Securing Internet gateway - 1841 router

Unanswered Question
Mar 5th, 2008
User Badges:


I have just built a new gateway with one of our older routers an 1841. I currently have it connected to the outside world and would like to know of any further suggestions to secure it.

currently i have created an ACL so that http, https and dns only get through for now. implied deny all at the end of this acl i would expect ICMP to stop.

Also an ACL on the VTY interface to limit access only to physical console.

Below is my current config


hostname #########


ip name-server 70.70.80.#


interface FastEthernet0/0

description Internet

ip address 203.203.#.#

ip nat outside

speed 10



interface FastEthernet0/1

description Inside

ip address

ip access-group AllowWeb in

ip nat inside

speed auto



ip route 203.203.#.#



ip http server

ip nat inside source list 5 interface FastEthernet0/0 overload


ip access-list extended AllowWeb

permit tcp any any eq 443

permit tcp any any eq www

permit udp any any eq domain


access-list 5 permit

access-list 101 deny tcp any any eq telnet


line con 0

line aux 0

line vty 0 4

access-class 101 in



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)


This Discussion