1600 as an Internet gateway router!

[mparry]

Hi,

I want to provide Internet access from our office network using a Cisco 1600 router. I haven't purchased the firewall feature set and was wondering if instead access lists could be configured to the job adequately. Internal users must be able to access the Internet + pick up and receive Emails from a ASP hosted Exchange service.

My question is should I try and create access lists to do this, or, will I need to buy the firewall feature set software?

Thanks

Marcus

 

[CaMedic]

My suggestion is to run NAT. if you need items to come from the internet to the inside network, you can use port maping. You can then restrict even further with an access list. I find this works the best for me. If you want to do statefull inspection, then yes you should use the ip firewall IOS. but i find that it is not worth the price on 99% of my install's..

 

[StarTAC]

use NAT, it is easy and works all the time..

a simple configuration:

access-list 1 permit 192.168.0.0 0.0.0.255

ip nat inside source list 1 interface s0 overload

int e0
ip nat inside

int s0
ip nat outside

good luck..

 

[mparry]

Thanks,

So... I can use NAT to translate addresses & permit certain internal IP ranges access to the Internet by using access lists.

What about preventing all but authorised traffic access from the Internet past the router to our LAN. In particular, I must allow connections from the ASP (for hosted Exchnage service) but no one else. The ASP has said ports 2000, 2001, 2002, 135 & 2190 need to be left open.

Any help on how to configure this or where I can find some literature on the subject would be v helpful.

Thanks again.
Marcus