I have two offices connected by a leased line. In the head office I have satellite link to ISP. I'm using Cisco 2620 router with three Ethernet and one Serial port. Satellite link is connected to one of the available Ethernet port two different networks are connected to two remaining Ethernet ports and serial port is connected to another router with 64 kbps leased line. In total, I have five different networks with one class A.

My aim is to allow all networks users to access internet except the users on Class A network and for Class A network users I want to allow only e-mail access i.e., pop3 and SMTP should cross and no browsing. Please need your to prepare access-list and nating command.
Thank

    Requires Free Membership to View

you.
As far as an access list for permitting email and nothing else, that's pretty easy, you'll want something like this:

Access-list 100 permit tcp any any eq pop3
Access-list 100 permit tcp any any eq smtp
Access-list 100 permit icmp any any
Access-list 100 deny ip any any

Note that this access list allows ICMP though. This is a critical and often overlooked rule. If you don't allow ICMP, you will break Path MTU Discovery (PMTUD) which will break TCP sessions as well as other things that use large packets. If you want you can refine this to block ping and some other ICMP messages, but whatever you do, make sure you don't block ICMP Can't Fragment messages.

As far as NAT'ing commands, Cisco's NAT functionality can be quite complex depending on exactly what your needs are. Before starting you should take a look at this Cisco bulletin:

http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm

Then work on building your configuration from there once you understand the concepts. It would be impossible to write a configuration for you without knowing a lot more about your network.
(Answered by Brandon Ross, VP of Operations, Sockeye Networks.)

This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: