Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
4
Helpful
3
Replies

internet router configuration

csc010854800
Level 1
Level 1

‎12-03-2007 12:07 AM - edited ‎03-03-2019 07:45 PM

hi pro's,

This is my internet router configuration which is directly connected to internet and other interface is connected to firewall .is this configuration sufficient enough against any attacks.

please review this and post your suggestions.

best regards

yogesh

Labels:
Preview file
5 KB
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎12-03-2007 12:15 AM

Hi

1) access-list "Fortigate" is not applied to any interface. If it is meant to be applied to the outside interface not such a good idea. Routers should route rather than do the function of a firewall although there is some basic filtering you can do (see 3).

2) You don't show the config for vty access but you should lock it down to who can access and if possible use ssh only.

3) Make sure you have done the standard router hardening eg. turn off small-services, no ip directed-broadcast etc.

4) You can do some basic filtering for networks in an access-list on the outside interface eg RFC 1918 address space filtering. Attached is a link for more details.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

HTH

Jon

csc010854800
Level 1
Level 1
In response to Jon Marshall

‎12-03-2007 12:30 AM

Hi,

Thnx for the reply.

i don't have my routers and switches in any domain.and for SSH that is the first requirement, can i put my routers and switches in domain one by one without disturbing my network.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to csc010854800

‎12-03-2007 12:52 AM

Hi

I have never done it but i think you should be okay configuring a domain name on your switches / routers without any adverse effects on the network.

FYI, attached is another doc that covers basic router security

http://www.cisco.com/warp/public/707/21.html

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card