11-05-2020 08:28 AM
Hello,
Can anyone give me a advice of how can I secure my intranet ?
I have a router cisco 2611xm with the advsecurity IOS and a switch, I don't have a firewall,
From what I find on the internet after few days of search the one thing left is to use ACL, can someone help me in this way.
What I are my targes:
1) block all ports from outside to access the inside network, except few like 80, 443, 22
2) don't let my inside subnets to go outside
3) make the router secure
11-05-2020 09:21 AM
1. Best approach is from outside to inside - Allow only required port like 80 443 22 for the destination host inside ( either you can use NATing with external IP with Internal IP)
2. From Inernal to outside, you going to deploy NAT, since internal users required to use Internet isn't it ?
3. create a ACL to allow only certain IP address to have a access your device. and use SSH ( disable telnet)
11-05-2020 12:02 PM
hey
1. Best approach is from outside to inside - Allow only required port like 80 443 22 for the destination host inside ( either you can use NATing with external IP with Internal IP)
The ACL rule look like this ?
ip access-list extended the_name
->permit tcp any 172.16.30.160 0.0.0.15 eq 443
->permit tcp any 172.16.30.160 0.0.0.15 eq 80
->permit tcp any 172.16.30.160 0.0.0.15 eq 22
->deny ip any any
and set on the dialer or the interface (in my case the ISP interface is f0/0) ?
2. From Inernal to outside, you going to deploy NAT, since internal users required to use Internet isn't it ?
Just on subnet can access internet an the rest I want to block
11-05-2020 02:07 PM
How big is the internet feed?
2611xm is not just old but this particular model will not be able to support >5 Mbps of traffic.
11-05-2020 09:20 PM
hey,
300 mb/s the interface f0/0 is 10/100
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: