forum.opennet.ru

Составление сообщения

Исходное сообщение

"настройка маршрутизатора Cisco 877 adsl vpn vlan"
Отправлено Vladsky, 19-Май-09 19:57

адсл настроил, туннель поднял, компы в нет ходят, сети вижу все ок... но как заставить регистрится телефоны через туннель????  конфиг сейчас такой:
........
interface ATM0
description adsl connect UT
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 20/68
  encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet0
shutdown
!
interface FastEthernet1
switchport access vlan 1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
shutdown
!
interface Vlan1
description -- FA1 LAN --
ip address 172.16.1.10 255.255.255.0
ip access-group 23 in
ip nat inside
no ip virtual-reassembly
ip policy route-map tointernet
!
interface Vlan2
description - VLAN 2 VOICE -
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI1
ip address x.x.x.x 255.255.255.192
ip nat outside
ip virtual-reassembly
!
router eigrp 999
network 10.0.0.0
network 172.16.0.0
network 192.168.4.0
network 192.168.168.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 172.16.4.0 255.255.255.0 172.16.2.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface BVI1 overload
!
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 23 permit 172.16.2.55 log
access-list 23 permit 172.16.2.50 log
access-list 23 permit 172.16.1.11 log
access-list 23 permit 172.16.1.4
access-list 23 permit 172.16.1.7
access-list 23 permit 172.16.2.5 log
access-list 23 permit 172.16.2.110 log
access-list 23 permit 172.16.2.101 log
access-list 104 remark ---firewall---
access-list 104 remark ---private adresses---
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 remark ---vpn---
access-list 104 permit gre any host x.x.x.x
access-list 104 permit ahp any host x.x.x.x
access-list 104 permit esp any host x.x.x.x
access-list 104 permit udp any host x.x.x.x eq isakmp
access-list 104 permit udp any host x.x.x.x eq non500-isakmp
access-list 104 remark ---ssh---
access-list 104 permit tcp any host x.x.x.x eq 22
access-list 104 remark ---office---
access-list 104 permit ip x.x.x.x 0.0.0.63 any
access-list 104 remark ---icmp---
access-list 104 permit icmp any any echo
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 permit icmp any any packet-too-big
access-list 104 permit icmp any any traceroute
access-list 104 remark ---Domain---
access-list 104 permit udp host x.x.x.x eq domain any
access-list 104 permit udp host x.x.x.x eq domain any
access-list 104 remark ---Deny_Any---
access-list 104 deny   ip any any
access-list 170 permit ip 172.16.1.0 0.0.0.255 any
access-list 170 permit ip 172.16.2.0 0.0.0.255 any
access-list 170 permit ip 192.168.4.0 0.0.0.255 any
access-list 190 remark ---for qos---
access-list 190 permit ip host 172.16.1.1 any
access-list 190 permit ip host 172.16.1.2 any
access-list 190 permit ip host 192.168.4.1 any
access-list 190 permit ip any host 172.16.1.1
access-list 190 permit ip any host 172.16.1.2
access-list 190 permit ip any host 192.168.4.1
no cdp run
!
!
!
route-map tointernet permit 10
match ip address 170
set interface Tunnel0
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
ntp logging
ntp clock-period 17179180
ntp server 172.16.2.1
ntp server 130.88.200.98
ntp server 194.87.0.20
end

Исходное сообщение
"настройка маршрутизатора Cisco 877 adsl vpn vlan" Отправлено Vladsky, 19-Май-09 19:57
адсл настроил, туннель поднял, компы в нет ходят, сети вижу все ок... но как заставить регистрится телефоны через туннель???? конфиг сейчас такой: ........ interface ATM0 description adsl connect UT no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 20/68 encapsulation aal5snap ! bridge-group 1 ! interface FastEthernet0 shutdown ! interface FastEthernet1 switchport access vlan 1 ! interface FastEthernet2 switchport access vlan 2 ! interface FastEthernet3 shutdown ! interface Vlan1 description -- FA1 LAN -- ip address 172.16.1.10 255.255.255.0 ip access-group 23 in ip nat inside no ip virtual-reassembly ip policy route-map tointernet ! interface Vlan2 description - VLAN 2 VOICE - ip address 192.168.4.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface BVI1 ip address x.x.x.x 255.255.255.192 ip nat outside ip virtual-reassembly ! router eigrp 999 network 10.0.0.0 network 172.16.0.0 network 192.168.4.0 network 192.168.168.0 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 x.x.x.x ip route 172.16.4.0 255.255.255.0 172.16.2.1 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface BVI1 overload ! access-list 1 permit 172.16.1.0 0.0.0.255 access-list 1 permit 192.168.4.0 0.0.0.255 access-list 23 permit 172.16.2.55 log access-list 23 permit 172.16.2.50 log access-list 23 permit 172.16.1.11 log access-list 23 permit 172.16.1.4 access-list 23 permit 172.16.1.7 access-list 23 permit 172.16.2.5 log access-list 23 permit 172.16.2.110 log access-list 23 permit 172.16.2.101 log access-list 104 remark ---firewall--- access-list 104 remark ---private adresses--- access-list 104 deny ip 10.0.0.0 0.255.255.255 any access-list 104 deny ip 172.16.0.0 0.15.255.255 any access-list 104 deny ip 127.0.0.0 0.255.255.255 any access-list 104 deny ip host 255.255.255.255 any access-list 104 deny ip host 0.0.0.0 any access-list 104 remark ---vpn--- access-list 104 permit gre any host x.x.x.x access-list 104 permit ahp any host x.x.x.x access-list 104 permit esp any host x.x.x.x access-list 104 permit udp any host x.x.x.x eq isakmp access-list 104 permit udp any host x.x.x.x eq non500-isakmp access-list 104 remark ---ssh--- access-list 104 permit tcp any host x.x.x.x eq 22 access-list 104 remark ---office--- access-list 104 permit ip x.x.x.x 0.0.0.63 any access-list 104 remark ---icmp--- access-list 104 permit icmp any any echo access-list 104 permit icmp any any echo-reply access-list 104 permit icmp any any time-exceeded access-list 104 permit icmp any any unreachable access-list 104 permit icmp any any packet-too-big access-list 104 permit icmp any any traceroute access-list 104 remark ---Domain--- access-list 104 permit udp host x.x.x.x eq domain any access-list 104 permit udp host x.x.x.x eq domain any access-list 104 remark ---Deny_Any--- access-list 104 deny ip any any access-list 170 permit ip 172.16.1.0 0.0.0.255 any access-list 170 permit ip 172.16.2.0 0.0.0.255 any access-list 170 permit ip 192.168.4.0 0.0.0.255 any access-list 190 remark ---for qos--- access-list 190 permit ip host 172.16.1.1 any access-list 190 permit ip host 172.16.1.2 any access-list 190 permit ip host 192.168.4.1 any access-list 190 permit ip any host 172.16.1.1 access-list 190 permit ip any host 172.16.1.2 access-list 190 permit ip any host 192.168.4.1 no cdp run ! ! ! route-map tointernet permit 10 match ip address 170 set interface Tunnel0 ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 transport input telnet ssh ! scheduler max-task-time 5000 ntp logging ntp clock-period 17179180 ntp server 172.16.2.1 ntp server 130.88.200.98 ntp server 194.87.0.20 end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

> адсл настроил, туннель поднял, компы в нет ходят, сети вижу все ок... 
> но как заставить регистрится телефоны через туннель????  конфиг сейчас такой: 
 
> ........

