Подскажите пожалуйста, не знаю, как настроить nat на cisco 881
Проблема такая, удаленное оборудование стучится на внешний адрес 87.255.X.X с разных неизвестный адресов (на оборудовании прописано куда и на какой порт стучаться). Нужно, чтоб этот трафик натился на адрес 10.24.79.2
Имею такой конфиг:
no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service dhcp ! hostname euroalliance ! boot-start-marker boot system flash c800-universalk9-mz.SPA.156-3.M2.bin boot-end-marker ! ! security passwords min-length 8 logging queue-limit 100000 logging buffered 2000000 logging console critical enable secret 5 $1$CuWP$.WR7toedFRYO/VWvF/3e01 ! aaa new-model ! ! aaa authentication login default local aaa authorization console aaa authorization exec default local ! ! ! ! ! aaa session-id common clock timezone MSK 3 0 ! crypto pki trustpoint Uralsib-CA enrollment terminal pem serial-number none fqdn test.bp ip-address 10.24.79.1 subject-name CN=test.bp,O=6666666666 revocation-check none rsakeypair DMVPN_CERT ! ! crypto pki certificate chain UFA-CA certificate 52D2C434385100000CA1 certificate ca 0E2A4753984100000025 ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
! ! ! ! ip domain name test.ru ip name-server 192.168.2.X ip cef login on-failure log login on-success log no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! cts logging verbose license udi pid C881-K9 sn FCZ1979659C ! ! username test privilege 15 secret 5 $1$tW.H$uOKVSk4r4wXF7aXhm.rRv0 ! redundancy ! ! ! ! crypto ikev2 profile DMVPN_IKEV2_PROFILE match identity remote address 0.0.0.0 identity local address 10.24.79.1 authentication local rsa-sig authentication remote rsa-sig pki trustpoint Ufa-CA ! crypto ikev2 nat keepalive 10 crypto ikev2 dpd 10 3 on-demand ! no cdp run ! ! ! crypto ipsec security-association replay window-size 1024 ! crypto ipsec transform-set DMVPN_TS esp-aes 256 esp-sha256-hmac mode transport ! crypto ipsec profile DMVPN_IPSEC_PROFILE set transform-set DMVPN_TS set pfs group5 set ikev2-profile DMVPN_IKEV2_PROFILE ! ! ! ! ! ! ! ! interface Loopback1 description [Processing Network of the Partner] ip address 10.24.79.1 255.255.255.0 ! interface Tunnel1 description [DMVPN Tunnel 1] ip address 192.168.240.X 255.255.254.0 no ip redirects ip mtu 1400 ip nat outside ip nhrp authentication bislaru1 ip nhrp network-id 1 ip nhrp holdtime 600 ip nhrp nhs 192.168.240.X nbma 195.234.190.X multicast ip nhrp nhs 192.168.240.X nbma 195.234.190.X multicast ip nhrp registration no-unique ip nhrp registration timeout 10 ip virtual-reassembly in ip tcp adjust-mss 1360 if-state nhrp tunnel source FastEthernet4 tunnel mode gre multipoint tunnel key 1 tunnel protection ipsec profile DMVPN_IPSEC_PROFILE shared ! interface Tunnel2 description [DMVPN Tunnel 2] ip address 192.168.242.X 255.255.254.0 no ip redirects ip mtu 1400 ip nat outside ip nhrp authentication bislaru2 ip nhrp network-id 2 ip nhrp holdtime 600 ip nhrp nhs 192.168.242.X nbma 193.109.114.X multicast ip nhrp registration no-unique ip nhrp registration timeout 10 ip virtual-reassembly in ip tcp adjust-mss 1360 if-state nhrp tunnel source FastEthernet4 tunnel mode gre multipoint tunnel key 2 tunnel protection ipsec profile DMVPN_IPSEC_PROFILE shared ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 description [Outside Interface] ip address 87.255.X.X 255.255.X.X duplex auto speed auto ! interface Vlan1 description [Local net] ip address 192.168.1.240 255.255.252.0 ip nat inside ip virtual-reassembly in ! ! router eigrp DMVPN ! address-family ipv4 unicast autonomous-system 20872 ! topology base redistribute connected route-map PROCESSING_ONLY exit-af-topology network 192.168.240.X 0.0.1.255 network 192.168.242.X 0.0.1.255 exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source static 192.168.1.231 10.24.79.2 ip route 0.0.0.0 0.0.0.0 87.255.X.X ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh source-interface Vlan1 ip ssh version 2 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ! ip prefix-list PROCESSING_ONLY seq 5 permit 10.24.79.0/24 ipv6 ioam timestamp ! route-map PROCESSING_ONLY permit 10 match ip address prefix-list PROCESSING_ONLY ! ! ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! line con 0 exec-timeout 15 0 logging synchronous no modem enable line aux 0 line vty 0 4 exec-timeout 15 0 logging synchronous transport input ssh line vty 5 15 exec-timeout 15 0 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ntp source FastEthernet4 ntp update-calendar ntp server pool.ntp.org ! end
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 107
Вы не можете начинать темы Вы не можете отвечать на сообщения Вы не можете редактировать свои сообщения Вы не можете удалять свои сообщения Вы не можете добавлять вложения