Announcement

Collapse
No announcement yet.

Configure Cisco 1811 Router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure Cisco 1811 Router

    I am having difficulty configuring a Cisco 1811 router. I need web traffic intended for my public IP(55.55.55.55) to allow ports 80,443,and 1723 traffic to a private IP address(192.168.1.2). I also want to NAT internal traffic to the outside interface(55.55.55.55) the router. All other traffic should be denied. Here is what my config looks like now. I have used Cisco PIX in the past for this but it seems the router IOS is a little different.

    interface FastEthernet0
    description $ES_WAN$$FW_OUTSIDE$
    ip address 55.55.55.55 255.255.255.248
    ip access-group 101 in
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect DEFAULT100 out
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface FastEthernet1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    shutdown
    duplex auto
    speed auto
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
    ip address 192.168.1.1 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    interface Async1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation slip
    !
    ip route 0.0.0.0 0.0.0.0 55.55.55.56
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet0 overload
    ip nat inside source static tcp 192.168.1.11 1723 interface FastEthernet0 1723
    ip nat inside source static tcp 192.168.1.8 443 interface FastEthernet0 443
    ip nat inside source static tcp 192.168.1.8 80 interface FastEthernet0 80
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip 55.55.55.55 0.0.0.7 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit udp host 192.168.1.2 eq domain host 76.192.179.21
    access-list 101 permit tcp any 55.55.55.55 eq 1723
    access-list 101 permit tcp any host 55.55.55.55 eq 3389
    access-list 101 permit tcp any host 55.55.55.55 eq smtp
    access-list 101 permit tcp any host 55.55.55.55 eq 443
    access-list 101 permit tcp any host 55.55.55.55 eq www
    access-list 101 deny ip 192.168.1.0 0.0.0.255 any
    access-list 101 permit icmp any host 55.55.55.55 echo-reply
    access-list 101 permit icmp any host 55.55.55.55 time-exceeded
    access-list 101 permit icmp any host 55.55.55.55unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip any any
    no cdp run

  • #2
    Re: Configure Cisco 1811 Router

    int FastEthernet 1 is shutdown. You need the no shutdown command in the config for this interface. You also have a no ip address command and an ip address command on this interface.

    Comment


    • #3
      Re: Configure Cisco 1811 Router

      The int is shutdown because it is not being used. The router has 2 WAN interfaces, FE/0 and FE/1. FE/0 is connected to the DSL. The internal network is connected to one of the 8 FE ports available on teh switch. I want the 1811 to act as a firewall blocking unnecessary traffic and only allow ports 80,443,25,3389,and 1723 to the designated internal server. Is my configuration correct?

      Comment


      • #4
        Re: Configure Cisco 1811 Router

        errr...
        Can you make a drawing??
        You got 2 FastEthernet Interfaces and you've connected FE0 to the DSL modem.

        Which interface is connected to the internal network then?
        What switch are you using?

        Oh wait, the router has some extra interfaces but i cant see them in the config.
        You didn't post the complete config. Please post the complete config. Also remove the config of FE1
        Last edited by Dumber; 9th January 2008, 22:09.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X