| Return to Main page Return to Cisco page Okay one adsl config, taken from an 827, all relevant details are removed, real IP is staticaly assigned. Note that 2 servers are allowed external IPs, the port 1352 is used for Domino servers. |
------------------ ADSL 14 Apr 2003 15:50 password ------------------ router#sh run Building configuration... Current configuration : 3208 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router ! enable secret 0 password ! username user1 password 0 password ip subnet-zero ! ip inspect name Ethernet0 cuseeme ip inspect name Ethernet0 fragment maximum 256 timeout 1 ip inspect name Ethernet0 ftp ip inspect name Ethernet0 h323 ip inspect name Ethernet0 http ip inspect name Ethernet0 netshow ip inspect name Ethernet0 rcmd ip inspect name Ethernet0 realaudio ip inspect name Ethernet0 rtsp ip inspect name Ethernet0 sqlnet ip inspect name Ethernet0 streamworks ip inspect name Ethernet0 tcp ip inspect name Ethernet0 tftp ip inspect name Ethernet0 udp ip inspect name Ethernet0 vdolive ip audit notify log ip audit po max-events 100 ! interface Ethernet0 ip address 192.168.1.254 255.255.255.0 ip access-group 110 in ip nat inside ip inspect Ethernet0 in ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive pvc 8/35 pppoe-client dial-pool-number 1 ! dsl operating-mode auto dsl power-cutback 0 ! interface Dialer1 ip address 10.10.10.10 255.255.255.0 ip access-group 130 in ip nat outside encapsulation ppp dialer pool 1 dialer remote-name redback dialer-group 1 ppp authentication pap chap callin ppp chap hostname [email protected] ppp chap password 0 password ppp pap sent-username [email protected] password 0 password ppp ipcp wins request ppp timeout idle 4294967 ! ip nat inside source static 192.168.1.5 w.x.y.z ip nat inside source static 192.168.1.10 w.x.y.z1 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 no ip http server no ip http secure-server ! ! access-list 110 permit ip any any access-list 130 permit tcp any host w.x.y.z eq smtp access-list 130 permit tcp any host w.x.y.z eq 1352 access-list 130 deny tcp any host 10.10.10.10 eq ftp-data access-list 130 deny tcp any host 10.10.10.10 eq ftp access-list 130 deny tcp any host 10.10.10.10 eq domain access-list 130 deny tcp any host 10.10.10.10 eq finger access-list 130 deny tcp any host 10.10.10.10 eq www access-list 130 deny tcp any host 10.10.10.10 eq 22 access-list 130 deny udp any host 10.10.10.10 eq 21 access-list 130 deny udp any host 10.10.10.10 eq 20 access-list 130 deny udp any host 10.10.10.10 eq domain access-list 130 deny udp any host 10.10.10.10 eq 79 access-list 130 deny udp any host 10.10.10.10 eq 80 access-list 130 deny udp any host 10.10.10.10 eq 23 access-list 130 deny udp any host 10.10.10.10 eq 22 access-list 130 deny ip 192.168.0.0 0.0.255.255 any access-list 130 deny ip 172.16.0.0 0.15.255.255 any access-list 130 deny ip 10.0.0.0 0.255.255.255 any access-list 130 permit ip any host 10.10.10.10 access-list 130 deny ip any any dialer-list 1 protocol ip permit ! line con 0 exec-timeout 120 0 password 0 password login local no modem enable stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 120 0 password 0 password login local ! scheduler max-task-time 5000 end |