Link to home
Start Free TrialLog in
Avatar of Dan560
Dan560Flag for United Kingdom of Great Britain and Northern Ireland

asked on

cisco 877 access list help

Hi,

I am using a Cisco 877. Can somebody please provide me with the commands I need to add to my FW to allow the following port forwarding to the following IP's

PORT 25   >  10.135.196.20
PORT 443 > 10.135.196.20
PORT 3389 > 10.135.196.21

Please find my config below..


!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RTR001
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 $1$xUa1$S2NdRHHs676JqxtGvINnN0
enable password X.X.X.X
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4265623270
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4265623270
 revocation-check none
 rsakeypair TP-self-signed-4265623270
!
!
crypto pki certificate chain TP-self-signed-4265623270
 certificate self-signed 01
  30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 34323635 36323332 3730301E 170D3032 30333031 30303138 
  33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32363536 
  32333237 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100B6E7 1F55AA78 FBF07850 E0B34497 2EB00BA9 EA312595 D4D479E2 8914817E 
  E6B98247 F9364CCF C0D07729 E567B0FA 49F422BA B701D9B5 2A248E11 1A59D45E 
  13F6333D 0B6E85B6 8F141469 927F1C94 65182FC6 7A2801A5 3798781C 56EE71E2 
  63C44D04 EBB8A3F0 A16819A4 C6D61B9E D160A2BB 87236E25 0D96A7F4 CE47897A 
  67610203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603 
  551D1104 11300F82 0D4D4449 53554B2D 52545230 3031301F 0603551D 23041830 
  16801476 0A47E39F E63FF9F0 F1344396 231AEF60 2A873330 1D060355 1D0E0416 
  0414760A 47E39FE6 3FF9F0F1 34439623 1AEF602A 8733300D 06092A86 4886F70D 
  01010405 00038181 00362E1F 31443DAF 2C45727B FD7DB405 0E0736FB 0ADDDAE1 
  C23ADC5B 27E2F93A 2EBC9C6E 0915F9F4 B923DECF 2FF8B0D1 9DD8AA84 FA9773F5 
  9B052BEC DF21246D 0F4F5F59 71A9584B F10550F0 98EB23D9 3ED897CD 6AE95D35 
  71203668 61C23CDE 0940641F 9B6A91E3 C51302CC 7F3F7FFD BCD1B8F3 ECB6451D 
  935F7059 9B543CCA 14
  	quit
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.135.196.1 10.135.196.49
ip dhcp excluded-address 10.135.196.150 10.135.196.254
!
ip dhcp pool RTR001
   import all
   network 10.135.196.0 255.255.255.0
   dns-server 8.8.8.8 
   default-router 10.135.196.1 
!
!
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key X.X.X.X address X.X.X.X
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
!
crypto map SDM_CMAP_1 1 ipsec-isakmp 
 description Tunnel toX.X.X.X
 set peer X.X.X.X
 set transform-set ESP-3DES-SHA 
 match address VPN
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 10.135.196.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname 
 ppp chap password 0 
 ppp pap sent-username  password 0 
 crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
ip access-list extended VPN
 remark SDM_ACL Category=4
 permit ip 10.135.196.0 0.0.0.255 10.124.0.0 0.3.255.255
 permit ip 10.135.196.0 0.0.0.255 10.128.0.0 0.7.255.255
 permit ip 10.135.196.0 0.0.0.255 192.168.251.0 0.0.0.255
 permit ip 10.135.196.0 0.0.0.255 192.168.147.224 0.0.0.31
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.135.196.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny   ip 10.135.196.0 0.0.0.255 192.168.147.224 0.0.0.31
access-list 100 deny   ip 10.135.196.0 0.0.0.255 192.168.251.0 0.0.0.255
access-list 100 deny   ip 10.135.196.0 0.0.0.255 10.128.0.0 0.7.255.255
access-list 100 deny   ip 10.135.196.0 0.0.0.255 10.124.0.0 0.3.255.255
access-list 100 permit ip 10.135.196.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 100
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password X.X.X.X
 login
!
scheduler max-task-time 5000
end

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial