Cisco Systems 520 series Webcam User Manual


 
8-5
Cisco Secure Router 520 Series Software Configuration Guide
OL-14210-01
Chapter 8 Configuring a Simple Firewall
Configuration Example
Configuration Example
A telecommuter is granted secure access to a corporate network, using IPsec tunneling. Security to the
home network is accomplished through firewall inspection. The protocols that are allowed are all TCP,
UDP, RTSP, H.323, NetShow, FTP, and SQLNet. There are no servers on the home network; therefore,
no traffic is allowed that is initiated from outside. IPsec tunneling secures the connection from the home
LAN to the corporate network.
Like the Internet Firewall Policy, HTTP need not be specified because Java blocking is not necessary.
Specifying TCP inspection allows for single-channel protocols such as Telnet and HTTP. UDP is
specified for DNS.
The following configuration example shows a portion of the configuration file for the simple firewall
scenario described in the preceding sections.
!
! Firewall inspection is set up for all TCP and UDP traffic as well as
! specific application protocols as defined by the security policy.
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
!
interface vlan 1! This is the internal home network.
ip inspect firewall in ! Inspection examines outbound traffic.
no cdp enable
!
interface fastethernet 4! FE4 is the outside or Internet-exposed interface.
! acl 103 permits IPsec traffic from the corp. router
! as well as denies Internet-initiated traffic inbound.
ip access-group 103 in
Step 4
interface type number
Example:
Router(config)# interface fastethernet 4
Router(config-if)#
Enters interface configuration mode for the
outside network interface on your router.
Step 5
ip access-group {access-list-number |
access-list-name}{in | out}
Example:
Router(config-if)# ip access-group 103 in
Router(config-if)#
Assigns the defined ACLs to the outside
interface on the router.
Step 6
exit
Example:
Router(config-if)# exit
Router(config)#
Returns to global configuration mode.
Command Purpose