PDA

Επιστροφή στο Forum : Cisco pix 515e με cisco catalyst 2950 series και cisco router 1721.



whiterabbit
31-07-14, 11:17
γεια σας παιδια, εχω τον εν λογω hardware και θελω να συνδεσω το σισκο ρουτερ στο outside του pix αλλα δεν εχω καταφερει να μπω στο ιντερνετ με το cisco παρα με το παλιο μου us robotics.μπορειτε να μου στειλετε ενα configuration adsl με αυτοματα ip απο τον παροχο? φαινεται να το εχω ρυθμισει στα αλλα ενταξει αλλα δεν ξερω τι ρυθμισεις να βαλω στο nat γιατι εχω μπερδευτει και με το pix.θελετε να σας στειλω τα cfg του pix & router?

whiterabbit
06-08-14, 16:12
Router 1721 Cisco :


ip dhcp excluded-address 192.168.0.1 192.168.0.50
!
ip dhcp pool DHCP-LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 4.4.4.4
!
!
no ip domain lookup
vpdn enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username whiterabbit privilege 15 password 0 xxxx
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Ethernet0
ip address 192.168.10.1 255.255.255.0
shutdown
full-duplex
!
interface FastEthernet0
description LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
speed 100
full-duplex
!
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxx@xxxx
ppp chap password 0 xxxx
ppp pap sent-username xxxx@xxxx password 0 xxxx
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
control-plane
!
!
!
!
!
!
!
!
banner login ^C
If you are not authorized to access this device,
DISCONNECT IMMEDIATELY!
^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
login local
!
end

Cisco PIX 515E:

: Saved
:
PIX Version 8.0(4)28
!
hostname pixfirewall
domain-name home
enable password jib5jE36yfXESYRn encrypted
passwd jib5jE36yfXESYRn encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0
!
interface Ethernet2
nameif dmz
security-level 0
ip address dhcp setroute
!
boot system flash:/pix804-28.bin
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
dns server-group DefaultDNS
domain-name home
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip verify reverse-path interface outside
ip verify reverse-path interface inside
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
icmp permit any inside
asdm image flash:/asdm-61557.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 101 10.1.1.2-10.1.1.255 netmask 255.255.255.0
global (outside) 1 interface
nat (outside) 1 0.0.0.0 0.0.0.0
nat (inside) 1 10.1.1.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.1.1.0 255.255.255.0 inside
http 10.1.1.1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh 10.1.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
dhcp-client client-id interface outside
dhcp-client client-id interface dmz
dhcpd dns 212.205.212.205 195.170.0.1
dhcpd ping_timeout 750
!
dhcpd address 10.1.1.31-10.1.1.61 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username whiterabbit password sJW/bvjVtONqT3jX encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:ca3db9e821e4dfd41f3a2379b668df0f
: end
asdm image flash:/asdm-61557.bin
no asdm history enable

@ ADSLgr.com All rights reserved.