The following commands set up the connection to the internal LAN. NAT is enabled, and it uses
access-group e0in for traffic coming in (to the router) from the internal LAN.
interface Ethernet0/0
!
•
•
•
®
Inter-Tel
5000 Installation Manual – Issue 2.4, May 2008
description Internal LAN
ip address 192.168.1.1 255.255.255.0
ip access-group e0in in
ip nat inside
ip inspect inspector in
The following section defines the access control list (the rules) for traffic coming from the
internal LAN into the router. As a general rule here, you want to allow about everything to
go out from a trusted LAN.
! Access Control List e0in
!
ip access-list extended e0in
permit ip 192.168.1.0 0.0.0.255 any
deny
ip any any
The following section sets up the connection to the Internet. NAT is enabled between the
Internet and the internal LAN. Traffic from the Internet is filtered using the access-group
called Internet.
interface Serial0/0
description connected to Internet
ip address 208.13.17.33 255.255.255.252
ip access-group s0in in
ip nat outside
The following section defines the access control list (the rules) for traffic coming from the
Internet to either the Internal LAN or the DMZ. This is the first line of defense, so you want
to filter as much as possible. Responses to communications initiated from inside (for
example, http request for a web page) are controlled by the firewall functionality through
dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.13.17.2 eq 5566
permit udp any host 208.13.17.2 eq 5567
permit udp any host 208.13.17.2 range 6004 6247
deny
ip any any
Appendix B: Network IP Topology
Private Network With Near-end NAT Traversal
Page B-23