Cisco 2801 question

C

crossrider201

n00b
Joined
Nov 20, 2014
Messages
2
I'm trying to open a port in a Cisco 2801, the port 3001 to give internet access for a cisco switch which IP is 172.16.8.40

Cisco 2801 configuration

cisco 2801 config



match access-group 110

class-map type inspect match-all vpn-traffic

match access-group 111

!

!

policy-map type inspect priv-pub-pmap

class type inspect all-private

inspect

class class-default

drop

policy-map type inspect pub-priv-pmap

class type inspect vpn-traffic

inspect

class class-default

drop

!

zone security private

zone security public

zone-pair security priv-pub source private destination public

service-policy type inspect priv-pub-pmap

zone-pair security pub-priv source public destination private

service-policy type inspect pub-priv-pmap

!

!

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 2

lifetime 84600

!

crypto isakmp policy 5

encr 3des

hash md5

authentication pre-share

group 2

lifetime 84600

!

crypto isakmp client configuration group BFvpn

key vPnBr1TT@ny9687!

dns 192.168.2.10

pool vpn_ip

acl remotevpn

!

!

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set aes-256-sha esp-aes 256 esp-sha-hmac

!

crypto dynamic-map vpn 65535

set transform-set ESP-3DES-MD5

!

!

crypto map vpn client authentication list AAA-VPN

crypto map vpn isakmp authorization list AAA-VPN

crypto map vpn client configuration address respond

crypto map vpn 65535 ipsec-isakmp dynamic vpn

!

!

!

!

!

interface FastEthernet0/0

ip address 75.150.67.105 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

zone-member security public

duplex auto

speed auto

crypto map vpn

!

interface FastEthernet0/1

ip address 172.16.250.1 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

zone-member security private

speed 100

full-duplex

!

interface FastEthernet0/3/0

switchport mode trunk

no ip address

!

interface FastEthernet0/3/1

no ip address

!

interface FastEthernet0/3/2

no ip address

!

interface FastEthernet0/3/3

no ip address

!

interface Vlan1

no ip address

!

interface Vlan413

ip address 170.163.128.202 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

zone-member security public

!

!

router eigrp 1

network 172.16.0.0

!

ip local policy route-map LocalPBR

ip local pool vpn_ip 172.16.251.10 172.16.251.20

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

ip nat inside source static tcp 172.16.8.40 3001 172.16.250.1 3001

ip nat inside source route-map NAT-HFC interface FastEthernet0/0 overload

ip nat inside source route-map NAT-OPT interface Vlan413 overload

ip route 0.0.0.0 0.0.0.0 75.150.67.106 track 3

ip route 0.0.0.0 0.0.0.0 170.163.128.201 5

!

ip access-list standard remotevpn

permit 172.16.0.0 0.15.255.255

!

ip sla 1

icmp-echo 75.150.67.106 source-interface FastEthernet0/0

frequency 30

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 170.163.128.201 source-interface Vlan413

frequency 30

ip sla schedule 2 life forever start-time now

access-list 1 permit 170.163.0.0 0.0.255.255

access-list 1 remark for Telnet & SNMP Restrictions

access-list 1 permit 172.16.8.0 0.0.3.255

access-list 7 permit 172.16.8.40

access-list 7 permit 172.16.8.41

access-list 7 permit 172.16.8.42

access-list 7 permit 172.16.8.43







access-list 10 permit 75.150.67.105

access-list 20 permit 170.163.128.202

access-list 102 deny ip any 10.0.0.0 0.255.255.255

access-list 102 deny ip any 172.16.0.0 0.15.255.255

access-list 102 deny ip any 192.168.0.0 0.0.255.255

access-list 102 permit ip 172.16.0.0 0.0.15.255 any

access-list 102 permit ip 172.16.0.0 0.15.255.255 any

access-list 110 permit ip any any

access-list 111 permit ip 172.16.251.0 0.0.0.255 172.16.0.0 0.15.255.255

access-list 111 deny ip any any

!

!

!

route-map LocalPBR permit 10

match ip address 10

set ip default next-hop 75.150.67.106

!

route-map LocalPBR permit 20

match ip address 20

set ip default next-hop 170.163.128.201

!

route-map NAT-HFC permit 10

match ip address 102

match interface FastEthernet0/0

!

route-map NAT-OPT permit 10

match ip address 102

match interface Vlan413

!

snmp-server community chimenet#3000 RO 1

snmp-server enable traps tty

!

tacacs-server host 170.163.248.63

tacacs-server host 170.163.248.64

tacacs-server directed-request

tacacs-server key 7 06050728414B071C1154405B5C54
 
I want to provide internet access to the 172.16.8.40 via the 3001 port from the cisco 2801



This is what i tried so far:



ip nat inside source static tcp 172.16.8.40 3001 172.16.250.1 3001



access-list 7 permit 172.16.8.40 0.0.0.43
 
do you want access FROM the switch TO the Internet?

or

TO the switch FROM the Internet?
 
You must log in or register to reply here.
Back
Top