>и sh ver gw#sh run
Building configuration...
Current configuration : 5792 bytes
!
version 12.4
!
hostname gw
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.124-5.bin
boot-end-marker
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip source-route
ip cef
!
!
ip inspect max-incomplete low 25
ip inspect max-incomplete high 100
ip inspect one-minute low 25
ip inspect one-minute high 100
ip inspect name ext smtp alert on
ip inspect name ext http alert on
ip inspect name ext ftp alert on
ip inspect name ext tcp alert on
ip inspect name ext udp alert on
ip inspect name ext icmp alert on
ip inspect name ext ssh alert on
ip inspect name ext telnet alert on
!
!
ip flow-egress input-interface
ip flow-cache timeout inactive 60
ip flow-cache timeout active 1
no ip domain lookup
!
interface Loopback0
ip address 192.168.254.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface FastEthernet0/0
description WAN
ip address 195.178.213.83 255.255.255.248
ip access-group ext_if_in in
ip access-group ext_if_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect ext in
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache policy
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.40.1 255.255.255.0
ip flow egress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 195.178.213.81
ip flow-export version 5
!
ip nat pool internal2outside 195.178.213.84 195.178.213.84 netmask 255.255.255.248
ip nat inside source list 1 pool internal2outside overload
ip nat inside source static tcp 192.168.40.2 22 195.178.213.86 22867 extendable
!
ip access-list extended ext_if_in
evaluate ip_out
permit tcp any host 195.178.213.83 eq 22
permit udp any host 195.178.213.83 eq isakmp
permit udp host 204.34.198.40 eq ntp host 195.178.213.83 eq ntp
deny ip any any log
ip access-list extended ext_if_out
permit ip 195.178.213.80 0.0.0.7 any reflect ip_out
deny ip any any log
!
access-list 1 permit 192.168.40.0 0.0.0.255
access-list 101 permit ip any 192.168.40.0 0.0.0.255
access-list 108 permit ip any any
route-map l00p permit 10
match ip address 101
set interface Loopback0 FastEthernet0/1
!
...
end
gw#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(5), RELE
ASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Mon 31-Oct-05 18:02 by alnguyen
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
gw uptime is 1 day, 13 minutes
System returned to ROM by reload at 15:07:13 msk Mon Feb 27 2006
System restarted at 15:09:02 msk Mon Feb 27 2006
System image file is "flash:c1841-advsecurityk9-mz.124-5.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 4.1) with 116736K/14336K bytes of memory.
Processor board ID FCZ090622WQ
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Может, из-за ip inspect не пашет???
