Support User Manuals

Cisco Systems 520 series Webcam User Manual

Open as PDF

of 162

8-5

Cisco Secure Router 520 Series Software Configuration Guide

OL-14210-01

Chapter 8 Configuring a Simple Firewall

Configuration Example

Configuration Example

A telecommuter is granted secure access to a corporate network, using IPsec tunneling. Security to the

home network is accomplished through firewall inspection. The protocols that are allowed are all TCP,

UDP, RTSP, H.323, NetShow, FTP, and SQLNet. There are no servers on the home network; therefore,

no traffic is allowed that is initiated from outside. IPsec tunneling secures the connection from the home

LAN to the corporate network.

Like the Internet Firewall Policy, HTTP need not be specified because Java blocking is not necessary.

Specifying TCP inspection allows for single-channel protocols such as Telnet and HTTP. UDP is

specified for DNS.

The following configuration example shows a portion of the configuration file for the simple firewall

scenario described in the preceding sections.

!

! Firewall inspection is set up for all TCP and UDP traffic as well as

! specific application protocols as defined by the security policy.

ip inspect name firewall tcp

ip inspect name firewall udp

ip inspect name firewall rtsp

ip inspect name firewall h323

ip inspect name firewall netshow

ip inspect name firewall ftp

ip inspect name firewall sqlnet

!

interface vlan 1! This is the internal home network.

ip inspect firewall in ! Inspection examines outbound traffic.

no cdp enable

!

interface fastethernet 4! FE4 is the outside or Internet-exposed interface.

! acl 103 permits IPsec traffic from the corp. router

! as well as denies Internet-initiated traffic inbound.

ip access-group 103 in

Step 4

interface type number

Example:

Router(config)# interface fastethernet 4

Router(config-if)#

Enters interface configuration mode for the

outside network interface on your router.

Step 5

ip access-group {access-list-number |

access-list-name}{in | out}

Example:

Router(config-if)# ip access-group 103 in

Router(config-if)#

Assigns the defined ACLs to the outside

interface on the router.

Step 6

exit

Example:

Router(config-if)# exit

Router(config)#

Returns to global configuration mode.

Command Purpose

previous next