Router(config)#interface fastethernet 0/1 Moves to interface
con?¬?guration mode
Router(config-if)#ip access-group 100 in Applies ACL 100 to this
interface, which permits
the speci?¬?ed traf?¬?c
through the router to the
untrusted network
Router(config)#interface fastethernet 0/0 Moves to interface
con?¬?guration mode
Router(config-if)#ip inspect INSPECTION-RULE
out
Instructs the router to
maintain stateful session
information for protocols
named in INSPECTIONRULE
for outbound traf?¬?c
144 Con?¬?guring an IOS Firewall from the CLI
Step 6: Verify the Con?¬?guration
Router(config-if)#ip access-group 101 in Permits inbound traf?¬?c not
speci?¬?cally handled by the
CBAC
NOTE: Inbound traf?¬?c
not handled by the CBAC
must be speci?¬?cally
permitted inbound
at the outside WAN
interface (ACL 101).
All other protocols
speci?¬?ed in the CBAC
inspection rule will be
???pinholed??? through the
?¬?rewall when there is
a session match to the
outbound requesting
traf?¬?c (stateful
inspection).
Router#show ip inspect name INSPECTION-RULE Displays information
about the inspection rule
named INSPECTIONRULE
Router#show ip inspect config Displays information
about inspection
con?¬?guration
Router#show ip inspect interfaces Displays information
about inspection interfaces
Router#show ip inspect session Displays information
about inspection sessions
(use the detail argument
for added information)
Router#show ip inspect statistics Displays information
about inspection statistics
Router#show ip inspect all Displays all available
inspection information
Con?¬?guring a Basic Firewall Using SDM 145
Troubleshooting the Con?¬?guration
Con?¬?guring a Basic Firewall Using SDM
As shown in Figure 6-2, from the home page of Cisco Router and Security Device Manager
(SDM), click the Con?¬?gure button at the top of the page, and then click the Firewall
and ACL icon in the Tasks toolbar on the left.
Pages:
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131