نوشته اصلی توسط
darklove
Show Config
در حال حاضر کانفیگ روتر اینه
2621:
Building configuration...
Current configuration : 7963 bytes
!
version 12.2
service nagle
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
logging buffered 4096 debugging
no logging console
logging monitor warnings
aaa new-model
aaa authentication ppp default none
aaa authentication ppp isputil group radius local
aaa authorization network default none
aaa authorization network isputil group radius local
aaa accounting send stop-record authentication failure
aaa accounting update newinfo periodic 1
aaa accounting network default none
aaa accounting network isputil start-stop group radius
aaa pod server auth-type any server-key 123
enable secret 5 $iiiiiiiiiiiiiiiiiiiiiii.
enable password 7 1iiiiiiiiiiiiiiiiiiiiiiiiC
!
username iiiiiii privilege 5 password 7 uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
A1uuuu1
ip subnet-zero
no ip domain-lookup
ip name-server 217.218.127.104
ip name-server 4.2.2.4
ip name-server 192.9.9.3
!
async-bootp dns-server 192.9.9.3
!
interface FastEthernet0/0
ip address 217.219.1.1 255.255.255.224 secondary
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip policy route-map cache
load-interval 30
speed auto
full-duplex
no cdp enable
!
interface Serial0/0
ip unnumbered FastEthernet0/0
ip access-group 172 out
ip nat outside
encapsulation ppp
no ip mroute-cache
load-interval 30
no keepalive
no fair-queue
serial restart-delay 0
no cdp enable
!
interface Group-Async1
ip unnumbered FastEthernet0/0
ip access-group 173 in
ip nat inside
encapsulation ppp
ip tcp header-compression passive
ip policy route-map cache
load-interval 30
async default routing
async mode dedicated
peer default ip address pool Dial-up
ppp authentication pap isputil
ppp authorization isputil
ppp accounting isputil
group-range 33 62
!
interface Group-Async2
ip unnumbered FastEthernet0/0
ip access-group 173 in
ip nat inside
encapsulation ppp
ip tcp header-compression passive
ip policy route-map cache
load-interval 30
async default routing
async mode dedicated
peer default ip address pool Dial-up
ppp authentication pap isputil
ppp authorization isputil
ppp accounting isputil
group-range 63 64
!
ip local pool Dial-up 10.0.0.101 10.0.0.133
ip nat pool TCB 217.219.1.1 217.219.1.1 netmask 255.255.255.224
ip nat inside source list 102 pool TCB overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
ip http authentication local
!
logging 10.0.0.169
access-list 100 permit ip any any
access-list 102 remark <NAT>
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 102 remark <NAT>
access-list 105 deny ip host 217.219.1.2 any (ip cache sever)
access-list 105 permit tcp 10.0.0.0 0.0.0.255 any eq www
access-list 105 permit tcp 217.219.1.0 0.0.0.31 any eq www
access-list 128 permit tcp any any eq www
access-list 172 deny udp any any eq 1434
access-list 172 deny udp any any eq 1433
access-list 172 deny tcp any any eq 1434
access-list 172 deny tcp any any eq 1433
access-list 172 deny udp any eq 1434 any
access-list 172 deny udp any eq 1433 any
access-list 172 deny tcp any eq 1434 any
access-list 172 deny tcp any eq 1433 any
access-list 172 remark DENY BLASTER
access-list 172 deny udp any any eq tftp
access-list 172 deny tcp any any eq 135
access-list 172 deny udp any any eq 135
access-list 172 deny tcp any any eq 139
access-list 172 deny tcp any eq 139 any
access-list 172 deny udp any any eq netbios-ss
access-list 172 deny tcp any any eq 445
access-list 172 deny udp any any eq 445
access-list 172 deny tcp any any eq 593
access-list 172 deny tcp any any eq 4444
access-list 172 remark /DENY BLASTER
access-list 172 deny udp any any eq ntp
access-list 172 deny udp any any eq 995
access-list 172 deny udp any any eq 996
access-list 172 deny udp any any eq 997
access-list 172 deny udp any any eq 998
access-list 172 deny udp any any eq 999
access-list 172 deny udp any any eq 8998
access-list 172 deny udp any eq 8998 any
access-list 172 remark DENY ICMP
access-list 172 permit icmp any any
access-list 172 remark /DENY ICMP
access-list 172 remark /MAIL AND DOMAIN WEB SNMP
access-list 172 permit ip 217.219.1.0 0.0.0.31 any
access-list 172 permit ip 10.0.0.0 0.0.0.255 any
access-list 172 deny ip any any
access-list 173 remark FIREWALL-ASYNC
access-list 173 remark DENY SQL SLAMMER
access-list 173 deny udp any any eq 1434
access-list 173 deny udp any any eq 1433
access-list 173 deny tcp any any eq 1434
access-list 173 deny tcp any any eq 1433
access-list 173 remark /DENY SQL SLAMMER
access-list 173 remark DENY BLASTER & Sasser
access-list 173 deny udp any any eq tftp
access-list 173 deny tcp any any eq 135
access-list 173 deny udp any any eq 135
access-list 173 deny tcp any any eq 139
access-list 173 deny udp any any eq netbios-ss
access-list 173 deny tcp any any eq 445
access-list 173 deny udp any any eq 445
access-list 173 deny tcp any any eq 5554
access-list 173 deny tcp any any eq 9996
access-list 173 deny tcp any any eq 593
access-list 173 deny tcp any any eq 4444
access-list 173 remark /DENY BLASTER & Sasser
access-list 173 remark DENY SOBIG
access-list 173 deny udp any any eq ntp
access-list 173 deny udp any any eq 995
access-list 173 deny udp any any eq 996
access-list 173 deny udp any any eq 997
access-list 173 deny udp any any eq 998
access-list 173 deny udp any any eq 999
access-list 173 deny udp any any eq 8998
access-list 173 remark /DENY SOBIG
access-list 173 permit ip 217.219.1.0 0.0.0.31 any
access-list 173 permit ip 10.0.0.0 0.0.0.255 any
access-list 173 deny ip any any
no cdp run
route-map cache permit 2
match ip address 105
set ip next-hop 10.0.0.3
!
snmp-server community llllllll RW 15
snmp-server community lllllll RO
radius-server host 10.0.0.4 auth-port 2222 acct-port 2223
radius-server retransmit 5
radius-server timeout 10
radius-server key 7 kkkkkkkk
radius-server vsa send accounting
radius-server vsa send authentication
!
line con 0
line 33 52
login authentication dial-in
modem answer-timeout 10
modem InOut
modem autoconfigure type USR
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line 53 64
login authentication dial-in
modem answer-timeout 10
modem InOut
modem autoconfigure type default
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 102 in
password 7 12jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj4
line vty 5 15
access-class 102 in
!
end
2621:
الان آیزا در حالت کش کار میکنه اما میخوام نت هم به عهده آیزا باشه و از روی روتر غیر فعال بشه !!