Hi
I have a Cisco 887 router up and running however it is currently wide open on the internet due to no access list or ZBF config.
I have tried to use CCP to configure the firewall which works fine however the default options in the wizard look messy and I want to build the rules from scratch.
Dialer0 set as WAN zone
VLAN1 set as LAN zone
Outbound policy map has a match class map called Outbound map with the usual, http, https, dns, included.
When I create the zone pair of LAN to WAN to use the policy the outbound rules work.
How can i now secure the router from the outside as when I ping the router's Dialer0 IP address it responds. I want to stop it from responding.using the ZBF.
Thanks
Mark
Hi,
You need to create a SELF zone and create a policy between WAN zone and SELF zone which denies all traffic. You control traffic to the router using the SELF zone.
Thanks
John
Hi John
Thanks for the point in direction. I will take another go at it following your advice.
Mark
Hi John
Thanks for the tip. It seemed to work when I set the self zone to use default class drop with WAN to self. I had to add another rule for self to wan to inspect tcp and udp as well but it all seems to work how I would like it.