01-31-2013 04:03 AM - edited 03-07-2019 11:25 AM
Hi,
I run Cisco 861 to connect a small LAN to the Internet. The router provides DHCP and DNS to the local users and does NAT to map to one public IP. To secure the router I followed the steps given at
However, I encounter two problems now:
1) When I bind an access-list to the inside-interface, DHCP stops functioning. For the beginning, the access-list is very permissive:
access-list 102 permit tcp 192.168.43.0 0.0.0.255 any
access-list 102 permit udp 192.168.43.0 0.0.0.255 any
access-list 102 permit icmp 192.168.43.0 0.0.0.255 any
access-list 102 permit ip 192.168.43.0 0.0.0.255 any
Additionally, for the firewall to work, the interface is inspecting packets that are coming in:
ip inspect name firewall http timeout 3600
ip inspect name firewall tcp timeout 3600
ip inspect name firewall udp timeout 15
2) When I now bind an access-list to the outside-interface, communication to the internet is totally blocked:
access-list 112 permit icmp any any
access-list 112 deny ip any any log
See the appended config for full details. Without the access-lists, the setup works perfectly.
Which part am I doing wrong? Any help is appreciated,
Benjamin
02-07-2013 06:22 AM
Hello,
thanks for this idea. I tried
interface FastEthernet4
ip inspect firewall in
ip inspect firewall out
but it's still the same issue. The router itself has no access to the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide