CONFIG C877 IP SLA DYNDNS ALTERNATIVO

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
Avatar utente
alessandrop77
n00b
Messaggi: 7
Iscritto il: mer 03 ott , 2012 12:23 pm
Località: Roma

Ciao ragazzi non so se può essere utile, a me ha risolto un problemone, da qualche mese Dyndns.com sta chiudendo gli account Free, però ho trovato un'alternativa valida per la questione ip pubblico dinamico. Ovvero mi sono registrato a questo link http://freedns.afraid.org/ e tramite questa procedura http://www.blindhog.net/cisco-routers-and-dynamic-dns/ avrete risolto.

Io intanto vi posto la conf come l'ho realizzata, voi cambiate i parametri in *******.
Da considerare che ho una linea adsl alice ed ho dei servizi quali VPN.

Ciao a tutti spero di essere stato utile.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service password-recovery
!
hostname ******** (usate quello che volete)
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-24.T8.bin (io ho usata questa IOS)
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
aaa authorization network (gruppo vpn) local
!
!
aaa session-id common
memory-size iomem 15
clock timezone Italy 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address **.**.**.** **.**.**.** (range ip da escludere)

!
ip dhcp pool *****
import all
network **.**.**.** 255.255.255.0
default-router **.**.**.**
domain-name DHCP-HOME
dns-server **.**.**.** **.**.**.**
lease infinite
!
!
ip cef
no ip bootp server
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username ******** privilege 15 secret **********
username ******** password ********* (utente 1 vpn)
username ******** password ********* (utente 2 vpn)
!
crypto logging session
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group (gruppo vpn)
key ***************** (usate una chiame di sicurezza lunga)
pool VPN-POOL
acl 158
include-local-lan
max-users 10
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map ****** 10
set security-association idle-time 3600
set transform-set myset
reverse-route
!
!
crypto map clientmap local-address Dialer1
crypto map clientmap client authentication list ****** (gruppo vpn)
crypto map clientmap isakmp authorization list ***** (gruppo vpn)
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic *****(quella della stringa crypto dynamic-map *****)
!
archive
log config
hidekeys
!
!
ip tftp source-interface Vlan20
!
!
ip domain-lookup
!
interface ATM0
description "ADSL WAN"
no ip address
no atm ilmi-keepalive
dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
no ip unreachables
no ip proxy-arp
ip flow ingress
ip virtual-reassembly
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
description "VLAN 20 DATI"
switchport access vlan 20
load-interval 30
speed 100
!
interface FastEthernet1
description "VLAN 20 DATI"
switchport access vlan 20
load-interval 30
speed 100
!
interface FastEthernet2
description "VLAN 20 DATI"
switchport access vlan 20
load-interval 30
speed 100
!
interface FastEthernet3
description "VLAN 20 DATI"
switchport access vlan 20
load-interval 30
speed 100
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
description "VLAN 20 DATI"
ip address **.**.**.** 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
load-interval 30
no autostate
crypto map clientmap
!
interface Dialer1
description "WAN ADSL"
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip access-group 101 in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap hostname *****************
ppp chap password *****************
ppp chap refuse
ppp pap sent-username *************** password *****************
ppp ipcp dns request
ppp ipcp wins request
crypto map clientmap
!
ip local pool VPN-POOL **.**.**.** **.**.**.** (immeter il pool degli indirizzi per la vpn)
ip forward-protocol nd
ip forward-protocol turbo-flood
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route *lan vpn* 255.255.255.240 Dialer1
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat translation timeout 420
ip nat translation tcp-timeout 150
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat inside source list 100 interface Dialer1 overload
!
ip sla 1
http get http://freedns.afraid.org/dynamic/update.php?**seguire la procedura dal link**
ip sla schedule 1 life forever start-time now
logging trap errors
logging facility local5
access-list 100 remark ***************************************************
access-list 100 remark ************ ACL-PORTE-TCP-UDP-DDNS-WAN ***********
access-list 100 deny ip *lan interna* 0.0.0.255 *lan vpn* 0.0.0.15
access-list 100 permit ip *lan interna* 0.0.0.255 any
access-list 100 permit tcp any any
access-list 100 permit udp any any
access-list 100 permit ip any any
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 100 deny ip any any
access-list 101 remark ***************************************************
access-list 101 remark ************ ACL-PORTE-TCP-UDP-DDNS-WAN ***********
access-list 101 permit tcp host 204.140.20.21 eq www any log
access-list 101 permit udp host *DNS DEL GESTORE* eq domain any
access-list 101 permit udp host *DNS DEL GESTORE* eq domain any
access-list 101 permit gre any any
access-list 101 permit tcp any eq www any
access-list 101 deny udp any any eq 135 log
access-list 101 deny tcp any any eq 135 log
access-list 101 deny udp any any eq netbios-dgm log
access-list 101 deny tcp any any eq 445 log
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp host 207.46.232.42 eq ntp any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 158 remark ***********************************************************
access-list 158 remark ********** ACL PER SPLIT-TUNNEL DA VPN-CLIENT *************
access-list 158 permit ip *lan interna* 0.0.0.255 *lan vpn* 0.0.0.15
!
!
!
!
!
control-plane


banner login ^CC



********************************************************
QUELLO CHE VOLETE
********************************************************




!
line con 0
privilege level 15
logging synchronous
no modem enable
line aux 0
exec-timeout 5 0
modem DTR-active
transport input all
line vty 0 4
access-class 100 in
privilege level 15
logging synchronous
transport preferred none
transport input telnet
!
scheduler max-task-time 5000
scheduler allocate 20000 1000

end

Ahh scusate se ci sono degli errori sulla conf, ma non sono certificato Cisco, mi piace solo giocarci un po.
Top
Rispondi

Torna a “Configurazioni”