*****************************************************************

Configurar Lista de Permitir/Denegar las ip LAN para navegar con un puerto deter
minado
*****************************************************************
Usar segun criterio los comandos segun necesidad del cliente
Comando:
no access-list 101 permit udp host 10.253.106.50 eq 80 any
no access-list 101 deny udp any eq 80 any
*****************************************************************
interface ATM0.1 point-to-point
pvc 8/60
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.253.106.252 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1360
hold-queue 100 out
!
interface Dialer0
ip address 190.41.243.40 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1360
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname plaa7@speedyplus
ppp chap password 0 plaa7
ppp pap sent-username plaa7@speedyplus password 0 plaa7
!
router rip
version 2
network 10.0.0.0
network 172.17.0.0
no auto-summary
!

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.253.106.170 85 190.41.243.40 85 extendable
ip nat inside source static udp 10.253.106.170 85 190.41.243.40 85 extendable
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.253.106.0 0.0.0.255
access-list 101 permit udp host 10.253.106.50 eq 80 any (permite que la direccio
n ip 10.253.106.50 tenga unicamente salida al puerto 80)
(si lo negamos esto indicaria qu
e va a poder navegar sin restricciones)
access-list 101 deny udp any eq 80 any
dialer-list 1 protocol ip permit
snmp-server community T9G7E RO
snmp-server trap-source Vlan1
snmp-server host 1.1.1.1 T9G7E
tacacs-server host 200.121.63.99 key gics
tacacs-server timeout 3
!
control-plane
!
banner motd ^CCCCC
------------------------------------PLASTICA
------------------------------------CA 16 120 LIMA SAN MIGUEL
TELEFONO 2647803 ORDEN 2460
-----------------------------------^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
password telefonica
!
scheduler max-task-time 5000
end
PLASICA_CAB#config term
Enter configuration commands, one per line. End with CNTL/Z.
PLASICA_CAB(config)#no access-list 101 permit udp host 10.253.106.50 eq 80 any
PLASICA_CAB(config)#no access-list 101 deny udp any eq 80 any
PLASICA_CAB(config)#end
PLASICA_CAB#wr
Building configuration...
[OK]
PLASICA_CAB#show run
Building configuration...
Current configuration : 3895 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption
!
hostname PLASICA_CAB
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable password telefonica
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
aaa session-id common
!
!
dot11 syslog
!
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name vpn_telefonica.com
ip name-server 200.48.225.130
ip name-server 200.48.225.146
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key plastica address 0.0.0.0 0.0.0.0
crypto isakmp identity hostname
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set ROUTER_MC_Default-Strong-TS esp-3des esp-sha-hmac
!
crypto ipsec profile ROUTER_MC_Default-Tunnel
set transform-set ROUTER_MC_Default-Strong-TS
!
!
archive
log config

hidekeys
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 172.17.124.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 360
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1360
no ip split-horizon
no ip mroute-cache
delay 1000
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 1
tunnel path-mtu-discovery
tunnel protection ipsec profile ROUTER_MC_Default-Tunnel
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/60
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.253.106.252 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1360
hold-queue 100 out
!

interface Dialer0
ip address 190.41.243.40 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1360
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname plaa7@speedyplus
ppp chap password 0 plaa7
ppp pap sent-username plaa7@speedyplus password 0 plaa7
!
router rip
version 2
network 10.0.0.0
network 172.17.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.253.106.170 85 190.41.243.40 85 extendable
ip nat inside source static udp 10.253.106.170 85 190.41.243.40 85 extendable
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.253.106.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community T9G7E RO
snmp-server trap-source Vlan1
snmp-server host 1.1.1.1 T9G7E
tacacs-server host 200.121.63.99 key gics
tacacs-server timeout 3
!
control-plane
!
banner motd ^CCCCC
------------------------------------PLASTICA
------------------------------------CA 16 120 LIMA SAN MIGUEL
TELEFONO 2647803 ORDEN 2460
-----------------------------------^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
password telefonica
!
scheduler max-task-time 5000

end
PLASICA_CAB#
PLASICA_CAB#show run
*****************************************************************
*****************************************************************