How Do I Configure A Firewall After I Have Configured A Vpn - Cisco OL-4015-08 User Manual

How Do I...

How Do I Configure a Firewall After I Have Configured a VPN?

Cisco Router and Security Device Manager Version 2.2 User's Guide
5-14
To verify that the connection is working, verify that the interface status is "Up" in
the Interfaces and Connections window.
The following is an exerpt showing the configuration for an ISDN interface on a
Cisco 3620 router:
!
isdn switch-type basic-5ess
!
interface BRI0/0
! This is the data BRI WIC
ip unnumbered Ethernet0/0
no ip directed-broadcast
encapsulation ppp
no ip mroute-cache
dialer map ip 100.100.100.100 name junky 883531601
dialer hold-queue 10
isdn switch-type basic-5ess
isdn tei-negotiation first-call
isdn twait-disable
isdn spid1 80568541630101 6854163
isdn incoming-voice modem
Other configurations are available in the Software Configuration Guide for your
router.
After you have configured the unsupported interface using the CLI, you canuse
SDM to configure the firewall. The unsupported interface will appear as "Other"
in the fields listing the router interfaces.
If a firewall is placed on an interface used in a VPN, the firewall must permit
traffic between the local and remote VPN peers. If you use the Basic or Advanced
Firewall wizard, SDM will automatically permit traffic to flow between VPN
peers.
If you create an access rule in the ACL Editor available in Additional Tasks, you
have complete control over the permit and deny statements in the rule, and you
must ensure that traffic is permitted between VPN peers. The following
statements are examples of the types of statements that should be included in the
configuration to permit VPN traffic:
access-list 105 permit ahp host 123.3.4.5 host 192.168.0.1
access-list 105 permit esp host 123.3.4.5 host 192.168.0.1
Chapter 5 Create Firewall
OL-4015-08