Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
0
Helpful
1
Replies

Cisco SR520 ADSL router with firewall

michal
Level 1
Level 1

‎03-27-2013 03:47 AM - edited ‎03-11-2019 06:20 PM

Hi All,

I got myself lately Cisco SR520 router with some basic firewall functions built in. This is going to be used for my home broadband, so no need to be really super secure, as it would be for some business. I managed to configure it, however there are few things on the firewall side, which I dont understand.

This router had some default configuraton in it's flash, when I bought it. There are class maps.... I have no idea how it works or how to add/edit rules. Also, do I need to use class maps, or can they be replaced by ACL's to certain extend? If somebody could explain me how to add/edit class maps rules to allow certain port (eg. 3333), that would be great. Please see below part of the default config:

!

class-map type inspect match-any SDM-Voice-permit

match protocol sip

class-map type inspect match-any sdm-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any sdm-cls-insp-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol h323

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all sdm-invalid-src

match access-group 100

class-map type inspect match-all dhcp_out_self

match access-group name dhcp-resp-permit

class-map type inspect match-all dhcp_self_out

match access-group name dhcp-req-permit

class-map type inspect match-all sdm-protocol-http

match protocol http

!

!

policy-map type inspect sdm-permit-icmpreply

class type inspect dhcp_self_out

  pass

class type inspect sdm-cls-icmp-access

  inspect

class class-default

  pass

policy-map type inspect sdm-inspect

class type inspect sdm-invalid-src

  drop log

class type inspect sdm-cls-insp-traffic

  inspect

class type inspect sdm-protocol-http

  inspect

class type inspect SDM-Voice-permit

  pass

class class-default

  pass

policy-map type inspect sdm-inspect-voip-in

class type inspect SDM-Voice-permit

  pass

class class-default

  drop

policy-map type inspect sdm-permit

class type inspect dhcp_out_self

  pass

class class-default

  drop

!

zone security out-zone

zone security in-zone

zone-pair security sdm-zp-self-out source self destination out-zone

service-policy type inspect sdm-permit-icmpreply

zone-pair security sdm-zp-out-self source out-zone destination self

service-policy type inspect sdm-permit

zone-pair security sdm-zp-in-out source in-zone destination out-zone

service-policy type inspect sdm-inspect

zone-pair security sdm-zp-out-in source out-zone destination in-zone

service-policy type inspect sdm-inspect-voip-in

!

Thank you in advance

Labels:
0 Helpful
1 Reply 1

michal
Level 1
Level 1

‎04-02-2013 03:45 AM

Hi,

could somebody help me please?

Thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card