artemk
Full Member | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 172.17.1.1 172.17.1.62 ! ip dhcp pool main network 172.17.1.0 255.255.255.0 default-router 172.17.1.62 domain-name domain.local dns-server 172.17.1.19 172.17.1.58 ! ! interface FastEthernet0 no ip address duplex auto speed auto bridge-group 2 ! ! interface FastEthernet1 ! ! interface FastEthernet4 switchport trunk allowed vlan 1,2,16-19,613,1002-1005 switchport mode trunk ! ! interface Vlan1 ip address 172.17.1.62 255.255.255.0 ip flow ingress ip flow egress ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ! interface Vlan613 #new ISP ip address 1.2.3.4 255.255.255.248 ip access-group 170 in ip flow ingress ip flow egress ip nat outside ip virtual-reassembly crypto map Guestmap ! ! interface BVI2 #old ISP ip address 10.11.12.13 255.255.255.252 ip access-group 102 in ip mtu 1452 ip flow ingress ip flow egress ip nat outside ip virtual-reassembly crypto map Guestmap ! ip local pool ippool 7.30.30.1 7.30.30.9 ip route 0.0.0.0 0.0.0.0 1.2.3.3 ip route 0.0.0.0 0.0.0.0 10.11.12.12 50 ! ! no ip http server no ip http secure-server ip nat inside source route-map 111 interface Vlan613 overload ! access-list 101 deny ip any any log access-list 102 deny ip 0.0.0.0 0.255.255.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 deny ip 224.0.0.0 15.255.255.255 any access-list 102 deny ip 240.0.0.0 7.255.255.255 any access-list 102 deny ip 172.16.0.0 0.15.255.255 any access-list 102 deny ip 192.0.2.0 0.0.0.255 any access-list 102 deny ip 169.254.0.0 0.0.255.255 any access-list 102 permit udp host 212.85.158.10 any eq ntp access-list 102 permit udp host 195.13.1.153 any eq ntp access-list 102 permit udp host 213.112.52.107 any eq ntp access-list 102 permit udp host 207.46.232.182 any eq ntp access-list 102 permit tcp any any eq 3389 access-list 102 permit tcp any any eq 3900 access-list 102 permit udp any eq 87 any access-list 102 permit tcp any any eq smtp access-list 102 permit tcp any any eq pop3 access-list 102 permit tcp any any eq 1194 access-list 102 permit tcp any any eq ftp access-list 102 permit udp any any eq isakmp access-list 102 permit udp any any eq non500-isakmp access-list 102 permit tcp any any eq domain access-list 102 permit udp any any eq domain access-list 102 permit udp any eq domain any gt 1023 access-list 102 deny ip any any log access-list 117 deny ip 172.17.1.0 0.0.0.255 172.17.6.0 0.0.0.255 access-list 117 deny ip 172.17.1.0 0.0.0.255 10.10.100.0 0.0.0.255 access-list 117 permit tcp any any eq 87 access-list 117 permit udp any any eq 87 access-list 117 permit tcp host 172.17.1.61 any access-list 117 permit tcp any any eq smtp access-list 117 permit tcp any any eq pop3 access-list 117 permit tcp any any eq 9996 access-list 117 permit tcp any any eq 8000 access-list 117 permit tcp host 172.17.1.1 any access-list 117 permit tcp host 172.17.1.19 any access-list 117 permit udp host 172.17.1.19 any access-list 117 permit tcp host 172.17.1.58 any access-list 117 permit ip host 172.17.1.46 any access-list 117 permit udp host 172.17.1.58 host 87.241.223.68 access-list 117 permit udp host 172.17.1.58 host 81.17.2.171 access-list 117 permit udp host 172.17.1.58 host 207.46.232.182 eq ntp access-list 117 permit tcp host 172.17.1.55 host 195.160.232.195 access-list 117 permit tcp host 172.17.1.46 any eq 443 access-list 117 permit tcp host 172.17.1.10 any access-list 117 permit tcp host 172.17.1.67 any access-list 117 permit ip 172.17.18.0 0.0.0.255 any access-list 117 permit ip host 172.17.1.26 host 85.233.97.214 access-list 117 permit tcp host 172.17.1.5 host 195.160.232.195 access-list 117 permit tcp any any eq 443 access-list 117 permit tcp host 172.17.1.23 any access-list 117 permit udp host 172.17.1.18 host 8.8.8.8 access-list 117 permit udp host 172.17.1.18 host 87.241.223.68 access-list 117 permit tcp host 172.17.1.61 any eq smtp access-list 170 deny ip 0.0.0.0 0.255.255.255 any access-list 170 deny ip host 255.255.255.255 any access-list 170 deny ip 127.0.0.0 0.255.255.255 any access-list 170 deny ip 224.0.0.0 15.255.255.255 any access-list 170 deny ip 240.0.0.0 7.255.255.255 any access-list 170 deny ip 172.16.0.0 0.15.255.255 any access-list 170 deny ip 192.0.2.0 0.0.0.255 any access-list 170 deny ip 169.254.0.0 0.0.255.255 any access-list 170 permit tcp any host 1.2.3.4 gt 1024 access-list 170 permit icmp any any access-list 170 permit udp any any eq isakmp access-list 170 permit udp any any eq non500-isakmp access-list 170 permit tcp any any eq domain access-list 170 permit udp any any eq domain access-list 170 permit udp any eq domain any gt 1023 access-list 170 permit udp any any eq ntp access-list 170 permit tcp any any eq 3389 access-list 170 permit tcp any any eq 3900 access-list 170 permit udp any eq 87 any access-list 170 permit tcp any any eq smtp access-list 170 permit tcp any any eq pop3 access-list 170 permit tcp any any eq 1194 access-list 170 permit tcp any any eq ftp access-list 170 deny ip any any log ! ! ! route-map 111 permit 10 match ip address 1 117 match interface Vlan613 #тут просто сменил интерфейс со старого на новый ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip privilege exec level 1 enable ! line con 0 line aux 0 line vty 0 4 ! |