[Cisco] Чистый Конфиг Cisco для использования с NAT
Так вот сохраню на всякий случай; мало ли понадобится когда нибудь
В этом конфиге все готово.
!
! Last configuration change at 06:53:43 UTC Fri Apr 10 2009 by mrwho
! NVRAM config last updated at 06:53:44 UTC Fri Apr 10 2009 by mrwho
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco-Test
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone MSK 3
ip cef
!
!
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
ip rcmd rcp-enable
ip rcmd rsh-enable
ip rcmd remote-host mngr 10.20.20.20 root enable
!
!
interface FastEthernet0/0
description INSIDE
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip route-cache policy
no ip route-cache cef
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/1
description OUTSIDE
ip address 10.10.10.10 255.255.255.252
ip nat outside
ip route-cache policy
ip route-cache flow
no ip mroute-cache
speed auto
duplex auto
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.10.9
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 192.168.0.2 7223
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool NatPool 10.10.10.10 10.10.10.10 netmask 255.255.255.252
ip nat inside source list 1 pool NatPool overload
ip nat inside source static tcp 192.168.0.2 22 213.243.91.70 22 extendable
ip nat inside source static tcp 192.168.0.2 80 213.243.91.70 80 extendable
ip nat inside source static tcp 192.168.0.2 3306 213.243.91.70 3306 extendable
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 110 permit tcp any any eq www
access-list 110 permit tcp any any eq ftp
access-list 110 permit tcp any any eq ftp-data
access-list 110 deny tcp any any eq 135
access-list 110 deny tcp any any eq 137
access-list 110 deny tcp any any eq 138
access-list 110 deny tcp any any eq 445
access-list 110 deny tcp any any eq 1433
access-list 110 deny tcp any any eq 1434
access-list 110 deny udp any any eq 135
access-list 110 deny udp any any eq netbios-ns
access-list 110 deny udp any any eq netbios-dgm
access-list 110 deny udp any any eq 445 log-input
access-list 110 deny udp any any eq 1433 log-input
access-list 110 deny udp any any eq 1434 log-input
access-list 110 permit ip any any
access-list 123 permit tcp any any eq www
access-list 123 permit tcp any any eq ftp
access-list 123 permit tcp any any eq ftp-data
access-list 123 deny tcp any any eq smtp
access-list 123 deny tcp any any eq 135
access-list 123 deny tcp any any eq 137
access-list 123 deny tcp any any eq 138
access-list 123 deny tcp any any eq 445
access-list 123 deny udp any any eq 135
access-list 123 deny udp any any eq netbios-ns
access-list 123 deny udp any any eq netbios-dgm
access-list 123 deny udp any any eq 445 log-input
access-list 123 permit ip any any
snmp-server community xamlo RO 11
snmp-server ifindex persist
snmp-server enable traps tty
!
!
control-plane
!
banner login
_ _
|_| |_|
| | /^^^\ | |
_| |_ (| "o" |) _| |_
| | | | _ (_---_) _ | | | |_
| | | | |' | _| |_ | `| | | | |
| | / \ | |
\ / / /(. .)\ \ \ /
\ / / / | . | \ \ \ /
\ \/ / ||Y|| \ \/ /
\__/ || || \__/
() ()
|| ||
ooO Ooo
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17178321
ntp server 195.2.64.5 version 2
ntp server 194.186.254.22 version 2
end