We help IT Professionals succeed at work.
Get Started

how to secure cisco 837 adsl router

OptiMisTic
OptiMisTic asked
on
941 Views
Last Modified: 2013-12-14
Hi ihave cisco 837 ADSL Router which i am using for intet access from 2 ISPs. Bellow is its configuratiuons. I have removed Auto Secure Firewall entries from its both Dialer1 & Ethernet 2 Interfaces due to following problems.

1. I was using it as DNS Server (to aviod giving isp dns servers to each computer) with "IP DNS Server" Command and when i did auto secure, it stop working.

2. I want to use DDNS with HTTP Updates and i have DynDNS service for this but after auto secure it stop updateing the IP ADdress at dyndns.com

3. I also want to configure equal load sharing for both wan links and want to use ip sla / route tracking for this.

Please tell me detailed configuration commands for above tasks.

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 837-K9
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$SyLG$z9DGnes/A4xYdqL.dEGpO/
!
no aaa new-model
!
!
!
!
ip cef
ip name-server 10.255.240.51
ip name-server 8.8.8.8
ip name-server 208.67.222.222
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
vpdn enable
!
!
!
!
archive
 log config
  logging enable
!
!
!
!
!
!
interface Ethernet0
 description LAN
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no cdp enable
 hold-queue 100 out
!
interface Ethernet2
 description PTCL-NET
 ip address 10.189.76.253 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 hold-queue 100 out
!
interface ATM0
 description ADSL
 mtu 1452
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/103
  pppoe-client dial-pool-number 1 dial-on-demand
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
interface Dialer1
 description PTCL-DSL
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 no ip mroute-cache
 dialer pool 1
 dialer idle-timeout 900 either
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp pap sent-username tobishima password 0 ptcl
 ppp ipcp dns request accept
 ppp ipcp mask request
 ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.189.76.254 10
ip route 0.0.0.0 0.0.0.0 Dialer1 20
ip route 192.168.1.64 255.255.255.192 192.168.1.35
ip route 192.168.1.128 255.255.255.192 192.168.1.35
ip route 192.168.1.192 255.255.255.192 192.168.1.35
!
ip http server
no ip http secure-server
ip dns server
!
ip nat inside source route-map PTCL-DSL interface Dialer1 overload
ip nat inside source route-map PTCL-NET interface Ethernet2 overload
!
!
ip access-list extended autosec_firewall_acl
 permit udp any any eq bootpc
 deny   ip any any
 permit tcp any any eq telnet
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
!
route-map PTCL-NET permit 10
 match ip address 110
 match interface Ethernet2
!
route-map PTCL-DSL permit 10
 match ip address 110
 match interface Dialer1
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password ciscocisco
 login
!
scheduler max-task-time 5000
end


Best Regards
Alik
Comment
Watch Question
Commented:
This problem has been solved!
Unlock 1 Answer and 7 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE