Re: SOHO 91 QUESTIONS

chris · ‎10-13-2006

i have my soho 91 up and running finally - is anyone else using this... should i be looking for anything in particular to go wrong...

i had to use the web app to set up my network. i could not find any documentation on how to program this particular router.... do you have any good articles for a noob to read?

globalnettech · ‎10-13-2006

Hello Chris,

have a look at the link below, which contains comprehensive documentation on the SOHO 91 router:

Cisco 831 and SOHO 91 Routers

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/831/index.htm

HTH,

GNT

chris · ‎10-15-2006

^^ pls help a brotha out ^^

globalnettech · ‎10-16-2006

Hello Chris,

what are you looking for specifically ? The link I posted contains hard and software configuration info, let me know what you need to know...

Regards,

GNT

chris · ‎10-16-2006

basically just getting started... My uncles operation is expanding.. He brought me into run the technology end (mostly programming)

we are going to start hosting our own applications soon - nothing that needs to be super secure - but i want to make sure i avoid stupid mistakes... Pls check out my current config - i would love recomendations...

i appreciate the help!!!

========

Current configuration : 1246 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname root

!

no logging buffered

enable secret 5 $1$WTgl$4ivUMx0texkQGmj5j1SAA/

!

username CRWS_Jaidil privilege 15 password 7 125D5453255A0A256E24752700103212544

25053050A010003

username root password 7 075F37495C05491713

no aaa new-model

ip subnet-zero

ip name-server 65.83.241.181

ip name-server 67.32.118.46

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 0 2

!

partition flash 2 6 2

!

interface Ethernet0

ip address 10.10.10.1 255.255.255.0

ip nat inside

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address dhcp client-id Ethernet1

ip nat outside

duplex auto

no cdp enable

!

ip nat inside source list 102 interface Ethernet1 overload

ip classless

ip http server

no ip http secure-server

!

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 102 permit ip 10.10.10.0 0.0.0.255 any

no cdp run

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

login local

length 0

!

scheduler max-task-time 5000

!

end

==============

globalnettech · ‎10-17-2006

Hello,

the configuration looks perfectly ok !

Good luck with expanding the business.

Regards,

GNT

chris · ‎10-23-2006

could i use the soho91 as a firewall for my webserver? It does not have to be super secure... I cant spend a ton on another firewall

globalnettech · ‎10-23-2006

Hello Chris,

provided that your SOHO91 router has the firewall feature set loaded (do a 'show version' and check for a line similar to 'soho91-k9oy6-mz', which would indicate that you have the firewall feature set installed), the router should support the 'ip inspect' command, which basically is a firewall that would block all traffic defined with 'ip inspect' statements coming from the outside, but would allow it from the inside. Of course there are also access lists available, so if you need basic security on your router, that is certainly configurable.

Can you post the configuration of your router as it is configured now ?

Regards,

GNT

chris · ‎10-25-2006

VERSION INFO

Cisco Internetwork Operating System Software

IOS (tm) SOHO91 Software (SOHO91-K9OY6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT

RELEASE SOFTWARE (fc1)

Synched to technology version 12.3(1.6)T

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 04-Mar-04 01:24 by ealyon

Image text-base: 0x800131E8, data-base: 0x80A40300

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)

ROM: SOHO91 Software (SOHO91-K9OY6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELE

ASE SOFTWARE (fc1)

root uptime is 1 week, 18 hours, 0 minutes

System returned to ROM by power-on

System image file is "flash:soho91-k9oy6-mz.123-2.XC2.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

CISCO SOHO91 (MPC857DSL) processor (revision 0x300) with 29492K/3276K bytes of memory.

Processor board ID AMB081915AX (2089163721), with hardware revision 0000

CPU rev number 7

Bridging software.

2 Ethernet/IEEE 802.3 interface(s)

128K bytes of non-volatile configuration memory.

6144K bytes of processor board System flash partition 1 (Read/Write)

2048K bytes of processor board System flash partition 2 (Read/Write)

2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102

CONFIG ==============================

========

Current configuration : 1246 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname root

!

no logging buffered

enable secret xxx

!

username xxx privilege 15 password xxx

25053050A010003

username xxx password xxx

no aaa new-model

ip subnet-zero

ip name-server 65.x.241.181

ip name-server 67.x.118.46

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 0 2

!

partition flash 2 6 2

!

interface Ethernet0

ip address 10.10.10.1 255.255.255.0

ip nat inside

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address dhcp client-id Ethernet1

ip nat outside

duplex auto

no cdp enable

!

ip nat inside source list 102 interface Ethernet1 overload

ip classless

ip http server

no ip http secure-server

!

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 102 permit ip 10.10.10.0 0.0.0.255 any

no cdp run

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

login local

length 0

!

scheduler max-task-time 5000

!

end

==============

tu_amor66 · ‎05-24-2007

The SOHO 91 IOS version you have does contain firewall commands. If you login to the CRWS under advanced configuration, this gives you the option to enable or disable the firewall. Nothing too big or difficult to accomplish.

foxbatreco · ‎05-28-2007

Hii.. i would suggest that if u r lookin from a security viewpoint then pls

use the ip inspect option with soho

this will help to validate and pass only traffic that is gettin initiated from int n/w and wanting to come back in with some return data.

Pls rate if this helps.