Manuals / Black Box / Computer Equipment / Network Router

Black Box LR1102A-T1/E1, LR1112A-T1/E1 manual Verify the firewall policy for Security Zone DMZ

Models: LR1102A-T1/E1 LR1112A-T1/E1 LR1104A-T1/E1 LR1114A-T1/E1

1 142

Download 142 pages 53.89 Kb

Page 67

Firewall Configuration Ex-

Blackbox/configure> firewall dmz Blackbox/configure/firewall dmz> object Blackbox/configure/firewall dmz/object> ftp-filter putdeny deny put mkdir

Blackbox/configure/firewall dmz/object> nat-pool ftpsrvr static 10.3.1.100

Blackbox/configure/firewall dmz/object> exit Blackbox/configure/firewall dmz> policy 100 in address any any 193.168.94.221 32

Blackbox/configure/firewall dmz/policy 100 in> apply-object nat-pool ftpsrvr

Blackbox/configure/firewall dmz/policy 100 in> apply-object ftp-filter putdeny

Blackbox/configure/firewall dmz/policy 100 in> exit Blackbox/configure/firewall dmz> exit

Step 8:Verify the firewall policy for Security Zone DMZ

Blackbox/configure> show firewall policy dmz

Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,

R- Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter

Pri	Dir	Source Addr	Destination Addr	Sport	Dport	Proto Action Advanced
---	---	-----------	----------------	----------------- ------ --------
100	in	any	193.168.94.221/32 any		any	any	PERMIT FNE
1022	out	any	any	any	any	any	PERMIT SE
1023	in	any	any	any	any	any	PERMIT SE
1024	out	any	any	any	any	any	PERMIT E

Step 9: Verify that the FTP filter objects for Security Zone DMZ are created as configured:

Blackbox/configure> show firewall object ftp-filter dmz

Object Name	Action	Log	Commands
-----------	------	---	--------
putdeny	deny	no	put mkdir

Blackbox/configure>

Step 10: Create a default route out of the WAN

Blackbox/configure> ip route 0.0.0.0 0 wan

Blackbox/configure>

Step 11:Verify the system configuration by displaying the running configuration.

69

Image 67

Black Box LR1102A-T1/E1 manual Verify the firewall policy for Security Zone DMZ, Create a default route out of the WAN

Contents

Black Box LR11xx Series Router Configurations Black Box LR11xx Series Router Configurations Guide Instrucciones DE Seguridad Normas Oficiales Mexicanas NOM Electrical Safety Statement Black Box LR11xx Series Router Configurations Guide Contents Ipsec Specifications Ultipath M Ulticast C Onfigurations 119 101107 117 WAN I Nterface C Onfigurations Black Box LR11xx Series Router Configurations Guide Functionality Feature OverviewBootp Requests 1DHCP Relay Enabling Dhcp Relay Using Dhcp Relay with NATCommand Line Interface Bootp Replies Dhcp Relay Displaying Dhcp ConfigurationConfiguring the Gateway Address field when NAT is enabled Displaying Statistics Displaying Ethernet Interface Statistics Dhcp Limitations 1IGMP Configuration Configuring Internet Group Management Protocol Igmp Configuration Examples Igmp CommandsExample 2.12Example Igmp Configuration2.10Example 2.11Example Black Box LR11xx Series Router Configurations Guide 1IP Packet Filter Lists Configure the Black Box LR1104ABlackbox configure term Blackbox/configure ip Filtering IP Traffic Example Blackbox configure terminal Blackbox/configure ipBlackbox/configure/ip applyfilter WAN1 filterb Blackbox/configure/ip applyfilter WAN1 filterc 1IPSec Configurations Configuring Security Display the crypto interfaces Example 1 Managing the Black Configure IKE to the peer gateway Permit SE Enable Snmp on the Black Box1 router Display Snmp communities Example 2 Single Proposal Tun Configure IPSec tunnel to the remote host Using the show crypto ipsec policy all command 1022 Out Any Black Box1 Show firewall policy corp detail Policy with Example 3 Multiple IPSec Pro Message Proposal added with priority2-esp-3des-sha1-tunnel As in of Example Example 4 IPSec remote access Display dynamic IKE policies in detail Configure dynamic IPSec policy for a group of mobile users Display dynamic IPSec policies in detail Display dynamic IPSec policies Lifetime in Kilobytes Bytes In 0, Bytes Out Permit E Display dynamic IKE policies Example 5 IPSec remote access Display dynamic IKE policies in detail Permit 20.1.1.150 1022 Out Any Example 5 IPSec remote access Black Box LR11xx Series Router Configurations Guide 1IPSec Appendix Ipsec Specifications IKE Defaults Black Box IKE and IPSec DefaultsIPSec Defaults ESP IPSec Appendix Black Box LR11xx Series Router Configurations Guide Proxy ARP and Packet Forwarding Forwarding IP Traffic1IP Multiplexing Packet Forwarding Modes Proxy ARP and Packet Forwarding Addressing in IP Multiplexing Networks Split Subnet Single SubnetIP Multiplexing Secondary Addressing 30 Bit Secondary Addressing POP Only Pros and Cons of Different IP Addressing Schemes Secondary Addressing 29 BitRouting Considerations for IP Multiplexing Black Box LR11xx Series Router Configurations Guide 1Connecting a Black Box Router to a Router/CSU Via Hdlc IP Multiplexing Hdlc Configurations Configuration Guide Configure the Black Box LR1104A at Site 1Configuring Multiple PPP and Mlppp Bundles IP Multiplexing PPP and Mlppp Configurations LR1104A Configuring Multiple PPP Configure the Black Box LR1104A at the Main Site Black Box LR11xx Series Router Configurations Guide LR1104A Configuring PPP, MLPPP,1Layer Two Configurations PPP, MLPPP, LR1114A Configure the Black Box LR1114A System at Site Mlppp ConfigurationPPP and Mlppp Configuration Hdlc Configuration 10.1Firewalls Configuring Firewalls Basic Firewall Configuration Firewall Configuration Examples Create policies for Security Zone Corp that Create the security zones Corp and DMZ and attach interfaces Create policies for Security Zone DMZ that Verify the firewall policy for Security Zone Corp Verify the firewall policy for Security Zone DMZ Create a default route out of the WAN Black Box LR11xx Series Router Configurations Guide Firewall Configuration Ex Black Box LR11xx Series Router Configurations Guide Stopping DoS Attacks NAT Configuration Examples NAT ConfigurationsPacket Reassembly Dynamic NAT many to many NAT Configuration Examples Static NAT Static NAT one to one 10.4.3Port Address Translation Many to one Method1 Specifying NAT address with the policy commandMethod2 Attaching nat pool to the policy Black Box LR11xx Series Router Configurations Guide 11.1Multipath Multicast Multipath Multicast Configurations 11.2.1Multipath Examples 11.2Multipath Commands Static NAT Configuring NAT12.1Network Address Translation Dynamic NAT Dynamic and Static NAT Configuration for Figure Reverse NAT 12.1.4Configuration for FigureNetwork Address Translation Reverse NAT Blackbox configure terminal 13.1.1Dynamic NAT many to many NAT Configuration Examples 60.1.1.1 13.1.2Static NAT one to one 13.1.3Port Address Translation Many to one Remote Access User Group Remote Access VpnsSecure Remote Access Using IPSec VPN Access Methods Remote Access Mode Configuration Configuration Examples Black Box #1 IPSec Remote Access User David@blackboxcom .com IPSec Remote Access Mode Configuration Group Method Mike@Blackbox.com IPSec Remote Access Mode Con Black Box LR11xx Series Router Configurations Guide Networking with Routing Information Protocol 15.1.1Configuring RIP for Ethernet 0 and WAN 1 Interfaces15.1.2Displaying RIP Configuration 15.1.3Displaying All Configured RIP Interfaces Show ip rip interface all Command Static Routing Configuration Configuring Static Routes 16.1.2Configure the Router at site B 16.1.1Configure the Router at Site aBlackbox/configure ip route 0.0.0.0 0.0.0.0 10.1.1.2 17.1.3Configuring interface bundle Dallas Configuring Open Shortest Path First Routing17.1.1Configuring the host name 17.1.2Configuring interface ethernet 17.1.7Displaying ospf routes 17.1.4Configuring ospf17.1.5Configuring ospf interface parameters 17.1.6Displaying neighbors Configuring GRE Configuring Generic Routing EncapsulationInstalling Licenses GRE Configuration Examples GRE Configuration Examples 18.3.1Configuring Site to Site Tunnel For more information enter Configuring GRE Site to Site with Configuring GRE Site to Site with IPSec Add to the Cisco configuration above Configuring GRE Site to Site with IPSec and Ospf Ospf Frame Relay Configuring Ospf and Frame Relay 19.1.4Configuring Ospf 19.1.1Configuring the host name19.1.2Configuring interface ethernet 19.1.3Configuring interface bundle Dallas PIM Configuration Configuring Protocol Independent Multicasting Routing20.1.1PIM Commands Bootstrap Router related Commands Show and debug PIM commands are PIM Configuration Blackbox/configure/ip/pim register-suppress-timeout 20.1.2PIM Configuration Examples Blackbox/configure display ip pim global Blackbox/configure display ip pim neighbors Blackbox clear ip pim statistics 116 Restrictions Mtrace Configuration21.1.1mtrace Command Multicast Traceroute Facility Blackbox mtrace 192.168.0.0 192.168.2.22 Mtrace Example Configuring QoS Configuring Quality of Service Routing22.1.1Features 22.1.3Classification Types 22.1.2Definitions Create traffic classes Configuring QoSVlan Identifiers Create bundle AppTest Create bundle VLANtest 22.1.5Bulk StatisticsCreate traffic classes and assign classifications Configuring bulk statistics Screen Display for show qos bulkstatsconfig Command 124 Managing Traffic with Vlan Tagging Virtual LAN Tagging # The POP router is 205.1.1.1/30 Reston configuration Black Box LR1104A Managing Traffic with Vlan Tag DC configuration Black Box LR1114A 128 Managing Redundant Connections 24.1.1Configuration DetailsTrunk Group/Failover Configure the Black Box LR1114A for Failover Operation Bundle Configuration WAN Interface Configurations25.1 T1 Interface Configuration 25.1.1Module Configuration Configure an N x T1 Mlppp Bundle Configure a Fractional T1 Hdlc BundleConfigure a T1 PPP Bundle Blackbox/configure interface bundle demo2 Managing Vlan Traffic Virtual LAN Forwarding 134 26.1.2Bldg1 configuration Black Box LR1114A 26.1.1POP configuration Black Box LR1104AManaging Vlan Traffic Configure Snmp Configure interface bundle uplink10 br Mutlilink Frame Relay Features27.1Multilink Frame Relay FRF.15 and FRF.16 27.1.1.5 #Configure AVC 27.1.1.1 # Configure Ethernet interface27.1.1.2 # Configure CVC1 27.1.1.4 # Configure CVC3 Layer Two Configurations FR and MFR Configuring Frame Relay Multilink Frame Relay Configure the Hssi Bundle at Site FR Configuration Configure the LR1104A LR1104A at Site MFR ConfigurationLayer Two Configurations FR Configure the Clear Channel Bundle on the LR1104A 142 Copyright 2004. Black Box Corporation. All rights reserved