1800 and 2800 routers and Access lists

Unanswered Question
Nov 14th, 2008

I have access list on my WAN ports that build tunnels over the internet. I want to apply even more security to those ports with out install a FW appliance. Any ideas would be great.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 11/14/2008 - 09:47

Hello Shane,

if you have or upgrade to an IOS release that support CBAC (Context Based Access Control) you have a feature near to a stateful firewall.

In modern IOS you should look for advanced ip services images for your routers.

As usual if you need to change the feature set this requires a payment.

Hope to help


netsquant Fri, 11/14/2008 - 10:18


I'm already running these types of access lists. I wondering if there is something in addition to for even more security.

John Blakley Fri, 11/14/2008 - 10:23

You can run IP inspects on the public interface, but this will cause overhead on your router. If the router is already heavily loaded, then this may not be a good option. In some IOSes, you can use IPS rules also.


Giuseppe Larosa Fri, 11/14/2008 - 11:20

Hello John,

ip inspect is the command to apply CBAC we are meaning the same feature.

Hope to help


netsquant Fri, 11/14/2008 - 11:24

i'm going to work on this in my lab to see if this is what i'm looking for.

I'll keep you posted.



This Discussion