Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Configure Cisco 1921 as Home Router

David Lee
Level 1
Level 1

‎06-18-2016 03:33 PM - edited ‎03-12-2019 12:54 AM

Long Story short is that I have a Cisco 1921 running 15.3 that I am trying to setup as a typical home router.   I want to allow all the traffic from inside to go to the internet, and I want all the traffic from the internet to to be able to get in.  If the traffic originated from inside, then naturally the responding traffic needs to come back in.  I thought I could do this with a few ACLs and using the IP INSPECT.  Doing that, the WAN port will not get an IP address and all inside traffic does not reach the internet.   i dont have much experience configuring Security on Cisco Routers that also is running NAT.    If someone can point me in the right direction, that would be great.  below is the running config that is not working the way I would like

DLC1921LTNTX3020#sh run
Building configuration...

Current configuration : 1798 bytes
!
! Last configuration change at 22:13:54 UTC Sat Jun 18 2016
version 15.3

ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name FWOUT tcp
ip inspect name FWOUT udp
ip inspect name FWOUT dns
ip inspect name FWOUT http
ip inspect name FWOUT https
ip inspect name FWOUT time
ip cef
no ipv6 cef

interface GigabitEthernet0/0
 description LAN
 ip address 192.168.205.252 255.255.255.0
 ip nat inside
 ip inspect FWOUT in
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description WAN
 ip address dhcp
 ip access-group 5 in
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/1/0
 no ip address
 shutdown
!
ip dns server
ip nat inside source list 10 interface GigabitEthernet0/1 overload
!
!
!
access-list 5 deny   any log
access-list 10 permit 192.168.205.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
access-list 100 permit udp any any eq domain
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 10 in
 login local
 transport input ssh
!
scheduler allocate 20000 1000
!
end

DLC1921LTNTX3020#

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic