Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1718
  • Last Modified:

How to configure & connect Cisco 1841 Router for my office network?

Dear EEs,
I have got one cisco router 1841 to be configured with firewall, switch & Mrotek ASMi-52 Lease Line device for internet.
This is the first time when I will be configuring Cisco router & ASMi-52 devise.
Your can see it here : http://www.mro-tek.com/html/faq_asmi52.php?#2
I have been given a input RJ45 connecter by the telecom company for the internet connection.
Now I dont know what all configuration I need to do in router?
Will one end of CAT6 cable go to this ASMi-52 device & other end will go to router fe 0/0?
Kindly advise what all config I need to do in router as well as ASMi-52.
Thanks & Best regards,
DXB
0
dxbdxb2009
Asked:
dxbdxb2009
  • 3
  • 2
1 Solution
 
Vito_CorleoneCommented:
Yes, a cable should go between the 1841 and ASMi device. You will need to configure NAT and your internal network, possibly DHCP, depending on how you're setting everything up. You should also configure some secure ACLs and/or CBAC. If you need a general config I, or someone else, can post it for you.
0
 
dxbdxb2009Author Commented:
Vito_Corleone: Thanks for your support!
Kindly post the NAT commonds i need to put into router & what all config i need to do in ASMi Device(pls explain it too)
Pls give me a example of good ACLs & post Lease Line commonds for 1841 router.
what is CBAC.
Pls post general config also.
Awaiting for your reply.
Thanks!
DXB
0
 
Vito_CorleoneCommented:
CBAC is the IOS Firewall. Here is a very basic initial config:

aaa new-model
aaa authentication login default local
ip inspect name myfw ftp timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
!
interface FastEthernet0/0
 description Inside
 ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/1
 description Outside
 ip address <outside IP> <subnet mask>
 ip access-group OUTSIDE_IN in
 ip inspect name myfw out
!
ip nat inside source list NAT interface FastEthernet0/1 overload
!
ip classless
!
ip route 0.0.0.0 0.0.0.0 <default gateway>
!
no ip http server
no ip http secure-server
!
line con 0
 logging sync
line vty 0 15
 trans input ssh
 logging sync
!
ip access-list extended NAT
 permit ip 192.168.10.0 0.0.0.255 any
!
ip access-list extended OUTSIDE_IN
 deny   ip host 0.0.0.0 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 192.0.2.0 0.0.0.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 deny   ip any any
!
crypto key gen rsa general-keys mod 1024
0
 
dxbdxb2009Author Commented:
Thanks for the commonds,
Kindly post the configuration i need to do in my lease line configuration in ASMi-52 device.
We will be getting 5 IPs pool for our network.
Kindly advise for the same ASAP.
Kind regards,
DXB
0
 
dxbdxb2009Author Commented:
Vito_Corleone: many thanks
I got the ASMi-52 configured by my ISP,
Now kindly answer me:-
* Is my router 1841 has this CBAC based IOS Firewall.
* what is the use of this command "aaa authentication login default local"
* ip inspect name" command will scann on which router's interface & which traffic Incoming or Outgoing?
* what is "crypto key gen rsa general-keys mod 1024"?
* "ip nat inside source list NAT interface FastEthernet0/1 overload"  where to bind it?
Rest is find Kindly reply for the above query?
Bes regards,
DXB

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now