User`s guide
XSR User’s Guide 343
Chapter 13 Configuration Examples
Configuring Security on the XSR
XSR(config-if)#ip address negotiated
XSR(config-if)#ip mtu 1492
XSR(config-if)#ip nat source assigned overload
XSR(config-if)#ppp pap sent-username b1jsSW23 “password is not
displayed”
XSR(config-if)#no shutdown
Attach a static route to the PPPoE interface and add a local IP pool:
XSR(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet2.1
XSR(config)#ip local pool myDhcpPool 10.10.10.0 255.255.255.0
Specify network objects including Mgmt and Ten for SSH and DHCP service:
XSR(config)#ip firewall network INT_NETS 10.10.10.0 mask
10.10.10.255 internal
XSR(config)#ip firewall network MY_EXT 1.0.0.0 255.255.255.254 external
XSR(config)#ip firewall network Mgmt 10.10.10.1 mask
255.255.255.255 internal
XSR(config)#Ip firewall network Ten 10.1.0.0 mask 255.255.0.0 internal
Set the policies and filters allowing Web, DNS, FTP, SSL, and ICMP traffic
between ANY_INTERNAL and ANY_EXTERNAL networks. Also write a
policy for DHCP and SSH access to the XSR. Be sure to install an SSHv2 client
on your connecting PC. Note that policy objects and names are case-sensitive
and you must cite network and protocol names exactly:
XSR(config)#ip firewall policy P_intExtHttp ANY_INTERNAL
ANY_EXTERNAL WWW allow
XSR(config)#ip firewall policy P_intExtDns ANY_INTERNAL
ANY_EXTERNAL DNSUDP allow
XSR(config)#ip firewall policy P_intExtFtp ANY_INTERNAL
ANY_EXTERNAL FTP allow
XSR(config)#ip firewall policy P_intExtHttps ANY_INTERNAL
ANY_EXTERNAL SSL allow
XSR(config)#ip firewall policy adminSSH ANY_INTERNAL Mgmt SSH allow
bidirectional
XSR(config)#ip firewall policy allowDHCP Ten Ten Bootp allow
bidirectional
XSR(config)#ip firewall filter F_ECHO_RESP ANY_EXTERNAL
ANY_INTERNAL protocol-keyword ICMP 0
XSR(config)#ip firewall filter F_ECHO_REQ ANY_INTERNAL ANY_EXTERNAL
protocol-keyword ICMP 8