[nsp] RE: IOS Firewall Issues
Nicholas R. Ianelli
xtreme at erie.net
Tue Apr 8 15:24:47 EDT 2003
Dan -
You will need to download the Cisco IOS Firewall Feature set for each
router you wish to configure it on (IP/FW/IDS). You should be able to
locate sample configs by searching for CBAC on Cisco's site.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note
09186a0080094e8b.shtml
In addition, you will want to limit the amount of traffic you inspect.
If you inspect to much, you can actually trick the router to thinking it
is under attack and it will deny that traffic access.
Nick
Nicholas Ianelli - CCNA
Network Operations Engineer
Stargate Industries
412.316.7875 (V)
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Wilson, Dan
Sent: Tuesday, April 08, 2003 1:33 PM
To: Wilson, Dan; 'cisco-nsp at puck.nether.net'
Subject: [nsp] RE: IOS Firewall Issues
Ok, I'm assuming I will need to employ CBAC. How would one employ this,
i.e. does anyone have a link to a sample config? Rob Thomas maybe??
I have a couple of questions regarding IOS Firewall.
Am I correct in assuming it *does* stateful?
How would I view the state tables?
How would I determine what traffic is allowed inbound??
And
How, exactly, would I set rules on what would be allowed inbound?
I'm running 7140, 7206, 3640 and 2621's all running 12.2(8)T, which I
Switched to in order to run encrypted traffic over GRE tunnels, so
That I could change routes if tunnel connections weren't working.
Any ideas would be appreciated.
Thanks.
Dan
dan.wilson at transamerica.com
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list