hit counter script

Inspection Rules - Cisco 1710 Software Configuration Manual

Security router
Hide thumbs Also See for 1710:
Table of Contents

Advertisement

Chapter 2
Cisco 1710 Security Router Configuration

Inspection Rules

Complete Sample Configuration
78-12696-01
The following commands tie the access group to a specific interface on the router
and specify that incoming packets are to be permitted or denied passage:
interface ethernet 0
ip access-group 102 in
Specify which protocols to examine by using the ip inspect name command.
When inspection detects that the specified protocol is passing through the
firewall, a dynamic access list is created to allow the passage of return traffic. The
timeout parameter specifies the length of time the dynamic access list will remain
active without return traffic passing through the router. When a timeout is
reached, the dynamic access list is removed, and subsequent packets (possibly
even valid ones) are not permitted.
For each protocol you want to inspect, enter a line in global configuration mode
using the following syntax:
ip inspect name inspection-name protocol timeout seconds
Use the same inspection-name in multiple statements to group them into one set
of rules. This set of rules can be activated elsewhere in the configuration by using
the ip inspect inspection-name in|out command when configuring an interface at
the firewall.
An example configuration is presented here, in which a Cisco 1710 Security
router is a PPPoE client connected through a modem to an external network access
router. The router might be located in a branch office with the network access
router located at the corporate site. One alternate scenario could be that the router
is in a small or medium business, and the network access router belongs to a
service provider. In each case, the network access router provides a dial-in data
service with secure tunnels to the business or branch office for mobile users.
This example presents a full configuration of the Cisco 1710 Security router,
along with a complementary configuration of IPSec on the network access router.
Cisco 1710 Security Router Software Configuration Guide
Complete Sample Configuration
2-15

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents