公司购买了CISCO1841的路由器,使用网通的光纤上网, 不做DHCP,路由器的F0/0为192.168.0.1,路由器的F0/1为 58.*.*.75,要求是内部网络192.168.0.0全能上Internet,并要求外面的机器能够通过RDC连接到服务器192.168.0.2 和192.168.0.5,并要开放一些对外的端口443,3389,80等,还允许在192.168.0.0网段使用TELNET登陆路由器,不允许其 它网段TELNET到路由器,还可以使用SDM登陆路由器。我采用静态地址转换+端口复用地址转换
Current configuration : 3233 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$sdewy$1125iOKattysUjhWSNgLZPZkIj1
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain name cisco.com
ip name-server 210.21.196.6
ip name-server 221.5.88.88
!
username ******* privilege 15 secret 5 $2$nFh5$raRMQhgddF5z4545z17xRc654hj1
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-WAN$
ip address 58.*.*.75 255.255.255.0
ip nat outside
speed 100
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 58.*.*.1(指向ISP提供的网关)
ip route 192.168.0.0 255.255.255.0 58.*.*.1
!
ip http server
ip http access-class 2
ip http authentication local
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool tp 58.*.*.75 58.*.*.75 netmask 255.255.255.0
ip nat inside source list 1 pool tp overload
ip nat inside source static tcp 192.168.0.2 25 58.*.*.75 25 extendable
ip nat inside source static tcp 192.168.0.2 47 58.*.*.75 47 extendable
ip nat inside source static tcp 192.168.0.2 80 58.*.*.75 80 extendable
ip nat inside source static tcp 192.168.0.2 443 58.*.*.75 443 extendable
ip nat inside source static tcp 192.168.0.2 1723 58.*.*.75 1723 extendable
ip nat inside source static tcp 192.168.0.2 3389 58.*.*.75 3389 extendable
ip nat inside source static tcp 192.168.0.5 80 58.*.*.76 80 extendable
ip nat inside source static tcp 192.168.0.5 443 58.*.*.76 443 extendable
ip nat inside source static tcp 192.168.0.5 8080 58.*.*.76 8080 extendable
ip nat inside source static tcp 192.168.0.5 90 58.*.*.76 90 extendable
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=1
permit ip 192.168.0.0 0.0.0.255 any
!
access-list 1 remark SDM_ACL Category=18
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq telnet
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq 22
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq www
access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.1 eq cmd
access-list 100 deny tcp any host 192.168.0.1 eq telnet
access-list 100 deny tcp any host 192.168.0.1 eq 22
access-list 100 deny tcp any host 192.168.0.1 eq www
access-list 100 deny tcp any host 192.168.0.1 eq 443
access-list 100 deny tcp any host 192.168.0.1 eq cmd
access-list 100 deny udp any host 192.168.0.1 eq snmp
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
control-plane
!
banner login ^CWelcome to cisco1841!!!^C
!
line con 0
line aux 0
line vty 0 4
access-class 101 in
login local
transport input telnet
!
end
转载于:https://blog.51cto.com/1841cisco/1100736
405
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
