autoselect ppp 
>  no ip tcp input-coalesce-threshold 
> line aux 0 
> line vty 0 4 
>  access-class 99 in 
>  exec-timeout 0 0 
> !
> ntp clock-period 17180717 
> ntp server 87.226.191.5 
> time-range unlim_day 
>  periodic weekdays 8:00 to 18:30 
> !
> time-range unlim_night 
>  periodic weekdays 0:01 to 8:00 
>  periodic weekend 0:01 to 23:59 
>  periodic weekdays 18:30 to 23:59 
> !
> !
> end

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру