You can do stateful filtering with the fw feature set. Cisco calls it CBAC
(Context-Based Access Control). CBAC works for TCP and UDP traffic. ICMP
must be filtered with traditional ACL's as I don't think it's supported with
CBAC.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt3/scdcbac.htm#1001051
Regards,
Aaron K. Dixon
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Trevor Corness
Sent: Monday, November 27, 2000 12:39 AM
To: Jason; [EMAIL PROTECTED]
Subject: RE: Cisco 2620 as a Firewall??
You will require a few things. First of all, I am assuming the following:
A) Cisco 2621 has all the interfaces you require, IE we'll say you're
"firewalling to Fast Ethernet from an 'internet' connection of Frame
Relay" -- so your 2621 would have a serial port and an FE port. Pretty
basic.
B) Everything else is set up correctly for a network to work.
Then you will need to obtain the Firewall IOS version for the 26xx series.
This is in the format of a regular IOS upgrade, and I believe the Firewall
commands are simply a Feature Set add-on, much like IP Plus.
Install this IOS, and it will enable the new commands available for firewall
functionality.
If I am not mistaken, this is only a real guess as I haven't attempted this
quite yet (I usually use IPFilters on OpenBSD to do wire security stuff)..
most of the commands are available in the normal IP Plus feature set, but
are optimized greatly in the Firewall feature set. Commands such as NAT,
faster filtering with access-lists, IPsec, etc.
Does anyone know if this Firewall Feature Set is capable of doing stateful
rules implementation? Or do you require a PIX to do such a thing? And
also, are stateful rules allowed for ICMP and UDP?
Regards,
Trevor J Corness, CCNA
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jason
Sent: Sunday, November 26, 2000 7:22 PM
To: [EMAIL PROTECTED]
Subject: Cisco 2620 as a Firewall??
I was recently using Cisco's Product Selection Tool and was looking for
routers that might dub as a firewall. After putting in all of my options,
it listed the 2620 as a potential candidate for the Firewall functionality
in addition to routing voice and data. Considering that I already have a
2621 in the closet, --
My question is this -- How exactly can I get the router to work as a
firewall as well as a router? I am looking for details as I can already
guess the basics. I'm sure I need an IOS upgrade which includes PIX or some
other firewall functionality. If you have experience in this area, share
the knowledge! Any help is greatly appreciated!
Thanks so much,
Jason
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
