نمایش نتایج: از شماره 1 تا 5 از مجموع 5

موضوع: NAT on as5300

  
  1. #1


    عضو غیر فعال
    تاریخ عضویت
    Oct 2004
    نوشته
    346
    سپاسگزاری شده
    13
    سپاسگزاری کرده
    13

    NAT on as5300

    سلام دوستان
    من یه اکسس سرور سیسکو دارم که هم نت میکنه هم گیت وی هست
    مشکل من اینه که توی lan روی IP های invalid اینترنت ندارم ول یوزرهای Dialup که وصل میشن میتونن از نت استفاده کنن
    من این IP رو به یه کلاینت لن دادم
    ip: 172.16.20.110
    net mask: 255.255.255.0
    gate way: 172.16.20.100

    --------------------------------------------------------------------------------------------------------------------------------------
    Building configuration...
    Current configuration : 5244 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    aaa new-model
    aaa authentication login default local group radius
    aaa authentication login no_tacacs line
    aaa authentication enable default enable group radius
    aaa authentication ppp default group radius
    aaa authorization exec default local group radius if-authenticated
    aaa authorization network default group radius local
    aaa accounting nested
    aaa accounting update newinfo
    aaa accounting exec default start-stop group radius
    aaa accounting network default start-stop group radius
    enable secret 5
    enable password 7
    !
    username x password 7
    spe 1/0 1/9
    firmware location system:/ucode/mica_port_firmware
    !
    !
    resource-pool disable
    !
    call rsvp-sync
    ip subnet-zero
    ip rcmd rsh-enable
    ip rcmd remote-host system 80.191.x.x system enable
    ip host nttac 80.191.x.x
    ip host aaa 80.191.x.x
    ip name-server 217.218.x.x
    ip name-server 217.218.x.x
    ip name-server 192.9.9.3
    !
    isdn switch-type primary-net5
    !
    !
    !
    !
    !
    fax interface-type modem
    mta receive maximum-recipients 0
    !
    controller E1 0
    framing NO-CRC4
    clock source line primary
    ds0-group 1 timeslots 1-15,17-31 type r2-digital
    !
    controller E1 1
    clock source line secondary 1
    pri-group timeslots 1-31
    !
    controller E1 2
    clock source line secondary 2
    pri-group timeslots 1-31
    !
    controller E1 3
    clock source line secondary 3
    pri-group timeslots 1-31
    !
    controller E1 4
    clock source line secondary 4
    !
    controller E1 5
    clock source line secondary 5
    !
    controller E1 6
    clock source line secondary 6
    !
    controller E1 7
    clock source line secondary 7
    !
    !
    !
    interface Ethernet0
    ip address 10.10.1.2 255.255.255.0
    shutdown
    !
    interface Serial0
    ip unnumbered FastEthernet0
    ip nat outside
    no ip mroute-cache
    no fair-queue
    !
    interface Serial1
    no ip address
    shutdown
    no fair-queue
    clock rate 2015232
    !
    interface Serial2
    no ip address
    shutdown
    no fair-queue
    clock rate 2015232
    !
    interface Serial3
    no ip address
    shutdown
    no fair-queue
    clock rate 2015232
    !
    interface Serial1:15
    ip unnumbered FastEthernet0
    encapsulation ppp
    ip tcp header-compression passive
    isdn switch-type primary-net5
    isdn incoming-voice modem
    isdn calling-number 9713200
    !
    interface Serial2:15
    no ip address
    encapsulation ppp
    ip tcp header-compression
    dialer rotary-group 10
    isdn switch-type primary-net5
    isdn incoming-voice modem
    isdn calling-number 9713200
    no cdp enable
    !
    interface Serial3:15
    ip unnumbered FastEthernet0
    encapsulation ppp
    ip tcp header-compression passive
    isdn switch-type primary-net5
    isdn incoming-voice modem
    isdn calling-number 9713200
    !
    interface FastEthernet0
    ip address 172.16.20.100 255.255.255.0 secondary
    ip address 80.191.x.x 255.255.255.252
    ip access-group 115 in
    no ip mroute-cache
    duplex full
    speed 100
    no cdp enable
    !
    interface Group-Async0
    ip unnumbered FastEthernet0
    ip nat inside
    encapsulation ppp
    ip tcp header-compression
    async default routing
    async mode interactive
    peer default ip address pool default
    ppp authentication pap chap ms-chap
    group-range 1 120
    !
    interface Dialer10
    ip unnumbered FastEthernet0
    encapsulation ppp
    no ip route-cache
    ip tcp header-compression
    no ip mroute-cache
    dialer in-band
    dialer idle-timeout 900
    peer default ip address pool default
    no cdp enable
    ppp authentication pap chap ms-chap
    ppp multilink
    !
    router rip
    network 10.0.0.0
    !
    ip local pool default 172.16.20.1 172.16.20.31
    ip nat pool nat_inside 80.191.x.x 80.191.x.x netmask 255.255.255.240
    ip nat inside source list 1 pool nat_inside overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0
    no ip http server
    ip pim bidir-enable
    !
    access-list 1 permit 172.16.20.0 0.0.0.31
    access-list 1 permit 172.16.20.0 0.0.0.254
    access-list 2 permit 172.16.20.100
    access-list 6 permit 80.191.x.x
    access-list 115 permit ip any any
    access-list 115 deny tcp any any eq 135
    access-list 115 deny udp any any eq 135
    access-list 115 deny udp any any eq netbios-ns
    access-list 115 deny udp any any eq netbios-dgm
    access-list 115 deny tcp any any eq 139
    access-list 115 deny udp any any eq netbios-ss
    access-list 115 deny tcp any any eq 445
    access-list 115 deny tcp any any eq 593
    access-list 115 deny tcp any any eq 4444
    access-list 115 deny udp any any eq 1434
    access-list 115 deny tcp any any eq 54283
    access-list 115 deny tcp any any eq 2773
    access-list 115 deny tcp any any eq 27374
    access-list 115 deny tcp any any eq 1243
    access-list 115 permit icmp 80.191.x.0 0.0.0.245 any
    access-list 115 permit icmp 80.191.x.0 0.0.0.242 any
    access-list 115 permit icmp any 80.191.x.0 0.0.0.245
    access-list 115 deny icmp any any
    snmp-server community compccd RW 6
    snmp-server community snmp-saeki RO 1
    !
    radius-server host 80.191x.x auth-port 1645 acct-port 1646
    radius-server retransmit 10
    radius-server key 7
    !
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    line 1 120
    session-timeout 10
    no flush-at-activation
    modem InOut
    modem autoconfigure type mica
    transport input all
    autoselect during-login
    autoselect ppp
    line aux 0
    line vty 0 4
    password 7
    !
    end
    Router#




    موضوعات مشابه:
    ویرایش توسط NetMaster : 2005-02-21 در ساعت 08:09 PM علت: Do not show your real IPs!





  2. #2


    عضو غیر فعال شناسه تصویری NetMaster
    تاریخ عضویت
    Jun 2004
    نوشته
    376
    سپاسگزاری شده
    5
    سپاسگزاری کرده
    0
    can you trace from LAN?

    if not, where does it stop?

    i c no reason for it not to work, though opening http://64.233.167.104/

    google should open.

    Good Luck




  3. #3


    عضو غیر فعال
    تاریخ عضویت
    Oct 2004
    نوشته
    346
    سپاسگزاری شده
    13
    سپاسگزاری کرده
    13
    i cant not trace ; trace stop on my gateway(80.191.224.240)
    and i cant ping any ip on internet sample:217.218.127.104 or 192.9.9.3



  4. #4


    عضو غیر فعال شناسه تصویری NetMaster
    تاریخ عضویت
    Jun 2004
    نوشته
    376
    سپاسگزاری شده
    5
    سپاسگزاری کرده
    0
    First, when you post, do not type your real IP.

    edit the list 1 and make it:

    no access-list 1 permit 172.16.20.0 0.0.0.31
    no access-list 1 permit 172.16.20.0 0.0.0.254
    access-list 1 permit 172.16.20.0 0.0.0.255

    Good Luck



  5. #5


    عضو غیر فعال
    تاریخ عضویت
    Oct 2004
    نوشته
    346
    سپاسگزاری شده
    13
    سپاسگزاری کرده
    13
    Tanx for help
    i make access-list1 access-list 1 permit 172.16.20.0 0.0.0.0.255
    on fastethernet 0
    ip nat inside( this commnad wasnt in previous configuration)
    Best regards



کلمات کلیدی در جستجوها:

nat کردن در روتر as5300

nat کردن در as5300 persiannetworks.com

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •