Firewall Configuaration of Cisco 1720 Router

I work for a school. We have a very simple setup with a Local Area Network connected with 3Com Superstack Switches. We have a CISCO Internet Access Router 1720. We have a mail server which has a local/private IP and there is a NAT rule defined on the router to redirect port 25 and port 110 to the mail server. Till now I am using only one public IP which is defined on router. In last few days we are experiencing a problem from AOL mail accounts. AOL doesn't accept our mails just becuase the mail server is running on private IP. I want to switch my mail server on a public IP and configure the firewall on the router as well. Could somebody please guide me how I can configure Cisco as a firewall and configure DMZ to allow the mail server to be accessed from Internet?

Thanks.
ikhanrAsked:
Who is Participating?
 
stressedout2004Commented:
So your adding another interface on the 1720 where you will place your servers that will be accessible from the internet?
Will this interface and servers behind this interface have a public IP? Here's a sample configuration for you. Please take note that this assumes the following:

1) Router is running a feature set  and version capable of CBAC.
2) DMZ is a public network
3) Access-list are just for illustration purposes

ip inspect audit-trail
ip inspect name FW cuseeme
ip inspect name FW ftp
ip inspect name FW h323
ip inspect name FW tcp
ip inspect name FW tftp
ip inspect name FW udp
ip inspect name FW vdolive
ip inspect name FW http
ip inspect name FW rcmd
ip inspect name FW smtp
ip inspect name FW sqlnet
ip audit notify log
ip audit po max-events 100

 
interface ethernet 1/0
description "internal net"
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
ip inspect FW in --> !!This inspection opens temporary entries on access lists 102 and 103


interface ethernet 2/0
description "public servers"
ip address 2.2.2.1 255.255.255.0  
ip access-group 102 in

 
interface serial1/0
ip address 1.1.1.1 255.255.255.0
ip access-group 103 in

 
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 deny ip any any
 
access-list 102 permit ip 2.2.2.0 0.0.0.255 any
access-list 102 deny ip any any
 
access-list 103 permit udp any host 2.2.2.2 eq domain
access-list 103 permit tcp any host 2.2.2.2 eq domain
access-list 103 permit tcp any host 2.2.2.2 eq www
access-list 103 permit tcp any host 2.2.2.2 eq smtp
access-list 103 deny ip any any
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.