Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
2
Replies

3620 Ip Firewall problem

mlawson
Level 1
Level 1

‎02-18-2004 07:03 PM - edited ‎03-02-2019 01:41 PM

I am having an issue with a 3620 Router with 2 Ethernet ports. I am trying to implement the ip firewall feature set. Current version of the IOS is 12.1 with Ip firewall feature set. I can telnet to the router and within the router can ping an internet address but the clients on the internal network can get to the internet. I have tired several different configurations of the access list right not I have it fully open as follows access-lsit permit ip any any on both sides to try to help diagnosis problem. I followed a configuration example from the following stie:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a0080094110.shtml

Am I missing something? Any ideas and/or suggestions? Here is a copy of current config:

Current configuration : 1387 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname xxxxxx

!

enable password 7 xxxxxxxxxxxxx!

!

ip subnet-zero

ip name-server 151.164.169.201

!

ip inspect max-incomplete high 1100

ip inspect one-minute high 1100

ip inspect name Ethernet_1_0 ftp

ip inspect name spgfw cuseeme timeout 3600

ip inspect name spgfw ftp timeout 3600

ip inspect name spgfw http timeout 3600

ip inspect name spgfw rcmd timeout 3600

ip inspect name spgfw realaudio timeout 3600

ip inspect name spgfw smtp timeout 3600

ip inspect name spgfw tftp timeout 30

ip inspect name spgfw udp timeout 15

ip inspect name spgfw tcp timeout 3600

ip audit po max-events 100

!

!

!

interface Ethernet1/0

description internal network

ip address 192.168.2.254 255.255.255.0

ip access-group 101 in

no ip route-cache

no ip mroute-cache

no cdp enable

!

interface Ethernet1/1

description connection to internet

ip address 192.168.10.230 255.255.255.0

ip access-group 111 in

no ip route-cache

no ip mroute-cache

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.253

no ip http server

!

access-list 101 permit ip any any

access-list 111 permit ip any any

snmp-server community public RO

!

line con 0

exec-timeout 0 0

password 7 xxxxxxxxxxx

login

line aux 0

line vty 0 4

password 7 xxxxxxxxxx

login

!

end

THANKS

Labels:
0 Helpful
2 Replies 2

ziutek
Level 1
Level 1

‎02-19-2004 05:19 AM

What is the ip address of the default gateway for your PCs? It should be pointing to the ip address 192.168.2.254.

Good luck,

Joe

0 Helpful

mlawson
Level 1
Level 1
In response to ziutek

‎02-19-2004 06:28 AM

The default gateway of all computers is 192.168.2.254

Thanks

0 Helpful
Customers Also Viewed These Support Documents