cisco3825不能配置telnet?
Giga0/0口接网通宽带,Fa1/1口接联通宽带。218.25.25.1是网通外网网关,这个网关可以在外网Ping通。但是Giga0/0口ping不通也不能telnet,可是对内服务器做的静态映射是没问题的。也没做什么限制啊?请指点 感谢啦!!
——————————————————————————————
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco3825
!
boot-start-marker
boot-end-marker
!
enable password xxxxx
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
interface GigabitEthernet0/0
description Connect To CNC
ip address 218.25.25.xx 255.255.255.240
ip access-group 101 in
ip nat outside
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
description Connect To Pix525
ip address 10.10.11.1 255.255.255.0
ip access-group 101 in
ip nat inside
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 192.168.156.2 255.255.255.0
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 218.25.25.1
ip route 0.0.0.0 0.0.0.0 192.168.156.1 50
ip route 10.10.10.0 255.255.255.0 10.10.11.2
ip route 10.10.12.0 255.255.255.0 10.10.11.2
ip route 58.192.0.0 255.240.0.0 192.168.156.1
ip route 59.64.0.0 255.240.0.0 192.168.156.1
ip route 61.200.81.134 255.255.255.255 192.168.156.1
ip route 63.84.162.154 255.255.255.255 192.168.156.1
ip route 63.240.213.214 255.255.255.255 192.168.156.1
ip route 66.45.232.66 255.255.255.255 192.168.156.1
ip route 121.48.0.0 255.254.0.0 192.168.156.1
ip route 121.192.0.0 255.252.0.0 192.168.156.1
ip route 125.216.0.0 255.248.0.0 192.168.156.1
ip route 128.253.187.78 255.255.255.255 192.168.156.1
ip route 129.35.76.226 255.255.255.255 192.168.156.1
ip route 129.41.4.140 255.255.255.255 192.168.156.1
ip route 130.44.194.100 255.255.255.255 192.168.156.1
ip route 132.174.11.11 255.255.255.255 192.168.156.1
ip route 140.98.193.112 255.255.255.255 192.168.156.1
ip route 141.66.18.186 255.255.255.255 192.168.156.1
ip route 159.226.100.141 255.255.255.255 192.168.156.1
ip route 160.109.110.127 255.255.255.255 192.168.156.1
ip route 162.105.0.0 255.255.0.0 192.168.156.1
ip route 162.105.138.191 255.255.255.255 192.168.156.1
ip route 162.105.139.72 255.255.255.255 192.168.156.1
ip route 162.105.139.74 255.255.255.255 192.168.156.1
ip route 162.105.139.91 255.255.255.255 192.168.156.1
ip route 162.105.139.101 255.255.255.255 192.168.156.1
ip route 162.105.139.118 255.255.255.255 192.168.156.1
ip route 162.105.139.173 255.255.255.255 192.168.156.1
ip route 165.193.106.134 255.255.255.255 192.168.156.1
ip route 166.111.0.0 255.255.0.0 192.168.156.1
ip route 166.111.120.42 255.255.255.255 192.168.156.1
ip route 166.111.120.52 255.255.255.255 192.168.156.1
ip route 166.111.120.80 255.255.255.255 192.168.156.1
ip route 166.111.120.84 255.255.255.255 192.168.156.1
ip route 166.111.120.89 255.255.255.255 192.168.156.1
ip route 166.111.120.95 255.255.255.255 192.168.156.1
ip route 167.68.7.224 255.255.255.255 192.168.156.1
ip route 167.216.165.85 255.255.255.255 192.168.156.1
ip route 168.160.1.111 255.255.255.255 192.168.156.1
ip route 168.160.50.68 255.255.255.255 192.168.156.1
ip route 171.66.121.166 255.255.255.255 192.168.156.1
ip route 171.66.122.62 255.255.255.255 192.168.156.1
ip route 192.58.150.35 255.255.255.255 192.168.156.1
ip route 192.87.50.4 255.255.255.255 192.168.156.1
ip route 192.168.88.3 255.255.255.255 192.168.156.1
ip route 192.195.245.116 255.255.255.255 192.168.156.1
ip route 192.195.245.140 255.255.255.255 192.168.156.1
ip route 193.63.84.98 255.255.255.255 192.168.156.1
ip route 193.131.119.113 255.255.255.255 192.168.156.1
ip route 193.194.158.35 255.255.255.255 192.168.156.1
ip route 193.194.158.44 255.255.255.255 192.168.156.1
ip route 193.194.158.47 255.255.255.255 192.168.156.1
ip route 193.194.158.54 255.255.255.255 192.168.156.1
ip route 193.194.158.109 255.255.255.255 192.168.156.1
ip route 193.194.158.217 255.255.255.255 192.168.156.1
ip route 198.17.75.54 255.255.255.255 192.168.156.1
ip route 198.81.200.2 255.255.255.255 192.168.156.1
ip route 199.1.202.51 255.255.255.255 192.168.156.1
ip route 202.4.128.0 255.255.224.0 192.168.156.1
ip route 202.38.64.0 255.255.192.0 192.168.156.1
ip route 202.38.126.22 255.255.255.255 192.168.156.1
ip route 202.38.126.178 255.255.255.255 192.168.156.1
ip route 202.38.140.0 255.255.254.0 192.168.156.1
ip route 202.38.184.0 255.255.248.0 192.168.156.1
ip route 202.38.192.0 255.255.192.0 192.168.156.1
ip route 202.108.59.115 255.255.255.255 192.168.156.1
ip route 202.108.59.119 255.255.255.255 192.168.156.1
ip route 202.112.0.0 255.248.0.0 192.168.156.1
ip route 202.117.24.168 255.255.255.255 192.168.156.1
ip route 202.119.47.112 255.255.255.255 192.168.156.1
ip route 202.119.47.137 255.255.255.255 192.168.156.1
ip route 202.120.0.0 255.254.0.0 192.168.156.1
ip route 202.120.13.127 255.255.255.255 192.168.156.1
ip route 202.120.13.242 255.255.255.255 192.168.156.1
ip route 202.127.18.149 255.255.255.255 192.168.156.1
ip route 202.127.216.0 255.255.248.0 192.168.156.1
ip route 202.127.224.0 255.255.224.0 192.168.156.1
ip route 202.179.240.0 255.255.240.0 192.168.156.1
ip route 202.192.0.0 255.240.0.0 192.168.156.1
ip route 202.192.41.1 255.255.255.255 192.168.156.1
ip route 202.205.10.48 255.255.255.255 192.168.156.1
ip route 203.91.120.0 255.255.248.0 192.168.156.1
ip route 203.207.228.5 255.255.255.255 192.168.156.1
ip route 204.153.51.29 255.255.255.255 192.168.156.1
ip route 204.179.122.201 255.255.255.255 192.168.156.1
ip route 205.243.231.154 255.255.255.255 192.168.156.1
ip route 206.65.170.81 255.255.255.255 192.168.156.1
ip route 207.24.42.73 255.255.255.255 192.168.156.1
ip route 208.215.179.155 255.255.255.255 192.168.156.1
ip route 208.215.179.162 255.255.255.255 192.168.156.1
ip route 209.116.81.5 255.255.255.255 192.168.156.1
ip route 210.25.0.0 255.255.128.0 192.168.156.1
ip route 210.25.128.0 255.255.192.0 192.168.156.1
ip route 210.26.0.0 255.254.0.0 192.168.156.1
ip route 210.28.0.0 255.252.0.0 192.168.156.1
ip route 210.30.222.0 255.255.255.0 10.10.11.2
ip route 210.30.223.0 255.255.255.0 10.10.11.2
ip route 210.32.0.0 255.240.0.0 192.168.156.1
ip route 210.32.33.150 255.255.255.255 192.168.156.1
ip route 210.34.14.15 255.255.255.255 192.168.156.1
ip route 210.34.17.180 255.255.255.255 192.168.156.1
ip route 210.192.100.149 255.255.255.255 192.168.156.1
ip route 210.192.125.121 255.255.255.255 192.168.156.1
ip route 211.64.0.0 255.248.0.0 192.168.156.1
ip route 211.68.23.74 255.255.255.255 192.168.156.1
ip route 211.80.0.0 255.248.0.0 192.168.156.1
ip route 211.99.41.6 255.255.255.255 192.168.156.1
ip route 211.100.19.236 255.255.255.255 192.168.156.1
ip route 211.151.89.41 255.255.255.255 192.168.156.1
ip route 211.151.90.248 255.255.255.255 192.168.156.1
ip route 211.151.91.65 255.255.255.255 192.168.156.1
ip route 211.155.255.48 255.255.255.255 192.168.156.1
ip route 211.157.107.202 255.255.255.255 192.168.156.1
ip route 212.87.150.218 255.255.255.255 192.168.156.1
ip route 213.212.74.245 255.255.255.255 192.168.156.1
ip route 216.52.36.1 255.255.255.255 192.168.156.1
ip route 216.143.112.80 255.255.255.255 192.168.156.1
ip route 216.200.62.206 255.255.255.255 192.168.156.1
ip route 216.235.246.70 255.255.255.255 192.168.156.1
ip route 218.98.0.198 255.255.255.255 192.168.156.1
ip route 218.192.0.0 255.248.0.0 192.168.156.1
ip route 218.246.21.132 255.255.255.255 192.168.156.1
ip route 219.216.0.0 255.248.0.0 192.168.156.1
ip route 219.224.0.0 255.248.0.0 192.168.156.1
ip route 219.224.17.253 255.255.255.255 192.168.156.1
ip route 219.242.0.0 255.254.0.0 192.168.156.1
ip route 219.244.0.0 255.252.0.0 192.168.156.1
ip route 220.194.54.77 255.255.255.255 192.168.156.1
ip route 222.16.0.0 255.240.0.0 192.168.156.1
ip route 222.76.201.81 255.255.255.255 192.168.156.1
ip route 222.192.0.0 255.240.0.0 192.168.156.1
!
ip http server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static 10.10.12.3 218.25.25.3
ip nat inside source static 10.10.12.4 218.25.25.4
!
access-list 1 permit any
access-list 101 deny tcp any any eq 135
access-list 101 deny udp any any eq 135
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 445
access-list 101 deny udp any any eq 593
access-list 101 deny udp any any eq 1434
access-list 101 deny udp any any eq netbios-ss
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxx
login
!
scheduler allocate 20000 1000
!
end
Cisco3825#
补充:
这个配置文件是另外一个用户3825的配置文件,这个就可以telnet。不知道怎么回事。
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco3825
!
boot-start-marker
boot-end-marker
!
enable password xxxxx!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
interface GigabitEthernet0/0
ip address 221.203.112.xxx 255.255.255.224
ip access-group 101 in
ip nat outside
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
ip address 10.10.10.1 255.255.255.0
ip access-group 101 in
ip nat inside
duplex auto
speed auto
media-type rj45
negotiation auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 221.203.112.193
ip route 192.168.0.0 255.255.255.0 10.10.10.2
!
ip http server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 deny tcp any any eq 135
access-list 101 deny udp any any eq 135
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 445
access-list 101 deny udp any any eq 593
access-list 101 deny udp any any eq 1434
access-list 101 deny udp any any eq netbios-ss
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxx
login
!
scheduler allocate 20000 1000
!
end
顶部
网友2:
有可能是路由不可达 你有两条互联网线路 涉及到线路选择
网友3:
基本确定路由问题。ping不到当然不能telnet
网友4:
ip nat inside source list 1 interface GigabitEthernet0/0 overload
access-list 1 permit any
这个的问题.
不要对any做NAT,应该写具体需要被NAT的网段.
正好昨天我也遇到了这个问题,外口能ping通,不能telnet.内口就正常.
修改NAT的ACL后就好了
Powered by IXPUB.Net © 2001-2007 All Right Reserved. 
