Updated Oct 11th, 2002
| Private Network: | 192.168.0.0/24 |
|---|---|
| External Network (DMZ): | 202.0.0.0/28 |
| CISCO Router (2600): | Ethernet0/0: 192.168.0.4 Etnernet0/1: 202.0.0.14 Serial0/0: HDLC (WAN) |
| The Internet Server1: | 202.0.0.1 (DNS, SMTP, POP3) |
| The Internet Server2: | 202.0.0.2 (DNS, WWW, SYSLOG, NTP) |
gw#show running-config Building configuration... Current configuration : 3174 bytes ! version 12.1 service nagle no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log uptime service password-encryption ! hostname gw ! boot system flash logging buffered 8192 debugging aaa new-model aaa authentication login default local enable enable secret 5 12345678901234567890 ! username user1 password 7 12345678901234567890 username user2 password 7 12345678901234567890 ! ! clock timezone JST 9 ip subnet-zero no ip source-route ip domain-list test.com ip domain-name test.com ip name-server 202.0.0.1 ip name-server 202.0.0.2 ! ! ! ! interface Ethernet0/0 description Private LAN ip address 192.168.0.4 255.255.255.0 no ip redirects no ip proxy-arp ip accounting access-violations ip nat inside no ip mroute-cache no cdp enable ! interface Serial0/0 description 64K HDLC link to the Internet bandwidth 64 ip unnumbered Ethernet0/1 ip access-group 100 in ip access-group 101 out no ip redirects no ip proxy-arp ip accounting access-violations ip nat outside no ip mroute-cache down-when-looped no cdp enable ! interface Ethernet0/1 description HOGE External (DMZ) LAN ip address 202.0.0.14 255.255.255.240 no ip redirects no ip proxy-arp ip accounting access-violations no ip mroute-cache no cdp enable ! ip nat inside source list 1 interface Ethernet0/1 overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 no ip http server ! logging facility local1 logging source-interface Ethernet0/1 logging 202.0.0.2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 permit icmp any 202.0.0.0 0.0.0.15 access-list 100 permit tcp any 202.0.0.0 0.0.0.15 established access-list 100 permit tcp any 202.0.0.0 0.0.0.15 gt 1023 access-list 100 permit udp any 202.0.0.0 0.0.0.15 gt 1023 access-list 100 permit tcp any 202.0.0.1 0.0.0.0 eq domain access-list 100 permit udp any 202.0.0.1 0.0.0.0 eq domain access-list 100 permit tcp any 202.0.0.2 0.0.0.0 eq domain access-list 100 permit udp any 202.0.0.2 0.0.0.0 eq domain access-list 100 permit tcp any 202.0.0.1 0.0.0.0 eq smtp access-list 100 permit tcp any 202.0.0.1 0.0.0.0 eq pop3 access-list 100 permit tcp any 202.0.0.2 0.0.0.0 eq www access-list 100 deny tcp any 202.0.0.0 0.0.0.15 eq 2049 log access-list 100 deny udp any 202.0.0.0 0.0.0.15 eq 2049 log access-list 100 deny tcp any 202.0.0.0 0.0.0.15 eq 6000 log access-list 100 deny ip any any log access-list 101 permit ip 202.0.0.0 0.0.0.15 any access-list 101 deny ip any any log access-list 102 permit ip 202.0.0.0 0.0.0.15 any access-list 102 permit ip 192.168.0.0 0.0.0.255 any access-list 102 deny ip any any log no cdp run snmp-server community public RO banner login ^C Welcome to HOGE router ^C ! line con 0 line aux 0 line vty 0 4 access-class 102 in exec-timeout 0 0 password 7 12345678901234567890 transport input telnet transport output none ! ntp server 202.0.0.2 end