[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.2

Building an ACL based Firewall for Cisco800 series

Asked by mattacuk in Miscellaneous Networking, Networking Hardware Firewalls, Dynamic Host Configuration Protocol (DHCP)

Tags: ip, cisco800

Hey guys, I am trying to put together an ACL based Firewall on my Cisco800 series router. When i apply it to dialer0 i cannot browse the web. I have entered lines for WWW (80) and DNS (50) but cannot browse the web. I can however ping. The acl is no "103" Please help!!!!

My second question is about port fowarding. I have set up nat with a routemap so it the router does not try and Nat vpn traffic - this works excellent. I do however wanna run a webserver and DNS on my private network, can you tell me if the other Nat line will work??

Current configuration : 5135 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname janet
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Liry$A310/8k935Q/dOux/qDqo0
!
username mattac privilege 15 secret 5 $1$SSW6$vLfyk5XsdLrlLrEygY4qI/
username cisco password 7 0822455D0A16
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
no ip source-route
ip dhcp excluded-address 172.22.0.101 172.22.255.254
ip dhcp excluded-address 172.22.0.1
!
ip dhcp pool sdm-pool1
   import all
   network 172.22.0.0 255.255.0.0
   default-router 172.22.0.1
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group 800client
 key cisco123
 dns 212.74.112.66
 domain cisco.com
 pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 0/38
  encapsulation aal5snap
  protocol ppp dialer
  dialer pool-member 1
 !
 crypto map clientmap
!
interface FastEthernet0
 no ip address
 no cdp enable
!
interface FastEthernet1
 no ip address
 no cdp enable
!
interface FastEthernet2
 no ip address
 no cdp enable
!
interface FastEthernet3
 no ip address
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 172.22.0.1 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname mattac@tiscali.co.uk
 ppp chap password 7 1048060B01111B0E1F102B
 crypto map clientmap
!
ip local pool ippool 192.168.224.50 192.168.224.100
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source static tcp 172.22.0.7 80 interface Dialer0 80
ip nat inside source route-map nonat interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.22.0.0 0.0.255.255
access-list 102 deny   ip 172.22.0.0 0.0.255.255 192.168.224.0 0.0.0.255
access-list 102 permit ip 172.22.0.0 0.0.255.255 any
access-list 102 remark NoNAT policy
access-list 103 remark IP ACL FIREWALL
access-list 103 permit tcp any any eq www
access-list 103 permit udp any any eq 80
access-list 103 permit tcp any any eq telnet
access-list 103 permit icmp any any administratively-prohibited
access-list 103 permit icmp any any echo
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any packet-too-big
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any unreachable
access-list 103 permit udp any eq bootps any eq bootpc
access-list 103 permit udp any eq bootps any eq bootps
access-list 103 permit udp any eq domain any
access-list 103 permit esp any any
access-list 103 permit udp any any eq isakmp
access-list 103 permit udp any any eq 10000
access-list 103 permit tcp any any eq 1723
access-list 103 permit tcp any any eq 139
access-list 103 permit udp any any eq netbios-ns
access-list 103 permit udp any any eq netbios-dgm
access-list 103 permit gre any any
access-list 103 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
route-map nonat permit 10
 match ip address 102
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 no modem enable
 transport preferred all
 transport output telnet
line aux 0
 transport preferred all
 transport output telnet
line vty 0 4
 privilege level 15
 transport preferred all
 transport input telnet ssh
 transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
[+][-]02/25/06 04:40 PM, ID: 16047308Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/25/06 08:25 PM, ID: 16047902Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Miscellaneous Networking, Networking Hardware Firewalls, Dynamic Host Configuration Protocol (DHCP)
Tags: ip, cisco800
Sign Up Now!
Solution Provided By: Frabble
Participating Experts: 2
Solution Grade: A
 
[+][-]02/26/06 02:46 AM, ID: 16048707Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 03:48 AM, ID: 16048838Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 08:05 AM, ID: 16049462Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/26/06 08:08 AM, ID: 16049475Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 08:52 AM, ID: 16049651Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/26/06 09:00 AM, ID: 16049686Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 09:05 AM, ID: 16049702Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 10:51 AM, ID: 16050133Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 11:15 AM, ID: 16050227Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/26/06 11:22 AM, ID: 16050256Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 12:22 PM, ID: 16050523Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/26/06 12:37 PM, ID: 16050583Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 12:47 PM, ID: 16050629Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/26/06 12:52 PM, ID: 16050650Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 02:45 PM, ID: 16051113Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/26/06 03:38 PM, ID: 16051332Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/26/06 04:20 PM, ID: 16051550Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81