forum.opennet.ru

Составление сообщения

Исходное сообщение

"permit tcp any any established - unsupported SDM rule"
Отправлено Remy, 13-Май-09 18:52

>[оверквотинг удален]
>>все на выход, а на вход, чтоб работали только определенные порты на
>>которые прописан статический NAT, например 25.
>
>Где-то так.
>access-list 100 permit tcp any any eq 25
>access-list 100 permit tcp any any eq 80
>access-list 100 permit tcp any any eq 443
>access-list 100 permit tcp any any established
>
>Но лучше покажите конфиг.
Спасибо.
но вы же сказали что от ключа established можно отказаться или нет?
С его использованием конфигурация правил через Web станет невозможной.
конфиг:
router#sh run
Building configuration...
Current configuration : 9142 bytes
!
version 12.4
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname router
!
boot-start-marker
boot system flash:c1841-advsecurityk9-mz.124-5a.bin
boot-end-marker
!
logging buffered 10000 debugging
enable secret 5 ******************
!
aaa new-model
!
!
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone GMT 3
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
!
!
ip domain name domain.ru
ip name-server 213.150.64.12
ip name-server 213.150.65.122
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki *************
!
crypto pki certificate *******
  quit
username adminz privilege 15 password 7 ***
username userz privilege 0 password 7 ***
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes 256
group 2
!
crypto isakmp policy 3
encr 3des
group 2
!
crypto isakmp client configuration group ***_vpn
key ***
dns 10.10.9.253
domain domain.local
pool SDM_POOL_1
!
!
crypto ipsec transform-set ***_vpn esp-aes 256 esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ***_vpn
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
description ###outside interface###$FW_OUTSIDE$$ETH-WAN$
ip address 111.111.111.111 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip accounting output-packets
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
description ###inside interface###$FW_INSIDE$$ETH-LAN$
ip address 10.10.9.254 255.255.255.0
ip access-group 100 in
ip accounting output-packets
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip local pool SDM_POOL_1 10.10.1.1 10.10.1.25
ip route 0.0.0.0 0.0.0.0 111.111.111.110
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source static tcp 10.10.9.253 1723 interface FastEthernet0/0 1723
ip nat inside source static tcp 10.10.9.254 22 interface FastEthernet0/0 22
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source static tcp 10.10.9.253 3389 interface FastEthernet0/0 5551
ip nat inside source static tcp 10.10.9.252 3389 interface FastEthernet0/0 5552
ip nat inside source static udp 10.10.9.253 53 interface FastEthernet0/0 53
ip nat inside source static tcp 10.10.9.252 25 interface FastEthernet0/0 25
ip nat inside source static tcp 10.10.9.252 80 interface FastEthernet0/0 80
ip nat inside source static tcp 10.10.9.252 443 interface FastEthernet0/0 443
ip nat inside source static tcp 10.10.9.254 10000 interface FastEthernet0/0 10000
ip dns server
!
access-list 1 remark permit_nat
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 10.10.9.0 0.0.0.255
access-list 100 permit tcp host 10.10.9.252 any eq smtp
access-list 100 remark Deny SMTP
access-list 100 deny   tcp any any eq smtp log
access-list 100 deny   ip 111.111.111.109 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit gre any any log
access-list 101 permit tcp any host 111.111.111.111 eq 1723
access-list 101 permit tcp any host 111.111.111.111 eq 10000
access-list 101 permit udp any host 111.111.111.111 eq isakmp
access-list 101 permit udp any eq isakmp host 111.111.111.111
access-list 101 permit udp any host 111.111.111.111 eq non500-isakmp
access-list 101 permit udp any eq non500-isakmp host 111.111.111.111
access-list 101 permit tcp any host 111.111.111.111 eq smtp
access-list 101 permit tcp any host 111.111.111.111 eq 22
access-list 101 permit tcp any host 111.111.111.111 eq www
access-list 101 permit tcp any host 111.111.111.111 eq 443
access-list 101 permit tcp any host 111.111.111.111 eq 5551
access-list 101 permit tcp any host 111.111.111.111 eq 5552
access-list 101 permit udp host 213.150.64.12 eq domain host 111.111.111.111
access-list 101 permit udp host 213.150.65.122 eq domain host 111.111.111.111
access-list 101 deny   ip 10.10.9.0 0.0.0.255 any
access-list 101 permit icmp any host 111.111.111.111 echo-reply
access-list 101 permit icmp any host 111.111.111.111 time-exceeded
