Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

configure/tweak access-list

Status
Not open for further replies.
ChrisNL

ChrisNL

Technical User
Oct 3, 2003
2
NL
Hi all,

Ever since our it-guys delivered and configured our cisco router we are not able to download and upload files from/to ftp-servers correctly. After complaining many time I now would like to change it myself. The problem is only: I have no idea what's wrong and what to change. How to change it is no problem; I already figured that out...

Here's our configuration: (we are a small office using this cisco to connect to the internet in a secure environment).

============================================================
interface Dialer1
ip address negotiated
ip access-group 103 in
ip access-group 102 out
ip nat outside
encapsulation ppp
dialer pool 1
dialer fast-idle 300
dialer-group 1
ppp authentication pap callin
ppp pap sent-username <USERNAME> password 7 <ENCRYPTED PASSWORD>
!
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 3389 <OUR EXTERNAL IP-ADDRESS> 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
access-list 102 permit tcp any any eq telnet
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any gt 1023 any eq ftp-data
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq pop3
access-list 102 permit udp any any eq domain
access-list 102 permit tcp any any eq domain
!
access-list 103 permit tcp any eq telnet any
access-list 103 permit tcp any eq ftp any
access-list 103 permit tcp any eq ftp-data any gt 1024
access-list 103 permit tcp any eq access-list 103 permit tcp any eq 443 any
access-list 103 permit tcp any eq smtp any
access-list 103 permit tcp any eq pop3 any
access-list 103 permit udp any eq domain any
access-list 103 permit tcp any eq domain any
!
dialer-list 1 protocol ip permit
!
============================================================

Any other remarks/suggestions about this access-list? Please let me know! I'm very curious...
 
Sort by date Sort by votes
Have you tried editing yor ACL(s) to include TFTP?

access-list 102 permit udp any eq tftp any
access-list 103 permit udp any eq tftp any

B. J.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
278
dmourghen
dmourghen
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
964
CDIV
CDIV
CDIV
  • Locked
  • Question
How do I enable SSH access in 2960x 1
Replies
4
Views
1K
iggsterman
iggsterman
kramla
  • Locked
  • Question
Configure Cisco 1841 router for internet access using the cable modem/router.
Replies
2
Views
456
USDOLLAR
USDOLLAR
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
263
mrdom
mrdom

Part and Inventory Search

Sponsor

Back
Top