1800 and 2800 routers and Access lists

netsquant · ‎11-14-2008

I have access list on my WAN ports that build tunnels over the internet. I want to apply even more security to those ports with out install a FW appliance. Any ideas would be great.

Giuseppe Larosa · ‎11-14-2008

Hello Shane,

if you have or upgrade to an IOS release that support CBAC (Context Based Access Control) you have a feature near to a stateful firewall.

In modern IOS you should look for advanced ip services images for your routers.

As usual if you need to change the feature set this requires a payment.

Hope to help

Giuseppe

netsquant · ‎11-14-2008

Hello,

I'm already running these types of access lists. I wondering if there is something in addition to for even more security.

John Blakley · ‎11-14-2008

You can run IP inspects on the public interface, but this will cause overhead on your router. If the router is already heavily loaded, then this may not be a good option. In some IOSes, you can use IPS rules also.

--John

HTH, John *** Please rate all useful posts ***

Giuseppe Larosa · ‎11-14-2008

Hello John,

ip inspect is the command to apply CBAC we are meaning the same feature.

Hope to help

Giuseppe

netsquant · ‎11-14-2008

i'm going to work on this in my lab to see if this is what i'm looking for.

I'll keep you posted.

Thanks.