Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
3
Replies

891 Router config help

jeclutterbuck
Level 1
Level 1

‎11-30-2011 06:11 PM - edited ‎03-11-2019 02:57 PM

Hello all,

I'm very very new to cisco IOS and could use assistance/enlightenment with it and how it works.

In comparing the 891 (IOS 15.1) firewalling/security features to that of the small business routers, how does one go about setting up the same basic firewall attributes? 

with the small business line, you have simple "enable/disable: SPI, DOS, Block WAN request, etc..."

how do you go about enabling those same simple things in this router, in particular the "Block WAN request"?

before i go getting really granular with the security, i'd like it so that if the ISP pings me, they don't get a response, and same with anyone who pings me for that matter..

Thanks in advance!

-Jeff

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-30-2011 08:16 PM

Well, It is really complicated to say "Basic security". There are 2 types of Firewall that you can configure using IOS, one is CBAC and the other one (little bit more complicated) called Zone based firewall. First you need to know what services are permitted from inside to outside and from outside to inside and so on....

Here are a couple of documents that may help you to sort this out,

Cbac

www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080094e8b.shtml

Zone based

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html

If you put what services you need to allow for both directions, I may be able to give you some config so you can check it and apply it to your routers.

Mike

Mike
0 Helpful

jeclutterbuck
Level 1
Level 1
In response to Maykol Rojas

‎12-02-2011 07:43 PM

Hey Mike,

Thanks for the response! 

I'm sorry to say but I'm very very novice with cisco and while i sorta get the point of cbac and zone based firewalls, i don't know enough at the moment to get really granular with them.

I have an 891 router which i need to put into service at home because I'm changing service providers and the new one will need the gigabit wan port.

currently i have a simple rv042 v3 router for firewall duties.  I have dhcp on it disabled because my switch (SG300) handles everything on the vlan side of things.   so as i said, the router just handles firewalling, thats it..

on the RV042, the only firewall services that are active are: SPI, DoS, and Block WAN Request.

I just want to enable those same simple things on the 891.  I figure SPI will be more involved, and i see the documentation on it is out there to follow, but i haven't seen anything on "Block WAN Request" specifically. 

I basically (for starters) just want to have it so that if someone pings the wan ip address from outside, i don't want it to respond. 

I don't need anything absolutely crazy, i just want to have the same basic, simple firewalling that the RV042 does, on my 891.

Hope that explains things better.

Thanks for your time!

-Jeff

0 Helpful

jeclutterbuck
Level 1
Level 1
In response to Maykol Rojas

‎12-02-2011 07:58 PM

heres a bit of additional info to clear things up.

the following are the firewall settings on my RV042:

I haven't added any of my own access rules to the rv042, and i disabled DMZ and the 2nd WAN port because I have no use for them.

it's all really simple and it's just what i need at the moment.

I hope this further clarifies what I'm looking for.

Thanks again!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card