Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1089
Views
5
Helpful
4
Replies

Cisco IOS Firewall

haithamnofal
Level 3
Level 3

‎07-04-2007 07:33 AM - edited ‎03-11-2019 03:40 AM

Hi,

I am wondering whether ISR or any other routers with IP base IOS (i.e. not with Security Bundles), support CBAC ACL or stateful Firewalling? Or is it a must to go for the Security bundles in order to implement stateful firewalling in my router?

Regards,

Haitham

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎07-04-2007 08:42 AM

Hi Haitham

Unfortunately no, AFAIK the IP base version does not support CBAC. The best palce to check all the IOS versions for all routers is with Cisco's "Feature Navigator".

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

HTH

Jon

0 Helpful

haithamnofal
Level 3
Level 3
In response to Jon Marshall

‎07-04-2007 09:23 AM

Thanks Jon.. So, just to confirm the ACL available in IP Base IOS versions is just normal ACL which doesn't maintain the state of the connections. Please correct me if I am wrong.

Regards,

Haitham

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to haithamnofal

‎07-04-2007 10:08 AM

Haitham

Yes the acl in IP base will be normal acl. The way to tell is from config mode on the router

router(conf t)# ip inspect ?

If it says unknown command then you don't have CBAC.

There is of course the "established" keyword you can use with acl's which gives a semblance of connection state but it is far from a stateful firewall.

HTH

Jon

johnd2310
Level 8
Level 8
In response to Jon Marshall

‎07-04-2007 02:09 PM

Hi Haitham,

You could also look at reflexive access lists.

Thanks

John

**Please rate posts you find helpful**
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card