Здравствуйте!Прошу помощи у знатоков Cisco, настраиваю cicso первый раз. Модель 1811
Конфигурировал через web интерфейс. Задача - раздать инет с FastEthernet1 по нату для FastEthernet0. Текущая ситуация - на циску можно зайти со всех интерфесов, с самой циски пинг в сторону WAN и в сторону LAN выполняется. Но со стороны LAN (Eth0) нет доступа к WAN (Eth1).
Вот результат выполнения команды с клиентской станции
=======================================
[vasya@vasya ~]$ telnet mail.ru 80
Trying 217.69.128.44...
=======================================
Вот show run
=======================================
Building configuration...
Current configuration : 9183 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname <hostname>
!
boot-start-marker
boot-end-marker
!
logging buffered 1024000 debugging
enable secret 5 $1$6.pN$.St8iMJ1wixVtGSIUhxrJ/
enable password <password>
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 3
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
!
ip cef
!
!
ip name-server xx.xx.69.10
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip ips sdf location flash://128MB.sdf autosave
ip ips notify SDEE
ip ips name sdm_ips_rule
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
!
!
crypto pki trustpoint TP-self-signed-1726913225
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1726913225
revocation-check none
rsakeypair TP-self-signed-1726913225
!
!
crypto pki certificate chain TP-self-signed-1726913225
certificate self-signed 01
<вырезал>
username <username> privilege 15 password 0 <password>
!
!
!
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.250.1 255.255.0.0
ip access-group 104 in
ip nat inside
ip ips sdm_ips_rule out
ip virtual-reassembly
speed auto
full-duplex
no cdp enable
!
interface FastEthernet1
description $FW_OUTSIDE$$ETH-WAN$
ip address xx.xx.69.13 255.255.255.248
ip access-group 105 in
ip nat outside
ip ips sdm_ips_rule in
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet2
switchport mode trunk
shutdown
no cdp enable
!
interface FastEthernet3
shutdown
no cdp enable
!
interface FastEthernet4
shutdown
no cdp enable
!
interface FastEthernet5
shutdown
no cdp enable
!
interface FastEthernet6
shutdown
no cdp enable
!
interface FastEthernet7
shutdown
no cdp enable
!
interface FastEthernet8
shutdown
no cdp enable
!
interface FastEthernet9
shutdown
no cdp enable
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
shutdown
!
interface Async1
no ip address
encapsulation slip
shutdown
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1 xx.xx.69.9
!
!
ip http server
ip http access-class 1
ip http authentication aaa
ip http secure-server
ip nat inside source list 3 interface FastEthernet1 overload
!
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit xx.xx.215.164
access-list 1 permit xx.xx.69.8 0.0.0.7
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 3 permit 192.168.0.0 0.0.255.255
access-list 100 remark 1
access-list 100 remark SDM_ACL Category=64
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip host xx.xx.215.164 any
access-list 101 permit ip xx.xx.0.0 0.0.255.255 any
access-list 101 permit ip xx.xx.69.8 0.0.0.7 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny ip xx.xx.69.8 0.0.0.7 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 104 permit icmp any any
access-list 104 permit tcp 192.168.0.0 0.0.255.255 any eq www
access-list 104 permit tcp 192.168.0.0 0.0.255.255 any eq 443
access-list 104 permit tcp 192.168.0.0 0.0.255.255 any eq 22
access-list 104 permit tcp 192.168.0.0 0.0.255.255 any eq domain
access-list 104 permit udp 0.0.0.0 255.255.0.0 any eq domain
access-list 104 deny ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 105 permit icmp any host xx.xx.69.13 echo-reply
access-list 105 permit icmp any host xx.xx.69.13 time-exceeded
access-list 105 permit icmp any host xx.xx.69.13 unreachable
access-list 105 permit tcp any host xx.xx.69.13 eq 443
access-list 105 permit tcp any host xx.xx.69.13 eq 22
access-list 105 permit tcp any host xx.xx.69.13 eq cmd
access-list 105 permit udp any eq domain host xx.xx.69.13
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.15.255.255 any
access-list 105 deny ip 127.0.0.0 0.255.255.255 any
access-list 105 deny ip host 255.255.255.255 any
access-list 105 deny ip host 0.0.0.0 any
access-list 105 deny ip any any log
access-list 106 remark SDM_ACL Category=4
access-list 106 remark IPSec Rule
access-list 106 permit ip 169.254.40.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 188 remark Allow all
access-list 188 remark SDM_ACL Category=1
access-list 188 permit ip any any
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 101 in
password <password>
transport input ssh
transport output ssh
!
no process cpu extended
no process cpu autoprofile hog
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
=======================================
Помогите найти причину неработающего NAT
Спасибо.