Total Tayangan Halaman

Senin, 09 November 2009

Setting Cisco

Rule:
1. memiliki 1 server dengan ip publik (202.x.x.3) tetapi diletakkan di belakang core router
2. lokal dapat mengakses internet
3. internet hanya dapat mengakses 202.x.x.3 port 21, 22, 80
4. lokal dapat mengakses jaringankhusus

Konfigurasi:
-- (1) Core router --
1.. enable
2.. configure terminal
3.. ip route 0.0.0.0 0.0.0.0 202.x.x.1
4.. ip nat inside source list 110 interface FastEthernet0/0.4 overload
5.. access-list 110 permit ip any 118.x.x.0 0.0.0.255
6.. ip nat inside source route-map jaringankhusus interface FastEthernet0/0.4 overload
7.. ip nat inside source list 111 interface fastethernet0/1 overload
8.. access-list 111 deny 118.x.x.0 0.0.0.255
9.. access-list 111 permit ip any any
10. route-map jaringankhusus permit 10
11. match ip address 112
12. match interface FastEthernet0/0.4
13. access-list 112 permit tcp 192.168.1.0 0.0.0.255 118.x.x.0 0.0.0.255
14. ip nat inside source static 192.168.1.2 202.x.x.3
15. interface fastethernet0/0.2
16. encapsulation dot1q 2
17. ip address 192.168.1.1 255.255.255.248
18. ip nat inside
19. interface fastethernet0/0.3
20. encapsulation dot1q 3
21. ip address 192.168.1.129 255.255.255.128
22. ip nat inside
23. interface FastEthernet0/0.4
24. encapsulation dot1Q 4
25. ip address 118.x.x.1 255.255.255.0
26. ip nat outside
27. interface fastethernet0/1
28. ip address 202.x.x.2 255.255.255.248
29. ip access-group trafikmasuk in
30. ip access-group trafikkeluar out
31. ip nat outside
32. exit
33. ip access-list extended trafikmasuk
34. evaluate initdaridalamtcp
35. evaluate initdaridalamudp
36. permit ip any host 202.x.x.3 range 21 22 reflect initdariluar
37. permit ip any host 202.x.x.3 eq 80 reflect initdariluar
38. ip access-list extended trafikkeluar
39. evaluate initdariluar
40. permit tcp any any reflect initdaridalamtcp
41. permit udp any any reflect initdaridalamudp
42. end
43. copy running-config startup-config

-- (2) Core switch --
1.. enable
2.. configure terminal
3.. vlan 2
4.. name server
5.. vlan 3
6.. name user
7.. interface fastethernet0/0
8.. switchport mode trunk
9.. interface fastethernet0/1
10. switchport access vlan 3
11. switchport mode access
12. interface fastethernet0/2
13. switchport access vlan 2
14. switchport mode access
15. interface fastethernet0/3
16. switchport access vlan 4
17. switchport mode access
18. end
19. copy running-config startup-config
Diposting oleh basit pada 16.07
Label: , ,

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)