Re: Secure Cisco 827 Router

dborg · ‎08-27-2006

Hi All

Wanted to secure my router I have set it up with the basic config as supplied by my isp. Wanted to block external telnet and icmp pings. COuld someone suggest how to do or a helpful link.

This is my running-config:

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname mrRouter

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip domain-lookup

ip name-server x.x.x.240

!

bridge irb

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

no keepalive

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5snap

!

bundle-enable

dsl operating-mode auto

bridge-group 1

hold-queue 224 in

!

interface BVI1

ip address x.x.x.114 255.255.255.240

ip nat outside

!

ip nat inside source list 1 interface BVI1 overload

ip nat inside source static tcp 192.168.1.100 80 x.x.x.114 80 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.x.113

no ip http server

!

access-list 1 permit 192.168.1.0 0.0.0.255

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 120 0

logging synchronous

login local

stopbits 1

line vty 0 4

exec-timeout 120 0

login local

!

scheduler max-task-time 5000

end

oszkari · ‎08-28-2006

Hi,

on global conf. mode:

access-list 101 deny tcp any x.x.x.114 0.0.0.0 eq 23

access-list 101 deny icmp any x.x.x.114 0.0.0.0 echo-request

access-list 101 permit ip any any

on the BVI1 interface:

ip access-group 101 in

link about IP access-list configuration:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml