Re: Immdeiate Assistance is Reaquired! [7:43449]
No, no no. It is being done by GroupStudy to allow posting to the message boards. Remember you can read this group via the message boards, not just via a discussion group. But because the Message boards use HTML, it is suspicious of any command in-between the Greater Then and Less Then signs. Frankly I can change it if it is a huge problem. Take care, Paul - Original Message - From: "Michael Williams" To: Sent: Tuesday, May 07, 2002 8:55 AM Subject: Re: Immdeiate Assistance is Reaquired! [7:43449] > This is strange. I go back and look at the other posts here on the web > forum and they're all okay.. the stuff between the doesn't disappear > > Must be Outlook Express or something.. Sean, which newsgroup reader were > you using to read my posts? (since things were obviously disappearing in > your reader too) > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43515&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Immdeiate Assistance is Reaquired! [7:43449]
This is strange. I go back and look at the other posts here on the web forum and they're all okay.. the stuff between the doesn't disappear Must be Outlook Express or something.. Sean, which newsgroup reader were you using to read my posts? (since things were obviously disappearing in your reader too) Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43490&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Immdeiate Assistance is Reaquired! [7:43449]
Okay... I'm going to try again.this time from the web forum The fox over lazy We'll see =) Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43489&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Immdeiate Assistance is Reaquired! [7:43449]
Get this... in both my posts (I went and checked my sent items) contained the phrase "ip of proxy" surrounded by a "less than sign" and a "greater than sign" (I type this out, because what' happening is that everything between the greater than and less than signs is being dropped from my post My original post read: (I'm going to replace the greater than and less than signs with % so it won't get filtered) Router(config)#access-list 1 permit %ip of proxy% 0.0.0.0 Router(config)#interface Fast0 Router(config-if)#ip access-group 1 in The same thing happened in that last post.. I'm going to put the sentence "The quick fox jumped over the lazy dog" with every other word in "" The fox over lazy I wonder if putting it in quotes makes a difference... "The fox over lazy " This is really weird. Mike W. "Michael L. Williams" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > "Sean Knox" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > It should be blatantly obvious (to Cisco people anyway), but make sure you > > replace the 0.0.0.0 with the address of your proxy server. :) 0.0.0.0 > > equates to "any host." > > heh I remember typing something like: > > access-list 1 permit 0.0.0.0 > > I remember doing some edit where I highlighted it.. guess I must've deleted > it. good catch Sean! > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43487&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Immdeiate Assistance is Reaquired! [7:43449]
Hey Paul... any idea why this is happening? Anything enclosed in a less than sign and a greater than sign dissapears from the post upon posting I'm using Outlook Express Version 5.00. I'll try from the web forum Mike W. "Michael L. Williams" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Get this... > > in both my posts (I went and checked my sent items) contained the phrase "ip > of proxy" surrounded by a "less than sign" and a "greater than sign" (I > type this out, because what' happening is that everything between the > greater than and less than signs is being dropped from my post > > My original post read: (I'm going to replace the greater than and less than > signs with % so it won't get filtered) > > Router(config)#access-list 1 permit %ip of proxy% 0.0.0.0 > Router(config)#interface Fast0 > Router(config-if)#ip access-group 1 in > > The same thing happened in that last post.. I'm going to put the > sentence "The quick fox jumped over the lazy dog" with every other word in > "" > > The fox over lazy > > I wonder if putting it in quotes makes a difference... > > "The fox over lazy " > > This is really weird. > > Mike W. > > > "Michael L. Williams" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > "Sean Knox" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > It should be blatantly obvious (to Cisco people anyway), but make sure > you > > > replace the 0.0.0.0 with the address of your proxy server. :) 0.0.0.0 > > > equates to "any host." > > > > heh I remember typing something like: > > > > access-list 1 permit 0.0.0.0 > > > > I remember doing some edit where I highlighted it.. guess I must've > deleted > > it. good catch Sean! > > > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43488&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Immdeiate Assistance is Reaquired! [7:43449]
"Sean Knox" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It should be blatantly obvious (to Cisco people anyway), but make sure you > replace the 0.0.0.0 with the address of your proxy server. :) 0.0.0.0 > equates to "any host." heh I remember typing something like: access-list 1 permit 0.0.0.0 I remember doing some edit where I highlighted it.. guess I must've deleted it. good catch Sean! Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43479&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Immdeiate Assistance is Reaquired! [7:43449]
Minor quibbles/comments, see inline > > 1-We just want that no user traffic should directly go to > router and only > > the traffic that is coming through Proxy Server should > reach the router. > > Router(config)#access-list 1 permit 0.0.0.0 > Router(config)#interface Fast0 > Router(config-if)#ip access-group 1 in > > This would only allow traffic coming from the proxy server to > be allowed > into the router via the FastEthernet... modify as needed. It should be blatantly obvious (to Cisco people anyway), but make sure you replace the 0.0.0.0 with the address of your proxy server. :) 0.0.0.0 equates to "any host." > > 3- We want to stop Telnet. No ne should be able to telnet > it. We only want > > to configure router through Console Port. > > The easiest way to prevent telnet access to the router is to > simply not > assign a password (or remove an existing password) on the VTY > lines. I see > in your config you have a password on the VTY lines. Remove > it like so: > > Router(config)#line vty 0 4 > Router(config-line)# no password > I agree this is the easiest way to simply disable telnet, but for security purposes, I would instead use another ACL to block - it's better than some random person being able to identify your Cisco router immediately from the "No password" dialog... of course with some additional knowledge of IP and Cisco, one can determine it's a Cisco router, but at least this stops casual users. Plus, with an open port (i.e., Telnet=23), a port scan could perform some OS fingerprinting and other recon on your box. Here's an example... blocked internal LAN access to the telnet as well as outside with this. Router(config)access-list 100 deny any eq telnet Router(config)access-list 100 permit 10.1.1.1 <--- Proxy server ip Router(config-if)#ip access-group 100 in <--- LAN interface Router(config)access-list 101 deny any eq telnet Router(config)access-list 101 permit any any Router(config-if)#ip access-group 101 in <--- WAN interface Simple, but works. Sean Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43467&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Immdeiate Assistance is Reaquired! [7:43449]
Comments inline "a. ahmad" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear Members, > > We have 2620 router with Fastethenet port and a Serial Interface. > > 1-We just want that no user traffic should directly go to router and only > the traffic that is coming through Proxy Server should reach the router. Setup an inbound access list on the Fastethernet interface. here's a simple example: Router(config)#access-list 1 permit 0.0.0.0 Router(config)#interface Fast0 Router(config-if)#ip access-group 1 in This would only allow traffic coming from the proxy server to be allowed into the router via the FastEthernet... modify as needed. > 2- We want to to stop ping as no one should be able to ping us from outside > network and may not chock our bandwidth. Although you can stop an incoming ping with an inbound access list on the serial interface, nothing you can do on that router can stop someone from at least sending pings (or any other unwanted traffic) to your router and using your bandwidth. The best you can do is to block the unwanted traffic where it comes in. > 3- We want to stop Telnet. No ne should be able to telnet it. We only want > to configure router through Console Port. The easiest way to prevent telnet access to the router is to simply not assign a password (or remove an existing password) on the VTY lines. I see in your config you have a password on the VTY lines. Remove it like so: Router(config)#line vty 0 4 Router(config-line)# no password If you try to telnet to it, you will see the following: AnotherRouter#telnet 10.1.1.1 Trying 10.1.1.1 ... Open Password required, but none set [Connection to 10.1.1.1 closed by foreign host] AnotherRouter# Hope this helps! Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43457&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Immdeiate Assistance is Reaquired! [7:43449]
Dear Members, We have 2620 router with Fastethenet port and a Serial Interface. 1-We just want that no user traffic should directly go to router and only the traffic that is coming through Proxy Server should reach the router. 2- We want to to stop ping as no one should be able to ping us from outside network and may not chock our bandwidth. 3- We want to stop Telnet. No ne should be able to telnet it. We only want to configure router through Console Port. How can we accomplish these task? The current configuration is provided below. Thank You In Advance! Ahmad .. ip subnet-zero ! no ip finger ! interface FastEthernet0/0 ip address x.x.x.x 255.255.255.248 secondary (Proxy IP) ip address x.x.x.x 255.255.255.240 (Gateway IP) speed 100 full-duplex ! interface Serial0/0 bandwidth 256 no ip address ip accounting output-packets encapsulation ppp shutdown no fair-queue ! interface BRI0/0 no ip address shutdown ! interface Serial0/1 bandwidth 256 ip address x.x.x.x 255.255.255.252 ip access-group 109 in encapsulation ppp no keepalive ! ip classless ip route 0.0.0.0 0.0.0.0 x.x.x.x ip route x.x.x.x 255.255.255.128 x.x.x.x (reverse path for user traffic) no ip http server ! access-list 108 permit ip x.x.x.x 0.0.0.15 any log access-list 108 permit ip host x.x.x.x any access-list 108 permit ip host x.x.x.x any access-list 109 permit icmp any any echo-reply access-list 109 deny icmp any any access-list 109 deny tcp any any eq telnet access-list 109 deny udp any any eq tftp access-list 109 permit ip any any ! line con 0 password ... transport input none line aux 0 line vty 0 password ... login ! End Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43449&t=43449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
