How to set the Cisco firewall ios

[Lawford]

Hi all,

Some people think Firewall have not brilliant, but I believe that if the full use of devices Firewall Function, could be a strengthened Safe Choice. I want to know that how to set the Cisco firewall IOS. Please provide some basics steps. Thanks in advance.

[Milton.J]

If your Routing Device does not provide any firewall feature set, please do not run the firewall command. However, in order to strengthen Safe, The author recommended that you use to support a firewall ios version. Although only a NAT that your internal network can provide the minimum level of protection, but you face Internet Router more easily exposed to hackers. The command prompt is omitted, in each order of addition of explanation or description.

Code:

enable

Code:

Access to privileged user mode - config t

Code:

To enter global configuration mode -  ip dhcp excluded-address 192.168.100.1 192.168.100.10

[Spyrus]

You need to excluded from the internal dhcp address pool ip address. Do the command:

Code:

ip dhcp pool internal-dhcp

For Create a group called "internal dhcp" the dhcp pools

Code:

import all

For Dhcp settings from the external isp into "internal dhcp" pool

Code:

network 192.168.100.0 255.255.255.0

This definition of the network is running dhcp pool

Code:

default-router 192.168.100.1

Check and reply.

[Snake08]

For the "internal dhcp" to set the default gateway pool, go for this command:

Code:

ip inspect name cbac tcp

For check the outgoing data communication, in order to facilitate the response to allow tcp internal communications

Code:

ip inspect name cbac udp

For check the outgoing data communication, in order to facilitate the response to allow udp internal communications

Code:

interface f0 / 0

Into the interface f0 / 0, f0 / 0 here, that is the internal LAN interface

Code:

ip address 192.168.100.1 255.255.255.0

The internal LAN interface ip set to 192.168.100.1, the subnet mask for the 24-bit.

Code:

ip nat inside

Check and reply.

[Zachary]

This interface is designated as the internal interface network address translation

Code:

interface e0 / 0

Into the interface e0 / 0. E0 / 0 here, which is outside the LAN interface.

Code:

ip address dhcp

Setting the external LAN interface ip using dhcp, dhcp provided by the isp.

Code:

ip access-group cbac in

Open the internal state of the data packet inspection

Code:

ip inspect cbac out

Open the internal state of the data packet inspection, this point is critical for the response to internal communications.

Code:

ip nat outside

This interface is designated as the internal interface network address translation mac-address ffff.ffff.ffff
Optional, allowing users to mac address spoofing. Some isp will lock the mac address.ip nat inside source list natacl interface e0 / 0 overload. All the best.

[Big Fish]

It will all of the ip address from natacl acl converted to the external interface and ip address. check the command :

Code:

ip access-list extended cbac

The definition of a group called cbac extension acl, the firewall rules for the internal permitted and internal dhcp. If you do not have this feature, the user's isp can not assign a dhcp ip address. If not, then outsourcing pptp vpn not working permitted ping into. Note that if you want to keep a secret, please do not use this feature. If you want to record the entry of rejected attempts to function, this command can be useful.

Code:

ip access-list extended natacl

The definition of a group called natacl extension acl, used to implement nat

Code:

permit ip 192.168.100.0 0.0.0.255 any

192.168.100.0/24 allowed to reach the network address translation has been done anywhere.