FTTB+NAT+DHCP+pppoe+CBAC+vpn client+Authentication AAA

成功配置,已经调试成功的说!
hongyi#show run
Building configuration...

Current configuration : 4655 bytes
!
! Last configuration change at 04:47:29 UTC Sun Apr 25 2004 by tonyxue
! NVRAM config last updated at 04:47:50 UTC Sun Apr 25 2004 by tonyxue
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hongyi
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$nyjl$3Q7avJNhGMGg9h8S3TxL01
!
username tonyxue password 7 110B0B0C101A1F010524
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login hongyi_authen group tacacs+
aaa authentication login no_tacasc enable
aaa authentication login line_vty local
aaa authorization network hongyi_author local
aaa session-id common
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
ip dhcp excluded-address 172.16.0.1 172.16.0.220
!
ip dhcp pool hongyi
network 172.16.0.0 255.255.255.0
dns-server 202.96.209.5 202.96.209.133
default-router 172.16.0.10
lease 30
!
no ip bootp server
ip cef
ip inspect audit-trail
ip inspect name firewall cuseeme
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall ftp
ip inspect name firewall h323
ip inspect name firewall icmp
ip inspect name firewall netshow
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall rtsp
ip inspect name firewall sqlnet
ip inspect name firewall streamworks
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall vdolive
ip inspect name firewall http
ip audit po max-events 100
vpdn enable
!
vpdn-group FTTB
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group hongyi
key *********
pool hongyi_pool
!
!
crypto ipsec transform-set hongyi_set esp-3des esp-sha-hmac
!
crypto dynamic-map hongyi_dynamic_map 10
set transform-set hongyi_set
!
!
crypto map clientmap client authentication list hongyi_authen
crypto map clientmap isakmp authorization list hongyi_author
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic hongyi_dynamic_map
!
!
!
interface Ethernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0
ip address 172.16.0.10 255.255.0.0
ip access-group Local_Ruler in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
speed auto
no cdp enable
!
interface Dialer1
mtu 1492
ip address negotiated
ip access-group Outbound_Ruler in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect firewall out
encapsulation ppp
no ip mroute-cache
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username ad********* @shtel password 7 046B08133D255F7908
crypto map clientmap
!
ip local pool hongyi_pool 192.168.0.1 192.168.0.254
ip nat inside source route-map nat_map interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
!
ip access-list extended Local_Ruler
deny 53 any any log
deny 55 any any log
deny pim any any log
deny tcp any any eq echo log
deny tcp any any eq chargen log
deny tcp any any eq 135 log
deny tcp any any eq 136 log
deny tcp any any eq 137 log
deny tcp any any eq 138 log
deny tcp any any eq 139 log
deny tcp any any eq 445 log
deny tcp any any eq 4444 log
deny udp any any eq tftp log
deny udp any any eq 135 log
deny udp any any eq 136 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny udp any any eq netbios-ss log
deny udp any any eq snmp log
deny udp any any eq 445 log
permit ip any any
ip access-list extended Outbound_Ruler
permit udp any any eq isakmp log
permit esp any any log
permit udp any any eq non500-isakmp log
permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255 log
deny ip any any log
logging source-interface FastEthernet0
logging 172.16.0.100
access-list 1 deny any
access-list 101 deny ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 172.16.0.0 0.0.255.255 any
no cdp run
!
route-map nat_map permit 10
match ip address 101
!
tacacs-server host 172.16.0.100 key 7 0459190F082958430817
tacacs-server directed-request
!
line con 0
logging synchronous
login authentication line_vty
line aux 0
logging synchronous
line vty 0 4
logging synchronous
login authentication line_vty
!
!
end 文章录入:aaadxmmm    责任编辑:aaadxmmm

(0)

相关推荐

  • FTTB+NAT+DHCP+pppoe+CBAC+vpn client+Authentication AAA

    成功配置,已经调试成功的说!hongyi#show runBuilding configuration... Current configuration : 4655 bytes!! Last configuration change at 04:47:29 UTC Sun Apr 25 2004 by tonyxue! NVRAM config last updated at 04:47:50 UTC Sun Apr 25 2004 by tonyxue!version 12.3service

  • VPN实验小结

    网络上关于vpn的原理的文章很多,这里就不再罗嗦了. 下面是我最近做vpn实验的小结: (一)vpn access server的配置 实验网络拓扑: pc(vpn client 4.01)---switch---router1720 (vpn access server) pc配置: ip:10.130.23.242/28 1720接口ip: f0:10.130.23.246/28 lo0:172.16.1.1/24 1720的ios为c1700-k93sy7-mz.122-8.T5.bin

