forum.opennet.ru

Составление сообщения

Исходное сообщение

"помогите засунуть один сайт в VPN"
Отправлено snooooop, 23-Июл-13 12:56

> можешь show run скинуть.
K*_881#sh run
Building configuration...
Current configuration : 5098 bytes
!
! Last configuration change at 03:54:38 UTC Tue Jul 23 2013 by s-
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname K_881
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383337 32373836 3137301E 170D3133 30373232 31303435
  34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333732
  37383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100F0E1 ED94223F FE257A66 3D093C35 258AB3FB 3915294E B5DE062F 3E4BA3E0
  A2C41E13 2B9676B7 6885EB96 BEE4340C 7B7F85E3 E5F0EC5C F33EBB44 BBFCE6E8
  A0087A91 4054102D 9C022596 F4186771 FD90655B 3298EF51 D7BA3C52 23E91C8D
  9E092266 6CCC8E62 1554C745 9377ED6C 4A45A2CE 5F837C1A AC3515AF A4E828FE
  AA0F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14E4DEA6 92A0CF14 1CED8AB2 86F7BCD4 3A8EF26D 07301D06
  03551D0E 04160414 E4DEA692 A0CF141C ED8AB286 F7BCD43A 8EF26D07 300D0609
  2A864886 F70D0101 04050003 81810007 6333F459 7C0ADA7D A6022C98 08432635
ip source-route
!
!
!
ip dhcp excluded-address 192.168.40.1 192.168.40.10
ip dhcp excluded-address 192.168.40.31 192.168.40.254
!
ip dhcp pool savsregion
   network 192.168.40.0 255.255.255.0
   dns-server 212.75.210.62
   domain-name savsregion
   default-router 192.168.40.1
!
!
ip cef
ip domain name k*.ru
ip name-server *
ip name-server *
no ipv6 cef
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group global
!
license udi pid CISCO881-K9 sn F-*B
license boot module c880-data level advipservices
!
!
object-group network NAT-CO-WWW
host 91.221.*.*
!
username ---admin privilege 15 secret 5 ---
!
!
!
!
!
!
crypto isakmp policy 5
encr aes 256
authentication pre-share
group 5
lifetime 14400
crypto isakmp key ** address 91.218.*.*
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 60
!
!
crypto ipsec transform-set * * * *
!
crypto map vpn_to_hq 10 ipsec-isakmp
set peer 91.218.*.*
set security-association lifetime seconds 14400
set transform-set *
match address vpn_to_hq
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN$ETH-WAN$
ip address 95.181.*.* 255.255.255.252
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
crypto map vpn_to_hq
!
interface Vlan1
description LAN
ip address 192.168.40.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list NAT interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 95.181.53.89
!
ip access-list extended NAT
deny   ip 192.168.40.0 0.0.0.255 host 91.221.163.15
deny   ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255
deny   ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.255 any
ip access-list extended inside
permit tcp any any
ip access-list extended nat_lan_wan
deny   ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.255 any
ip access-list extended outside
permit tcp any host 95.181.*.* eq www
permit tcp any host 95.181.*.* eq 22
permit tcp any host 95.181.*.* eq ftp
permit tcp any host 95.181.*.* eq telnet
permit icmp any host 95.181.*.*
ip access-list extended vpn_to_hq
permit ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.255 host 91.221.163.15
!
logging esm config
access-list 10 permit 192.168.40.0 0.0.0.255
access-list 111 permit ip host 192.168.40.28 host 91.221.163.15
access-list 111 permit ip host 192.168.40.28 host 10.1.135.77
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
end

Исходное сообщение
"помогите засунуть один сайт в VPN" Отправлено snooooop, 23-Июл-13 12:56
> можешь show run скинуть. K_881#sh run Building configuration... Current configuration : 5098 bytes ! ! Last configuration change at 03:54:38 UTC Tue Jul 23 2013 by s- ! version 15.1 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname K_881 ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings ! no aaa new-model ! memory-size iomem 10 crypto pki token default removal timeout 0 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32383337 32373836 3137301E 170D3133 30373232 31303435 34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333732 37383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100F0E1 ED94223F FE257A66 3D093C35 258AB3FB 3915294E B5DE062F 3E4BA3E0 A2C41E13 2B9676B7 6885EB96 BEE4340C 7B7F85E3 E5F0EC5C F33EBB44 BBFCE6E8 A0087A91 4054102D 9C022596 F4186771 FD90655B 3298EF51 D7BA3C52 23E91C8D 9E092266 6CCC8E62 1554C745 9377ED6C 4A45A2CE 5F837C1A AC3515AF A4E828FE AA0F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14E4DEA6 92A0CF14 1CED8AB2 86F7BCD4 3A8EF26D 07301D06 03551D0E 04160414 E4DEA692 A0CF141C ED8AB286 F7BCD43A 8EF26D07 300D0609 2A864886 F70D0101 04050003 81810007 6333F459 7C0ADA7D A6022C98 08432635 ip source-route ! ! ! ip dhcp excluded-address 192.168.40.1 192.168.40.10 ip dhcp excluded-address 192.168.40.31 192.168.40.254 ! ip dhcp pool savsregion network 192.168.40.0 255.255.255.0 dns-server 212.75.210.62 domain-name savsregion default-router 192.168.40.1 ! ! ip cef ip domain name k.ru ip name-server * ip name-server * no ipv6 cef ! ! multilink bundle-name authenticated vpdn enable ! vpdn-group global ! license udi pid CISCO881-K9 sn F-B license boot module c880-data level advipservices ! ! object-group network NAT-CO-WWW host 91.221..* ! username ---admin privilege 15 secret 5 --- ! ! ! ! ! ! crypto isakmp policy 5 encr aes 256 authentication pre-share group 5 lifetime 14400 crypto isakmp key ** address 91.218.. crypto isakmp invalid-spi-recovery crypto isakmp keepalive 60 ! ! crypto ipsec transform-set * * * * ! crypto map vpn_to_hq 10 ipsec-isakmp set peer 91.218.. set security-association lifetime seconds 14400 set transform-set * match address vpn_to_hq ! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description WAN$ETH-WAN$ ip address 95.181.. 255.255.255.252 ip nat outside no ip virtual-reassembly in duplex auto speed auto no cdp enable crypto map vpn_to_hq ! interface Vlan1 description LAN ip address 192.168.40.1 255.255.255.0 ip nat inside no ip virtual-reassembly in ! ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list NAT interface FastEthernet4 overload ip route 0.0.0.0 0.0.0.0 95.181.53.89 ! ip access-list extended NAT deny ip 192.168.40.0 0.0.0.255 host 91.221.163.15 deny ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255 deny ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255 permit ip 192.168.40.0 0.0.0.255 any ip access-list extended inside permit tcp any any ip access-list extended nat_lan_wan deny ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255 permit ip 192.168.40.0 0.0.0.255 any ip access-list extended outside permit tcp any host 95.181.. eq www permit tcp any host 95.181.. eq 22 permit tcp any host 95.181.. eq ftp permit tcp any host 95.181.. eq telnet permit icmp any host 95.181.. ip access-list extended vpn_to_hq permit ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255 permit ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255 permit ip 192.168.40.0 0.0.0.255 host 91.221.163.15 ! logging esm config access-list 10 permit 192.168.40.0 0.0.0.255 access-list 111 permit ip host 192.168.40.28 host 91.221.163.15 access-list 111 permit ip host 192.168.40.28 host 10.1.135.77 dialer-list 1 protocol ip permit no cdp run ! ! ! ! ! end

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>> можешь show run скинуть. > K_881#sh run > Building configuration... > Current configuration : 5098 bytes > ! > ! Last configuration change at 03:54:38 UTC Tue Jul 23 2013 by > s- > ! > version 15.1 > no service pad > service timestamps debug datetime msec > service timestamps log datetime msec > no service password-encryption > ! > hostname K_881 > ! > boot-start-marker > boot-end-marker > ! > ! > logging buffered 51200 warnings > ! > no aaa new-model > ! > memory-size iomem 10 > crypto pki token default removal timeout 0 > 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 > 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 > 69666963 6174652D 32383337 32373836 3137301E 170D3133 30373232 31303435 > 34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 > 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333732 > 37383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 > 8100F0E1 ED94223F FE257A66 3D093C35 258AB3FB 3915294E B5DE062F 3E4BA3E0 > A2C41E13 2B9676B7 6885EB96 BEE4340C 7B7F85E3 E5F0EC5C F33EBB44 BBFCE6E8 > A0087A91 4054102D 9C022596 F4186771 FD90655B 3298EF51 D7BA3C52 23E91C8D > 9E092266 6CCC8E62 1554C745 9377ED6C 4A45A2CE 5F837C1A AC3515AF A4E828FE > AA0F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 > 551D2304 18301680 14E4DEA6 92A0CF14 1CED8AB2 86F7BCD4 3A8EF26D 07301D06 > 03551D0E 04160414 E4DEA692 A0CF141C ED8AB286 F7BCD43A 8EF26D07 300D0609 > 2A864886 F70D0101 04050003 81810007 6333F459 7C0ADA7D A6022C98 08432635 > ip source-route > ! > ! > ! > ip dhcp excluded-address 192.168.40.1 192.168.40.10 > ip dhcp excluded-address 192.168.40.31 192.168.40.254 > ! > ip dhcp pool savsregion > network 192.168.40.0 255.255.255.0 > dns-server 212.75.210.62 > domain-name savsregion > default-router 192.168.40.1 > ! > ! > ip cef > ip domain name k.ru > ip name-server * > ip name-server * > no ipv6 cef > ! > ! > multilink bundle-name authenticated > vpdn enable > ! > vpdn-group global > ! > license udi pid CISCO881-K9 sn F-B > license boot module c880-data level advipservices > ! > ! > object-group network NAT-CO-WWW > host 91.221..* > ! > username ---admin privilege 15 secret 5 --- > ! > ! > ! > ! > ! > ! > crypto isakmp policy 5 > encr aes 256 > authentication pre-share > group 5 > lifetime 14400 > crypto isakmp key ** address 91.218.. > crypto isakmp invalid-spi-recovery > crypto isakmp keepalive 60 > ! > ! > crypto ipsec transform-set * * * * > ! > crypto map vpn_to_hq 10 ipsec-isakmp > set peer 91.218.. > set security-association lifetime seconds 14400 > set transform-set * > match address vpn_to_hq > ! > ! > ! > ! > ! > interface FastEthernet0 > ! > interface FastEthernet1 > ! > interface FastEthernet2 > ! > interface FastEthernet3 > ! > interface FastEthernet4 > description WAN$ETH-WAN$ > ip address 95.181.. 255.255.255.252 > ip nat outside > no ip virtual-reassembly in > duplex auto > speed auto > no cdp enable > crypto map vpn_to_hq > ! > interface Vlan1 > description LAN > ip address 192.168.40.1 255.255.255.0 > ip nat inside > no ip virtual-reassembly in > ! > ip forward-protocol nd > ip http server > ip http access-class 23 > ip http authentication local > ip http secure-server > ip http timeout-policy idle 60 life 86400 requests 10000 > ! > ! > ip nat inside source list NAT interface FastEthernet4 overload > ip route 0.0.0.0 0.0.0.0 95.181.53.89 > ! > ip access-list extended NAT > deny ip 192.168.40.0 0.0.0.255 host 91.221.163.15 > deny ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255 > deny ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255 > permit ip 192.168.40.0 0.0.0.255 any > ip access-list extended inside > permit tcp any any > ip access-list extended nat_lan_wan > deny ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255 > permit ip 192.168.40.0 0.0.0.255 any > ip access-list extended outside > permit tcp any host 95.181.. eq www > permit tcp any host 95.181.. eq 22 > permit tcp any host 95.181.. eq ftp > permit tcp any host 95.181.. eq telnet > permit icmp any host 95.181.. > ip access-list extended vpn_to_hq > permit ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255 > permit ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255 > permit ip 192.168.40.0 0.0.0.255 host 91.221.163.15 > ! > logging esm config > access-list 10 permit 192.168.40.0 0.0.0.255 > access-list 111 permit ip host 192.168.40.28 host 91.221.163.15 > access-list 111 permit ip host 192.168.40.28 host 10.1.135.77 > dialer-list 1 protocol ip permit > no cdp run > ! > ! > ! > ! > ! > end
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру