eraser2002
Technical User
Hi Everyone my first post hope someone can help please
I switched to NO NAT option with my isp, so that i have 5 useable IPs
I configured my 837 and its working fine - i cannot get ACL's to work at all, even trying to follow guides on the internet
As soon as i enabled an incoming list on Ethernet0 it seems to block traffic and nothing works on my Pc's. i tried to put the lists on Ethernet0 or Dialer1
I want to:
allow all outbound
inbound established connections
inbound from a few specific ips like 80.229.1.1
Current configuration : 2492 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
no logging buffered
enable secret 5 $1$budC$KB/NyanNwnypDtDr2UYKY.
!
username router privilege 15 secret 5 $1$uF9P$Amylt32
username CRWS_Prem privilege 15 password 7 041F5A423875787A7
no aaa new-model
ip subnet-zero
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 80.x.x.121 255.255.255.248
ip access-group 102 out
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@domain
ppp chap password 7 13061
ppp pap sent-username user@domain password 7 06050E
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip default-network 0.0.0.0
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http max-connections 4
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
access-list 1 permit any
access-list 101 permit tcp any any established
access-list 101 permit ip any host 85.x.x.176
access-list 102 permit ip any any
access-list 103 permit ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
login local
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end
I switched to NO NAT option with my isp, so that i have 5 useable IPs
I configured my 837 and its working fine - i cannot get ACL's to work at all, even trying to follow guides on the internet
As soon as i enabled an incoming list on Ethernet0 it seems to block traffic and nothing works on my Pc's. i tried to put the lists on Ethernet0 or Dialer1
I want to:
allow all outbound
inbound established connections
inbound from a few specific ips like 80.229.1.1
Current configuration : 2492 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
no logging buffered
enable secret 5 $1$budC$KB/NyanNwnypDtDr2UYKY.
!
username router privilege 15 secret 5 $1$uF9P$Amylt32
username CRWS_Prem privilege 15 password 7 041F5A423875787A7
no aaa new-model
ip subnet-zero
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 80.x.x.121 255.255.255.248
ip access-group 102 out
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@domain
ppp chap password 7 13061
ppp pap sent-username user@domain password 7 06050E
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip default-network 0.0.0.0
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http max-connections 4
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
access-list 1 permit any
access-list 101 permit tcp any any established
access-list 101 permit ip any host 85.x.x.176
access-list 102 permit ip any any
access-list 103 permit ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
login local
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end