Help with IOS Firewall

Unanswered Question
May 14th, 2009
User Badges:

Hi all,

I'm trying to use IOS Firewall on a 2811 router. I use 2 interfaces F0/0 as a WAN interface to internet and VLAN1 as a LAN interface.

This is the configuration I'm trying:

ip inspect name Firewall pop3

ip inspect name Firewall imap3

interface vlan1

ip inspect Firewall in

I understand that with this configuration I couldn't be able to connect to http, but I can do it from my LAN.

Can anybody help me? I just want to restrict the use of some protocols.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 05/14/2009 - 09:03
User Badges:
  • Purple, 4500 points or more

ACL's block/permit traffic and inspect keeps trsck of TCP sessions. What exactly are you trying to do?

Collin Clark Thu, 05/14/2009 - 09:30
User Badges:
  • Purple, 4500 points or more

OK, Let's say you want to block SMTP for everyone but the mail server.

<font size="2" color="red"> </p><p>ip access-list extended BLOCK_SMTP</p><p> remark Allow EMail server SMTP</p><p> permit tcp host any eq 25</p><p> remark Block ALL SMTP</p><p> deny tcp any any eq 25 log</p><p> remark Allow all other traffic</p><p> permit ip any any</font>

Then apply to the interface. Does that help?

usuario0001 Tue, 05/19/2009 - 08:49
User Badges:

Could you recommend me some documentation?

We want to block Peer to Peer, some Internet address etc.

Thanks and regards


This Discussion