Hi.
I need a Little help, I just got at Cisco 1841 up and running.. I have
a router --> Firewall --> DMZ --> Firewall --> LAN.
I want nothing blocked from the inside, and I want access to my web-
server, remote desktop etc. from the outside.
Right now I am running this config.. But I am not sure if it is the
smartest thing to be running.. Should I be running NAT or routing..
Anyway I can't get true to ether my web-server or remote desktop, even
when I have put my laptop directly on the router.
Please help me with my config. (Commands please.)
Thanks in advance
BCS
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxx
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
ip cef
!
!
!
!
no ip bootp server
ip domain name yourdomain.com
ip name-server XX.XX.XX.XX
ip name-server XX.XX.XX.XX
username admin privilege 15 secret 5 $ xxxxxxxxxxxxxxxxx
!
!
ip tcp synwait-time 10
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE
$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0/1
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.2 3389 interface
FastEthernet0/1 3389
ip nat inside source static tcp 192.168.1.2 80 interface
FastEthernet0/1 80
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
|
Similar Threads
