Cicso ACL/ZFW Configuration to all connection to Microsoft VPN Server

Unanswered Question
Aug 19th, 2008
User Badges:

Heya,


Trying to figure out what's going on here. I'm setting up a new Cisco 871 series router. Before enabling the Zone based Firewall and ACL's - I was able to get the SBS VPN Client to connect and authenticate.


Now that I am trying to implement the firewall, it appears to be holding tight at Username and Password.


SBS Server 10.0.0.15 / 255.255.255.0

SBS Remote Access Internal 10.0.0.19/255.255.255.255


Cisco router ACL


show run | include nat

zone-pair security in_out source inside destination outside

zone-pair security out_in source outside destination inside

ip nat outside

ip nat inside

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 10.0.0.15 1723 interface FastEthernet4 1723 'WAN INTERFACE

ip nat inside source static tcp 10.0.0.15 25 <ISP IP 2 of 5> 25 extendable

ip nat inside source static tcp 10.0.0.15 110 <ISP IP 2 of 5> 110 extendable

ip nat inside source static tcp 10.0.0.15 80 <ISP IP 3of 5> 80 extendable

ip nat inside source static tcp 10.0.0.15 443 <ISP IP 3of 5> 443 extendable



show run | include access-list

ip access-list extended in_out

ip access-list extended out_in

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.0.0.0 0.0.0.255

access-list 100 remark SDM_ACL Category=4

access-list 100 permit ip 10.0.0.0 0.0.0.255 any

access-list 101 remark SDM_ACL Category=4

access-list 101 permit ip 10.0.0.0 0.0.0.255 any


show access-list

Standard IP access list 1

10 permit 10.0.0.0, wildcard bits 0.0.0.255 (89565 matches)

Extended IP access list 100

10 permit ip 10.0.0.0 0.0.0.255 any

Extended IP access list 101

10 permit ip 10.0.0.0 0.0.0.255 any

Extended IP access list in_out

10 permit tcp 10.0.0.0 0.0.0.255 any eq www (1654 matches)

20 permit tcp 10.0.0.0 0.0.0.255 any eq 443 (440 matches)

30 permit tcp 10.0.0.0 0.0.0.255 any eq ftp

40 permit tcp 10.0.0.0 0.0.0.255 any eq ftp-data

50 permit tcp 10.0.0.0 0.0.0.255 any eq smtp (42 matches)

60 permit tcp 10.0.0.0 0.0.0.255 any eq pop3 (84 matches)

70 permit ip 10.0.0.0 0.0.0.255 host 192.168.230.249 (32 matches)

80 permit tcp 10.0.0.0 0.0.0.255 any eq 3389 (7 matches)

90 permit udp 10.0.0.0 0.0.0.255 any eq domain (2741 matches)

Extended IP access list out_in

10 permit tcp any host 10.0.0.15 eq smtp (1641 matches)

20 permit tcp any host 10.0.0.15 eq 443 (5 matches)

40 permit ip 192.168.240.0 0.0.0.255 10.0.0.0 0.0.0.255 (22 matches)

60 permit tcp any host 10.0.0.15 eq 1723 (11 matches)

70 permit gre host 10.0.0.15 any


Any suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion