Buat kalian para ciscoers mungkin config ini sangat amat awam n udah banyak sekali di internet, cuma ya namanya gw newbie n skalian buat arsip daripada entar ilang ya udah gw coretin aja di blog untung-untung klo pas ada yang butuh kan gw dapet pahala. Apakalagi klo pas ada yang copy paste wah tambah MLM tu pahala gue. Ni nyang mao gw post GRE Tunnel nyang punya kelemahan encripsi data dibanding IPSec ( gue tao pas interview di P****t Sy***m ).
BRANCH A
interface Tunnel0
description BRANCH A
ip address 192.168.100.1 255.255.255.252
tunnel source Serial0/0
tunnel destination 202.169.39.18
!
interface FastEthernet0/0
ip address 10.1.10.1 255.255.248.0 secondary
ip address 202.169.37.17 255.255.255.252 secondary
ip address 202.169.37.65 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 202.169.34.98 255.255.255.252
ip access-group 1 out
no ip proxy-arp
ip nat outside
no ip mroute-cache
no fair-queue
!
interface BRI0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip nat translation timeout 1800
ip nat translation tcp-timeout 1800
ip nat translation udp-timeout 1800
ip nat translation finrst-timeout 360
ip nat translation syn-timeout 360
ip nat translation dns-timeout 360
ip nat translation icmp-timeout 360
ip nat pool grp1 202.169.37.66 202.169.37.76 netmask 255.255.255.240
ip nat inside source list 1 pool grp1 overload
ip nat inside source static 10.1.10.210 202.169.37.69
ip nat inside source static 10.1.8.1 202.169.37.75
ip nat inside source static 10.1.8.9 202.169.37.78
ip nat inside source static 10.1.8.5 202.169.37.77
ip nat inside source static 10.1.10.211 202.169.37.66
ip classless
ip route 0.0.0.0 0.0.0.0 202.169.34.97
ip route 10.1.10.0 255.255.248.0 192.168.100.2
ip route 10.1.16.0 255.255.255.0 10.1.10.30
no ip http server
!
access-list 1 permit 10.0.0.0 0.255.255.255
BRANCH B
interface Tunnel0
description BRANCH B
ip address 192.168.100.2 255.255.255.252
tunnel source FastEthernet0/0
tunnel destination 202.169.34.98
!
interface FastEthernet0/0
description Interface Link Internet to Biznet
ip address 202.169.39.18 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description interface For LAN
ip address 10.1.16.2 255.255.255.0 secondary
ip address 10.1.9.2 255.255.248.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.169.39.17
ip route 10.1.9.0 255.255.248.0 192.168.100.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation tcp-timeout 3000
ip nat pool internal 202.169.39.19 202.169.39.19 netmask 255.255.255.248
ip nat inside source list 1 pool internal overload
ip nat inside source static 10.1.9.3 202.169.39.19
ip nat inside source static 10.1.9.20 202.169.39.20
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 23 permit 10.10.10.0 0.0.0.7
Semoga membantu ya ...
Tidak ada komentar:
Posting Komentar