Cisco 887 Basic Firewall

thesupporthouseptyltd — Mon, 11 Mar 2019 20:36:01 GMT

Hi Guys,

I have setup my Cisco routers to have the following basic configuration:

ip inspect name FIREWALL tcp

ip inspect name FIREWALL udp

ip inspect name FIREWALL icmp

interface Dialer1

ip inspect FIREWALL out

ip access-group FIREWALL-ACL in

ip access-list extended FIREWALL-ACL

permit tcp any any eq 22

permit esp any any

permit udp any any eq isakmp

permit gre any any

deny tcp any any

deny udp any any

deny ip any any

However whilst this allows for a site to site VPN, remote SSH access, and clients to punch a way through the firewall. It is unable to allow the router its self to do a DNS lookup or fetch a new IOS over FTP, how can I allow this through with out opening excess holes that may only be used for such small tasks occasionally.

Also is there anything else I should add to help secure the routers from DOS attacks etc?

Many Thanks!

Re: Cisco 887 Basic Firewall

mirober2 — Fri, 20 May 2011 17:57:49 GMT

Hi Matthew,

The command you're looking for is 'ip inspect name FIREWALL udp router-traffic' for DNS and 'ip inspect name FIREWALL tcp router-traffic' for FTP. This enables the inspection for traffic generated from the router itself.

Hope that helps.

-Mike

topic Re: Cisco 887 Basic Firewall in Network Security

Cisco 887 Basic Firewall

Re: Cisco 887 Basic Firewall