OT: 1605 Firewall Issues

From: Muhammed Omar (muhammed_omar@xxxxxxxxxxx)
Date: Mon Sep 10 2001 - 19:14:09 GMT-3

• Next message: Jon Carmichael: "RE: Access lists in traffic shaping"
• Previous message: Chris E. Ericksen: "Re: CCIE #8153"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi Guys

I'm having problems setting up terminal server to be accessibale from the
internet via a Cisco 1605 with the following config. I've stripped the configs
down so that there is no "inspect" or the ACL 101 is applied. It seems that
server with IP address 172.16.255.250 can't even ping the outside world. I
think it is down to NAT issue since nothing else is running in a stripped down
version of the config below.

I've tried IOS: c1600-oy-mz.120-3.T.bin and c1600-oy-mz.120-18.bin. Has
anyone set a 1600 router as firewall? What IOS would you recommend as stable
etc?

Many thanks

fw#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname fw
!
ip subnet-zero
ip inspect name check cuseeme
ip inspect name check ftp
ip inspect name check h323
ip inspect name check http
ip inspect name check rcmd
ip inspect name check realaudio
ip inspect name check smtp
ip inspect name check sqlnet
ip inspect name check streamworks
ip inspect name check tcp
ip inspect name check tftp
ip inspect name check udp
ip inspect name check vdolive
!
!
interface Ethernet0
 ip address 200.1.1.146 255.255.255.240
 ip access-group 101 in
 no ip directed-broadcast
 ip nat outside
 no ip route-cache
 no cdp enable
!
interface Ethernet1
 ip address 172.16.6.100 255.255.0.0
 no ip directed-broadcast
 ip nat inside
 ip inspect check in
 no ip route-cache
 no cdp enable
!
ip nat inside source list 7 interface Ethernet0 overload
ip nat inside source static 172.16.255.250 200.1.1.150
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.1.145
!
access-list 7 deny 172.16.255.250
access-list 7 deny 172.16.6.100
access-list 7 permit 172.16.0.0 0.0.255.255
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any echo
access-list 101 permit tcp any host 200.1.1.146 eq telnet
access-list 101 permit tcp any host 200.1.1.150 eq telnet
no cdp run
!
line con 0
 transport input none
line vty 0 4
 exec-timeout 0 0
 login
!
end

fw#sh flash:

PCMCIA flash directory:
File Length Name/status
  1 2610930 c1600-oy-mz.120-3.T.bin
  2 2407040 c1600-oy-mz.120-18.bin
[5018100 bytes used, 7564812 available, 12582912 total]
12288K bytes of processor board PCMCIA flash (Read/Write)
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Jon Carmichael: "RE: Access lists in traffic shaping"
• Previous message: Chris E. Ericksen: "Re: CCIE #8153"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:16 GMT-3