Cisco Systems OL-6426-02 Benutzerhandbuch
B E TA D R A F T - C I S C O C O N F I D E N T I A L
8-3
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 8 Configuring a Simple Firewall
Configure Access Lists
Configure Access Lists
Perform these steps to create access lists for use by the firewall, beginning in global configuration mode:
Configure Inspection Rules
Perform these steps to configure firewall inspection rules for all TCP and UDP traffic, as well as specific
application protocols as defined by the security policy, beginning in global configuration mode:
application protocols as defined by the security policy, beginning in global configuration mode:
Command
Purpose
Step 1
access-list access-list-number {deny | permit}
protocol source source-wildcard [operator [port]]
destination
protocol source source-wildcard [operator [port]]
destination
Example:
Router(config)# access-list 103 permit host
200.1.1.1 eq isakmp any
Router(config)#
Creates an access list which prevents Internet-
initiated traffic from reaching the local (inside)
network of the router, and which compares
source and destination ports.
initiated traffic from reaching the local (inside)
network of the router, and which compares
source and destination ports.
See the
details about this command.
Step 2
access-list access-list-number {deny | permit}
protocol source source-wildcard destination
destination-wildcard
protocol source source-wildcard destination
destination-wildcard
Example:
Router(config)# access-list 105 permit ip
10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
Router(config)#
Creates an access list that allows network traffic
to pass freely between the corporate network
and the local networks through the configured
VPN tunnel.
to pass freely between the corporate network
and the local networks through the configured
VPN tunnel.
Command or Action
Purpose
Step 1
ip inspect name inspection-name protocol
Example:
Router(config)# ip inspect name firewall tcp
Router(config)#
Defines an inspection rule for a particular
protocol.
protocol.
Step 2
ip inspect name inspection-name protocol
Example:
Router(config)# ip inspect name firewall rtsp
Router(config)# ip inspect name firewall h323
Router(config)# ip inspect name firewall
netshow
Router(config)# ip inspect name firewall ftp
Router(config)# ip inspect name firewall
sqlnet
Router(config)#
Repeat this command for each inspection rule
that you wish to use.
that you wish to use.