Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 678 Setting filter rules help please

I have a LAN connected to WAN via Cisco 678. In between

the Cisco and the LAN is a NAT-ed switch. (network values

have been changed to protect the innocent)

Cisco to Switch network is 200.50.100.0

The LAN network is 192.168.10.0

Let's say for example that I want to allow the following

from the WAN into the LAN

100.50.7.0 - allow network to access LAN

100.70.8.8 - allow system to access LAN

100.90.9.0 - allow network to access LAN for FTP & Telnet only

100.100.10.7 - allow system to access LAN for FTP & Telnet only

deny anything else

Allow users on LAN to ftp, telnet, send/recv email, etc. to internet

so i setup some rules like so:

set filter 0 on allow incoming all 100.50.7.0 255.255.255.0

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 1-65535

set filter 1 on allow incoming all 100.70.8.8 255.255.255.255

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 1-65535

set filter 2 on allow incoming all 100.90.9.0 255.255.255.0

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 23-23

set filter 3 on allow incoming all 100.90.9.0 255.255.255.0

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 21-21

set filter 4 on allow incoming all 100.100.10.7 255.255.255.255

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 23-23

set filter 5 on allow incoming all 100.100.10.7 255.255.255.255

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 21-21

set filter 6 on allow outgoing all 0.0.0.0 0.0.0.0

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 1-65535

--- end of rules

okay, the last line was put in so that I could send mail from LAN

etc. Unfortunately, nothing could come in so I set up this rule

set filter 7 on allow incoming all 0.0.0.0 0.0.0.0

0.0.0.0 0.0.0.0 protocol TCP srcport 1-65535 destport 1-65535

which works great, but allows everything in, including addresses

I do not want to allow.

How do I lock out the work except for the networks and systems I

want to allow, and at the same time allow the users in the LAN to

use the internet?

thanx

ted

1 REPLY
Silver

Re: Cisco 678 Setting filter rules help please

To learn more about configuring filters on your 678, you could refer to the 'set filter' command at http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/products_user_guide_chapter09186a00800ead58.html#xtocid15

The relevant sections explain the command and also discusses a number of examples.

You could also refer to 'Filter Configuration Screen' at the URL

http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/products_user_guide_chapter09186a00800ead57.html#xtocid15

163
Views
0
Helpful
1
Replies