Name: Cisco 2800 Series
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

Secured Branch Router Configuration Example

Configure

OL-6329-01

!---Configure the firewall interface that connects to the branch office PCs

!---and the Firewall Websense UFS:

!---Apply access lists and inspection rules to control access to the interface.

!---In this example, access list 116 is used to filter outbound packets, and

!---the inspection rule named “myfw” is used to filter inbound packets.

!---Enable the authentication proxy rule for dynamic, per-user authentication

!---and authorization. See the previous “aaa authorization auth-proxy default group SJ”

!---and “ip auth-proxy name aprule http” command entries.

!---Apply the Cisco IPS rule to outbound traffic.

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

ip access-group 116 out

ip inspect myfw in

ip auth-proxy aprule

ip ips ids-policy out

!---Configure the interface that connects to the

!---Cisco Secure Authentication Control Server (Cisco Secure ACS).

!---Apply access lists to control access to the interface.

!---In this example, access list 111 is used to filter inbound packets.

interface FastEthernet0/1

ip address 192.168.101.2 255.255.255.0

ip access-group 111 in

ip classless

!---The following command establishes a static route to the HTTP server,

!---which in this example has an IP address of 192.168.102.119.

ip route 192.168.102.0 255.255.255.0 FastEthernet0/1

!---Enable the HTTP server on your system.

!---Also, specify that the authentication method used for AAA login service

!---should be used for authenticating HTTP server users.

ip http server

ip http authentication aaa

no ip http secure-server

!---Configure the access list for the interface that connects to the

!---Cisco Secure ACS.

access-list 111 permit tcp host 192.168.101.119 eq tacacs host 192.168.101.2

access-list 111 permit udp host 192.168.101.119 eq tacacs host 192.168.101.2

access-list 111 permit icmp any any

access-list 111 deny ip any any

!---Configure the access list for the firewall interface that connects to the

!---branch office PCs and the Websense URL Filtering Server (UFS).

access-list 116 permit tcp host 192.168.1.118 host 192.168.1.2 eq www

access-list 116 deny tcp host 192.168.1.118 any

access-list 116 deny udp host 192.168.1.118 any

access-list 116 deny icmp host 192.168.1.118 any

access-list 116 permit tcp 192.168.1.0 0.0.0.255 any

access-list 116 permit udp 192.168.1.0 0.0.0.255 any

access-list 116 permit icmp 192.168.1.0 0.0.0.255 any

Other manuals for Cisco 2800 Series

Quick Start Guide46 pages

Datasheet5 pages

Configuring32 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco 2800 Series and is the answer not in the manual?

Cisco 2800 Series Specifications

General

Power Supply	Internal power supply
Product Type	Router
Form Factor	Rack-mountable
Connectivity Technology	Wired
Power Device	Internal power supply
Operating System	Cisco IOS
Integrated Services	Security, voice
WAN Interfaces	T1/E1, Serial
LAN Interfaces	Fast Ethernet, Gigabit Ethernet
Expansion Slots	4
Data Link Protocol	Ethernet, Fast Ethernet, Gigabit Ethernet
Network/Transport Protocol	IP, TCP
Remote Management Protocol	SNMP, Telnet
Features	VPN support, Quality of Service (QoS), VLAN support
Voltage Required	AC 100-240 V
Security Features	Firewall, VPN, Access Control Lists (ACLs)