Cisco Soho 90
Verfasst: Mi 07 Feb, 2007 18:03
Erstmals, hallo an alle
Hab mir vor kurzen einen ADSL Router gekauft und mittlerweile auch -mehr oder weniger gut- konfiguriert. Also das Internet geht auf jeden Fall.
Mein Problem ist nun aber, dass ich gerne dial on demand aktivieren will.
ADSL (pptp telekom austria) soll nach 10 minuten inaktivität getrennt werden, mit den acls habe ich versucht festzulgegen, wann der timer zurückgesetzt wird.
Allerdings funktionierts noch nicht so wie es soll.
Ich hoffe Ihr könnt mir helfen, daher nun meine Konfig:
Current configuration : 3351 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
no logging buffered
enable secret 5 XXX
!
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
no ip domain lookup
ip name-server 195.3.96.67
ip name-server 195.3.96.68
no ip bootp server
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
username XXX password XXX
!
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip access-group 130 out
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer idle-timeout 600 inbound
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password 7 XXX
ppp pap sent-username XXX password XXX
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
!
!
access-list 50 permit 10.10.10.8
access-list 50 permit 10.10.10.3
access-list 50 permit 10.10.10.4
access-list 50 permit 10.10.10.5
access-list 50 deny any log
access-list 101 permit tcp any any eq www
access-list 101 deny ip any any
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 deny icmp any any
access-list 111 permit udp any eq domain any
access-list 111 deny esp any any
access-list 111 deny gre any any
access-list 111 deny ip any any
access-list 111 deny igmp any any
access-list 111 deny pim any any
access-list 111 deny pcp any any
access-list 111 deny udp any any
access-list 111 deny tcp any eq 445 any
access-list 111 deny tcp any gt 7000 any
access-list 111 deny tcp any eq 22 any
access-list 111 deny tcp any eq 389 any
access-list 111 deny tcp any eq lpd any
access-list 111 deny tcp any eq uucp any
access-list 111 deny tcp any eq 161 any
access-list 111 deny tcp any eq 162 any
access-list 111 deny tcp any eq sunrpc any
access-list 111 deny ip 10.0.0.0 0.255.255.255 any
access-list 111 deny ip 192.168.0.0 0.0.255.255 any
access-list 130 permit tcp any any
access-list 130 permit udp any any
access-list 130 deny ip any any
dialer-list 1 protocol ip list 101
no cdp run
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 5 0
login local
length 0
!
scheduler max-task-time 5000
end
Hab mir vor kurzen einen ADSL Router gekauft und mittlerweile auch -mehr oder weniger gut- konfiguriert. Also das Internet geht auf jeden Fall.
Mein Problem ist nun aber, dass ich gerne dial on demand aktivieren will.
ADSL (pptp telekom austria) soll nach 10 minuten inaktivität getrennt werden, mit den acls habe ich versucht festzulgegen, wann der timer zurückgesetzt wird.
Allerdings funktionierts noch nicht so wie es soll.
Ich hoffe Ihr könnt mir helfen, daher nun meine Konfig:
Current configuration : 3351 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
no logging buffered
enable secret 5 XXX
!
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
no ip domain lookup
ip name-server 195.3.96.67
ip name-server 195.3.96.68
no ip bootp server
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
username XXX password XXX
!
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip access-group 130 out
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer idle-timeout 600 inbound
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password 7 XXX
ppp pap sent-username XXX password XXX
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
!
!
access-list 50 permit 10.10.10.8
access-list 50 permit 10.10.10.3
access-list 50 permit 10.10.10.4
access-list 50 permit 10.10.10.5
access-list 50 deny any log
access-list 101 permit tcp any any eq www
access-list 101 deny ip any any
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 deny icmp any any
access-list 111 permit udp any eq domain any
access-list 111 deny esp any any
access-list 111 deny gre any any
access-list 111 deny ip any any
access-list 111 deny igmp any any
access-list 111 deny pim any any
access-list 111 deny pcp any any
access-list 111 deny udp any any
access-list 111 deny tcp any eq 445 any
access-list 111 deny tcp any gt 7000 any
access-list 111 deny tcp any eq 22 any
access-list 111 deny tcp any eq 389 any
access-list 111 deny tcp any eq lpd any
access-list 111 deny tcp any eq uucp any
access-list 111 deny tcp any eq 161 any
access-list 111 deny tcp any eq 162 any
access-list 111 deny tcp any eq sunrpc any
access-list 111 deny ip 10.0.0.0 0.255.255.255 any
access-list 111 deny ip 192.168.0.0 0.0.255.255 any
access-list 130 permit tcp any any
access-list 130 permit udp any any
access-list 130 deny ip any any
dialer-list 1 protocol ip list 101
no cdp run
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 5 0
login local
length 0
!
scheduler max-task-time 5000
end