Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewall and remote access HELP

I am a newbie to Cisco routers but am learning, I can't seem to get any remote access past our firewall. I can ping out but can't gain access of any kind. I have an old 1600. I have learned that I need to set up a port. Any help would be greatly appreciated. Here are my config settings:

version 11.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname xxx.xxx.com

!

enable password 7 xx...

!

ip subnet-zero

no ip source-route

no ip domain-lookup

ip inspect max-incomplete high 1100

ip inspect one-minute high 1100

ip inspect name Ethernet_1 smtp

ip inspect name Ethernet_1 udp

ip inspect name Ethernet_1 tcp

ip inspect name Ethernet_1 cuseeme

ip inspect name Ethernet_1 ftp

ip inspect name Ethernet_1 h323

ip inspect name Ethernet_1 rcmd

ip inspect name Ethernet_1 realaudio

ip inspect name Ethernet_1 streamworks

ip inspect name Ethernet_1 vdolive

ip inspect name Ethernet_1 sqlnet

ip inspect name Ethernet_1 tftp

ip inspect name Ethernet_0 tcp

ip inspect name Ethernet_0 udp

ip inspect name Ethernet_0 cuseeme

ip inspect name Ethernet_0 ftp

ip inspect name Ethernet_0 h323

ip inspect name Ethernet_0 rcmd

ip inspect name Ethernet_0 realaudio

ip inspect name Ethernet_0 smtp

ip inspect name Ethernet_0 streamworks

ip inspect name Ethernet_0 vdolive

ip inspect name Ethernet_0 sqlnet

ip inspect name Ethernet_0 tftp

ip inspect name Serial_0 tcp

ip inspect name Serial_0 udp timeout 360

ip inspect name Serial_0 ftp

!

interface Ethernet0

description connected to EthernetLAN-E0

ip address 207.22.77.1 255.255.255.128

ip access-group 102 in

ip inspect Ethernet_0 in

!

interface Ethernet1

description connected to Internet-LAN-E1

ip address 207.22.77.129 255.255.255.128

ip access-group 101 in

ip inspect Ethernet_1 in

!

interface Serial0

description connected to Internet

ip address 209.70.214.54 255.255.255.252

ip access-group 103 in

ip inspect Serial_0 in

bandwidth 1536

service-module t1 timeslots 1-24

!

ip classless

ip route 0.0.0.0 0.0.0.0 209.70.214.53

logging source-interface Ethernet1

logging 207.22.77.139

access-list 101 deny ip 207.22.77.0 0.0.0.127 any

access-list 101 permit icmp any 207.22.77.0 0.0.0.127

access-list 101 permit tcp any 207.22.77.0 0.0.0.127 eq smtp

access-list 101 permit udp any 207.22.77.0 0.0.0.127 eq domain

access-list 101 permit tcp any 207.22.77.0 0.0.0.127 eq domain

access-list 101 permit ip host 207.22.77.139 host 207.22.77.65

access-list 101 permit ip host 207.22.77.139 host 207.22.77.105

access-list 101 deny ip any 207.22.77.0 0.0.0.127

access-list 101 permit ip any any

access-list 102 deny ip 207.22.77.128 0.0.0.127 any

access-list 102 permit ip any 207.22.77.128 0.0.0.127

access-list 102 deny ip host 207.22.77.86 any

access-list 102 deny ip host 207.22.77.87 any

access-list 102 deny ip host 207.22.77.88 any

access-list 102 deny ip host 207.22.77.89 any

access-list 102 deny ip host 207.22.77.90 any

access-list 102 deny ip host 207.22.77.91 any

access-list 102 deny ip host 207.22.77.92 any

access-list 102 deny ip host 207.22.77.93 any

access-list 102 deny ip host 207.22.77.94 any

access-list 102 deny ip host 207.22.77.95 any

access-list 102 deny ip host 207.22.77.96 any

access-list 102 deny ip host 207.22.77.97 any

access-list 102 deny ip host 207.22.77.98 any

access-list 102 permit ip any any

access-list 103 deny ip 207.22.77.0 0.0.0.127 any

access-list 103 deny ip 207.22.77.128 0.0.0.127 any

access-list 103 deny ip any host 207.22.77.99

access-list 103 permit icmp any 207.22.77.0 0.0.0.127

access-list 103 permit icmp any 207.22.77.128 0.0.0.127

access-list 103 permit icmp any host 209.70.214.54

access-list 103 permit tcp any host 209.70.214.54 eq telnet

access-list 103 permit tcp any host 207.22.77.102 eq pop3

access-list 103 permit tcp any 207.22.77.0 0.0.0.127 eq smtp

access-list 103 permit tcp any 207.22.77.0 0.0.0.127 eq ident

access-list 103 permit tcp any 207.22.77.0 0.0.0.127 eq domain

access-list 103 permit udp any 207.22.77.0 0.0.0.127 eq domain

access-list 103 permit tcp any 207.22.77.0 0.0.0.127 eq 22

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq pop3

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq smtp

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq telnet

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq ident

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq www

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq 443

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq 22

access-list 103 permit udp any 207.22.77.128 0.0.0.127 eq domain

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 range ftp-data ftp

access-list 103 permit tcp any host 207.22.77.65 eq telnet

access-list 103 permit tcp any host 207.22.77.2 eq 1025

access-list 103 permit tcp any host 207.22.77.2 eq 1723

access-list 103 permit tcp any host 207.22.77.139 eq 6666

access-list 103 permit tcp any host 207.22.77.139 eq 8675

access-list 103 permit gre any host 207.22.77.2

access-list 103 permit tcp any 207.22.77.128 0.0.0.127 eq 993

access-list 103 permit icmp any any

access-list 103 permit udp any any range 33434 33464

access-list 103 permit ip host 128.2.6.107 host 207.22.77.139

snmp-server community govsci RO

174
Views
0
Helpful
0
Replies