Buongiorno. Ho un problema di questo tipo da un mio cliente.
Ha 2 linee telecom, una mpls che lo collega alla sede principale il cui router ha ip 192.168.1.1 e una che gli da internet il cui router ha ip 192.168.1.254. Sui pc ha come default gw quello mpls (che avrà dunque la route 0.0.0.0 verso l'altro)
Ha attivato con altro operatore una nuova linea per internet piu performante e gli ho installato un 877 andandomi a sostituire al router internet di telecom che ho spento. In pratica ho spento il 192.168.1.254 e ci ho messo il mio con ip 192.168.1.254.
Succede ora che fa fatica ad aprire i siti, ma in modo strano. Ad esempio se apre libero (pesantissimo) magari lo apre, poi fai refresh e non lo apre piu, poi fai refresh e ti apre solo la barra in alto...
Abbiamo già verificato DNS, MTU e cose varie ed è ok. Se al pc metto come def.gw. il mio router invece di quello mpls naviga a perfezione. Abbiamo anche aperto i router telecom in recovery e guardato la configurazione, ma nulla di particolare. Se rimetto il router telecom, la linea riprende ad andare lenta lenta ma va.
Può esserci qualcosa che mette in relazione i due router telecom e andandone a togliere/sostituire uno metta in crisi la funzionalità ? Cosa potrei guardare ? Ho le conf telecom, se qualcuno ha voglia di darmi un aiuto, non ho probelmi a postarle coprendo i dati sensibili !
Grazie
INTERNET E MPLS, PROBLEMA
Moderatore: Federico.Lagni
- davide0522
- Cisco fan
- Messaggi: 47
- Iscritto il: mer 31 mar , 2010 4:22 pm
Ciao e grazie dell'interessamento
Questa è la linea MPLS che è rimsta intoccata e che è il default gateway dei pc
NOTA BENE: ho oscurato password e ip, ma posso assicurarvi che gli IP pubblici richiamati all'interno della conf MPLS non appaiono all'interno della conf ALICE INTERNET, nè viceversa (per dire che a livello IP non vedo alcun "legame" tra i due)
Quella che segue è la configurazione della linea telecom la quale viene usata per la navigazione internet e che ho poi "spento" per sostituirla con il mio router. NB sulla vlan ha sia un pubblico che un privato. Il pubblico mi pare serva solo per i nat, mentre a livello lan usano il privato (non ci sono firewall in questa azienda)
Infine questa è la mia configurazione che si sostituisce a quella qui sopra, qui abbiamo un solo ip pubblico sulla dialer che usiamo per i nat e invece la vlan riporta ovviamente lo stesso ip privato di quello sopra che ho appunto sostituito
Il problema persiste.
Faccio presente una cosa: il problema l'ho avuto dallo stesso cliente in altra sede.
La risoluzione l'ho ottenuta inserendo un firewall (basato su linux) tra la rete e il mio router.
Ovvero: mi ero sostituito con il mio 877 alla adsl telecom, e avevo analogo problema (problemi in apertura siti)
Allora ho rimosso l'877 al suo posto ci ho messo un firewall, la cui wan l'ho collegata all'877, naturalmente con le dovute riconfigurazioni ip.
A quel punto tutto ha preso a funzionare bene. Ma sinceramente non so spiegarmi il perchè-.......
Ho pensato anche di fare uguale in questa altra sede, impiantando un firewall, ma vorrei capire il perchè di tutto ciò....
Vi ringrazio in anticipo se sparete darmi qualche lume.....
Questa è la linea MPLS che è rimsta intoccata e che è il default gateway dei pc
NOTA BENE: ho oscurato password e ip, ma posso assicurarvi che gli IP pubblici richiamati all'interno della conf MPLS non appaiono all'interno della conf ALICE INTERNET, nè viceversa (per dire che a livello IP non vedo alcun "legame" tra i due)
Codice: Seleziona tutto
LINEA MPLS - Nessuna modifica su queste. E' il default gateway della rete (192.168.4.254)
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname ARJ-MPLS
!
boot-start-marker
boot-end-marker
!
logging buffered 8448
!
aaa new-model
!
!
aaa authentication password-prompt Password_Recovery:
aaa authentication username-prompt Username_Recovery:
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local none
aaa authorization commands 15 default local group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
aaa session-id common
clock timezone METDST 1
clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 2:00
dot11 syslog
no ip source-route
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name telecomitalia.it
ip name-server 151.99.125.2
multilink bundle-name authenticated
isdn switch-type basic-net3
!
