Hello,
I'm facing 2 pbs with my configuration Description of the situation : A cisco2611 (2ethernet ports) with an Adsl modem ethernet(which is permanently authentified by the ISP) on the Ethernet0/1 but the internet address is given to the Cisco2611 by DHCP : the Cisco2611 is a DHCP client for the wan The cisco 2611 is a DHCP server for the Lan and act as a firewall and a nat router to permit access to "all internet" for the lan and protect the lan .
I test this configuration (see below) with the scan port of gibson research and it works pretty well.
BUT (there is always a but...)
1) First problem (you can see after the config file below): To have the ip from the ISP , I must shut the interface ethernet0/1 , do : no ip access-group 102 in no shut the interface and make a : ip access-group 102 inThat's not very cool..... What i am missing in my access-list ?
2)Second pb I want to access with my notebook from internet to the lan : i wan't to use dyndns.org... but it seems that the cisco don't have the ddns feature... How can i do ?3)Third : I want to open in both sides a specific port to access to a specific host from my laptop from internet. Say for example : I wan't to permit traffic on ports 5555 (tcp and udp) and 6666(tcp and udp) , how must i change my config below to permit it. I tried many various of my access-lists without success. Can you help me ?
Thanks a lot Sam
******** Password: toto.free.fr#show run Building configuration...Current configuration : 2299 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname toto.free.fr ! boot-start-marker boot-end-marker ! enable password 7 xxxxxxx ! no aaa new-model ip subnet-zero no ip source-route ip cef ! ! no ip domain lookup ip dhcp excluded-address 192.168.0.1 192.168.0.200 ip dhcp excluded-address 192.168.0.210 192.168.0.254 ! ip dhcp pool 1 network 192.168.0.0 255.255.255.0 default-router 192.168.0.244 dns-server 212.27.32.177 194.149.160.9 ! no ip bootp server ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 ftp ip audit notify log ip audit po max-events 100 ip dhcp-client network-discovery informs 2 discovers 2 period 15 no ftp-server write-enable ! ! ! ! interface Null0 no ip unreachables ! interface Ethernet0/0 description connected to EthernetLAN ip address 192.168.0.244 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside half-duplex ! interface Ethernet0/1 description connected to Internet ip address dhcp ip access-group 102 in no ip proxy-arp ip nat outside ip inspect DEFAULT100 out half-duplex no cdp enable ! router rip version 1 passive-interface Ethernet0/1 network 192.168.0.0 no auto-summary ! ip nat inside source list 1 interface Ethernet0/1 overload no ip http server ip classless ! ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 102 permit udp any any eq domain access-list 102 deny ip 192.0.0.0 0.255.255.255 any access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable snmp-server community public RO 1 snmp-server enable traps tty banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user! ****** Acces reserve - Deconnectez vous immediatement ****!^C ! line con 0 exec-timeout 0 0 password 7 xxxxxxx login line aux 0 line vty 0 4 access-class 1 in password 7 xxxxxxx login ! ! ! end
toto.free.fr#
00:05:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up toto.free.fr#configure t Enter configuration commands, one per line. End with CNTL/Z. toto.free.fr(config)#interface ethernet0/1 toto.free.fr(config-if)#shut toto.free.fr(config-if)#no shut 00:05:45: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down toto.free.fr(config-if)#no shut toto.free.fr(config-if)#no ip acc toto.free.fr(config-if)#no ip accetoto.free.fr(config-if)#no shut
00:05:58: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up 00:05:59: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed stat toto.free.fr(config-if)#no ip access-group 102 in toto.free.fr(config-if)#shut toto.free.fr(config-if)#no shut toto.free.fr(config-if)# 00:06:55: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 62.147.X.X, mask 255.255.255.0, hostname toto.free.frtoto.free.fr(config-if)#ip acces toto.free.fr(config-if)#ip access-group 102 in toto.free.fr(config-if)#^Z toto.free.fr#
00:07:14: %SYS-5-CONFIG_I: Configured from console by console