Securing Internet gateway - 1841 router

Unanswered Question
Mar 5th, 2008

Hi,

I have just built a new gateway with one of our older routers an 1841. I currently have it connected to the outside world and would like to know of any further suggestions to secure it.

currently i have created an ACL so that http, https and dns only get through for now. implied deny all at the end of this acl i would expect ICMP to stop.

Also an ACL on the VTY interface to limit access only to physical console.

Below is my current config

!

hostname #########

!

ip name-server 70.70.80.#

!

interface FastEthernet0/0

description Internet

ip address 203.203.#.# 255.255.255.252

ip nat outside

speed 10

half-duplex

!

interface FastEthernet0/1

description Inside

ip address 192.168.1.253 255.255.255.0

ip access-group AllowWeb in

ip nat inside

speed auto

full-duplex

!

ip route 0.0.0.0 0.0.0.0 203.203.#.#

!

!

ip http server

ip nat inside source list 5 interface FastEthernet0/0 overload

!

ip access-list extended AllowWeb

permit tcp any any eq 443

permit tcp any any eq www

permit udp any any eq domain

!

access-list 5 permit 192.168.1.0 0.0.0.255

access-list 101 deny tcp any any eq telnet

!

line con 0

line aux 0

line vty 0 4

access-class 101 in

login

!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.

Actions

This Discussion