!
!
!
username xxx password 7 xxx
username xxx privilege 15 password 7 xxx
username xxx privilege 15 password 7 xxx
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface Loopback0
description LOOPBACK MANAGEMENT SERVIZI PLUS BOLOGNA
ip address 172.22.6.19 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.4.254 255.255.255.0
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
description MPLS ADSL TGU : xxxx
no ip address
load-interval 30
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description MPLS ADSL TGU : xxx
mtu 1500
ip address xx.xx.xx.xx 255.255.255.252
pvc 8/35
vbr-nrt 608 608 1
oam-pvc manage 15
oam retry 5 5 1
encapsulation aal5snap
!
!
interface BRI0/1/0
description ISDN n.ro xxx
no ip address
encapsulation ppp
no ip route-cache cef
no ip route-cache
shutdown
dialer pool-member 1
isdn switch-type basic-net3
isdn point-to-point-setup
fair-queue
no cdp enable
ppp authentication chap
ppp multilink
!
interface Dialer1
bandwidth 64
ip address 10.10.10.3 255.255.255.248
encapsulation ppp
no ip route-cache cef
no ip route-cache
load-interval 30
dialer pool 1
dialer remote-name xxx
dialer string xxx
dialer load-threshold 100 inbound
dialer-group 1
fair-queue
ppp authentication chap
ppp chap hostname t-xxx
ppp chap password 7 xxx
ppp multilink
!
router eigrp 65201
redistribute static metric 10000 10 255 1 1500 route-map STATICHE
passive-interface default
no passive-interface Dialer1
network 10.10.10.0 0.0.0.7
network 172.22.6.19 0.0.0.0
network 192.168.4.0
no auto-summary
!
router bgp 65201
no synchronization
bgp log-neighbor-changes
network xx.xx.xx.xx mask 255.255.255.252
network 172.22.6.19 mask 255.255.255.255
network 192.168.4.0
redistribute static route-map STATICHE
neighbor EXTERNAL peer-group
neighbor EXTERNAL remote-as 3269
neighbor EXTERNAL version 4
neighbor EXTERNAL timers 60 180
neighbor EXTERNAL advertisement-interval 5
neighbor xx.xx.xx.xx peer-group EXTERNAL
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.4.1
ip route 192.168.0.0 255.255.248.0 Dialer1 240
ip route 192.168.40.0 255.255.255.0 192.168.4.188 tag 1000
!
!
no ip http server
no ip http secure-server
ip tacacs source-interface Loopback0
!
access-list 78 permit yy.yy.yy.yy 0.0.0.15
access-list 78 deny any
access-list 79 permit yy.yy.yy.yy 0.0.0.15
access-list 79 deny any
access-list 101 deny eigrp any any
access-list 101 deny udp any any eq snmp
access-list 101 deny udp any any eq snmptrap
access-list 101 deny tcp any any range 135 139
access-list 101 deny udp any any range 135 netbios-ss
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
snmp-server community public RO 78
snmp-server community private RW 79
snmp-server ifindex persist
snmp-server trap-source Loopback0
snmp-server packetsize 4096
snmp-server trap-timeout 120
snmp-server queue-length 30
snmp-server system-shutdown
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps envmon
snmp-server enable traps bgp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server host yy.yy.yy.yy undefined
route-map STATICHE permit 10
match tag 1000
!
!
!
tacacs-server host yy.yy.yy.yy
tacacs-server timeout 1
tacacs-server key 7 xxx
!
control-plane
!
!
banner motd ^C
.-------------------------------------------------------------.
/ .-. .-. \
| / \ TELECOM ITALIA S.P.A. / \ |
| |\._./| |\._./| |
|\| /| RETE MPLS - xxxxxxxxxxxxxxxxxxxxxxx |\ |/|
| `---' | | `---' |
| | SERVIZI PLUS NE BOLOGNA | |
| | | |
| | xxxxxxxxxxxxxxxx | |
| | V.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | |
| | CISCO 1841 + BRI ISDN | |
| | | |
| | | |
| | | |
| | >> OGNI ACCESSO NON AUTORIZZATO E' VIETATO << | |
| | >> UNAUTHORIZED ACCESS IS DENIED << | |
| | | |
| |-------------------------------------------------| |
\ | | /
\ / \ /
`---' `---'
^C
!
line con 0
line aux 0
line vty 0 4
password 7 xxx
transport input all
!
scheduler allocate 20000 1000
ntp clock-period 17178673
ntp source Loopback0
ntp server yy.yy.yy.yy
end
Quella che segue è la configurazione della linea telecom la quale viene usata per la navigazione internet e che ho poi "spento" per sostituirla con il mio router. NB sulla vlan ha sia un pubblico che un privato. Il pubblico mi pare serva solo per i nat, mentre a livello lan usano il privato (non ci sono firewall in questa azienda)
Codice: Seleziona tutto
INTERNET TELECOM -- DISMESSA
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname ARJ-INTERNET
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5 xxx
!
aaa new-model
!
!
aaa authentication password-prompt Password_Recovery:
aaa authentication username-prompt Username_Recovery:
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local none
aaa authorization commands 15 default local group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
aaa session-id common
clock timezone ITALY 1
clock summer-time ITALY recurring last Sun Mar 2:00 last Sun Oct 2:00
!
!
dot11 syslog
no ip source-route
ip cef
!
!
ip domain name telecomitalia.it
ip name-server 151.99.125.2
!
!
!
username xxx password 7 xxx
username xxx privilege 15 password 7 xxx
username xxx privilege 15 password 7 xxx
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface ATM0
no ip address
logging event atm pvc state
logging event subif-link-status
load-interval 30
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description INTERBUSINESS TGU xxx
mtu 1500
ip address xx.xx.xx.xx 255.255.255.252
ip nat outside
ip virtual-reassembly
snmp trap link-status
pvc 8/35
vbr-nrt 640 640 1
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
!
interface FastEthernet0
logging event subif-link-status
load-interval 30
!
interface FastEthernet1
logging event subif-link-status
load-interval 30
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.4.1 255.255.255.0 secondary
ip address xx.xx.xx.xx 255.255.255.248
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
no ip http server
no ip http secure-server
ip nat pool net-ibs xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.248
ip nat inside source list 1 pool net-ibs overload
ip nat inside source static udp 192.168.4.50 1105 interface Vlan1 1105
ip nat inside source static udp 192.168.4.51 6000 interface Vlan1 6000
ip nat inside source static tcp 192.168.4.51 6000 interface Vlan1 6000
ip nat inside source static udp 192.168.4.51 6001 interface Vlan1 6001
ip nat inside source static tcp 192.168.4.51 6001 interface Vlan1 6001
ip nat inside source static udp 192.168.4.51 13777 interface Vlan1 13777
ip nat inside source static tcp 192.168.4.51 13777 interface Vlan1 13777
ip nat inside source static udp 192.168.4.52 8000 interface Vlan1 8000
ip nat inside source static tcp 192.168.4.52 8000 interface Vlan1 8000
ip nat inside source static udp 192.168.4.58 8036 interface Vlan1 8036
ip nat inside source static tcp 192.168.4.58 8036 interface Vlan1 8036
ip nat inside source static udp 192.168.4.53 8002 interface Vlan1 8002
ip nat inside source static tcp 192.168.4.53 8002 interface Vlan1 8002
ip nat inside source static udp 192.168.4.53 8038 interface Vlan1 8038
ip nat inside source static tcp 192.168.4.53 8038 interface Vlan1 8038
ip nat inside source static tcp 192.168.4.54 8030 interface Vlan1 8030
ip nat inside source static udp 192.168.4.54 8030 interface Vlan1 8030
ip nat inside source static tcp 192.168.4.55 8032 interface Vlan1 8032
ip nat inside source static udp 192.168.4.55 8032 interface Vlan1 8032
ip nat inside source static tcp 192.168.4.56 8034 interface Vlan1 8034
ip nat inside source static udp 192.168.4.56 8034 interface Vlan1 8034
ip nat inside source static tcp 192.168.4.57 8004 interface Vlan1 8004
ip nat inside source static udp 192.168.4.57 8004 interface Vlan1 8004
ip nat inside source static tcp 192.168.4.57 8040 interface Vlan1 8040
ip nat inside source static udp 192.168.4.57 8040 interface Vlan1 8040
ip nat inside source static tcp 192.168.4.50 1105 interface Vlan1 1105
ip nat inside source static udp 192.168.4.52 81 interface Vlan1 81
ip nat inside source static tcp 192.168.4.52 81 interface Vlan1 81
ip nat inside source static udp 192.168.4.52 6036 interface Vlan1 6036
ip nat inside source static tcp 192.168.4.52 6036 interface Vlan1 6036
ip nat inside source static udp 192.168.4.53 82 interface Vlan1 82
ip nat inside source static tcp 192.168.4.53 82 interface Vlan1 82
ip nat inside source static udp 192.168.4.53 6035 interface Vlan1 6035
ip nat inside source static tcp 192.168.4.53 6035 interface Vlan1 6035
ip nat inside source static udp 192.168.4.57 83 interface Vlan1 83
ip nat inside source static tcp 192.168.4.57 83 interface Vlan1 83
ip nat inside source static udp 192.168.4.57 6037 interface Vlan1 6037
ip nat inside source static tcp 192.168.4.57 6037 interface Vlan1 6037
!
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 30 remark permette accesso dal PE
access-list 30 permit xx.xx.xx.xx
access-list 30 remark permette accesso FS
access-list 30 permit xx.xx.xx.xx 0.0.0.255
access-list 30 permit xx.xx.xx.xx 0.0.0.255
access-list 30 remark permette accesso TELNET DA CDG
access-list 30 permit xx.xx.xx.xx 0.0.0.255
access-list 30 deny any
access-list 30 permit xx.xx.xx.xx 0.0.0.63
access-list 33 permit xx.xx.xx.xx
access-list 33 permit xx.xx.xx.xx
access-list 34 permit xx.xx.xx.xx
access-list 34 permit xx.xx.xx.xx
access-list 102 deny ip xx.xx.xx.xx 0.0.0.7 any
access-list 102 permit tcp any xx.xx.xx.xx 0.0.0.7 established
access-list 102 permit ip any xx.xx.xx.xx 0.0.0.7
snmp-server packetsize 4096
snmp-server trap-timeout 120
snmp-server system-shutdown
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps isdn layer2
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps atm pvc
snmp-server enable traps atm subif
snmp-server host xx.xx.xx.xx public
!
!
tacacs-server host xx.xx.xx.xx
tacacs-server key 7 xxx
!
control-plane
!
banner motd ^CCC
.-------------------------------------------------------------.
/ .-. .-. \
| / \ TELECOM ITALIA S.P.A. / \ |
| |\._./| |\._./| |
|\| /| ACCESSO IBS - xxxxxxxxxxxxxxxxxxx |\ | |/|
| `---' | | `---' |
| | ARJ-INTERNET | |
| | VIA xxxxxxxxxxxxxxxxxxxxxxxxxxxx | |
| | xxxxxxxxxxxxxxxx | |
| | ROUTER CISCO 877 | |
| | | |
| | | |
| | | |
| | | |
| | ! OGNI ACCESSO NON AUTORIZZATO E' VIETATO ! | |
| | ! UNAUTHORIZED ACCESS IS DENIED ! | |
| | | |
| |-------------------------------------------------| |
\ | | /
\ / \ /
`---' `---'
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 30 in
transport input all
!
scheduler max-task-time 5000
ntp clock-period 17183594
ntp source ATM0.1
ntp server xx.xx.xx.xx
end
Infine questa è la mia configurazione che si sostituisce a quella qui sopra, qui abbiamo un solo ip pubblico sulla dialer che usiamo per i nat e invece la vlan riporta ovviamente lo stesso ip privato di quello sopra che ho appunto sostituito
Codice: Seleziona tutto
INTERNET NUOVA LINEA -- Sostituisce internet telecom
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SIENA
!
boot-start-marker
boot-end-marker
!
logging buffered 50000 debugging
enable secret 5 xxx
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
ip name-server xx.xx.xx.xx
ip name-server 192.168.1.10
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
username trenove password 7 xxx
!
!
!
!
!
