Announcement

Collapse
No announcement yet.

Help Setting Up Cisco 2620 for Hosting

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help Setting Up Cisco 2620 for Hosting

    We are Migrating away from Lucent (Acsend) Pipeline router to Cisco 2620.

    I have setup Cisco before to connect to T-1 and VPN with access list and crypto however I have never set one up to forward packets to a internal server with external IP.

    I am guessing that the following will work:

    access-list 101 permit tcp any 12.xx.xx.1 eq 80 (AT&T Assigned Public IP)
    access-list 102 permit tcp any 12.xx.xx.1 eq 443
    access-list 103 permit tcp any 12.xx.xx.1 eq 22

    access-list 104 permit tcp any 12.xx.xx.2 eq 110
    access-list 105 permit tcp any 12.xx.xx.2 eq 143
    access-list 106 permit tcp any 12.xx.xx.2 eq 25

    access-group 101 in 25.xx.xx.10 (Outside Interface IP)
    access-group 102 in 25.xx.xx.10
    access-group 103 in 25.xx.xx.10
    access-group 104 in 25.xx.xx.10
    access-group 105 in 25.xx.xx.10
    access-group 106 in 25.xx.xx.10

    Am I on the right track or way off.

  • #2
    Re: Help Setting Up Cisco 2620 for Hosting

    basically you are correct, but notice that the numbers aren't line numbers but rather the ACL number, so in your case you have to use the same number on all of them, or configure using the extended mode, i.e.:
    ip access-list extended 101
    10 permit tcp any 12.xx.xx.1 eq 80
    20 permit tcp any 12.xx.xx.1 eq 443
    etc. (you don't have to enter the line numbers, it will add them automatically)

    regarding the assigment of the ACL to an interface, you apply it with the ip access-group 101 in

    Don't forget to add NAT translations if nessecary, and also do keep in mind that at the end of any ACL there is an implicit "deny any any"

    Just noticed I forgot, you need to either use "permit tcp host" or add a reverse subnet mask.
    Last edited by idos; 24th March 2009, 16:36. Reason: wrong syntax

    Comment

    Working...
    X