[cisco-ttl] 1841 Router Adsl Nat ve Access List ile ilgili

From: cmesut <cmesut_at_....>
Date: Mon Apr 17 2006 - 14:21:10 EEST


Merhaba asagida 1841 routerda Sdm 2.3 versiyon arayuz ile yapilan configte sadece ip adresi belirli bir mail serverin disardan (access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp)
 icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25)ulasilmasi istenmekte.Sanirim uygulanan access liste kacan bir sey var ki disardan baska mail serverlarda ulasabilmekte.

Yorumlayacak arkadaslara simdiden tesekkurlerimle..Herkese iyi calismalar.

!This is the running config of the router: 192.168.1.2
!----------------------------------------------------------------------------
!version 12.4

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption
service sequence-numbers
!

hostname HnetRouter
!

boot-start-marker
boot-end-marker
!

security authentication failure rate 3 log security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$sRDo$8yc7/TitiHkIsJeBhKB/8/
!

no aaa new-model
!

resource policy
!

clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!

ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.201 192.168.1.254
!

ip dhcp pool sdm-pool1

   import all
   network 192.168.1.0 255.255.255.0
   dns-server 195.175.37.14 195.175.37.69    default-router 192.168.1.2
!
!

no ip bootp server

ip domain name yourdomain.com
ip name-server 195.175.37.14
ip name-server 195.175.37.69

!

username cisco privilege 15 secret 5 $1$.5bA$XpNYReN7Pb2jiHvhQQD6t0
!
!
!

interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$  ip address 192.168.1.2 255.255.255.0
 ip access-group 105 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 ip tcp adjust-mss 1412
 duplex auto
 speed auto
 no mop enabled
!

interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!

interface ATM0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!

interface ATM0/0/0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!

interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname user@ttnet
 ppp chap password 123456
 ppp pap sent-username user@ttnet password 123456
!

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!

ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25

!

logging trap debugging

access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255

access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp access-list 105 permit ip any any

dialer-list 1 protocol ip permit
no cdp run
!

control-plane
!

banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!

line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!

scheduler allocate 4000 1000
end

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Mon Apr 17 15:34:06 2006

This archive was generated by hypermail 2.1.8 : Mon Apr 17 2006 - 15:34:07 EEST