Ruteru je posao da lokalnu mrezu 192.168.10.0/24 gura na net, a postoji i mreza 192.168.11.0/24 u koju upadaju VPN client korisnici.
VPN client je onaj pravi cisco-v skolski.
Ono za cim postoji potreba je se racunari koji prilaze preko VPN klijenta mapiraju u staticki unapred odredjene adrese. Sto znaci da se ja kao Osoba1 mapiram u 192.168.11.10, neko drugi kao Osoba2 mapira u 192.168.11.11 itd... Da li neko ima ikakvu ideju kako bih to mogao da odradim? Meni za sada kao resenje je jedino da se na nekom serveru podigne DHCP server i odrade ta mapiranja, a da Cisco 1841 bude dhcp-relay i da zahteve gura na DHCP server, ali nisam siguran da bi to radilo kako treba.
Building configuration...
Current configuration : 2929 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxxxxxx
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.124-23.bin
boot-end-marker
!
enable secret 5 $1$OxxxxxxxeTe$Ltmg6uI6s7zIafyiEQK15.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
no ip domain lookup
!
!
!
username xxxxx privilege 15 password 7 1416XxxxxxxxB2F37246B63
username xxxxxx privilege 15 password 7 00554xxxxx
username veXxxx privilege 15 password 7 02100109Xxxxxxx
username Xxxxxx privilege 15 password 7 Xxxxxxxx0B20
!
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxxxxx
key xxxxxxx
dns 192.168.10.2
pool ippool
acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
description INTERNET
ip address 213.244.xxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
crypto map clientmap
!
interface FastEthernet0/1
description LAN
ip address 192.168.10.1 255.255.255.0
ip access-group DENY-HTTP in
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
ip local pool ippool 192.168.11.1 192.168.11.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 213.244.xxx.xxx
!
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.10.2 25 213.244.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.10.2 110 213.244.xxx.xxx 110 extendable
ip nat inside source static tcp 192.168.10.14 3389 213.244.xxx.xxx 3389 extendabl
e
!
ip access-list extended DENY-HTTP
deny tcp host 192.168.10.16 any eq www log
deny tcp host 192.168.10.18 any eq www log
deny tcp host 192.168.10.20 any eq www log
deny tcp host 192.168.10.22 any eq www log
permit ip any any
!
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 102 permit ip any any
snmp-server community xxxxxxxx RO
route-map nonat permit 10
match ip address 102
!
!
!
control-plane
!
banner login ^C VLASNISTVO Xxxxxxxxx. NEOVLASCENI PRISTUP ZABRANJEN! ^C
!
line con 0
exec-timeout 35791 0
line aux 0
line vty 0 4
exec-timeout 35791 0
transport input telnet
line vty 5 15
exec-timeout 35791 0
transport input telnet
!
scheduler allocate 20000 1000
end