> interface ATM0 
>  description adsl connect UT 
>  no ip address 
>  no atm ilmi-keepalive 
>  dsl operating-mode auto 
> !
> interface ATM0.1 point-to-point 
>  pvc 20/68 
>   encapsulation aal5snap 
>  !
>  bridge-group 1 
> !
> interface FastEthernet0 
>  shutdown 
> !
> interface FastEthernet1 
>  switchport access vlan 1 
> !
> interface FastEthernet2 
>  switchport access vlan 2 
> !
> interface FastEthernet3 
>  shutdown 
> !
> interface Vlan1 
>  description -- FA1 LAN -- 
>  ip address 172.16.1.10 255.255.255.0 
>  ip access-group 23 in 
>  ip nat inside 
>  no ip virtual-reassembly 
>  ip policy route-map tointernet 
> !
> interface Vlan2 
>  description - VLAN 2 VOICE - 
>  ip address 192.168.4.1 255.255.255.0 
>  ip nat inside 
>  ip virtual-reassembly 
> !
> interface BVI1 
>  ip address x.x.x.x 255.255.255.192 
>  ip nat outside 
>  ip virtual-reassembly 
> !
> router eigrp 999 
>  network 10.0.0.0 
>  network 172.16.0.0 
>  network 192.168.4.0 
>  network 192.168.168.0 
>  no auto-summary 
> !
> ip forward-protocol nd 
> ip route 0.0.0.0 0.0.0.0 x.x.x.x 
> ip route 172.16.4.0 255.255.255.0 172.16.2.1 
> !
> !
> ip http server 
> ip http authentication local 
> ip http secure-server 
> ip http timeout-policy idle 60 life 86400 requests 10000 
> ip nat inside source list 1 interface BVI1 overload 
> !
> access-list 1 permit 172.16.1.0 0.0.0.255 
> access-list 1 permit 192.168.4.0 0.0.0.255 
> access-list 23 permit 172.16.2.55 log 
> access-list 23 permit 172.16.2.50 log 
> access-list 23 permit 172.16.1.11 log 
> access-list 23 permit 172.16.1.4 
> access-list 23 permit 172.16.1.7 
> access-list 23 permit 172.16.2.5 log 
> access-list 23 permit 172.16.2.110 log 
> access-list 23 permit 172.16.2.101 log 
> access-list 104 remark ---firewall--- 
> access-list 104 remark ---private adresses--- 
> access-list 104 deny   ip 10.0.0.0 0.255.255.255 any 
> access-list 104 deny   ip 172.16.0.0 0.15.255.255 any 
> access-list 104 deny   ip 127.0.0.0 0.255.255.255 any 
> access-list 104 deny   ip host 255.255.255.255 any 
> access-list 104 deny   ip host 0.0.0.0 any 
> access-list 104 remark ---vpn--- 
> access-list 104 permit gre any host x.x.x.x 
> access-list 104 permit ahp any host x.x.x.x 
> access-list 104 permit esp any host x.x.x.x 
> access-list 104 permit udp any host x.x.x.x eq isakmp 
> access-list 104 permit udp any host x.x.x.x eq non500-isakmp 
> access-list 104 remark ---ssh--- 
> access-list 104 permit tcp any host x.x.x.x eq 22 
> access-list 104 remark ---office--- 
> access-list 104 permit ip x.x.x.x 0.0.0.63 any 
> access-list 104 remark ---icmp--- 
> access-list 104 permit icmp any any echo 
> access-list 104 permit icmp any any echo-reply 
> access-list 104 permit icmp any any time-exceeded 
> access-list 104 permit icmp any any unreachable 
> access-list 104 permit icmp any any packet-too-big 
> access-list 104 permit icmp any any traceroute 
> access-list 104 remark ---Domain--- 
> access-list 104 permit udp host x.x.x.x eq domain any 
> access-list 104 permit udp host x.x.x.x eq domain any 
> access-list 104 remark ---Deny_Any--- 
> access-list 104 deny   ip any any 
> access-list 170 permit ip 172.16.1.0 0.0.0.255 any 
> access-list 170 permit ip 172.16.2.0 0.0.0.255 any 
> access-list 170 permit ip 192.168.4.0 0.0.0.255 any 
> access-list 190 remark ---for qos--- 
> access-list 190 permit ip host 172.16.1.1 any 
> access-list 190 permit ip host 172.16.1.2 any 
> access-list 190 permit ip host 192.168.4.1 any 
> access-list 190 permit ip any host 172.16.1.1 
> access-list 190 permit ip any host 172.16.1.2 
> access-list 190 permit ip any host 192.168.4.1 
> no cdp run 
> !
> !
> !
> route-map tointernet permit 10 
>  match ip address 170 
>  set interface Tunnel0 
> !
> !
> control-plane 
> !
> bridge 1 protocol ieee 
> bridge 1 route ip 
> !
> line con 0 
>  no modem enable 
> line aux 0 
> line vty 0 4 
>  access-class 23 in 
>  privilege level 15 
>  transport input telnet ssh 
> !
> scheduler max-task-time 5000 
> ntp logging 
> ntp clock-period 17179180 
> ntp server 172.16.2.1 
> ntp server 130.88.200.98 
> ntp server 194.87.0.20 
> end

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру