1, Get a config where CBAC is enabled and access-list are applied on the interfaces If the configuration of the CBAC and ACL is wrong then the following steps will show wrong results. Check the configuration of the router before you suggest the followings. 2, Check the “show commands” output 2.1 Check the inspection states […]
November 17, 2010
To get SDM work, my action plan will be the following: Check requirements. Download latest SDM. Delete old / unnecessary SDM files from flash. Upload new ones via TFTP. Configure router for SDM. 1) Requirements Cisco Routers and Cisco IOS Versions Supported & Memory Requirements & PC System Requirements & Web Browser Versions and Java […]
November 16, 2010
TOPOLOGY: Requirements 1, Layer 3-4 control Customer wants to inspect the following protocols: icmp dns esmtp https imap* pop3* tcp udp *For IMAP and POP3 customer wants to reset the TCP connection if the client enters a non-protocol command before authentication is complete. 2, Layer 4-7 control Customer wants to deny all kind of services […]
November 14, 2010
Configuring zone-based policy firewall on a cisco IOS router is not as easy. To be able to understand the topology of the configuration I used some colors. The key hierarchy is the following: class-map policy-map zone-pair zone security for interface I used in this small example the following topology: Configuration topology: Router parameters: SW: Cisco […]
November 13, 2010
The routers are managed generally with telnet. Telnet is from security view not the best access method, as it is clear text and fast all end-hosts has a telnet client. In such case secure access should be used with ssh or ssl. A Cisco IOS router can be accessed with ssh as well, the following […]
November 23, 2010
0