Specifications
Table Of Contents
- Contents
- Preface
- Getting Started
- Basic Router Configuration
- Interface Port Labels
- Viewing the Default Configuration
- Information Needed for Configuration
- Configuring Basic Parameters
- Configuring Static Routes
- Configuring Dynamic Routes
- Configuring Enhanced IGRP
- Basic Router Configuration
- Configuring Your Router for Ethernet and DSL Access
- Sample Network Deployments
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configure the IKE Policy
- Configure Group Policy Information
- Apply Mode Configuration to the Crypto Map
- Enable Policy Lookup
- Configure IPSec Transforms and Protocols
- Configure the IPSec Crypto Method and Parameters
- Apply the Crypto Map to the Physical Interface
- Create an Easy VPN Remote Configuration
- Verifying Your Easy VPN Configuration
- Configuration Example
- Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
- Configuring a Simple Firewall
- Configuring a Wireless LAN Connection
- Sample Configuration
- Configuring Additional Features and Troubleshooting
- Additional Configuration Options
- Configuring Security Features
- Configuring Dial Backup and Remote Management
- Troubleshooting
- Reference Information
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Common Port Assignments
8-3
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 8 Configuring a Simple Firewall
Configure Access Lists
Configure Access Lists
Perform these steps to create access lists for use by the firewall, beginning in global configuration mode:
Configure Inspection Rules
Perform these steps to configure firewall inspection rules for all TCP and UDP traffic, as well as specific
application protocols as defined by the security policy, beginning in global configuration mode:
Command Purpose
Step 1
access-list access-list-number {deny | permit}
protocol source source-wildcard [operator [port]]
destination
Example:
Router(config)# access-list 103 permit host
200.1.1.1 eq isakmp any
Router(config)#
Creates an access list which prevents Internet-
initiated traffic from reaching the local (inside)
network of the router, and which compares
source and destination ports.
See the Cisco IOS IP Command Reference,
Volume 1 of 4: Addressing and Services for
details about this command.
Step 2
access-list access-list-number {deny | permit}
protocol source source-wildcard destination
destination-wildcard
Example:
Router(config)# access-list 105 permit ip
10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
Router(config)#
Creates an access list that allows network traffic
to pass freely between the corporate network
and the local networks through the configured
VPN tunnel.
Command or Action Purpose
Step 1
ip inspect name inspection-name protocol
Example:
Router(config)# ip inspect name firewall tcp
Router(config)#
Defines an inspection rule for a particular
protocol.
Step 2
ip inspect name inspection-name protocol
Example:
Router(config)# ip inspect name firewall rtsp
Router(config)# ip inspect name firewall h323
Router(config)# ip inspect name firewall
netshow
Router(config)# ip inspect name firewall ftp
Router(config)# ip inspect name firewall
sqlnet
Router(config)#
Repeat this command for each inspection rule
that you wish to use.