ip access-group 161 out
duplex auto
speed auto
crypto map tun_4
!
interface Ethernet1/1
ip address 192.168.30.1 255.255.255.0
ip access-group 160 in
ip access-group 161 out
duplex auto
speed auto
!
interface Ethernet1/2
ip address 10.0.33.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet1/3
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip classless
ip route 172.16.23.0 255.255.255.0 172.16.32.2
ip route 172.16.43.0 255.255.255.0 172.16.34.2
ip route 192.168.3.0 255.255.255.0 192.168.30.2
ip route 192.168.5.0 255.255.255.0 10.70.3.2
ip route 192.168.5.0 255.255.255.0 10.70.6.2
!
access-list 103 permit gre host 172.16.32.1 host 172.16.23.1
access-list 104 permit gre host 172.16.34.1 host 172.16.43.1
access-list 141 deny tcp any any eq ftp
access-list 141 deny tcp any any eq smtp
access-list 141 permit udp 10.0.31.0 0.0.0.255 host 10.0.33.2 eq domain
access-list 141 permit tcp 10.0.31.0 0.0.0.255 host 10.0.33.2 eq www
access-list 141 permit ip any any
access-list 142 deny tcp any any eq ftp
access-list 142 deny tcp 10.0.32.0 0.0.0.255 host 10.0.35.2 eq smtp
access-list 142 permit udp 10.0.32.0 0.0.0.255 host 10.0.33.2 eq domain
access-list 142 deny tcp any any eq www
access-list 142 permit ip any any
access-list 160 deny ospf any any
access-list 160 permit ip any any
access-list 161 deny eigrp any any
access-list 161 permit ip any any
ПРИЛОЖЕНИЕ Д
НАСТРОЙКИ МАРШРУТИЗАТОРА ЧЕТВЕРТОГО ФИЛИАЛА
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 0 address 172.16.4.1
crypto isakmp key 0 address 172.16.34.1
!
crypto ipsec transform-set 104 esp-aes esp-sha-hmac
crypto ipsec transform-set 105 esp-aes esp-sha-hmac
!
crypto map tun_4 100 ipsec-isakmp
set peer 172.16.34.1
set pfs group2
set transform-set 104
match address 104
!
crypto map tun_5 100 ipsec-isakmp
set peer 172.16.4.1
set pfs group2
set transform-set 105
match address 105
!
interface Tunnel4
ip address 10.70.4.1 255.255.255.0
tunnel source FastEthernet0/1
tunnel destination 172.16.34.1
!
interface Tunnel5
ip address 10.70.5.2 255.255.255.0
tunnel source Ethernet1/0
tunnel destination 172.16.4.1
!
interface FastEthernet0/0
ip address 10.0.75.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.0.41.1 255.255.255.0
ip access-group 151 in
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.0.42.1 255.255.255.0
ip access-group 152 in
!
interface FastEthernet0/1
ip address 172.16.43.1 255.255.255.0
ip access-group 160 in
ip access-group 161 out
duplex auto
speed auto
crypto map tun_4
!
interface Ethernet1/0
ip address 172.16.40.1 255.255.255.0
ip access-group 160 in
ip access-group 161 out
duplex auto
speed auto
crypto map tun_5
!
interface Ethernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/2
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/3
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip classless
ip route 172.16.34.0 255.255.255.0 172.16.43.2
ip route 172.16.4.0 255.255.255.0 172.16.40.2
ip route 192.168.5.0 255.255.255.0 10.70.4.2
ip route 192.168.5.0 255.255.255.0 10.70.5.1
!
access-list 104 permit gre host 172.16.43.1 host 172.16.34.1
access-list 105 permit gre host 172.16.40.1 host 172.16.4.1
access-list 151 deny tcp any any eq ftp
access-list 151 deny tcp 10.0.41.0 0.0.0.255 host 10.0.35.2 eq smtp
access-list 151 deny udp any any eq domain
access-list 151 deny tcp any any eq www
access-list 151 permit ip any any
access-list 152 permit tcp 10.0.42.0 0.0.0.255 host 10.0.35.2 eq ftp
access-list 152 deny tcp any any eq smtp
access-list 152 deny udp any any eq domain
access-list 152 deny tcp any any eq www
access-list 152 permit ip any any
access-list 160 deny ospf any any
access-list 160 permit ip any any
access-list 161 deny eigrp any any
access-list 161 permit ip any any
Уважаемый посетитель!
Чтобы распечатать файл, скачайте его (в формате Word).
Ссылка на скачивание - внизу страницы.