Browsing All Posts filed under »IOS«

Troubleshooting IOS Firewall Feature Set – CBAC

November 23, 2010


1, Get a config where CBAC is enabled and access-list are applied on the interfaces If the configuration of the CBAC and ACL is wrong then the following steps will show wrong results. Check the configuration of the router before you suggest the followings. 2, Check the “show commands” output 2.1 Check the inspection states […]

How to upgrade the SDM

November 17, 2010


To get SDM work, my action plan will be the following: Check requirements. Download latest SDM. Delete old / unnecessary SDM files from flash. Upload new ones via TFTP. Configure router for SDM. 1) Requirements Cisco Routers and Cisco IOS Versions Supported & Memory Requirements & PC System Requirements & Web Browser Versions and Java […]

Converting CBAC to Zone-Based Policy Firewall

November 16, 2010


TOPOLOGY: Requirements 1, Layer 3-4 control Customer wants to inspect the following protocols: icmp dns esmtp https imap* pop3* tcp udp *For IMAP and POP3 customer wants to reset the TCP connection if the client enters a non-protocol command before authentication is complete. 2, Layer 4-7 control Customer wants to deny all kind of services […]

Configure Zone-Based Policy Firewall

November 14, 2010


Configuring zone-based policy firewall on a cisco IOS router is not as easy. To be able to understand the topology of the configuration I used some colors. The key hierarchy is the following: class-map policy-map zone-pair zone security for interface I used in this small example the following topology: Configuration topology: Router parameters: SW: Cisco […]

Configure ssh access to IOS router

November 13, 2010


The routers are managed generally with telnet. Telnet is from security view not the best access method, as it is clear text and fast all end-hosts has a telnet client. In such case secure access should be used with ssh or ssl. A Cisco IOS router can be accessed with ssh as well, the following […]