Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 1720 access-lists

Reply
Thread Tools

Cisco 1720 access-lists

 
 
Nite Rider
Guest
Posts: n/a
 
      11-01-2003
Hi,

I have a VPN server at 10.0.0.200 and xxx.xxx.xxx.xxx is a new ip
address that I am going to get. The router is a cisco 1720 with 12.1
IOS. I have a network 10.0.0.1 that shares the 64.65.xxx.xxx ip
address through NAT. Basically what I want to do is pass vpn traffic
from xxx.xxx.xxx.xxx to 10.0.0.200, along with some tcp ports. Will
the following commands work for the network and VPN. What I don't want
is all data going inside the network to be blocked as then the
internet wouldn't work, just so I can get VPN without leaving my
server wide open. So if this won't work, what will.

enable
configure terminal
interface fa0
ip address xxx.xxx.xxx.xxx 255.255.255.252 secondary (new public ip)
ip address 10.0.0.1 255.255.255.0 (already there)(LAN DHCP w/ NAT)
ip adresss 64.65.xxx.xxx 255.255.255.252 secondary (already there,
public ip used by network)
ip access-group 101 in (will not use if list will work in ip static
nat)
ip nat inside source static 10.0.0.200 xxx.xxx.xxx.xxx (or ip nat
inside source static list 101 10.0.0.200 xxx.xxx.xxx.xxx)
end
configure terminal
access-list 101 permit tcp 10.0.0.200 xxx.xxx.xxx.xxx eq 1723
access-list 101 permit tcp 10.0.0.200 xxx.xxx.xxx.xxx eq 13579 (or
7319)
access-list 101 permit tcp 10.0.0.2 xxx.xxx.xxx.xxx eq 3333 (another
computer that serves TS)
access-list 101 permit gre 10.0.0.200 xxx.xxx.xxx.xxx
access-list 101 deny icmp 10.0.0.200 xxx.xxx.xxx.xxx
access-list 101 deny ip 10.0.0.200 xxx.xxx.xxx.xxx
access-list 101 deny udp 10.0.0.200 xxx.xxx.xxx.xxx
access-list 101 deny tcp 10.0.0.200 xxx.xxx.xxx.xxx
(do I have to allow stuff for the other computers because I didn't
deny the rest of the dhcp so I think not)
end
exit
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Giving Vonage voice packets priority with Cisco 1720 Albert Wiersch Cisco 0 05-14-2004 07:31 PM
Cisco 1720 & WIC 1T Card Cisco 1 04-12-2004 05:32 PM
Cisco 1720 Router/Cisco 1538 Micro Hub for SALE! CHEAP sychial Cisco 0 02-18-2004 09:20 AM
Cisco 1720 Dialup Failover Blech Cisco 1 02-09-2004 11:21 PM
Walkthrough for VPN setup on Cisco 1720 George M. Karaganis Cisco 0 12-12-2003 05:12 PM



Advertisments