Cisco has some very good documents on their site regarding the basic security configurations for routers. I do not, unfortunately, have the URL. That being said, there are a few things that you may want to place on your router 1. Block incoming traffic originating at RFC1918 private addresses. There is no reason why these should be coming into your network other than to spoof. 2. Block inbound traffic such as SNMP unless you actually want this coming in from the internet
Those are the two things that I remember most clearly as the best suggestions for gateway routers Hope it helps Gordon Brandt Network Engineer AP Wagner Inc. 2205 George Urban Blvd. Depew, NY 14043 Work: (716) 961-7119 Fax: (716) 856-4779 http://www.apwagner.com > -----Original Message----- > From: Naman Latif [mailto:naman.latif@;inamed.com] > Sent: Monday, November 04, 2002 8:47 PM > To: [EMAIL PROTECTED] > Subject: Protecting PIX Firewall at the Perimeter Router > > > Hi All, > > I wanted some suggestions\practical experiences for protecting a > Firewall wall at the Perimeter Router Level. > > We have a PIX Firewall connected to our Cisco Router, which > is connected > to the Internet. Should there be any IOS Firewall Rules in the Router, > other than blocking Telnet,FTP etc to the Firewall itself ? > > PIX will be doing NAT, protecting DMZ machines, and IPSec connections. > > Regards \\ Naman >