Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Firewall Configuaration of Cisco 1720 Router

Posted on 2006-05-04
Medium Priority
Last Modified: 2013-11-16
I work for a school. We have a very simple setup with a Local Area Network connected with 3Com Superstack Switches. We have a CISCO Internet Access Router 1720. We have a mail server which has a local/private IP and there is a NAT rule defined on the router to redirect port 25 and port 110 to the mail server. Till now I am using only one public IP which is defined on router. In last few days we are experiencing a problem from AOL mail accounts. AOL doesn't accept our mails just becuase the mail server is running on private IP. I want to switch my mail server on a public IP and configure the firewall on the router as well. Could somebody please guide me how I can configure Cisco as a firewall and configure DMZ to allow the mail server to be accessed from Internet?

Question by:ikhanr
1 Comment

Accepted Solution

stressedout2004 earned 2000 total points
ID: 16619266
So your adding another interface on the 1720 where you will place your servers that will be accessible from the internet?
Will this interface and servers behind this interface have a public IP? Here's a sample configuration for you. Please take note that this assumes the following:

1) Router is running a feature set  and version capable of CBAC.
2) DMZ is a public network
3) Access-list are just for illustration purposes

ip inspect audit-trail
ip inspect name FW cuseeme
ip inspect name FW ftp
ip inspect name FW h323
ip inspect name FW tcp
ip inspect name FW tftp
ip inspect name FW udp
ip inspect name FW vdolive
ip inspect name FW http
ip inspect name FW rcmd
ip inspect name FW smtp
ip inspect name FW sqlnet
ip audit notify log
ip audit po max-events 100

interface ethernet 1/0
description "internal net"
ip address
ip access-group 101 in
ip inspect FW in --> !!This inspection opens temporary entries on access lists 102 and 103

interface ethernet 2/0
description "public servers"
ip address  
ip access-group 102 in

interface serial1/0
ip address
ip access-group 103 in

access-list 101 permit ip any
access-list 101 deny ip any any
access-list 102 permit ip any
access-list 102 deny ip any any
access-list 103 permit udp any host eq domain
access-list 103 permit tcp any host eq domain
access-list 103 permit tcp any host eq www
access-list 103 permit tcp any host eq smtp
access-list 103 deny ip any any

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Loops Section Overview
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 3 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question