ببخشید که کمی دیر شد این هم کانفیگ. یه معاینه ای بکنید ببنید چشه!!!
کد:
Current configuration : 7689 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Lahijnet
!
enable secret level ----------------------------------
enable secret level ----------------------------------
enable secret level ----------------------------------
enable password -------------------------------------
!
username ----------password ---------------------------
spe 1/0 1/9
firmware location system:/ucode/mica_port_firmware
!
!
resource-pool disable
!
syscon address 192.168.100.123 123
syscon shelf-id 0
aaa new-model
!
!
aaa authentication ppp default none
aaa authentication ppp isputil group radius local
aaa authorization network isputil group radius local
aaa accounting update newinfo periodic 1
aaa accounting network isputil start-stop group radius
aaa session-id common
ip subnet-zero
ip name-server 10.10.1.3
ip name-server 217.218.155.104
ip name-server 192.9.9.3
!
!
table-map nachiworm
default copy
!
isdn switch-type primary-net5
!
!
!
controller E1 0
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
clock source line secondary 1
pri-group timeslots 1-31
!
controller E1 2
shutdown
clock source line secondary 2
!
controller E1 3
shutdown
clock source line secondary 3
!
controller E1 4
shutdown
clock source line secondary 4
!
controller E1 5
shutdown
clock source line secondary 5
!
controller E1 6
shutdown
clock source line secondary 6
!
controller E1 7
shutdown
clock source line secondary 7
!
!
interface Ethernet0
ip address 192.168.10.1 255.255.255.0
no ip route-cache
!
interface Serial0
ip unnumbered FastEthernet0
ip access-group 140 in
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip route-cache
shutdown
clockrate 2015232
no fair-queue
!
interface Serial2
no ip address
no ip route-cache
shutdown
clockrate 2015232
no fair-queue
!
interface Serial3
no ip address
no ip route-cache
shutdown
clockrate 2015232
no fair-queue
!
interface Serial0:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
isdn map address .* plan isdn type unknown
isdn calling-number -----------
isdn send-alerting
isdn sending-complete
compress mppc
!
interface Serial1:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
isdn map address .* plan isdn type unknown
isdn calling-number -----------
isdn send-alerting
isdn sending-complete
compress mppc
!
interface FastEthernet0
ip address 10.10.1.1 255.255.0.0 secondary
ip address 200.200.200.1 255.255.255.0 secondary
ip address 20.20.20.1 255.255.255.0 secondary
ip address 10.20.1.1 255.255.255.0 secondary
ip address 192.168.1.253 255.255.255.0 secondary
ip address --------------- 255.255.255.240
ip access-group 132 in
ip access-group 132 out
ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
duplex full
speed 100
!
interface Group-Async1
ip unnumbered FastEthernet0
ip access-group 130 in
ip directed-broadcast
ip nat inside
encapsulation ppp
no ip route-cache
ip tcp header-compression
no ip mroute-cache
ip policy route-map Nachiworm
async mode interactive
peer default ip address pool -------
no keepalive
compress mppc
ppp authentication pap isputil
ppp authorization isputil
ppp accounting isputil
group-range 1 120
!
interface Group-Async2
physical-layer async
no ip address
!
ip local pool Lahij 10.10.1.10 10.10.1.80
ip nat pool nat_inside ---------- ---------- netmask 255.255.255.240
ip nat inside source list 110 pool nat_inside overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
access-list 1 permit 10.10.0.0 0.0.255.255
access-list 15 permit 10.10.1.2
access-list 100 deny ip host -------------------------- any
access-list 100 permit tcp 10.0.0.0 0.255.255.255 any eq www
access-list 100 deny ip any any
access-list 100 permit tcp any any eq www
access-list 110 deny ip any 10.10.0.0 0.0.255.255
access-list 110 deny ip any 10.20.1.0 0.0.0.255
access-list 110 deny ip any 200.200.200.0 0.0.0.255
access-list 110 deny ip any 20.20.20.0 0.0.0.255
access-list 110 deny ip any --------------- 0.0.0.15
access-list 110 permit ip 10.10.0.0 0.0.255.255 any
access-list 130 deny tcp any host 80.191.191.68 eq 3128
access-list 130 deny tcp any any eq 135
access-list 130 deny tcp any any eq 139
access-list 130 deny tcp any any eq 445
access-list 130 deny tcp any any eq 593
access-list 130 deny tcp any any eq 1025
access-list 130 deny tcp any any eq 2745
access-list 130 deny tcp any any eq 4444
access-list 130 deny tcp any any eq 5554
access-list 130 deny tcp any any eq 6129
access-list 130 deny tcp any any eq 9996
access-list 130 deny tcp any any range 1035 1037
access-list 130 deny udp any any range 135 netbios-ss
access-list 130 deny udp any any eq 1434
access-list 130 permit ip 200.200.200.0 0.0.0.255 any
access-list 130 permit ip 10.10.1.0 0.0.0.255 any
access-list 130 permit ip 10.10.2.0 0.0.0.255 any
access-list 130 permit ip 10.10.3.0 0.0.0.255 any
access-list 130 permit icmp 10.10.2.0 0.0.0.255 any
access-list 130 deny ip any any
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 deny ip any any
access-list 132 deny tcp any any eq 135
access-list 132 deny tcp any any eq 139
access-list 132 deny tcp any any eq 445
access-list 132 deny tcp any any eq 593
access-list 132 deny tcp any any eq 1025
access-list 132 deny tcp any any eq 2745
access-list 132 deny tcp any any eq 4444
access-list 132 deny tcp any any eq 5554
access-list 132 deny tcp any any eq 6129
access-list 132 deny tcp any any eq 9996
access-list 132 deny tcp any any range 1035 1037
access-list 132 deny udp any any range 135 netbios-ss
access-list 132 deny udp any any eq 1434
access-list 132 permit ip any any
access-list 132 deny icmp any any echo-reply
access-list 132 deny icmp any any echo
access-list 135 permit ip any any
access-list 135 deny tcp any any eq 1214
access-list 135 deny tcp any any eq 2535
access-list 135 deny tcp any any eq 2745
access-list 135 deny tcp any any eq 4444
access-list 135 deny tcp any any eq 5554
access-list 135 deny tcp any any eq 6129
access-list 135 deny tcp any any eq 9999
access-list 135 deny tcp any any eq 9996
access-list 140 deny icmp any any echo
access-list 140 deny icmp any any echo-reply
access-list 140 deny icmp any any
access-list 140 permit ip any any
access-list 141 permit tcp 10.10.2.0 0.0.0.255 any eq www
access-list 141 deny ip any any
access-list 141 permit tcp any any eq www
access-list 150 permit ip 20.20.20.0 0.0.0.255 host 209.85.129.147
route-map Nachiworm permit 2
match ip address 131
match length 92 4096
set interface Null0
!
route-map Nachiworm permit 4
match ip address 100
set ip next-hop ----------
!
snmp-server community public RW 15
no snmp-server enable traps tty
radius-server host 10.10.1.2 auth-port ----- acct-port -----
radius-server retransmit 5
radius-server key - ------------
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
!
line con 0
line 1 60
exec-timeout 0 0
no flush-at-activation
modem Dialin
modem autoconfigure discovery
transport input all
transport output none
autoselect arap
autoselect during-login
autoselect ppp
line 61 120
exec-timeout 0 0
no flush-at-activation
transport input all
transport output none
line aux 0
line vty 0 4
!
facility-alarm detect interface FastEthernet0
!
!
end