Security Basics mailing list archives
RE: Re: Re: Re: Re: router access control list
From: "Dixon, Wayne" <wcdixo () aurora lib il us>
Date: Mon, 6 Nov 2006 11:41:51 -0600
Here's the actual readable show run from apaez1084 Building configuration... Current configuration : 4825 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname CCMRouter ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 $1$0gQb$9PfhDWH7Liv/rqDDX1pLj/ ! username admin password 7 03095200030C2241 username CRWS_Bijoy privilege 15 password 7 08651D0A3E48033656045D0B190E34296661 77405140565603 username CRWS_Venky privilege 15 password 7 00404242330A0D274B2E1D413A3C1516435E 58507E7F7C7B6264 username CRWS_Sangeetha privilege 15 password 7 06425E657B1F0F38411843043F213A2A 757C63617040504F5754 username CRWS_Ulags privilege 15 password 7 0242551F3C570900084158163632020A5F5D 7C7B777F6A6474 no aaa new-model ip subnet-zero ip dhcp excluded-address 192.168.0.1 ip dhcp excluded-address 192.168.0.99 ip dhcp excluded-address 192.168.0.16 ip dhcp excluded-address 192.168.0.15 ip dhcp excluded-address 192.168.0.11 ip dhcp excluded-address 192.168.0.221 ! ip dhcp pool CLIENT import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 lease 0 2 ! ! ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable no scripting tcl init no scripting tcl encdir ! ! ! no crypto isakmp enable ! ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:192.168.0.1-255.255. 255.0 ip address 192.168.0.1 255.255.255.0 ip nat inside ip tcp adjust-mss 1452 hold-queue 100 out ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive pvc 8/35 pppoe-client dial-pool-number 1 ! dsl operating-mode auto ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer remote-name redback dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname ccmgroup () bellsouth net ppp chap password 7 014751530B5A5F58 ppp pap sent-username ccmgroup () bellsouth net password 7 00504451540A5251 ppp ipcp dns request ppp ipcp wins request ! ip nat inside source list 102 interface Dialer1 overload ip nat inside source static tcp 192.168.0.99 25 interface Dialer1 25 ip nat inside source static tcp 192.168.0.99 21 interface Dialer1 21 ip nat inside source static tcp 192.168.0.99 80 interface Dialer1 80 ip nat inside source static tcp 192.168.0.16 3399 interface Dialer1 3399 ip nat inside source static tcp 192.168.0.99 3389 interface Dialer1 3389 ip nat inside source static tcp 192.168.0.15 3391 interface Dialer1 3391 ip nat inside source static tcp 192.168.0.11 7603 interface Dialer1 7603 ip nat inside source static tcp 192.168.0.11 3390 interface Dialer1 3390 ip nat inside source static udp 192.168.0.11 7603 interface Dialer1 7603 ip nat inside source static tcp 192.168.0.99 443 interface Dialer1 443 ip nat inside source static tcp 192.168.0.221 3395 interface Dialer1 3395 ip nat inside source static tcp 192.168.0.11 47281 interface Dialer1 47281 ip nat inside source static udp 192.168.0.11 47281 interface Dialer1 47281 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server no ip http secure-server ! ! access-list 23 permit 192.168.0.0 0.0.0.255 access-list 23 permit 10.10.10.0 0.0.0.255 access-list 100 permit ip 192.168.0.0 0.0.255.255 any access-list 102 permit ip 192.168.0.0 0.0.0.255 any access-list 110 permit tcp any any eq www access-list 110 permit tcp any any eq 3390 access-list 110 permit tcp any any eq 3389 access-list 110 permit tcp any any eq ftp access-list 110 permit tcp any any eq ftp-data access-list 110 permit tcp any any eq pop3 access-list 110 permit tcp any any eq smtp access-list 110 permit tcp any any eq 3399 access-list 110 permit tcp any any eq 3391 access-list 110 permit tcp any any eq 7603 access-list 110 permit tcp any any eq 443 access-list 110 permit tcp any any eq 3395 access-list 110 permit tcp any any eq 47281 access-list 110 permit udp any any eq 47281 access-list 110 permit udp any any eq 7603 access-list 110 permit tcp any any eq 8080 access-list 110 permit tcp any any eq telnet access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq 3390 access-list 111 permit tcp any any eq telnet dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 access-class 23 in exec-timeout 120 0 login local length 0 transport preferred all transport input all transport output all ! scheduler max-task-time 5000 ! end Wayne -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of apaez1084 () gmail com Sent: Monday, November 06, 2006 8:16 AM To: security-basics () securityfocus com Subject: Re: Re: Re: Re: Re: router access control list ok the ACL 111 is just a test to see if its actually working. IM going to paste my show run. Im sure is a problem with what interface im puting. and weather is in or out. Maybe i still havind understood that concept. But here we go, see if someone can help, and ask me anything you want: Building configuration... Current configuration : 4825 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname CCMRouter ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 $1$0gQb$9PfhDWH7Liv/rqDDX1pLj/ ! username admin password 7 03095200030C2241 username CRWS_Bijoy privilege 15 password 7 08651D0A3E48033656045D0B190E34296661 77405140565603 username CRWS_Venky privilege 15 password 7 00404242330A0D274B2E1D413A3C1516435E 58507E7F7C7B6264 username CRWS_Sangeetha privilege 15 password 7 06425E657B1F0F38411843043F213A2A 757C63617040504F5754 username CRWS_Ulags privilege 15 password 7 0242551F3C570900084158163632020A5F5D 7C7B777F6A6474 no aaa new-model ip subnet-zero ip dhcp excluded-address 192.168.0.1 ip dhcp excluded-address 192.168.0.99 ip dhcp excluded-address 192.168.0.16 ip dhcp excluded-address 192.168.0.15 ip dhcp excluded-address 192.168.0.11 ip dhcp excluded-address 192.168.0.221 ! ip dhcp pool CLIENT import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 lease 0 2 ! ! ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable no scripting tcl init no scripting tcl encdir ! ! ! no crypto isakmp enable ! ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:192.168.0.1-255.255. 255.0 ip address 192.168.0.1 255.255.255.0 ip nat inside ip tcp adjust-mss 1452 hold-queue 100 out ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive pvc 8/35 pppoe-client dial-pool-number 1 ! dsl operating-mode auto ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer remote-name redback dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname ccmgroup () bellsouth net ppp chap password 7 014751530B5A5F58 ppp pap sent-username ccmgroup () bellsouth net password 7 00504451540A5251 ppp ipcp dns request ppp ipcp wins request ! ip nat inside source list 102 interface Dialer1 overload ip nat inside source static tcp 192.168.0.99 25 interface Dialer1 25 ip nat inside source static tcp 192.168.0.99 21 interface Dialer1 21 ip nat inside source static tcp 192.168.0.99 80 interface Dialer1 80 ip nat inside source static tcp 192.168.0.16 3399 interface Dialer1 3399 ip nat inside source static tcp 192.168.0.99 3389 interface Dialer1 3389 ip nat inside source static tcp 192.168.0.15 3391 interface Dialer1 3391 ip nat inside source static tcp 192.168.0.11 7603 interface Dialer1 7603 ip nat inside source static tcp 192.168.0.11 3390 interface Dialer1 3390 ip nat inside source static udp 192.168.0.11 7603 interface Dialer1 7603 ip nat inside source static tcp 192.168.0.99 443 interface Dialer1 443 ip nat inside source static tcp 192.168.0.221 3395 interface Dialer1 3395 ip nat inside source static tcp 192.168.0.11 47281 interface Dialer1 47281 ip nat inside source static udp 192.168.0.11 47281 interface Dialer1 47281 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server no ip http secure-server ! ! access-list 23 permit 192.168.0.0 0.0.0.255 access-list 23 permit 10.10.10.0 0.0.0.255 access-list 100 permit ip 192.168.0.0 0.0.255.255 any access-list 102 permit ip 192.168.0.0 0.0.0.255 any access-list 110 permit tcp any any eq www access-list 110 permit tcp any any eq 3390 access-list 110 permit tcp any any eq 3389 access-list 110 permit tcp any any eq ftp access-list 110 permit tcp any any eq ftp-data access-list 110 permit tcp any any eq pop3 access-list 110 permit tcp any any eq smtp access-list 110 permit tcp any any eq 3399 access-list 110 permit tcp any any eq 3391 access-list 110 permit tcp any any eq 7603 access-list 110 permit tcp any any eq 443 access-list 110 permit tcp any any eq 3395 access-list 110 permit tcp any any eq 47281 access-list 110 permit udp any any eq 47281 access-list 110 permit udp any any eq 7603 access-list 110 permit tcp any any eq 8080 access-list 110 permit tcp any any eq telnet access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq 3390 access-list 111 permit tcp any any eq telnet dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 access-class 23 in exec-timeout 120 0 login local length 0 transport preferred all transport input all transport output all ! scheduler max-task-time 5000 ! end Thanks For the help!!! ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Re: Re: router access control list apaez1084 (Nov 01)
- RE: Re: Re: router access control list Erick Jensen (Nov 03)
- <Possible follow-ups>
- Re: Re: Re: Re: router access control list apaez1084 (Nov 03)
- Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 06)
- RE: Re: Re: Re: Re: router access control list David Gillett (Nov 07)
- RE: Re: Re: Re: router access control list Erick Jensen (Nov 06)
- Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 06)
- RE: Re: Re: Re: Re: router access control list Dixon, Wayne (Nov 06)
- Re: Re: Re: Re: Re: Re: router access control list emptybeerkann (Nov 06)
- Re: Re: Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 07)
- RE: Re: Re: Re: Re: Re: Re: router access control list David Gillett (Nov 07)
- RE: Re: Re: Re: Re: router access control list Erick Jensen (Nov 07)