... sample SOHO router configuration
Logging and timezones
Global IP routing, DHCP and other services
Content-based Access Control
Global PPPoE commands
Interfaces (eth, vlan, dialer)
DNS server
Network Address Translation
Access lists and route maps
NTP configuration
Line configuration
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SOHO-firewall
!
logging buffered 128000
logging persistent url flash:/
no logging console
enable secret *****
!
clock timezone CET 1
clock summer-time CDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
no ip source-route
!
ip cef
!
ip dhcp pool DHCP
network 192.168.200.192 255.255.255.240
default-router 192.168.200.193
dns-server 192.168.200.193
!
ip domain timeout 2
ip domain name mydomain.com
!
ip inspect name FW ftp
ip inspect name FW fragment maximum 256 timeout 1
ip inspect name FW icmp router-traffic
ip inspect name FW udp router-traffic
ip inspect name FW tcp router-traffic
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
l2tp tunnel receive-window 256
!
ip ftp source-interface Vlan1
!
bba-group pppoe global
!
interface FastEthernet0
description outside LAN
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 3
!
interface Vlan1
ip address 192.168.200.193 255.255.255.240
ip nat inside
ip virtual-reassembly
load-interval 30
!
interface Dialer3
description ADSL Uplink
ip address negotiated
ip access-group FW in
ip mtu 1492
ip nat outside
ip inspect FW out
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1400
dialer pool 3
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname *****
ppp chap password *****
ppp ipcp dns request accept
!
ip route 0.0.0.0 0.0.0.0 Dialer3
!
ip dns view default
domain timeout 2
domain resolver source-interface Vlan1
dns forwarder 208.67.220.220
dns forwarder 208.67.222.222
dns forwarding source-interface Vlan1
ip dns server
!
ip nat inside source route-map Dialer3 interface Dialer3 overload
!
ip access-list extended FW
permit icmp any any
permit udp host 129.132.97.15 eq ntp any
deny ip any any log
!
access-list 199 permit ip any any
dialer-list 1 protocol ip list 199
!
route-map Dialer3 permit 10
match interface Dialer3
!
ntp logging
ntp server 129.132.97.15 prefer
!
line con 0
login
password *****
line vty 0 4
password ****
login
access-class 90 in
transport input telnet ssh
!
end
No comments:
Post a Comment