1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 520-T1 - Small Business Pro SR Secure Router
  6. Software configuration manual

Configuration Example - Cisco 520-T1 - Small Business Pro SR Secure Router Software Configuration Manual

Software guide
Hide thumbs
Table of Contents

Advertisement

Chapter 8
Configuring a Simple Firewall
Command
Step 4
interface type number
Example:
Router(config)# interface fastethernet 4
Router(config-if)#
Step 5
ip access-group {access-list-number |
access-list-name}{in | out}
Example:
Router(config-if)# ip access-group 103 in
Router(config-if)#
Step 6
exit
Example:
Router(config-if)# exit
Router(config)#

Configuration Example

A telecommuter is granted secure access to a corporate network, using IPsec tunneling. Security to the
home network is accomplished through firewall inspection. The protocols that are allowed are all TCP,
UDP, RTSP, H.323, NetShow, FTP, and SQLNet. There are no servers on the home network; therefore,
no traffic is allowed that is initiated from outside. IPsec tunneling secures the connection from the home
LAN to the corporate network.
Like the Internet Firewall Policy, HTTP need not be specified because Java blocking is not necessary.
Specifying TCP inspection allows for single-channel protocols such as Telnet and HTTP. UDP is
specified for DNS.
The following configuration example shows a portion of the configuration file for the simple firewall
scenario described in the preceding sections.
!
! Firewall inspection is set up for all TCP and UDP traffic as well as
! specific application protocols as defined by the security policy.
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
!
interface vlan 1! This is the internal home network.
ip inspect firewall in ! Inspection examines outbound traffic.
!
interface fastethernet 4! FE4 is the outside or Internet-exposed interface.
! acl 103 permits IPsec traffic from the corp. router
! as well as denies Internet-initiated traffic inbound.
ip access-group 103 in
OL-14210-01
no cdp enable
Purpose
Enters interface configuration mode for the
outside network interface on your router.
Assigns the defined ACLs to the outside
interface on the router.
Returns to global configuration mode.
Cisco Secure Router 520 Series Software Configuration Guide
Configuration Example
8-5
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco 520-T1 - Small Business Pro SR Secure Router

Related Content for Cisco 520-T1 - Small Business Pro SR Secure Router

This manual is also suitable for:

Esw-520-24-k9Esw-520-24p-k9Esw-520-48p-k9Ws-ce520-24lc-k9Ws-ce520-24tt-k9Ws-ce520-8pc-k9 ... Show all

Table of Contents