Figure 6-1 Network Topology for IOS Firewall CLI Con?¬?guration
The six steps to implementing a Cisco IOS Firewall from the CLI follow:
Step 1. Choose the interface and packet direction to inspect.
Step 2. Configure an IP ACL for the interface.
Step 3. Set audit trails and alerts.
Router
fa 0/1
192.168.30.1/24
fa 0/0
128.107.55.9/24
Legend:
access-list 102 applied in the
direction shown
192.168.30.32/24
Trusted
LAN
Untrusted
Network
WS1
100 101
102
140 Con?¬?guring an IOS Firewall from the CLI
Step 4. Define the inspection rules.
Step 5. Apply the inspection rules and the ACL to the outside interface.
Step 6. Verify the configuration.
Following the presentation of these steps, this section lists and describes commands for
troubleshooting the con?¬?guration.
Step 1: Choose the Interface and Packet Direction to Inspect
Choose inbound LAN traf?¬?c at FastEthernet 0/1 to the untrusted network for ACL 100. The
direction of traf?¬?c is relative to the router. Choose inbound WAN traf?¬?c at FastEthernet
0/1 for ACL 101. ACL 101 permits traf?¬?c from the untrusted network that is not speci?¬?cally
handled by the stateful inspection outbound at FastEthernet 0/1.
Step 2: Con?¬?gure an IP ACL for the Interface
Router(config)# accesslist 100 permit tcp
192.
Pages:
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127