Security Features
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled):
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1000 in service ike self Router1/configure/firewall internet/policy 1000 in# exit Router1/configure/firewall internet# exit
Step 12: Configure firewall policies to allow desired services through untrusted interface to manage the router (applicable only if firewall license is also enabled):
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1001 in service snmp self Router1/configure/firewall internet/policy 1001 in# exit Router1/configure/firewall internet# policy 1002 in service telnet self
Router1/configure/firewall internet/policy 1002 in# exit Router1/configure/firewall internet# policy 1003 in protocol icmp self
Router1/configure/firewall internet/policy 1003 in# exit Router1/configure/firewall internet# exit
Step 13: Display firewall policies in the internet map (applicable only if firewall license is enabled):
Router1# show firewall policy internet
Advanced: S - Self Traffic, F -
R-
Pri | Dir | Source Addr | Destination Addr | Sport | Dport | Proto Action Advanced | |
1000 | in | any | any | ike |
|
| PERMIT SE |
1001 | in | any | any | snmp |
|
| PERMIT SE |
1002 | in | any | any | telnet |
|
| PERMIT SE |
1003 | in | any | any | any | any | icmp | PERMIT SE |
1024 | out | any | any | any | any | any | PERMIT SE |
June 2004 | © 2004 Foundry Networks, Inc. | 15 - 7 |
