1. Home
  2. Cisco Systems
  3. Access Listi

Access Listi

Hi all i have to implement some access list on a 1720

Now i explain my problem I have to allow all user to browse the web,HTTP, FTP, Telnet, DNS, etc More from a single host,10.10.10.101, i have to enable some ports for the traffic inbound and outbound of a sigle pubblic ip (80.207.109.110) nad we suppose that these ports are 80,389,443,2560, ecc To do this i make two access list on the router (101 and 102) Now i whant to ask you if the configuration of the router is right

thanks all Gian Paolo

Using 1508 out of 29688 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable password xxxxxxxxx ! username xxxxxx password 0 xxxxxx memory-size iomem 25 ip subnet-zero ! ! ! ! interface FastEthernet0 ip address (IP PUBBLICO) 255.255.255.248 secondary ip address 10.10.10.1 255.255.255.0 ip access-group 102 in ip access-group 101 out ip nat inside no keepalive speed auto ! interface Serial0 no ip address encapsulation frame-relay IETF ! interface Serial0.1 point-to-point ip address XX.XX.XX.XX 255.255.255.252 ip nat outside frame-relay interface-dlci xx IETF ! ip nat pool Internet xx.xx.xxx.xxx xx.xx.xx.xx netmask 255.255.255.248 ip nat inside source list 1 pool Internet overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0.1 no ip http server ! ! access-list 1 permit 10.10.10.0 0.0.0.255 access-list 102 remark ------- accesso dalla intranet ---------------- access-list 102 permit tcp any any eq www access-list 102 permit tcp any any eq telnet access-list 102 permit tcp any any eq ftp access-list 102 permit tcp any any eq pop3 access-list 102 permit tcp any any eq smtp access-list 102 permit tcp any any eq 443 access-list 102 permit udp any any eq 443 access-list 102 permit udp any any eq 23 access-list 102 permit udp any any eq 21 access-list 102 permit udp any any eq domain access-list 102 permit udp any any eq 110 access-list 102 permit udp any any eq 25 access-list 102 permit tcp any any eq domain access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq

80 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 389 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 443 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 2560 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 7001 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 7002 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 8080 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 8081 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 8082 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 8083 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 8084 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 8090 access-list 102 permit ip 10.10.10.101 0.0.0.255 80.207.109.110 0.0.0.255 eq 8091 access-list 102 deny ip any any access-list 101 remark ------- accesso da internet ---------------- access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq telnet access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq pop3 access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any any eq 443 access-list 101 permit udp any any eq 443 access-list 101 permit udp any any eq 23 access-list 101 permit udp any any eq 21 access-list 101 permit udp any any eq domain access-list 101 permit udp any any eq 110 access-list 101 permit udp any any eq 25 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 80 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 389 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 443 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 2560 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 7001 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 7002 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 8080 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 8081 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 8082 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 8083 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 8084 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 8090 access-list 101 permit ip 80.207.109.110 0.0.0.255 10.10.10.101 0.0.0.255 eq 8091 access-list 101 permit tcp any any eq domain

! line con 0 line aux 0 line vty 0 4 login local ! end

Reply to
spooke
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.