Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Re: Re: Re: router access control list

From: apaez1084 () gmail com
Date: 6 Nov 2006 14:15:46 -0000
ok the ACL 111 is just a test to see if its actually working. IM going to paste my show run. Im sure is a problem with 
what interface im puting. and weather is in or out. Maybe i still havind understood that concept. But here we go, see 
if someone can help, and ask me anything you want:

Building configuration...

Current configuration : 4825 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CCMRouter
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$0gQb$9PfhDWH7Liv/rqDDX1pLj/
!
username admin password 7 03095200030C2241
username CRWS_Bijoy privilege 15 password 7 08651D0A3E48033656045D0B190E34296661
77405140565603
username CRWS_Venky privilege 15 password 7 00404242330A0D274B2E1D413A3C1516435E
58507E7F7C7B6264
username CRWS_Sangeetha privilege 15 password 7 06425E657B1F0F38411843043F213A2A
757C63617040504F5754
username CRWS_Ulags privilege 15 password 7 0242551F3C570900084158163632020A5F5D
7C7B777F6A6474
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.99
ip dhcp excluded-address 192.168.0.16
ip dhcp excluded-address 192.168.0.15
ip dhcp excluded-address 192.168.0.11
ip dhcp excluded-address 192.168.0.221
!
ip dhcp pool CLIENT
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
no crypto isakmp enable
!
!
!
!
interface Ethernet0
 description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.
255.0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip tcp adjust-mss 1452
 hold-queue 100 out
!
interface ATM0
 no ip address
 atm vc-per-vp 64
 no atm ilmi-keepalive
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
 dsl operating-mode auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer remote-name redback
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname ccmgroup () bellsouth net
 ppp chap password 7 014751530B5A5F58
 ppp pap sent-username ccmgroup () bellsouth net password 7 00504451540A5251
 ppp ipcp dns request
 ppp ipcp wins request
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.99 25 interface Dialer1 25
ip nat inside source static tcp 192.168.0.99 21 interface Dialer1 21
ip nat inside source static tcp 192.168.0.99 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.16 3399 interface Dialer1 3399
ip nat inside source static tcp 192.168.0.99 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.0.15 3391 interface Dialer1 3391
ip nat inside source static tcp 192.168.0.11 7603 interface Dialer1 7603
ip nat inside source static tcp 192.168.0.11 3390 interface Dialer1 3390
ip nat inside source static udp 192.168.0.11 7603 interface Dialer1 7603
ip nat inside source static tcp 192.168.0.99 443 interface Dialer1 443
ip nat inside source static tcp 192.168.0.221 3395 interface Dialer1 3395
ip nat inside source static tcp 192.168.0.11 47281 interface Dialer1 47281
ip nat inside source static udp 192.168.0.11 47281 interface Dialer1 47281
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
!
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 110 permit tcp any any eq www
access-list 110 permit tcp any any eq 3390
access-list 110 permit tcp any any eq 3389
access-list 110 permit tcp any any eq ftp
access-list 110 permit tcp any any eq ftp-data
access-list 110 permit tcp any any eq pop3
access-list 110 permit tcp any any eq smtp
access-list 110 permit tcp any any eq 3399
access-list 110 permit tcp any any eq 3391
access-list 110 permit tcp any any eq 7603
access-list 110 permit tcp any any eq 443
access-list 110 permit tcp any any eq 3395
access-list 110 permit tcp any any eq 47281
access-list 110 permit udp any any eq 47281
access-list 110 permit udp any any eq 7603
access-list 110 permit tcp any any eq 8080
access-list 110 permit tcp any any eq telnet
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq 3390
access-list 111 permit tcp any any eq telnet
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
 exec-timeout 120 0
 no modem enable
 transport preferred all
 transport output all
 stopbits 1
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 login local
 length 0
 transport preferred all
 transport input all
 transport output all
!
scheduler max-task-time 5000
!
end


Thanks For the help!!!


    

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: