Specifications
Table Of Contents
- Contents
- Preface
- Getting Started
- Basic Router Configuration
- Interface Port Labels
- Viewing the Default Configuration
- Information Needed for Configuration
- Configuring Basic Parameters
- Configuring Static Routes
- Configuring Dynamic Routes
- Configuring Enhanced IGRP
- Basic Router Configuration
- Configuring Your Router for Ethernet and DSL Access
- Sample Network Deployments
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configure the IKE Policy
- Configure Group Policy Information
- Apply Mode Configuration to the Crypto Map
- Enable Policy Lookup
- Configure IPSec Transforms and Protocols
- Configure the IPSec Crypto Method and Parameters
- Apply the Crypto Map to the Physical Interface
- Create an Easy VPN Remote Configuration
- Verifying Your Easy VPN Configuration
- Configuration Example
- Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
- Configuring a Simple Firewall
- Configuring a Wireless LAN Connection
- Sample Configuration
- Configuring Additional Features and Troubleshooting
- Additional Configuration Options
- Configuring Security Features
- Configuring Dial Backup and Remote Management
- Troubleshooting
- Reference Information
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Common Port Assignments
12-2
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 12 Configuring Security Features
Configuring AutoSecure
For information about configuring AAA services and supported security protocols, see the following
sections of the
Cisco IOS Security Configuration Guide:
• Configuring Authentication
• Configuring Authorization
• Configuring Accounting
• Configuring RADIUS
• Configuring TACACS+
• Configuring Kerberos
Configuring AutoSecure
The AutoSecure feature disables common IP services that can be exploited for network attacks and
enables IP services and features that can aid in the defense of a network when under attack. These IP
services are all disabled and enabled simultaneously with a single command, greatly simplifying security
configuration on your router. For a complete description of the AutoSecure feature, see the
“
AutoSecure” feature document.
Configuring Access Lists
Access lists (ACLs) permit or deny network traffic over an interface based on source IP address,
destination IP address, or protocol. Access lists are configured as standard or extended. A standard
access list either permits or denies passage of packets from a designated source. An extended access list
allows designation of both the destination and the source, and it allows designation of individual
protocols to be permitted or denied passage. An access list is a series of commands with a common tag
to bind them together. The tag is either a number or a name.
Table 12-1 lists the commands used to
configure access lists.
Ta b l e 12-1 Access List Configuration Commands
ACL Type Configuration Commands
Numbered
Standard access-list {1-99}{permit | deny} source-addr [source-mask]
Extended access-list {100-199}{permit | deny} protocol source-addr
[source-mask] destination-addr [destination-mask]
Named
Standard ip access-list standard name followed by deny {source |
source-wildcard | any}
Extended ip access-list extended name followed by {permit | deny} protocol
{source-addr [source-mask] | any}{destination-addr
[destination-mask] | any}