xakep

Page 136

» :: 'i

.~~~ -

.w>

.~.!"'- ~~--

U'--:;·-Ib';':::--­

~ ?'._~" .. ::.ET-­

---~,~o:,.__ ,,---"--'-U.~.

~~.~-~~~.-

."",1" c'HO

C,OCO DocuIMn13bGn

~~t~~~:~f§t~i~:£;;~~~i;~

----1--- ­ -------- - -­ ­ --,-_... I

00n1Ol! __ c... q""

::I

I"""."

s. ,"-. """_ _

)5

~"

.,

~

~

~

~

-I

3

3 3

...."

olIllM-.."-_

~ ~

<UlI""' .....

·_'"'''.'·01...·

~

o'c.uU>.

~,

= "7":'

...... ._" ..r;,._ '_""m,,"',

""-'

• '-..."n·C ....· "

.~

............ ,""".,""-..

·,..·......""'··· ...z, ....... .~l":"£>.u

._,~

.""

j,_

r.-.I"r>lIA·o.",,~

G..

.•.. ,.

.... I..I.~_ ..... I.,,~I• ....,

I:

I

ri·T~I ... _ · j _'...-:<-r..---;:;;::-­

O<pl'IlIVlal1bH311 ,QOKyMeHTallVls:l aT Cisco Systems

!

81!i.Iro.n:ap5i

Bee rna l3

)luHHOH

COCTO.l1HHI1

~

info

• Cisco IDS -

MHO­

KO!-laH,D€ liau, M:-iTep<1leik

6YA€ ' l'

H.A}'lil.l1e H3 HaWltX ceTeH. TaK H nocrym1M:

·up·

cisco{config)#ip route D.G.O.O 0,0.0.0 I$Pl_GW

BblC'I'al.JJ1$1e~j I1HKanCYJ1.11UVK) PPP

cisco(config-if}#encapsulation DPP

MapwPYTAo6aBI1JlH. Tenepb C03AaeM Access List. OR 6y.a.eT

cisco(config-if} ffdialer in-band

JIOBUTh Heo6xol\UMble HaM naKeTbI, Ao'UlI<OTOpbIX H)0J<HOAe.n.aTb

cisco (config- if l #dialer idle-timeout 0

NAT. Opoury 3aMeTHTb, "ITO B,D;aHHbIX npaBIlJIaX HcnOJlb3yeTOI

LH1OHHaI'101CTeMa,

cisco(config-iflltdialer 5(:.["ing 123

He 06bl t lHM MaCKa, a HHBepTHan;

BblnOflH5llOll.laS'l

cisco (conf ig- if) #dialer vpdn

J03aAa4Ha~ on

4lYHKl..\I-ll-1

epa­

ceTeBOI1 op­

!

HOMep dialer-Ii st 'a -

AnSI

npOCMOToa nO,llXo.o..>:­

lU,l1X lldHHb(X

TL-nal..\ltllll, KOMMYTal..\I-H1

cisco(config-iflHdialer-group 1

ltl

! OTpy6ael--'j

nepC?,lJ,a~l.r1

)J,aHHbIX.

!

C03.o.aeM access-list !lonep 1

cisco fconfig;' #access-list 1 permit

raH1133111-lltl, Mapwpy­

na.u.neplKKy cisco discovl:J"Y protocol

Hll. 3TOM nHTep<peiJrce

• ell -ltlHTep¢ei1c

192.168,1.00.0.0.255

cisco(config) !iaccess-l isL 1 permit.

192.168.3.00.0.0.255

cisco (config-if) #no cdp enable

KOMaH,QHOI1 CTpOKlIl

! YKd3b1BaeM ,<or-m1 I-l napOJ1b ,o,n.l1 aY'TetiTl-1Q;lltlKam1:1

BBeAeHI'-LbJi1 ACL He npHMeH.ReTCfI Ha HHTepq,eHCe,lJ,JlJ{ pa3rpa­

Cisco IDS.

ciscofconfig-if) IIppp chap hostname _login_

HHqeHmI .aOCTyna, H npaBHJIa permit H deny CJIeAYeT nOHH­

cisco tconfig-if) #-ppp chap pass,,"'ord 0 _

MaTh He KaK "pa3peUlHTb>1 HJIH «3anpeTIITb», a KaKopOCMOTp

• DyniJmips -llporpaM­ MHblf13Mymrrop MapW­

passHord_

nOAX0,lVlIUHX (permit) H HenOAXOAfI.ll.\HX (deny) naKeTOI3. OPI1 HaOHcaHHH NAT·npaBHJl HaM npl-JlleTaI YKa3aTb <tApeca I-1.CTO'l:­

pYnl3aTOpoB Cisco.

11.a06aMaeM dialer-list, rAe 6ypyr 3al\aeaTbOi TIfnbI.l\aHHblx (B

HUKOB, KOTopble He06xo,lI;HMO 6YAeT3aMeHHTb. I1MeHHO,lVlR

n03BOJIfleT 3Myl1VlpO­

HaweM cnyqae- BeCh npoToKOJIIP), KOTophle 6YAYT 3acraB­

3THX UeJlei1 HaMnpHro,lJ.HTCR lIaw ACL. BIITOre, c.xeMa BblrJUl­

oaTbannapaTHyfO 4aCTb

AATh IJ;HCKy ycraHaRllHJ3aTh coe,n:HHeH ue:

Mapwpyn13aTopoB, He­

noCpe,ll,cmeHHo 3arpy­

cisco(config) #dialer-list 1 protocol ip permit ! VKa3blBa",M B KB.'l€CTSe

C peal1bHblMIIl o6pa3aMIIl

BOT Bpo,n:e 6hJ Il

Cisco lOS Pa50Tael

,n:OJDKHO npoHTH HopManbHO. IIpoBep.lleM:

Ha

AHTTaK: <tApec l1CTO'l:HHKa 6Y.lleT MOtn-tqmUHpoB3ThCfl TOJIbKO B

Tex rraKeTaX, KOTOPhlC no.llOIII.llH no.a.3TOT ACL.

)KCI5l Vl B3a\.1MOAe~CTSY5l

Bee. Terrepb cOetJ.HReHl1e cVPN-cepBepoM

:vrcxOA'ib:x

c.,o,gecoB

access-list 1

cisco (config) #ip nat: inside source list 1

interface Vlan4 overload

Windows.6011bWI1HCTSe Linux~cl.r1cTeM,a TalOKe

cisco*sh ip int dialO

Ha MacOSX.

InlerEace-!P-Address·OK?·Method·Status·Protocol DialerO,xxx.xxx.xxx,XXX·YES.IPCP·up·up

3.a.eCbMbl MeIDICM a,lJpeCaHa a,a,pec I1HTep<peHea vlan 4. B

3aBepJDaIOII\eU CTaD,HH HaM l-I)?KHO y1<3.3aTb, KC!KHe HHTeM?ellCW f1BlWlOTaI BH)'TpeHHHMH, a Ka'KHe -

• nO,ll,p06Hee 0

:

nOllH3s:l VlH410PMalll'lS'l

o poyrepe

cisco (config- i f l # ip pim dense-mode

!

.

BbIBO,Q KOMaHAbl «show verSion» -

BHeWHI1Ml1.l!:CJIaeTCR 3TO c

VLAN'ax ltl C03,ll,a­

Hl1l-1sLtlpTyaJlbHoi1

JlOKaJ1bHO~ CeTLtI '·nnal1

COe,lJ;HHeHHe ycneuIHo yCTaHoBJIeHo! nepexo.n:HM KcaMoMy

nOMOWbfO KOMa.H,!l; «ip nat inside» H «ip nat outside>, cOOTBeTcrBeH­

IoUlTepecHoMy - BblnyCK nOJIb30BaTeJleH BHHTepH'er.

HO. KOM3.HAbLBBOAlITC.Il npH KOHqmrypnpoflaHHH mrrepqleHca:

B CTaTbe «WaMaHcTBo

HATHM nOnb30BATEnEM KaKCKa3aHOBTeX3a,aaHHH,HaM

cisco (config) ilint vI an 2

ha,Q Blo1Jllla Ha MIrt»,

HeOOXOI\HMO BblllycKaTh nOllb30BaTeJleH B HHTCpHeT'lfepe3 nep­

cisco(config-if) Iiip nat insid.e

ony61llrtKOBaHHoi-i B

BOro npona.J".fAepa, a BToporo OCTaBHTb TOJlhKO WUf DHeWHHX

cisco(config-if) !lint vlan 4

cepBlicoB. CaMbIM npOCTblM 6ytJ;eTycraHOBHTb,lJ,e4!OJITHbli1

cisco(config-if)#lp nat outside

>lHBapCKoM

HOMepe

I3a 2009 roA

~

136

I

Mapwpyr Aa nepBoro npoBait..a.epa HNAT'l-ITb Bce naKeTbl,

XAKEP 05/1251 09

--+

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.