WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
RIPv2 is on all Routers. I just want to know what router gets the ACLs
I have most of the commands down I just need to know where to put them.
Configuring Access Control List:
-To allow telnet to R1 & R3 from R2 only
access-list 101 permit tcp ip? eq telnet
access-list 101 permit tcp ip? eq telnet Whose IP would I use?^
-Do not allow HTTP, Telnet, and FTP traffic from the internet(There is a internet cloud off of R2) to PC1
access-list 102 deny tcp any eq 80 host 10.0.0.10
access-list 102 deny tcp any eq 23 host 10.0.0.10
access-list 102 deny tcp any eq 21 host 10.0.0.10
access-list 102 deny tcp any eq 20 host 10.0.0.10 What router do I put those on?^ This is a Extended ACL
-Do not allow PC1 to receive traffic from the 10.0.0.128/25 network
access-list 102 deny tcp 10.0.0.1 0.0.0.127 host 10.0.0.10
Which router would I put this on?
**After these ACLs PC3 should not ping PC1 still can ping the default gateway of PC1-10.0.0.1
Configuring NAT:
-Allow PC3 to ping PC1
Where am I configuring NAT?
Last edited by itsbaxagain; 27th April 2009 at 15:45.
Reason: I some wrong info in the ACL part
Didn't find the information you thought to find? Check out these Similar Threads
Alright I have got all the ACL stuff done. Here is what I got for the ACLs
Step 1: Allow telnet login to R1 & R3 from only R3 R1
access-list 101 permit tcp 172.16.0.2 0.0.0.3 172.16.0.1 0.0.0.3 eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
*Then I have to apply it to the interfaces:
interface s0/0/0
ip access-group 101 in
exit
interface s0/0/1
ip access-group 101 in R3:
access-list 101 permit tcp 172.16.0.5 0.0.0.3 172.16.0.6 0.0.0.3 eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
*Then I have to apply it to the interfaces:
interface s0/0/1
ip access-group 101 in
exit
interface s0/0/0
ip access-group 101 in
exit
Step 2: Do not allow HTTP, Telnet, and FTP traffic from the Internet to PC1 R1:
access-list 102 deny tcp any eq 80 host 10.0.0.10
access-list 102 deny tcp any eq 23 host 10.0.0.10
access-list 102 deny tcp any eq 21 host 10.0.0.10
access-list 102 deny tcp any eq 20 host 10.0.0.10
access-list 102 permit ip any any
*Then I have to apply the ACL to the interface
interface fa0/1
ip access-group 102 out
exit
Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128/25 network R3
access-list 102 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
access-list 102 permit ip any any
*Applying it
interface fa0/1
ip access-group 102 in
Now PC3 should not ping PC1 but can ping its default gateway 10.0.0.1
Then with NAT overload I should be able to ping both networks the PCs are on.
Well I figured it out LOL
For the NAT overload on R3:
ip nat pool ping 10.0.0.129 10.0.0.254 netmask 255.255.255.128
access-list 110 permit icmp any any
ip nat inside source list 110 pool ping overload
int fa0/1
ip access-group 110 in
*
interface fa0/1
ip nat inside
exit
interface s0/0/0
ip nat outside
exit
interface s0/0/1
ip nat outside
exit
