Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Access List for Cisco Router 2600

Posted on 2004-10-19
6
Medium Priority
?
541 Views
Last Modified: 2010-04-17
Hi there
We have CISCO 2600 router.  Is it necessary to delete the existing ACL to make the new added changes work.  Do I need to copy the whole ACL i.e starting from the 'Current Configuration' till the 'end' or I can just copy each command 'access-list permit.........' individually.  Can you please tell me the easier way.
1- I tested copying it in the command prompt from a note pad, it keeps on adding the C pompt at the beginning of each command.
2-If I delete the Access list completeley, it means I cannot go back?
Help please
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Expert Comment

by:ajablons
ID: 12350035
I'm not sure what you are trying to do, but you should be able to cut/paste from notepad.

copy the ACL from 'show running-config' into notepad or some text editor. You can then manipulate it and paste it into the router (config mode).

You can also do the lines individually.

What is your main goal ?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 12351609
I am trying to map three external Ip addresses to a single internal Ip address i.e
redirect   66.207.100.153 to 10.10.10.101:81,  66.207.100.154 to 10.10.10.101:82 and  66.207.100.155 to 10.10.10.101:83
I am not sure where to write the commands for these? and the easier way to write/amend onto access list.  Do you want me to paste the running config here?
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 12352516
Those aren't things an access-list does.

0
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

 
LVL 8

Accepted Solution

by:
MarkDozier earned 250 total points
ID: 12355037
Actually the ACL is only part of the problem. The answer is  a combination of an ACL and NAT to accomplish the goal since the public IP are bing translated to provate IP.
I don't think you can send each IP to a specific port on the 10 network unless it tied to a specific application.

I can test this tomorrow evening unless you get a specific answer before then.
It would also help if you post you config

0
 
LVL 4

Author Comment

by:amanzoor
ID: 12357439
Thanks MarkDozier
I would also want to fit in this line to:
'access-list 101 permit tcp any host 216.185.84.189 eq 5336'

Here is my config:

clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
ip host accpac.ggw.net 199.243.98.20
ip host switch 10.10.10.253
ip name-server 207.176.128.2
ip name-server 216.185.84.94
ip name-server 206.186.75.138
ip name-server 209.5.210.134
!
ip inspect audit-trail
ip inspect name inter tcp
ip inspect name inter udp
ip inspect name inter ftp
ip inspect name inter http
ip inspect name inter smtp
ip inspect name inter tftp
ip inspect name inter cuseeme
ip inspect name inter h323
ip inspect name inter rcmd
ip inspect name inter realaudio
ip inspect name inter sqlnet
ip inspect name inter streamworks
ip inspect name inter vdolive
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 no ip directed-broadcast
 speed 100
 full-duplex
 fair-queue 64 256 0
!
interface FastEthernet0/0.10
 description CAMPUS VLAN
 encapsulation dot1Q 10
 ip address 10.10.10.254 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 ip nat inside
!
interface FastEthernet0/0.801
 description CONNECTION TO other campus
 encapsulation dot1Q 801
 ip address 10.10.11.254 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 ip nat inside
!
interface FastEthernet0/0.908
 description INTERNET VIA provider
 bandwidth 1000000
 encapsulation dot1Q 908
 ip address 216.185.84.62 255.255.255.252
 ip access-group 101 in
 no ip redirects
 no ip directed-broadcast
 ip nat outside
 ip inspect inter out
!
ip nat translation timeout 1600
ip nat pool inter 216.185.84.185 216.185.84.185 netmask 255.255.255.248
ip nat inside source list 1 pool inter overload
ip nat inside source static 10.10.10.18 216.185.84.187
ip nat inside source static 10.10.10.20 216.185.84.186
ip nat inside source static 10.10.10.99 216.185.84.190
ip nat inside source static 10.10.10.101 216.185.84.189
ip nat inside source static 10.10.10.3 216.185.84.188
ip nat inside source static tcp 10.10.10.20 8080 216.185.84.186 80 extendable
ip nat inside source static tcp 10.10.10.20 5336 216.185.84.186 5336 extendable
ip nat inside source static udp 10.10.10.20 500 216.185.84.186 500 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 216.185.84.61
no ip http server
!
!
map-list nat
!
map-list ip
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 98 permit 24.244.193.6
access-list 98 permit 216.94.53.126
access-list 101 permit tcp host 199.243.98.20 any eq 135
access-list 101 remark Inbound Internet Access List
access-list 101 permit tcp host 216.94.53.126 host 216.185.84.62 eq telnet
access-list 101 permit tcp host 24.244.193.6 host 216.185.84.62 eq telnet
access-list 101 permit esp any host 216.185.84.186
access-list 101 permit esp any host 216.185.84.187
access-list 101 permit ahp any host 216.185.84.186
access-list 101 permit ahp any host 216.185.84.187
access-list 101 permit tcp any host 216.185.84.186 eq www
access-list 101 permit tcp any host 216.185.84.186 eq 8080
access-list 101 permit tcp any host 216.185.84.186 eq 5336
access-list 101 permit udp any host 216.185.84.186 eq isakmp
access-list 101 permit udp any host 216.185.84.187 eq isakmp
access-list 101 permit tcp any host 216.185.84.187 eq smtp
access-list 101 permit tcp any host 216.185.84.187 eq www
access-list 101 permit tcp any host 216.185.84.187 eq 443
access-list 101 permit tcp any host 216.185.84.187 eq 8098
access-list 101 permit tcp any host 216.185.84.187 eq 8099
access-list 101 permit tcp any host 216.185.84.187 eq pop3
access-list 101 permit tcp any host 216.185.84.189 eq 1723
access-list 101 permit gre any host 216.185.84.189
access-list 101 permit tcp any host 216.185.84.189 eq www
access-list 101 permit tcp any host 216.185.84.189 eq smtp
access-list 101 permit tcp any host 216.185.84.189 eq pop3
access-list 101 permit tcp any host 216.185.84.189 eq 8080
access-list 101 permit tcp any host 216.185.84.189 eq 8383
access-list 101 permit tcp any host 216.185.84.189 eq 8181
access-list 101 permit tcp any host 216.185.84.189 eq 19815
access-list 101 permit tcp any host 216.185.84.189 eq 81
access-list 101 permit tcp any host 216.185.84.189 eq 82
access-list 101 permit tcp any host 216.185.84.189 eq 8093
access-list 101 permit tcp any host 216.185.84.188 eq ftp
access-list 101 permit tcp any host 216.185.84.190 eq www
access-list 101 permit ip any host 216.185.84.190
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 permit udp host 199.212.17.35 host 216.185.84.62 eq ntp
access-list 101 permit udp host 199.212.17.34 host 216.185.84.62 eq ntp
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any traceroute
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any packet-too-big
access-list 101 deny   ip any any log
banner motd ^CC

*** UNAUTHORIZED ACCESS IS PROHIBITED!  ALL ACTIVITY IS LOGGED! ***

^C
!
line con 0
 exec-timeout 9 0
 password
 logging synchronous
 login
 transport input none
line aux 0
line vty 0 3
 exec-timeout 9 0
 password
 logging synchronous
 login
line vty 4
 exec-timeout 9 0
 password
 logging synchronous
 login
 transport input pad v120 telnet rlogin udptn
!
0
 
LVL 4

Author Comment

by:amanzoor
ID: 12380659
Hello MarkDozier
Have you received my comments dated 10/20?
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question