سلام دوستان
من یه اکسس سرور سیسکو دارم که هم نت میکنه هم گیت وی هست
مشکل من اینه که توی lan روی IP های invalid اینترنت ندارم ول یوزرهای Dialup که وصل میشن میتونن از نت استفاده کنن
من این IP رو به یه کلاینت لن دادم
ip: 172.16.20.110
net mask: 255.255.255.0
gate way: 172.16.20.100
--------------------------------------------------------------------------------------------------------------------------------------
Building configuration...
Current configuration : 5244 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
aaa new-model
aaa authentication login default local group radius
aaa authentication login no_tacacs line
aaa authentication enable default enable group radius
aaa authentication ppp default group radius
aaa authorization exec default local group radius if-authenticated
aaa authorization network default group radius local
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
enable secret 5
enable password 7
!
username x password 7
spe 1/0 1/9
firmware location system:/ucode/mica_port_firmware
!
!
resource-pool disable
!
call rsvp-sync
ip subnet-zero
ip rcmd rsh-enable
ip rcmd remote-host system 80.191.x.x system enable
ip host nttac 80.191.x.x
ip host aaa 80.191.x.x
ip name-server 217.218.x.x
ip name-server 217.218.x.x
ip name-server 192.9.9.3
!
isdn switch-type primary-net5
!
!
!
!
!
fax interface-type modem
mta receive maximum-recipients 0
!
controller E1 0
framing NO-CRC4
clock source line primary
ds0-group 1 timeslots 1-15,17-31 type r2-digital
!
controller E1 1
clock source line secondary 1
pri-group timeslots 1-31
!
controller E1 2
clock source line secondary 2
pri-group timeslots 1-31
!
controller E1 3
clock source line secondary 3
pri-group timeslots 1-31
!
controller E1 4
clock source line secondary 4
!
controller E1 5
clock source line secondary 5
!
controller E1 6
clock source line secondary 6
!
controller E1 7
clock source line secondary 7
!
!
!
interface Ethernet0
ip address 10.10.1.2 255.255.255.0
shutdown
!
interface Serial0
ip unnumbered FastEthernet0
ip nat outside
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
shutdown
no fair-queue
clock rate 2015232
!
interface Serial2
no ip address
shutdown
no fair-queue
clock rate 2015232
!
interface Serial3
no ip address
shutdown
no fair-queue
clock rate 2015232
!
interface Serial1:15
ip unnumbered FastEthernet0
encapsulation ppp
ip tcp header-compression passive
isdn switch-type primary-net5
isdn incoming-voice modem
isdn calling-number 9713200
!
interface Serial2:15
no ip address
encapsulation ppp
ip tcp header-compression
dialer rotary-group 10
isdn switch-type primary-net5
isdn incoming-voice modem
isdn calling-number 9713200
no cdp enable
!
interface Serial3:15
ip unnumbered FastEthernet0
encapsulation ppp
ip tcp header-compression passive
isdn switch-type primary-net5
isdn incoming-voice modem
isdn calling-number 9713200
!
interface FastEthernet0
ip address 172.16.20.100 255.255.255.0 secondary
ip address 80.191.x.x 255.255.255.252
ip access-group 115 in
no ip mroute-cache
duplex full
speed 100
no cdp enable
!
interface Group-Async0
ip unnumbered FastEthernet0
ip nat inside
encapsulation ppp
ip tcp header-compression
async default routing
async mode interactive
peer default ip address pool default
ppp authentication pap chap ms-chap
group-range 1 120
!
interface Dialer10
ip unnumbered FastEthernet0
encapsulation ppp
no ip route-cache
ip tcp header-compression
no ip mroute-cache
dialer in-band
dialer idle-timeout 900
peer default ip address pool default
no cdp enable
ppp authentication pap chap ms-chap
ppp multilink
!
router rip
network 10.0.0.0
!
ip local pool default 172.16.20.1 172.16.20.31
ip nat pool nat_inside 80.191.x.x 80.191.x.x netmask 255.255.255.240
ip nat inside source list 1 pool nat_inside overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
access-list 1 permit 172.16.20.0 0.0.0.31
access-list 1 permit 172.16.20.0 0.0.0.254
access-list 2 permit 172.16.20.100
access-list 6 permit 80.191.x.x
access-list 115 permit ip any any
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
access-list 115 deny udp any any eq netbios-ns
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq netbios-ss
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 593
access-list 115 deny tcp any any eq 4444
access-list 115 deny udp any any eq 1434
access-list 115 deny tcp any any eq 54283
access-list 115 deny tcp any any eq 2773
access-list 115 deny tcp any any eq 27374
access-list 115 deny tcp any any eq 1243
access-list 115 permit icmp 80.191.x.0 0.0.0.245 any
access-list 115 permit icmp 80.191.x.0 0.0.0.242 any
access-list 115 permit icmp any 80.191.x.0 0.0.0.245
access-list 115 deny icmp any any
snmp-server community compccd RW 6
snmp-server community snmp-saeki RO 1
!
radius-server host 80.191x.x auth-port 1645 acct-port 1646
radius-server retransmit 10
radius-server key 7
!
!
line con 0
exec-timeout 0 0
logging synchronous
line 1 120
session-timeout 10
no flush-at-activation
modem InOut
modem autoconfigure type mica
transport input all
autoselect during-login
autoselect ppp
line aux 0
line vty 0 4
password 7
!
end
Router#
موضوعات مشابه: