Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment815-VPN/K9 - 815 Integrated Services Router
61626364656667686970
Configuring Security Features
Configuring AutoSecure
3
Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide
OL-21850-01
Configuring AutoSecure
The AutoSecure feature disables common IP services that can be exploited for network attacks and
enables IP services and features that can aid in the defense of a network when under attack. These IP
services are all disabled and enabled simultaneously with a single command, greatly simplifying security
configuration on your router. For a complete description of the AutoSecure feature, see the AutoSecure
feature document at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ftatosec.htm.
Configuring Access Lists
Access lists permit or deny network traffic over an interface, based on source IP address, destination IP
address, or protocol. Access lists are configured as standard or extended. A standard access list either
permits or denies passage of packets from a designated source. An extended access list allows
designation of both the destination and the source, and it allows designation of individual protocols to
be permitted or denied passage.
For more complete information on creating access lists, see the Access Control Lists” section of Cisco
IOS Security Configuration Guide: Securing the Data Plane, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/12_4t/
sec_data_plane_12_4t_book.html.
An access list is a series of commands with a common tag to bind them together. The tag is either a
number or a name. Table 1 lists the commands used to configure access lists.
To create, refine, and manage access lists, see the following sections of the Access Control Lists”
section of Cisco IOS Security Configuration Guide: Securing the Data Plane, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/12_4t/
sec_data_plane_12_4t_book.html:
Creating an IP Access List and Applying It to an Interface
Creating an IP Access List to Filter IP Options, TCP Flags, Noncontiguous Ports, or TTL Values
Refining an IP Access List
Displaying and Clearing IP Access List Data Using ACL Manageability
Table 1 Access List Configuration Commands
Access Control List (ACL) Type Configuration Commands
Numbered
Standard access-list {1-99}{permit | deny} source-addr [source-mask]
Extended access-list {100-199}{permit | deny} protocol source-addr
[source-mask] destination-addr [destination-mask]
Named
Standard ip access-list standard name deny {source | source-wildcard | any}
Extended ip access-list extended name {permit | deny} protocol {source-addr
[source-mask] | any}{destination-addr [destination-mask] | any}