Высказывания, как я понял, риторические. Тем не менее, поясню: я не настраивал его с начала, а пытаюсь изучать только сейчас.
Ниже полный текст из файла конфигурации Cisco, выданного SDM. Первый сервер, на который Cisco исправно сбрасывает логии, 192.168.73.3. Я добавил через SDM второй адрес 192.168.73.8. Но сейчас, (впервые) просмотрев файл конфигурации, вижу, что в разделе ip flow-export по-прежнему значится только первый сервер. Т.е. я не смог в SDM выполнить полностью процесс добавления второго сервера? И попутно, поскольку здесь уже файл конфигурации, вопрос не по теме. Подскажите, пожалуйста, как исправить: в файлах логов, сбрасываемых с Cisco, время регистрации пакетов забегает на 1 час? Сейчас я борюсь с этим так - на Cisco ставлю время на 1 час меньше от действительного.
!This is the running config of the router: 192.168.64.1
!----------------------------------------------------------------------------
!version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname home
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 16384 debugging
logging console critical
enable secret 😃 😃 😃
!
username 😃 privilege 15 secret 😃 😃 😃
clock timezone Almaty 6
clock summer-time Almaty date Mar 30 2003 2:00 Oct 26 2003 3:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
no ip bootp server
ip domain name home.net
ip name-server 80.89.128.98
ip name-server 194.84.236.2
no ftp-server write-enable
!
!
!
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
no ip proxy-arp
ip route-cache policy
ip route-cache flow
!
interface Ethernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address 80.89.129.162 255.255.255.240
ip access-group sdm_ethernet0_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache policy
ip route-cache flow
ip policy route-map MAP
half-duplex
no cdp enable
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$$INTF-INFO-10/100 Ethernet$
ip address 192.168.64.1 255.255.192.0
ip access-group sdm_fastethernet0_in in
ip access-group sdm_fastethernet0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache policy
ip route-cache flow
speed auto
no cdp enable
!
ip nat inside source list group73 interface Ethernet0 overload
ip nat inside source list group75 interface Ethernet0 overload
ip nat inside source static network 192.168.73.3 80.89.129.188 /32
ip nat inside source static network 192.168.73.6 80.89.129.189 /32
ip classless
ip route 0.0.0.0 0.0.0.0 80.89.129.161
ip route 80.89.129.187 255.255.255.255 FastEthernet0
ip flow-export destination 192.168.73.3 45678
ip http server
ip http authentication local
!
ip access-list standard group73
remark INSIDE_IF=FastEthernet0
remark SDM_ACL Category=2
permit 192.168.73.0 0.0.0.255
ip access-list standard group74
remark INSIDE_IF=FastEthernet0
remark SDM_ACL Category=2
permit 192.168.74.0 0.0.0.255
ip access-list standard group75
remark INSIDE_IF=FastEthernet0
remark SDM_ACL Category=2
permit 192.168.75.0 0.0.0.255
!
ip access-list extended sdm_ethernet0_in
remark SDM_ACL Category=1
permit ip any host 80.89.129.162
permit ip any host 80.89.129.188
permit ip any host 80.89.129.187
permit ip any host 80.89.129.189
deny udp 65.54.227.0 0.0.0.255 any
ip access-list extended sdm_fastethernet0_in
remark SDM_ACL Category=1
deny tcp any eq 7887 any eq 7887
deny udp any eq netbios-ns any eq netbios-ns
deny tcp any eq 135 any eq 135
deny tcp any eq 139 any eq 139
deny tcp any eq 445 any eq 445
permit ip host 192.168.73.2 any
permit ip host 192.168.73.3 any
permit ip host 192.168.73.4 any
deny ip host 192.168.73.5 any
deny ip host 192.168.73.6 any
deny ip host 192.168.73.7 any
permit ip host 192.168.73.8 any
permit ip host 192.168.73.9 any
permit ip host 192.168.75.2 any
permit ip host 192.168.75.3 any
deny ip host 192.168.75.4 any
permit ip host 192.168.75.5 any
permit ip host 192.168.75.6 any
permit ip host 192.168.75.7 any
permit ip host 192.168.75.8 any
deny ip host 192.168.75.9 any
permit ip host 192.168.75.10 any
permit ip host 192.168.75.11 any
permit ip host 192.168.75.12 any
permit ip host 192.168.75.13 any
deny tcp host 192.168.75.14 any eq smtp
permit ip host 192.168.75.14 any
permit ip host 192.168.75.15 any
permit ip host 192.168.75.16 any
permit ip host 192.168.75.17 any
deny ip host 192.168.75.18 any
permit ip host 192.168.75.19 any
permit ip host 192.168.75.21 any
permit ip host 80.89.129.187 any
ip access-list extended sdm_fastethernet0_out
remark SDM_ACL Category=1
deny tcp any host 192.168.73.3 eq ftp
deny udp any eq netbios-ns any eq netbios-ns
deny tcp any eq 135 any eq 135
deny tcp any eq 139 any eq 139
deny tcp any eq 445 any eq 445
permit ip any any
!
logging trap debugging
logging 192.168.73.3
logging 192.168.73.8
access-list 108 permit ip any 192.168.0.0 0.0.255.255
no cdp run
route-map MAP permit 10
match ip address 108
set interface Loopback0 FastEthernet0
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
scheduler interval 500
!
end