The Cisco 1800
integrated services routers support network traffic filtering by means of
access lists. The router also supports packet inspection and dynamic temporary
access lists by means of Context-Based Access Control (CBAC).
Basic traffic filtering
is limited to configured access list implementations that examine packets at
the network layer or, at most, the transport layer, permitting or denying the
passage of each packet through the firewall. However, the use of inspection
rules in CBAC allows the creation and use of dynamic temporary access lists.
These dynamic lists allow temporary openings in the configured access lists at
firewall interfaces. These openings are created when traffic for a specified
user session exits the internal network through the firewall. The openings
allow returning traffic for the specified session (that would normally be
blocked) back through the firewall.
1.
Multiple networked
devices—Desktops, laptop PCs, switches.
2.
Fast Ethernet LAN
interface (the inside interface for NAT)
3.
PPPoE or PPPoA client
and firewall implementation—Cisco 1811/1812 or Cisco 1801/1802/1803 series
integrated services router, respectively
4.
Point at which NAT
occurs
5.
Protected network
6.
Unprotected network
7.
Fast Ethernet or ATM WAN
interface (the outside interface for NAT)
In the configuration example that follows, the
firewall is applied to the outside WAN interface (FE0) on the Cisco 1811 or
Cisco 1812 and protects the Fast Ethernet LAN on FE2 by filtering and
inspecting all traffic entering the router on the Fast Ethernet WAN interface
FE1. Note that in this example, the network traffic originating from the
corporate network, network address 10.1.1.0, is considered safe traffic and is
not filtered.
More Click on:- http://www.cisco.com/c/en/us/td/docs/routers/access/1800/1801/software/configuration/guide/scg/firewall.html
Comments