|
Cisco - доступ к свитчу
Есть доступ к пару сиско свитчам en15
что можно из этого выжать? Сделать VPN или еще чего? Привожу конфиг Building configuration... ! ! ! ADTRAN, Inc. OS version 13.12.00.E ! Boot ROM version 08.02.XB ! Platform: NetVanta 1224R, part number 1200510L1 ! Serial number LBADTN0520AD478 ! ! hostname "Switch" enable password encrypted 3f37ea7402d74f14b05451e8b4b7bcfd4720 ! clock timezone -5-Eastern-Time ! ip subnet-zero ip classless ip name-server 65.106.1.196 65.106.7.196 ip default-gateway 67.152.240.225 ip routing ! no auto-config ! event-history on no logging forwarding no logging email logging email priority-level info ! service password-encryption ! username "pwebber" password encrypted "151c2fb1fcfaec69076c6c2184e0a21588ac" username "admin" password encrypted "2523c5106c74fb131a68834f6a8f51cf3304" ! ! ip firewall no ip firewall alg msn no ip firewall alg h323 no ip firewall alg sip ! ! ! ! ! ! ! ! ! ip dhcp-server excluded-address 192.168.1.200 192.168.1.255 ! ip dhcp-server pool "Local PCs" network 192.167.1.0 255.255.255.0 domain-name "allcomm.local" dns-server 192.167.1.204 192.167.1.200 netbios-name-server 192.167.1.200 netbios-node-type h-node default-router 192.167.1.240 lease 8 4 0 option 66 ascii tftp://192.167.1.210 option 2 hex 0xFFFFB9B0 option 4 ip 192.167.1.200 option 160 ascii http://allcommcic1.allcomm.local:8088 ! ip crypto ! crypto ike client configuration pool "Allcomm VPN access" ip-range 192.167.2.1 192.167.2.254 dns-server 192.167.1.200 192.167.1.204 netbios-name-server 192.167.1.200 ! crypto ike policy 100 initiate main respond anymode local-id address 67.152.240.226 peer 12.51.161.178 attribute 3 encryption 3des hash md5 authentication pre-share ! crypto ike policy 101 no initiate respond anymode local-id fqdn vpn.goallcomm.com peer any client configuration pool "Allcomm VPN access" attribute 1 encryption 3des hash md5 authentication pre-share ! crypto ike policy 102 initiate main respond anymode local-id address 67.152.240.226 peer 64.3.7.154 attribute 3 encryption 3des hash md5 authentication pre-share ! crypto ike policy 103 initiate main respond anymode local-id address 67.152.240.226 peer 65.44.167.50 attribute 3 encryption 3des hash md5 authentication pre-share ! crypto ike policy 104 initiate main respond anymode local-id address 67.152.240.226 peer 74.7.237.46 attribute 3 encryption 3des hash md5 authentication pre-share ! crypto ike policy 105 initiate main respond anymode local-id address 67.152.240.226 peer 74.7.237.50 attribute 3 encryption 3des hash md5 authentication pre-share ! crypto ike policy 106 initiate main respond anymode local-id address 67.152.240.226 peer 66.79.219.18 attribute 1 encryption 3des hash md5 authentication pre-share ! crypto ike remote-id user-fqdn bberry@goallcomm.com preshared-key Goallcomm1 ike-policy 101 crypto map VPN 20 no-xauth crypto ike remote-id user-fqdn dolson@goallcomm.com preshared-key Goallcomm1 ike-policy 101 crypto map VPN 20 no-xauth crypto ike remote-id user-fqdn jgiannola@goallcomm.com preshared-key Goallcomm1 ike-policy 101 crypto map VPN 20 no-xauth crypto ike remote-id user-fqdn mhenry@goallcomm.com preshared-key Goallcomm1 ike-policy 101 crypto map VPN 20 no-xauth crypto ike remote-id user-fqdn mszlaga@goallcomm.com preshared-key Goallcomm1 ike-policy 101 crypto map VPN 20 no-xauth crypto ike remote-id user-fqdn paul.moore@goallcomm.com preshared-key Goallcomm1 ike-policy 101 crypto map VPN 20 no-xauth crypto ike remote-id user-fqdn pspagnuolo@goallcomm.com preshared-key Goallcomm1 ike-policy 101 crypto map VPN 20 no-xauth crypto ike remote-id address 12.51.161.178 preshared-key Goallcomm1 ike-policy 100 crypto map VPN 10 no-mode-config no-xauth crypto ike remote-id address 64.3.7.154 preshared-key Goallcomm1 ike-policy 102 crypto map VPN 30 no-mode-config no-xauth crypto ike remote-id address 65.44.167.50 preshared-key Goallcomm1 ike-policy 103 crypto map VPN 40 no-mode-config no-xauth crypto ike remote-id address 66.79.219.18 preshared-key Goallcomm1 ike-policy 106 crypto map VPN 70 no-mode-config no-xauth crypto ike remote-id address 74.7.237.46 preshared-key Goallcomm1 ike-policy 104 crypto map VPN 50 no-mode-config no-xauth crypto ike remote-id address 74.7.237.50 preshared-key Goallcomm1 ike-policy 105 crypto map VPN 60 no-mode-config no-xauth ! crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac mode tunnel ! crypto map VPN 10 ipsec-ike description Porretta Novi match address VPN-10-vpn-selectors set peer 12.51.161.178 set transform-set esp-3des-esp-md5-hmac ike-policy 100 crypto map VPN 20 ipsec-ike description Allcomm VPN access match address VPN-20-vpn-selectors set transform-set esp-3des-esp-md5-hmac ike-policy 101 mobile crypto map VPN 30 ipsec-ike description AssociatedDerm Commerce match address VPN-30-vpn-selectors1 set peer 64.3.7.154 set transform-set esp-3des-esp-md5-hmac ike-policy 102 crypto map VPN 40 ipsec-ike description AssociatedDerm WB match address VPN-40-vpn-selectors1 set peer 65.44.167.50 set transform-set esp-3des-esp-md5-hmac ike-policy 103 crypto map VPN 50 ipsec-ike description MCFC - Dearborn match address VPN-50-vpn-selectors1 set peer 74.7.237.46 set transform-set esp-3des-esp-md5-hmac ike-policy 104 crypto map VPN 60 ipsec-ike description MCFC - Clinton match address VPN-60-vpn-selectors1 set peer 74.7.237.50 set transform-set esp-3des-esp-md5-hmac ike-policy 105 crypto map VPN 70 ipsec-ike description Porretta Southfield match address VPN-70-vpn-selectors set peer 66.79.219.18 set transform-set esp-3des-esp-md5-hmac ike-policy 106 ! qos cos-map 1 0 1 qos cos-map 2 2 3 qos cos-map 3 4 qos cos-map 4 5 6 7 qos queue-type strict-priority ! qos dscp-cos 0 8 16 24 32 40 48 56 to 0 1 2 3 4 5 6 7 ! ! ! vlan 1 name "Default" vlan 2 name "Public" vlan 6 name "BCM" ! interface eth 0/1 spanning-tree edgeport no shutdown switchport mode trunk qos default-cos 5 ! interface eth 0/2 spanning-tree edgeport no shutdown switchport mode trunk qos default-cos 5 ! interface eth 0/3 spanning-tree edgeport no shutdown qos default-cos 5 ! interface eth 0/4 spanning-tree edgeport no shutdown qos default-cos 5 ! interface eth 0/5 spanning-tree edgeport no shutdown ! interface eth 0/6 spanning-tree edgeport no shutdown switchport access vlan 6 qos default-cos 5 no lldp send-and-receive ! interface eth 0/7 spanning-tree edgeport no shutdown ! interface eth 0/8 spanning-tree edgeport no shutdown qos default-cos 5 ! interface eth 0/9 spanning-tree edgeport no shutdown ! interface eth 0/10 description Lab PC spanning-tree edgeport no shutdown ! interface eth 0/11 description BCM Test Port spanning-tree edgeport no shutdown ! interface eth 0/12 spanning-tree edgeport no shutdown ! interface eth 0/13 description Card access spanning-tree edgeport no shutdown ! interface eth 0/14 spanning-tree edgeport no shutdown ! interface eth 0/15 spanning-tree edgeport no shutdown ! interface eth 0/16 spanning-tree edgeport no shutdown ! interface eth 0/17 spanning-tree edgeport no shutdown ! interface eth 0/18 no shutdown ! interface eth 0/19 spanning-tree edgeport no shutdown ! interface eth 0/20 spanning-tree edgeport no shutdown ! interface eth 0/21 spanning-tree edgeport no shutdown switchport access vlan 6 ! interface eth 0/22 spanning-tree edgeport no shutdown switchport access vlan 2 ! interface eth 0/23 spanning-tree edgeport no shutdown switchport access vlan 2 ! interface eth 0/24 description Uplink to SBC spanning-tree edgeport no shutdown switchport access vlan 2 ! ! interface vlan 1 ip address 192.167.1.240 255.255.255.0 access-policy Private no shutdown interface vlan 2 description External Connection ip address 192.167.1.240 255.255.255.0 access-policy Private no shutdown interface vlan 2 description External Connection ip address 67.152.240.226 255.255.255.248 ip address 67.152.240.227 255.255.255.248 secondary ip address 67.152.240.228 255.255.255.248 secondary ip address 67.152.240.229 255.255.255.248 secondary ip address 67.152.240.230 255.255.255.248 secondary access-policy Public crypto map VPN no shutdown interface vlan 6 ip address 192.168.15.1 255.255.255.0 access-policy BCM no shutdown ! ! interface t1 1/1 description Connect to Netopia Router no shutdown ! ! ! ! ! ! ip access-list standard wizard-ics remark Internet Connection Sharing permit any ! ! ip access-list extended self remark Traffic to Netvanta permit ip any any log ! ip access-list extended VPN-10-vpn-selectors permit ip 192.167.1.0 0.0.0.255 192.168.124.0 0.0.0.255 ! ip access-list extended VPN-20-vpn-selectors permit ip 192.167.1.0 0.0.0.255 192.167.2.0 0.0.0.255 ! ip access-list extended VPN-30-vpn-selectors1 permit ip 192.167.1.0 0.0.0.255 192.168.4.0 0.0.0.255 ! ip access-list extended VPN-40-vpn-selectors1 permit ip 192.167.1.0 0.0.0.255 192.168.1.0 0.0.0.255 ! ip access-list extended VPN-50-vpn-selectors1 permit ip 192.167.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ! ip access-list extended VPN-60-vpn-selectors1 permit ip 192.167.1.0 0.0.0.255 192.168.3.0 0.0.0.255 ! ip access-list extended VPN-70-vpn-selectors permit ip 192.167.1.0 0.0.0.255 192.168.125.0 0.0.0.255 log ! ip access-list extended web-acl-10 remark Remote Admin permit tcp any any eq telnet log remark Remote Admin permit tcp any any eq telnet log permit tcp any any eq ssh log permit icmp any any echo log ! ip access-list extended web-acl-14 remark ACSERVX permit ip host 192.167.1.204 any ! ip access-list extended web-acl-15 remark Voxitas to I3 SIP & RTP, UDP & TCP permit tcp any host 67.152.240.226 range 5004 5082 log permit udp any host 67.152.240.226 range 5004 5082 log permit tcp any host 67.152.240.226 range 10001 20000 log permit udp any host 67.152.240.226 range 10001 20000 log ! ip access-list extended web-acl-18 remark Allcomm1 permit ip host 192.167.1.200 any ! ip access-list extended web-acl-19 remark Allcomm1 permit tcp any host 67.152.240.228 eq ftp-data log permit tcp any host 67.152.240.228 eq ftp log permit tcp any host 67.152.240.228 eq smtp log permit tcp any host 67.152.240.228 eq www log permit tcp any host 67.152.240.228 eq 143 log permit tcp any host 67.152.240.228 eq https log permit tcp any host 67.152.240.228 eq 2000 log permit tcp any host 67.152.240.228 eq 3389 log permit tcp any host 67.152.240.228 eq 4125 log ! ip access-list extended web-acl-20 remark ACServX permit tcp any host 67.152.240.230 eq ftp-data log permit tcp any host 67.152.240.230 eq ftp log permit tcp any host 67.152.240.230 eq www log permit tcp any host 67.152.240.230 eq https log permit tcp any host 67.152.240.230 eq 2002 log ! ip access-list extended web-acl-21 remark Allcom2 permit ip host 192.167.1.201 any ! ip access-list extended web-acl-22 remark Allcom2 permit tcp any host 67.152.240.227 eq ftp-data log permit tcp any host 67.152.240.227 eq ftp log permit tcp any host 67.152.240.227 eq www log permit tcp any host 67.152.240.227 eq https log permit tcp any host 67.152.240.227 eq 2000 log ! ip access-list extended web-acl-23 remark BCM permit ip any any ! ip access-list extended web-acl-24 remark BCM ! ip access-list extended web-acl-24 remark BCM permit ip any any ! ip access-list extended web-acl-27 remark Traffic to Netvanta permit ip any any ! ip access-list extended web-acl-28 remark NAT list wizard-ics permit ip any any log ! ip access-list extended web-acl-8 remark ACTestBench permit ip any host 67.152.240.229 log ! ip access-list extended web-acl-9 remark ACTestBench permit ip host 192.167.1.250 any ! ip policy-class BCM allow list VPN-70-vpn-selectors stateless allow list web-acl-23 policy Private stateless allow list web-acl-27 self nat source list web-acl-28 interface vlan 2 overload ! ip policy-class Private allow list web-acl-24 policy BCM stateless allow list VPN-60-vpn-selectors1 allow list VPN-50-vpn-selectors1 allow list VPN-40-vpn-selectors1 allow list VPN-30-vpn-selectors1 allow list VPN-20-vpn-selectors stateless allow list VPN-70-vpn-selectors stateless allow list VPN-10-vpn-selectors stateless nat source list web-acl-18 address 67.152.240.228 overload nat source list web-acl-21 address 67.152.240.227 overload nat source list web-acl-9 address 67.152.240.229 overload nat source list web-acl-14 address 67.152.240.230 overload allow list self self nat source list wizard-ics interface vlan 2 overload ! ip policy-class Public allow reverse list VPN-70-vpn-selectors stateless allow reverse list VPN-10-vpn-selectors stateless allow reverse list VPN-60-vpn-selectors1 allow reverse list VPN-50-vpn-selectors1 allow reverse list VPN-40-vpn-selectors1 allow reverse list VPN-30-vpn-selectors1 stateless allow reverse list VPN-20-vpn-selectors stateless nat destination list web-acl-15 address 192.168.15.100 nat destination list web-acl-19 address 192.167.1.200 nat destination list web-acl-22 address 192.167.1.201 nat destination list web-acl-8 address 192.167.1.250 nat destination list web-acl-20 address 192.167.1.204 allow list web-acl-10 self ! ! nat source list web-acl-9 address 67.152.240.229 overload nat source list web-acl-14 address 67.152.240.230 overload allow list self self nat source list wizard-ics interface vlan 2 overload ! ip policy-class Public allow reverse list VPN-70-vpn-selectors stateless allow reverse list VPN-10-vpn-selectors stateless allow reverse list VPN-60-vpn-selectors1 allow reverse list VPN-50-vpn-selectors1 allow reverse list VPN-40-vpn-selectors1 allow reverse list VPN-30-vpn-selectors1 stateless allow reverse list VPN-20-vpn-selectors stateless nat destination list web-acl-15 address 192.168.15.100 nat destination list web-acl-19 address 192.167.1.200 nat destination list web-acl-22 address 192.167.1.201 nat destination list web-acl-8 address 192.167.1.250 nat destination list web-acl-20 address 192.167.1.204 allow list web-acl-10 self ! ! ! ip route 0.0.0.0 0.0.0.0 67.152.240.225 ! no ip tftp server no ip tftp server overwrite ip http server no ip http secure-server ip http language English no ip snmp agent no ip ftp server no ip scp server no ip sntp server ! ! ! ! ! ! ! ! ! line con 0 no login ! line telnet 0 4 login password encrypted 2f276d40e01aaad68379dff3045b5a8dbd9f no shutdown line ssh 0 4 login local-userlist no shutdown ! ! ! ! ! end |
| Время: 13:32 |