10-15-2010 08:20 AM - edited 03-11-2019 11:54 AM
Here's the situation, my network has a Cisco 1811 router. This network is going to be mostly used for remote field operators to VPN into the system (via SSL vpn) and once they have established a VPN cnnection they will use a remote desktop protocol (VNC) to remote into a computer where they can access a porgram that was custom built for thier work. The workers and management are concerned about the field operators getting a virus on thier computer and it spreading to the main computer. The main computer dosen't have any antivirus programs on it as those tend to conflict with the custom built program. So they want a firewall on the internal network that will have all the ports blocked except a few non standard ports for the remote desktop program. That way if the field operators do get a virus then they won't spread it to the main computer once they are inside the VPN.
Solved! Go to Solution.
10-15-2010 09:46 AM
CBAC is quite simple.
You define a set of protocols you want to inspect and apply it on an interface (best practive - outbound on the WAN interface)
ZBF is much more powerful but MUCH more complicated:
Marcin
10-15-2010 09:38 AM
You should have CBAC and ZBF which are your two variations of stateful firewall on IOS.
It does a bit of layer 7 inspection but I would not consider it a 100% fool-proof way to stop viruses :-)
Marcin
10-15-2010 09:43 AM
Ok Thanks. Now I just have to figure out how to configure them.
10-15-2010 09:46 AM
CBAC is quite simple.
You define a set of protocols you want to inspect and apply it on an interface (best practive - outbound on the WAN interface)
ZBF is much more powerful but MUCH more complicated:
Marcin
10-15-2010 09:48 AM
Thanks, those links are very helpful. I should be able to set it up using the links as guides.
10-15-2010 09:46 AM
Hi,
Yes you can configure 1811 router for firewall features. You can use application inspection,Transparent, Stateful firewall, URL filtering, Intrusion prevention system, and more features. You may choose to use these features as per your requirement.
Here is the link confirming the firewall and security features of 1811 router:
Here is the link to configure basic Firewall feature:
http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/secconf.html
Here is the link to conifure more security features. You may configure as per your requirement:
http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/secconf.html
Let me know if this helps,
Cheers,
Rudresh V
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide