343
[Router] firewall enable
# Create advanced ACL 3001.
[Router] acl number 3001
# Configure rules to permit specific hosts to access external networks and permit internal servers to
access external networks.
[Router-acl-adv-3001] rule permit ip source 129.1.1.1 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.2 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.3 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.4 0
# Configure a rule to prohibit all IP packets from passing the firewall.
[Router-acl-adv-3001] rule deny ip
[Router-acl-adv-3001] quit
# Create advanced ACL 3002.
[Router] acl number 3002
# Configure a rule to allow a specific external user to access internal servers.
[Router-acl-adv-3002] rule permit tcp source 20.3.3.3 0 destination 129.1.1.0 0.0.0.255
# Configure a rule to permit specific data (only packets of which the port number is greater than 1024)
to get access to the internal network.
[Router-acl-adv-3002] rule permit tcp destination 20.1.1.1 0 destination-port gt 1024
[Router-acl-adv-3002] rule deny ip
[Router-acl-adv-3002] quit
# Apply ACL 3001 to packets that come in through Ethernet 1/1.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] firewall packet-filter 3001 inbound
# Apply ACL 3002 to packets that come in through Serial 2/0.
[Router-Ethernet1/1] quit
[Router] interface serial 2/0
[Router-Serial2/0] firewall packet-filter 3002 inbound
Configuring an ASPF
ASPF configuration task list
Task Remarks
Enabling the firewall function
Required
Configuring an ASPF policy
Required
Applying an ASPF policy to an interface
Required
Enabling the session logging function for ASPF
Optional
Configuring port mapping
Optional
To Next Page
Loading...
Need help?
General