access-list 101 permit icmp any host 111.111.111.111 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 permit tcp any any established
access-list 101 deny   ip any any log
access-list 102 remark SDM_ACL Category=2
access-list 102 deny   ip any host 10.10.1.1
access-list 102 deny   ip any host 10.10.1.2
access-list 102 deny   ip any host 10.10.1.3
access-list 102 deny   ip any host 10.10.1.4
access-list 102 deny   ip any host 10.10.1.5
access-list 102 deny   ip any host 10.10.1.6
access-list 102 deny   ip any host 10.10.1.7
access-list 102 deny   ip any host 10.10.1.8
access-list 102 deny   ip any host 10.10.1.9
access-list 102 deny   ip any host 10.10.1.10
access-list 102 deny   ip any host 10.10.1.11
access-list 102 deny   ip any host 10.10.1.12
access-list 102 deny   ip any host 10.10.1.13
access-list 102 deny   ip any host 10.10.1.14
access-list 102 deny   ip any host 10.10.1.15
access-list 102 deny   ip any host 10.10.1.16
access-list 102 deny   ip any host 10.10.1.17
access-list 102 deny   ip any host 10.10.1.18
access-list 102 deny   ip any host 10.10.1.19
access-list 102 deny   ip any host 10.10.1.20
access-list 102 deny   ip any host 10.10.1.21
access-list 102 deny   ip any host 10.10.1.22
access-list 102 deny   ip any host 10.10.1.23
access-list 102 deny   ip any host 10.10.1.24
access-list 102 deny   ip any host 10.10.1.25
access-list 102 permit ip 10.10.9.0 0.0.0.255 any
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
!
control-plane
!
banner login ^CCC
=========================!!!CAUTION!!!===================================
This system is owned by *** Ltd. If you are not authorized to
access this system,exit immediately. Unauthorized access to this system is
forbidden by company policies, national, and international laws.Unauthorized
users are subject to criminal and civil penalties as well as company
initiated disciplinary proceedings.
By entry into this system you acknowledge that you are authorized access
and the level of privilege you subsequently execute on this system. You
further acknowledge that by entry into this system you expect no privacy from mo
nitoring.
=========================================================================
^C
!
line con 0
password 7 ***
line aux 0
password 7 ***
modem InOut
transport input all
flowcontrol hardware
line vty 0 4
access-class vty_access in
password 7 ***
transport input ssh
line vty 5 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end
router#

Исходное сообщение
"permit tcp any any established - unsupported SDM rule" Отправлено Remy, 13-Май-09 18:52
>[оверквотинг удален] >>все на выход, а на вход, чтоб работали только определенные порты на >>которые прописан статический NAT, например 25. > >Где-то так. >access-list 100 permit tcp any any eq 25 >access-list 100 permit tcp any any eq 80 >access-list 100 permit tcp any any eq 443 >access-list 100 permit tcp any any established > >Но лучше покажите конфиг. Спасибо. но вы же сказали что от ключа established можно отказаться или нет? С его использованием конфигурация правил через Web станет невозможной. конфиг: router#sh run Building configuration... Current configuration : 9142 bytes ! version 12.4 service timestamps debug datetime service timestamps log datetime service password-encryption ! hostname router ! boot-start-marker boot system flash:c1841-advsecurityk9-mz.124-5a.bin boot-end-marker ! logging buffered 10000 debugging enable secret 5 **************** ! aaa new-model ! ! aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ! resource policy ! clock timezone GMT 3 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip cef ! ! ! ! ip domain name domain.ru ip name-server 213.150.64.12 ip name-server 213.150.65.122 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki ********* ! crypto pki certificate *** quit username adminz privilege 15 password 7 * username userz privilege 0 password 7 * ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr aes 256 group 2 ! crypto isakmp policy 3 encr 3des group 2 ! crypto isakmp client configuration group _vpn key dns 10.10.9.253 domain domain.local pool SDM_POOL_1 ! ! crypto ipsec transform-set _vpn esp-aes 256 esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set _vpn reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface FastEthernet0/0 description ###outside interface###$FW_OUTSIDE$$ETH-WAN$ ip address 111.111.111.111 255.255.255.248 ip access-group 101 in ip verify unicast reverse-path ip accounting output-packets ip nat outside ip virtual-reassembly speed 100 full-duplex crypto map SDM_CMAP_1 ! interface FastEthernet0/1 description ###inside interface###$FW_INSIDE$$ETH-LAN$ ip address 10.10.9.254 255.255.255.0 ip access-group 100 in ip accounting output-packets ip nat inside ip virtual-reassembly duplex auto speed auto ! ip local pool SDM_POOL_1 10.10.1.1 10.10.1.25 ip route 0.0.0.0 0.0.0.0 111.111.111.110 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source static tcp 10.10.9.253 1723 interface FastEthernet0/0 1723 ip nat inside source static tcp 10.10.9.254 22 interface FastEthernet0/0 22 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload ip nat inside source static tcp 10.10.9.253 3389 interface FastEthernet0/0 5551 ip nat inside source static tcp 10.10.9.252 3389 interface FastEthernet0/0 5552 ip nat inside source static udp 10.10.9.253 53 interface FastEthernet0/0 53 ip nat inside source static tcp 10.10.9.252 25 interface FastEthernet0/0 25 ip nat inside source static tcp 10.10.9.252 80 interface FastEthernet0/0 80 ip nat inside source static tcp 10.10.9.252 443 interface FastEthernet0/0 443 ip nat inside source static tcp 10.10.9.254 10000 interface FastEthernet0/0 10000 ip dns server ! access-list 1 remark permit_nat access-list 1 remark SDM_ACL Category=16 access-list 1 permit 10.10.9.0 0.0.0.255 access-list 100 permit tcp host 10.10.9.252 any eq smtp access-list 100 remark Deny SMTP access-list 100 deny tcp any any eq smtp log access-list 100 deny ip 111.111.111.109 0.0.0.7 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 permit gre any any log access-list 101 permit tcp any host 111.111.111.111 eq 1723 access-list 101 permit tcp any host 111.111.111.111 eq 10000 access-list 101 permit udp any host 111.111.111.111 eq isakmp access-list 101 permit udp any eq isakmp host 111.111.111.111 access-list 101 permit udp any host 111.111.111.111 eq non500-isakmp access-list 101 permit udp any eq non500-isakmp host 111.111.111.111 access-list 101 permit tcp any host 111.111.111.111 eq smtp access-list 101 permit tcp any host 111.111.111.111 eq 22 access-list 101 permit tcp any host 111.111.111.111 eq www access-list 101 permit tcp any host 111.111.111.111 eq 443 access-list 101 permit tcp any host 111.111.111.111 eq 5551 access-list 101 permit tcp any host 111.111.111.111 eq 5552 access-list 101 permit udp host 213.150.64.12 eq domain host 111.111.111.111 access-list 101 permit udp host 213.150.65.122 eq domain host 111.111.111.111 access-list 101 deny ip 10.10.9.0 0.0.0.255 any access-list 101 permit icmp any host 111.111.111.111 echo-reply access-list 101 permit icmp any host 111.111.111.111 time-exceeded access-list 101 permit icmp any host 111.111.111.111 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 permit tcp any any established access-list 101 deny ip any any log access-list 102 remark SDM_ACL Category=2 access-list 102 deny ip any host 10.10.1.1 access-list 102 deny ip any host 10.10.1.2 access-list 102 deny ip any host 10.10.1.3 access-list 102 deny ip any host 10.10.1.4 access-list 102 deny ip any host 10.10.1.5 access-list 102 deny ip any host 10.10.1.6 access-list 102 deny ip any host 10.10.1.7 access-list 102 deny ip any host 10.10.1.8 access-list 102 deny ip any host 10.10.1.9 access-list 102 deny ip any host 10.10.1.10 access-list 102 deny ip any host 10.10.1.11 access-list 102 deny ip any host 10.10.1.12 access-list 102 deny ip any host 10.10.1.13 access-list 102 deny ip any host 10.10.1.14 access-list 102 deny ip any host 10.10.1.15 access-list 102 deny ip any host 10.10.1.16 access-list 102 deny ip any host 10.10.1.17 access-list 102 deny ip any host 10.10.1.18 access-list 102 deny ip any host 10.10.1.19 access-list 102 deny ip any host 10.10.1.20 access-list 102 deny ip any host 10.10.1.21 access-list 102 deny ip any host 10.10.1.22 access-list 102 deny ip any host 10.10.1.23 access-list 102 deny ip any host 10.10.1.24 access-list 102 deny ip any host 10.10.1.25 access-list 102 permit ip 10.10.9.0 0.0.0.255 any route-map SDM_RMAP_1 permit 1 match ip address 102 ! ! ! control-plane ! banner login ^CCC =========================!!!CAUTION!!!=================================== This system is owned by * Ltd. If you are not authorized to access this system,exit immediately. Unauthorized access to this system is forbidden by company policies, national, and international laws.Unauthorized users are subject to criminal and civil penalties as well as company initiated disciplinary proceedings. By entry into this system you acknowledge that you are authorized access and the level of privilege you subsequently execute on this system. You further acknowledge that by entry into this system you expect no privacy from mo nitoring. ========================================================================= ^C ! line con 0 password 7 * line aux 0 password 7 * modem InOut transport input all flowcontrol hardware line vty 0 4 access-class vty_access in password 7 *** transport input ssh line vty 5 15 transport input telnet ssh ! scheduler allocate 20000 1000 end router#

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, [email protected] (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>>[оверквотинг удален] >>>все на выход, а на вход, чтоб работали только определенные порты на >>>которые прописан статический NAT, например 25. >> >>Где-то так. >>access-list 100 permit tcp any any eq 25 >>access-list 100 permit tcp any any eq 80 >>access-list 100 permit tcp any any eq 443 >>access-list 100 permit tcp any any established >> >>Но лучше покажите конфиг. > Спасибо. > но вы же сказали что от ключа established можно отказаться или нет? > С его использованием конфигурация правил через Web станет невозможной. > конфиг: > router#sh run > Building configuration... > Current configuration : 9142 bytes > ! > version 12.4 > service timestamps debug datetime > service timestamps log datetime > service password-encryption > ! > hostname router > ! > boot-start-marker > boot system flash:c1841-advsecurityk9-mz.124-5a.bin > boot-end-marker > ! > logging buffered 10000 debugging > enable secret 5 **************** > ! > aaa new-model > ! > ! > aaa authentication login sdm_vpn_xauth_ml_1 local > aaa authorization network sdm_vpn_group_ml_1 local > ! > aaa session-id common > ! > resource policy > ! > clock timezone GMT 3 > mmi polling-interval 60 > no mmi auto-configure > no mmi pvc > mmi snmp-timeout 180 > ip cef > ! > ! > ! > ! > ip domain name domain.ru > ip name-server 213.150.64.12 > ip name-server 213.150.65.122 > ip ssh time-out 60 > ip ssh authentication-retries 2 > ! > ! > crypto pki ********* > ! > crypto pki certificate *** > quit > username adminz privilege 15 password 7 * > username userz privilege 0 password 7 * > ! > ! > ! > crypto isakmp policy 1 > encr 3des > authentication pre-share > group 2 > ! > crypto isakmp policy 2 > encr aes 256 > group 2 > ! > crypto isakmp policy 3 > encr 3des > group 2 > ! > crypto isakmp client configuration group _vpn > key > dns 10.10.9.253 > domain domain.local > pool SDM_POOL_1 > ! > ! > crypto ipsec transform-set _vpn esp-aes 256 esp-sha-hmac > ! > crypto dynamic-map SDM_DYNMAP_1 1 > set transform-set _vpn > reverse-route > ! > ! > crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 > crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 > crypto map SDM_CMAP_1 client configuration address respond > crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 > ! > ! > ! > interface FastEthernet0/0 > description ###outside interface###$FW_OUTSIDE$$ETH-WAN$ > ip address 111.111.111.111 255.255.255.248 > ip access-group 101 in > ip verify unicast reverse-path > ip accounting output-packets > ip nat outside > ip virtual-reassembly > speed 100 > full-duplex > crypto map SDM_CMAP_1 > ! > interface FastEthernet0/1 > description ###inside interface###$FW_INSIDE$$ETH-LAN$ > ip address 10.10.9.254 255.255.255.0 > ip access-group 100 in > ip accounting output-packets > ip nat inside > ip virtual-reassembly > duplex auto > speed auto > ! > ip local pool SDM_POOL_1 10.10.1.1 10.10.1.25 > ip route 0.0.0.0 0.0.0.0 111.111.111.110 > ! > ip http server > ip http authentication local > ip http secure-server > ip http timeout-policy idle 600 life 86400 requests 10000 > ip nat inside source static tcp 10.10.9.253 1723 interface FastEthernet0/0 1723 > ip nat inside source static tcp 10.10.9.254 22 interface FastEthernet0/0 22 > ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload > ip nat inside source static tcp 10.10.9.253 3389 interface FastEthernet0/0 5551 > ip nat inside source static tcp 10.10.9.252 3389 interface FastEthernet0/0 5552 > ip nat inside source static udp 10.10.9.253 53 interface FastEthernet0/0 53 > ip nat inside source static tcp 10.10.9.252 25 interface FastEthernet0/0 25 > ip nat inside source static tcp 10.10.9.252 80 interface FastEthernet0/0 80 > ip nat inside source static tcp 10.10.9.252 443 interface FastEthernet0/0 443 > ip nat inside source static tcp 10.10.9.254 10000 interface FastEthernet0/0 10000 > ip dns server > ! > access-list 1 remark permit_nat > access-list 1 remark SDM_ACL Category=16 > access-list 1 permit 10.10.9.0 0.0.0.255 > access-list 100 permit tcp host 10.10.9.252 any eq smtp > access-list 100 remark Deny SMTP > access-list 100 deny tcp any any eq smtp log > access-list 100 deny ip 111.111.111.109 0.0.0.7 any > access-list 100 deny ip host 255.255.255.255 any > access-list 100 deny ip 127.0.0.0 0.255.255.255 any > access-list 100 permit ip any any > access-list 101 permit gre any any log > access-list 101 permit tcp any host 111.111.111.111 eq 1723 > access-list 101 permit tcp any host 111.111.111.111 eq 10000 > access-list 101 permit udp any host 111.111.111.111 eq isakmp > access-list 101 permit udp any eq isakmp host 111.111.111.111 > access-list 101 permit udp any host 111.111.111.111 eq non500-isakmp > access-list 101 permit udp any eq non500-isakmp host 111.111.111.111 > access-list 101 permit tcp any host 111.111.111.111 eq smtp > access-list 101 permit tcp any host 111.111.111.111 eq 22 > access-list 101 permit tcp any host 111.111.111.111 eq www > access-list 101 permit tcp any host 111.111.111.111 eq 443 > access-list 101 permit tcp any host 111.111.111.111 eq 5551 > access-list 101 permit tcp any host 111.111.111.111 eq 5552 > access-list 101 permit udp host 213.150.64.12 eq domain host 111.111.111.111 > access-list 101 permit udp host 213.150.65.122 eq domain host 111.111.111.111 > access-list 101 deny ip 10.10.9.0 0.0.0.255 any > access-list 101 permit icmp any host 111.111.111.111 echo-reply > access-list 101 permit icmp any host 111.111.111.111 time-exceeded > access-list 101 permit icmp any host 111.111.111.111 unreachable > access-list 101 deny ip 10.0.0.0 0.255.255.255 any > access-list 101 deny ip 172.16.0.0 0.15.255.255 any > access-list 101 deny ip 192.168.0.0 0.0.255.255 any > access-list 101 deny ip 127.0.0.0 0.255.255.255 any > access-list 101 deny ip host 255.255.255.255 any > access-list 101 deny ip host 0.0.0.0 any > access-list 101 permit tcp any any established > access-list 101 deny ip any any log > access-list 102 remark SDM_ACL Category=2 > access-list 102 deny ip any host 10.10.1.1 > access-list 102 deny ip any host 10.10.1.2 > access-list 102 deny ip any host 10.10.1.3 > access-list 102 deny ip any host 10.10.1.4 > access-list 102 deny ip any host 10.10.1.5 > access-list 102 deny ip any host 10.10.1.6 > access-list 102 deny ip any host 10.10.1.7 > access-list 102 deny ip any host 10.10.1.8 > access-list 102 deny ip any host 10.10.1.9 > access-list 102 deny ip any host 10.10.1.10 > access-list 102 deny ip any host 10.10.1.11 > access-list 102 deny ip any host 10.10.1.12 > access-list 102 deny ip any host 10.10.1.13 > access-list 102 deny ip any host 10.10.1.14 > access-list 102 deny ip any host 10.10.1.15 > access-list 102 deny ip any host 10.10.1.16 > access-list 102 deny ip any host 10.10.1.17 > access-list 102 deny ip any host 10.10.1.18 > access-list 102 deny ip any host 10.10.1.19 > access-list 102 deny ip any host 10.10.1.20 > access-list 102 deny ip any host 10.10.1.21 > access-list 102 deny ip any host 10.10.1.22 > access-list 102 deny ip any host 10.10.1.23 > access-list 102 deny ip any host 10.10.1.24 > access-list 102 deny ip any host 10.10.1.25 > access-list 102 permit ip 10.10.9.0 0.0.0.255 any > route-map SDM_RMAP_1 permit 1 > match ip address 102 > ! > ! > ! > control-plane > ! > banner login ^CCC > =========================!!!CAUTION!!!=================================== > This system is owned by * Ltd. If you are not authorized > to > access this system,exit immediately. Unauthorized access to this system is > forbidden by company policies, national, and international laws.Unauthorized > users are subject to criminal and civil penalties as well as company > initiated disciplinary proceedings. > By entry into this system you acknowledge that you are authorized access > and the level of privilege you subsequently execute on this system. You > further acknowledge that by entry into this system you expect no privacy > from mo > nitoring. > ========================================================================= > ^C > ! > line con 0 > password 7 * > line aux 0 > password 7 * > modem InOut > transport input all > flowcontrol hardware > line vty 0 4 > access-class vty_access in > password 7 *** > transport input ssh > line vty 5 15 > transport input telnet ssh > ! > scheduler allocate 20000 1000 > end > router#
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру