نمایش نتایج: از شماره 1 تا 1 از مجموع 1

موضوع: Cisco NAT in subinterface Question

  
  1. #1
    نام حقيقي: دانیال احمدی زاده

    عضو ویژه شناسه تصویری DaNi_84
    تاریخ عضویت
    Jul 2006
    محل سکونت
    Tehran
    نوشته
    1,586
    سپاسگزاری شده
    738
    سپاسگزاری کرده
    307

    Cisco NAT in subinterface Question

    Hello
    i have a problem with NAT in my subinterfaces
    the problem is the clients can ping they're gateway(invalid ip) but they cant ping any valid ips or open any
    webpages



    Current configuration : 7392 bytes
    !
    version 12.1
    service nagle
    no service pad
    service timestamps debug datetime localtime
    service timestamps log datetime localtime
    service password-encryption
    !
    hostname AS5300
    !
    logging buffered 1000000 debugging
    logging history errors
    aaa new-model
    aaa authentication login default local
    aaa authentication ppp default group radius local
    aaa authorization network default group radius local
    aaa accounting update newinfo
    aaa accounting network default start-stop group radius
    aaa accounting system default start-stop group radius
    !
    !
    !
    resource-pool disable
    !
    !
    !
    !
    !
    clock timezone IRT 3 30
    clock summer-time IRT recurring
    ip subnet-zero
    no ip source-route
    no ip icmp rate-limit unreachable
    ip rcmd rsh-enable
    ip wccp web-cache
    ip cef
    ip tcp selective-ack
    ip tcp synwait-time 10
    ip name-server 217.218.127.104
    ip name-server 217.218.127.105
    ip name-server 217.218.127.106
    !
    isdn switch-type primary-net5
    mta receive maximum-recipients 0
    !
    !
    controller E1 0
    clock source line primary
    pri-group timeslots 1-31
    !
    controller E1 1
    shutdown
    framing NO-CRC4
    clock source line secondary 1
    ds0-group 1 timeslots 1-15,17-31 type r2-digital
    cas-custom 1
    !
    controller E1 2
    shutdown
    pri-group timeslots 1-31
    !
    controller E1 3
    shutdown
    ds0-group 1 timeslots 1-15,17-31 type r2-digital
    cas-custom 1
    !
    !
    !
    !
    interface Ethernet0
    ip address 172.16.10.1 255.255.255.0
    ip nat inside
    !
    interface Serial0:15
    no ip address
    encapsulation ppp
    isdn switch-type primary-net5
    isdn incoming-voice modem
    ppp authentication pap chap
    !
    interface Serial2:15
    no ip address
    isdn switch-type primary-net5
    no cdp enable
    !
    interface FastEthernet0
    description connected to The Internet
    no ip address
    ip access-group 111 in
    ip access-group 111 out
    no ip unreachables
    ip nat outside
    duplex full
    speed 100
    !
    interface FastEthernet0.100
    encapsulation dot1Q 100
    ip address valid ip
    ip nat outside
    no ip mroute-cache
    !
    interface FastEthernet0.200
    encapsulation dot1Q 200
    ip address 10.186.100.248 255.255.255.0
    ip access-group 115 in
    ip access-group 115 out
    !
    interface FastEthernet0.520
    encapsulation dot1Q 520
    ip address 192.168.0.1 255.255.255.0
    ip nat inside
    traffic-shape group 20 128000 128000 128000 1000
    !
    interface FastEthernet0.522
    encapsulation dot1Q 522
    ip address 192.168.2.1 255.255.255.0
    ip nat inside
    traffic-shape group 22 128000 128000 128000 1000
    !
    interface FastEthernet0.524
    encapsulation dot1Q 524
    ip address 192.168.6.1 255.255.255.0
    ip nat inside
    !
    interface FastEthernet0.526
    encapsulation dot1Q 526
    ip address 192.168.8.1 255.255.255.0
    ip nat inside
    !
    interface FastEthernet0.528
    encapsulation dot1Q 528
    ip address 192.168.10.1 255.255.255.0
    ip nat inside
    !
    interface Group-Async1
    ip unnumbered FastEthernet0.100
    ip access-group 120 in
    ip access-group 120 out
    no ip unreachables
    ip nat inside
    encapsulation ppp
    ip route-cache policy
    ip tcp header-compression
    no ip mroute-cache
    ip policy route-map ptt
    keepalive 10
    async mode dedicated
    peer default ip address pool nat40
    no cdp enable
    ppp authentication chap pap
    group-range 1 120
    !
    ip local pool nat40 192.168.40.10 192.168.40.200
    ip nat inside source list 20 interface FastEthernet0 overload
    ip nat inside source list 22 interface FastEthernet0 overload
    ip nat inside source list 24 interface FastEthernet0 overload
    ip nat inside source list 30 interface Ethernet0 overload
    ip nat inside source list 40 interface FastEthernet0.100 overload
    ip classless
    no ip forward-protocol udp tftp
    no ip forward-protocol udp netbios-ns
    no ip forward-protocol udp netbios-dgm
    no ip forward-protocol udp tacacs
    ip route 0.0.0.0 0.0.0.0 80.191.231.33
    no ip http server
    !
    access-list 20 permit 192.168.0.0 0.0.0.255
    access-list 22 permit 192.168.2.0 0.0.0.255
    access-list 24 permit 192.168.4.0 0.0.0.255
    access-list 26 permit 192.168.6.0 0.0.0.255
    access-list 28 permit 192.168.8.0 0.0.0.255
    access-list 30 permit 172.16.10.0 0.0.0.255
    access-list 40 permit 192.168.40.0 0.0.0.255
    access-list 111 deny udp any any eq 4257
    access-list 111 deny udp any any eq 1434
    access-list 111 deny tcp any any eq 6667
    access-list 111 deny tcp any any eq 5554
    access-list 111 deny tcp any any eq 9996
    access-list 111 deny tcp any any eq 135
    access-list 111 deny tcp any any eq 139
    access-list 111 deny tcp any any eq 445
    access-list 111 deny tcp any any eq 4444
    access-list 111 deny tcp any any eq 707
    access-list 111 deny udp any any eq 135
    access-list 111 deny udp any any eq netbios-ss
    access-list 111 deny udp any any eq 445
    access-list 111 deny udp any any eq netbios-ns
    access-list 111 deny udp any any eq netbios-dgm
    access-list 111 deny ip 127.0.0.0 0.255.255.255 any
    access-list 111 deny ip 224.0.0.0 31.255.255.255 any
    access-list 111 deny ip host 0.0.0.0 any
    access-list 111 deny ip 10.0.0.0 0.255.255.255 any
    access-list 111 permit ip any any
    access-list 115 deny udp any any eq 4257
    access-list 115 deny udp any any eq 1434
    access-list 115 deny tcp any any eq 6667
    access-list 115 deny tcp any any eq 5554
    access-list 115 deny tcp any any eq 9996
    access-list 115 deny tcp any any eq 135
    access-list 115 deny tcp any any eq 139
    access-list 115 deny tcp any any eq 445
    access-list 115 deny tcp any any eq 4444
    access-list 115 deny tcp any any eq 707
    access-list 115 deny udp any any eq 135
    access-list 115 deny udp any any eq netbios-ss
    access-list 115 deny udp any any eq 445
    access-list 115 deny udp any any eq netbios-ns
    access-list 115 deny udp any any eq netbios-dgm
    access-list 115 deny ip host 0.0.0.0 any
    access-list 115 permit ip 10.186.100.192 0.0.0.63 any
    access-list 115 deny ip any any
    access-list 120 deny tcp any any range 135 139
    access-list 120 deny tcp any any eq 4444
    access-list 120 deny tcp any any eq 1434
    access-list 120 deny tcp any any eq 1433
    access-list 120 deny tcp any any eq 445
    access-list 120 deny tcp any any eq 593
    access-list 120 deny tcp any any eq 9898
    access-list 120 deny tcp any any eq 5554
    access-list 120 deny tcp any any eq 5556
    access-list 120 deny tcp any any eq 9996
    access-list 120 deny udp any any eq 1434
    access-list 120 deny udp any any eq 1433
    access-list 120 deny udp any any eq 995
    access-list 120 deny udp any any eq 996
    access-list 120 deny udp any any eq 997
    access-list 120 deny udp any any eq 998
    access-list 120 deny udp any any eq 999
    access-list 120 deny udp any any eq netbios-ns
    access-list 120 deny udp any any eq netbios-dgm
    access-list 120 deny udp any any eq netbios-ss
    access-list 120 deny ip 10.0.0.0 0.255.255.255 any
    access-list 120 permit ip any any
    !!
    ....
    end




    موضوعات مشابه:
    ویرایش توسط DaNi_84 : 2006-11-13 در ساعت 02:05 PM

کلمات کلیدی در جستجوها:

nat on subinterface

nat subinterface

cisco subinterface nat

cisco nat on subinterface

cisco nat subinterface

subinterface nat

nat con subinterfaces

nat subinterfaces

how to configure nat subinterfaces

IP NAT inside on sub interfacenat on subinterfacescisco asa subinterface natcisco ip nat subinterfaceip nat subinterfacenat cisco subinterfaceip nat sub interfacecisco asa nat subinterfaceip nat 2 subinterfacenat with subinterfacesping from interface error nat cisconat on a subinterfaceip nat inside source route-map subinterface2 subinterfaces with ip natcisco nat on subinterfacesnat clients to subinterface

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •