Re: Advice of secure my intranet

b2kzone-beniamin · ‎11-05-2020

Hello,

Can anyone give me a advice of how can I secure my intranet ?

I have a router cisco 2611xm with the advsecurity IOS and a switch, I don't have a firewall,

From what I find on the internet after few days of search the one thing left is to use ACL, can someone help me in this way.

What I are my targes:

1) block all ports from outside to access the inside network, except few like 80, 443, 22

2) don't let my inside subnets to go outside

3) make the router secure

balaji.bandi · ‎11-05-2020

1. Best approach is from outside to inside - Allow only required port like 80 443 22 for the destination host inside ( either you can use NATing with external IP with Internal IP)

2. From Inernal to outside, you going to deploy NAT, since internal users required to use Internet isn't it ?

3. create a ACL to allow only certain IP address to have a access your device. and use SSH ( disable telnet)

BB

*** Rate All Helpful Responses ***

b2kzone-beniamin · ‎11-05-2020

hey

1. Best approach is from outside to inside - Allow only required port like 80 443 22 for the destination host inside ( either you can use NATing with external IP with Internal IP)

The ACL rule look like this ?

ip access-list extended the_name

->permit tcp any 172.16.30.160 0.0.0.15 eq 443

->permit tcp any 172.16.30.160 0.0.0.15 eq 80

->permit tcp any 172.16.30.160 0.0.0.15 eq 22

->deny ip any any

and set on the dialer or the interface (in my case the ISP interface is f0/0) ?

2. From Inernal to outside, you going to deploy NAT, since internal users required to use Internet isn't it ?

Just on subnet can access internet an the rest I want to block

Leo Laohoo · ‎11-05-2020

How big is the internet feed?

2611xm is not just old but this particular model will not be able to support >5 Mbps of traffic.

b2kzone-beniamin · ‎11-05-2020

hey,

300 mb/s the interface f0/0 is 10/100