hisooka_dos
25-01-2010, 20:18
أنا عملت show run للروتر كالتالي :
Building configuration...
Current configuration : 2283 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C871-SiteB
!
crypto isakmp policy 90
encr 3des
authentication pre-share
group 2
crypto isakmp key Client-Site address ip_pub_siteA
!
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set client-transf esp-3des esp-sha-hmac
!
crypto map client-map 90 ipsec-isakmp
set peer ip_pub_siteA
set transform-set client-transf
match address 101
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
ip mtu 1492
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map client-map
!
interface Vlan1
ip address 10.152.33.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 10.152.33.254 23 interface FastEthernet4 23
ip nat inside source route-map nonat interface FastEthernet4 overload
!
access-list 101 permit ip 10.152.33.0 0.0.0.255 10.152.32.0 0.0.0.255
access-list 105 deny ip 10.152.33.0 0.0.0.255 10.152.32.0 0.0.0.255
access-list 105 permit ip 10.152.33.0 0.0.0.255 any
!
route-map nonat permit 90
match ip address 105
أريد فقط تفسير ما يلي :
* ليه عمل الأمر ip nat inside على vlan و ليس على انترفيس fastethernet
* ما دور الأمر:
route-map nonat permit 90
match ip address 105
و جزاكم الله خيرا
Building configuration...
Current configuration : 2283 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C871-SiteB
!
crypto isakmp policy 90
encr 3des
authentication pre-share
group 2
crypto isakmp key Client-Site address ip_pub_siteA
!
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set client-transf esp-3des esp-sha-hmac
!
crypto map client-map 90 ipsec-isakmp
set peer ip_pub_siteA
set transform-set client-transf
match address 101
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
ip mtu 1492
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map client-map
!
interface Vlan1
ip address 10.152.33.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 10.152.33.254 23 interface FastEthernet4 23
ip nat inside source route-map nonat interface FastEthernet4 overload
!
access-list 101 permit ip 10.152.33.0 0.0.0.255 10.152.32.0 0.0.0.255
access-list 105 deny ip 10.152.33.0 0.0.0.255 10.152.32.0 0.0.0.255
access-list 105 permit ip 10.152.33.0 0.0.0.255 any
!
route-map nonat permit 90
match ip address 105
أريد فقط تفسير ما يلي :
* ليه عمل الأمر ip nat inside على vlan و ليس على انترفيس fastethernet
* ما دور الأمر:
route-map nonat permit 90
match ip address 105
و جزاكم الله خيرا