11-14-2008 09:40 AM - edited 03-04-2019 12:20 AM
I have access list on my WAN ports that build tunnels over the internet. I want to apply even more security to those ports with out install a FW appliance. Any ideas would be great.
11-14-2008 09:47 AM
Hello Shane,
if you have or upgrade to an IOS release that support CBAC (Context Based Access Control) you have a feature near to a stateful firewall.
In modern IOS you should look for advanced ip services images for your routers.
As usual if you need to change the feature set this requires a payment.
Hope to help
Giuseppe
11-14-2008 10:18 AM
Hello,
I'm already running these types of access lists. I wondering if there is something in addition to for even more security.
11-14-2008 10:23 AM
You can run IP inspects on the public interface, but this will cause overhead on your router. If the router is already heavily loaded, then this may not be a good option. In some IOSes, you can use IPS rules also.
--John
11-14-2008 11:20 AM
Hello John,
ip inspect is the command to apply CBAC we are meaning the same feature.
Hope to help
Giuseppe
11-14-2008 11:24 AM
i'm going to work on this in my lab to see if this is what i'm looking for.
I'll keep you posted.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide