IOS Firewall – CBAC
September 4, 2008 at 3:23 pm | In Security | Leave a CommentConfiguration
R4# ip inspect name INSPECT tcp router-traffic ip inspect name INSPECT icmp router-traffic ip inspect name INSPECT ftp ip access-list extended INBOUND permit ospf any any permit tcp any any eq bgp deny ip any any ! interface Serial1/1 ip access-group INBOUND in ip inspect INSPECT out
Verification
Try telneting from R6 and from R4 to R5 150.1.5.5
R4#sh ip inspect config Session audit trail is disabled Session alert is enabled one-minute (sampling period) thresholds are [unlimited : unlimited] connections max-incomplete sessions thresholds are [unlimited : unlimited] max-incomplete tcp connections per host is unlimited. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time is 3600 sec -- udp idle-time is 30 sec dns-timeout is 5 sec Inspection Rule Configuration Inspection name INSPECT tcp alert is on audit-trail is off timeout 3600 inspection of router local traffic is enabled icmp alert is on audit-trail is off timeout 10 inspection of router local traffic is enabled R4#sh access-list INBOUND Extended IP access list INBOUND 40 permit ospf any any (143 matches) 60 deny ip any any (126 matches) R4#sh ip inspect sessions Established Sessions Session 64BEE6B4 (155.1.45.4:24211)=>(150.1.5.5:23) tcp SIS_OPEN Session 64BEE434 (10.0.0.6:39785)=>(150.1.5.5:23) tcp SIS_OPEN Session 64BEE934 (150.1.4.4:15035)=>(150.1.5.5:179) tcp SIS_OPEN
Doc CD Navigation
- Cisco IOS Security Configuration Guide, Release 12.4
- Traffic Filtering, Firewalls, and Virus Detection
- Context-Based Access Control
- Configuring Context-based Access Control
- CBAC Configuration Examples
- Ethernet Interface Configuration Example
Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.
