Hi There,
Wonder if someone could help me with my config...
Hosts on the internal network are natting to the outside world and we also put in static outside translations with no problems.
Howeverm, whenever I apply the outsideworld access list to the dialer0 interface. My inside hosts loose access through the router to the outside.
The only solution is permit any any, but this is an inbound list on the dialer, so shouldnt affect the inside hosts from going out, unless ive missed something.
For ref, Cisco Firewall IOS. (Is this my problem
)
Any help greatly appreciated.
Thanks
AJ
===
Config...
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname route
!
!
memory-size iomem 15
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 13
ip ftp username routers
!
no ip bootp server
ip inspect audit-trail
ip inspect dns-timeout 10
ip inspect name fa0/0 tcp
ip inspect name fa0/0 udp
ip inspect name fa0/0 ftp
ip inspect name fa0/0 h323
ip inspect name fa0/0 sip
ip inspect name fa0/0 rtsp
ip inspect name fa0/0 tftp
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface ATM0/0
no ip address
no ip redirects
no ip unreachables
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0/0
ip address 10.0.0.250 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface ATM0/1
no ip address
no ip redirects
no ip unreachables
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0/1
no ip address
no ip proxy-arp
shutdown
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip access-group outsideworld in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
ip accounting output-packets
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap callin
ppp chap hostname user
ppp chap password letmein
ppp multilink
!
ip nat inside source list insidenat interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
ip access-list standard telnet
permit x.x.x.x
permit x.x.x.x
permit x.x.x.x
permit x.x.x.x
!
ip access-list extended insidenat
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended outsideworld
permit tcp any any eq 3389
!
dialer-list 1 protocol ip permit
no cdp run
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
login
line aux 0
line vty 0 4
access-class telnet in
login
!
scheduler allocate 4000 1000
ntp authenticate
ntp clock-period 17179871
ntp source Dialer0
ntp server NTP prefer
!
end
===
Fatman Superstar (Andrew James)
CCNA, CCAI
Wonder if someone could help me with my config...
Hosts on the internal network are natting to the outside world and we also put in static outside translations with no problems.
Howeverm, whenever I apply the outsideworld access list to the dialer0 interface. My inside hosts loose access through the router to the outside.
The only solution is permit any any, but this is an inbound list on the dialer, so shouldnt affect the inside hosts from going out, unless ive missed something.
For ref, Cisco Firewall IOS. (Is this my problem
)Any help greatly appreciated.
Thanks
AJ
===
Config...
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname route
!
!
memory-size iomem 15
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 13
ip ftp username routers
!
no ip bootp server
ip inspect audit-trail
ip inspect dns-timeout 10
ip inspect name fa0/0 tcp
ip inspect name fa0/0 udp
ip inspect name fa0/0 ftp
ip inspect name fa0/0 h323
ip inspect name fa0/0 sip
ip inspect name fa0/0 rtsp
ip inspect name fa0/0 tftp
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface ATM0/0
no ip address
no ip redirects
no ip unreachables
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0/0
ip address 10.0.0.250 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface ATM0/1
no ip address
no ip redirects
no ip unreachables
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0/1
no ip address
no ip proxy-arp
shutdown
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip access-group outsideworld in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
ip accounting output-packets
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap callin
ppp chap hostname user
ppp chap password letmein
ppp multilink
!
ip nat inside source list insidenat interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
ip access-list standard telnet
permit x.x.x.x
permit x.x.x.x
permit x.x.x.x
permit x.x.x.x
!
ip access-list extended insidenat
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended outsideworld
permit tcp any any eq 3389
!
dialer-list 1 protocol ip permit
no cdp run
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
login
line aux 0
line vty 0 4
access-class telnet in
login
!
scheduler allocate 4000 1000
ntp authenticate
ntp clock-period 17179871
ntp source Dialer0
ntp server NTP prefer
!
end
===
Fatman Superstar (Andrew James)
CCNA, CCAI
