hello everybody, please provide your feedback on the following configuration sent to me by a client i know some of the faults in it but i would like to hear more.. the ips are changed..for security ! ip subnet-zero no ip source-route no ip domain-lookup ! no ip bootp server ip inspect audit-trail ip inspect max-incomplete high 1100 ip inspect one-minute high 1100 ip inspect tcp max-incomplete host 50 block-time 10 ip inspect name Ethernet_0 tcp ip inspect name Ethernet_0 udp ip inspect name Ethernet_0 ftp ip inspect name Ethernet_0 h323 ip inspect name Ethernet_0 cuseeme ip inspect name Ethernet_0 realaudio ip inspect name Ethernet_0 smtp ip inspect name Ethernet_0 streamworks ip inspect name Ethernet_0 vdolive ip inspect name Serial_0 tcp ip inspect name Serial_0 udp ip inspect name Serial_0 ftp ip inspect name Serial_0 h323 ip inspect name Serial_0 cuseeme ip inspect name Serial_0 realaudio ip inspect name Serial_0 smtp ip inspect name Serial_0 streamworks ip inspect name Serial_0 vdolive isdn switch-type basic-net3 ! ! ! interface Ethernet0 ip address 214.170.253.33 255.255.255.224 secondary ip address 214.170.253.1 255.255.255.224 ip access-group 100 in no ip redirects no ip unreachables ip inspect Ethernet_0 in no cdp enable hold-queue 100 in hold-queue 100 out ! interface Serial0 no ip address shutdown no cdp enable ! interface Serial1 no ip address shutdown no cdp enable ! interface BRI0 description connected to Internet ip unnumbered Ethernet0 ip access-group 101 in no ip redirects no ip unreachables ip inspect Serial_0 in encapsulation ppp no ip route-cache no ip mroute-cache dialer idle-timeout 2147483 dialer string 4004444 dialer hold-queue 100 dialer-group 1 isdn switch-type basic-net3 no cdp enable ppp authentication chap callin ppp chap hostname kspc-0012 ppp chap password 7 130607010F01 hold-queue 100 in hold-queue 100 out ! ip classless ip route 0.0.0.0 0.0.0.0 BRI0 no ip http server ! no logging trap access-list 100 permit tcp host 214.170.253.4 any access-list 100 permit udp host 214.170.253.4 any access-list 100 permit udp host 214.170.253.47 host 194.170.1.6 eq doma access-list 100 permit udp host 214.170.253.47 host 194.170.1.7 eq doma access-list 100 permit udp host 214.170.253.48 host 194.170.1.6 eq doma access-list 100 permit udp host 214.170.253.48 host 194.170.1.7 eq doma access-list 100 permit tcp host 214.170.253.47 any eq smtp access-list 100 permit tcp host 214.170.253.10 any access-list 100 permit tcp host 214.170.253.50 any access-list 100 deny icmp any any redirect access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 deny ip 224.0.0.0 31.255.255.255 any access-list 100 deny ip host 0.0.0.0 any access-list 101 deny ip 214.170.253.0 0.0.0.127 any log-input access-list 101 permit tcp any host 214.170.253.47 eq smtp access-list 101 permit tcp any host 214.170.253.47 eq pop3 access-list 101 permit tcp any host 214.170.253.47 eq domain access-list 101 permit tcp any host 214.170.253.48 eq smtp access-list 101 permit tcp any host 214.170.253.48 eq pop3 access-list 101 permit tcp any host 214.170.253.47 eq 143 access-list 101 permit tcp any host 214.170.253.10 eq www access-list 101 permit tcp any host 214.170.253.50 eq 3389 access-list 101 permit udp any 214.170.253.0 0.0.0.127 eq domain access-list 101 deny icmp any any redirect access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip 224.0.0.0 31.255.255.255 any access-list 101 deny ip host 0.0.0.0 any dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp run ! line con 0 password 7 060B0B32455A line aux 0 line vty 0 4 password 7 060B0B32455A login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19246&t=19246 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