  • windows 2008 VPN(PPTP/L2TP)搭建教程

    windows 2008 VPN(PPTP/L2TP)搭建教程

    PPTP和L2TP只差一步配置,现在苹果已经不支持PPTP,所以只能使用L2TP连接.废话不多说,下面开始搭建: 1.PPTP VPN 配置 新安装好的OS,进入系统,首先添加角色 勾选添加网络策略和访问服务 如图勾选需要的角色服务 安装完成后,依次点击开始-管理工具-路由与远程访问工具 如图在服务器上右键,选择"配置并启动路由和远程访问服务" 因为是单网卡机器,所以选择自定义配置 选择VPN访问和NAT. 向导安装完成之后,配置添加VPN连接客户机所用的地址池. 此处也可以配置dhc

  • spring boot整合CAS Client实现单点登陆验证的示例

    本文介绍了spring boot整合CAS Client实现单点登陆验证的示例,分享给大家,也给自己留个笔记,具体如下: 单点登录( Single Sign-On , 简称 SSO )是目前比较流行的服务于企业业务整合的解决方案之一, SSO 使得在多个应用系统中,用户只需要 登录一次 就可以访问所有相互信任的应用系统. CAS Client 负责处理对客户端受保护资源的访问请求,需要对请求方进行身份认证时,重定向到 CAS Server 进行认证.(原则上,客户端应用不再接受任何的用户名密码等

  • 网络常见故障问答

    网络常见故障问答(一) 1 局域网通过DDN互联,可以不用路由器吗? 实际上,是可以的,但是你不可能使用微机自己的COM口,串口是跑异步通信的,你使用DDN/DTU用的是同步信号,所以不行,需要单独购买接口卡(支持DDN)的,IP协议的,并且需要管理软件. DDN线路可以是同步的,我都申请过N次了:DTU的A/B口也是同步/异步可选的,这由网管来设. 做的广域网当中,就有利用异步DDN线路通过DTU接到计算机串口上(一般来 ,计算机串口最大支持115.2K的异步速率),再通过NT的NULL MO

  • 网吧路由器产品推荐

    网吧路由器产品推荐

    产品推荐 TP-LINK TL-R490E 参考价格:2380元网络接口:1个WAN口+4个LAN口(10/100Mbps自适应) TP-LINK TL-R490E采用Intel IXP网络处理器,最大包转发率可以达到40Kpps,网吧带机量可以达到450-750台.支持xDSL/以太网/Cable Modem接入方式,支持DHCP服务器.在安全性方面,内置防火墙.域名过滤.MAC地址过滤.防DoS攻击等功能.可以指定上网权限,支持Web管理,全中文配置界面. 点评:高数据吞吐量.包处理能力以及

  • Cisco-Pix515e-r-IKE配置示例

    下面是具体配置: PIX Version 6.3(1) // os 我用的 6.3 版本的,这个版本支持 IPSec VPN with NAT interface ethernet0 auto interface ethernet1 auto ameif ethernet0 outside security0 ameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted asswd 2KFQnbNIdI

  • JSP安全性初探

    综述:有几种办法可以暴露JSP代码,不过经过大量测试,这和WEB SERVER的配置有绝对的关系,就拿IBM Websphere Commerce Suite而言,还有别的方法看到JSP源代码,但相信是IBM HTTP SERVER的配置造成的. 如果想发现JSP暴露源代码的BUG的话,首先需要了解JSP的工作原理. JSP和其它的PHP.ASP工作机制不一样,虽然它也是一种web编程语言.首次调用JSP文件其实是执行一个编译为Servlet的过程.注意我们就要在这上边做文章,明白吗?我们要干的

  • sqlserver2005 master与msdb数据库备份恢复过程

    由于系统数据库对Sql Server来说尤其重要,为了确保SQL SERVER系统的正常运行,除了日常备份用户的数据库之外,我们还需要备份系统数据库,如对Master,Model,Msdb(TempDB不需备份)进行完整备份 1.还原Master数据库 如果系统配置丢失或Master出现问题,可以进入单用户模式进行还原:如果出现下列情况,必须重新生成损坏的 master 数据库:A. master 数据库的当前备份不可用.B. 存在 master 数据库备份,但由于 Microsoft SQL

  • 基于spring boot 的配置参考大全(推荐)

    如下所示: # =================================================================== # COMMON SPRING BOOT PROPERTIES # # This sample file is provided as a guideline. Do NOT copy it in its # entirety to your own application. ^^^ # =============================

随机推荐