07-12-2013 03:15 AM - edited 03-11-2019 07:11 PM
Hi everyone,
I would like to inquire on how to deploy Cisco 2911 ISR routers to act as Firewall to protect segments of my network. We have more than 10 units of the said router on our branch and i would like to ask on how i can make it a Firewall, it is running on IOS with sec/k9 license.
Hope that anyone can help me with my problem.
Thank you very much in advance
Best Regards,
Jayson Cruz
07-22-2013 02:47 PM
Hello Jayson,
Nice to see you again,
To be honest with you I have only played once with the HA configuration on IOS routers,
I will need to sit down and read the documentation again in order to provide you a good feedback, I will try to get 2 routers so I can play with them (If I am able to do it I will get back to u)
Regards
For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/
Cheers,
Julio Carvajal Segura
07-22-2013 05:11 PM
Hello My Friend Julio,
Thanks you very much for your unwavering support.
May I share to you the topology i wish to implement. Cisco 2911 ISR is configured to be redundant during bgp failure and router failure. Would like the Cisco 2911 ISR with IOS Firewall to be HA and mitigate the asymetric routing. The host is redundant via HSRP using subinterface
Again Thank you very much on your support.
Best Regards,
Jayson
07-22-2013 05:22 PM
Hello Jayson,
Yes, the HA topology or feature will look for that particular scenario ( no disruption on the network ) so this is definetly what you need to implement,
For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/
Cheers,
Julio Carvajal Segura
07-22-2013 06:03 PM
Hi Julio,
Thank you! Apparently I dont know how to do it.
Appreciate if you could give me a hand with the set up.
Im very sory for bothering you.
Thanks!
Best Regards,
Jayson
07-22-2013 06:14 PM
Hello Jayson,
I am sorry but at the moment I do not have the time or devices to start a setup like this so I would not be able to do it,
Hopefully someone else can do it,
For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/
Cheers,
Julio Carvajal Segura
07-22-2013 06:23 PM
Hi Julio,
I understand. Thank you very much!
Hope we can talk again someday.
Best Regards,
Jayson
07-22-2013 07:23 PM
Hello Jayson,
I hope the same, have a great day
For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/
Cheers,
Julio Carvajal Segura
07-22-2013 09:14 PM
Hi Evryone,
Can anyone help me with the HA/redundancy issue?
Thanks!
Best Regards,
Jayson
07-30-2013 11:15 PM
Hi everyone!
May i ask if it is possible to block specific udp/tcp ports on ios zone-based firewall?
Thank you very much!
Best Regards,
Jayson
Sent from Cisco Technical Support Android App
07-31-2013 09:48 AM
Hello Jayson,
It is possible, just don't match them with a permit or inspect rule,
I have created some posts on my blog related to ZBFW, go ahead and review them. They will help you.
For Networking Posts check my blog at http://www.laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide