Задать вопрос
Shellon

Anton Antonov

Комментарии

  • Как исправить «Битый» интерфейс в приложениях OS X Yosemite?

    Shellon
    @Shellon
    Попробуйте восстановить права на системные файлы через штатное приложение Дисковая утилита
    Написано

  • Не поднимается тоннель ipsec, в чем может быть проблема?

    Shellon
    @Shellon Автор вопроса
    : Saved
    : Written by enable_15 at 11:26:12.535 GMT Tue Sep 27 2016
    !
    ASA Version 9.0(3)
    !
    hostname ASA-K74
    !
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/4
    switchport access vlan 13
    interface Vlan1
    description Internal interface
    nameif inside
    security-level 100
    ip address 192.168.2.25 255.255.255.0
    !
    interface Vlan2
    description External interface
    nameif Nauka
    security-level 0
    ip address 84.47.183.210 255.255.255.248
    !
    interface Vlan3
    no forward interface Vlan1
    nameif dmz
    security-level 50
    no ip address
    !
    interface Vlan13
    nameif Starlink
    security-level 0
    ip address 81.17.150.98 255.255.255.252
    !
    dns domain-lookup inside
    dns domain-lookup Nauka
    dns domain-lookup dmz
    dns domain-lookup Starlink
    dns server-group DefaultDNS
    domain-name medkvadrat.local
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network obj-0.0.0.0
    subnet 0.0.0.0 0.0.0.0
    object network LAN_kl
    subnet 192.168.2.0 255.255.255.0
    object network ccLan
    subnet 192.168.3.0 255.255.255.0
    object network ccWAN1_3
    host 62.141.65.173
    object network LANLand
    subnet 192.168.1.0 255.255.255.0
    object network Wan_1_1
    host 62.141.65.171
    object network ContactCenter
    host 62.141.65.170
    description 0
    object network CC1
    host 62.141.65.171
    object network Cisco-3750
    host 192.168.2.1
    object network One
    host 192.168.2.30
    object service RDP
    service tcp source eq 3389
    object network OUT
    host 84.47.183.210
    object network NETWORK_OBJ_192.168.9.0_26
    subnet 192.168.9.0 255.255.255.192
    object network macbook
    host 192.168.2.9
    object network starlink_gateway
    host 81.17.150.97
    object network VPN1
    host 192.168.9.1
    object network K2-Lan
    subnet 192.168.10.0 255.255.255.0
    object-group network DM_INLINE_NETWORK_2
    network-object object LANLand
    network-object object LAN_kl
    object-group network DM_INLINE_NETWORK_4
    network-object object Wan_1_1
    network-object object ccLan
    network-object object ccWAN1_3
    network-object object NETWORK_OBJ_192.168.9.0_26
    object-group service smtp tcp
    port-object eq smtp
    object-group protocol DM_INLINE_PROTOCOL_1
    protocol-object ip
    protocol-object udp
    protocol-object tcp
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group service ipsecv2 udp
    port-object eq 4500
    port-object eq isakmp
    object-group protocol DM_INLINE_PROTOCOL_2
    protocol-object ip
    protocol-object icmp
    protocol-object udp
    protocol-object tcp
    object-group protocol DM_INLINE_PROTOCOL_3
    protocol-object ip
    protocol-object icmp
    access-list outside_cryptomap_1 extended permit ip object LAN_kl object ccLan
    access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_4 any
    access-list outside_access_in extended permit object RDP-service any object One
    access-list outside_access_in extended permit object SMTP-service any object CGP
    access-list outside_access_in extended permit ip interface inside object CC1
    access-list outside_access_in extended permit ip interface inside any
    access-list inside_access_in extended permit tcp interface inside interface Nauka object-group DM_INLINE_TCP_1 inactive
    access-list inside_access_in extended permit ip any any
    access-list inside_access_in extended permit ip interface inside interface inside
    access-list inside_access_in extended permit ip object LANLand object ccLan
    access-list outside_cryptomap_2 extended permit ip object LANLand object ccLan
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
    access-list Starlink_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any interface Starlink
    access-list 112 standard permit any4
    access-list Starlink_cryptomap extended permit ip 192.168.2.0 255.255.255.0 object K2-Lan

    nat (any,any) source static any any no-proxy-arp
    nat (inside,Nauka) source static One interface service any RDP
    nat (inside,Nauka) source static CGP interface service any SMTP2
    nat (inside,Nauka) source static any any destination static NETWORK_OBJ_192.168.9.0_26 NETWORK_OBJ_192.168.9.0_26 no-proxy-arp route-lookup
    !
    object network obj-0.0.0.0
    nat (any,Nauka) dynamic interface
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface Nauka
    access-group Starlink_access_in in interface Starlink
    route Nauka 0.0.0.0 0.0.0.0 84.47.183.209 1
    route inside 192.168.1.0 255.255.255.0 192.168.2.1 1
    route Nauka 192.168.255.0 255.255.255.255 192.168.2.1 1
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL

    sysopt noproxyarp inside
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
    crypto map l2l 1 set peer 84.47.183.210
    crypto map l2l 2 match address outside_cryptomap_1
    crypto map l2l 2 set pfs
    crypto map l2l 2 set peer 62.141.65.173
    crypto map l2l 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map l2l 2 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
    crypto map l2l 3 match address outside_cryptomap_2
    crypto map l2l 3 set peer 62.141.65.171
    crypto map l2l 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map l2l 3 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
    crypto map l2l 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map l2l interface Nauka
    crypto map Starlink_map 1 match address Starlink_cryptomap
    crypto map Starlink_map 1 set peer 193.41.78.54
    crypto map Starlink_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map Starlink_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
    crypto map Starlink_map interface Starlink
    crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
    enrollment self
    fqdn none
    subject-name CN=192.168.2.25,CN=mlasa
    keypair ASDM_LAUNCHER
    crl configure
    crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_1
    enrollment self
    fqdn none
    subject-name CN=192.168.2.25,CN=mlasa
    keypair ASDM_LAUNCHER
    crl configure
    crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_2
    enrollment self
    fqdn none
    subject-name CN=192.168.2.25,CN=mlasa
    keypair ASDM_LAUNCHER
    crl configure
    crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_3
    enrollment self
    fqdn none
    subject-name CN=192.168.2.25,CN=mlasa
    keypair ASDM_LAUNCHER
    crl configure
    crypto ca trustpool policy

    no crypto isakmp nat-traversal
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable Nauka
    crypto ikev2 enable Starlink
    crypto ikev1 enable Nauka
    crypto ikev1 enable Starlink
    crypto ikev1 policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 120
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400

    group-policy DfltGrpPolicy attributes
    default-domain value medkvadrat.local
    group-policy GroupPolicy_193.41.78.54 internal
    group-policy GroupPolicy_193.41.78.54 attributes
    vpn-tunnel-protocol ikev1 ikev2
    group-policy GroupPolicy_62.141.65.173 internal
    group-policy GroupPolicy_62.141.65.173 attributes
    vpn-tunnel-protocol ikev1 ikev2
    group-policy GroupPolicy_62.141.65.171 internal
    group-policy GroupPolicy_62.141.65.171 attributes
    vpn-tunnel-protocol ikev1 ikev2
    group-policy VPNcl internal
    group-policy VPNcl attributes
    dns-server value 192.168.2.30 192.168.1.3
    vpn-filter none
    vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
    password-storage enable
    split-tunnel-policy tunnelall
    default-domain value medkvadrat.local
    tunnel-group DefaultRAGroup ipsec-attributes
    ikev1 pre-shared-key Medkvadr0
    tunnel-group 62.141.65.173 type ipsec-l2l
    tunnel-group 62.141.65.173 general-attributes
    default-group-policy GroupPolicy_62.141.65.173
    tunnel-group 62.141.65.173 ipsec-attributes
    ikev1 pre-shared-key #key#
    isakmp keepalive threshold 100 retry 10
    ikev2 remote-authentication pre-shared-key #key#
    ikev2 local-authentication pre-shared-key #key#
    tunnel-group 62.141.65.171 type ipsec-l2l
    tunnel-group 62.141.65.171 general-attributes
    default-group-policy GroupPolicy_62.141.65.171
    tunnel-group 62.141.65.171 ipsec-attributes
    ikev1 pre-shared-key #key#
    ikev2 remote-authentication pre-shared-key #key#
    ikev2 local-authentication pre-shared-key #key#
    tunnel-group VPNcl type remote-access
    tunnel-group VPNcl general-attributes
    address-pool VPN-Pool
    default-group-policy VPNcl
    tunnel-group VPNcl ipsec-attributes
    ikev1 pre-shared-key Medkvadr0
    tunnel-group 193.41.78.54 type ipsec-l2l
    tunnel-group 193.41.78.54 general-attributes
    default-group-policy GroupPolicy_193.41.78.54
    tunnel-group 193.41.78.54 ipsec-attributes
    ikev1 pre-shared-key #key#
    ikev2 remote-authentication pre-shared-key #key#
    ikev2 local-authentication pre-shared-key #key#
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    Оказался битый образ. Скачал, заменил - все ок
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    Ох... Не люблю я обновляшки...
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    В соседней ветке уже давно выяснили что есть этот функционал.
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    Извиняюсь что так долго, вот конфиг:

    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname c2801-kurkino
    !
    boot-start-marker
    boot system flash c2801-adventerprisek9-mz.124-21.bin
    boot-end-marker
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$GfhA$hf7Q2LaIX4UZ1SjSSBrWb/
    enable password 7 06123D715C1F0226071E3D4F1B05240B
    !
    aaa new-model
    !
    !
    aaa authentication login default local enable
    aaa authentication ppp default local
    aaa authorization exec default local
    aaa authorization network default local
    !
    aaa attribute list for_service
    attribute type inacl "ForService" service ppp protocol ip
    !
    aaa attribute list Test
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone PCTime 3
    clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    no ip source-route
    ip cef
    !
    !
    ip tcp synwait-time 10
    !
    !
    ip flow-cache timeout active 1
    no ip bootp server
    ip name-server 192.168.2.30
    ip name-server 192.168.1.3
    login on-failure log
    login on-success log
    vpdn enable
    !
    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    !
    !
    voice-card 0
    !
    !
    !
    voice service voip
    h323
    call service stop
    !
    !
    voice class codec 1
    codec preference 1 g711ulaw
    codec preference 2 g711alaw
    !
    !
    !
    !
    !
    !
    voice class custom-cptone class1
    dualtone busy
    frequency 425
    cadence 200 300
    !
    !
    !
    !
    !
    !
    crypto pki trustpoint TP-self-signed-1704390944
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1704390944
    revocation-check none
    rsakeypair TP-self-signed-1704390944
    !
    !
    crypto pki certificate chain TP-self-signed-1704390944
    certificate self-signed 01
    30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31373034 33393039 3434301E 170D3038 30393233 31363136
    32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303433
    39303934 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B664 B32E3001 4533162F ABE1E791 78FF0F5D AA85A5B0 16723FF9 15A2C929
    89D138F8 A2416454 9B94092F 882529D0 B79C145E 983B46A9 D9D50412 A56A2552
    E85AD8F2 2A9BDBD4 48F5C0FB 1B4B2ECD 3926FA59 BA749513 4603D14E 4FE70457
    0B090203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
    551D1104 12301082 0E633238 30312D6B 75726B69 6E6F2E30 1F060355 1D230418
    30168014 E43DE3F2 AC7889F7 7347C121 4060A228 353973FD 301D0603 551D0E04
    160414E4 3DE3F2AC 7889F773 47C12140 60A22835 3973FD30 0D06092A 864886F7
    0D010104 05000381 810042CE F790E53A 50E6597B 88CA45F0 6955E63C B64664C1
    5930EB1D D7DF3B09 81D09B8C 06929997 66F2B9DD 12E2A881 7BD642CE 829D29BB
    A49AB2CC 224D28F9 E34C07F9 638C87AF 3CA8CDBA 74215C0C 1C8AE2A0 1A46F24D
    5CBA5656 5A372AA2 39D7E325 3609CC0F 9343B657 416B83A7 19390FF5 66EA07F3
    31D79D1D D83AEC0A 10C1
    quit
    username administrator privilege 15 secret 5 $1$xzrE$H16Y7NjGEIsjitocgkUf8/
    username service password 7
    username service aaa attribute list for_service
    username idemin password 7
    username tgurevich password 7
    username manager password 7
    username cmon password 7
    username ishalakhov password 7
    username evkoroleva password 7
    username svarseniev password 7
    username mtaranin password 7
    username eesidorova password 7
    username imsergeev password 7
    username extdevs password 7
    username akutonova password 7
    username smasterenko password 7
    username npefremova password 7
    username glkolieva password 7
    username dgribanov password 7
    username aantonov password 7
    username aorlov password 7
    username kermolaeva password 7
    username 1csupport password 7
    username vmamlyutov password 7
    username ishalahov password 7
    username auditor password 7
    username duallab password 7
    username nfokin password 7
    username nrodionova password 7
    username naleksandrov password 7
    username apozdnyshev password 7
    !
    !
    class-map match-all inspection_default
    match protocol sip
    !
    !
    policy-map global_policy
    class inspection_default
    !
    !
    !
    !
    interface Loopback0
    ip address 172.16.16.1 255.255.255.0
    !
    interface FastEthernet0/0
    description #LAN#
    ip address 192.168.2.200 255.255.255.0
    ip access-group BlockHTTPUsers in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip flow egress
    ip nat inside
    ip route-cache flow
    load-interval 30
    duplex auto
    speed auto
    no cdp enable
    no mop enabled
    !
    interface FastEthernet0/1
    description #WAN#$ES_LAN$
    ip address [Наш IP] 255.255.255.248
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow egress
    ip nat outside
    ip route-cache flow
    load-interval 30
    duplex auto
    speed auto
    no mop enabled
    !
    interface Virtual-Template1
    ip unnumbered Loopback0
    peer default ip address pool DIAL-IN
    ppp authentication ms-chap ms-chap-v2
    !
    ip local pool DIAL-IN 172.16.16.10 172.16.16.20
    ip classless
    no ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 84.47.183.209
    ip route 0.0.0.0 0.0.0.0 94.141.183.1
    ip route 192.168.1.0 255.255.255.0 192.168.2.1
    ip route 192.168.3.0 255.255.255.0 192.168.2.1
    ip route 192.168.255.0 255.255.255.0 192.168.2.1
    !
    ip flow-export source FastEthernet0/1
    ip flow-export version 9
    ip flow-export destination 192.168.2.6 9996
    !
    no ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    no ip nat service sip udp port 5060
    ip nat pool cmgate 192.168.2.230 192.168.2.230 netmask 255.255.255.0 type rotary
    ip nat inside source list AllowUsersInternetNAT interface FastEthernet0/1 overload
    ip nat inside source static tcp 192.168.2.248 25 [Наш IP] 25 extendable
    ip nat inside source static tcp 192.168.2.230 143 [Наш IP] 143 extendable
    ip nat inside source static tcp 192.168.2.230 443 [Наш IP] 443 extendable
    ip nat inside source static tcp 192.168.2.230 465 [Наш IP] 465 extendable
    ip nat inside source static tcp 192.168.2.230 993 [Наш IP] 993 extendable
    ip nat inside source static tcp 192.168.1.89 1433 [Наш IP] 1433 extendable
    ip nat inside source static tcp 192.168.1.89 1434 [Наш IP] 1434 extendable
    ip nat inside source static udp 192.168.1.89 1434 [Наш IP] 1434 extendable
    ip nat inside source static tcp 192.168.2.230 5060 [Наш IP] 5060 extendable
    ip nat inside source static udp 192.168.2.230 5060 [Наш IP] 5060 extendable
    ip nat inside source static tcp 192.168.2.230 5222 [Наш IP] 5222 extendable
    ip nat inside source static tcp 192.168.2.230 5269 [Наш IP] 5269 extendable
    ip nat inside source static tcp 192.168.1.2 3389 [Наш IP] 6182 extendable
    ip nat inside source static tcp 192.168.2.230 8010 [Наш IP] 8010 extendable
    ip nat inside source static tcp 192.168.2.243 80 [Наш IP] 8205 extendable
    ip nat inside source static tcp 192.168.1.2 3389 [Наш IP] 33389 extendable
    ip nat inside source static tcp 192.168.2.13 3389 [Наш IP] 54321 extendable
    !
    ip access-list extended Access_Telnet
    permit tcp host 172.16.1.3 any
    permit tcp host 192.168.1.3 any
    permit tcp 192.168.2.0 0.0.0.255 any
    permit tcp 172.16.16.0 0.0.0.255 any
    permit tcp host 192.168.1.154 any
    permit ip host 62.141.65.170 any
    permit ip host 46.39.225.21 any
    permit tcp host 109.173.96.195 any
    permit tcp host 192.168.1.9 any
    permit ip host 192.168.2.9 any
    ip access-list extended AllowUsersInternetNAT
    deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
    deny ip 192.168.1.0 0.0.0.255 192.168.88.0 0.0.0.255
    deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
    permit ip 192.168.1.0 0.0.0.255 any
    permit ip 192.168.2.0 0.0.0.255 any
    ip access-list extended BlockHTTPUsers
    permit ip 192.168.1.0 0.0.0.7 any
    permit ip host 192.168.1.154 any
    permit ip host 192.168.1.164 any
    permit tcp 192.168.2.4 0.0.0.3 any
    permit ip 192.168.2.4 0.0.0.3 any
    permit tcp 192.168.2.8 0.0.0.7 any
    permit ip 192.168.2.8 0.0.0.7 any
    permit tcp 192.168.2.16 0.0.0.3 any
    permit ip 192.168.2.16 0.0.0.3 any
    permit tcp host 192.168.2.20 any
    permit ip host 192.168.2.20 any
    permit tcp any any eq smtp
    permit tcp any any eq pop3
    permit ip host 192.168.2.30 any
    permit ip host 192.168.1.89 192.168.3.0 0.0.0.255
    permit ip host 192.168.2.170 any
    permit ip host 192.168.1.80 192.168.88.0 0.0.0.255
    permit ip host 192.168.1.83 any
    permit ip host 192.168.2.3 any
    permit ip host 192.168.2.2 any
    permit ip host 192.168.2.21 any
    permit ip host 192.168.2.22 any
    permit ip host 192.168.2.23 any
    permit ip host 192.168.2.24 any
    permit ip host 192.168.1.6 any
    permit ip host 192.168.1.10 any
    permit ip host 192.168.2.243 any
    permit tcp host 192.168.1.80 192.168.3.0 0.0.0.255
    permit tcp host 192.168.2.99 192.168.3.0 0.0.0.255
    permit tcp host 192.168.1.201 192.168.3.0 0.0.0.255
    permit tcp host 192.168.1.200 192.168.3.0 0.0.0.255
    permit tcp host 192.168.2.202 192.168.3.0 0.0.0.255
    permit ip host 192.168.1.118 any
    permit tcp host 192.168.2.131 any
    permit ip host 192.168.2.66 any
    permit ip host 62.141.65.170 any
    permit ip host 192.168.1.27 any
    permit tcp any eq 143 any
    permit tcp any any eq 143
    permit tcp 172.16.16.0 0.0.0.255 host 192.168.1.89 eq 1433
    permit tcp host 192.168.1.89 eq 1433 172.16.16.0 0.0.0.255
    permit ip host 192.168.1.17 any
    permit ip 172.16.16.0 0.0.0.255 any
    permit ip any 172.16.16.0 0.0.0.255
    permit ip host 46.39.225.21 any
    permit ip any host 46.39.225.21
    deny ip host 185.5.160.163 any
    deny ip host 185.5.160.161 any
    deny ip host 185.5.160.160 any
    permit ip host 192.168.1.151 any
    permit ip host 192.168.2.108 any
    permit ip host 192.168.2.147 any
    permit ip host 192.168.2.61 any
    permit tcp any any eq 993
    permit ip host 192.168.2.104 any
    permit ip host 192.168.2.248 any
    permit ip host 192.168.2.240 any
    permit tcp 192.168.1.0 0.0.0.7 any
    permit tcp 192.168.1.8 0.0.0.1 any
    permit ip host 192.168.1.116 any
    permit ip host 192.168.1.81 any
    permit ip host 192.168.1.99 any
    permit ip host 192.168.1.84 any
    permit ip host 192.168.1.97 any
    permit ip host 192.168.1.169 any
    permit ip host 192.168.1.150 any
    permit ip host 192.168.1.89 any
    permit ip host 192.168.2.152 any
    permit ip host 192.168.2.109 any
    permit ip host 192.168.2.129 any
    permit ip host 192.168.2.173 any
    permit ip host 192.168.1.114 any
    permit ip host 192.168.2.58 any
    permit ip host 192.168.1.107 any
    permit ip host 192.168.2.80 any
    permit ip host 192.168.2.97 any
    permit ip host 192.168.1.174 any
    permit ip host 192.168.2.91 any
    permit ip host 192.168.2.229 any
    permit ip host 192.168.2.98 any
    permit ip host 192.168.2.120 any
    permit tcp host 192.168.1.89 eq 1433 host 84.47.183.212
    deny tcp host 192.168.1.89 eq 1433 any
    permit ip host 192.168.2.230 any
    permit ip host 192.168.2.70 any
    permit ip host 192.168.2.123 any
    permit ip host 192.168.2.160 any
    permit ip host 192.168.2.38 any
    permit ip host 192.168.2.127 any
    permit ip host 192.168.2.94 any
    permit ip host 192.168.2.101 any
    permit ip any host 192.168.2.230
    permit ip host 192.168.1.145 any
    permit ip host 192.168.2.74 any
    permit ip host 192.168.1.147 any
    permit ip host 192.168.2.55 any
    permit ip host 192.168.1.85 any
    permit ip host 192.168.1.166 any
    permit ip host 192.168.1.146 any
    permit ip host 192.168.2.56 any
    permit ip host 192.168.2.87 any
    permit ip host [Наш IP] any
    permit ip host 192.168.1.106 any
    permit ip host 192.168.2.93 any
    ip access-list extended ForService
    permit ip any host 192.168.1.3
    ip access-list extended Medialog_ACL
    permit ip 192.168.1.0 0.0.0.255 192.168.88.0 0.0.0.255
    ip access-list extended VPN_to_LAN_1-0
    permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
    ip access-list extended Zyxel_VPN_ACL
    permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
    ip access-list extended blockHTTPUsers
    permit ip host 109.173.96.195 any
    permit ip host 192.168.2.56 any
    ip access-list extended vpn_asa
    permit ip 192.168.0.0 0.0.255.255 10.0.50.0 0.0.0.255
    !
    logging trap debugging
    logging facility local3
    logging source-interface FastEthernet0/0
    logging 192.168.2.241
    access-list 1 deny 192.168.1.10
    access-list 1 deny 192.168.1.3
    access-list 1 deny 192.168.1.2
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 10 permit 172.16.16.0 0.0.0.255
    access-list 20 permit 192.168.1.10
    access-list 20 permit 172.16.16.10
    access-list 99 permit 172.16.1.3
    access-list 1300 permit 192.168.1.0 0.0.0.255
    access-list 101 permit udp any any range 60000 60999
    access-list 101 permit tcp any any range 60000 60099
    snmp-server community public RO
    snmp-server ifindex persist
    no cdp run
    !
    !sip-ua
    no transport udp
    no transport tcp
    !
    banner login Authorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!
    privilege configure all level 3 ip route
    privilege configure level 3 ip
    privilege exec level 3 udptn
    privilege exec level 3 undebug all
    privilege exec level 3 undebug
    privilege exec all level 3 terminal
    privilege exec level 5 show ip
    privilege exec level 3 show processes cpu history
    privilege exec level 3 show processes cpu
    privilege exec level 3 show processes
    privilege exec level 5 show interfaces
    privilege exec level 10 show running-config
    privilege exec all level 3 show
    privilege exec level 3 unprofile all
    privilege exec level 3 unprofile
    privilege exec level 3 debug all
    privilege exec all level 3 debug
    privilege exec level 3 upgrade
    !
    line con 0
    line aux 0
    line vty 0 4
    access-class Access_Telnet in
    privilege level 15
    logging synchronous
    transport input telnet ssh
    line vty 5 15
    access-class Access_Telnet in
    privilege level 1
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    Тяжело сравнивать два конфига от разных цисок... Сравнил, ничего криминального не увидел..
    Если подумать логически: если можно отдельно отключить VFR - должна же быть команда для включения..
    Например в asa можно просто написать ip virtual-reassembly и, если надо, указать количественные параметры... Вопрос в том: где это делается на 2801..
    Написано

  • Почему в конце установки macOS Sierra возникает ошибка?

    Shellon
    @Shellon
    Возможно что-то с образом.
    я бы предложил:
    1) Воткнуть новый SSD и включить комп/ноут
    2) Он у вас спросит загрузить ли систему, согласиться
    3) Система запросит вас ввести свой AppleID и начнется загрузка образа непосредственно на новый SSD.

    И ничего создавать/колдовать самим не надо.
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    Вот я бы подумал что эта кошка не поддерживает такую настройку, если бы не было соседней 2801 с такой же версией прошивки и включенным ip virtual-reassembly...
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    то что нет такой команды....
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    12.4 . Но, как я уже говорил, нат используется, но на интерфейсе vfr не включен.
    Вот:
    interface FastEthernet0/1
    description #WAN#$ES_LAN$
    ip address x.x.x.x 255.255.255.248
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow egress
    ip nat outside
    ip route-cache flow
    load-interval 30
    duplex auto
    speed auto
    no mop enabled
    !
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    Если кто-то не отключил специально.
    Вопрос был именно в том как включить(!) именно vfr..
    Написано

  • Как включить на Cisco 2801 VFR (фрагментированные пакеты)?

    Shellon
    @Shellon Автор вопроса
    Нат включен
    Написано