ACL NAT OVERLOAD

Mettete al sicuro la vostra rete!

Moderatore: Federico.Lagni

Rispondi
Luca83
n00b
Messaggi: 15
Iscritto il: mar 06 apr , 2010 10:25 pm

Buon giorno,
ho un problema che non riesco a capire dove sbaglio :?: :?:

Ho un acl di tipo extendet "Internet" se assegno "permit ip any any" tutto funziona se invece configuro l'indirizzo del firewall "permit ip host 10.254.254.10 any"
la navigazione funziona a singhiozzi, ossia non tutti i siti vengono aperti.

Questa la mia configurazione:

Codice: Seleziona tutto

interface GigabitEthernet0/0
 description EOLO-ANTENNA-1
 no ip address
 ip mtu 1452
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 description WAN 1 Firewall
 no ip address
 ip virtual-reassembly in
 ip tcp adjust-mss 1400
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 description Services Web
 encapsulation dot1Q 2
 ip address 10.254.254.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
 description Services Mail
 encapsulation dot1Q 3
 ip address 10.254.254.5 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.4
 description Connessione Internet
 encapsulation dot1Q 4
 ip address 10.254.254.9 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/2
 ip address 192.168.6.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1400
 duplex auto
 speed auto
!
interface Serial0/1/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/1/1
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/0/0
 no ip address
 shutdown
!
interface FastEthernet0/0/1
 no ip address
 shutdown
!
interface FastEthernet0/0/2
 no ip address
 shutdown
!
interface FastEthernet0/0/3
 no ip address
 shutdown
!
interface Vlan1
 no ip address
!
interface Dialer1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in max-reassemblies 1000
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 ppp pap sent-username XXXX password 0 XXXXX
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list Internet interface Dialer1 overload
ip nat inside source static 10.254.254.6 88.XXXX
ip nat inside source static 10.254.254.2 88.XXXX
ip nat inside source static 192.168.6.253 88.XXX
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended Internet
 permit ip any any
 permit ip host 10.254.254.10 any
 deny   ip any any log
ip access-list extended ssh-access
 permit ip host 10.254.254.10 any
 permit ip host 192.168.6.253 any
 deny   ip any any log
paolomat75
Messianic Network master
Messaggi: 2965
Iscritto il: ven 29 gen , 2010 10:25 am
Località: Prov di GE

Ciao. Probabilmente il firewall non natta tutto.

Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
Rispondi