Firewall Configuaration of Cisco 1720 Router

Posted on 2006-05-04
Last Modified: 2013-11-16
I work for a school. We have a very simple setup with a Local Area Network connected with 3Com Superstack Switches. We have a CISCO Internet Access Router 1720. We have a mail server which has a local/private IP and there is a NAT rule defined on the router to redirect port 25 and port 110 to the mail server. Till now I am using only one public IP which is defined on router. In last few days we are experiencing a problem from AOL mail accounts. AOL doesn't accept our mails just becuase the mail server is running on private IP. I want to switch my mail server on a public IP and configure the firewall on the router as well. Could somebody please guide me how I can configure Cisco as a firewall and configure DMZ to allow the mail server to be accessed from Internet?

Question by:ikhanr
    1 Comment
    LVL 9

    Accepted Solution

    So your adding another interface on the 1720 where you will place your servers that will be accessible from the internet?
    Will this interface and servers behind this interface have a public IP? Here's a sample configuration for you. Please take note that this assumes the following:

    1) Router is running a feature set  and version capable of CBAC.
    2) DMZ is a public network
    3) Access-list are just for illustration purposes

    ip inspect audit-trail
    ip inspect name FW cuseeme
    ip inspect name FW ftp
    ip inspect name FW h323
    ip inspect name FW tcp
    ip inspect name FW tftp
    ip inspect name FW udp
    ip inspect name FW vdolive
    ip inspect name FW http
    ip inspect name FW rcmd
    ip inspect name FW smtp
    ip inspect name FW sqlnet
    ip audit notify log
    ip audit po max-events 100

    interface ethernet 1/0
    description "internal net"
    ip address
    ip access-group 101 in
    ip inspect FW in --> !!This inspection opens temporary entries on access lists 102 and 103

    interface ethernet 2/0
    description "public servers"
    ip address  
    ip access-group 102 in

    interface serial1/0
    ip address
    ip access-group 103 in

    access-list 101 permit ip any
    access-list 101 deny ip any any
    access-list 102 permit ip any
    access-list 102 deny ip any any
    access-list 103 permit udp any host eq domain
    access-list 103 permit tcp any host eq domain
    access-list 103 permit tcp any host eq www
    access-list 103 permit tcp any host eq smtp
    access-list 103 deny ip any any

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now