cRYSMAS
Junior Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
gw2921#sh run
Building configuration...
Current configuration : 10772 bytes
!
! Last configuration change at 12:52:25 Ukraine Wed Sep 28 2016 by crysmas
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname gw2921
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 *************
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp VPDN-AUTH local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
ip domain lookup source-interface GigabitEthernet0/1.1570
ip domain name *.com
ip host *.com *.*.*.41
ip name-server *.*.*.5
ip name-server *.*.*.9
ip name-server 8.8.8.8
ip inspect name Inter http timeout 3600
ip inspect name Inter https timeout 3600
ip inspect name Inter smtp timeout 3600
ip inspect name Inter udp timeout 3600
ip inspect name Inter tcp timeout 3600
ip inspect name Inter pop3 timeout 3600
ip inspect name Inter ftp timeout 3600
ip inspect name Inter dns timeout 3600
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
async-bootp dns-server 10.2.10.3 10.2.10.4
vpdn enable
!
vpdn-group PPTP
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
session-limit 2
!
!
!
!
license udi pid CISCO2921/K9 sn *
!
!
username Smurfik privilege 15 secret 5 *.
username cRYSMAS privilege 15 secret 5 *
username usvpn password 7 02575608
username usvpn aaa attribute list VPDN-AUTH
!
redundancy
!
!
!
!
!
ip ssh maxstartups 2
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Inside SW3560
bandwidth 10000
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.9
encapsulation dot1Q 9
no cdp enable
!
interface GigabitEthernet0/0.10
description Ins_SW3560_VL10
encapsulation dot1Q 10
ip address 10.2.10.2 255.255.255.0
ip access-group Ins_Inter in
ip nat inside
ip inspect Inter in
ip virtual-reassembly in
no cdp enable
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
no cdp enable
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
no cdp enable
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
no cdp enable
!
interface GigabitEthernet0/0.60
encapsulation dot1Q 60
no cdp enable
!
interface GigabitEthernet0/0.61
encapsulation dot1Q 61
no cdp enable
!
interface GigabitEthernet0/0.70
encapsulation dot1Q 70
no cdp enable
!
interface GigabitEthernet0/0.80
description Mala Viska
encapsulation dot1Q 80
no cdp enable
!
interface GigabitEthernet0/0.81
encapsulation dot1Q 81
no cdp enable
!
interface GigabitEthernet0/0.82
encapsulation dot1Q 82
no cdp enable
!
interface GigabitEthernet0/0.90
encapsulation dot1Q 90
no cdp enable
!
interface GigabitEthernet0/0.100
no cdp enable
!
interface GigabitEthernet0/0.192
description lan 3560
encapsulation dot1Q 192
ip address 192.168.1.28 255.255.248.0
no cdp enable
!
interface GigabitEthernet0/0.1570
encapsulation dot1Q 1570
ip virtual-reassembly in
no cdp enable
!
interface GigabitEthernet0/1
bandwidth 10000
no ip address
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.2.30.2 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 10.2.40.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 10.2.50.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.60
encapsulation dot1Q 60
ip address 10.2.60.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.61
encapsulation dot1Q 61
ip address 10.2.61.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.70
encapsulation dot1Q 70
ip address 10.2.70.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.80
encapsulation dot1Q 80
ip address 10.2.80.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.81
encapsulation dot1Q 81
ip address 10.2.81.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.82
encapsulation dot1Q 82
ip address 10.2.82.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.90
encapsulation dot1Q 90
ip address 10.2.90.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.91
encapsulation dot1Q 91
ip address 10.2.91.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.100
encapsulation dot1Q 100
ip address 10.2.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.110
encapsulation dot1Q 110
ip address 10.2.110.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.120
encapsulation dot1Q 120
ip address 10.2.120.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.121
encapsulation dot1Q 121
ip address 10.2.121.1 255.255.255.0
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.192
description ST
encapsulation dot1Q 192
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/1.1570
description Outside
encapsulation dot1Q 1570
ip address *.*.*.162 255.255.255.252
ip access-group Outside in
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
no ip route-cache
no cdp enable
!
interface GigabitEthernet0/2
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2.10
description UAG.10
encapsulation dot1Q 3 native
ip address 192.170.1.1 255.255.255.252
ip access-group Ins_Inter in
ip nat inside
ip inspect Inter in
ip virtual-reassembly in
no cdp enable
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1.1570
peer default ip address pool PPTP-POOL
no keepalive
ppp max-bad-auth 2
ppp mtu adaptive
ppp encrypt mppe 128 required
ppp authentication ms-chap-v2 VPDN-AUTH
!
!
router eigrp 30
network 10.2.10.0 0.0.0.255
network 10.2.16.0 0.0.7.255
network 10.2.20.0 0.0.0.255
network 10.2.30.0 0.0.0.255
network 10.2.40.0 0.0.0.255
network 10.2.50.0 0.0.0.255
network 10.2.60.0 0.0.0.255
network 10.2.61.0 0.0.0.255
network 10.2.70.0 0.0.0.255
network 10.2.80.0 0.0.0.255
network 10.2.81.0 0.0.0.255
network 10.2.82.0 0.0.0.255
network 10.2.90.0 0.0.0.255
network 10.2.91.0 0.0.0.255
network 10.2.100.0 0.0.0.255
network 10.2.110.0 0.0.0.255
network 10.2.120.0 0.0.0.255
network 10.2.121.0 0.0.0.255
network 10.10.1.0 0.0.0.255
network *.*.*.0 0.0.0.3
network 192.168.0.0 0.0.7.255
network 192.168.9.0 0.0.0.3
network 192.170.1.0 0.0.0.3
!
router ospf 28
network 10.2.10.0 0.0.0.255 area 0
network 10.2.20.0 0.0.0.255 area 0
network 10.2.30.0 0.0.0.255 area 0
network 10.2.40.0 0.0.0.255 area 0
network 10.2.50.0 0.0.0.255 area 0
network 10.2.60.0 0.0.0.255 area 0
network 10.2.70.0 0.0.0.255 area 0
network 10.2.80.0 0.0.0.255 area 0
network 10.2.90.0 0.0.0.255 area 0
network 10.2.100.0 0.0.0.255 area 0
network 10.2.110.0 0.0.0.255 area 0
network 10.2.120.0 0.0.0.255 area 0
network 192.168.0.0 0.0.7.255 area 0
!
router bgp 30
bgp log-neighbor-changes
!
ip local pool PPTP-POOL 192.170.10.10 192.170.10.100
ip default-gateway *.*.*.161
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1.1570 overload
ip nat inside source list 1570 interface GigabitEthernet0/1.1570 overload
ip nat inside source list NAT interface GigabitEthernet0/1.1570 overload
ip nat inside source static tcp 10.2.10.100 80 *.*.*.162 80 extendable
ip nat inside source static tcp 10.2.10.31 778 80 *.*.*.162 778 extendable
ip nat inside source static tcp 192.170.1.2 4090 80 *.*.*.162 4090 extendable
ip nat inside source static udp 192.170.1.2 4090 80 *.*.*.162 4090 extendable
ip default-network 10.2.10.0
ip route 0.0.0.0 0.0.0.0 *.*.*.162
ip route 192.168.12.0 255.255.255.0 192.168.1.27
ip route 192.168.25.0 255.255.255.0 192.168.1.254
!
ip access-list extended Ins_SW3560_VL10
permit tcp 10.2.10.0 0.0.0.255 any
permit udp 10.2.10.0 0.0.0.255 any
permit icmp 10.2.10.0 0.0.0.255 any
permit tcp host *.*.*.162 host 192.168.5.37 eq www
permit udp host *.*.*.162 host 192.168.5.37 eq 80
permit tcp host *.*.*.162 host 192.170.1.2 eq 1723
ip access-list extended Outside
permit icmp any host *.*.*.162 unreachable
permit icmp any host *.*.*.162 echo
permit icmp any host *.*.*.162 echo-reply
permit icmp any host *.*.*.162 packet-too-big
permit icmp any host *.*.*.162 time-exceeded
permit icmp any host *.*.*.162 traceroute
permit icmp any host *.*.*.162 administratively-prohibited
permit tcp any host *.*.*.162 eq www
permit tcp any host *.*.*.162 eq 778
permit tcp any host *.*.*.162 eq 4090
permit udp any host *.*.*.162 eq 4090
permit tcp any host *.*.*.162 eq 1723
deny ip any any log
!
no cdp run
!
!
snmp-server community * RO
snmp-server host 192.168.5.30 *
tftp-server flash:cpconfig-2921-04122014.cfg
access-list 1 permit 10.2.16.0 0.0.0.255
access-list 1570 permit 10.2.0.0 0.0.31.255
access-list 1570 permit 192.170.1.0 0.0.0.3
access-list 1570 permit 10.2.16.0 0.0.7.255
access-list 111 remark NTP SERVER
!
!
!
control-plane
!
!
!
line con 0
password 7 *
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 *
transport input all
line vty 5 1114
password 7 *
transport input all
!
scheduler allocate 20000 1000
!
end
|
Всего записей: 137 | Зарегистр. 18-03-2011 | Отправлено: 13:33 28-09-2016 | Исправлено: cRYSMAS, 13:34 28-09-2016 |
|
