у кого какое мнение на этот счет? отключил там все что только мог, всеравно 100%
списки доступа не привожу так как при отвязывании их с интерфейсов проблема не уходит.итак:
CPU utilization for five seconds: 99%/8%; one minute: 91%; five minutes: 97%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
38 3748470976 596927491 6279 90.79% 81.85% 86.73% 0 IP Input
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.2(13)T1, RELEASE SOFTWARE (fc1)
cisco 2621XM (MPC860P) processor (revision 0x100) with 59392K/6144K bytes of memory.
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 000d.65dc.0720 (bia 000d.65dc.0720)
Description: DMZ
Internet address is 5.5.5.5/28
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:07, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/324438/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 31000 bits/sec, 33 packets/sec
5 minute output rate 89000 bits/sec, 22 packets/sec
453654496 packets input, 2705332661 bytes
Received 9862 broadcasts, 0 runts, 0 giants, 0 throttles
83101 input errors, 83101 CRC, 41731 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
398483252 packets output, 623219216 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/1 is up, line protocol is up
Hardware is AmdFE, address is 000d.65dc.0721 (bia 000d.65dc.0721)
Description: LAN
Internet address is 172.19.0.2/22
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 52/75/4713784/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 125000 bits/sec, 139 packets/sec
5 minute output rate 758000 bits/sec, 133 packets/sec
755159411 packets input, 1849783521 bytes
Received 5136976 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
829746246 packets output, 3127474409 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Ethernet1/0 is up, line protocol is up
Hardware is AmdP2, address is 000d.65dc.0730 (bia 000d.65dc.0730)
Internet address is 7.7.7.7/30
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 3/255, rxload 20/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/6030302/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 801000 bits/sec, 151 packets/sec
5 minute output rate 142000 bits/sec, 167 packets/sec
924325132 packets input, 3852162839 bytes, 990 no buffer
Received 957259 broadcasts, 0 runts, 0 giants, 0 throttles
292796 input errors, 0 CRC, 0 frame, 0 overrun, 292796 ignored
0 input packets with dribble condition detected
923770161 packets output, 1957318334 bytes, 0 underruns
18 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
18 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
version 12.2
service tcp-keepalives-in
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service compress-config
!
hostname perimeter
!
logging buffered 8192 debugging
no logging console
enable secret pass
!
username admin password pass
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 3:00 last Sun Oct 2:00
aaa new-model
!
!
aaa authentication banner ^C
All unauthorized access prohibited by law^C
aaa authentication password-prompt Password:
aaa authentication username-prompt Login:
aaa authentication login default local
aaa session-id common
ip subnet-zero
no ip source-route
ip wccp version 1
ip cef
!
!
no ip domain lookup
ip domain name ogscomp.ru
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 5
lifetime 600
!
crypto isakmp policy 40
hash md5
authentication pre-share
lifetime 3600
!
crypto isakmp policy 50
encr 3des
hash md5
authentication pre-share
group 5
lifetime 600
crypto isakmp key key1 address 1.1.1.1
crypto isakmp key key2 address 2.2.2.2
crypto isakmp key key3 address 3.3.3.3
!
!
crypto ipsec transform-set to_London_1 esp-des esp-md5-hmac
crypto ipsec transform-set to_piter esp-des esp-md5-hmac
crypto ipsec transform-set to_novosib esp-des esp-md5-hmac
!
crypto map London_1 local-address Ethernet1/0
crypto map London_1 20 ipsec-isakmp
description TO LONDON
set peer 1.1.1.1
set transform-set to_London_1
match address 171
crypto map London_1 30 ipsec-isakmp
description TO PITER
set peer 2.2.2.2
set transform-set to_piter
match address 172
crypto map London_1 40 ipsec-isakmp
description TO Npvosib
set peer 3.3.3.3
set transform-set to_novosib
match address 173
!
!
!
!
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
description DMZ
ip address 5.5.5.5 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
speed 100
full-duplex
no cdp enable
!
interface FastEthernet0/1
description LAN
ip address 1.1.1.1 255.255.255.0 secondary
ip address 172.19.0.2 255.255.252.0
ip access-group 105 in
ip access-group 106 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
speed 100
full-duplex
no cdp enable
!
interface Ethernet1/0
ip address 7.7.7.7 255.255.255.252
ip access-group 101 in
ip access-group 102 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
full-duplex
no cdp enable
crypto map London_1
crypto ipsec df-bit clear
!
ip nat translation timeout 43200
ip nat translation tcp-timeout 43200
ip nat translation udp-timeout 70
ip nat translation finrst-timeout 70
ip nat translation dns-timeout 90
ip nat translation icmp-timeout 90
ip nat inside source list 186 interface FastEthernet0/0 overload
ip nat inside source static tcp 172.19.8.21 3389 9.9.9.8 7777 extendable
ip nat inside source static tcp 172.19.8.20 3389 9.9.9.9 8888 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 7.7.7.7 permanent
ip route 172.19.0.0 255.255.224.0 172.19.0.1
no ip http server
ip pim bidir-enable
!
!
logging trap debugging
logging facility local1
logging source-interface FastEthernet0/0
logging 1.1.1.1
access-list 186 remark dynamic NAT to IP
access-list 186 deny ip 172.19.0.0 0.0.255.255 192.168.18.0 0.0.0.255
access-list 186 deny ip 172.19.0.0 0.0.255.255 172.21.18.0 0.0.0.255
access-list 186 deny ip 172.19.0.0 0.0.255.255 172.21.20.0 0.0.0.255
access-list 186 deny ip 172.19.0.0 0.0.255.255 172.21.21.0 0.0.0.255
access-list 186 deny ip 172.19.0.0 0.0.255.255 172.21.22.0 0.0.0.255
access-list 186 permit ip 172.19.0.0 0.0.255.255 any
access-list 186 permit ip 1.1.0.0 0.0.255.255 any
!
snmp-server community pass1 RO 2
snmp-server community pass2 RW 2
snmp-server enable traps tty
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
privilege exec level 1 show ip accounting
privilege exec level 1 show ip
privilege exec level 1 show interfaces
privilege exec level 15 show running-config
privilege exec level 1 show
!
line con 0
line aux 0
line vty 0 4
access-class 2 in
transport input ssh
!
ntp clock-period 17179973
ntp server 195.2.64.5 version 2
ntp server 194.186.254.22 version 2
!
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(??) on 21-Дек-06, 17:15 
