cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
419
Views
4
Helpful
2
Replies

Securing Internet gateway - 1841 router

jtphilies
Level 1
Level 1

Hi,

I have just built a new gateway with one of our older routers an 1841. I currently have it connected to the outside world and would like to know of any further suggestions to secure it.

currently i have created an ACL so that http, https and dns only get through for now. implied deny all at the end of this acl i would expect ICMP to stop.

Also an ACL on the VTY interface to limit access only to physical console.

Below is my current config

!

hostname #########

!

ip name-server 70.70.80.#

!

interface FastEthernet0/0

description Internet

ip address 203.203.#.# 255.255.255.252

ip nat outside

speed 10

half-duplex

!

interface FastEthernet0/1

description Inside

ip address 192.168.1.253 255.255.255.0

ip access-group AllowWeb in

ip nat inside

speed auto

full-duplex

!

ip route 0.0.0.0 0.0.0.0 203.203.#.#

!

!

ip http server

ip nat inside source list 5 interface FastEthernet0/0 overload

!

ip access-list extended AllowWeb

permit tcp any any eq 443

permit tcp any any eq www

permit udp any any eq domain

!

access-list 5 permit 192.168.1.0 0.0.0.255

access-list 101 deny tcp any any eq telnet

!

line con 0

line aux 0

line vty 0 4

access-class 101 in

login

!

2 Replies 2

andrew.burns
Level 7
Level 7

Hi,

Securing a router is a huge topic, but there are a number of standard ways of doing it. Best thing is to go through the following training and see how closely your config matches.

http://www.cisco.com/E-Learning/bulk/public/celc/SECR/start.html

HTH

Andrew.

Thanks very much Andrew.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: