Specifications
Table Of Contents
- Contents
- Preface
- Getting Started
- Basic Router Configuration
- Interface Port Labels
- Viewing the Default Configuration
- Information Needed for Configuration
- Configuring Basic Parameters
- Configuring Static Routes
- Configuring Dynamic Routes
- Configuring Enhanced IGRP
- Basic Router Configuration
- Configuring Your Router for Ethernet and DSL Access
- Sample Network Deployments
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configure the IKE Policy
- Configure Group Policy Information
- Apply Mode Configuration to the Crypto Map
- Enable Policy Lookup
- Configure IPSec Transforms and Protocols
- Configure the IPSec Crypto Method and Parameters
- Apply the Crypto Map to the Physical Interface
- Create an Easy VPN Remote Configuration
- Verifying Your Easy VPN Configuration
- Configuration Example
- Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
- Configuring a Simple Firewall
- Configuring a Wireless LAN Connection
- Sample Configuration
- Configuring Additional Features and Troubleshooting
- Additional Configuration Options
- Configuring Security Features
- Configuring Dial Backup and Remote Management
- Troubleshooting
- Reference Information
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Common Port Assignments
CHAPTER
8-1
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
8
Configuring a Simple Firewall
The Cisco 1800 integrated services routers support network traffic filtering by means of access lists. The
router also supports packet inspection and dynamic temporary access lists by means of Context-Based
Access Control (CBAC).
Basic traffic filtering is limited to configured access list implementations that examine packets at the
network layer or, at most, the transport layer, permitting or denying the passage of each packet through
the firewall. However, the use of inspection rules in CBAC allows the creation and use of dynamic
temporary access lists. These dynamic lists allow temporary openings in the configured access lists at
firewall interfaces. These openings are created when traffic for a specified user session exits the internal
network through the firewall. The openings allow returning traffic for the specified session (that would
normally be blocked) back through the firewall.
See the Cisco IOS Security Configuration Guide, Release 12.3, for more detailed information on traffic
filtering and firewalls.
Figure 8-1 shows a network deployment using PPPoE or PPPoA with NAT and a firewall.
Figure 8-1 Router with Firewall Configured
121781
2
3
7
5 6
1
4