AlexDv писал(а):
sidsoft писал(а):
AlexDv писал(а):
Хм, я к своему сожалению не сталкивался с двойным NAT-ом.
Если у вас есть время, пожалуйста подскажите какие строки добавить/удалить/изменить в ниже приведённой конфигурации?
Код:
interface GigabitEthernet 10
encapsulation dot1Q 1 native
ip address 1.1.1.1 255.255.255.0
ip nat enable
ip virtual-reassembly in
ip nat source list MAIN_NAT interface GigabitEthernet 10 overload
ip access-list extended MAIN_NAT
deny ip 1.1.1.0 0.0.0.255 host 1.1.1.1 log-input
permit ip any host 1.1.1.1 log-input
deny ip any any log-input
Прямо здесь есть похожий пример. Задача 2.
http://www.anticisco.ru/blogs/2010/02/23/И покажите полный конфиг.
Using 7748 out of 262136 bytes
!
! Last configuration change at 13:43:08 MSK Mon Oct 21 2019 by admin
! NVRAM config last updated at 13:43:09 MSK Mon Oct 21 2019 by admin
! NVRAM config last updated at 13:43:09 MSK Mon Oct 21 2019 by admin
version 15.3
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service internal
service sequence-numbers
!
hostname R_GLOBAL_FOR_DEVICES_NPTK
!
boot-start-marker
boot system flash:c2900.bin
boot-end-marker
!
!
logging buffered 32768 informational
no logging console
logging monitor informational
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
clock timezone MSK 3 0
clock calendar-valid
!
no ip gratuitous-arps
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name NPTK.LOCAL
ip multicast-routing
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
description HALOWEEN
request-dialin
protocol pptp
rotary-group 1
initiate-to ip 99.99.99.99 priority 40
initiate-to ip 100.100.100.100 priority 50
!
!
!
crypto pki trustpoint TP-self-signed
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate
revocation-check none
rsakeypair TP-self-signed
!
!
crypto pki certificate chain TP-self-signed
certificate self-signed 01 nvram:
license udi pid
!
!
username nptk privilege 15 password 7
!
redundancy
notification-timer 60000
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet 10
encapsulation dot1Q 1 native
ip address 1.1.1.1 255.255.255.0
ip nat enable
ip virtual-reassembly in
!
interface GigabitEthernet 11
encapsulation dot1Q 10
ip address 6.6.6.6 255.255.255.240
ip nat enable
ip virtual-reassembly in
ip ospf priority 150
!
interface GigabitEthernet 12
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet 13
no ip address
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet 14
encapsulation dot1Q 200
ip address 7.7.7.7 255.255.255.0
ip nat enable
ip virtual-reassembly in
!
interface GigabitEthernet 15
encapsulation dot1Q 240
ip address 8.8.8.8 255.255.255.252
ip nat enable
ip virtual-reassembly in
!
interface GigabitEthernet 16
encapsulation dot1Q 250
ip address 2.2.2.2 255.255.255.252
ip nat enable
ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address negotiated
ip pim dense-mode
ip nat enable
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp chap hostname
ppp chap password 7
ppp pap sent-username
no cdp enable
!
router ospf 99
router-id 9.9.9.9
ispf
redistribute connected subnets
redistribute static subnets route-map ospf_rt
network 2.2.2.0 0.0.0.15 area 0
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat log translations syslog
ip nat source list NAT_NPTK1 interface Dialer1 overload
ip nat source list nat_nptk2 interface GigabitEthernet 14 overload
ip nat source list MAIN_NAT interface GigabitEthernet 10 overload
ip nat source list MAIN_NAT1 interface GigabitEthernet 11 overload
ip nat source static 3.3.3.3 1.1.1.1 extendable
!
ip access-list standard routs_to_ospf
permit 60.60.60.60
!
ip access-list extended NAT_NPTK1
permit ip any host 66.66.66.66 log-input
deny ip any any
ip access-list extended nat_nptk2
permit ip host 99.99.99.99 host 100.110.100.100
deny ip any any
ip access-list extended MAIN_NAT
deny ip 1.1.1.0 0.0.0.255 host 1.1.1.1 log-input
permit ip any host 1.1.1.1 log-input
deny ip any any log-input
ip access-list extended MAIN_NAT1
permit ip 200.200.200.0 0.0.0.255 host 1.1.1.1 log-input
deny ip any any
ip access-list extended vty_access
permit ip host 8.8.8.8 any log-input
deny ip any any log-input
!
dialer-list 1 protocol ip permit
!
route-map ospf_rt permit 5
match ip address ospf_rt
!
!
!
!
!
control-plane
!
!
!
line con 0
stopbits 1
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output none
stopbits 1
line vty 0 4
access-class vty_access in
exec-timeout 15 0
privilege level 15
transport input telnet ssh
line vty 5 15
access-class vty_access in
exec-timeout 15 0
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
!
end