Newbe question Cisco 1710 router!

Discussion in 'Cisco' started by Arben Qarkaxhija, Jul 18, 2003.

  1. Hi all,

    i'm a newbi in cisco router and i'm trying to configure a cisco 1710, who is
    connecting our intern network to a test network.

    The intern network address range is: 192.168.151.0/24 <=> intern
    (FastEthernet0)
    The test network address range is: 192.168.140.0/24 <=> test (Ethernet0)

    What I want to configure is:
    1. access from "intern" to "test" <=> permit all!
    2. access from "test" to "intern" <=> deny all!

    In our Pix Firewall here I can do this with security levels (0 to 100), but
    in the router I don't really find sth. like that till now. Can anyone help
    me?

    Here my configuration:

    TC1710#show conf
    Using 1001 out of 29688 bytes
    !
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname TC1710
    !
    logging queue-limit 100
    enable secret 5 xxxxxxx
    !
    username 1710
    memory-size iomem 25
    ip subnet-zero
    !
    !
    no ip domain lookup
    !
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    !
    crypto map tag local-address Ethernet0
    !
    !
    !
    !
    interface Ethernet0
    description TestCenterNetz
    ip address 192.168.140.250 255.255.255.0
    ip nat outside
    full-duplex
    !
    interface FastEthernet0
    description InterneNetz
    ip address 192.168.151.241 255.255.255.0
    ip nat inside
    speed auto
    !
    router rip
    version 2
    network 192.168.151.0
    no auto-summary
    !
    ip classless
    ip http server
    ip http secure-server
    !
    !
    !
    !
    snmp-server community public RO
    snmp-server enable traps tty
    !
    line con 0
    exec-timeout 0 0
    password 7 yyyyyyy
    login
    line aux 0
    line vty 0 4
    password 7 yyyyyyy
    login
    !
    no scheduler allocate
    end

    TC1710#

    Many thanks in advance.

    Regards
    Beni
     
    Arben Qarkaxhija, Jul 18, 2003
    #1
    1. Advertising

  2. Arben Qarkaxhija

    mrtravel Guest

    Simple way

    1. create the ACL
    2. apply the acl to the interface


    When you enable an ACL on an interface (or vlan) deny all is the default
    , so your enviorment needs to deny access from test to intern, then
    permit all other traffic.

    http://www.cisco.com/en/US/products...on_guide_chapter09186a00800ae127.html#1109098


    Arben Qarkaxhija wrote:
    > Hi all,
    >
    > i'm a newbi in cisco router and i'm trying to configure a cisco 1710, who is
    > connecting our intern network to a test network.
    >
    > The intern network address range is: 192.168.151.0/24 <=> intern
    > (FastEthernet0)
    > The test network address range is: 192.168.140.0/24 <=> test (Ethernet0)
    >
    > What I want to configure is:
    > 1. access from "intern" to "test" <=> permit all!
    > 2. access from "test" to "intern" <=> deny all!
    >
    > In our Pix Firewall here I can do this with security levels (0 to 100), but
    > in the router I don't really find sth. like that till now. Can anyone help
    > me?
    >
    > Here my configuration:
    >
    > TC1710#show conf
    > Using 1001 out of 29688 bytes
    > !
    > version 12.2
    > service timestamps debug datetime msecj
    > service timestamps log datetime msec
    > service password-encryption
    > !
    > hostname TC1710
    > !
    > logging queue-limit 100
    > enable secret 5 xxxxxxx
    > !
    > username 1710
    > memory-size iomem 25
    > ip subnet-zero
    > !
    > !
    > no ip domain lookup
    > !
    > ip audit notify log
    > ip audit po max-events 100
    > !
    > !
    > !
    > !
    > !
    > crypto map tag local-address Ethernet0
    > !
    > !
    > !
    > !
    > interface Ethernet0
    > description TestCenterNetz
    > ip address 192.168.140.250 255.255.255.0
    > ip nat outside
    > full-duplex
    > !
    > interface FastEthernet0
    > description InterneNetz
    > ip address 192.168.151.241 255.255.255.0
    > ip nat inside
    > speed auto
    > !
    > router rip
    > version 2
    > network 192.168.151.0
    > no auto-summary
    > !
    > ip classless
    > ip http server
    > ip http secure-server
    > !
    > !
    > !
    > !
    > snmp-server community public RO
    > snmp-server enable traps tty
    > !
    > line con 0
    > exec-timeout 0 0
    > password 7 yyyyyyy
    > login
    > line aux 0
    > line vty 0 4
    > password 7 yyyyyyy
    > login
    > !
    > no scheduler allocate
    > end
    >
    > TC1710#
    >
    > Many thanks in advance.
    >
    > Regards
    > Beni
    >
    >
     
    mrtravel, Jul 18, 2003
    #2
    1. Advertising

  3. Hi,

    thanks a lot for your answer. I have read this article, but I'm not
    understanding how this access-lists are to be configured for my request.
    I've created an access-group for the Interface Ethernet 0 (ip access-group
    101 in) and then the access-lists that have the name of this group to permit
    or deny (access-list 101 permit 192.168.151.0 192.168.140.0 and access-list
    102 deny 192.168.140.0 192.168.151.0), but this doesn't work.

    Can you please give me an example in connection with my code/configuration?

    Beni

    "mrtravel" <> schrieb im Newsbeitrag
    news:...
    > Simple way
    >
    > 1. create the ACL
    > 2. apply the acl to the interface
    >
    >
    > When you enable an ACL on an interface (or vlan) deny all is the default
    > , so your enviorment needs to deny access from test to intern, then
    > permit all other traffic.
    >
    >

    http://www.cisco.com/en/US/products...on_guide_chapter09186a00800ae127.html#1109098
    >
    >
    > Arben Qarkaxhija wrote:
    > > Hi all,
    > >
    > > i'm a newbi in cisco router and i'm trying to configure a cisco 1710,

    who is
    > > connecting our intern network to a test network.
    > >
    > > The intern network address range is: 192.168.151.0/24 <=> intern
    > > (FastEthernet0)
    > > The test network address range is: 192.168.140.0/24 <=> test (Ethernet0)
    > >
    > > What I want to configure is:
    > > 1. access from "intern" to "test" <=> permit all!
    > > 2. access from "test" to "intern" <=> deny all!
    > >
    > > In our Pix Firewall here I can do this with security levels (0 to 100),

    but
    > > in the router I don't really find sth. like that till now. Can anyone

    help
    > > me?
    > >
    > > Here my configuration:
    > >
    > > TC1710#show conf
    > > Using 1001 out of 29688 bytes
    > > !
    > > version 12.2
    > > service timestamps debug datetime msecj
    > > service timestamps log datetime msec
    > > service password-encryption
    > > !
    > > hostname TC1710
    > > !
    > > logging queue-limit 100
    > > enable secret 5 xxxxxxx
    > > !
    > > username 1710
    > > memory-size iomem 25
    > > ip subnet-zero
    > > !
    > > !
    > > no ip domain lookup
    > > !
    > > ip audit notify log
    > > ip audit po max-events 100
    > > !
    > > !
    > > !
    > > !
    > > !
    > > crypto map tag local-address Ethernet0
    > > !
    > > !
    > > !
    > > !
    > > interface Ethernet0
    > > description TestCenterNetz
    > > ip address 192.168.140.250 255.255.255.0
    > > ip nat outside
    > > full-duplex
    > > !
    > > interface FastEthernet0
    > > description InterneNetz
    > > ip address 192.168.151.241 255.255.255.0
    > > ip nat inside
    > > speed auto
    > > !
    > > router rip
    > > version 2
    > > network 192.168.151.0
    > > no auto-summary
    > > !
    > > ip classless
    > > ip http server
    > > ip http secure-server
    > > !
    > > !
    > > !
    > > !
    > > snmp-server community public RO
    > > snmp-server enable traps tty
    > > !
    > > line con 0
    > > exec-timeout 0 0
    > > password 7 yyyyyyy
    > > login
    > > line aux 0
    > > line vty 0 4
    > > password 7 yyyyyyy
    > > login
    > > !
    > > no scheduler allocate
    > > end
    > >
    > > TC1710#
    > >
    > > Many thanks in advance.
    > >
    > > Regards
    > > Beni
    > >
    > >

    >
     
    Arben Qarkaxhija, Jul 18, 2003
    #3
  4. Arben Qarkaxhija

    Jeff Specoli Guest

    conf t
    access-list 101 permit tcp 192.168.140.0 0.0.0.255 192.168.151.0
    0.0.0.255 established

    access-list 101 deny ip 192.168.140.0 0.0.0.255 192.168.151.0
    0.0.0.255
    access-list 101 permit ip any any

    interface e0
    ip access-group 101 in


    Regards




    mrtravel <> wrote in message news:<>...
    > Simple way
    >
    > 1. create the ACL
    > 2. apply the acl to the interface
    >
    >
    > When you enable an ACL on an interface (or vlan) deny all is the default
    > , so your enviorment needs to deny access from test to intern, then
    > permit all other traffic.
    >
    > http://www.cisco.com/en/US/products...on_guide_chapter09186a00800ae127.html#1109098
    >
    >
    > Arben Qarkaxhija wrote:
    > > Hi all,
    > >
    > > i'm a newbi in cisco router and i'm trying to configure a cisco 1710, who is
    > > connecting our intern network to a test network.
    > >
    > > The intern network address range is: 192.168.151.0/24 <=> intern
    > > (FastEthernet0)
    > > The test network address range is: 192.168.140.0/24 <=> test (Ethernet0)
    > >
    > > What I want to configure is:
    > > 1. access from "intern" to "test" <=> permit all!
    > > 2. access from "test" to "intern" <=> deny all!
    > >
    > > In our Pix Firewall here I can do this with security levels (0 to 100), but
    > > in the router I don't really find sth. like that till now. Can anyone help
    > > me?
    > >
    > > Here my configuration:
    > >
    > > TC1710#show conf
    > > Using 1001 out of 29688 bytes
    > > !
    > > version 12.2
    > > service timestamps debug datetime msecj
    > > service timestamps log datetime msec
    > > service password-encryption
    > > !
    > > hostname TC1710
    > > !
    > > logging queue-limit 100
    > > enable secret 5 xxxxxxx
    > > !
    > > username 1710
    > > memory-size iomem 25
    > > ip subnet-zero
    > > !
    > > !
    > > no ip domain lookup
    > > !
    > > ip audit notify log
    > > ip audit po max-events 100
    > > !
    > > !
    > > !
    > > !
    > > !
    > > crypto map tag local-address Ethernet0
    > > !
    > > !
    > > !
    > > !
    > > interface Ethernet0
    > > description TestCenterNetz
    > > ip address 192.168.140.250 255.255.255.0
    > > ip nat outside
    > > full-duplex
    > > !
    > > interface FastEthernet0
    > > description InterneNetz
    > > ip address 192.168.151.241 255.255.255.0
    > > ip nat inside
    > > speed auto
    > > !
    > > router rip
    > > version 2
    > > network 192.168.151.0
    > > no auto-summary
    > > !
    > > ip classless
    > > ip http server
    > > ip http secure-server
    > > !
    > > !
    > > !
    > > !
    > > snmp-server community public RO
    > > snmp-server enable traps tty
    > > !
    > > line con 0
    > > exec-timeout 0 0
    > > password 7 yyyyyyy
    > > login
    > > line aux 0
    > > line vty 0 4
    > > password 7 yyyyyyy
    > > login
    > > !
    > > no scheduler allocate
    > > end
    > >
    > > TC1710#
    > >
    > > Many thanks in advance.
    > >
    > > Regards
    > > Beni
    > >
    > >
     
    Jeff Specoli, Jul 18, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dryd(takethisout)

    Mozilla newbe mail settings question

    dryd(takethisout), Sep 4, 2004, in forum: Firefox
    Replies:
    16
    Views:
    632
  2. Ole Vik
    Replies:
    0
    Views:
    1,633
    Ole Vik
    Jul 8, 2003
  3. news.connect.com.au
    Replies:
    0
    Views:
    844
    news.connect.com.au
    Nov 25, 2003
  4. Paul Stewart

    VPN Problems 1710 to 1710 via ADSL

    Paul Stewart, Dec 5, 2003, in forum: Cisco
    Replies:
    1
    Views:
    4,159
    Phillip Remaker
    Dec 5, 2003
  5. Sam
    Replies:
    6
    Views:
    5,603
Loading...

Share This Page