отмена
Отображаются результаты для 
Вместо этого искать 
Вы имели в виду: 
Объявления
Добро пожаловать в Сообщество Технической поддержки Cisco. Мы рады получить обратную связь .
New Member

Массовый проброс портов на cisco 1921

Greetings Komrad! Had the task immediately connect Polycom for Cisco. And if you believe his website there are plenty of range for Adio and video, namely: 1024-65535 Dynamic TCP H245 1024-65535 Dynamic UDP - RTP (image data) 1024-65535 Dynamic UDP - RTP (audio data) Prompt how massively port forwarding on Cisco, to all who are bursting with vneshke to these ports, you get on the best cover those ports specified address. This is the current configuration:









Code:
Configuration ... Building Current configuration: 7020 bytes!! Last configuration change at 10:48:26 UTC Thu Nov December 2015 francyz by! Version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service internal no service dhcp! Hostname dbt_vlg! Boot-start-marker boot-end -marker!! enable password 7 ************! aaa new-model!! aaa authentication login default local aaa authorization exec default local!!!!! aaa session-id common!! no ipv6 cef ip source-route ip cef!!! ip multicast-routing!! ip domain name DOMAIN ip name-server 83.221.202.254 ip name-server 8.8.8.8 ip inspect WAAS flush-timeout 10! multilink bundle-name authenticated redundancy!! !! ip ssh version 1!! crypto isakmp policy 1  encr 3des  hash md5  authentication pre-this content share  group 2 crypto isakmp key address 0.0.0.0 0.0.0.0 dbtkey!! crypto ipsec transform-set esp-3des dmvpn_ts esp-md5-hmac  mode transport! crypto ipsec profile dmvpn_profile  set transform-set dmvpn_ts!!!!!! interface Tunnel1  description DMVPN  ip address 255.255.255.224 10.0.0.1  no ip redirects  ip mtu 1400  ip nhrp authentication nhrpkey  ip nhrp map multicast dynamic  ip nhrp network-id 2014  ospf message authentication ip-digest  ip ospf authentication-key 7 ********  ip ospf network broadcast  ip ospf hello-interval 3  ip ospf priority 100  tunnel source GigabitEthernet0 / 1  tunnel mode gre multipoint  tunnel key 2014  tunnel protection ipsec profile dmvpn_profile! interface GigabitEthernet0 / 0  description LAN  ip address 192.168.0.1 255.255.255.0  ip nat inside  ip virtual-reassembly in  duplex auto  speed auto! interface GigabitEthernet0 / 1  description INTERNET  ip address <external address> 255.255.255.252  ip access-group LANNET- in in  ip nat outside  ip virtual-reassembly in  duplex auto  speed auto! router ospf 10  router-id 1.1.1.1  auto-cost reference-bandwidth 1000  area 0 message-digest authentication  area 192.168.0.0 authentication message-digest  redistribute static subnets  passive- default interface  no passive-interface Tunnel1  network 10.0.0.0 0.0.0.31 area 0  network 192.168.0.0 0.0.0.255 area 192.168.0.0! ip forward-protocol nd! no ip http server no ip http secure-server! ip nat inside source list internet_to_lan interface GigabitEthernet0 / 1 overload ip nat inside source static tcp 192.168.0.1 22 <external address> 22 extendable ip nat inside source static tcp 192.168.0.7 554 <external address> 554 extendable ip nat inside source static udp 192.168.0.7 554 <Appearance address> 554 extendable ip nat inside source static tcp 192.168.0.7 555 <external address> 555 extendable ip nat inside source static tcp 192.168.0.200 1503 <external address> 1503 extendable ip nat inside source static udp 192.168.0.200 1718 <external address> 1718 extendable ip nat inside source static udp 192.168.0.200 1719 <external address> 1719 extendable ip nat inside source static tcp 192.168.0.200 1720 <external address> 1720 extendable ip nat inside source static tcp 192.168.0.200 1731 <external address> 1731 extendable ip nat inside source static tcp 192.168.0.7 3080 <external address> 3080 extendable ip nat inside source static tcp 192.168.0.7 3081 <external address> 3081 extendable ip nat inside source static tcp 192.168.0.8 5000 <external address> 5000 extendable ip nat inside source static tcp 192.168.0.8 5001 <external address> 5001 extendable ip nat inside source static tcp 192.168.0.7 8080 <external address> 8080 extendable ip nat inside source static tcp 192.168.0.5 13000 <external address> 13000 extendable ip nat inside source static tcp 192.168.0.5 14000 <external address> 14000 extendable ip nat inside source static udp 192.168.0.5 15000 <external address> 15000 extendable ip nat inside source static tcp 192.168.0.2 3389 <external address> 51788 extendable ip route 0.0.0.0 0.0 .0.0 <hostname>! ip access-list extended LANNET-in  permit icmp any any  permit tcp any any established  remark DNS  permit udp any host <external address> eq domain  permit tcp any host <external address> eq domain  permit udp any any  remark WEB  permit tcp any host <external address> eq www  permit tcp any host <external address> eq 443  remark FILE  permit tcp any host <external address> eq 445  permit tcp any host <external address> range 5000 5001  permit tcp any host < External address> gt 1024  remark MAIL  permit tcp any host <external address> eq pop3  permit tcp any host <external address> eq smtp  permit tcp any host <external address> eq 143  permit tcp any host <external address> eq 465  permit tcp any host <external address> eq 993  remark AVP  permit tcp any host <external address> eq 13000  permit tcp any host <external address> eq 14000  permit udp any host <external address> eq 15000  remark HOST  permit ip host <external address> host < External address>  permit ip host <external address> host <external address>  remark RDP  permit tcp any host <external address> eq 51788  remark SBIS  permit tcp any host <external address> eq 50110  permit tcp any host <external address> eq 50025  remark TRASSIR  permit tcp any host <external address> range 3080 3081  permit tcp any host <external address> range 554 555  permit tcp any host <external address> eq 8080  remark POLYCOM  permit tcp any host <external address> range 14085 15084  permit tcp any host <external address> range 3230 3235  permit udp any host <external address> range 16386 25386  permit udp any host <external address> eq 1719  permit tcp any host <external address> eq 1720  permit udp any host <external address> range 3230 3280  permit tcp any host <external address> eq 1503  permit udp any host <external address> eq 1718  permit tcp any host <external address> eq 1731 ip access-list extended internet_to_lan  permit ip 192.168.0.0 0.0.0.255 any! dialer-list 1 protocol permit ip!!!!!










































































































































































































I rummaged through the Internet and found some of the Old pools. It turns out that I need to traverse to create a pool:

ip nat pool Polycom 192.168.0.200 192.168.0.200 netmask 255.255.255.0 type rotary

Make a right

ip access-list extended aclPolycom

permit tcp any host <external address> range 1024 65565

permit udp any host <external address> range 1024 65565

And then create a rule

ip nat inside destination list aclPolycom pool Polycom



Please tell me, what do you need to add for port forwarding or a mass that will be enough?

  • Маршрутизация и коммутация (Routing and Switching)
Теги (2)
1 ОТВЕТ
Bronze

Добрый день.

Добрый день.

Сергей, я так понимаю, что русский язык Вы понимаете.

Вам необходимо просто выпустить поликом в интернет или сделать его доступным из интернета по динамическим портам (т.е. если сессию по динамическому порту инициализирует не поликом)? Если соединение по динамическому порту будет инициализироваться со стороны телефона - то можно обойтись обычным NAT (ip ant inside source list XXX interface YYY overload + access-list XXX permit host/network host/any). Многие SIP устройства могут работать в таком режиме (не знаю про поликомы).

Но если сессия по динамическим портам инециируется со стороны сервера и есть необходимость пробросить порты, то (с Вашим диапазоном портов, где пробрасываются практически все порты) проще сделать статический NAT (ip nat inside source static IP_inside IP_outside).

158
Просмотры
5
Полезный материал
1
Ответы