01-05-2009 11:55 PM - edited 03-11-2019 07:32 AM
Give some suggestions applying important security feature in 1841 router.
It connects to leased line n got 8 public ips in lan side.
Purpose is to allow 12 users to use initernet.but users got private ips from main DHCP server where i can mention the gateway or the router.
Can it be done only with NAT?
If only NAT pretect the whole network?
How to prptect external attack.?We need to allow traffic orinate from internal Network only.
GIve a details of wht are the external attacks need to be mitigated.
thanx
01-06-2009 02:10 PM
Hey Vannam
Yeah.. you gotta use NAT and do translation on the router.. you can actually do a global PAT, and translate all the users private IP to , say the interface IP address.. This will make sure that the outbound connections are secure, and ip addresses are hidden..
To secure the router overall you can consider enabling auto-secure feature, if you have 12.4 IOS.. this will turn off all unnecessary processes , like http, finger service etc.. you can also put an access-list on the outside interface (connecting to internet) and allow only specific IP addresses.. YOu can block RFC 1918 private ip addresses from outside, as you dont need them.. If you need more security, you can have a dedicated IPS on the outside segment, as the router internal IPS has really less signatures...
Basically you can harden your router, to increase the security on it.. search for router hardening in CCO, and you will find many docs..
hope this helps.. allthe best
Raj
01-06-2009 11:13 PM
Thank U !
i hope i can run SDM n create the security features.
Whether we can download ips/ids signatue files free from CISCO if we have CCO password?
thnx.
01-07-2009 12:05 AM
In addtion to the Nat, I need to block pcs with their Mac address only passing thro' the ethernet interface.
Want to create a sub-interface in Lan side grouping all the pcs( Mac address wise),nating the VLAN to a our Global IP addresses.
will the idea work?
thanx
vanna
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: