IllegalOperation
Technical User
Hey guys, here is my basic config script for my 1721/T1 router. I hardly put any security features on it yet, because I am interested to see what everyone has to say. This is actually going to act as the DIA router for a couple of our customers wanting internet access.
My question to you is, what should my access list look like? I dont think it should get too in depth, because I suppose I have NAT running. Besides, it is a 1721....so I am concerned about the CPU and memory. Anyways, here is my config. Let me know if you guys see anything wrong, as far as possible security holes, CPU issues, bandwidth problems, etc. Keep in mind that I didnt implement an access list yet....
Building configuration...
Current configuration : 1390 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service linenumber
!
hostname *******
!
logging buffered 8000 debugging
no logging console
enable secret 5 $1$gVQC$a0BbdKR9Pm0Y8WUc52yrp0
enable password 7 091D1E0A1F0714455E
!
ip subnet-zero
no ip source-route
ip name-server *.*.*.*
ip name-server *.*.*.*
!
no ip bootp server
!
!
!
!
interface FastEthernet0
ip address w.w.w.w 255.255.255.240
ip nat inside
speed auto
no cdp enable
!
interface Serial0
no ip address
encapsulation frame-relay IETF
no fair-queue
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
frame-relay lmi-type ansi
!
interface Serial0.536 point-to-point
bandwidth 1544
ip address x.x.x.x 255.255.255.252
no ip proxy-arp
ip nat outside
frame-relay interface-dlci 536 IETF
!
ip nat inside source list 1 interface Serial0.536 overload
ip classless
ip route 0.0.0.0 0.0.0.0 y.y.y.y
ip route 10.0.0.0 255.255.255.0 z.z.z.z
ip route 192.168.1.0 255.255.255.0 z.z.z.z
no ip http server
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
line aux 0
transport input all
line vty 0 4
password 7 0831435E1F10161E1D055D
login
!
no scheduler allocate
end
Notes:
w.w.w.w: Registered IP address of the ethernet interface
x.x.x.x: Registered IP address of the serial interface
y.y.y.y: Registered IP address of the providers first interface
z.z.z.z: Registered IP address of a router behind the 1721 (it acts as a media converter)
Appreciated.
My question to you is, what should my access list look like? I dont think it should get too in depth, because I suppose I have NAT running. Besides, it is a 1721....so I am concerned about the CPU and memory. Anyways, here is my config. Let me know if you guys see anything wrong, as far as possible security holes, CPU issues, bandwidth problems, etc. Keep in mind that I didnt implement an access list yet....
Building configuration...
Current configuration : 1390 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service linenumber
!
hostname *******
!
logging buffered 8000 debugging
no logging console
enable secret 5 $1$gVQC$a0BbdKR9Pm0Y8WUc52yrp0
enable password 7 091D1E0A1F0714455E
!
ip subnet-zero
no ip source-route
ip name-server *.*.*.*
ip name-server *.*.*.*
!
no ip bootp server
!
!
!
!
interface FastEthernet0
ip address w.w.w.w 255.255.255.240
ip nat inside
speed auto
no cdp enable
!
interface Serial0
no ip address
encapsulation frame-relay IETF
no fair-queue
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
frame-relay lmi-type ansi
!
interface Serial0.536 point-to-point
bandwidth 1544
ip address x.x.x.x 255.255.255.252
no ip proxy-arp
ip nat outside
frame-relay interface-dlci 536 IETF
!
ip nat inside source list 1 interface Serial0.536 overload
ip classless
ip route 0.0.0.0 0.0.0.0 y.y.y.y
ip route 10.0.0.0 255.255.255.0 z.z.z.z
ip route 192.168.1.0 255.255.255.0 z.z.z.z
no ip http server
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
line aux 0
transport input all
line vty 0 4
password 7 0831435E1F10161E1D055D
login
!
no scheduler allocate
end
Notes:
w.w.w.w: Registered IP address of the ethernet interface
x.x.x.x: Registered IP address of the serial interface
y.y.y.y: Registered IP address of the providers first interface
z.z.z.z: Registered IP address of a router behind the 1721 (it acts as a media converter)
Appreciated.
