8-3
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 8 Configuring a Simple Firewall
Configure Access Lists
Configure Access Lists
Perform these steps to create access lists for use by the firewall, beginning in global configuration mode:
Command Purpose
Step 1
access-list access-list-number {deny | permit}
protocol source source-wildcard [operator [port]]
destination
Example:
Router(config)# access-list 103 deny ip any
any
Router(config)# access-list 103 permit host
200.1.1.1 eq isakmp any
Router(config)#
Creates an access list which prevents Internet-
initiated traffic from reaching the local (inside)
network of the router, and which compares
source and destination ports.
See the Cisco IOS IP Command Reference,
Volume 1 of 4: Addressing and Services for
details about this command.
Configure Inspection Rules
Perform these steps to configure firewall inspection rules for all TCP and UDP traffic, as well as specific
application protocols as defined by the security policy, beginning in global configuration mode:
Command or Action Purpose
Step 1
ip inspect name inspection-name protocol
Example:
Router(config)# ip inspect name firewall tcp
Router(config)#
Defines an inspection rule for a particular
protocol.
Step 2
ip inspect name inspection-name protocol
Example:
Router(config)# ip inspect name firewall rtsp
Router(config)# ip inspect name firewall h323
Router(config)# ip inspect name firewall
netshow
Router(config)# ip inspect name firewall ftp
Router(config)# ip inspect name firewall
sqlnet
Router(config)#
Repeat this command for each inspection rule
that you wish to use.
To Next Page
Loading...
Need help?
General
