Comments inline.... "a. ahmad" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear Members, > > We have 2620 router with Fastethenet port and a Serial Interface. > > 1-We just want that no user traffic should directly go to router and only > the traffic that is coming through Proxy Server should reach the router.
Setup an inbound access list on the Fastethernet interface..... here's a simple example: Router(config)#access-list 1 permit 0.0.0.0 Router(config)#interface Fast0 Router(config-if)#ip access-group 1 in This would only allow traffic coming from the proxy server to be allowed into the router via the FastEthernet... modify as needed. > 2- We want to to stop ping as no one should be able to ping us from outside > network and may not chock our bandwidth. Although you can stop an incoming ping with an inbound access list on the serial interface, nothing you can do on that router can stop someone from at least sending pings (or any other unwanted traffic) to your router and using your bandwidth. The best you can do is to block the unwanted traffic where it comes in. > 3- We want to stop Telnet. No ne should be able to telnet it. We only want > to configure router through Console Port. The easiest way to prevent telnet access to the router is to simply not assign a password (or remove an existing password) on the VTY lines. I see in your config you have a password on the VTY lines. Remove it like so: Router(config)#line vty 0 4 Router(config-line)# no password If you try to telnet to it, you will see the following: AnotherRouter#telnet 10.1.1.1 Trying 10.1.1.1 ... Open Password required, but none set [Connection to 10.1.1.1 closed by foreign host] AnotherRouter# Hope this helps! Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43457&t=43449 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
