Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > bare basic setup of 1700

Reply
Thread Tools

bare basic setup of 1700

 
 
Brian
Guest
Posts: n/a
 
      03-21-2009
If all I need is a bare basic setup on a 1700 that will have another VPN
firewall behind it on 1.2.3.5, will the following setup work? Should I add any
ALCs to this at all?

Thanks...
Brian


version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname router
!
boot-start-marker
boot-end-marker
!
no logging console
enable password 7 XXXXXXXXXXXXXXXXXXXXXXX
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 1.2.3.4 255.255.255.248
speed 100
full-duplex
!
interface Serial0/0
ip address 5.6.7.8 255.255.255.252
encapsulation frame-relay IETF
no ip mroute-cache
no fair-queue
service-module t1 timeslots 1-24
!
interface Serial1/0
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
!
line con 0
exec-timeout 0 0
password 7 XXXXXXXXXXXXXXXXXXXXXXX
line aux 0
login
transport input all
line vty 0 4
password 7 XXXXXXXXXXXXXXXXXXXXXXX
login
line vty 5 15
password 7 XXXXXXXXXXXXXXXXXXXXXXX
login
!
!
end
 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      03-22-2009
On Mar 21, 4:34*pm, Brian <(E-Mail Removed)> wrote:
> If all I need is a bare basic setup on a 1700 that will have another VPN
> firewall behind it on 1.2.3.5, will the following setup work? *Should I add any
> ALCs to this at all?
>
> Thanks...
> Brian
>
> version 12.3
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> service udp-small-servers
> service tcp-small-servers
> !
> hostname router
> !
> boot-start-marker
> boot-end-marker
> !
> no logging console
> enable password 7 XXXXXXXXXXXXXXXXXXXXXXX
> !
> mmi polling-interval 60
> no mmi auto-configure
> no mmi pvc
> mmi snmp-timeout 180
> no aaa new-model
> ip subnet-zero
> ip cef
> !
> !
> !
> no ftp-server write-enable
> !
> !
> !
> !
> interface FastEthernet0/0
> *ip address 1.2.3.4 255.255.255.248
> *speed 100
> *full-duplex
> !
> interface Serial0/0
> *ip address 5.6.7.8 255.255.255.252
> *encapsulation frame-relay IETF
> *no ip mroute-cache
> *no fair-queue
> *service-module t1 timeslots 1-24
> !
> interface Serial1/0
> *no ip address
> *shutdown
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial0/0
> no ip http server
> !
> !
> line con 0
> *exec-timeout 0 0
> *password 7 XXXXXXXXXXXXXXXXXXXXXXX
> line aux 0
> *login
> *transport input all
> line vty 0 4
> *password 7 XXXXXXXXXXXXXXXXXXXXXXX
> *login
> line vty 5 15
> *password 7 XXXXXXXXXXXXXXXXXXXXXXX
> *login
> !
> !
> end


Only thing to watch is whether or not you need NAT. If your 1.2.3.4
subnet is public, this should work fine, and I don't see any reason
for ACLs unless the firewall device has a mgmt port that you want to
disable from the outside world. Base ACLs are also a good idea to
block the private IP address ranges from the internet to hedge
spoofing attacks (192.168.x, 10.x, 172.16.x, etc).

If 1.2.3.4 is not public, then you'll have to NAT it if you have any
desire for the internet to reach the vpn/firewall and whatever is
sitting behind it (definitely NAT behind that I would guess).
 
Reply With Quote
 
 
 
 
Brian
Guest
Posts: n/a
 
      03-24-2009
Trendkill <(E-Mail Removed)> wrote:

|On Mar 21, 4:34*pm, Brian <(E-Mail Removed)> wrote:
|> If all I need is a bare basic setup on a 1700 that will have another VPN
|> firewall behind it on 1.2.3.5, will the following setup work? *Should I add any
|> ALCs to this at all?
|>
|> Thanks...
|> Brian
|>
|> version 12.3
|> service timestamps debug uptime
|> service timestamps log uptime
|> service password-encryption
|> service udp-small-servers
|> service tcp-small-servers
|> !
|> hostname router
|> !
|> boot-start-marker
|> boot-end-marker
|> !
|> no logging console
|> enable password 7 XXXXXXXXXXXXXXXXXXXXXXX
|> !
|> mmi polling-interval 60
|> no mmi auto-configure
|> no mmi pvc
|> mmi snmp-timeout 180
|> no aaa new-model
|> ip subnet-zero
|> ip cef
|> !
|> !
|> !
|> no ftp-server write-enable
|> !
|> !
|> !
|> !
|> interface FastEthernet0/0
|> *ip address 1.2.3.4 255.255.255.248
|> *speed 100
|> *full-duplex
|> !
|> interface Serial0/0
|> *ip address 5.6.7.8 255.255.255.252
|> *encapsulation frame-relay IETF
|> *no ip mroute-cache
|> *no fair-queue
|> *service-module t1 timeslots 1-24
|> !
|> interface Serial1/0
|> *no ip address
|> *shutdown
|> !
|> ip classless
|> ip route 0.0.0.0 0.0.0.0 Serial0/0
|> no ip http server
|> !
|> !
|> line con 0
|> *exec-timeout 0 0
|> *password 7 XXXXXXXXXXXXXXXXXXXXXXX
|> line aux 0
|> *login
|> *transport input all
|> line vty 0 4
|> *password 7 XXXXXXXXXXXXXXXXXXXXXXX
|> *login
|> line vty 5 15
|> *password 7 XXXXXXXXXXXXXXXXXXXXXXX
|> *login
|> !
|> !
|> end
|
|Only thing to watch is whether or not you need NAT. If your 1.2.3.4
|subnet is public, this should work fine, and I don't see any reason
|for ACLs unless the firewall device has a mgmt port that you want to
|disable from the outside world. Base ACLs are also a good idea to
|block the private IP address ranges from the internet to hedge
|spoofing attacks (192.168.x, 10.x, 172.16.x, etc).
|
|If 1.2.3.4 is not public, then you'll have to NAT it if you have any
|desire for the internet to reach the vpn/firewall and whatever is
|sitting behind it (definitely NAT behind that I would guess).

Yes, 1.2.3.4 is a public IP.

Thanks...
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Looking For Bare Bones Computer Not a Hassle Keith Computer Support 4 06-02-2004 07:04 PM
Address bare disappared SA Computer Support 2 05-22-2004 09:31 PM
Procedural ["bare ASP.NET"] versus OOPy ASP.NET parley ASP .Net 13 02-11-2004 01:26 AM
bare bones <div> demo online Richard HTML 20 11-04-2003 09:38 PM
Bare LF Mark Fox ASP .Net 5 08-10-2003 10:59 PM



Advertisments