Go Back   Technibble Forums > Technical Discussions > Networking
Reload this Page Cisco ios
Register FAQ Forum Rules Search Today's Posts Mark Forums Read

  Technibble Sponsor

Reply
Page 4 of 4 « First 23 4
 
Thread Tools Display Modes
  #31  
Old 02-24-2009, 12:41 AM
Flyingbull's Avatar
Flyingbull Flyingbull is offline
 
Join Date: Feb 2009
Location: Holly Springs, NC
Posts: 137
Flyingbull is an unknown quantity at this point
Send a message via MSN to Flyingbull Send a message via Skype™ to Flyingbull
Default
Quote:
Originally Posted by thecoldone06 View Post
Check out this site:

http://www.networkclue.com/routing/C...sts/index.aspx

Very nice explanation of ACL's. Also at the bottom is a continuation on applying them. According to that article, check out the below and see what you think.

Code:
access-list 100 permit ip 192.168.10.0 0.0.0.255 any 
            #allows all internal network traffic out of router

access-list 101 permit tcp any 192.168.10.0 0.0.0.255 established
           #Allows established connections from outside back in     
             (originated internally)

access-list 101 permit tcp any any eq telnet    #need this for my access
access-list 101 permit udp any any eq 23	        #Active FTP
access-list 101 permit tcp any eq ftp-data any  #Active FTP
access-list 101 permit tcp any any eq ftp       #FTP
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq 143	
access-list 101 permit tcp any any eq 587	#smtp
access-list 101 permit tcp any any eq 3000	#Web-e-mail
access-list 101 permit tcp any any eq 3389	#RDP
access-list 101 permit udp any any eq 3389	#RDP
access-list 101 permit tcp any any eq 5631	#PCA
access-list 101 permit udp any any eq 5632	#PCA
access-list 101 deny   ip any any

interface Serial0/0/0
 description T1 line #1
 ip address 1xx.xxx.198.xxx 255.255.255.252
 ip access-group 101 in
 ip access-group 100 out
 ip nat outside
!
interface Serial0/1/0
 description T1 line #2
 ip address 1xx.xxx.198.xxx 255.255.255.252
 ip access-group 101 in
 ip access-group 100 out
 ip nat outside
!
I took out the following:

access-list 101 permit udp any any
#shouldn't need this

Then on the serial interfaces iv made the access group 100 outbound. I'm not a NAT guru so im not positive list 100 is even being applied. Thill for sure allow the traffic out. What do ya think?

When I was reading up on IOS, I found it odd that in the interface section list 100 was never mentioned. (or orginally list 1). I was thinking that might be the problem, lack of experience has been my road block on this, I wasn't sure if it was referenced by the Nat statement indirectly or not, since the nat defines it in the pool overload statement.
__________________

[SIZE="1"]Michael L.White Consulting (919) 285-8313
michael@flyingbullsoftware.com
[/SIZE]
Reply With Quote
Reply
Page 4 of 4 « First 23 4

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:57 PM.

Contact Us - Technibble - Archive - Top

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.