Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setup Home Networking

Status
Not open for further replies.
surjitca

surjitca

Technical User
Nov 7, 2008
11
0
0
US
Hi,

I was trying to setup my home network. I do have one cisco 3640 router connected to the PC & other Ethernet port connected to the AT&T Router(Modem) I was wondering if someone can help me to configure cisco router so I can access internet via my pc. I think I need to setup NAT etc.
I am newbie please help me
Thank You in Advance
 
Sort by date Sort by votes
So if you don't have internet access...how did you post this question?
 
Upvote 0 Downvote
Basic NAT setup on Cisco router. (fa0/0=outside fa0/1=inside interfaces)

access-list 1 permit 192.168.1.0 0.0.0.255

int fa0/0
ip nat outside

int fa0/1
ip nat inside

ip nat inside source list 1 interface FastEthernet0/0 overload

this will translate internal hosts (192.168.1.0 255.255.255.0) to the outside interface of the router.
 
Upvote 0 Downvote
looks good. to get the firewall working just need to setup "ip inspect" commands and assign it to the outside interface.

int fa0/0
ip inspect FW out

also create an access-list to deny outside traffic to enter the outside interface, IE:
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log


then assign this ACL 101 to your outside interface

int fa0/0
ip access-group 101 in



then you'll a) block all incoming traffic, b) allow all NAT'd traffic back in and will be inspecting all that traffic to ensure nobody is hacking you.

 
Upvote 0 Downvote
I'd like to add that without CBAC the acl on the outside interface would block return traffic as well...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
No that is not how CBAC works, although it may look that way.

Packets entering the router are inspected by CBAC only if they first pass the inbound ACL. You are not expecting any traffic inbound.

For outbound packets CBAC creates a temporary opening in the ACL. The openings allow returning traffic that would normally be blocking. The traffic is allowed back if it is part of the original session that triggered CBAC on the way out.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
69
hairlessupportmonkey
hairlessupportmonkey
basball
  • Locked
  • Question
VLAN Setup
Replies
0
Views
29
basball
basball
rod602
  • Locked
  • Question
Cisco ASA 5512 on demand apple ios setup
Replies
0
Views
35
rod602
rod602
anoble1
  • Locked
  • Question
Need help setting up PIX 515 for home use along with DMZ PS4 configuration
Replies
0
Views
37
anoble1
anoble1
Blue407
  • Locked
  • Question
Home network hacked?
Replies
9
Views
64
Noway2
Noway2

Part and Inventory Search

Sponsor

Back
Top