Cable modem configuration in cisco routers.

Router> ena
Router# config t
Router(config)# no logging console ! Suppress console messages
Router(config)# no cdp run ! Disable Cisco discovery protocol
Router(config)# hostname lab-r1
lab-r1(config)# ip domain-name test.net ! Your domain name
lab-r1(config)# int vlan1
lab-r1(config-if)# descr LAN switch ports on inside interface
lab-r1(config-if)# ip address 192.168.1.1 255.255.255.0 ! Private IP address
lab-r1(config-if)# no ip unreachables
lab-r1(config-if)# no ip redirects
lab-r1(config-if)# no ip proxy-arp
lab-r1(config-if)# ip virtual-reassembly
lab-r1(config-if)# no shut
ab-r1(config-if)# int fa4
lab-r1(config-if)# descr WAN interface to ISP using a STATIC IP
lab-r1(config-if)# ip address 66.238.5.254 255.25.255.0 ! Static IP from your ISP
lab-r1(config-if)# duplex auto
lab-r1(config-if)# speed auto
lab-r1(config-if)# no ip unreachables
lab-r1(config-if)# no ip redirects
lab-r1(config-if)# no ip proxy-arp
lab-r1(config-if)# ip virtual-reassembly
lab-r1(config-if)# no shut
lab-r1(config-if)# exit
lab-r1(config)# ip route 0.0.0.0 0.0.0.0 66.238.5.1 ! Provided by ISP (Gateway)
lab-r1(config)# ip name-server 66.238.5.2 66.238.5.3 ! Provided by ISP
lab-r1(config)# enable secret MyPass ! Privileged EXEC mode password
lab-r1(config)# user Admin privilege 15 secret MyPass ! Telnet user name and pass
lab-r1(config)# line vty 0 4 ! Telnet virtual terminal
lab-r1(config-line)# login local
  • SMTP (25),
  • HTTP (80),
  • HTTPS (443),
  • Remote Web Workplace (4125),
  • PPTP (1723).
lab-r1(config)# ip access-list extended NAT-ACL
lab-r1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 any ! All local hosts
lab-r1(config-ext-nacl)# exit
lab-r1(config)# ip nat inside source list NAT-ACL interface fa4 overload
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 25 int fa4 25
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 80 int fa4 80
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 443 int fa4 443
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 4125 int fa4 4125
lab-r1(config)# ip nat inside source static tcp 192.168.1.2 1723 int fa4 1723
lab-r1(config)# int vlan1 ! Your LAN switch port
lab-r1(config-if)# ip nat inside
lab-r1(config-if)# int fa4 ! Your WAN port
lab-r1(config-if)# ip nat outside
lab-r1(config-if)# exit
lab-r1(config)# ip inspect name IPFW tcp
lab-r1(config)# ip inspect name IPFW udp
lab-r1(config)# ip inspect name IPFW cuseeme
lab-r1(config)# ip inspect name IPFW ftp
lab-r1(config)# ip inspect name IPFW tftp
lab-r1(config)# ip inspect name IPFW rcmd
lab-r1(config)# ip inspect name IPFW realaudio
lab-r1(config)# ip inspect name IPFW smtp
lab-r1(config)# ip inspect name IPFW h323
lab-r1(config)# ip inspect name IPFW sqlnet
lab-r1(config)# ip inspect name IPFW streamworks
lab-r1(config)# ip inspect name IPFW vdolive
lab-r1(config)# ip inspect name MAIL-FW smtp
lab-r1(config)# int fa4 ! Your WAN interface
lab-r1(config-if)# ip inspect IPFW out ! Apply CBAC to WAN interface out
lab-r1(config-if)# ip inspect MAIL-FW in ! Apply CBAC EIE to WAN interface in
lab-r1(config-if)# exit
lab-r1(config)# ip dhcp pool MYNET
lab-r1(dhcp-config)# network 192.168.1.0 255.255.255.0
lab-r1(dhcp-config)# domain-name geekvenue.net ! Your domain name
lab-r1(dhcp-config)# default-router 192.168.1.1 ! This router's address
lab-r1(dhcp-config)# dns-server 192.168.1.2 ! Your local DNS or ISPs
lab-r1(dhcp-config)# netbios-name-server 192.168.1.2 ! Your WINS (optional)
lab-r1(dhcp-config)# lease 0 2 ! 0 days & 2 hours
lab-r1(dhcp-config)# exit
lab-r1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.25 !Your static IPs
  • SMTP (25),
  • HTTP (80),
  • HTTPS (443),
  • Remote Web Workplace (4125),
  • PPTP (1723).
lab-r1(config)# ip access-list extended IPFW-ACL ! Create a named ACL
!Allow Windows Small Business Server Services
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq smtp ! smtp
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq www ! http
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq 443 ! https
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq 4125 ! MS RWW
lab-r1(config-ext-nacl)# permit tcp any host 66.238.5.254 eq 1723 ! MS PPTP
! Allow Outbound Ping and Traceroute
lab-r1(config-ext-nacl)# permit icmp any any administratively-prohibited
lab-r1(config-ext-nacl)# permit icmp any any echo-reply
lab-r1(config-ext-nacl)# permit icmp any any packet-too-big
lab-r1(config-ext-nacl)# permit icmp any any time-exceeded
lab-r1(config-ext-nacl)# permit icmp any any traceroute
lab-r1(config-ext-nacl)# permit gre any any
lab-r1(config-ext-nacl)# deny ip any any log ! Deny and log ALL traffic
lab-r1(config-ext-nacl)# exit
lab-r1(config)# int fa4 ! WAN interface
lab-r1(config-if)# ip access-group IPFW-ACL in ! ACL on WAN interface
lab-r1(config-if)# exit
lab-r1(config)# ip access-list standard VTY-ACL
lab-r1(config-std-nacl)# permit 192.168.1.0 0.0.0.255 ! All local hosts
lab-r1(config-std-nacl)# exit
lab-r1(config)# line vty 0 4
lab-r1(config-line)# access-class VTY-ACL in
lab-r1(config-line)# login local
lab-r1(config-line)# transport input telnet ssh
lab-r1(config-line)# exit
lab-r1(config)# crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
lab-r1(config)#
lab-r1(config)# service password-encryption
lab-r1(config)# exit
lab-r1# copy run start
Destination filename [startup-config]? {press ENTER}

 by the author.

--

--

--

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Break up Assimbly

Auto Scale Selenium Grid with Runtime Container- Zalenium

Top apps Developed with Flutter.

5 Top advantages of using Golang programming language for Business

Chapter 1 Test-Driven Development

Configuring RAID on AWS EC2

Oracle Connection Manager (CMAN) quick reporting script

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Maciej

Maciej

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

More from Medium

How to: Terraform Locking State in S3

Deploy AWS ECS based Applications without DownTime Using Rollback Methodology

Amazon S3 Storage Classes

CI/CD with Gitlab-CI