Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1843
Views
0
Helpful
2
Replies

2811 Router IOS Firewall

dspdss
Level 1
Level 1

‎03-20-2009 08:06 AM - edited ‎03-11-2019 08:07 AM

I have a 2811 Router running 12.4.19 with the IOS Firewall feature set. My question is whether to use the CBAC or Zone-based method of deployment. I have 12 VLANs (wired and wireless) off one FE interface that will need a minimum of three different security levels. In addition there two WAN interfaces (T1 primary and ISDN backup). The future plans include replacing the ISDN backup with an GRE IPSEC VPN off the second FE interface and also creating additional security levels within the wired and wireless VLANs.

Labels:
0 Helpful
2 Replies 2

vmoopeung
Level 5
Level 5

‎03-26-2009 06:47 PM

I think you can configure CBAC. The Context-Based Access Control (CBAC) feature of the Cisco IOS Firewall Feature Set actively inspects the activity behind a firewall. CBAC specifies what traffic needs to be let in and what traffic needs to be let out by using access lists (in the same way that Cisco IOS uses access lists). However, CBAC access lists include ip inspect statements that allow the inspection of the protocol to make sure that it is not tampered with before the protocol goes to the systems behind the firewall.

0 Helpful

roshan.maskey
Level 1
Level 1

‎04-06-2009 06:13 AM

Hi,

I would recommend using Zone-Based Firewall. ZFW has more flexibility in inspecting traffic that CBAC FW. ZFW is based on security zone, where as CBAC is associated to interface.

In simple context, ZFW is like extended acl and CBAC is like standard acl.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card