Ok Here is what I current have as the Router configuration.
(All personal Public IP's have been changed to 1.1.1.1)
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$SnEf$7OWjg84jnf9OoMWLKQKX1
!
!
!
!
!
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
!
!
interface FastEthernet0/0
description connected to Production
ip address 172.16.64.1 255.255.224.0
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description connected to Internet
ip address 1.1.1.1 255.255.255.224
ip access-group 104 in
no ip directed-broadcast
ip nat outside
no ip mroute-cache
!
interface FastEthernet0/1
description connected to Classroom
ip address 172.16.96.1 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
interface Ethernet1/0
description connected to DMZ
ip address 172.16.128.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
ip nat pool Router-natpool-1 1.1.1.2 1.1.1.30netmask 255.255.255.2
ip nat inside source list 1 pool Router-natpool-1 overload
ip nat inside source static 172.16.64.250 1.1.1.15
ip nat inside source static 172.16.64.200 1.1.1.20
ip nat inside source static 172.16.128.2 1.1.1.6
ip nat inside source static 172.16.128.6 1.1.1.8
ip nat inside source static 172.16.128.3 1.1.1.4
ip nat inside source static 172.16.128.4 1.1.1.7
ip nat inside source static 172.16.64.100 1.1.1.25
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 172.16.96.0 0.0.0.255
access-list 1 permit 172.16.128.0 0.0.0.255
access-list 1 permit 172.16.64.0 0.0.31.255
access-list 101 permit tcp any host 172.16.96.1 eq telnet
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 3389
snmp-server engineID local 000000090200003094F73F40
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password ??????
login
transport input none
line aux 0
password ??????
login
line vty 0 4
password ??????
login
!
no scheduler allocate
end
Here is what I am having issues with.
I want to implement an access list to the Serial0/0 connection that would prevent traffic from coming into the router. For tcp ports 25, 110 & 80 and I want allow to a particular server (172.16.128.2)
I also want to configure the router to send nothing back with an icmp packet is sent to it.
Here is what I have attempted.
<config>interface serial0/0
<config-if#>ip access-group 104 in
<config>access-list 104 permit tcp any host 172.16.128.2 eq 25
<config>access-list 104 permit tcp any host 172.16.128.2 eq 110
<config>access-list 104 permit tcp any host 172.16.128.2 eq 80
When I implement this scenario I can't even access the internet or ping a remote from INSIDE the router.
Anything would help
Thanks
MagnumVP
(All personal Public IP's have been changed to 1.1.1.1)
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$SnEf$7OWjg84jnf9OoMWLKQKX1
!
!
!
!
!
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
!
!
interface FastEthernet0/0
description connected to Production
ip address 172.16.64.1 255.255.224.0
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description connected to Internet
ip address 1.1.1.1 255.255.255.224
ip access-group 104 in
no ip directed-broadcast
ip nat outside
no ip mroute-cache
!
interface FastEthernet0/1
description connected to Classroom
ip address 172.16.96.1 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
interface Ethernet1/0
description connected to DMZ
ip address 172.16.128.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
ip nat pool Router-natpool-1 1.1.1.2 1.1.1.30netmask 255.255.255.2
ip nat inside source list 1 pool Router-natpool-1 overload
ip nat inside source static 172.16.64.250 1.1.1.15
ip nat inside source static 172.16.64.200 1.1.1.20
ip nat inside source static 172.16.128.2 1.1.1.6
ip nat inside source static 172.16.128.6 1.1.1.8
ip nat inside source static 172.16.128.3 1.1.1.4
ip nat inside source static 172.16.128.4 1.1.1.7
ip nat inside source static 172.16.64.100 1.1.1.25
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 172.16.96.0 0.0.0.255
access-list 1 permit 172.16.128.0 0.0.0.255
access-list 1 permit 172.16.64.0 0.0.31.255
access-list 101 permit tcp any host 172.16.96.1 eq telnet
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 3389
snmp-server engineID local 000000090200003094F73F40
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password ??????
login
transport input none
line aux 0
password ??????
login
line vty 0 4
password ??????
login
!
no scheduler allocate
end
Here is what I am having issues with.
I want to implement an access list to the Serial0/0 connection that would prevent traffic from coming into the router. For tcp ports 25, 110 & 80 and I want allow to a particular server (172.16.128.2)
I also want to configure the router to send nothing back with an icmp packet is sent to it.
Here is what I have attempted.
<config>interface serial0/0
<config-if#>ip access-group 104 in
<config>access-list 104 permit tcp any host 172.16.128.2 eq 25
<config>access-list 104 permit tcp any host 172.16.128.2 eq 110
<config>access-list 104 permit tcp any host 172.16.128.2 eq 80
When I implement this scenario I can't even access the internet or ping a remote from INSIDE the router.
Anything would help
Thanks
MagnumVP