Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Networking Forum > Security and Firewalls
Reload this Page Cisco ACLs and Dual LAN
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Security and Firewalls Protecting you against unwanted people and programs

Reply
 
LinkBack Thread Tools
Old 08-29-2009, 11:09 AM   #1 (permalink)
Registered User
 
Join Date: Aug 2009
Posts: 1
OS: Windows 7


Cisco ACLs and Dual LAN
I'm running 2 LANs off a Cisco 1751 over a comcast cable internet connection and have dhcp for my public address. I have everything working great at this point but having trouble with my acls (never been good with them). I cant figure out how to restrict Lan-Lan access. I dont want them talking. How do I do this? heres my current config (passwords removed of course :p) protected is my private network and unprotected is my customer network. i fix computers and last thing i need is to fix mine due a network virus.


Code:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC_Repair
!
boot-start-marker
boot-end-marker
!
enable secret 5 !@#$%
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.0 192.168.0.99
ip dhcp excluded-address 192.168.1.0 192.168.1.99
!
ip dhcp pool Protected_Pool
   network 192.168.0.0 255.255.255.0
   dns-server 192.168.0.1 
   default-router 192.168.0.1 
   lease 7
!
ip dhcp pool Unprotected_Pool
   network 192.168.1.0 255.255.255.0
   dns-server 192.168.1.1 
   default-router 192.168.1.1 
   lease 7
!
!
ip cef
ip name-server 4.2.2.1
ip name-server 4.2.2.6
!
!
interface Ethernet0/0
 description "Unprotected"
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 full-duplex 
 no shutdown
!
interface Ethernet1/0
 description "Protected"
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 full-duplex
 no shutdown
!
 interface FastEthernet0/0
 description "Internet"
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 speed auto
 full-duplex
 no shutdown
!
router rip
 version 2
 passive-interface FastEthernet0/0
 network 192.168.0.0
 network 192.168.1.0
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip dns server
!
no logging trap
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
snmp-server community public RO
!
!
control-plane
!
!
line con 0
 password !@#$%
 login
line aux 0
line vty 0 15
 no login
!
end
deadroad503 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-02-2009, 11:24 AM   #2 (permalink)
Registered User
 
Suncoast's Avatar
 
Join Date: Jul 2009
Location: Largo, FL, USA
Posts: 389
OS: XPP, Linux, 2003, Cisco


Re: Cisco ACLs and Dual LAN
I don't know how you got any communications going between e0 and e1 with nat inside going on both interfaces. Interesting. Using an extended list will give you the option to tweak this list with port specific permit/deny statements.
Code:
conf t
no access-list 110
no access-list 111
access-list 110 deny ip any 192.168.1.0 0.0.0.255
access-list 110 deny icmp any 192.168.1.0 0.0.0.255
access-list 110 deny tcp any any range 135 139
access-list 110 permit ip any any 

access-list 111 deny ip any 192.168.0.0 0.0.0.255
access-list 111 deny icmp any 192.168.0.0 0.0.0.255
access-list 111 deny tcp any any range 135 139
access-list 111 permit ip any any 

int e0/0 
ip access-group 110 in
int e1/0 
ip access-group 111 in
access-list 111 deny tcp any any range 135 139
This line blocks all Netbios and Windows File Sharing. If you need domain or windows p2p services over these lan ports, remove these lines.
Last edited by Suncoast; 09-02-2009 at 11:30 AM. Reason: getting old
Suncoast is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:37 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85