MarkMaloney
asked on
Cisco 2821 causing heck, or maybe its just me!
Hi all,
First post ever so I'll try and make it to the point and give you the whole layout instead of jumping around that way you have the full picture.
Company has the following network setup.
Dell Server which handles our DNS & Exchange, also has a website that is both handled inside and outside the network using IIS 6 with an SSL , 2 switches (both working just fine), 1 Voip server connected to a PRI and then via ethernet back to one of the switches, (Works like a charm), then we come to my personal nemesis, a 2821 Cisco router. It has 2 xT1 ports (not being used yet) and 2 eth ports.
We use 2 bonded T1's via ethernet to connect to the internet giving us 3meg and 3meg down.
Just to add to this to really set the stage, this is the first attempt with a Cisco anything and I've had it about a week.
We have 5 public IP's of which we are using just one right now, not including the gateway.
Gig0/1=untrusted outside 69.xx.xx.242
Gig0/0=trusted inside 192.168.16.1
Gateway=69.xx.xx.241
Public IP's=69.xx.xx.242-247
Cisco Router=192.168.16.1
Voip server 192.168.16.200
Managed Switch 1 and 2 192.168.250&251
Dell Server (DNS & II 6 & Exchange & Website) 192.168.16.3
Here's my issue(s), since putting this new router into our network, all heck has broken loose. DNS not resolving, SSL not passing through the firewall etc. People are even having a hardtime browsing through our own network. I personally think I goofed up somewhere and clicked one too many things and I'm not afraid to admit it !
Here's the show-run
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate wic 0
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
ip inspect alert-off
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 imap3
ip inspect name DEFAULT100 pop3
ip inspect name DEFAULT100 pop3s
ip inspect name DEFAULT100 qmtp-tcp
ip inspect name DEFAULT100 fragment maximum 256 timeout 1
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW dns alert off audit-trail off
ip inspect name SDM_LOW ftp alert off audit-trail off
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.199
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 192.168.16.253 192.168.16.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.16.0 255.255.255.0
dns-server 216.xx.xx.157 192.168.16.3
default-router 192.168.16.1
lease 5
!
ip dhcp pool voip
host 192.168.16.200 255.255.255.0
hardware-address 001c.c411.ce54
!
ip dhcp pool kyocera
host 192.168.16.88 255.255.255.0
hardware-address 00c0.ee5c.2074
!
ip dhcp pool bwcopier
host 192.168.16.18 255.255.255.0
hardware-address 00c0.eed0.c2c7
!
ip dhcp pool dell server
host 192.168.16.3 255.255.255.0
hardware-address 0014.2277.df3f
!
ip dhcp pool linux process sever (just 1 app, nothing fancy)
host 192.168.16.240 255.255.255.0
hardware-address 000e.0cb7.1f61
!
ip dhcp pool 24port switch
host 192.168.16.250 255.255.255.0
hardware-address 0015.c52f.a2a3
!
ip dhcp pool 48port switch
host 192.168.16.251 255.255.255.0
hardware-address 0015.c5d3.0058
!
!
no ip bootp server
ip domain name fxxxx.xxx.xxx.net
ip name-server 216.xx.xx.157
ip name-server 216.xx.xx.146
ip name-server 192.168.16.3
ip name-server 192.168.16.200
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-xxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-xxxxx xxx
revocation-check none
rsakeypair TP-self-signed-xxxxxxx
!
!
crypto pki certificate chain TP-self-signed-883605245
certificate self-signed 01
CERTIFICATE CODE LEFT OUT ON PURPOSE
quit
username XXX privilege 15 secret 5 XXXXXXXXX
username cxxxxx privilege 15 view root secret 5 xxxxxx
!
!
controller T1 0/0/0
framing esf
linecode b8zs
!
controller T1 0/0/1
framing esf
linecode b8zs
!
policy-map SDM-QoS-Policy-1
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO- GE 0/0$$ES_LAN$$FW_INSIDE$$ET H-LAN$
ip address 192.168.16.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-W AN$
ip address 69.xx.xx.242 255.255.255.248
ip access-group 120 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
service-policy output SDM-QoS-Policy-1
!
ip classless
ip route 0.0.0.0 0.0.0.0 69.xx.xx.241 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool insidepool 192.168.16.0 192.168.16.254 netmask 255.255.255.0
ip nat pool tdspool 69.xx.xx.242 69.xx.xx.246 netmask 255.255.255.248
ip nat inside source list 110 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.16.1 21 interface GigabitEthernet0/1 21
ip nat inside source static tcp 192.168.16.200 5060 interface GigabitEthernet0/1 5060
ip nat inside source static udp 192.168.16.3 53 interface GigabitEthernet0/1 53
ip nat inside source static udp 192.168.16.3 123 interface GigabitEthernet0/1 123
ip nat inside source static tcp 192.168.16.200 9000 interface GigabitEthernet0/1 9000
ip nat inside source static tcp 192.168.16.3 80 interface GigabitEthernet0/1 80
ip nat inside source static tcp 192.168.16.200 8000 interface GigabitEthernet0/1 8000
ip nat inside source static tcp 192.168.16.3 3306 interface GigabitEthernet0/1 3306
ip nat inside source static tcp 192.168.16.3 25 interface GigabitEthernet0/1 25
ip nat inside source static tcp 192.168.16.3 443 interface GigabitEthernet0/1 443
ip nat inside source static tcp 192.168.16.3 4125 interface GigabitEthernet0/1 4125
ip nat inside source static tcp 192.168.16.3 3389 interface GigabitEthernet0/1 3389
ip nat inside source static tcp 192.168.16.3 1701 interface GigabitEthernet0/1 1701
ip nat inside source static tcp 192.168.16.3 1723 interface GigabitEthernet0/1 1723
ip nat inside source static tcp 192.168.16.3 110 interface GigabitEthernet0/1 110
ip nat inside source static tcp 192.168.16.3 366 interface GigabitEthernet0/1 366
ip nat inside source static tcp 192.168.16.3 118 interface GigabitEthernet0/1 118
ip nat inside source static tcp 192.168.16.3 444 interface GigabitEthernet0/1 444
!
ip access-list extended sdm_gigabitethernet0/0_in
permit ip 0.0.0.0 255.255.255.0 any
ip access-list extended sdm_gigabitethernet0/1_in
permit udp host 216.xx.xx.146 eq domain any
permit udp host 216.xx.xx.157 eq domain any
permit ip host 192.168.10.0 host 69.xx.xx.242
ip access-list extended sdm_gigabitethernet0/1_in_ 100
permit ip any any
ip access-list extended sdm_gigabitethernet0/1_out
permit ip 0.0.0.0 255.255.255.0 host 69.xx.xx.242
logging trap debugging
access-list 1 remark INSIDE_IF=GigabitEthernet0 /0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.10.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100
access-list 100 permit udp host 192.168.16.200 eq domain any
access-list 100 permit udp host 192.168.16.3 eq domain any
access-list 100 permit ip 69.xx.xx.240 0.0.0.7 any
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit tcp any any eq www
access-list 100 permit ip any any
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101
access-list 101 permit udp host 192.168.16.3 eq domain host 69.xx.xx.243
access-list 101 permit udp host 216.xx.xx.157 eq domain host 69.xx.xx.243
access-list 101 deny ip 192.168.10.0 0.0.0.255 any
access-list 101 permit icmp any host 69.xx.xx.243 echo-reply
access-list 101 permit icmp any host 69.xx.xx.243 time-exceeded
access-list 101 permit icmp any host 69.xx.xx.243 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101
access-list 101
access-list 102
access-list 102 permit tcp any host 69.xx.xx.242 eq 444
access-list 102 permit tcp any host 69.xx.xx.242 eq 118
access-list 102 permit tcp any host 69.xx.xx.242 eq 366
access-list 102 permit tcp any host 69.xx.xx.242 eq pop3
access-list 102 permit udp any host 69.xx.xx.242 eq 1434
access-list 102 permit tcp any host 69.xx.xx.242 eq 1723
access-list 102 permit tcp any host 69.xx.xx.242 eq 1701
access-list 102 permit tcp any host 69.xx.xx.242 eq 3389
access-list 102 permit tcp any host 69.xx.xx.242 eq 4125
access-list 102 permit tcp any host 69.xx.xx.242 eq 443
access-list 102 permit tcp any host 69.xx.xx.242 eq smtp
access-list 102 permit tcp any host 69.xx.xx.242 eq 3306
access-list 102 permit tcp any host 69.xx.xx.242 eq 8000
access-list 102 permit tcp any host 69.xx.xx.242 eq www
access-list 102 permit tcp any host 69.xx.xx.242 eq 9000
access-list 102 permit udp any host 69.xx.xx.242 eq ntp
access-list 102 permit udp any host 69.xx.xx.242 eq domain
access-list 102 permit tcp any host 69.xx.xx.242 eq 5060
access-list 102 permit tcp any host 69.xx.xx.242 eq ftp
access-list 102 permit udp host 216.xx.xx.146 eq domain host 69.xx.xx.242
access-list 102 permit udp host 216.xx.xx.157 eq domain host 69.xx.xx.242
access-list 102 remark Auto generated by SDM for NTP (123) 66.36.239.104
access-list 102 permit udp host 66.36.239.104 eq ntp host 69.xx.xx.242 eq ntp
access-list 102 deny ip 192.168.16.0 0.0.0.255 any
access-list 102 permit icmp any host 69.xx.xx.242 echo-reply
access-list 102 permit icmp any host 69.xx.xx.242 time-exceeded
access-list 102 permit icmp any host 69.xx.xx.242 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 110 8
access-list 110 permit ip 192.168.16.0 0.0.0.255 any
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 120 permit tcp any host 69.xx.xx.242 eq www
access-list 120 permit tcp any host 69.xx.xx.242 eq 3306
access-list 120 permit udp any host 69.xx.xx.242 eq ntp
access-list 120 permit tcp any host 69.xx.xx.242 eq 8000
access-list 120 permit udp any host 69.xx.xx.242 eq 1434
access-list 120 permit tcp any host 69.xx.xx.242 eq 9000
access-list 120 permit tcp any host 69.xx.xx.242 eq smtp
access-list 120 permit tcp any host 69.xx.xx.242 eq ftp
access-list 120 permit tcp any host 69.xx.xx.242 eq 443
access-list 120 permit tcp any host 69.xx.xx.242 eq 444
access-list 120 permit tcp any host 69.xx.xx.242 eq 4125
access-list 120 permit tcp any host 69.xx.xx.242 eq 3389
access-list 120 permit tcp any host 69.xx.xx.242 eq 1701
access-list 120 permit tcp any host 69.xx.xx.242 eq 1723
access-list 120 permit tcp any host 69.xx.xx.242 eq pop3
access-list 120 permit udp any eq domain any
access-list 120 permit tcp any host 69.xx.xx.242 eq 366
access-list 120 permit tcp any host 69.xx.xx.242 eq 118
access-list 120 permit tcp any any eq telnet
access-list 120 permit icmp any any
access-list 120 permit tcp any any established
access-list 120 deny ip any any log
access-list 120 permit tcp any host 69.xx.xx.242 eq 5060
access-list 130 remark Outside access
access-list 130
access-list 130 permit udp any eq domain any
access-list 130 remark Outside access
access-list 130
access-list 130 remark Outside access
access-list 130
access-list 130 remark Outside access
access-list 130
no cdp run
!
!
control-plane
You can take a breath now LOL
Like I said, I know networking but this Cisco is giving me one helluva headache but I know once its fully configured, it'll run forever.
Thanks for taking the time to read this
First post ever so I'll try and make it to the point and give you the whole layout instead of jumping around that way you have the full picture.
Company has the following network setup.
Dell Server which handles our DNS & Exchange, also has a website that is both handled inside and outside the network using IIS 6 with an SSL , 2 switches (both working just fine), 1 Voip server connected to a PRI and then via ethernet back to one of the switches, (Works like a charm), then we come to my personal nemesis, a 2821 Cisco router. It has 2 xT1 ports (not being used yet) and 2 eth ports.
We use 2 bonded T1's via ethernet to connect to the internet giving us 3meg and 3meg down.
Just to add to this to really set the stage, this is the first attempt with a Cisco anything and I've had it about a week.
We have 5 public IP's of which we are using just one right now, not including the gateway.
Gig0/1=untrusted outside 69.xx.xx.242
Gig0/0=trusted inside 192.168.16.1
Gateway=69.xx.xx.241
Public IP's=69.xx.xx.242-247
Cisco Router=192.168.16.1
Voip server 192.168.16.200
Managed Switch 1 and 2 192.168.250&251
Dell Server (DNS & II 6 & Exchange & Website) 192.168.16.3
Here's my issue(s), since putting this new router into our network, all heck has broken loose. DNS not resolving, SSL not passing through the firewall etc. People are even having a hardtime browsing through our own network. I personally think I goofed up somewhere and clicked one too many things and I'm not afraid to admit it !
Here's the show-run
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate wic 0
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
ip inspect alert-off
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 imap3
ip inspect name DEFAULT100 pop3
ip inspect name DEFAULT100 pop3s
ip inspect name DEFAULT100 qmtp-tcp
ip inspect name DEFAULT100 fragment maximum 256 timeout 1
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW dns alert off audit-trail off
ip inspect name SDM_LOW ftp alert off audit-trail off
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.199
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 192.168.16.253 192.168.16.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.16.0 255.255.255.0
dns-server 216.xx.xx.157 192.168.16.3
default-router 192.168.16.1
lease 5
!
ip dhcp pool voip
host 192.168.16.200 255.255.255.0
hardware-address 001c.c411.ce54
!
ip dhcp pool kyocera
host 192.168.16.88 255.255.255.0
hardware-address 00c0.ee5c.2074
!
ip dhcp pool bwcopier
host 192.168.16.18 255.255.255.0
hardware-address 00c0.eed0.c2c7
!
ip dhcp pool dell server
host 192.168.16.3 255.255.255.0
hardware-address 0014.2277.df3f
!
ip dhcp pool linux process sever (just 1 app, nothing fancy)
host 192.168.16.240 255.255.255.0
hardware-address 000e.0cb7.1f61
!
ip dhcp pool 24port switch
host 192.168.16.250 255.255.255.0
hardware-address 0015.c52f.a2a3
!
ip dhcp pool 48port switch
host 192.168.16.251 255.255.255.0
hardware-address 0015.c5d3.0058
!
!
no ip bootp server
ip domain name fxxxx.xxx.xxx.net
ip name-server 216.xx.xx.157
ip name-server 216.xx.xx.146
ip name-server 192.168.16.3
ip name-server 192.168.16.200
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-xxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-xxxxxxx
!
!
crypto pki certificate chain TP-self-signed-883605245
certificate self-signed 01
CERTIFICATE CODE LEFT OUT ON PURPOSE
quit
username XXX privilege 15 secret 5 XXXXXXXXX
username cxxxxx privilege 15 view root secret 5 xxxxxx
!
!
controller T1 0/0/0
framing esf
linecode b8zs
!
controller T1 0/0/1
framing esf
linecode b8zs
!
policy-map SDM-QoS-Policy-1
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.16.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-W
ip address 69.xx.xx.242 255.255.255.248
ip access-group 120 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
service-policy output SDM-QoS-Policy-1
!
ip classless
ip route 0.0.0.0 0.0.0.0 69.xx.xx.241 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool insidepool 192.168.16.0 192.168.16.254 netmask 255.255.255.0
ip nat pool tdspool 69.xx.xx.242 69.xx.xx.246 netmask 255.255.255.248
ip nat inside source list 110 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.16.1 21 interface GigabitEthernet0/1 21
ip nat inside source static tcp 192.168.16.200 5060 interface GigabitEthernet0/1 5060
ip nat inside source static udp 192.168.16.3 53 interface GigabitEthernet0/1 53
ip nat inside source static udp 192.168.16.3 123 interface GigabitEthernet0/1 123
ip nat inside source static tcp 192.168.16.200 9000 interface GigabitEthernet0/1 9000
ip nat inside source static tcp 192.168.16.3 80 interface GigabitEthernet0/1 80
ip nat inside source static tcp 192.168.16.200 8000 interface GigabitEthernet0/1 8000
ip nat inside source static tcp 192.168.16.3 3306 interface GigabitEthernet0/1 3306
ip nat inside source static tcp 192.168.16.3 25 interface GigabitEthernet0/1 25
ip nat inside source static tcp 192.168.16.3 443 interface GigabitEthernet0/1 443
ip nat inside source static tcp 192.168.16.3 4125 interface GigabitEthernet0/1 4125
ip nat inside source static tcp 192.168.16.3 3389 interface GigabitEthernet0/1 3389
ip nat inside source static tcp 192.168.16.3 1701 interface GigabitEthernet0/1 1701
ip nat inside source static tcp 192.168.16.3 1723 interface GigabitEthernet0/1 1723
ip nat inside source static tcp 192.168.16.3 110 interface GigabitEthernet0/1 110
ip nat inside source static tcp 192.168.16.3 366 interface GigabitEthernet0/1 366
ip nat inside source static tcp 192.168.16.3 118 interface GigabitEthernet0/1 118
ip nat inside source static tcp 192.168.16.3 444 interface GigabitEthernet0/1 444
!
ip access-list extended sdm_gigabitethernet0/0_in
permit ip 0.0.0.0 255.255.255.0 any
ip access-list extended sdm_gigabitethernet0/1_in
permit udp host 216.xx.xx.146 eq domain any
permit udp host 216.xx.xx.157 eq domain any
permit ip host 192.168.10.0 host 69.xx.xx.242
ip access-list extended sdm_gigabitethernet0/1_in_
permit ip any any
ip access-list extended sdm_gigabitethernet0/1_out
permit ip 0.0.0.0 255.255.255.0 host 69.xx.xx.242
logging trap debugging
access-list 1 remark INSIDE_IF=GigabitEthernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.10.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100
access-list 100 permit udp host 192.168.16.200 eq domain any
access-list 100 permit udp host 192.168.16.3 eq domain any
access-list 100 permit ip 69.xx.xx.240 0.0.0.7 any
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit tcp any any eq www
access-list 100 permit ip any any
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101
access-list 101 permit udp host 192.168.16.3 eq domain host 69.xx.xx.243
access-list 101 permit udp host 216.xx.xx.157 eq domain host 69.xx.xx.243
access-list 101 deny ip 192.168.10.0 0.0.0.255 any
access-list 101 permit icmp any host 69.xx.xx.243 echo-reply
access-list 101 permit icmp any host 69.xx.xx.243 time-exceeded
access-list 101 permit icmp any host 69.xx.xx.243 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101
access-list 101
access-list 102
access-list 102 permit tcp any host 69.xx.xx.242 eq 444
access-list 102 permit tcp any host 69.xx.xx.242 eq 118
access-list 102 permit tcp any host 69.xx.xx.242 eq 366
access-list 102 permit tcp any host 69.xx.xx.242 eq pop3
access-list 102 permit udp any host 69.xx.xx.242 eq 1434
access-list 102 permit tcp any host 69.xx.xx.242 eq 1723
access-list 102 permit tcp any host 69.xx.xx.242 eq 1701
access-list 102 permit tcp any host 69.xx.xx.242 eq 3389
access-list 102 permit tcp any host 69.xx.xx.242 eq 4125
access-list 102 permit tcp any host 69.xx.xx.242 eq 443
access-list 102 permit tcp any host 69.xx.xx.242 eq smtp
access-list 102 permit tcp any host 69.xx.xx.242 eq 3306
access-list 102 permit tcp any host 69.xx.xx.242 eq 8000
access-list 102 permit tcp any host 69.xx.xx.242 eq www
access-list 102 permit tcp any host 69.xx.xx.242 eq 9000
access-list 102 permit udp any host 69.xx.xx.242 eq ntp
access-list 102 permit udp any host 69.xx.xx.242 eq domain
access-list 102 permit tcp any host 69.xx.xx.242 eq 5060
access-list 102 permit tcp any host 69.xx.xx.242 eq ftp
access-list 102 permit udp host 216.xx.xx.146 eq domain host 69.xx.xx.242
access-list 102 permit udp host 216.xx.xx.157 eq domain host 69.xx.xx.242
access-list 102 remark Auto generated by SDM for NTP (123) 66.36.239.104
access-list 102 permit udp host 66.36.239.104 eq ntp host 69.xx.xx.242 eq ntp
access-list 102 deny ip 192.168.16.0 0.0.0.255 any
access-list 102 permit icmp any host 69.xx.xx.242 echo-reply
access-list 102 permit icmp any host 69.xx.xx.242 time-exceeded
access-list 102 permit icmp any host 69.xx.xx.242 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 110 8
access-list 110 permit ip 192.168.16.0 0.0.0.255 any
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 110 8
access-list 120 permit tcp any host 69.xx.xx.242 eq www
access-list 120 permit tcp any host 69.xx.xx.242 eq 3306
access-list 120 permit udp any host 69.xx.xx.242 eq ntp
access-list 120 permit tcp any host 69.xx.xx.242 eq 8000
access-list 120 permit udp any host 69.xx.xx.242 eq 1434
access-list 120 permit tcp any host 69.xx.xx.242 eq 9000
access-list 120 permit tcp any host 69.xx.xx.242 eq smtp
access-list 120 permit tcp any host 69.xx.xx.242 eq ftp
access-list 120 permit tcp any host 69.xx.xx.242 eq 443
access-list 120 permit tcp any host 69.xx.xx.242 eq 444
access-list 120 permit tcp any host 69.xx.xx.242 eq 4125
access-list 120 permit tcp any host 69.xx.xx.242 eq 3389
access-list 120 permit tcp any host 69.xx.xx.242 eq 1701
access-list 120 permit tcp any host 69.xx.xx.242 eq 1723
access-list 120 permit tcp any host 69.xx.xx.242 eq pop3
access-list 120 permit udp any eq domain any
access-list 120 permit tcp any host 69.xx.xx.242 eq 366
access-list 120 permit tcp any host 69.xx.xx.242 eq 118
access-list 120 permit tcp any any eq telnet
access-list 120 permit icmp any any
access-list 120 permit tcp any any established
access-list 120 deny ip any any log
access-list 120 permit tcp any host 69.xx.xx.242 eq 5060
access-list 130 remark Outside access
access-list 130
access-list 130 permit udp any eq domain any
access-list 130 remark Outside access
access-list 130
access-list 130 remark Outside access
access-list 130
access-list 130 remark Outside access
access-list 130
no cdp run
!
!
control-plane
You can take a breath now LOL
Like I said, I know networking but this Cisco is giving me one helluva headache but I know once its fully configured, it'll run forever.
Thanks for taking the time to read this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER