Configuration CISCO 827 - NAT - PAT - IPFW - pour Netissimo 1 & 2 en PPTP


version 12.2
no parser cache
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname flash.usenet-fr.net
!
logging buffered 16384 informational
logging rate-limit console 10 except errors
logging cns-events informational
enable secret 5 *******************************
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip icmp rate-limit unreachable 4
ip rcmd rsh-enable
ip rcmd remote-host jcmichot 10.0.0.1 jcmichot enable
no ip domain-lookup
ip domain-name usenet-fr.net
ip name-server 213.91.2.130
ip name-server 213.91.5.130
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.0.21
!
ip dhcp pool CLIENT
   import all
   network 10.0.0.0 255.0.0.0
   default-router 10.0.0.21 
   domain-name usenet-fr.net
   dns-server 213.91.2.130 213.91.5.130 
!
ip multicast-routing
ip inspect audit-trail
ip inspect tcp idle-time 604800
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 32 block-time 0
ip inspect name myfw cuseeme alert on audit-trail on timeout 3600
ip inspect name myfw http alert on audit-trail on timeout 3600
ip inspect name myfw rcmd alert on audit-trail on timeout 3600
ip inspect name myfw realaudio alert on audit-trail on timeout 3600
ip inspect name myfw smtp alert on audit-trail on timeout 3600
ip inspect name myfw tftp alert on audit-trail on timeout 30
ip inspect name myfw udp alert on audit-trail on timeout 15
ip inspect name myfw fragment maximum 8192 timeout 30
ip inspect name myfw ftp alert on audit-trail on
ip inspect name myfw tcp alert on audit-trail on
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
!
!
!
interface Loopback0
 no ip address
!
interface Ethernet0
 ip address 10.0.0.21 255.0.0.0
 ip nat inside
 no cdp enable
 hold-queue 32 in
!
interface ATM0
 no ip address
 no atm auto-configuration
 no atm ilmi-keepalive
 no atm address-registration
 no atm ilmi-enable
 pvc 0/16 ilmi
 !
 pvc 8/67 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 bundle-enable
 dsl operating-mode auto
 hold-queue 208 in
!
interface Dialer0
 ip address negotiated
 ip access-group 111 in
 ip accounting access-violations
 ip nat outside
 ip inspect myfw out
 encapsulation ppp
 keepalive 60
 dialer pool 1
 no cdp enable
 ppp ignore-loopback
 ppp authentication chap callin
 ppp chap hostname flash@usenet-fr.net
 ppp chap password 7 **********************
!
ip nat translation tcp-timeout 172800
ip nat translation udp-timeout 28800
ip nat translation finrst-timeout 28800
ip nat translation syn-timeout 28800
ip nat translation dns-timeout 3600
ip nat translation icmp-timeout 3600
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.0.1 25 interface Dialer0 25
ip nat inside source static tcp 10.0.0.1 80 interface Dialer0 80
ip nat inside source static tcp 10.0.0.1 22 interface Dialer0 22
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Null0 255
no ip http server
!
logging facility local0
logging 10.0.0.1
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 23 permit 213.91.0.0 0.0.127.255
access-list 23 permit 10.0.0.0 0.255.255.255
access-list 23 permit 172.16.0.0 0.15.255.255
access-list 23 permit 192.168.0.0 0.0.255.255
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any any eq 22
access-list 111 permit tcp 213.91.0.0 0.0.127.255 any eq telnet
access-list 111 permit tcp any any eq smtp
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq ident
access-list 111 permit udp 213.91.2.0 0.0.0.255 any eq snmp
access-list 111 permit tcp any any eq 443
access-list 111 permit tcp any any gt 1023
access-list 111 deny   ip any any log-input
no cdp run
snmp-server community usenet-fr RO 23
banner incoming ^C
flash.usenet-fr.net
^C
banner login ^C
flash.usenet-fr.net
^C
!
line con 0
 exec-timeout 120 0
 stopbits 1
line vty 0 4
 access-class 23 in
 exec-timeout 0 0
 password 7 ***************************
 login
!
scheduler max-task-time 5000
scheduler process-watchdog reload
scheduler interval 500
end