23-5
Cisco7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter23 Configuring Network Security
Configuring the Cisco IOS Firewall Feature Set
•Firewall Configuration Guidelines and Restrictions, page 23-6
•Configuring CBAC on Cisco7600 Series Routers, page 23-6
Cisco IOS Firewall Feature Set Support OverviewThe firewall feature set images support these Cisco IOS firewall features:
•Context-based Access Control (CBAC)
•Port-to-Application Mapping (PAM)
•Authentication Proxy
These are the firewall feature set image names:
•c6sup22-jo3sv-mz
•c6sup22-po3sv-mz
•c6sup12-jo3sv-mz
•c6sup12-po3sv-mz
For more information about Cisco IOS firewall features, refer to the Cisco IOS Security Configuration
Guide, Release 12.1, “Traffic Filtering and Firewalls” online publications:
•The “Cisco IOS Firewall Overview” chapter at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdfirw
l.htm
•The “Configuring Context-Based Access Control” chapter at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdcbac
.htm
•The “Configuring Authentication Proxy” chapter at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdauth
p.htm
•Cisco IOS Security Command Reference publication at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm
The following features are supported with and without the use of a Cisco IOS firewall image:
•Standard access lists and static extended access lists
•Lock-and-key (dynamic access lists)
•IP session filtering (reflexive access lists)
•TCP intercept
•Security server support
•Network address translation
•Neighbor router authentication
•Event logging
•User authentication and authorization