[ bgillegal @ 28.01.2010. 19:20 ] @
Naime postoji Cisco 1841. Software je Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(23). Ruteru je posao da lokalnu mrezu 192.168.10.0/24 gura na net, a postoji i mreza 192.168.11.0/24 u koju upadaju VPN client korisnici. VPN client je onaj pravi cisco-v skolski. Ono za cim postoji potreba je se racunari koji prilaze preko VPN klijenta mapiraju u staticki unapred odredjene adrese. Sto znaci da se ja kao Osoba1 mapiram u 192.168.11.10, neko drugi kao Osoba2 mapira u 192.168.11.11 itd... Da li neko ima ikakvu ideju kako bih to mogao da odradim? Meni za sada kao resenje je jedino da se na nekom serveru podigne DHCP server i odrade ta mapiranja, a da Cisco 1841 bude dhcp-relay i da zahteve gura na DHCP server, ali nisam siguran da bi to radilo kako treba. Code: Building configuration... Current configuration : 2929 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxxxxxxxxx ! boot-start-marker boot system flash c1841-advsecurityk9-mz.124-23.bin boot-end-marker ! enable secret 5 $1$OxxxxxxxeTe$Ltmg6uI6s7zIafyiEQK15. ! aaa new-model ! ! aaa authentication login default local aaa authentication login userauthen local aaa authorization network groupauthor local ! aaa session-id common ip cef ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! no ip domain lookup ! ! ! username xxxxx privilege 15 password 7 1416XxxxxxxxB2F37246B63 username xxxxxx privilege 15 password 7 00554xxxxx username veXxxx privilege 15 password 7 02100109Xxxxxxx username Xxxxxx privilege 15 password 7 Xxxxxxxx0B20 ! ! ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group xxxxxxx key xxxxxxx dns 192.168.10.2 pool ippool acl 101 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! interface FastEthernet0/0 description INTERNET ip address 213.244.xxx.xxx 255.255.255.252 ip nat outside ip virtual-reassembly speed 100 full-duplex crypto map clientmap ! interface FastEthernet0/1 description LAN ip address 192.168.10.1 255.255.255.0 ip access-group DENY-HTTP in ip nat inside ip virtual-reassembly speed 100 full-duplex ! ip local pool ippool 192.168.11.1 192.168.11.254 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 213.244.xxx.xxx ! no ip http server no ip http secure-server ip nat inside source route-map nonat interface FastEthernet0/0 overload ip nat inside source static tcp 192.168.10.2 25 213.244.xxx.xxx 25 extendable ip nat inside source static tcp 192.168.10.2 110 213.244.xxx.xxx 110 extendable ip nat inside source static tcp 192.168.10.14 3389 213.244.xxx.xxx 3389 extendabl e ! ip access-list extended DENY-HTTP deny tcp host 192.168.10.16 any eq www log deny tcp host 192.168.10.18 any eq www log deny tcp host 192.168.10.20 any eq www log deny tcp host 192.168.10.22 any eq www log permit ip any any ! access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 102 permit ip any any snmp-server community xxxxxxxx RO route-map nonat permit 10 match ip address 102 ! ! ! control-plane ! banner login ^C VLASNISTVO Xxxxxxxxx. NEOVLASCENI PRISTUP ZABRANJEN! ^C ! line con 0 exec-timeout 35791 0 line aux 0 line vty 0 4 exec-timeout 35791 0 transport input telnet line vty 5 15 exec-timeout 35791 0 transport input telnet ! scheduler allocate 20000 1000 end |