Thanks for your prompt reply, Jon. Here's my current config.
Also, I have wireless router connected to fastethernet0 (vlan1) using public IP (116.12.153.162) and the wireless router came with the 192.168.1.X dhcp. I would also like it to be able to access the vlan2, vlan3 network as well. In summary, I want all the devices from different network able to communicate to each other. How can I do it?
!
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname sg-fw
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200
logging console critical
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime 8 0
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-992332914
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-992332914
revocation-check none
no ip source-route
!
!
!
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool ccp-pool1
import all
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 165.21.83.88 165.21.100.88
lease infinite
!
ip dhcp pool ccp-pool2
import all
network 192.168.99.0 255.255.255.0
dns-server 165.21.83.88 165.21.100.88
default-router 192.168.99.1
lease infinite
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip name-server 165.21.83.88
ip name-server 165.21.100.88
no ipv6 cef
!
!
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
description To LAN
switchport access vlan 3
!
interface FastEthernet4
ip address 58.185.229.66 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
!
interface Vlan1
description External LAN
ip address 116.12.153.161 255.255.255.240
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 192.168.99.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan3
ip address 192.168.100.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 2 interface FastEthernet4 overload
ip nat inside source list 3 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 58.185.229.65
ip route 192.168.99.0 255.255.255.0 Vlan2
ip route 192.168.100.0 255.255.255.0 Vlan3
!
logging esm config
logging trap debugging
access-list 1 permit 116.12.153.163
access-list 1 permit 116.12.153.162
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 192.168.100.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.99.0 0.0.0.255
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp host 116.12.153.163 host 116.12.153.161 eq telnet
access-list 100 permit tcp host 116.12.153.162 host 116.12.153.161 eq telnet
access-list 100 permit tcp host 116.12.153.163 host 116.12.153.161 eq 22
access-list 100 permit tcp host 116.12.153.162 host 116.12.153.161 eq 22
access-list 100 permit tcp host 116.12.153.163 host 116.12.153.161 eq www
access-list 100 permit tcp host 116.12.153.162 host 116.12.153.161 eq www
access-list 100 permit tcp host 116.12.153.163 host 116.12.153.161 eq 443
access-list 100 permit tcp host 116.12.153.162 host 116.12.153.161 eq 443
access-list 100 permit tcp host 116.12.153.163 host 116.12.153.161 eq cmd
access-list 100 permit tcp host 116.12.153.162 host 116.12.153.161 eq cmd
access-list 100 deny tcp any host 116.12.153.161 eq telnet
access-list 100 deny tcp any host 116.12.153.161 eq 22
access-list 100 deny tcp any host 116.12.153.161 eq www
access-list 100 deny tcp any host 116.12.153.161 eq 443
access-list 100 deny tcp any host 116.12.153.161 eq cmd
access-list 100 deny udp any host 116.12.153.161 eq snmp
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip host 116.12.153.163 any
access-list 101 permit ip host 116.12.153.162 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit tcp 192.168.100.0 0.0.0.255 host 192.168.100.1 eq telnet
access-list 102 permit tcp 192.168.100.0 0.0.0.255 host 192.168.100.1 eq 22
access-list 102 permit tcp 192.168.100.0 0.0.0.255 host 192.168.100.1 eq www
access-list 102 permit tcp 192.168.100.0 0.0.0.255 host 192.168.100.1 eq 443
access-list 102 permit tcp 192.168.100.0 0.0.0.255 host 192.168.100.1 eq cmd
access-list 102 deny tcp any host 192.168.100.1 eq telnet
access-list 102 deny tcp any host 192.168.100.1 eq 22
access-list 102 deny tcp any host 192.168.100.1 eq www
access-list 102 deny tcp any host 192.168.100.1 eq 443
access-list 102 deny tcp any host 192.168.100.1 eq cmd
access-list 102 deny udp any host 192.168.100.1 eq snmp
access-list 102 permit ip any any
no cdp run
!
!
!
!
!
control-plane
!
banner login
!
line con 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
access-class 101 in
privilege level 15
logging synchronous
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end
