martes, 29 de noviembre de 2011

“:::Configure a Cisco Router 857 for a ADSL Line With Point-to-Point Protocol over ATM and a Static IP Address:::”

Siguiendo con los que dije en el anterior post os dejo otro más de ideasnet


Here is the configuration of a Cisco Router 857 for a ADSL Line with Point-to-Point Protocol over ATM (PPPoA) using a Static IP Address.

ROUTER-A

interface Fa0/0
 description *** INTERNAL LINK DATA LAN ***
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
!
interface ATM0/0/0
 description *** MAIN ADSL LINE ***
 no ip address
 load-interval 30
 no atm ilmi-keepalive
 dsl operating-mode auto 
 hold-queue 224 in
!         
interface ATM0/0/0.1 point-to-point
 description *** EXTERNAL LINK DATA FOR MAIN ADSL ***
 ip address x.x.x.x 255.255.255.252
 ip access-group ACL_FIREWALL_IN in
 ip nat outside
 pvc 8/35 
 encapsulation aal5mux ppp dialer
 dialer pool-member 1
!
!
ip nat inside source route-map ACL-NAT interface ATM0/0/0.1 overload
!
ip classless
!
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
!
dialer-list 1 protocol ip permit
!
ip access-list extended ACL_FIREWALL_IN
 remark *** FIREWALL FOR INBOUND TRAFFIC ***
 remark ************************************************
 remark *** STARTUP ACL FIREWALL FOR INBOUND TRAFFIC ***
 remark ************************************************
 remark 
 remark ************************************************
 remark *** PERMIT SSH AND TELNET INBOUND TRAFFIC ***
 permit tcp any any eq 22
 remark ************************************************
 remark *** PERMIT DNS INBOUND TRAFFIC ***
 permit udp host 82.x.x.1 eq domain any
 permit udp host 82.x.x.2 eq domain any
 remark ************************************************
 remark *** PERMIT ICMP INBOUND TRAFFIC ***
 permit icmp any any echo
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 permit icmp any any administratively-prohibited
 permit icmp any any packet-too-big
 permit icmp any any traceroute
 deny   icmp any any
 remark ************************************************
 remark *** DENY ANTI-SPOOFING INBOUND TRAFFIC ***
 deny   ip host 0.0.0.0 any log
 deny   ip 127.0.0.0 0.255.255.255 any log
 deny   ip 192.0.2.0 0.0.0.255 any log
 deny   ip 224.0.0.0 31.255.255.255 any log
 deny   ip 10.0.0.0 0.255.255.255 any log
 deny   ip 172.16.0.0 0.15.255.255 any log
 deny   ip 192.168.0.0 0.0.255.255 any log
 remark ************************************************
 remark *** DENY VIRUS AND WORM INBOUND TRAFFIC ***
 deny   tcp any any eq 135
 deny   udp any any eq 135
 deny   udp any any eq netbios-ns
 deny   udp any any eq netbios-dgm
 deny   tcp any any eq 139
 deny   udp any any eq netbios-ss
 deny   tcp any any eq 445
 deny   tcp any any eq 593
 deny   tcp any any eq 2049
 deny   tcp any any range 6000 6010
 deny   udp any any eq 1433
 deny   udp any any eq 1434
 deny   udp any any eq 5554
 deny   udp any any eq 9996
 deny   udp any any eq 113
 deny   udp any any eq 3067
 remark ************************************************
 remark *** DENY UNAUTHORIZED ACCESS ***
 deny   ip any any log
 remark
 remark ********************************************
 remark *** END ACL FIREWALL FOR INBOUND TRAFFIC ***
 remark ********************************************
!
ip access-list extended ACL-NAT
 remark *** ACL FOR NAT ON ATM0/0/0 ***
 permit ip 192.168.0.0 0.0.0.255 any
!
!
route-map ACL-NAT permit 10
 description *** MAP THE OUTBOUND TRAFFIC TO ATM0/0/0 ***
 match ip address NAT
 set interface ATM0/0/0.1

Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)