Filters and Rules 100 | Avocent Cyclades-PR2000 manual

Cyclades-PR2000

Steps necessary to activate filtering on the exterior router in the example:

1There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists, called exterior_in and exterior_out. Create them using the menu CONFIG =>RULES LIST =>IP =>ADD RULE LIST and the following parameters:

Rule List Type = Filter Default Scope = Deny Linked Rule List Name = None

2Create the rules for each rule list in the order in which they should be evaluated. The order is important and mis-ordering the rules can cause unexpected results. This is done in the menu CONFIG =>RULES LIST =>IP =>CONFIGURE RULES. The parameters for rules 0 and 1 in the example are shown in Figure 12.4.

3Link the rule lists to the respective interface parameters in the menu CONFIG =>INTERFACE

=><INTERFACE> =>NETWORK PROTOCOL =>INCOMING/ OUTGOING RULE LIST NAME. exterior_in should be set as the incoming rule list name and exterior_out should be set as the outgoing rule list name.

Exterior_in, rule 0, allows a remote computer to connect to the bastion host using the TCP protocol on its SMTP port. Exterior_out, rule 0, allows the Bastion Server to RESPOND to the connection started by the remote computer. To send e-mail out, two more rules would be needed. If all the router needs to do is receive e-mail, the configuration is done. If not, other “holes” must be created in the deny ball.

Chapter 12 - Filters and Rules

100

Image 100

Avocent Cyclades-PR2000 installation manual Filters and Rules 100

Contents

Cyclades-PR2000 FCC Warning Statement Cyclades-PR2000 Installation ManualCanadian DOC Notice Table of Contents Static Routing Dynamic Routing 112 127 HOW to USE this Manual Installation Assumptions Text Conventions CONFIG=INTERFACE=L Convention DescriptionIcons Icon Meaning Why CONFIGURATION=ALL Cyclades Technical Support and Contact Information Cyclades Corporation USA To Wall Outlet Gender Changer DB-25 DB-9 Male What is in the BOXInterface RJ-45 Male RJ-45 to DB-25 DB-25 Male RS-232 Modem With DB-25 Interface Using CyROS Menus Login Prompt and Main Menu Lmi-typeANSI, Group of four, None Ansi CONFIGURATION=TO Flash Special Keys Cyros Management Utility CyROS Management Utility Cyclades-PR2000 STEP-BY-STEP Instructions for Common Applications RS-232 Modem Network IP PC192.168.0.0Host PR2000 Host 192.168.0.30 255.255.255.0 Step ONE Parameter Example Your ApplicationIP MTU NAT Step TWO Step Three Swan Network Protocol IP Menu Parameters Step Four Mlppp Step Five Step SIX Step Eight Step SevenStep Nine Instructions for creating a backup of the configuration file Instructions for listing the configuration Example 2 a LAN-to-LAN Example Using Frame Relay Network IP MaskETH0 PR2000 200.240.230.1 10 Ethernet Network Protocol Menu Parameters 11 Swan Physical Menu Parameters 12 Swan Network Protocol IP Menu Parameters LMI Snap IPCIR 14 DLC Configuration Menu Parameters Dlci 15 Static Route Menu Parameters Instructions for creating a backup of the configuration file Example 3 Link Backup 17 Traffic Control Parameters Swan 18 Addition of the Primary Main Link This parameter has no effect for link backup. For load 20 Multilink Circuit Attributes 21 Static Backup Route Parameters Instructions for creating a backup of the configuration file IP Network Protocol Configuration of the Ethernet InterfaceParameter Description Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW Incoming IP Accounting IP Bridge 200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1PR2000 Link PR3000 200.240.240.8 200.240.240.4 Other Parameters Swan and Async Interfaces Clock Source is always External Step TWO Protocol Be used for authentication Network Protocols Network Protocol IP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol DATA-LINK Protocols Encapsulation PPP The Point-to-Point Protocol PPP Menu Char Hdlc PppcharFrame Relay CONFIG=INTERFACE=SWAN =TRAFFIC Control =GENERAL =BANDWIDTH T391 Interval between the LMI Status Enquiry messages N391 Dlci 200.1.1.1 São Paulo Rio de Janeiro Network Salvador Recife Network For static address mapping Switch / DCE Router / DTE Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25 Menu With PAD Packet Assembler/Disassembler Routing Protocols Routing StrategiesStatic Routing Dynamic Routing Static Routes 142.10.0.0 Mask192.168.100.0 10.0.0.0 Unnumbered Interfaces Add Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations =PASSWORD CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this=ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface Applies when Area Range N Status is Active Only when Virtual Link Status is Active =IP=OSPF=AREA=AUTHENTICATION Type BGP-4 Configuration Example System with PR2000 in AS 100 Being Configured 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus CONFIG=IP=BGP4=GLOBAL CONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=NEIGHBOR=ADD Route Reflector Client Step Three Up Ro 100.10.0.0/16 Route PR3000 RredParameter Description Routes Seq Rule Message From Tele Popeye Route Map Parameter Description DiscardedDiscarded RoutesRoutes Seq RuleMessage From Tele Popeye Rule CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD CYROS, the Operating System Creation of user accounts and passwordsCreation of the host table Slip Detailed information can be accessed via Snmp IP Accounting NAT Network Address Translation Global Address Range Ftp Network Server MaskNetworks 192.168.0.0 Server 192.168.0.31 Translated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time Step Four Configuration of IP Filters Rules and Filters Rules List Rule List Exterior Router Perimeter Network Slot 192.168.0.0 Bastion Host 10.0.0.0 Extension to Network Let Mail out Exterior RouterLet Telnet Connections Out Filters and Rules 100 Output for Exterior Router Example Filters and Rules 102 Interior Router Stop Forged Packets Don’t Allow Access to NewsStop Telnets From the Outside Except Bastion Host Output for Interior Router Example Link 33.33.33.1 25% or less Traffic Rule ListsClient B Filters and Rules 106 Output Showing Parameters for Traffic Rule Example Filters and Rules 108 Port 25 Smtp Mail Server Web ServerMail Server Web Client 10 Output Showing Parameters for Traffic Rule Example Internal Network IPX Internetwork Packet ExchangeNumber Mac Address 00 60 2E 00 11 Configuring Other Interfaces Configuring the Ethernet InterfaceEnabling IPX Routing Frame RelayParameter Value for the Example SAP Service Advertisement Protocol Table Routing Table for the Example Virtual Private Network Configuration Virtual Private Network Configuration 116 Link IP10..255.255.0 Router IP AddressRSG3 Remote IP Network 9.1 Security Gateway Router Link IP172.16.0.0 Link Virtual Private Network Configuration 118 Virtual Private Network Configuration 119 Appendix a Troubleshooting Boot Code stepTest CPU What to Do if the Router Does Not Work or Stops Working Event CPU LED Morse code Testing the Ethernet Interface Host host00 Testing the WAN Interfaces Figure A.3 General Statistics Table Appendix a Troubleshooting 124 Cyclades PR2000 LEDs Appendix B Hardware Specifications WAN Interfaces External InterfacesLAN Interface Asynchronous Interface Console Interface Cables Straight-Through Cable Female Retention Screw Male DB-25 Female Signal Pin PGnd DB-25 M.34 AdaptorTxClkDTE B TxClkDTE a ASY/Modem Cable Cross Cable Cross Cable Signal Pin Pin Signal PGnd TxD RxD20 DTR DB-25 Loopback Connector Figure B.10 Loopback Connector DB-25 Male Procedure Appendix C Configuration Without a ConsoleRequirements RIP Snmp Cyclades Philippines