Здравствуйте
Случилось тут такая неприятность
В цисках я не специалист только пытаюсь учиться. И вот я решил закрыть p2p сети и месенджеры на CISCO 2851 при помощи софта SDM и после этого перекрылся 21 порт. Я убрал все запреты но связь по 21 порту так и не появилась. Былобы это все ерундой еслибы не банк клинт который работает через 21 порт . Подскажите где могут быть грабли ?sh access-list
Standard IP access list NAT
10 permit 192.168.15.0, wildcard bits 0.0.0.255 (27940 matches)
clear access-list
не помогает
интерфейсы
Внешний
GigabitEthernet0/1 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0016.c82b.5a61 (bia 0016.c82b.5a61)
Description: $ETH-LAN$
Internet address is xx.xx.xx.xx/30
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is T
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 9000 bits/sec, 8 packets/sec
5 minute output rate 5000 bits/sec, 8 packets/sec
3372 packets input, 1115233 bytes, 0 no buffer
Received 10 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
3348 packets output, 287859 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Внутренний
GigabitEthernet0/0.110 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0016.c82b.5a60 (bia 0016.c82b.5a60)
Internet address is 192.168.15.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 110.
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never
sh int
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 89.207.xx.xx 255.255.255.252
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
sh ip nat translation
Pro Inside global Inside local Outside local Outside global
tcp 89.207.xx.xx:6502 192.168.15.2:6501 --- ---
tcp 89.207.yy.yy:25 192.168.15.3:25 --- ---
tcp 89.207.yy.yy:80 192.168.15.3:80 --- ---
tcp 89.207.yy.yy:443 192.168.15.3:443 --- ---
tcp 89.207.89.yy:3389 192.168.15.3:3389 --- ---
tcp 89.207.89.xx:3389 192.168.15.4:3389 --- ---
tcp 89.207.95.xx:2916 192.168.15.15:2916 205.188.5.222:5190 205.188.5.222:519
tcp 89.207.95.xx:2917 192.168.15.15:2917 205.188.5.92:5190 205.188.5.92:5190
tcp 89.207.95.xx:2919 192.168.15.15:2919 195.208.94.164:21 195.208.94.164:21
tcp 89.207.95.xx:3148 192.168.15.15:3148 195.208.94.164:21 195.208.94.164:21
tcp 89.207.95.xx:3389 192.168.15.15:3389 --- ---
tcp 89.207.95.xx:80 192.168.15.31:80 195.64.132.9:4529 195.64.132.9:4529