Chapter 8 Configuring a Simple Firewall

 

 

 

BETA DRAFT - CISCO CONFIDENTIAL

 

 

 

 

 

 

 

1

Multiple networked devices—Desktops, laptop PCs, switches

 

 

 

 

2

Fast Ethernet LAN interface (the inside interface for NAT)

 

 

 

 

3

PPPoE or PPPoA client and firewall implementation—Cisco 1811/1812 or Cisco 1801/1802/1803

 

 

 

series integrated services router, respectively

 

 

 

 

4

Point at which NAT occurs

 

 

 

 

5

Protected network

 

 

 

 

6

Unprotected network

 

 

 

 

7

Fast Ethernet or ATM WAN interface (the outside interface for NAT)

 

 

 

 

In the configuration example that follows, the firewall is applied to the outside WAN interface (FE0) on the Cisco 1811 or Cisco 1812 and protects the Fast Ethernet LAN on FE2 by filtering and inspecting all traffic entering the router on the Fast Ethernet WAN interface FE1. Note that in this example, the network traffic originating from the corporate network, network address 10.1.1.0, is considered safe traffic and is not filtered.

Configuration Tasks

Perform the following tasks to configure this network scenario:

Configure Access Lists

Configure Inspection Rules

Apply Access Lists and Inspection Rules to Interfaces

An example showing the results of these configuration tasks is shown in the section “Configuration Example.”

Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see Chapter 1, “Basic Router Configuration,” Chapter 3, “Configuring PPP over Ethernet with NAT,” and Chapter 4, “Configuring PPP over ATM with NAT,” as appropriate for your router. You may have also configured DHCP, VLANs, and secure tunnels.

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

8-2

OL-6426-02

 

 

Page 98
Image 98
Cisco Systems OL-6426-02 Fast Ethernet LAN interface the inside interface for NAT, Protected network, Unprotected network