IX2015に続いてCisco1812のコンフィグですが、言うまでもなく適度に書き換えてます。
「こんなもんをインターネットに晒してどうすんだ?」て意見もありますが、全くもってごもっともです。
しかし、当方が右も左もわからなかった頃は、こういったコンフィグは大変参考になった経験がありますので、ここは電子の海に流すのも一興かなと。
version 12.4
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
!
hostname GW-RT
!
boot-start-marker
boot-end-marker
!
logging buffered 8192 debugging
enable secret 5 XXXXXXXX
!
no aaa new-model
!
resource policy
!
clock timezone JST 9
!
!
ip cef
!
!
ip domain name gw.ys-network.info
ip name-server 221.113.139.138
ip inspect log drop-pkt
ip inspect name FIREWALL tcp alert on audit-trail off router-traffic
ip inspect name FIREWALL udp alert on audit-trail off router-traffic
ip inspect name FIREWALL snmp alert on audit-trail on
ip inspect name FIREWALL snmptrap alert on audit-trail on
ip inspect name FIREWALL syslog alert on audit-trail on
ip inspect name FIREWALL telnet alert on audit-trail on
ip inspect name FIREWALL wins alert on audit-trail on
ip inspect name FIREWALL nfs alert on audit-trail on
vpdn enable
!
!
!
!
!
spanning-tree portfast bpduguard
username XXXX privilege 15 password 7 XXXXXXXXX
!
!
!
!
!
!
interface Loopback0
no ip address
shutdown
!
interface FastEthernet0
description ###Flet’s Network
no ip address
ip inspect FIREWALL in
logging event subif-link-status
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no keepalive
!
interface FastEthernet1
description ###To Localnetwork
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1414
ip ospf network point-to-multipoint
ip ospf cost 10
ip ospf hello-interval 5
ip ospf priority 100
logging event subif-link-status
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip verify unicast reverse-path
ip accounting access-violations
ip mtu 1454
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname XXXXXXXXX@XXXXX.co.jp
ppp chap password 7 XXXXXXXXXX
!
interface Dialer0
no ip address
!
router ospf 64
router-id 192.168.0.1
log-adjacency-changes
network 192.168.0.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
ip route 192.168.10.0 255.255.255.0 192.168.0.254
!
ip dns server
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.10.1 80 interface Dialer1 80
ip nat inside destination list 20 pool loadsharing
!
logging facility local1
logging source-interface Dialer1
logging 192.168.0.2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 deny ip 0.0.0.0 0.255.255.255 any
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 169.254.0.0 0.0.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.0.2.0 0.0.0.255 any
access-list 100 deny ip 224.0.0.0 15.255.255.255 any
access-list 100 deny ip 240.0.0.0 15.255.255.255 any
access-list 100 deny tcp any any range 137 139
access-list 100 deny tcp any range 137 139 any
access-list 100 deny udp any any range netbios-ns netbios-ss
access-list 100 deny udp any range netbios-ns netbios-ss any
access-list 100 deny tcp any any eq 445
access-list 100 deny tcp any eq 445 any
access-list 100 deny udp any any eq 445
access-list 100 deny udp any eq 445 any
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
snmp-server community public RW 10
snmp-server contact yukio_sumadera@ys-network.info
snmp-server host 192.168.0.2 public
!
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
password 7 XXXXXXXXXXXXX
login local
transport input telnet ssh
!
ntp clock-period 17180208
ntp server 133.243.238.164
ntp server 210.173.160.87
ntp server 210.173.160.57
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
コメント
[…] Cisco1812のコンフィグ(12.4) | なんとかなりたい Tags: firewall, firewall basics, Private Networks, site, virtual private networks Published by on Oct 30, 2009 under 1 | Post your comment now Find out more: here « firew […]