cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
571
Views
0
Helpful
4
Replies

WAN interface protection best practices.

SludnevTN_2
Level 1
Level 1

I want to protect WAN interface, i am not sure what technology should I use. ACL or IOS Firewall?

I use WAN interface for:

1. NAT outside

2. IPSEC VTI to branches.

3. EasyVPN for home users.

What is practical difference between ACL and IOS Firewall?

4 Replies 4

Joseph W. Doherty
Hall of Fame
Hall of Fame

"What is practical difference between ACL and IOS Firewall?"

An IOS firewall is feature richer. For example, one major difference, most "ordinary" ACLs are stateless while firewalls rules often can be stateful. However, reflexive ACLs are stateful too, but they might not cover as many stateful situations as firewall rules.

More information for IOS firewalls can be found here: http://www.cisco.com/en/US/products/sw/secursw/ps1018/index.html

Configuration guide for reflexive ACLs: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfreflx.html

Thank you.

And as I understand there are two different IOS firewals:

CBAC and Zone bazed firewall? Correct so what is the difference?

Zone based is the newer. If I recall correctly, it allows security to be defined relative to "zones" to which an interface or interfaces are attached. CBAC, I think, is defined per interface. There are some feature differences too; CBAC having, I believe, some that zone based don't yet have (although they are on the road map).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: