compinfo
asked on
Need to allow certain traffic through Cisco 2621 router
I would like to take full advantage of my cisco 2621 router. I will post my current configuration below. Here's what I'd like to have happen:
1. I have a webserver behind this router and a firewall. I have made the necessary holes in the firewall, and now I need to do the same with my router config. My webserver is: 66.x.x.66, mask: 255.255.255.248.
2. Is there a way for my cisco router to send me an email of weekly, daily, statistics regarding who it's denied access from the internet?
3. Please give brief overview of areas of my cisco script below. I would like to know what each area does. I've indicated the areas with this: (?)
_____
OK, Thanks, here's the script:
Cisco Router Configuration File
As of: May 22, 2003
Current configuration:
!
version 12.0
service timestamps debug datetime msec (?)
service timestamps log datetime msec (?)
no service password-encryption (?)
!
hostname myhostname
!
enable secret 5 blach
enable password mypassword
!
!
!
!
!
ip subnet-zero
ip name-server 64.x.x.22
ip name-server 64.x.x.14
ip dhcp excluded-address 192.168.25.1 192.168.25.99 (? –how to get rid of? Dhcp via router not needed anymore! 192.168.25.x network not being used now)
ip dhcp excluded-address 192.168.25.200 192.168.25.255 (?)
!
ip dhcp pool adminLAN (? – do I need this and the next few lines? I don’t think so, how to get rid of it?)
network 192.168.25.0 255.255.255.0 (?)
default-router 192.168.25.1 (?)
dns-server 64.x.x.22 64.x.x.14
lease 3
!
!
!
!
interface FastEthernet0/0
description ARAA LAN
ip address 66.x.x.36 255.255.255.248 secondary
ip address 192.168.25.1 255.255.255.0 (? – how to get rid?)
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description T1
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
service-module t1 timeslots 1-24
no arp frame-relay
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description Virtual T1
ip address 66.x.x.142 255.255.255.252
ip access-group 130 in
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no arp frame-relay
frame-relay interface-dlci 212
!
interface FastEthernet0/1
description The SDIF network
ip address 66.x.x.134 255.255.255.248 secondary
ip address 192.168.33.254 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 1 interface Serial0/0.1 overload (?)
ip nat inside source static 192.168.25.32 66.x.x.35 (? How to get rid of?)
ip classless (?)
ip route 0.0.0.0 0.0.0.0 66.x.x.141 (?)
ip route 192.168.16.0 255.255.255.0 192.168.25.2 (?)
no ip http server
ip http port 12337 (?)
!
access-list 1 permit 192.168.25.0 0.0.0.255
access-list 1 permit 192.168.33.0 0.0.0.255
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 20 deny 192.168.33.0 0.0.0.255
access-list 20 permit 192.168.25.0 0.0.0.255
access-list 20 permit 192.168.16.0 0.0.0.255
access-list 30 deny 192.168.25.0 0.0.0.255
access-list 30 permit 192.168.33.0 0.0.0.255
access-list 30 deny 192.168.16.0 0.0.0.255
banner login ^C
^C
banner motd ^C
--------------------------
UNAUTHORIZED USE IS PROHIBITED
--------------------------
^C
!
line con 0
transport input none
line aux 0
line vty 0 4
password yada
login
!
end
1. I have a webserver behind this router and a firewall. I have made the necessary holes in the firewall, and now I need to do the same with my router config. My webserver is: 66.x.x.66, mask: 255.255.255.248.
2. Is there a way for my cisco router to send me an email of weekly, daily, statistics regarding who it's denied access from the internet?
3. Please give brief overview of areas of my cisco script below. I would like to know what each area does. I've indicated the areas with this: (?)
_____
OK, Thanks, here's the script:
Cisco Router Configuration File
As of: May 22, 2003
Current configuration:
!
version 12.0
service timestamps debug datetime msec (?)
service timestamps log datetime msec (?)
no service password-encryption (?)
!
hostname myhostname
!
enable secret 5 blach
enable password mypassword
!
!
!
!
!
ip subnet-zero
ip name-server 64.x.x.22
ip name-server 64.x.x.14
ip dhcp excluded-address 192.168.25.1 192.168.25.99 (? –how to get rid of? Dhcp via router not needed anymore! 192.168.25.x network not being used now)
ip dhcp excluded-address 192.168.25.200 192.168.25.255 (?)
!
ip dhcp pool adminLAN (? – do I need this and the next few lines? I don’t think so, how to get rid of it?)
network 192.168.25.0 255.255.255.0 (?)
default-router 192.168.25.1 (?)
dns-server 64.x.x.22 64.x.x.14
lease 3
!
!
!
!
interface FastEthernet0/0
description ARAA LAN
ip address 66.x.x.36 255.255.255.248 secondary
ip address 192.168.25.1 255.255.255.0 (? – how to get rid?)
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description T1
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
service-module t1 timeslots 1-24
no arp frame-relay
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description Virtual T1
ip address 66.x.x.142 255.255.255.252
ip access-group 130 in
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no arp frame-relay
frame-relay interface-dlci 212
!
interface FastEthernet0/1
description The SDIF network
ip address 66.x.x.134 255.255.255.248 secondary
ip address 192.168.33.254 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 1 interface Serial0/0.1 overload (?)
ip nat inside source static 192.168.25.32 66.x.x.35 (? How to get rid of?)
ip classless (?)
ip route 0.0.0.0 0.0.0.0 66.x.x.141 (?)
ip route 192.168.16.0 255.255.255.0 192.168.25.2 (?)
no ip http server
ip http port 12337 (?)
!
access-list 1 permit 192.168.25.0 0.0.0.255
access-list 1 permit 192.168.33.0 0.0.0.255
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 20 deny 192.168.33.0 0.0.0.255
access-list 20 permit 192.168.25.0 0.0.0.255
access-list 20 permit 192.168.16.0 0.0.0.255
access-list 30 deny 192.168.25.0 0.0.0.255
access-list 30 permit 192.168.33.0 0.0.0.255
access-list 30 deny 192.168.16.0 0.0.0.255
banner login ^C
^C
banner motd ^C
--------------------------
UNAUTHORIZED USE IS PROHIBITED
--------------------------
^C
!
line con 0
transport input none
line aux 0
line vty 0 4
password yada
login
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
G'day, compinfo, there has not been any activity on this question in 11 days.
Do you still need assistance, need more information, or have you solved your problem? Can you close
out this question?
Do you still need assistance, need more information, or have you solved your problem? Can you close
out this question?
compinfo,
No comment has been added lately (31 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:
RECOMMENDATION: Award points to lrmoore http:#8642121
Please leave any comments here within 7 days.
-- Please DO NOT accept this comment as an answer ! --
Thanks,
lrmoore
EE Cleanup Volunteer
No comment has been added lately (31 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:
RECOMMENDATION: Award points to lrmoore http:#8642121
Please leave any comments here within 7 days.
-- Please DO NOT accept this comment as an answer ! --
Thanks,
lrmoore
EE Cleanup Volunteer
http://192.168.25.1:12337
this will bring up and login screen type admin as the username and your ena password, this will give you help, but no configuration van take place here.
ip nat inside source list 1 interface Serial0/0.1 overload - this line takes the ip address from list 1 and NATS using the serial0/0.1 ip address, to see this happens type the following
sh ip nat trans. you will see a list of local inside, local outside, global outside and global inside ip addresses.