03-05-2008 04:04 PM - edited 03-09-2019 08:15 PM
Hi,
I have just built a new gateway with one of our older routers an 1841. I currently have it connected to the outside world and would like to know of any further suggestions to secure it.
currently i have created an ACL so that http, https and dns only get through for now. implied deny all at the end of this acl i would expect ICMP to stop.
Also an ACL on the VTY interface to limit access only to physical console.
Below is my current config
!
hostname #########
!
ip name-server 70.70.80.#
!
interface FastEthernet0/0
description Internet
ip address 203.203.#.# 255.255.255.252
ip nat outside
speed 10
half-duplex
!
interface FastEthernet0/1
description Inside
ip address 192.168.1.253 255.255.255.0
ip access-group AllowWeb in
ip nat inside
speed auto
full-duplex
!
ip route 0.0.0.0 0.0.0.0 203.203.#.#
!
!
ip http server
ip nat inside source list 5 interface FastEthernet0/0 overload
!
ip access-list extended AllowWeb
permit tcp any any eq 443
permit tcp any any eq www
permit udp any any eq domain
!
access-list 5 permit 192.168.1.0 0.0.0.255
access-list 101 deny tcp any any eq telnet
!
line con 0
line aux 0
line vty 0 4
access-class 101 in
login
!
03-06-2008 01:26 AM
Hi,
Securing a router is a huge topic, but there are a number of standard ways of doing it. Best thing is to go through the following training and see how closely your config matches.
http://www.cisco.com/E-Learning/bulk/public/celc/SECR/start.html
HTH
Andrew.
03-06-2008 03:14 PM
Thanks very much Andrew.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: