Re: ios firewall

jamespark · ‎07-16-2001

What are basic commands to config on 1720 router to act as firewall.

Network is like this .

We got one routable ip address from ISP. 1720 router would be connected to ISP with e1 leased line. has one ethernet connected to internal network. Also has IOS firewall feature set on it. Would like to know what are the basic commands we need to config so it will do NAT and also block traffic from out side. And what are the basic test steps we should perform to know that firewall is config perfectly.

kcgeorge · ‎07-18-2001

You could try to configure your Serial interface as "ip nat outside" and your Ethernet I'face as "ip nat inside". Have the standard access-list in place so that your internal LAN can access the outside.

Also, would be using a single global valid IP address for the translation ? If that's the case, you need to consider the probability of NAT failing.Try to use a scope of valid addresses for the NAT.

ali-franks · ‎08-28-2001

use IP NAT OUTSIDE on E1 port,IP NAT IN on Ethernet port. Standard access list to define and allow subnet that will be translated. Enter "ip nat inside source list 1 interface dialer0 overload" to allow PAT and multiple inside local addresses to translate to the valid IP address

Use this link for the CBAC configuration:

http://www.cisco.com/warp/public/793/ios_fw/cbac2.html

Ali

dtodd · ‎08-28-2001

I would start here. It's some good reading eventhough it's for other platforms the idea is basicly the same.

Good luck.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_4/msfc/acc_list.htm

http://www.cisco.com/warp/public/110/32.html

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm