با درود.
ما دیروز خط PtP خودمون رو از یه شرکت icp تحویل گرفتیم. قبلا رو tellabs بودیم الان رو آلکاتل هستیم. روترمون هم گذاشتیم cisco 878. شرکت یه سری ip بهمون داد من هم ip های as رو عوض کردم و در همون رنج گذاشتم.
الان یوزر ها صفحه باز نمی کنند. یوزر ها رو cache نمیرند. و سیستم اکانتینگ من هم که ip 10.10.1.2 روش بود صفحه باز نمی کنه. چون این سیستم من ras server واسه خطوط آنالوگ من هم بود اونا هم صفحه باز نمی کنند. الان من هم کافیگ قبلی as و هم کافیگ جدید رو براتون می زارم ببینید مشکل چیه.

کانفیگ قبلی :
Current configuration : 7133 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname
!
enable secret
enable password
!
username password
spe 1/0 1/9
firmware location system:/ucode/mica_port_firmware
!
!
resource-pool disable
!
aaa new-model
!
!
aaa authentication ppp default none
aaa authentication ppp isputil group radius local
aaa authorization network isputil group radius local
aaa accounting update newinfo periodic 1
aaa accounting network isputil start-stop group radius
aaa pod server auth-type any server-key 123
aaa session-id common
ip subnet-zero
ip name-server 10.10.1.3
ip name-server 4.2.2.4
!
isdn switch-type primary-net5
!
!
!
controller E1 0
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
clock source line secondary 1
pri-group timeslots 1-31
!
controller E1 2
shutdown
clock source line secondary 2
!
controller E1 3
shutdown
clock source line secondary 3
!
controller E1 4
shutdown
clock source line secondary 4
!
controller E1 5
shutdown
clock source line secondary 5
!
controller E1 6
shutdown
clock source line secondary 6
!
controller E1 7
shutdown
clock source line secondary 7
!
!
interface Ethernet0
no ip address
ip access-group 150 in
!
interface Serial0
ip unnumbered FastEthernet0
ip access-group 151 in
ip nat outside
encapsulation ppp
load-interval 30
no fair-queue
!
interface Serial1
no ip address
shutdown
clockrate 2015232
no fair-queue
!
interface Serial2
no ip address
shutdown
clockrate 2015232
no fair-queue
!
interface Serial3
no ip address
shutdown
clockrate 2015232
no fair-queue
!
interface Serial0:15
ip unnumbered FastEthernet0
ip access-group 150 in
ip nat inside
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
isdn map address .* plan isdn type unknown
isdn calling-number 9710000
isdn send-alerting
isdn sending-complete
!
interface Serial1:15
ip unnumbered FastEthernet0
ip access-group 150 in
ip nat inside
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
isdn map address .* plan isdn type unknown
isdn calling-number 9710000
isdn send-alerting
isdn sending-complete
!
interface FastEthernet0
ip address 10.10.1.1 255.255.0.0 secondary
ip address 200.200.200.1 255.255.255.0 secondary
ip address 192.168.1.253 255.255.255.0 secondary
ip address 80.191.191.65 255.255.255.240
ip access-group 150 in
ip nat inside
no ip mroute-cache
duplex auto
speed auto
!
interface Group-Async1
ip unnumbered FastEthernet0
ip access-group 150 in
ip nat inside
encapsulation ppp
no ip route-cache
ip tcp header-compression
no ip mroute-cache
ip policy route-map Cache
async mode interactive
peer default ip address pool Lahij
no keepalive
compress mppc
ppp authentication pap isputil
ppp authorization isputil
ppp accounting isputil
group-range 1 120
!
ip local pool uuuuu 10.10.1.10 10.10.1.80
ip nat translation timeout 900
ip nat translation tcp-timeout 900
ip nat translation max-entries 5000
ip nat pool nat_inside 80.191.191.65 80.191.191.65 netmask 255.255.255.240
ip nat inside source list 110 pool nat_inside overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
access-list 15 permit 10.10.1.2
access-list 100 deny ip host 80.191.191.68 any
access-list 100 permit tcp 10.10.0.0 0.0.255.255 any eq www
access-list 110 deny ip any 10.10.0.0 0.0.255.255
access-list 110 deny ip any 200.200.200.0 0.0.0.255
access-list 110 deny ip any 80.191.191.64 0.0.0.15
access-list 110 permit ip 10.10.0.0 0.0.255.255 any
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 deny ip any any
access-list 150 deny tcp any eq 1034 any
access-list 150 deny tcp any eq 1080 any
access-list 150 deny tcp any eq 1214 any
access-list 150 deny tcp any eq 2535 any
access-list 150 deny tcp any eq 1433 any
access-list 150 deny tcp any eq 3127 any
access-list 150 deny tcp any eq 2745 any
access-list 150 deny tcp any eq 4444 any
access-list 150 deny udp any eq 1434 any
access-list 150 deny udp any range 135 netbios-ss any
access-list 150 deny tcp any range 1036 1037 any
access-list 150 deny tcp any any eq 81
access-list 150 deny tcp any any eq 445
access-list 150 deny tcp any any eq 1080
access-list 150 deny tcp any any eq ident
access-list 150 deny tcp any any eq 1214
access-list 150 deny tcp any any eq 2745
access-list 150 deny tcp any any eq 5101
access-list 150 deny tcp any any eq 5554
access-list 150 deny tcp any any eq 6129
access-list 150 deny tcp any any eq 9996
access-list 150 deny udp any any eq 1434
access-list 150 deny tcp any any eq 11768
access-list 150 deny tcp any any eq 15118
access-list 150 deny tcp any any range 1022 1025
access-list 150 deny tcp any any range 135 139
access-list 150 deny udp any any range 135 netbios-ss
access-list 150 permit ip any any
access-list 151 deny tcp any host 80.191.191.68 eq 3128
access-list 151 deny tcp any eq 1034 any
access-list 151 deny tcp any eq 1080 any
access-list 151 deny tcp any eq 1214 any
access-list 151 deny tcp any eq 2535 any
access-list 151 deny tcp any eq 1433 any
access-list 151 deny tcp any eq 3127 any
access-list 151 deny tcp any eq 2745 any
access-list 151 deny tcp any eq 4444 any
access-list 151 deny udp any eq 1434 any
access-list 151 deny udp any range 135 netbios-ss any
access-list 151 deny tcp any range 1036 1037 any
access-list 151 deny tcp any any eq 81
access-list 151 deny tcp any any eq 445
access-list 151 deny tcp any any eq 1080
access-list 151 deny tcp any any eq ident
access-list 151 deny tcp any any eq 1214
access-list 151 deny tcp any any eq 2745
access-list 151 deny tcp any any eq 5101
access-list 151 deny tcp any any eq 5554
access-list 151 deny tcp any any eq 6129
access-list 151 deny tcp any any eq 9996
access-list 151 deny udp any any eq 1434
access-list 151 deny tcp any any eq 11768
access-list 151 deny tcp any any eq 15118
access-list 151 deny tcp any any range 1022 1025
access-list 151 deny tcp any any range 135 139
access-list 151 deny udp any any range 135 netbios-ss
access-list 151 permit ip any any
route-map Cache permit 5
match ip address 131
match length 92 4096
set interface Null0
!
route-map Cache permit 10
match ip address 100
set ip next-hop 80.191.191.68
!
no snmp-server enable traps tty
radius-server host 10.10.1.2 auth-port 2222 acct-port 2223
radius-server retransmit 5
radius-server timeout 10
radius-server key 7
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
!
line con 0
line 1 120
exec-timeout 0 0
no flush-at-activation
modem Dialin
modem autoconfigure discovery
transport input all
transport output none
autoselect ppp
line aux 0
line vty 0 4
password
!
!
end

کانفیگ جدید:

Building configuration...
Current configuration : 5999 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname
!
enable secret
enable password
username password
spe 1/0 1/9
firmware location system:/ucode/mica_port_firmware
!
!
resource-pool disable
!
aaa new-model
!
!
aaa authentication ppp default none
aaa authentication ppp isputil group radius local
aaa authorization network isputil group radius local
aaa accounting update newinfo periodic 1
aaa accounting network isputil start-stop group radius
aaa pod server auth-type any server-key 123
aaa session-id common
ip subnet-zero
ip name-server 217.219.187.3
ip name-server 217.218.127.104
!
isdn switch-type primary-net5
!
!
!
controller E1 0
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
clock source line secondary 1
pri-group timeslots 1-31
!
controller E1 2
shutdown
clock source line secondary 2
!
controller E1 3
shutdown
clock source line secondary 3
!
controller E1 4
shutdown
clock source line secondary 4
!
controller E1 5
shutdown
clock source line secondary 5
!
controller E1 6
shutdown
clock source line secondary 6
!
controller E1 7
shutdown
clock source line secondary 7
!
!
interface Ethernet0
no ip address
ip access-group 150 in
!
interface Serial0
ip unnumbered FastEthernet0
ip access-group 151 in
ip nat outside
encapsulation ppp
load-interval 30
shutdown
clockrate 2015232
no fair-queue
!
interface Serial1
no ip address
shutdown
clockrate 2015232
no fair-queue
!
interface Serial2
no ip address
shutdown
clockrate 2015232
no fair-queue
!
interface Serial3
no ip address
shutdown
clockrate 2015232
no fair-queue
!
interface Serial0:15
ip unnumbered FastEthernet0
ip access-group 150 in
ip nat inside
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
isdn map address .* plan isdn type unknown
isdn calling-number 9710000
isdn send-alerting
isdn sending-complete
!
interface Serial1:
ip unnumbered FastEthernet0
ip access-group 150 in
ip nat inside
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
isdn map address .* plan isdn type unknown
isdn calling-number 9710000
isdn send-alerting
isdn sending-complete
!
interface FastEthernet0
ip address 10.10.1.1 255.255.255.0 secondary
ip address 89.144.148.2 255.255.255.192
ip access-group 150 in
ip nat outside
no ip mroute-cache
duplex auto
speed auto
!
interface Group-Async1
ip unnumbered FastEthernet0
ip access-group 150 in
ip nat inside
encapsulation ppp
no ip route-cache
ip tcp header-compression
no ip mroute-cache
ip policy route-map Cache
async mode interactive
peer default ip address pool Lahij
no keepalive
compress mppc
ppp authentication pap isputil
ppp authorization isputil
ppp accounting isputil
group-range 1 120
!
ip local pool uuuuu 10.10.1.10 10.10.1.80
ip nat translation timeout 900
ip nat translation tcp-timeout 900
ip nat translation max-entries 5000
ip nat pool nat_inside 89.144.148.5 89.144.148.7 netmask 255.255.255.192
ip nat inside source list 110 pool nat_inside overload
ip classless
ip route 0.0.0.0 0.0.0.0 89.144.148.1
no ip http server
!
!
access-list 15 permit 10.10.1.2
access-list 100 deny ip host 89.144.148.10 any
access-list 100 permit tcp 10.10.1.0 0.0.0.255 any eq www
access-list 101 deny ip host 89.144.148.11 any
access-list 101 permit tcp 10.10.2.0 0.0.0.255 any eq www
access-list 110 deny ip any 10.10.0.0 0.0.255.255
access-list 110 deny ip any 200.200.200.0 0.0.0.255
access-list 110 deny ip any 89.144.148.0 0.0.0.26
access-list 110 permit ip 10.10.0.0 0.0.255.255 any
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 deny ip any any
access-list 150 deny tcp any eq 1034 any
access-list 150 deny tcp any eq 1080 any
access-list 150 deny tcp any eq 1214 any
access-list 150 deny tcp any eq 2535 any
access-list 150 deny tcp any eq 1433 any
access-list 150 deny tcp any eq 3127 any
access-list 150 deny tcp any eq 2745 any
access-list 150 deny tcp any eq 4444 any
access-list 150 deny udp any eq 1434 any
access-list 150 deny udp any range 135 netbios-ss any
access-list 150 deny tcp any range 1036 1037 any
access-list 150 deny tcp any any eq 81
access-list 150 deny tcp any any eq 445
access-list 150 deny tcp any any eq 1080
access-list 150 deny tcp any any eq ident
access-list 150 deny tcp any any eq 1214
access-list 150 deny tcp any any eq 2745
access-list 150 deny tcp any any eq 5101
access-list 150 deny tcp any any eq 5554
access-list 150 deny tcp any any eq 6129
access-list 150 deny tcp any any eq 9996
access-list 150 deny udp any any eq 1434
access-list 150 deny tcp any any eq 11768
access-list 150 deny tcp any any eq 15118
access-list 150 deny tcp any any range 1022 1025
access-list 150 deny tcp any any range 135 139
access-list 150 deny udp any any range 135 netbios-ss
access-list 150 permit ip any any
route-map Cache permit 5
match ip address 131
match length 92 4096
set interface Null0
!
route-map Cache permit 10
match ip address 100
set ip next-hop 89.144.148.10
!
route-map Cache permit 15
match ip address 101
set ip next-hop 89.144.148.11
!
snmp-server enable traps tty
radius-server host 10.10.1.2 auth-port 2222 acct-port 2223
radius-server retransmit 5
radius-server timeout 10
radius-server key
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
!
line con 0
line 1 120
exec-timeout 0 0
no flush-at-activation
modem Dialin
modem autoconfigure discovery
transport input all
transport output none
autoselect ppp
line aux 0
line vty 0 4
password
!
!
end


خواهش می کنم یه کم حوصله کنید.
کمک بزرگی می کنید.
با تشکر