cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
310
Views
0
Helpful
4
Replies
Highlighted

Advice of secure my intranet

Hello,

 

Can anyone give me a advice of how can I secure my intranet ?

 

I have a router cisco 2611xm with the advsecurity IOS and a switch, I don't have a firewall,

 

From what I find on the internet after few days of search the one thing left is to use ACL, can someone help me in this way.

 

What I are my targes:

 

1) block all ports from outside to access the inside network, except few like 80, 443, 22

 

2) don't let my inside subnets to go outside

 

3) make the router secure

4 REPLIES 4
Highlighted
VIP Expert

1. Best approach is from outside to inside - Allow only required port like 80 443 22 for the destination host inside ( either you can use NATing with external IP with Internal IP)

 

2. From Inernal to outside, you going to deploy NAT, since internal users required to use Internet isn't it ?

 

3. create a ACL to allow only certain IP address to have a access your device. and use SSH ( disable telnet)

 



BB


*** Rate All Helpful Responses ***

Highlighted

hey

 

1. Best approach is from outside to inside - Allow only required port like 80 443 22 for the destination host inside ( either you can use NATing with external IP with Internal IP)

 

The ACL rule look like this ?

ip access-list extended the_name

->permit tcp any 172.16.30.160 0.0.0.15 eq 443

->permit tcp any 172.16.30.160 0.0.0.15 eq 80

->permit tcp any 172.16.30.160 0.0.0.15 eq 22

->deny ip any any 

 

and set on the dialer or the interface (in my case the ISP interface is f0/0) ?

 

 

2. From Inernal to outside, you going to deploy NAT, since internal users required to use Internet isn't it ?

 

Just on subnet can access internet an the rest I want to block

 

 

Highlighted
Hall of Fame Community Legend

How big is the internet feed? 

2611xm is not just old but this particular model will not be able to support >5 Mbps of traffic.   

Highlighted

hey,

 

300 mb/s the interface f0/0 is 10/100

Content for Community-Ad