01-04-2013 12:52 PM - edited 03-11-2019 05:43 PM
Ok I dont know if its just staring at me ridiculing me but I am feeling like an idiot here... I have an 871 and all I need to do is some basic rules..
I need these statics:
.227 opened and forwarded to these ports:
then .228 forwarded and allports opened to 10.0.0.15
What is wrong here???
s run
Building configuration...
Current configuration : 4747 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname ******
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone MST -7
ip cef
!
!
!
!
ip name-server *.*.*.65
ip name-server *.*.*.65
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
!
!
crypto pki trustpoint TP-self-signed-974215006
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-974215006
revocation-check none
rsakeypair TP-self-signed-974215006
!
!
crypto pki certificate chain TP-self-signed-974215006
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39373432 31353030 36301E17 0D313330 31303231 35333430
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3937 34323135
30303630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
CE70D924 A69C5408 AF2DC7DF CD6C4FB4 6FF8B3A7 04380A8B AC07B63F DF47B76C
9269256B 2D166D76 DFEEB4A1 A7F3CD14 87018C5E 00957EE5 233F76EE 8D0EB13E
D33FE972 77661DF2 B2BBC711 E09CF82F 7FC907DF 5591C326 CF80D599 09017B23
AB6F3589 A983AC80 2C92D62D E15FF75B 14241C9B 394BED17 69F2BE7F 69BB21EF
02030100 01A36C30 6A300F06 03551D13 0101FF04 05300301 01FF3017 0603551D
11041030 0E820C52 69766965 72615F6D 65736130 1F060355 1D230418 30168014
8F9D3891 FB866320 C9C2FA5B 7AEE8A53 91F495DD 301D0603 551D0E04 1604148F
9D3891FB 866320C9 C2FA5B7A EE8A5391 F495DD30 0D06092A 864886F7 0D010104
05000381 81005F45 DD5BBAE3 960E8930 1C88ACEC 4D190FEC C8C6FA71 48FB8CB8
969BD344 1FC0E8C6 98C4ED1D B559A772 1A3ED3D9 1C75D143 BE642414 B049118C
858422D5 E84617E9 018B1B66 341E928D EAE0E568 923424C4 BF31DFFF E7E5A490
B24D2DBC CE5DC6FF 306EC1C2 BD4DDC04 4AE70B0B 5CFE9426 21B5F83E CA6D28E0
3B93DCA9 015E
quit
username****** privilege 15 secret 5 34yweth2453723475
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$
ip address *.*.*.226 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $FW_INSIDE$
ip address 10.0.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 *.*.*.225
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool outside_ip_pool *.*.*.227 *.*.*.230 netmask 255.255.255.24 8
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.0.0.240 80 *.*.*.227 80 extendable
ip nat inside source static tcp 10.0.0.241 81 *.*.*.227 81 extendable
ip nat inside source static tcp 10.0.0.242 82 *.*.*.227 82 extendable
ip nat inside source static tcp 10.0.0.243 83 *.*.*.227 83 extendable
ip nat inside source static tcp 10.0.0.244 84 *.*.*.227 84 extendable
ip nat inside source static tcp 10.0.0.9 3389 *.*.*.227 3389 extendable
ip nat inside source static 10.0.0.15 *.*.*.228
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_4##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip *.*.*.224 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit ip any host *.*.*.228
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
01-04-2013 01:07 PM
Hi,
I'm not really familiar with the Router Firewalls but I'd just point out what caught my eye (even though there might not be anything wrong about them)
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide