Cisco Systems OL-6426-02 Benutzerhandbuch
12-4
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 12 Configuring Security Features
Configuring Cisco IOS Firewall IDS
Configuring Cisco IOS Firewall IDS
Cisco IOS Firewall Intrusion Detection System (IDS) technology enhances perimeter firewall protection
by taking appropriate action on packets and flows that violate the security policy or represent malicious
network activity.
by taking appropriate action on packets and flows that violate the security policy or represent malicious
network activity.
Cisco IOS Firewall IDS identifies 59 of the most common attacks using “signatures” to detect patterns
of misuse in network traffic. It acts as an in-line intrusion detection sensor, watching packets and
sessions as they flow through the router, scanning each to match any of the IDS signatures. When it
detects suspicious activity, it responds before network security can be compromised, logs the event, and,
depending on configuration, sends an alarm, drops suspicious packets, or resets the TCP connection.
of misuse in network traffic. It acts as an in-line intrusion detection sensor, watching packets and
sessions as they flow through the router, scanning each to match any of the IDS signatures. When it
detects suspicious activity, it responds before network security can be compromised, logs the event, and,
depending on configuration, sends an alarm, drops suspicious packets, or resets the TCP connection.
For additional information about configuring Cisco IOS Firewall IDS, see the “
” section of the Cisco IOS Release 12.3 Security Configuration
Guide.
Configuring VPNs
A virtual private network (VPN) connection provides a secure connection between two networks over a
public network such as the Internet. Cisco 1800 series fixed-configuration access routers support
site-to-site VPNs using IP security (IPSec) tunnels and generic routing encapsulation (GRE). Permanent
VPN connections between two peers, or dynamic VPNs using EZVPN or DMVPN which create and tear
down VPN connections as needed, can be configured.
public network such as the Internet. Cisco 1800 series fixed-configuration access routers support
site-to-site VPNs using IP security (IPSec) tunnels and generic routing encapsulation (GRE). Permanent
VPN connections between two peers, or dynamic VPNs using EZVPN or DMVPN which create and tear
down VPN connections as needed, can be configured.
show examples of how to configure your router with these features. For more
information about IPSec and GRE configuration, see the “
of the Cisco IOS Release 12.3 Security Configuration Guide.
For information about additional VPN configurations supported by Cisco 1800 series
fixed-configuration access routers, see the following feature documents:
fixed-configuration access routers, see the following feature documents:
•
“
”—802.1X authentication allows enterprise
employees to access their enterprise networks from home while allowing other household members
to access only the Internet.
to access only the Internet.
•
“
”—Cisco 1800 series fixed-configuration routers can be configured to act as
EZVPN servers, letting authorized EZVPN clients establish dynamic VPN tunnels to the connected
network.
network.
•
“
”—The DMVPN feature creates VPN tunnels between
multiple routers in a multipoint configuration as needed, simplifying the configuration and
eliminating the need for permanent, point-to-point VPN tunnels.
eliminating the need for permanent, point-to-point VPN tunnels.