?
Solved

CISCO IOS CONFIG

Posted on 2010-01-04
5
Medium Priority
?
449 Views
Last Modified: 2012-05-08
A newly configured cisco firewall (using the UC520), I need to configure rules for mail server.

- SMTP server (for incoming email)
- RPC over http (outlook anywhere)
- OWA publishing (publish)
- Active Sync (for mobile devices)

I have access to the firewall using serial cable.

Using sample a) external and internal IP's. b) wan and lan ports, c)  domain names, can someone help with the command lines for this?
0
Comment
Question by:whocaresaboutit
  • 2
  • 2
5 Comments
 
LVL 7

Expert Comment

by:willbaclimon
ID: 26173806
Please uploaded a blank config so we can verify ports and syntanx
0
 

Author Comment

by:whocaresaboutit
ID: 26173831
it's a uc520... so, because it's both data and phones the basic config is veeeery lengthy...
0
 
LVL 9

Expert Comment

by:Vito_Corleone
ID: 26175186
You said firewall, so are you using CBAC? If so, here's a sample config:
ip access-list extended OUTSIDE_IN
 deny   ip host 0.0.0.0 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 192.0.2.0 0.0.0.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 deny   ip any any
!
!
ip inspect name INBOUND smtp
ip inspect name INBOUND ftp
ip inspect name INBOUND tcp
ip inspect name INBOUND udp
ip inspect name INBOUND icmp
ip inspect name INBOUND rpc
!
!
interface Fa0/0
 desc Outside Interface
 ip inspect INBOUND out
!

This gives you an ACL blocking nearly everything inbound, which you would modify to allow the ports you will be using. It then has a CBAC (inspect) config to watch the traffic going out and open the incoming ports it will need. You can use CBAC to match various traffic, it will depend mostly on your IOS version.
0
 

Author Comment

by:whocaresaboutit
ID: 26176190
Something seems to be missing though. This goes as far as allowing inbound traffic for those protocols.

We need to route all of those requests to the mail server sitting behind the firewall, right?

0
 
LVL 9

Accepted Solution

by:
Vito_Corleone earned 2000 total points
ID: 26176822
Ok, so you also need Static NAT statements. Do you have multiple public IPs to use? Here is a sample:

ip nat inside source static tcp <inside IP> <inside port> <outside IP or interface> <outside port>

ip nat inside source static tcp 192.168.15.20 8081 1.1.1.1 8081
or
ip nat inside source static tcp 192.168.25.10 3389 interface fa0/0 3389

If you have multiple publics, you could do 1:! NAT like this:
ip nat inside source static <inside IP> <outside IP>
ip nat inside source static 192.168.25.20 1.1.1.1
ip nat inside source static 192.168.25.10 1.1.1.2

Then you would allow these protocols in the OUTSIDE_IN ACL.

If you need more, please provide more information or a more detailed description.

0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question