spooke
Guest
|
 Posted:
Tue Dec 06, 2005 8:45 pm Post subject:
Access Listi |
|
|
Hi all
i have to implement some access list on a 1720
Now i explain my problem
I have to allow all user to browse the web,HTTP, FTP, Telnet, DNS, etc
More from a single host,10.10.10.101, i have to enable some ports for the
traffic inbound and outbound of a sigle pubblic ip (80.207.109.110) nad we
suppose that these ports are 80,389,443,2560, ecc
To do this i make two access list on the router (101 and 102)
Now i whant to ask you if the configuration of the router is right
thanks all
Gian Paolo
Using 1508 out of 29688 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password xxxxxxxxx
!
username xxxxxx password 0 xxxxxx
memory-size iomem 25
ip subnet-zero
!
!
!
!
interface FastEthernet0
ip address (IP PUBBLICO) 255.255.255.248 secondary
ip address 10.10.10.1 255.255.255.0
ip access-group 102 in
ip access-group 101 out
ip nat inside
no keepalive
speed auto
!
interface Serial0
no ip address
encapsulation frame-relay IETF
!
interface Serial0.1 point-to-point
ip address XX.XX.XX.XX 255.255.255.252
ip nat outside
frame-relay interface-dlci xx IETF
!
ip nat pool Internet xx.xx.xxx.xxx xx.xx.xx.xx netmask 255.255.255.248
ip nat inside source list 1 pool Internet overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server
!
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 102 remark ------- accesso dalla intranet ----------------
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq telnet
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq 443
access-list 102 permit udp any any eq 443
access-list 102 permit udp any any eq 23
access-list 102 permit udp any any eq 21
access-list 102 permit udp any any eq domain
access-list 102 permit udp any any eq 110
access-list 102 permit udp any any eq 25
access-list 102 permit tcp any any eq domain
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
80
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
389
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
443
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
2560
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
7001
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
7002
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
8080
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
8081
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
8082
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
8083
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
8084
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
8090
access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq
8091
access-list 102 deny ip any any
access-list 101 remark ------- accesso da internet ----------------
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq telnet
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 443
access-list 101 permit udp any any eq 443
access-list 101 permit udp any any eq 23
access-list 101 permit udp any any eq 21
access-list 101 permit udp any any eq domain
access-list 101 permit udp any any eq 110
access-list 101 permit udp any any eq 25
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
80
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
389
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
443
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
2560
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
7001
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
7002
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
8080
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
8081
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
8082
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
8083
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
8084
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
8090
access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq
8091
access-list 101 permit tcp any any eq domain
!
line con 0
line aux 0
line vty 0 4
login local
!
end |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in