Cisco 1720 access-lists

Discussion in 'Cisco' started by Nite Rider, Nov 1, 2003.

  1. Nite Rider

    Nite Rider Guest

    Hi,

    I have a VPN server at 10.0.0.200 and xxx.xxx.xxx.xxx is a new ip
    address that I am going to get. The router is a cisco 1720 with 12.1
    IOS. I have a network 10.0.0.1 that shares the 64.65.xxx.xxx ip
    address through NAT. Basically what I want to do is pass vpn traffic
    from xxx.xxx.xxx.xxx to 10.0.0.200, along with some tcp ports. Will
    the following commands work for the network and VPN. What I don't want
    is all data going inside the network to be blocked as then the
    internet wouldn't work, just so I can get VPN without leaving my
    server wide open. So if this won't work, what will.

    enable
    configure terminal
    interface fa0
    ip address xxx.xxx.xxx.xxx 255.255.255.252 secondary (new public ip)
    ip address 10.0.0.1 255.255.255.0 (already there)(LAN DHCP w/ NAT)
    ip adresss 64.65.xxx.xxx 255.255.255.252 secondary (already there,
    public ip used by network)
    ip access-group 101 in (will not use if list will work in ip static
    nat)
    ip nat inside source static 10.0.0.200 xxx.xxx.xxx.xxx (or ip nat
    inside source static list 101 10.0.0.200 xxx.xxx.xxx.xxx)
    end
    configure terminal
    access-list 101 permit tcp 10.0.0.200 xxx.xxx.xxx.xxx eq 1723
    access-list 101 permit tcp 10.0.0.200 xxx.xxx.xxx.xxx eq 13579 (or
    7319)
    access-list 101 permit tcp 10.0.0.2 xxx.xxx.xxx.xxx eq 3333 (another
    computer that serves TS)
    access-list 101 permit gre 10.0.0.200 xxx.xxx.xxx.xxx
    access-list 101 deny icmp 10.0.0.200 xxx.xxx.xxx.xxx
    access-list 101 deny ip 10.0.0.200 xxx.xxx.xxx.xxx
    access-list 101 deny udp 10.0.0.200 xxx.xxx.xxx.xxx
    access-list 101 deny tcp 10.0.0.200 xxx.xxx.xxx.xxx
    (do I have to allow stuff for the other computers because I didn't
    deny the rest of the dhcp so I think not)
    end
    exit
    Nite Rider, Nov 1, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sychial
    Replies:
    0
    Views:
    600
    sychial
    Feb 18, 2004
  2. Anna
    Replies:
    3
    Views:
    3,139
  3. Tarek Hamdy
    Replies:
    7
    Views:
    2,912
    Tarek Hamdy
    Sep 16, 2004
  4. Michiel van der Kraats

    Cisco 2950 with Standard image and Access Lists

    Michiel van der Kraats, Sep 7, 2005, in forum: Cisco
    Replies:
    0
    Views:
    464
    Michiel van der Kraats
    Sep 7, 2005
  5. VWWall

    Lists of Lists

    VWWall, Oct 20, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    481
    VWWall
    Oct 21, 2004
Loading...

Share This Page