Allied telesys AR-750s
Вот такую цацку надо настроить по тeмплету Cisco.
Прежде чем переворачивать гору мануалов может кто-нибудь имеет опыт работы с Allied telesys AR-750s и сможет подсказать будет ли работать вот такая конфигурация:
aaa new-model
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization exec default local
aaa authorization network groupauthor local
!no ip domain lookup
no spanning-tree vlan 1
no spanning-tree vlan 16
no spanning-tree vlan 17
no spanning-tree vlan 22
no spanning-tree vlan 23
no spanning-tree vlan 24
username cisco privilege 15 secret cisco
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group cisco
key 6 cisco
pool vpn_tunnel_address
acl static_route_to_computer
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set ESP-3DES-SHA
reverse-route
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 65535 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0
description Satellite Switch Port 43
no ip address
duplex auto
speed auto
no sh
!
interface FastEthernet0.1
description VLAN 16
encapsulation dot1Q 16
ip address 172.16.255.254 255.255.0.0
ip access-group app_permissions in
ip nat outside
ip virtual-reassembly
no shutdown
!
interface FastEthernet0.2
description VLAN 17
encapsulation dot1Q 17
ip address 172.17.255.254 255.255.0.0
ip access-group app_permissions in
ip nat outside
ip virtual-reassembly
no shutdown
!
interface FastEthernet0.3
description VLAN 22
encapsulation dot1Q 22
ip address 172.22.4.240 255.255.255.0
ip access-group app_permissions in
ip nat outside
ip virtual-reassembly
no shutdown
!
interface FastEthernet0.4
description VLAN 23
encapsulation dot1Q 23
ip address 172.23.255.254 255.255.0.0
ip access-group app_permissions in
ip nat outside
ip virtual-reassembly
no shutdown
!
interface FastEthernet0.5
description VLAN 24
encapsulation dot1Q 24
ip address 172.24.4.240 255.255.255.0
ip access-group app_permissions in
ip nat outside
ip virtual-reassembly
no shutdown
!
interface FastEthernet1
description Remote VPN Access
ip address 10.101.100.254 255.255.0.0
ip ips Ips_Rule in
ip access-group VPN in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
no shutdown
!
!
interface Vlan1
ip address 192.168.255.254 255.255.255.0
ip ips Ips_Rule in
ip access-group INTRANET in
ip nat inside
ip virtual-reassembly
no shutdown
!
ip local pool vpn_tunnel_address 172.20.255.1 172.20.255.5
ip classless
ip route 0.0.0.0 0.0.0.0 10.101.0.150
!
ip http server
ip http authentication aaa
no ip http secure-server
ip nat pool pool-16 172.16.255.1 172.16.255.99 prefix-length 16
ip nat pool pool-17 172.17.255.1 172.17.255.99 prefix-length 16
ip nat pool pool-23 172.23.255.1 172.23.255.99 prefix-length 16
ip nat pool pool-22 172.22.4.241 172.22.4.249 prefix-length 24
ip nat pool pool-24 172.24.4.241 172.24.4.249 prefix-length 24
ip nat inside source route-map map-116 pool pool-16
ip nat inside source route-map map-117 pool pool-17
ip nat inside source route-map map-123 pool pool-23
ip nat inside source route-map map-122 pool pool-22
ip nat inside source route-map map-124 pool pool-24
!
ip access-list extended INTRANET
permit icmp any any
deny ip any host 10.101.100.254
deny ip any host 192.168.255.254
deny ip any host 172.23.255.254
deny ip any 172.22.4.0 0.0.0.255
deny ip any 172.24.4.0 0.0.0.255
deny ip any host 172.16.255.254
deny ip any host 172.17.255.254
permit tcp any any eq www
permit udp any any eq snmp
permit tcp any any eq telnet
permit tcp any any eq 5800 5900
permit udp any eq ntp any
permit udp any any eq ntp
permit ip any host 172.16.11.1
ip access-list extended VPN
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
ip access-list extended convert_to_subnet_16
permit ip 172.20.255.0 0.0.0.255 172.16.0.0 0.0.255.255
deny ip 192.168.255.0 0.0.0.255 172.16.11.1 0.0.0.0
permit ip 192.168.255.0 0.0.0.255 172.16.0.0 0.0.255.255
ip access-list extended convert_to_subnet_17
permit ip 172.20.255.0 0.0.0.255 172.17.0.0 0.0.255.255
deny tcp any eq ftp ftp-data 172.17.0.0 0.0.255.255
deny udp 172.17.11.1 0.0.0.0 any eq snmptrap
permit ip 192.168.255.0 0.0.0.255 172.17.0.0 0.0.255.255
ip access-list extended convert_to_subnet_23
permit ip 172.20.255.0 0.0.0.255 172.23.0.0 0.0.255.255
ip access-list extended convert_to_subnet_22
permit ip 172.20.255.0 0.0.0.255 172.22.4.0 0.0.0.255
ip access-list extended convert_to_subnet_24
permit ip 172.20.255.0 0.0.0.255 172.24.4.0 0.0.0.255
ip access-list extended app_permissions
permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
permit ip 172.17.0.0 0.0.255.255 172.17.0.0 0.0.255.255
permit ip 172.23.0.0 0.0.255.255 172.23.0.0 0.0.255.255
permit ip 172.22.4.0 0.0.0.255 172.22.4.0 0.0.0.255
permit ip 172.24.4.0 0.0.0.255 172.24.4.0 0.0.0.255
permit udp any eq ntp any
permit udp any any eq ntp
permit udp 172.17.11.1 0.0.0.0 any eq snmptrap
permit ip 172.16.11.1 0.0.0.0 192.168.255.0 0.0.0.255
ip access-list extended static_route_to_computer
permit ip 172.23.0.0 0.0.255.255 any
permit ip 172.16.0.0 0.0.255.255 any
permit ip 172.24.4.0 0.0.0.255 any
permit ip 172.22.4.0 0.0.0.255 any
permit ip 172.17.0.0 0.0.255.255 any
!
snmp-server community public RO
!
route-map map-123 permit 10
match ip address convert_to_subnet_23
!
route-map map-117 permit 10
match ip address convert_to_subnet_17
!
route-map map-122 permit 10
match ip address convert_to_subnet_22
!
route-map map-124 permit 10
match ip address convert_to_subnet_24
!
route-map map-116 permit 10
match ip address convert_to_subnet_16
!
end
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(ok) on 10-Авг-08, 18:26 
