Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
1
Replies

ISDN Access - List

tauseef
Level 1
Level 1

‎08-17-2002 03:46 AM - edited ‎03-02-2019 12:44 AM

Hi ,

I have a ISDN dial up configured on the Router and I require a simple

configuration to be done which I am finding a small problem with , I

hope you could please suggest me a solution to it.

The requirement is that with the command

Access list 110 permit ip any any

All the ips on the network x.x.x.x are allowed to browse the internet,

download pop3 mails and every thing is fine .

But I would like to restrict only www to a few IP addresses

and only pop3 for a few IP addresses and No browsing

and everything for a few IP addresses ....

I know that the only way would be Access Lists , but I am not able

to understand where exactly the Access list are put on the interace

or as configuration below ...

Access-list 110 permit ip host x.x.x.x any

Access-list 110 permit tcp host x.x.x.1 any eq www

Access-list 110 permit tcp host x.x.x.2 any eq pop3

Access-list 110 deny any any

Do I Define this as the accesslist ( number 110 , the extened accesslist

Refering to the 'inside source list 110' command based on which the

nating is going to take place ....is this right or not , cause I did not

see this work at all , but if I give the command ...

Access-list 110 permit ip any any

All the computers on the LAN are able to browse the network and mail and

All without any problems.

please go through the configuration and let me know where changes have

to be made to bring about the above resutls insha Allah ..

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Router

!

enable password router

!

no ip name-server

!

isdn switch-type basic-net3

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface Dialer 1

description connected to Internet

ip nat outside

ip address negotiated

no ip split-horizon

encapsulation ppp

dialer in-band

dialer idle-timeout 120

dialer string 4004444

dialer hold-queue 10

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname alco

ppp chap password 123123dafasd

ppp pap sent-username alco password 121232asdsad

no ppp multilink

no cdp enable

!

interface Ethernet 0

no shutdown

ip nat inside

description connected to EthernetLAN

ip address 192.168.0.100 255.255.255.0

keepalive 10

!

interface BRI 0

no shutdown

ip nat outside

description connected to Internet

no ip address

dialer rotary-group 1

!

! Dialer Control List 1

!

access-list 110 permit ip any any

no dialer-list 1

dialer-list 1 protocol ip permit

!

ip classless

!

! IP Static Routes

ip nat inside source-list 110 interface dialer 1 overload

ip route 0.0.0.0 0.0.0.0 Dialer 1

no ip http server

snmp-server community public RO

no snmp-server location

no snmp-server contact

!

line console 0

exec-timeout 0 0

password router

login

!

line vty 0 4

password router

login

!

end

Labels:
0 Helpful
1 Reply 1

cagri
Level 1
Level 1

‎08-18-2002 06:59 AM

It seem little confusing to me, the list you specify at ip nat inside source list command is the range of IP addresses on which NAT operation will be performed, I dont think it is a good idea to use detailed extended ACLs there.

Better leave it as it is, the put a second list (100 for examle) for your filtering needs, and apply it inbound to Ethernet interface (so to control source IPs before they are NATted.

Hope this helps

Cagri

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card