Configuring a Cisco Router for LAN and Internet Connectivity

How to Configure a Cisco Router for LAN and Internet Connectivity

Prev Question Next Question

Question

A router has two interfaces: Ethernet 0 is connected to the LAN and Ethernet 1 is connected to the Internet.

The LAN is 20.20.20.0/24

All hosts on the LAN must be able to form TCP connections to any host on the Internet.

Hosts on the Internet may not form TCP connections to hosts on the LAN, except to port 25 of a mail server on the LAN.

The web server IP address is 20.20.20.100

Which configuration fulfills all the requirements?

Answers

A. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any 20.20.20.0 0.0.0.255 access-list 123 permit tcp any host 20.20.20.100 eq 25

B. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any 20.20.20.0 0.0.0.255 established access-list 123 permit tcp any host 20.20.20.100 eq 25

C. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any host 20.20.20.100 eq 25 access-list 123 deny tcp any 20.20.20.0 0.0.0.255

D. interface ethernet 1 ip access-group 123 in ! access-list 123 deny tcp any 20.20.20.0 0.0.0.255 access-list 123 permit tcp any host 20.20.20.100 eq 25

E. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any host 20.20.20.100 eq 25 access-list 123 permit tcp 20.20.20.0 0.0.0.255 any.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

The correct answer is A.

Explanation:

Option A permits TCP traffic from any source to any IP address on the LAN subnet (20.20.20.0/24) and also permits TCP traffic to port 25 (SMTP) on the mail server (20.20.20.100).

Option B allows TCP traffic from any source to any IP address on the LAN subnet (20.20.20.0/24) only if it is part of an established connection (that is, a response to a previous request). It also permits TCP traffic to port 25 on the mail server (20.20.20.100). This option may not work correctly since some TCP sessions, such as FTP and HTTP, create multiple connections for a single transaction.

Option C permits TCP traffic to port 25 on the mail server (20.20.20.100) and denies all TCP traffic from any source to any IP address on the LAN subnet (20.20.20.0/24). This option does not fulfill the requirement that all hosts on the LAN should be able to form TCP connections to any host on the Internet, except for port 25 on the mail server.

Option D denies TCP traffic from any source to any IP address on the LAN subnet (20.20.20.0/24) and permits TCP traffic to port 25 on the mail server (20.20.20.100). This option does not fulfill the requirement that all hosts on the LAN should be able to form TCP connections to any host on the Internet, except for port 25 on the mail server.

Option E permits TCP traffic to port 25 on the mail server (20.20.20.100) and also permits TCP traffic from any IP address on the LAN subnet (20.20.20.0/24) to any destination on the Internet. This option does not fulfill the requirement that hosts on the Internet may not form TCP connections to hosts on the LAN, except to port 25 of the mail server on the LAN.

Therefore, option A is the correct configuration as it fulfills all the requirements.

Prev Question Next Question