Firewall Configuration

-
Configuring a Simple Firewall

The Cisco 1800 integrated services routers support network traffic filtering by means of access lists. The router also supports packet inspection and dynamic temporary access lists by means of Context-Based Access Control (CBAC).
Basic traffic filtering is limited to configured access list implementations that examine packets at the network layer or, at most, the transport layer, permitting or denying the passage of each packet through the firewall. However, the use of inspection rules in CBAC allows the creation and use of dynamic temporary access lists. These dynamic lists allow temporary openings in the configured access lists at firewall interfaces. These openings are created when traffic for a specified user session exits the internal network through the firewall. The openings allow returning traffic for the specified session (that would normally be blocked) back through the firewall.
.

8-1 Router with Firewall Configured
1.    Multiple networked devices—Desktops, laptop PCs, switches.
2.    Fast Ethernet LAN interface (the inside interface for NAT)
3.    PPPoE or PPPoA client and firewall implementation—Cisco 1811/1812 or Cisco 1801/1802/1803 series integrated services router, respectively
4.    Point at which NAT occurs
5.    Protected network
6.    Unprotected network
7.    Fast Ethernet or ATM WAN interface (the outside interface for NAT)
In the configuration example that follows, the firewall is applied to the outside WAN interface (FE0) on the Cisco 1811 or Cisco 1812 and protects the Fast Ethernet LAN on FE2 by filtering and inspecting all traffic entering the router on the Fast Ethernet WAN interface FE1. Note that in this example, the network traffic originating from the corporate network, network address 10.1.1.0, is considered safe traffic and is not filtered.
Configuration Tasks
Perform the following tasks to configure this network scenario:
·                 Configure Access Lists
·                 Configure Inspection Rules
·                 Apply Access Lists and Inspection Rules to Interfaces
More Click on:- http://www.cisco.com/c/en/us/td/docs/routers/access/1800/1801/software/configuration/guide/scg/firewall.html


Comments

Post a Comment

Popular posts from this blog

Information Security Interview Questions & Answers

-
The number of Information Security related jobs are growing extensively…. There is a huge requirement for skilled InfoSec professionals across the globe.. the jobs positions are available for freshers, experienced guys and top management (typically CISO .HCL,BPLetc)… This post is my attempt to collect typical InfoSec interview question and answers to help those looking out opportunities in this field… I’ll keep on updating the questions regularly.. You can also share/contribute any questions you might have faced during your InfoSec interviews…. Category I: General Security Concepts / Network Security / OS Security 1) Is there any difference between Information Security and IT Security? If yes, please explain the difference. Ans- Yes. Information Security and IT Security are both different terms often used interchangeably. IT Security focuses on purely technical controls (like implementing antivirus, firewall, hardening systems etc) while Information Security is more wider ter
Read more

MCSE INTERVIEW QUESTIONS AND ANSWER

-
Image
MCSE INTERVIEW QUESTIONS AND ANSWER ,VERY USEFULL OUR NEXT JOB INTERVIEW MCSE Questions and Answers: :  1 :: What is the use of IGMP protocol?  Internet Group Management Protocol: - It allows internet hosts to participate in multicasting. The IGMP messages are used to learn which hosts is part of which multicast groups. The mechanism also allow a host to inform its local router, that it wants to receive messages.  2 :: What are Ping and Tracert?  Ping and tracert are the commands used to send information to some remote computers to receive some information. Information is sent and received by packets. Ping I particularly used to check if the system is in network or not. It also gives packet lost information. In windows ping command is written as ping ip_address Tracert is called as trace route. It is used to track or trace the path the packet takes from the computer where the command is given until the destination. In windows ping command is written as tracert ip_address  3
Read more

OSI MODEL (Open Systems Interconnection model )

-
Image
To Day I Explain OSI MODEL,   Open Systems Interconnection model  ( OSI ) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into  abstraction  layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO), maintained by the identification ISO/IEC 7498-1. The model groups communication functions into seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal connection on that layer.  The Below Shown Diagram is helpful to understand the OSI seven Layer Model. OSI MODEL EXPLANATION The Physical Layer describ
Read more