Записи Друзья Комментарии
asmodeus-666
Аватар asmodeus-666

 -Поиск по дневнику

Поиск сообщений в asmodeus-666

 -Подписка по e-mail

 

 -Постоянные читатели

 -Сообщества

Читатель сообществ (Всего в списке: 4) ParadizeArt Мы_критикуем PRO_FOOTBOL PastimeArt

 -Статистика

Статистика LiveInternet.ru: показано количество хитов и посетителей
Создан: 26.05.2009
Записей: 653
Комментариев: 1
Написано: 654


Cisco 2801 + nat + шейпинг + l2tp сервер без ipsec

Четверг, 13 Мая 2010 г. 12:52 + в цитатник
Оригинал сообщения
Комментарии: Комментарии

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime localtime

service password-encryption

!

hostname router.sraka.zhoppa

!

boot-start-marker

boot system flash c2801-adventerprisek9-mz.124-24.T.bin

boot-end-marker

!

logging message-counter syslog

enable secret 5 xxx

!

aaa new-model

!

!

aaa authentication ppp default local

aaa authorization network default none

!

!

aaa session-id common

clock timezone moscow 3

clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00

dot11 syslog

ip source-route

!

!

ip cef

ip domain name sraka.zhoppa

ip multicast-routing

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

vpdn enable

!

vpdn-group 1

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

no l2tp tunnel authentication

!

!

no virtual-template snmp

!

!

voice-card 0

!

!

username nahnah1 privilege 15 secret 5 xxx

username nahnah2 password 7 xxx

username nahnah3 password 7 xxx

username nahnah4 password 7 xxx

archive

log config

hidekeys

!

ip tftp source-interface FastEthernet0/0

ip ssh version 2

!

interface FastEthernet0/0

ip address 192.168.1.x 255.255.255.0

ip access-group 150 in

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

traffic-shape group 160 3000000 75000 75000 1000

traffic-shape group 161 512000 12800 12800 1000

!

interface FastEthernet0/1

ip address x.x.x.x 255.255.255.240

ip access-group 110 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Virtual-Template1

ip unnumbered FastEthernet0/0

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

peer default ip address pool mypool

ppp encrypt mppe 128

ppp authentication ms-chap-v2

!

ip local pool mypool 192.168.1.10 192.168.1.20

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 x.x.x.x

ip route 172.x.x.0 255.255.255.0 192.168.1.10 permanent

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface FastEthernet0/1 overload

!

logging trap errors

logging 192.168.1.xxx

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 110 deny ip 0.0.0.0 0.255.255.255 any log

access-list 110 deny ip host 255.255.255.255 any log

access-list 110 deny ip 127.0.0.0 0.255.255.255 any log

access-list 110 deny ip 224.0.0.0 15.255.255.255 any log

access-list 110 deny ip 240.0.0.0 7.255.255.255 any log

access-list 110 deny ip 192.0.2.0 0.0.0.255 any log

access-list 110 deny ip 169.254.0.0 0.0.255.255 any log

access-list 110 deny ip 172.16.0.0 0.0.255.255 any log

access-list 110 deny ip 192.168.0.0 0.0.255.255 any log

access-list 110 permit tcp any host x.x.x.x eq 22

access-list 110 permit tcp any host x.x.x.x eq 38211

access-list 110 permit tcp any host x.x.x.x eq smtp

access-list 110 permit tcp any host x.x.x.x eq pop3

access-list 110 permit tcp any host x.x.x.x eq 143

access-list 110 permit tcp any host x.x.x.x eq 1430

access-list 110 permit tcp any host x.x.x.x eq 18022

access-list 110 permit tcp any host x.x.x.x eq domain

access-list 110 permit udp any host x.x.x.x eq domain

access-list 110 permit tcp any host x.x.x.x eq www

access-list 110 permit udp any host x.x.x.x gt 1023

access-list 110 permit tcp any any eq 1701

access-list 110 permit udp any any eq 1701

access-list 110 permit udp any eq isakmp any

access-list 110 permit udp any any eq isakmp

access-list 110 permit icmp any any

access-list 110 permit gre any any

access-list 110 permit esp any any

access-list 110 permit tcp any any established

access-list 110 deny ip any any log

access-list 150 permit ip host 192.168.1.22 any

access-list 150 permit ip host 192.168.1.250 any

access-list 150 permit ip host 192.168.1.8 any

access-list 150 permit ip host 192.168.1.252 any

access-list 150 permit tcp 192.168.1.0 0.0.0.255 any eq www

access-list 150 permit tcp 192.168.1.0 0.0.0.255 any eq 8080

access-list 150 permit tcp 192.168.1.0 0.0.0.255 any eq 443

access-list 150 permit tcp 192.168.1.0 0.0.0.255 any eq 2042

access-list 150 permit tcp 192.168.1.0 0.0.0.255 any eq 2041

access-list 150 permit tcp 192.168.1.0 0.0.0.255 any eq 9091

access-list 150 permit tcp 192.168.1.0 0.0.0.255 any eq pop3

access-list 150 permit udp any eq isakmp any

access-list 150 permit udp any any eq isakmp

access-list 150 permit esp any any

access-list 150 permit icmp any any

access-list 150 permit tcp any any established

access-list 150 deny ip any any log

access-list 160 permit ip host 192.168.1.22 any

access-list 160 permit ip any host 192.168.1.22

access-list 160 permit ip host 192.168.1.250 any

access-list 160 permit ip any host 192.168.1.250

access-list 160 permit ip host 192.168.1.8 any

access-list 160 permit ip any host 192.168.1.8

access-list 161 permit ip any any

no cdp run

!

control-plane

!

mgcp fax t38 ecm

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

exec-timeout 30 0

privilege level 15

transport input ssh

transport output all

!

scheduler max-task-time 5000

scheduler allocate 20000 1000

end


Вобщем как то так.


Я сейчас нахожусь: Moscow
Мой настрой: Super
Я слушаю: Biopsyhoz

LIci WP
Нравится

К дневнику Страницы: [1] [Новые]
 

О проекте