>>или ты про сторонний, не на циске прокси
>
>покажи #sho run {fa0/0 fa0/1}
>#sho run | i ip interface FastEthernet0/0
description connect to sclad
ip address 192.168.xxx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
end
interface FastEthernet0/1
description Connect Internet
ip address 2xx.xxx.xxx.xxx 255.255.255.248
ip access-group in1 in
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
end
ip subnet-zero
ip cef
ip dhcp use vrf connected
ip dhcp pool TeVadI
ip flow-cache timeout inactive 60
ip flow-cache timeout active 10
ip name-server 212.49.96.129
ip name-server 212.49.96.101
no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host netams 192.168.xxx.xxx root enable
crypto ipsec transform-set TUNNEL esp-3des esp-sha-hmac
crypto ipsec profile P1
description -==sclad==-
ip unnumbered Vlan200
no ip redirects
no ip proxy-arp
tunnel protection ipsec profile P1
ip unnumbered Vlan200
no ip redirects
no ip proxy-arp
tunnel protection ipsec profile P1
no ip address
description connect to catalyst TRANK
ip address 192.168.xxx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
description Connect Internet
ip address 2xx.xxx.xxx.xxx 255.255.255.248
ip access-group in1 in
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
description to lan
no ip address
no ip address
ip address 192.168.xxx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 2xx.xxx.xxx.xxx
ip route 192.168.xxx.xxx 255.255.255.0 Tunnel101
ip route 192.168.xxx.xxx 255.255.255.128 Tunnel102
ip route 192.168.xxx.xxx 255.255.255.0 (внешний серый IP)
ip dns server
ip dns spoofing
ip flow-export source FastEthernet0/1/0
ip flow-export version 5 origin-as
ip flow-export destination 192.168.xxx.xxx (port)
ip flow-top-talkers
no ip http server
ip http authentication aaa
no ip http secure-server
ip nat inside source list NATUsers interface FastEthernet0/1 overload
ip nat inside source static tcp (внешний pop) 110 interface FastEthernet0/0 110
ip nat inside source static tcp (внешний smtp) 25 interface FastEthernet0/0 25
ip nat inside source static tcp 192.168.xxx.xxx 3389 interface FastEthernet0/0 3389
ip nat inside source static tcp 192.168.xxx.xxx 5222 interface FastEthernet0/1 5222
ip access-list extended NATUsers
deny ip 192.168.xxx.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.xxx.0 0.0.0.255 172.16.0.0 0.15.255.255
deny ip host 192.168.xxx.0 192.168.0.0 0.0.255.255
permit ip 192.168.xxx.0 0.0.0.255 any
permit ip 192.168.xxx.0 0.0.0.255 any
ip access-list extended in1
deny ip host 2xx.xxx.xxx.xxx any
deny ip 0.0.0.0 1.255.255.255 any
deny ip 2.0.0.0 0.255.255.255 any
deny ip 5.0.0.0 0.255.255.255 any
deny ip 14.0.0.0 0.255.255.255 any
deny ip 23.0.0.0 0.255.255.255 any
deny ip 27.0.0.0 0.255.255.255 any
deny ip 31.0.0.0 0.255.255.255 any
deny ip 36.0.0.0 1.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 42.0.0.0 0.255.255.255 any
deny ip 46.0.0.0 0.255.255.255 any
deny ip 49.0.0.0 0.255.255.255 any
deny ip 50.0.0.0 0.255.255.255 any
deny ip 100.0.0.0 3.255.255.255 any
deny ip 104.0.0.0 7.255.255.255 any
deny ip 112.0.0.0 1.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 173.0.0.0 0.255.255.255 any
deny ip 174.0.0.0 1.255.255.255 any
deny ip 176.0.0.0 7.255.255.255 any
deny ip 184.0.0.0 1.255.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 65.105.140.210 any
deny ip host 62.105.149.114 any
deny ip host 212.44.136.194 any
deny ip host 212.119.216.134 any
deny ip host 93.186.228.129 any
deny ip host 93.186.228.130 any
deny ip host 93.186.224.233 any
deny ip host 93.186.224.234 any
deny ip host 93.186.224.235 any
deny ip host 93.186.224.236 any
deny ip host 93.186.224.237 any
deny ip host 93.186.224.238 any
deny ip host 93.186.224.239 any
deny ip host 93.186.225.6 any
deny ip host 93.186.225.211 any
deny ip host 93.186.225.212 any
deny ip host 93.186.226.4 any
deny ip host 93.186.226.5 any
deny ip host 93.186.226.129 any
deny ip host 93.186.226.130 any
deny ip host 93.186.227.123 any
deny ip host 93.186.227.124 any
deny ip host 93.186.227.125 any
deny ip host 93.186.227.126 any
deny ip host 93.186.227.129 any
deny ip host 93.186.227.130 any
deny ip any any log
ip access-list extended in2
deny ip host 2xx.xxx.xxx.xxx any
deny ip 0.0.0.0 1.255.255.255 any
deny ip 2.0.0.0 0.255.255.255 any
deny ip 5.0.0.0 0.255.255.255 any
deny ip 14.0.0.0 0.255.255.255 any
deny ip 23.0.0.0 0.255.255.255 any
deny ip 27.0.0.0 0.255.255.255 any
deny ip 31.0.0.0 0.255.255.255 any
deny ip 36.0.0.0 1.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 42.0.0.0 0.255.255.255 any
deny ip 46.0.0.0 0.255.255.255 any
deny ip 49.0.0.0 0.255.255.255 any
deny ip 50.0.0.0 0.255.255.255 any
deny ip 100.0.0.0 3.255.255.255 any
deny ip 104.0.0.0 7.255.255.255 any
deny ip 112.0.0.0 1.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 173.0.0.0 0.255.255.255 any
deny ip 174.0.0.0 1.255.255.255 any
deny ip 176.0.0.0 7.255.255.255 any
deny ip 184.0.0.0 1.255.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip any any log
ip access-list extended out1
deny ip 42.0.0.0 0.255.255.255 any
deny ip 0.0.0.0 1.255.255.255 any
deny ip 2.0.0.0 0.255.255.255 any
deny ip 5.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 14.0.0.0 0.255.255.255 any
deny ip 23.0.0.0 0.255.255.255 any
deny ip 27.0.0.0 0.255.255.255 any
deny ip 31.0.0.0 0.255.255.255 any
deny ip 36.0.0.0 1.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 46.0.0.0 0.255.255.255 any
deny ip 49.0.0.0 0.255.255.255 any
deny ip 50.0.0.0 0.255.255.255 any
deny ip 100.0.0.0 3.255.255.255 any
deny ip 104.0.0.0 7.255.255.255 any
deny ip 112.0.0.0 1.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 173.0.0.0 0.255.255.255 any
deny ip 174.0.0.0 1.255.255.255 any
deny ip 176.0.0.0 7.255.255.255 any
deny ip 184.0.0.0 1.255.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 223.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
permit ip host 192.168.xxx.xxx any
ip access-list extended pochta
access-list 100 dynamic NETAMS
deny ip any any
access-list 100 permit ip any any
match ip address 11
match ip address pochta