Cisco Router 850 Series Software Configuration Guide
Here you can view all the pages of manual Cisco Router 850 Series Software Configuration Guide. The Cisco manuals for Router are available online for free. You can easily download all the documents as PDF.
Page 91
7-9 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example Configuration Example The following configuration example shows a portion of the configuration file for a VPN using a GRE tunnel scenario described in the preceding sections. !aaa new-model ! aaa authentication login rtr-remote localaaa authorization network rtr-remote local aaa session-id...
Page 92
7-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example tunnel source fastethernet 0 tunnel destination interface 192.168.101.1 ip route 20.20.20.0 255.255.255.0 tunnel 1 crypto isakmp policy 1 encryption 3des authentication pre-sharegroup 2 ! crypto isakmp client configuration group rtr-remotekey secret-password dns 10.50.10.1 10.60.10.1 domain...
Page 93
7-11 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example !! Utilize NAT overload in order to make best use of the ! single address provided by the ISP. ip nat inside source list 102 interface Ethernet1 overloadip classless ip route 0.0.0.0 0.0.0.0 210.110.101.1 no ip http server! ! ! acl 102 associated addresses used for NAT.access-list 102 permit ip...
Page 94
7-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example
Page 95
CH A P T E R 8-1 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 8 Configuring a Simple Firewall The Cisco 850 and Cisco 870 series routers support network traffic filtering by means of access lists. The routers also support packet inspection an d dynamic temporary access lists by means of Context-Based Access Control (CBAC). Basic traffic filtering is limited to configured access list implementations that examine packets at the network layer or, at...
Page 96
1Multiple networked devices—Desktops, laptop PCs, switches 2Fast Ethernet LAN interface (the inside interface for NAT) 3PPPoE or PPPoA client and firewall implementation—Cisco 851/871 or Cisco 857/876/877/878 series access router, respectively 4Point at which NAT occurs 5Protected network 6Unprotected network 7Fast Ethernet or ATM WAN interf ace (the outside interface for NAT) 8-2 Cisco 850 Series and Cisco 870 Series Acce ss Routers Software Configuration Guide OL-5332-01 Chapter 8 Configuring...
Page 97
![Page 97
8-3
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 8 Config uring a Simple Firewall
Configure Access Lists
Configure Access Lists
Perform these steps to create access lists for use by the firewall, beginning in global configuration mode:
CommandPurpose
Step 1access-list access-list-number {deny | permit }
protocol source source-wildcard [operator [port ]]
destination
Example:
Router(config)# access-list 103 deny ip any
any...](http://img.usermanuals.tech/thumb/17/102806/w300_index.html@nav=null&now=get&message=Downloading&file=857sg_bk-96.png "Page 97
8-3
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 8 Config uring a Simple Firewall
Configure Access Lists
Configure Access Lists
Perform these steps to create access lists for use by the firewall, beginning in global configuration mode:
CommandPurpose
Step 1access-list access-list-number {deny | permit }
protocol source source-wildcard [operator [port ]]
destination
Example:
Router(config)# access-list 103 deny ip any
any...")
8-3
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 8 Config uring a Simple Firewall
Configure Access Lists
Configure Access Lists
Perform these steps to create access lists for use by the firewall, beginning in global configuration mode:
CommandPurpose
Step 1access-list access-list-number {deny | permit }
protocol source source-wildcard [operator [port ]]
destination
Example:
Router(config)# access-list 103 deny ip any
any...
Page 98
8-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 8 Configuring a Simple Firewall Apply Access Lists and Inspection Rules to Interfaces Apply Access Lists and Insp ection Rules to Interfaces Perform these steps to apply the ACLs and inspection rules to the network interfaces, beginning in global configuration mode: CommandPurpose Step 1interface type number Example: Router(config)# interface vlan 1Router(config-if)# Enters interface...
Page 99
8-5 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 8 Configuring a Simple Firewall Configuration Example Configuration Example A telecommuter is granted secure access to a corporate network, using IPSec tunneling. Security to the home network is accomplished through firewall inspection. The protocols that are allowed are all TCP, UDP, RTSP, H.323, NetShow, FTP, and SQLNet. There are no servers on the home network; therefore, no traffic is...
Page 100
8-6 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 8 Configuring a Simple Firewall Configuration Example