Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setup Home Networking

Status
Not open for further replies.

surjitca

Technical User
Nov 7, 2008
11
US
Hi,

I was trying to setup my home network. I do have one cisco 3640 router connected to the PC & other Ethernet port connected to the AT&T Router(Modem) I was wondering if someone can help me to configure cisco router so I can access internet via my pc. I think I need to setup NAT etc.
I am newbie please help me
Thank You in Advance
 
So if you don't have internet access...how did you post this question?
 
Basic NAT setup on Cisco router. (fa0/0=outside fa0/1=inside interfaces)

access-list 1 permit 192.168.1.0 0.0.0.255

int fa0/0
ip nat outside

int fa0/1
ip nat inside

ip nat inside source list 1 interface FastEthernet0/0 overload

this will translate internal hosts (192.168.1.0 255.255.255.0) to the outside interface of the router.
 
looks good. to get the firewall working just need to setup "ip inspect" commands and assign it to the outside interface.

int fa0/0
ip inspect FW out

also create an access-list to deny outside traffic to enter the outside interface, IE:
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log


then assign this ACL 101 to your outside interface

int fa0/0
ip access-group 101 in



then you'll a) block all incoming traffic, b) allow all NAT'd traffic back in and will be inspecting all that traffic to ensure nobody is hacking you.

 
I'd like to add that without CBAC the acl on the outside interface would block return traffic as well...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
No that is not how CBAC works, although it may look that way.

Packets entering the router are inspected by CBAC only if they first pass the inbound ACL. You are not expecting any traffic inbound.

For outbound packets CBAC creates a temporary opening in the ACL. The openings allow returning traffic that would normally be blocking. The traffic is allowed back if it is part of the original session that triggered CBAC on the way out.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top