forum.opennet.ru

Составление сообщения

Исходное сообщение

"Загрузка CPU при вводе в действие NAT на 7206"
Отправлено Mike, 13-Авг-07 13:07

да
fvpn#sh run
Building configuration...
Current configuration : 7464 bytes
!
upgrade fpd auto
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname fvpn
!
boot-start-marker
boot system flash disk2:c7200p-adventerprisek9-mz.124-4.XD7.bin
boot-end-marker
!
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login console enable
aaa authentication login vty local
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
!
resource policy
!
clock timezone Moscow 4
ip subnet-zero
ip cef
!
!
!
!
ip domain name fryazino.net
ip name-server 62.140.253.2
no ip rcmd domain-lookup
ip rcmd rcp-enable
ip rcmd rsh-enable
ip rcmd remote-host xxxxxxxx 192.168.0.2 root enable
ip rcmd source-interface GigabitEthernet0/3
vpdn enable
vpdn source-ip 192.168.2.1
vpdn aaa attribute nas-ip-address vpdn-nas
vpdn tunnel authorization virtual-template 1
vpdn tunnel authorization network default
vpdn session accounting network default
vpdn session-limit 20050
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
local name vpnauth
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-35519589
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-35519589
revocation-check none
rsakeypair TP-self-signed-35519589
!
!
crypto pki certificate chain TP-self-signed-35519589
certificate self-signed 01
  xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
  xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
  xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
  quit
username xxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
archive
log config
  hidekeys
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.0.1 255.240.0.0
ip nat inside
ip virtual-reassembly
ip route-cache policy
!
interface GigabitEthernet0/1
ip address 62.140.253.8 255.255.255.240
ip nat outside
ip virtual-reassembly
ip route-cache policy
ip ospf authentication
ip ospf authentication-key 7 12001105171C1D
ip ospf network broadcast
ip ospf cost 1
ip ospf priority 0
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface FastEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.2.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache policy
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
ip address 192.168.0.1 255.255.255.0
no ip proxy-arp
ip route-cache policy
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback0
ip access-group 150 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache policy
no peer default ip address
ppp authentication chap
!
router ospf 1
router-id 62.140.253.5
log-adjacency-changes
area 0.0.0.2 authentication
redistribute connected subnets
network 62.140.252.0 0.0.0.127 area 0.0.0.2
network 62.140.253.0 0.0.0.15 area 0.0.0.2
network 88.84.198.0 0.0.0.15 area 0.0.0.2
distribute-list 2 out connected
!
ip default-gateway 62.140.253.1
ip classless
ip route 0.0.0.0 0.0.0.0 62.140.253.1
ip route 192.168.0.0 255.255.0.0 192.168.2.250
no ip http server
no ip http secure-server
!
ip flow-export source GigabitEthernet0/3
ip flow-export version 5
ip flow-export destination 192.168.0.2 9996
!
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 240
ip nat translation finrst-timeout 30
ip nat translation dns-timeout 45
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp xxx.xxx.xxx.xxx 443 62.140.253.8 443 extendable
!
logging alarm informational
access-list 1 permit 192.168.2.10
access-list 1 permit 192.168.2.2
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 2 permit 62.140.252.0 0.0.0.127
access-list 2 permit 88.84.198.0 0.0.0.15
access-list 150 permit ip 172.16.0.0 0.15.255.255 host 172.16.0.1
access-list 150 deny   ip 62.140.252.0 0.0.0.127 192.168.0.0 0.0.255.255
access-list 150 deny   ip 88.84.198.0 0.0.0.15 192.168.0.0 0.0.255.255
access-list 150 deny   ip 172.16.0.0 0.15.255.255 172.16.0.0 0.15.255.255
access-list 150 deny   ip 172.16.0.0 0.15.255.255 192.168.0.0 0.0.255.255
access-list 150 deny   tcp any any range 135 139
access-list 150 deny   tcp any any eq 445
access-list 150 deny   udp any any eq 80
access-list 150 deny   udp any any range 135 netbios-ss
access-list 150 permit ip any any
access-list 151 deny   tcp any host 62.140.253.5 eq 22
access-list 151 deny   tcp any host 80.252.132.117 eq 22
access-list 151 permit ip any any
access-list 151 permit tcp any any
access-list 151 permit udp any any
access-list 151 permit icmp any any
snmp-server community xxxxxxxx RO
snmp-server host xxx.xxx.xxx.xxx version 2c trapmanager aaa_server config cpu syslog
!
!
!
radius-server attribute 44 include-in-access-req
radius-server attribute 44 extend-with-addr
no radius-server attribute 77 include-in-access-req
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 30 original-called-number
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
radius-server retry method reorder
radius-server transaction max-tries 6
radius-server retransmit 0
radius-server key 7 xxxxxxxx
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
!
!
!
gateway
timer receive-rtp 1200
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 30 0
privilege level 15
password 7 xxxxxxxx
transport input ssh
line vty 5 15
exec-timeout 30 0
privilege level 15
transport input telnet ssh
!
ntp clock-period 17180887
ntp peer 192.168.2.20
!
end
Есть вопрос по timeout
fvpn#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
fvpn(config)#ip nat translation timeout ?
  <0-536870>  Timeout in seconds
  never       Never timeout
fvpn(config)#ip nat translation timeout
Что значит "Never timeout"
Никогда не умирать?
Это означает, что всегда будут висеть записи или что их убивать сразу без timeout?

Исходное сообщение
"Загрузка CPU при вводе в действие NAT на 7206" Отправлено Mike, 13-Авг-07 13:07
да fvpn#sh run Building configuration... Current configuration : 7464 bytes ! upgrade fpd auto version 12.4 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname fvpn ! boot-start-marker boot system flash disk2:c7200p-adventerprisek9-mz.124-4.XD7.bin boot-end-marker ! enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ! aaa new-model ! ! aaa authentication login default local aaa authentication login console enable aaa authentication login vty local aaa authentication ppp default group radius aaa authorization network default group radius aaa accounting network default start-stop group radius ! aaa session-id common ! resource policy ! clock timezone Moscow 4 ip subnet-zero ip cef ! ! ! ! ip domain name fryazino.net ip name-server 62.140.253.2 no ip rcmd domain-lookup ip rcmd rcp-enable ip rcmd rsh-enable ip rcmd remote-host xxxxxxxx 192.168.0.2 root enable ip rcmd source-interface GigabitEthernet0/3 vpdn enable vpdn source-ip 192.168.2.1 vpdn aaa attribute nas-ip-address vpdn-nas vpdn tunnel authorization virtual-template 1 vpdn tunnel authorization network default vpdn session accounting network default vpdn session-limit 20050 ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 local name vpnauth ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-35519589 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-35519589 revocation-check none rsakeypair TP-self-signed-35519589 ! ! crypto pki certificate chain TP-self-signed-35519589 certificate self-signed 01 xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx quit username xxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx archive log config hidekeys ! ! ! ! ! ! ! interface Loopback0 ip address 172.16.0.1 255.240.0.0 ip nat inside ip virtual-reassembly ip route-cache policy ! interface GigabitEthernet0/1 ip address 62.140.253.8 255.255.255.240 ip nat outside ip virtual-reassembly ip route-cache policy ip ospf authentication ip ospf authentication-key 7 12001105171C1D ip ospf network broadcast ip ospf cost 1 ip ospf priority 0 duplex auto speed auto media-type rj45 negotiation auto ! interface FastEthernet0/2 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/2 ip address 192.168.2.1 255.255.255.0 no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache policy duplex auto speed auto media-type rj45 negotiation auto ! interface GigabitEthernet0/3 ip address 192.168.0.1 255.255.255.0 no ip proxy-arp ip route-cache policy duplex auto speed auto media-type rj45 negotiation auto ! interface Virtual-Template1 ip unnumbered Loopback0 ip access-group 150 in no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat inside ip virtual-reassembly ip route-cache policy no peer default ip address ppp authentication chap ! router ospf 1 router-id 62.140.253.5 log-adjacency-changes area 0.0.0.2 authentication redistribute connected subnets network 62.140.252.0 0.0.0.127 area 0.0.0.2 network 62.140.253.0 0.0.0.15 area 0.0.0.2 network 88.84.198.0 0.0.0.15 area 0.0.0.2 distribute-list 2 out connected ! ip default-gateway 62.140.253.1 ip classless ip route 0.0.0.0 0.0.0.0 62.140.253.1 ip route 192.168.0.0 255.255.0.0 192.168.2.250 no ip http server no ip http secure-server ! ip flow-export source GigabitEthernet0/3 ip flow-export version 5 ip flow-export destination 192.168.0.2 9996 ! ip nat translation timeout 3600 ip nat translation tcp-timeout 3600 ip nat translation udp-timeout 240 ip nat translation finrst-timeout 30 ip nat translation dns-timeout 45 ip nat inside source list 1 interface GigabitEthernet0/1 overload ip nat inside source static tcp xxx.xxx.xxx.xxx 443 62.140.253.8 443 extendable ! logging alarm informational access-list 1 permit 192.168.2.10 access-list 1 permit 192.168.2.2 access-list 1 permit 172.16.0.0 0.15.255.255 access-list 2 permit 62.140.252.0 0.0.0.127 access-list 2 permit 88.84.198.0 0.0.0.15 access-list 150 permit ip 172.16.0.0 0.15.255.255 host 172.16.0.1 access-list 150 deny ip 62.140.252.0 0.0.0.127 192.168.0.0 0.0.255.255 access-list 150 deny ip 88.84.198.0 0.0.0.15 192.168.0.0 0.0.255.255 access-list 150 deny ip 172.16.0.0 0.15.255.255 172.16.0.0 0.15.255.255 access-list 150 deny ip 172.16.0.0 0.15.255.255 192.168.0.0 0.0.255.255 access-list 150 deny tcp any any range 135 139 access-list 150 deny tcp any any eq 445 access-list 150 deny udp any any eq 80 access-list 150 deny udp any any range 135 netbios-ss access-list 150 permit ip any any access-list 151 deny tcp any host 62.140.253.5 eq 22 access-list 151 deny tcp any host 80.252.132.117 eq 22 access-list 151 permit ip any any access-list 151 permit tcp any any access-list 151 permit udp any any access-list 151 permit icmp any any snmp-server community xxxxxxxx RO snmp-server host xxx.xxx.xxx.xxx version 2c trapmanager aaa_server config cpu syslog ! ! ! radius-server attribute 44 include-in-access-req radius-server attribute 44 extend-with-addr no radius-server attribute 77 include-in-access-req radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 30 original-called-number radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 radius-server retry method reorder radius-server transaction max-tries 6 radius-server retransmit 0 radius-server key 7 xxxxxxxx radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! ! ! ! ! gateway timer receive-rtp 1200 ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 30 0 privilege level 15 password 7 xxxxxxxx transport input ssh line vty 5 15 exec-timeout 30 0 privilege level 15 transport input telnet ssh ! ntp clock-period 17180887 ntp peer 192.168.2.20 ! end Есть вопрос по timeout fvpn#configure terminal Enter configuration commands, one per line. End with CNTL/Z. fvpn(config)#ip nat translation timeout ? <0-536870> Timeout in seconds never Never timeout fvpn(config)#ip nat translation timeout Что значит "Never timeout" Никогда не умирать? Это означает, что всегда будут висеть записи или что их убивать сразу без timeout?

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру