Hi all, I needs somes guides on the ACL on Cisco 1721.
The router has 2 interfaces, one is facing the internet and other is connecting to a switch.The WAN IP for the inerface facing the internet is 165.21.aa.bb
I had configured the router with NAT but I need to have some security on it. I was given a range of 16 public IP addresses. I had used 4 for some purposes stated below:
1) 203.xxx.xxx.aaa ---> (NAT)172.16.1.10 (Gateway),configured on the FastEthernet Interface.
2) 203.xxx.xxx.bbb ---> (NAT) 172.16.1.1 (Existing Exchange server)
3) 203.xxx.xxx.ccc ---> (NAT) 172.16.1.2 (The new Exchange Mail server)
4) 203.xxx.xxx.ddd --->(NAT) 172.16.1.3 (Surveillance Cam)
165.21.aa.bb is my WAN IP.
165.21.xx.cc is the ISP WAN IP.
I have attached the configuration.
sing 2285 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MyCompany
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxx/x/
!
username MyCompany privilege 15 secret 5 xxxxxxxxxxxxxxxxxx.
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
!
ip domain name mycompany.com
ip name-server 165.21.xx.xxx
ip name-server 165.21.xx.xxx
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
description Connected to MyCompany LAN
ip address 172.16.1.10 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
no ip mroute-cache
speed auto
ntp disable
no cdp enable
!
interface Serial0
description Dedicated Link To Internet
ip address 165.21.aa.bb 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
no ip mroute-cache
no cdp enable
!
router rip
version 2
passive-interface Serial0
network 172.16.0.0
no auto-summary
!
ip nat pool nat-pool 203.126.216.196 203.126.216.196 netmask 255.255.255.240
ip nat inside source list 1 pool nat-pool overload
ip nat inside source static 172.16.1.10 203.xxx.xxx.aaa
ip nat inside source static 172.16.1.1 203.xxx.xxx.bbb
ip nat inside source static 172.16.1.2 203.xxx.xxx.ccc
ip nat inside source static 172.16.1.3 203.xxx.xxx.ddd
ip classless
ip route 0.0.0.0 0.0.0.0 165.21.xx.cc 2
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
banner login ^CINE
THIS IS A PRIVATE SYSTEM! UNAUTHORIZED USE IS PROHIBITED!!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport preferred none
transport input telnet
!
!
end
I'm confuse on how to apply the IN and OUT to on which interfaces? Hope to hear from all ASAP.
Million of thanks
Rolman
The router has 2 interfaces, one is facing the internet and other is connecting to a switch.The WAN IP for the inerface facing the internet is 165.21.aa.bb
I had configured the router with NAT but I need to have some security on it. I was given a range of 16 public IP addresses. I had used 4 for some purposes stated below:
1) 203.xxx.xxx.aaa ---> (NAT)172.16.1.10 (Gateway),configured on the FastEthernet Interface.
2) 203.xxx.xxx.bbb ---> (NAT) 172.16.1.1 (Existing Exchange server)
3) 203.xxx.xxx.ccc ---> (NAT) 172.16.1.2 (The new Exchange Mail server)
4) 203.xxx.xxx.ddd --->(NAT) 172.16.1.3 (Surveillance Cam)
165.21.aa.bb is my WAN IP.
165.21.xx.cc is the ISP WAN IP.
I have attached the configuration.
sing 2285 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MyCompany
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxx/x/
!
username MyCompany privilege 15 secret 5 xxxxxxxxxxxxxxxxxx.
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
!
ip domain name mycompany.com
ip name-server 165.21.xx.xxx
ip name-server 165.21.xx.xxx
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
description Connected to MyCompany LAN
ip address 172.16.1.10 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
no ip mroute-cache
speed auto
ntp disable
no cdp enable
!
interface Serial0
description Dedicated Link To Internet
ip address 165.21.aa.bb 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
no ip mroute-cache
no cdp enable
!
router rip
version 2
passive-interface Serial0
network 172.16.0.0
no auto-summary
!
ip nat pool nat-pool 203.126.216.196 203.126.216.196 netmask 255.255.255.240
ip nat inside source list 1 pool nat-pool overload
ip nat inside source static 172.16.1.10 203.xxx.xxx.aaa
ip nat inside source static 172.16.1.1 203.xxx.xxx.bbb
ip nat inside source static 172.16.1.2 203.xxx.xxx.ccc
ip nat inside source static 172.16.1.3 203.xxx.xxx.ddd
ip classless
ip route 0.0.0.0 0.0.0.0 165.21.xx.cc 2
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
banner login ^CINE
THIS IS A PRIVATE SYSTEM! UNAUTHORIZED USE IS PROHIBITED!!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport preferred none
transport input telnet
!
!
end
I'm confuse on how to apply the IN and OUT to on which interfaces? Hope to hear from all ASAP.
Million of thanks
Rolman
