Inter-Tel AXXESS Manual page 1556
Hide thumbs
Also See for AXXESS:
- Administrator's manual (342 pages) ,
- User manual (118 pages) ,
- User manual (58 pages)
Table of Contents
Advertisement
Appendix F – Network Topology
®
®
INTER-TEL
AXXESS
•
•
•
•
•
Page F-26
MANUAL VERSION 11.0 – May 2008
The next section defines the access control list (the rules) for traffic coming from the
internal LAN into the router. As a general rule here, you want to allow about everything
to go out from a trusted LAN.
! Access Control List e0in
!
ip access-list extended e0in
permit ip 192.168.1.0 0.0.0.255 any
deny
ip any any
The next section sets up the connection to the Internet. NAT is enabled between the
Internet and the internal LAN. Traffic from the Internet is filtered using the access-
group called
.
Internet
interface Serial0/0
description connected to Internet
ip address 208.13.17.33 255.255.255.252
ip access-group s0in in
ip nat outside
The next section defines the access control list (the rules) for traffic coming from the
Internet to either the Internal LAN or the DMZ. This is the first line of defense, so you
want to filter as much as possible. Responses to communications initiated from inside
(for example, http request for a Web page) are controlled by the firewall functionality
through dynamic ACLs.
ip access-list extended s0in
permit tcp any host 208.13.17.2 eq 5566
permit udp any host 208.13.17.2 eq 5567
permit udp any host 208.13.17.2 range 5004 5069
deny
ip any any
The next command associates the public address with the IPRC private address. This
creates the "NATed" address. The ISP must be known to send packets for this public IP
to the Axxess system.
ip nat inside source static 192.168.1.2 208.13.17.2
!
Finally, the following commands set up the dynamic NAT configuration to use a pool of
public addresses. This is not specific to this example, but it is included here to contrast
static versus dynamic NAT.
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat pool NatPool0 208.13.17.40 208.13.17.62 netmask
255.255.255.0
ip nat inside source list 1 pool NatPool0 overload
!
Private Network With Near-end NAT Traversal
Advertisement
Chapters
Table of Contents
Troubleshooting