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
max-reserved-bandwidth 100
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip inspect myfw in
ip virtual-reassembly
no autostate
hold-queue 100 out
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
no ppp chap wait
ppp pap sent-username xxx password 7 xxx
no ppp pap wait
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 192.168.4.254
ip route 192.168.2.0 255.255.255.0 192.168.4.254
ip route 192.168.3.0 255.255.255.0 192.168.4.254
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source static tcp 192.168.4.1 23 Dialer1 23 extendable
ip nat inside source static tcp 192.168.4.52 81 Dialer1 81 extendable
ip nat inside source static udp 192.168.4.52 81 Dialer1 81 extendable
ip nat inside source static tcp 192.168.4.53 82 Dialer1 82 extendable
ip nat inside source static udp 192.168.4.53 82 Dialer1 82 extendable
ip nat inside source static tcp 192.168.4.57 83 Dialer1 83 extendable
ip nat inside source static udp 192.168.4.57 83 Dialer1 83 extendable
ip nat inside source static tcp 192.168.4.50 1105 Dialer1 1105 extendable
ip nat inside source static udp 192.168.4.50 1105 Dialer1 1105 extendable
ip nat inside source static tcp 192.168.4.51 6000 Dialer1 6000 extendable
ip nat inside source static udp 192.168.4.51 6000 Dialer1 6000 extendable
ip nat inside source static tcp 192.168.4.51 6001 Dialer1 6001 extendable
ip nat inside source static udp 192.168.4.51 6001 Dialer1 6001 extendable
ip nat inside source static tcp 192.168.4.53 6035 Dialer1 6035 extendable
ip nat inside source static udp 192.168.4.53 6035 Dialer1 6035 extendable
ip nat inside source static tcp 192.168.4.52 6036 Dialer1 6036 extendable
ip nat inside source static udp 192.168.4.52 6036 Dialer1 6036 extendable
ip nat inside source static tcp 192.168.4.57 6037 Dialer1 6037 extendable
ip nat inside source static udp 192.168.4.57 6037 Dialer1 6037 extendable
ip nat inside source static tcp 192.168.4.52 8000 Dialer1 8000 extendable
ip nat inside source static udp 192.168.4.52 8000 Dialer1 8000 extendable
ip nat inside source static tcp 192.168.4.53 8002 Dialer1 8002 extendable
ip nat inside source static udp 192.168.4.53 8002 Dialer1 8002 extendable
ip nat inside source static tcp 192.168.4.57 8004 Dialer1 8004 extendable
ip nat inside source static udp 192.168.4.57 8004 Dialer1 8004 extendable
ip nat inside source static tcp 192.168.4.54 8030 Dialer1 8030 extendable
ip nat inside source static udp 192.168.4.54 8030 Dialer1 8030 extendable
ip nat inside source static tcp 192.168.4.55 8032 Dialer1 8032 extendable
ip nat inside source static udp 192.168.4.55 8032 Dialer1 8032 extendable
ip nat inside source static tcp 192.168.4.56 8034 Dialer1 8034 extendable
ip nat inside source static udp 192.168.4.56 8034 Dialer1 8034 extendable
ip nat inside source static tcp 192.168.4.58 8036 Dialer1 8036 extendable
ip nat inside source static udp 192.168.4.58 8036 Dialer1 8036 extendable
ip nat inside source static tcp 192.168.4.53 8038 Dialer1 8038 extendable
ip nat inside source static udp 192.168.4.53 8038 Dialer1 8038 extendable
ip nat inside source static tcp 192.168.4.57 8040 Dialer1 8040 extendable
ip nat inside source static udp 192.168.4.57 8040 Dialer1 8040 extendable
ip nat inside source static tcp 192.168.4.51 13777 Dialer1 13777 extendable
ip nat inside source static udp 192.168.4.51 13777 Dialer1 13777 extendable
!
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
access-list 111 deny ip host 255.255.255.255 any
access-list 111 deny ip 127.0.0.0 0.255.255.255 any log
access-list 111 deny ip 10.0.0.0 0.255.255.255 any log
access-list 111 deny ip 172.16.0.0 0.15.255.255 any log
access-list 111 deny ip 224.0.0.0 15.255.255.255 any log
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any any eq telnet
access-list 111 permit ip any any
!
!
!
!
control-plane
!
banner motd ^CCCCCCC
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * * * * * * * * *
xxxxxxxxxxxxxxxxxxxxxxxx - ACCESS ROUTER PROPERTY OF xxxxxxxxxx ISP
THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE
ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE
PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR
OTHER APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM,
DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES
AND DATA CONTENT BEING MONITORED. ALL PERSONS ARE HEREBY
NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT TO
MONITORING AND AUDITING.
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * * * * * * * * *
^C
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end
Il problema persiste.
Faccio presente una cosa: il problema l'ho avuto dallo stesso cliente in altra sede.
La risoluzione l'ho ottenuta inserendo un firewall (basato su linux) tra la rete e il mio router.
Ovvero: mi ero sostituito con il mio 877 alla adsl telecom, e avevo analogo problema (problemi in apertura siti)
Allora ho rimosso l'877 al suo posto ci ho messo un firewall, la cui wan l'ho collegata all'877, naturalmente con le dovute riconfigurazioni ip.
A quel punto tutto ha preso a funzionare bene. Ma sinceramente non so spiegarmi il perchè-.......
Ho pensato anche di fare uguale in questa altra sede, impiantando un firewall, ma vorrei capire il perchè di tutto ciò....
Vi ringrazio in anticipo se sparete darmi qualche lume.....