Question : Problem: Can the script for Cisco 827-4V router be changed to allow all traffic through

I wish to reconfigure my Cisco 827-4V router so as to allow all traffic through to my computer that is running Microsoft Small Business Server 2000 and then let ISA do all the security.

The current configuration was used when the router was connected directly to the switch on the internal LAN. The router is now connected to the (new) second NIC of the SBS server for external traffic. The other NIC handles the internal LAN.

Unsolicited Inbound traffic will consist of mail, FTP, and VPN type.

Follows is my current router script. Could this be rewritten to allow all traffic through to the following addresses:

Router External ip address = 215.215.215.215 (say)
Router Internal ip address = 192.168.0.1
ISA ip address = 192.168.0.2

Also could you please confirm the procedure to erase the current configuration and install and save the new configuration.

Thanks

Current configuration:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname
!
enable secret 5 123456789012345678901234567890
!
!
!
!
!
clock timezone NZST 12
clock summer-time NZST recurring 1 Sun Oct 2:00 3 Sun Mar 2:00
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address S> 255.255.255.0
ip access-group 150 in
no ip directed-broadcast
no ip proxy-arp
ip nat inside
no cdp enable
!
interface ATM0
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
hold-queue 224 in
!
interface Dialer0
ip address negotiated
ip access-group 100 in
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username password 7 123456789012345678901234
77
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 110 110 extendable
ip nat inside source static tcp 25 25 extendable
ip nat inside source static tcp DRESS> 20 20 extendable
ip nat inside source static tcp DRESS> 21 21 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
access-list 1 permit 192.168.???.0 0.0.0.255
access-list 100 permit tcp any host eq pop3
access-list 100 permit tcp any host eq smtp
access-list 100 permit tcp host host eq ftp
access-list 100 permit tcp host host eq ftp-data
access-list 100 permit tcp host NER> host eq ftp
access-list 100 permit tcp host NER> host eq ftp-data
access-list 100 permit udp any gt 1023 any eq domain
access-list 100 permit udp any eq domain any gt 1023
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any unreachable
access-list 100 permit tcp any any established
access-list 100 deny ip 192.168.???.0 0.0.0.255 any
access-list 100 permit tcp any host eq ftp
access-list 100 permit tcp any host eq ftp-data
access-list 150 permit ip host any
access-list 150 permit tcp any any eq smtp
access-list 150 permit ip host DRESS> any
dialer-list 1 protocol ip permit
no cdp run
banner motd ^C

Unauthorized Access To This System Is Prohibited
^C
!
line con 0
transport input none
stopbits 1
line vty 0 4
access-class 1 in
password 7 12345678901234567890123456
login
!
scheduler max-task-time 5000
end

Answer : Problem: Can the script for Cisco 827-4V router be changed to allow all traffic through

>It seems to require me to register
Yes, CCO requires you to have a valid maint contract (SmartNet) and a CCO login to download the software.

However, If you are passing the PPTP connection to an internal host (ISA server), then you do not need the upgrade.

Make it simple and setup a single static NAT over to the ISA and let it be your firewall and proxy:

Erase the current config:
Router# write erase
(confirm)
Router# reload
(If prompted to save, say No)

When the router reboots, you will have an opportunity to run an initial setup dialog. I would say No at the prompt.

Then you will have a brand-new blank config to start from scratch

Objectives will be to keep it simple and make it work
> and then let ISA do all the security

service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname
!
enable
!
!
!
!
!
clock timezone NZST 12
clock summer-time NZST recurring 1 Sun Oct 2:00 3 Sun Mar 2:00
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
ip nat inside
no cdp enable
!
interface ATM0
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
hold-queue 224 in
!
interface Dialer0
ip address 215.215.215.215 255.255.255.248 <--whatever is appropriate (or 'negotiated')
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username password
!
! # make a single static NAT map to the ISA server
ip nat inside source static 192.168.0.2 215.215.215.215

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
! # The only access-list is to trigger the dialer
access-list 1 permit 192.168.0.2

banner motd ^C

Unauthorized Access To This System Is Prohibited

^C
!
line vty 0 4
password
!
end

Random Solutions

Problem: VNC Port forwarding for Verizon Fios Westell 9100 EM

Problem: Blank screen after using Asus MyLogo

Problem: Mememory Testing kept running on my computer when it's booting

Problem: voicemail notification icon doesn't disappear when there is no voicemails...

Problem: Lost wireless connection when added loopback adaptor

Problem: What is the difference between IDE,Sata and SAS Hard disks.

Problem: Multiple Access Point Setup

Problem: Lexmark Optra S and HP JetDirect

Problem: installing Edimax EW-7318USg wireless device for Mac

Problem: Is it possible to use Group Policy to prevent ConfigMgr/SMS Remote Tools connections?