Exterior Router, Let Mail out | Avocent Cyclades-PR2000 guide

Cyclades-PR2000

Exterior Router

The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny. Thus, ALL desired traffic must be expressly allowed by the rules in the rule list.

DENY

Let

e-mail out

Wo
	rl
	d
	of
		P
			o
			s
			s
			i
			b
			l
			e
			P
			a
			c
	Let		k
	Let		s
			e
			t
	e-mail in
	DENY

DENY

Let Telnet

Connections Out

FIGURE 12.3 DENY AS DEFAULT SCOPE

In Figure 12.3, a conceptual equivalent of the interface is shown. All packets except those which fall into the holes in the ball will be denied entry in to or out of the network.

Chapter 12 - Filters and Rules

99

Image 99

Avocent Cyclades-PR2000 installation manual Exterior Router, Let Mail out, Let Telnet Connections Out

Contents

Cyclades-PR2000 Cyclades-PR2000 Installation Manual FCC Warning StatementCanadian DOC Notice Table of Contents Static Routing Dynamic Routing 112 127 HOW to USE this Manual Text Conventions Installation Assumptions Icon Meaning Why CONFIG=INTERFACE=LConvention Description Icons Cyclades Technical Support and Contact Information CONFIGURATION=ALL USA Cyclades Corporation What is in the BOX To Wall Outlet Gender Changer DB-25 DB-9 MaleInterface DB-25 Male RS-232 Modem With DB-25 Interface RJ-45 Male RJ-45 to DB-25 Login Prompt and Main Menu Using CyROS Menus Lmi-typeANSI, Group of four, None Ansi Special Keys CONFIGURATION=TO Flash CyROS Management Utility Cyros Management Utility Cyclades-PR2000 PR2000 Host 192.168.0.30 255.255.255.0 STEP-BY-STEP Instructions for Common ApplicationsRS-232 Modem Network IP PC192.168.0.0 Host NAT Step ONEParameter Example Your Application IP MTU Step Three Step TWO Swan Network Protocol IP Menu Parameters Mlppp Step Four Step SIX Step Five Step Seven Step EightStep Nine Instructions for listing the configuration Instructions for creating a backup of the configuration file 200.240.230.1 Example 2 a LAN-to-LAN Example Using Frame RelayNetwork IP Mask ETH0 PR2000 10 Ethernet Network Protocol Menu Parameters 11 Swan Physical Menu Parameters 12 Swan Network Protocol IP Menu Parameters Snap IP LMICIR Dlci 14 DLC Configuration Menu Parameters 15 Static Route Menu Parameters Instructions for creating a backup of the configuration file Example 3 Link Backup 17 Traffic Control Parameters 18 Addition of the Primary Main Link Swan 20 Multilink Circuit Attributes This parameter has no effect for link backup. For load 21 Static Backup Route Parameters Instructions for creating a backup of the configuration file Configuration of the Ethernet Interface IP Network ProtocolParameter Description Incoming IP Accounting Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW 200.240.240.8 200.240.240.4 IP Bridge200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 PR2000 Link PR3000 Other Parameters Clock Source is always External Swan and Async Interfaces Step TWO Protocol Be used for authentication Network Protocol Network Protocols IP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol PPP The Point-to-Point Protocol DATA-LINK Protocols Encapsulation PPP Menu Char Pppchar HdlcFrame Relay T391 Interval between the LMI Status Enquiry messages N391 CONFIG=INTERFACE=SWAN =TRAFFIC Control =GENERAL =BANDWIDTH 200.1.1.1 Dlci Salvador Recife Network São Paulo Rio de Janeiro Network For static address mapping Router / DTE Switch / DCE Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25 Menu With PAD Packet Assembler/Disassembler Dynamic Routing Routing ProtocolsRouting Strategies Static Routing 10.0.0.0 Static Routes142.10.0.0 Mask 192.168.100.0 Interfaces Unnumbered Add Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this =PASSWORD=ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface Applies when Area Range N Status is Active =IP=OSPF=AREA=AUTHENTICATION Type Only when Virtual Link Status is Active BGP-4 Configuration 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus Example System with PR2000 in AS 100 Being Configured CONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=GLOBAL Route Reflector Client CONFIG=IP=BGP4=NEIGHBOR=ADD Step Three Route PR3000 Rred Up Ro 100.10.0.0/16Parameter Description Seq Rule Message From Tele Popeye Route Map Routes Parameter Description Seq Rule DiscardedDiscarded RoutesRoutesMessage From Tele Popeye Rule CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD Creation of user accounts and passwords CYROS, the Operating SystemCreation of the host table Slip IP Accounting Detailed information can be accessed via Snmp Server 192.168.0.31 NAT Network Address TranslationGlobal Address Range Ftp Network Server Mask Networks 192.168.0.0 Translated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time Step Four Rules and Filters Configuration of IP Filters Rule List Rules List Bastion Host 10.0.0.0 Extension to Network Exterior Router Perimeter Network Slot 192.168.0.0 Exterior Router Let Mail outLet Telnet Connections Out Filters and Rules 100 Output for Exterior Router Example Filters and Rules 102 Stop Forged Packets Don’t Allow Access to News Interior RouterStop Telnets From the Outside Except Bastion Host Output for Interior Router Example Traffic Rule Lists Link 33.33.33.1 25% or lessClient B Filters and Rules 106 Output Showing Parameters for Traffic Rule Example Filters and Rules 108 Mail Server Web Server Port 25 SmtpMail Server Web Client 10 Output Showing Parameters for Traffic Rule Example IPX Internetwork Packet Exchange Internal NetworkNumber Mac Address 00 60 2E 00 11 Configuring the Ethernet Interface Configuring Other InterfacesEnabling IPX Frame Relay RoutingParameter Value for the Example Routing Table for the Example SAP Service Advertisement Protocol Table Virtual Private Network Configuration Virtual Private Network Configuration 116 IP172.16.0.0 Link Link IP10..255.255.0Router IP Address RSG3 Remote IP Network 9.1 Security Gateway Router Link Virtual Private Network Configuration 118 Virtual Private Network Configuration 119 CPU Appendix a TroubleshootingBoot Code step Test Event CPU LED Morse code What to Do if the Router Does Not Work or Stops Working Host host00 Testing the Ethernet Interface Figure A.3 General Statistics Table Testing the WAN Interfaces Appendix a Troubleshooting 124 LEDs Cyclades PR2000 Appendix B Hardware Specifications External Interfaces WAN InterfacesLAN Interface Console Interface Asynchronous Interface Straight-Through Cable Cables TxClkDTE a Female Retention Screw Male DB-25 Female Signal Pin PGndDB-25 M.34 Adaptor TxClkDTE B Cross Cable ASY/Modem Cable Signal Pin Pin Signal PGnd TxD RxD Cross Cable20 DTR Figure B.10 Loopback Connector DB-25 Male DB-25 Loopback Connector Appendix C Configuration Without a Console ProcedureRequirements Snmp RIP Cyclades Philippines