Re: 2900 router firewall configuration question

kmigmar805 · ‎11-06-2010

Hello,

I am sorry if I am asking a newbie question. I am trying to setup a firewall on our CISCO 2911 router. It has only 3 ports one of which is used for management only purpose. The other two ports are setup as follows:

ISP

|

router 1 -CISCO 2911

-----------------------------------------------------------------------------------------------

Interface e0/0 - (IP Unnumbered using PPPoE associated with Dialer0)

Interface e0/1 – ( this address is shared by the IP unnumbered interface) - Public IP (222.222.222.22)

-----------------------------------------------------------------------------------------------

|

router 2 with NAT - Public IP (222.222.222.23)

|

LAN

==================================

I tested two ways of firewall zone setup on the Router 1 Cisco 2911 IOS based Firewall:

A.

Outside zone member: 1. interface e0/0 ( Dialer0 )

Inside zone member: e0/1

Then there is no connection to internet even if all Access rules from inside to outside are all set to Allow. No other ACL is associated with the any of the interfaces.

B.

Outside zone members: 1. interface e0/0 ( Dialer0 ) and 2. interface e0/1

Inside zone member: e0/3 (management only)

Internet connection is Ok. But this setup is the same as having no firewall, isn't it?

Please advice me how it should be properly setup.

Thank you so much!

Jitendriya Athavale · ‎11-06-2010

you should set it up the way you did in step 1

i am not sure how you have set it up but for internet access just match tcp, udp, dns,icmp protocol and inspect them

yuou can paste the config if you want to so that i can take a look at it and comment

cadet alain · ‎11-06-2010

I think your outside interface should be your dialer interface and not your physical ethernet interface that's why it isn't working because the dialer interface is not a member of any zone and you can't communicate between a zone member and a non zone member.

Don't forget to rate helpful posts.