Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
2
Replies

Need suggestion

nasheer.ahmad
Level 1
Level 1

‎02-22-2008 08:40 AM - edited ‎03-03-2019 08:49 PM

Hi,

Iam having two internet links (512 & 256kbps).

I had configured the FE0/0 with the internet pool ip.

Now I want to configure other fe0/1 using my internal Lan ip.

There will be no firewall connected between these links.

Pls suggest me to more secure my network by configuring only on the router which should not take any attacks on my LAN Zone.

regds

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-22-2008 09:25 AM

If from what you describe, you only want communication between your internet pool devices attached to fe0/0 and your internal LAN devices connected to fe0/1, you can define an ACL to only permit traffic between your IP pool and your internal addresses (don't exclude traffic between your Internet pool and the Internet). Doing this will protect your internal LAN from direct attacks from the Internet, but if someone "captures" one of your Internet pool hosts, they would have access to your LAN.

The latter is harder to control, but the ACL can be expanded to what type of traffic is permitted between your Internet pool devices and the LAN.

Many Cisco routers support a "firewall" feature set, that within their software, allows them to control traffic much like a dedicated firewall appliance.

PS:

I'm assuming from your description you have a separate Internet device network segment, but if you mean you have just a pool of Internet addresses and intend for your internal LAN to use those, i.e. the internal LAN desires to communicate with the Internet, things differ.

If this is the case, you NAT between the Internet and your internal LAN. Again, an ACL would be used to control what traffic is allowed to flow in or out. One helpful rule is to allow most TCP outbound, but only accept TCP inbound with the established bit set.

Here too, you would benefit more from having the firewall feature set.

Cisco has some free configuration tools that are provided with some of their routers. They make some of these common complex configuration simple to implement.

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎02-22-2008 09:54 AM

Hi,

Nat is a security measure, by configuring Nat , you will ensure that Traffic are not permitted unless its initiated from your LAN Pool.

As Advance security measur, u can configure(Reflexive Access-list).

HTH

Mohamed

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card