maxcolmer25
Technical User
Hi,
I have a Cisco 1721 with BRI interface
I have been asked to stop an ISDN line coming up after business hours and weekends. We suspect that DNS is trying to update itself and thus bringing up line. To resolve this i thought a time based access list would solve this solution. Do i need to set clock on router in order for time based access lists to work(i imagine i do) and also how do i configure this access correctly? the only ports i need open are 25,80,53.
I also need to NAT port 25 and 80 which i have tried to do but after installing router onto network web worked fine but could not get external mail in.
Here is copy of config i tried to use
Any help greatly appreciated.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Kilxxxn
!
enable password 7 0411000F03324D5C5B495544
!
ip subnet-zero
no ip domain-lookup
!
isdn switch-type basic-net3
!
!
!
interface BRI0
description connected to Internet
no ip address
ip nat outside
encapsulation ppp
dialer rotary-group 1
dialer-group 1
isdn switch-type basic-net3
no cdp enable
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip access-group kilsaran out
ip nat inside
speed auto
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
description connected to Internet
ip address 193.120.x.118 255.255.255.0
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 180
dialer string 91891133133
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname kxxxsixdn
ppp chap password 7 046E1156180F414F50
ppp pap sent-username kilsisdn password 7 1527115C1304262571
!
router rip
version 2
passive-interface Dialer1
network 192.168.1.0
no auto-summary
!
ip nat pool Kilsisdn-natpool-0 193.120.23.118 193.120.x.118 netmask 255.255.255
.0
ip nat inside source list 1 pool Kilsisdn-natpool-0 overload
ip nat inside source static tcp 192.168.1.1 25 193.120.23.118 25 extendable
ip nat inside source static tcp 192.168.1.1 80 193.120.23.118 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
ip access-list extended Kilsaran
permit ip any any
ip access-list extended kilsaran
permit ip any any time-range clonee
deny ip any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 086B4747050A0405405B5C57
logging synchronous
login
line aux 0
line vty 0 4
password 7 0411000F03324D5C5B495544
login
!
no scheduler allocate
time-range Clonee
periodic weekdays 8:00 to 19:00
!
end
I have a Cisco 1721 with BRI interface
I have been asked to stop an ISDN line coming up after business hours and weekends. We suspect that DNS is trying to update itself and thus bringing up line. To resolve this i thought a time based access list would solve this solution. Do i need to set clock on router in order for time based access lists to work(i imagine i do) and also how do i configure this access correctly? the only ports i need open are 25,80,53.
I also need to NAT port 25 and 80 which i have tried to do but after installing router onto network web worked fine but could not get external mail in.
Here is copy of config i tried to use
Any help greatly appreciated.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Kilxxxn
!
enable password 7 0411000F03324D5C5B495544
!
ip subnet-zero
no ip domain-lookup
!
isdn switch-type basic-net3
!
!
!
interface BRI0
description connected to Internet
no ip address
ip nat outside
encapsulation ppp
dialer rotary-group 1
dialer-group 1
isdn switch-type basic-net3
no cdp enable
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip access-group kilsaran out
ip nat inside
speed auto
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
description connected to Internet
ip address 193.120.x.118 255.255.255.0
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 180
dialer string 91891133133
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname kxxxsixdn
ppp chap password 7 046E1156180F414F50
ppp pap sent-username kilsisdn password 7 1527115C1304262571
!
router rip
version 2
passive-interface Dialer1
network 192.168.1.0
no auto-summary
!
ip nat pool Kilsisdn-natpool-0 193.120.23.118 193.120.x.118 netmask 255.255.255
.0
ip nat inside source list 1 pool Kilsisdn-natpool-0 overload
ip nat inside source static tcp 192.168.1.1 25 193.120.23.118 25 extendable
ip nat inside source static tcp 192.168.1.1 80 193.120.23.118 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
ip access-list extended Kilsaran
permit ip any any
ip access-list extended kilsaran
permit ip any any time-range clonee
deny ip any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 086B4747050A0405405B5C57
logging synchronous
login
line aux 0
line vty 0 4
password 7 0411000F03324D5C5B495544
login
!
no scheduler allocate
time-range Clonee
periodic weekdays 8:00 to 19:00
!
end