>[оверквотинг удален]
>>и 110 пробую все)
>>
>>на интерфейсах ip nat outside и ip nat intside проставленны
>>правильно.
>>Кто сталкивался с таким или знает решение подскажите.
>>Спасибо.
>
>Кажется я понял в чём было дело на шлюзе эти порты я
>тоже натом пробрасывал могу понять так что nat на шлюзе +
>nat на циске не работают вместе Конфиг сильно порезан acl листы и приведён без попытки настроить nat если чегото не хратает пишите. Это конфиг основной циски с ней таже проблемма. Да и вот в чём особенность если указать в статической марш. шлюзом прокси всё начинает работать.
Current configuration : 20518 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname vecomoffice
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$g4vd$ULS1CA0WHwwlqsrrfOmga0
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network groupauthor local
!
aaa session-id common
clock timezone PCTime 3
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.9
!
ip dhcp pool ve_local
import all
network 192.168.0.0 255.255.255.0
domain-name ve.pn
dns-server 192.168.0.6 192.168.0.7
default-router 192.168.0.1
lease 10
!
!
no ip bootp server
ip domain name ve.pn
ip name-server 192.168.0.1
ip name-server 192.168.0.7
ip name-server 91.144.150.1
ip port-map http port tcp 8182
ip ips sdf location flash://128MB.sdf
ip ips notify SDEE
ip ddns update method sdm_ddns1
DDNS both
!
vpdn enable
vpdn search-order dnis
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
interface Tunnel0
bandwidth 1000
ip address 192.168.4.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1
ip nhrp authentication DMVPN_NW
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
delay 1000
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile SDM_Profile4
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$$ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no snmp trap link-status
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$$ETH-LAN$
ip address 172.20.0.14 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
switchport access vlan 2
shutdown
!
interface FastEthernet0/0/2
switchport access vlan 3
shutdown
!
interface FastEthernet0/0/3
switchport access vlan 4
shutdown
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip mtu 1416
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1370
peer default ip address pool SDM_POOL_1
no keepalive
ppp encrypt mppe auto
ppp authentication chap
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1360
no snmp trap link-status
!
interface Vlan2
description $FW_INSIDE$
no ip address
ip mask-reply
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Vlan3
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Vlan4
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
mtu 1458
ip ddns update sdm_ddns1
ip address 91.XXXX 255.XXXXX
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1360
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname v1003435
ppp chap password 7 140E005E5B07272926
crypto map SDM_CMAP_1
!
router eigrp 1
network 91.XXXXX 0.0.0.15
network 91.XXXXX 0.0.0.15
network 91.XXXXX 0.0.0.15
network 91.XXXX 0.0.0.15
network 172.20.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.4.0
network 192.168.5.0
network 192.168.6.0
network 192.168.7.0
network 192.168.8.0
network 192.168.9.0
network 192.168.10.0
network 192.168.11.0
no auto-summary
!
ip local pool SDM_POOL_1 192.168.10.2 192.168.10.102
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
!
ip http server
ip http port 8182
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat pool local_ve 192.168.0.1 192.168.0.10 netmask 255.255.255.0
ip nat pool proxy 192.168.0.3 192.168.0.3 netmask 255.255.255.0
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source route-map SDM_RMAP_11 interface Dialer0 overload
!
ip access-list extended ACL_IPSEC
remark SDM_ACL Category=16
remark SDM_ACL Category=16
!
logging trap debugging
access-list 150 remark SDM_ACL Category=3
access-list 150 remark IPSec Rule
access-list 150 deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 150 remark IPSec Rule
access-list 150 deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 150 remark IPSec Rule
access-list 150 deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 150 remark IPSec Rule
access-list 150 deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 150 remark IPSec Rule
access-list 150 deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 150 remark IPSec Rule
access-list 150 remark IPSec Rule
access-list 150 remark IPSec Rule
access-list 150 remark IPSec Rule
access-list 150 permit tcp 192.168.0.0 0.0.0.255 eq pop3 any eq pop3
access-list 150 permit tcp 192.168.0.0 0.0.0.255 eq smtp any eq smtp
access-list 151 remark SDM_ACL Category=3
access-list 151 remark IPSec Rule
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 151 remark IPSec Rule
access-list 151 permit ip 192.168.0.0 0.0.0.255 any
access-list 152 remark SDM_ACL Category=3
access-list 152 remark IPSec Rule
access-list 152 deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 152 remark IPSec Rule
access-list 152 deny ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 152 remark IPSec Rule
access-list 152 deny ip 192.168.0.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 152 remark IPSec Rule
access-list 152 deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 152 remark IPSec Rule
access-list 152 deny ip 192.168.0.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 152 permit ip 192.168.0.0 0.0.0.255 any
access-list 153 remark SDM_ACL Category=1
access-list 153 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
route-map SDM_RMAP_15 permit 1
match ip address 151
!
route-map SDM_RMAP_26 permit 1
match ip address 150
!
!
control-plane
!
!
banner login ^CCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
password XXXXX
transport input none
line vty 5 14
transport input none
line vty 15
transport input telnet
!
scheduler allocate 4000 1000
end