天下网吧 >> 网吧方案 >> 方案实例 >> 正文

CBAC and NAT配置举例


  [[The No.x Picture.]]
  3640 Router
  Current configuration:
  !
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname sec-3640
  !
  aaa new-model
  aaa group server tacacs+ RTP
  server 171.68.120.214
  !
  aaa authentication login default group RTP none
  aaa authorization exec default group RTP none
  aaa authorization auth-proxy default group RTP
  enable secret 5 $1$pqRI$3TDNFT9FdYT8Sd/q3S0VU1
  enable password ww
  !
  ip subnet-zero
  !
  ip inspect name myfw cuseeme timeout 3600
  ip inspect name myfw ftp timeout 3600
  ip inspect name myfw http timeout 3600
  ip inspect name myfw rcmd timeout 3600
  ip inspect name myfw realaudio timeout 3600
  ip inspect name myfw smtp timeout 3600
  ip inspect name myfw sqlnet timeout 3600
  ip inspect name myfw streamworks timeout 3600
  ip inspect name myfw tftp timeout 30
  ip inspect name myfw udp timeout 15
  ip inspect name myfw tcp timeout 3600
  ip inspect name myfw vdolive
  ip auth-proxy auth-proxy-banner
  ip auth-proxy auth-cache-time 10
  ip auth-proxy name list_a http
  ip audit notify log
  ip audit po max-events 100
  cns event-service server
  !
  interface FastEthernet0/0
  ip address 40.31.1.144 255.255.255.0
  ip access-group 116 in
  no ip directed-broadcast
  ip nat outside
  ip auth-proxy list_a
  no ip route-cache
  no ip mroute-cache
  speed auto
  half-duplex
  no mop enabled
  !
  interface FastEthernet1/0
  ip address 10.14.14.14 255.255.255.0
  no ip directed-broadcast
  ip nat inside
  ip inspect myfw in
  speed auto
  half-duplex
  no mop enabled
  !
  ! --- (interfaces deleted)
  !
  nat pool outsidepool 40.31.1.50 40.31.1.60 netmask 255.255.255.0
  ip nat inside source list 1 pool outsidepool
  ip nat inside source static 10.14.14.15 40.31.1.77
  ip classless
  ip route 0.0.0.0 0.0.0.0 40.31.1.1
  ip route 171.68.118.0 255.255.255.0 40.31.1.1
  ip route 171.68.120.0 255.255.255.0 40.31.1.1
  no ip http server
  !
  access-list 116 permit tcp host 171.68.118.143 host 40.31.1.144 eq www
  access-list 116 deny tcp host 171.68.118.143 any
  access-list 116 deny udp host 171.68.118.143 any
  access-list 116 deny icmp host 171.68.118.143 any
  access-list 116 permit icmp any any
  access-list 116 permit tcp any any
  access-list 116 permit udp any any
  dialer-list 1 protocol ip permit
  dialer-list 1 protocol ipx permit
  !
  tacacs-server host 171.68.120.214
  !
  line con 0
  transport input none
  line aux 0
  line vty 0 4
  password ww
  !
  end
  

本文来源:天下网吧 作者:网吧方案

声明
声明:本站所发表的文章、评论及图片仅代表作者本人观点,与本站立场无关。若文章侵犯了您的相关权益,请及时与我们联系,我们会及时处理,感谢您对本站的支持!联系Email:support@txwb.com,系统开号,技术支持,服务联系QQ:1175525021本站所有有注明来源为天下网吧或天下网吧论坛的原创作品,各位转载时请注明来源链接!
天下网吧·网吧天下