Ip nat outside no cdp enable | Cisco Systems 520 series guide

Chapter 8 Configuring a Simple Firewall

Configuration Example

ip nat outside no cdp enable

!

!acl 103 defines traffic allowed from the peer for the IPsec tunnel. access-list 103 permit udp host 200.1.1.1 any eq isakmp access-list 103 permit udp host 200.1.1.1 eq isakmp any access-list 103 permit esp host 200.1.1.1 any

!Allow ICMP for debugging but should be disabled because of security implications. access-list 103 permit icmp any any

access-list 103 deny ip any any ! Prevents Internet-initiated traffic inbound.

!acl 105 matches addresses for the ipsec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255

no cdp run

Cisco Secure Router 520 Series Software Configuration Guide

8-6	OL-14210-01

Image 94

Cisco Systems 520 series manual Ip nat outside no cdp enable

Contents

Cisco Secure Router 520 Series Software Configuration Guide Americas HeadquartersPage N T E N T S Iii Verify the Configuration Additional Configuration Options Reference Information Rsvp Vii Using the Tftp Download Command C-5 Viii Objective PrefaceAudience Organization Part 2 Configuring Your Router for Ethernet and DSL AccessPart 3 Configuring Additional Features and Troubleshooting Part 1 Getting Started Conventions Appendix D, Common Port Assignments Aviso Instruções Importantes DE Segurança Warnung Wichtige SicherheitshinweiseAvvertenza Importanti Istruzioni Sulla Sicurezza Xii Guarde Estas Instrucciones Xiii GEM Disse Anvisninger XivPage Related Documentation Cisco Regulatory Compliance and Safety Information RoadmapCisco Secure Router 520 Series Hardware Installation Guide Xvi Obtaining Documentation and Submitting a Service Request Xvii Xviii Getting Started Page Basic Router Configuration Viewing the Default Configuration Information Needed for Customizing the Default Parameters Interface Port Labels Configuring Basic ParametersRouter Interface Port Label Configure WAN Interfaces Configure Global ParametersConfigure Fast Ethernet LAN Interfaces Command Purpose Interface type number Routerconfig# interface fastethernetRouterconfig-if# ip address 255.255.255.0 No shutdown Enables the ATM 0 interface Configure the Wireless InterfaceConfiguring a Loopback Interface Exits configuration mode for the ATM interface Loopback interface Exits configuration mode for the loopbackInterface and returns to global configuration mode Router# show interface loopback Login Configuring Command-Line Access to the RouterPassword password Exec-timeoutminutes seconds End Configuration Example Configuring Static RoutesVerifying Your Configuration Command Task Configuring Dynamic RoutesConfiguring RIP Router rip No auto-summary Configuring Your Router for Ethernet and DSL Access Page For Ethernet-Based Network Deployments Sample Network DeploymentsFor DSL-Based Network Deployments Sample Network Deployments Configuring PPP over Ethernet with NAT PPPoE session between the client and a PPPoE server Vpdn enable Configuration TasksCommand or Action Purpose PPPoE Request-dialin Configure the Fast Ethernet WAN InterfacesConfigures the PPPoE client and specifies Protocol l2tp pppoe Configure the Dialer Interface Dialer pool number Configure Network Address TranslationPpp authentication protocol1 protocol2 Dialer-group group-number Permitted by access list acl1 to be translated to one Enables dynamic translation of addresses onBy the access list 1 to be translated to one Enables the configuration changes just made to Ip nat inside outside Access-list access-list-number deny permitRouterconfig# access-list 1 permit Source source-wildcard Configuration Example Router# show ip nat statistics Id 1 access-list 1 interface Dialer0 refcount Queued Packets OL-14210-01 Configuring PPP over ATM with NAT PPP over ATM with NAT PPPoA Using a dialer group controls access to Sets the PPP authentication methodAuthentication Protocol Chap Specifies that the IP address for the dialer Command Reference, Volume 1 of 4 Routing Configure the ATM WAN Interface Attribute Description Default Value Configure DSL Signaling ProtocolConfiguring Adsl Dsl lom integer Dsl enable-training-log One of the addresses specified in the NAT pool Permitted by access list acl1 to be translated toPool1 Reference, Volume 1 of 4 Addressing 0.255 ATM0 Configuring a LAN with Dhcp and VLANs Dhcp VLANs Configure DhcpDotted-decimal domain name Global configuration mode Enters Dhcp pool configuration mode. The nameExits Dhcp configuration mode, and enters Creates a Dhcp address pool on the router Ip dhcp pool Verify Your Dhcp ConfigurationRouter# show ip dhcp import Server statistics Vlan database Configure VLANsVlan vlan-id media type name vlan-name Exits interface mode and returns to privileged Assign a Switch Port to a VlanVerify Your Vlan Configuration Exec mode Router# show vlan-switch Vlan Said MTU Configuring a VPN Using Easy VPN and an IPsec Tunnel Remote Access VPN Using IPsec Tunnel Cisco Easy VPN Configure the IKE Policy Configure Group Policy Information Apply Mode Configuration to the Crypto Map Enable Policy Lookup Configure IPsec Transforms and Protocols Configure the IPsec Crypto Method and Parameters Crypto map map-name seq-num ipsec-isakmp Apply the Crypto Map to the Physical InterfaceReverse-route Dynamic dynamic-map-name discover Create an Easy VPN Remote Configuration Crypto map map-name Ezvpn ezvpnclient outside Verifying Your Easy VPN ConfigurationCrypto ipsec client ezvpn name outside inside Router# show crypto ipsec client ezvpn Crypto ipsec client ezvpn ezvpnclient connect auto OL-14210-01 Site-to-Site VPN Using an IPsec Tunnel and GRE GRE Tunnels Configure a VPNVPNs Configure the IKE Policy Domain name Configure Group Policy InformationIp local pool default poolname Low-ip-address high-ip-address Enable Policy Lookup Configure IPsec Transforms and Protocols Specifies global lifetime values used when Configure the IPsec Crypto Method and ParametersCreates a dynamic crypto map entry, and enters Apply the Crypto Map to the Physical Interface Map Configure a GRE Tunnel 192.168.101.1 Enters ACL configuration mode for the named Tunnel interface must be configured toExits interface configuration mode, and returns to Access-list-name ACL that is used by the crypto map Set transform-set set1 match address No cdp run OL-14210-01 Configuring a Simple Firewall Fast Ethernet LAN interface the inside interface for NAT Details about this command Configure Access ListsCreates an access list which prevents Internet Creates an access list that allows network traffic Configure Inspection Rules Apply Access Lists and Inspection Rules to Interfaces Routerconfig-if# ip access-group 103 Ip nat outside no cdp enable Configuring a Wireless LAN Connection 1shows a wireless network deployment Equivalent Privacy WEP cannot use Configure the Root Radio StationFor clients Bridges for more details Sets the permitted authentication methods for a Creates a Service Set ID SSID, the publicName of a wireless network User attempting access to the wireless LAN Configure Bridging on VLANs Bridge-group number Configure Radio Station SubinterfacesBridge-group parameter Enabled, the following commands are Disables the Cisco Discovery Protocol CDPOn the wireless interface Automatically enabled, and cannot be No bridge-group 2 unicast-flooding No ip address bridge-group Configuring Additional Features and Troubleshooting Page Additional Configuration Options 10-1 10-2 Authentication, Authorization, and Accounting Configuring Security Features11-1 Configuration Commands Configuring AutoSecureConfiguring Access Lists ACL Type Ip access-groupaccess-list-number access-list-nameinout Configuring a Cbac FirewallAccess Groups Ip inspect name inspection-name protocol timeout seconds Configuring VPNs Configuring Cisco IOS Firewall IDS11-4 Before Contacting Cisco or Your Reseller TroubleshootingGetting Started 12-1 Ping atm interface Command Adsl TroubleshootingATM Troubleshooting Commands 12-2 Show interface Command 12-3 Output Cause Shutdown command12-4 Field Description Show atm interface CommandDebug atm Commands 12-5 12-6 Router# debug atm errors ATM errors debugging is on Router#Router# debug atm events Router# 12-7 Example 12-6 Viewing ATM Interface Processor Events-Failure 12-8 Software Upgrade MethodsRouter# debug atm packet Router# 012348ATM0O 12-9 Recovering a Lost PasswordChange the Configuration Register Router# show version 12-10 Rommon 2 confreg Router# show startup-config Reset the Password and Save Your ChangesReset the Configuration Register Value Router# copy running-config startup-config 12-12 Reference Information Page Cisco IOS Software Basic Skills Configuring the Router from a PCPC Operating System Software Understanding Command Modes As interface atm Ctrl-Z Getting Help Enable Secret Passwords and Enable PasswordsRouter rip, from Entering Global Configuration Mode Using Commands Undoing Commands Saving Configuration ChangesAbbreviating Commands Command-Line Error Messages Where to Go Next Summary OL-14210-01 Concepts Adsl Network Protocols Routing Protocol Options PPP Authentication Protocols PAP Ethernet Network InterfacesATM for DSL Dialer Interface PVC Easy IP Phase IP Precedence QoSPPP Fragmentation and Interleaving Cbwfq Low Latency Queuing Access Lists OL-14210-01 ROM Monitor Configure terminal Enters global configuration modeConfig-reg Resets the configuration register Entering the ROM Monitor ROM Monitor Commands Reload Disaster Recovery with Tftp Download Command DescriptionsCommand Description Tftp Download Command Variables Variable Command TFTPTIMEOUT= time Configuration RegisterUsing the Tftp Download Command Retrytimes Changing the Configuration Register Using Prompts Changing the Configuration Register ManuallyRommon 1 confreg Console Download Command DescriptionXmodem -cyrxdestinationfilename Debug Commands Error Reporting Exiting the ROM Monitor Appendix C ROM Monitor Exiting the ROM Monitor OL-14210-01 Common Port Assignments Port Keyword Description Finger See AAL See ARPSee Adsl See ATM See CAR IN-2 See Dhcp IN-3 See LCP IN-4 IN-5 See NAT See RIPIN-6 IN-7 IN-8