GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on Petri.com - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

Configure Cisco 1811 Router

Home Forums Networking Cisco Routers & Switches How-to Configure Cisco 1811 Router

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    torszula
    Member
    #129644

    I am having difficulty configuring a Cisco 1811 router. I need web traffic intended for my public IP(55.55.55.55) to allow ports 80,443,and 1723 traffic to a private IP address(192.168.1.2). I also want to NAT internal traffic to the outside interface(55.55.55.55) the router. All other traffic should be denied. Here is what my config looks like now. I have used Cisco PIX in the past for this but it seems the router IOS is a little different.

    interface FastEthernet0
    description $ES_WAN$$FW_OUTSIDE$
    ip address 55.55.55.55 255.255.255.248
    ip access-group 101 in
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect DEFAULT100 out
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface FastEthernet1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    shutdown
    duplex auto
    speed auto
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
    ip address 192.168.1.1 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    interface Async1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation slip
    !
    ip route 0.0.0.0 0.0.0.0 55.55.55.56
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet0 overload
    ip nat inside source static tcp 192.168.1.11 1723 interface FastEthernet0 1723
    ip nat inside source static tcp 192.168.1.8 443 interface FastEthernet0 443
    ip nat inside source static tcp 192.168.1.8 80 interface FastEthernet0 80
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip 55.55.55.55 0.0.0.7 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit udp host 192.168.1.2 eq domain host 76.192.179.21
    access-list 101 permit tcp any 55.55.55.55 eq 1723
    access-list 101 permit tcp any host 55.55.55.55 eq 3389
    access-list 101 permit tcp any host 55.55.55.55 eq smtp
    access-list 101 permit tcp any host 55.55.55.55 eq 443
    access-list 101 permit tcp any host 55.55.55.55 eq www
    access-list 101 deny ip 192.168.1.0 0.0.0.255 any
    access-list 101 permit icmp any host 55.55.55.55 echo-reply
    access-list 101 permit icmp any host 55.55.55.55 time-exceeded
    access-list 101 permit icmp any host 55.55.55.55unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip any any
    no cdp run

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.