Перейти из форума на сайт.

НовостиФайловые архивы
ПоискАктивные темыТоп лист
ПравилаКто в on-line?
Вход Забыли пароль? Первый раз на этом сайте? Регистрация
Компьютерный форум Ru.Board » Компьютеры » В помощь системному администратору » Настройка Cisco оборудования

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR

 Версия для печати • ПодписатьсяДобавить в закладки
На первую страницук этому сообщениюк последнему сообщению

Открыть новую тему     Написать ответ в эту тему

yuris

Member		Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname cisco2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 notifications
enable secret 5 ***************************
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authentication login mcmain-client local
aaa authentication login cisco_vpn local
aaa authentication ppp vpn-pptp local
aaa authorization exec default local  
aaa authorization network groupauthor local  
aaa authorization network mcmain-client local  
aaa authorization network vpn_group_1 local  
aaa authorization network cisco_vpn_group local  
!
!
aaa session-id common
clock timezone EKT 5
clock calendar-valid
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.0 192.168.2.80
ip dhcp excluded-address 192.168.2.99 192.168.2.130
!
ip dhcp pool LAN
   network 192.168.2.0 255.255.255.0
   domain-name domain.ru
   default-router 192.168.2.4  
   lease 0 8
!
!
ip name-server 212.33.224.131
ip name-server 212.33.225.211
ip ddns update method sdm_ddns1
 DDNS both
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 l2tp tunnel receive-window 1024
!
!
!
crypto pki trustpoint TP-self-signed-79581248
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-79581248
 revocation-check none
 rsakeypair TP-self-signed-79581248
!
!
!
!
username user privilege 15 secret 5 *******************
username user0 password 0 *******************
username user1 password 0 *******************
archive
 log config
  hidekeys
!  
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 6 cisco address 2.33.44.58
crypto isakmp key 6 cisco address 1.33.15.26
crypto isakmp key cisco address 2.33.23.202 no-xauth
crypto isakmp key 6 cisco address 5.1.2.82
crypto isakmp key 6 cisco address 2.33.22.148
crypto isakmp key cisco address 78.109.113.242 no-xauth
crypto isakmp key 6 cisco address 1.17.15.5
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 periodic
!
crypto isakmp client configuration group ciscovpn
 key gfhfljrc
 pool cisco-vpn-pool
 include-local-lan
 netmask 255.255.255.0
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ts_cisco esp-3des esp-md5-hmac  
crypto ipsec transform-set ts_cisco2 esp-3des esp-md5-hmac  
crypto ipsec transform-set vpntun esp-3des esp-sha-hmac  
crypto ipsec transform-set ciscovpn esp-3des esp-sha-hmac  
crypto ipsec transform-set aes128-sha esp-aes esp-sha-hmac  
crypto ipsec transform-set prm-rpn esp-3des esp-sha-hmac  
crypto ipsec transform-set ekt2 esp-3des esp-sha-hmac  
crypto ipsec transform-set dmvpn esp-3des esp-md5-hmac  
crypto ipsec df-bit clear
!
crypto ipsec profile VT
 set security-association lifetime seconds 3600
 set transform-set vpntun  
!
crypto ipsec profile dmvpn
 set security-association lifetime seconds 3600
 set transform-set dmvpn  
!
!
crypto map ciscovpn_1 client authentication list cisco_vpn
crypto map ciscovpn_1 isakmp authorization list cisco_vpn_group
crypto map ciscovpn_1 client configuration address respond
crypto map ciscovpn_1 20 ipsec-isakmp  
 set peer 2.33.23.202
 set transform-set prm-rpn  
 match address 105
crypto map ciscovpn_1 40 ipsec-isakmp  
 set peer 78.109.113.242
 set transform-set ekt2  
 match address 196
!
!
!
ip ssh authentication-retries 2
!
!
!
interface Tunnel0
 ip address 192.168.10.2 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp map 192.168.10.1 2.33.44.58
 ip nhrp map multicast 2.33.44.58
 ip nhrp network-id 1
 ip nhrp holdtime 400
 ip nhrp nhs 192.168.10.1
 ip tcp adjust-mss 1360
 ip ospf cost 10
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel path-mtu-discovery
 tunnel protection ipsec profile VT
!
interface Tunnel1
 ip address 192.168.11.2 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp map 192.168.11.1 5.1.2.82
 ip nhrp map multicast 5.1.2.82
 ip nhrp network-id 2
 ip nhrp holdtime 400
 ip nhrp nhs 192.168.11.1
 ip tcp adjust-mss 1360
 ip ospf cost 20
 tunnel source Dialer2
 tunnel mode gre multipoint
 tunnel path-mtu-discovery
 tunnel protection ipsec profile dmvpn
!
interface FastEthernet0/0
 description ISP1
 no ip address
 ip tcp adjust-mss 1380
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
 description ISP2
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 2
 no mop enabled
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Virtual-Template1  
 ip unnumbered Vlan1
 peer default ip address pool vpnpptp
 ppp encrypt mppe 128
 ppp authentication ms-chap ms-chap-v2 vpn-pptp
!
interface Vlan1
 description LAN
 ip address 192.168.2.4 255.255.255.0
 ip virtual-reassembly
!
interface Dialer1
 ip ddns update sdm_ddns1
 ip address negotiated
 ip mtu 1492
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ntp disable
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname *********
 ppp chap password 0 *********
 ppp ipcp route default
 crypto map ciscovpn_1
!
interface Dialer2
 ip ddns update sdm_ddns1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1452
 no ip mroute-cache
 dialer pool 2
 dialer-group 2
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname *********
 ppp chap password 0 *********
 crypto map ciscovpn_1
!
router ospf 100
 log-adjacency-changes
 network 192.168.2.0 0.0.0.255 area 0
 network 192.168.10.0 0.0.0.255 area 0
 network 192.168.11.0 0.0.0.255 area 0
!
ip local pool ippool 192.168.2.50 192.168.2.55
ip local pool vpnpptp 192.168.6.1 192.168.6.50
ip local pool cisco-vpn-pool 192.168.6.51 192.168.6.100
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2 10
ip route 5.1.2.82 255.255.255.255 Dialer2
ip route 192.168.4.0 255.255.255.0 192.168.4.4
ip route 192.168.5.0 255.255.255.0 192.168.4.4
ip route 192.168.20.0 255.255.255.0 192.168.4.4
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Vlan1 overload
!
access-list 20 remark --==NTP Clients==--
access-list 20 permit 192.168.0.0 0.0.0.255
access-list 20 deny   any
access-list 21 permit 62.173.138.130
access-list 21 permit 89.108.67.232
access-list 21 remark --==NTP Servers==--
access-list 21 permit 89.109.251.25
access-list 21 deny   any
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 105 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 105 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 111 permit ip host 212.33.228.244 host 2.33.44.58
access-list 175 deny   ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 175 deny   ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 175 deny   ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 175 deny   ip 192.168.2.0 0.0.0.255 192.168.70.0 0.0.0.255
access-list 175 deny   ip 192.168.2.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 175 deny   ip 192.168.2.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 175 permit ip 192.168.2.0 0.0.0.255 any
access-list 196 permit ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 196 permit ip 192.168.5.0 0.0.0.255 192.168.20.0 0.0.0.255
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 175
!
!
!
control-plane
!
Всего записей: 383 | Зарегистр. 19-11-2001 | Отправлено: 10:44 11-10-2016
Открыть новую тему     Написать ответ в эту тему

На первую страницук этому сообщениюк последнему сообщению

Компьютерный форум Ru.Board » Компьютеры » В помощь системному администратору » Настройка Cisco оборудования


Реклама на форуме Ru.Board.

Powered by Ikonboard "v2.1.7b" © 2000 Ikonboard.com
Modified by Ru.B0ard
© Ru.B0ard 2000-2024

BitCoin: 1NGG1chHtUvrtEqjeerQCKDMUi6S6CG4iC

Рейтинг.ru