Table of Contents
Advertisement
Chapter 8
Configuring a Simple Firewall
The procedures in this chapter assume that you have already configured basic router features as well as
Note
PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see
Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT,"
"Configuring PPP over ATM with NAT,"
DHCP, VLANs, and secure tunnels.
Configure Access Lists
Perform these steps to create access lists for use by the firewall, beginning in global configuration mode:
Command
Step 1
access-list access-list-number {deny | permit}
protocol source source-wildcard [operator [port]]
destination
Example:
Router(config)# access-list 103 deny ip any
any
Router(config)# access-list 103 permit host
200.1.1.1 eq isakmp any
Router(config)#
Step 2
access-list access-list-number {deny | permit}
protocol source source-wildcard destination
destination-wildcard
Example:
Router(config)# access-list 105 permit ip
10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
Router(config)#
OL-14210-01
as appropriate for your router. You may have also configured
Purpose
Creates an access list which prevents Internet-
initiated traffic from reaching the local (inside)
network of the router, and which compares
source and destination ports.
See the
Cisco IOS IP Command Reference,
Volume 1 of 4: Addressing and Services
details about this command.
Creates an access list that allows network traffic
to pass freely between the corporate network
and the local networks through the configured
VPN tunnel.
Cisco Secure Router 520 Series Software Configuration Guide
Configure Access Lists
Chapter 1, "Basic
and
Chapter 4,
for
8-3
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
