Re:Cisco 2911 ISR Firewall - Page 2

Jayson Cruz · ‎07-12-2013

Hi everyone,

I would like to inquire on how to deploy Cisco 2911 ISR routers to act as Firewall to protect segments of my network. We have more than 10 units of the said router on our branch and i would like to ask on how i can make it a Firewall, it is running on IOS with sec/k9 license.

Hope that anyone can help me with my problem.

Thank you very much in advance

Best Regards,

Jayson Cruz

Julio Carvajal · ‎07-22-2013

Hello Jayson,

Nice to see you again,

To be honest with you I have only played once with the HA configuration on IOS routers,

I will need to sit down and read the documentation again in order to provide you a good feedback, I will try to get 2 routers so I can play with them (If I am able to do it I will get back to u)

Regards

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Jayson Cruz · ‎07-22-2013

Hello My Friend Julio,

Thanks you very much for your unwavering support.

May I share to you the topology i wish to implement. Cisco 2911 ISR is configured to be redundant during bgp failure and router failure. Would like the Cisco 2911 ISR with IOS Firewall to be HA and mitigate the asymetric routing. The host is redundant via HSRP using subinterface

Again Thank you very much on your support.

Best Regards,
Jayson

Julio Carvajal · ‎07-22-2013

Hello Jayson,

Yes, the HA topology or feature will look for that particular scenario ( no disruption on the network ) so this is definetly what you need to implement,

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Jayson Cruz · ‎07-22-2013

Hi Julio,

Thank you! Apparently I dont know how to do it.

Appreciate if you could give me a hand with the set up.

Im very sory for bothering you.

Thanks!

Best Regards,

Jayson

Julio Carvajal · ‎07-22-2013

Hello Jayson,

I am sorry but at the moment I do not have the time or devices to start a setup like this so I would not be able to do it,

Hopefully someone else can do it,

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Jayson Cruz · ‎07-22-2013

Hi Julio,

I understand. Thank you very much!

Hope we can talk again someday.

Best Regards,

Jayson

Julio Carvajal · ‎07-22-2013

Hello Jayson,

I hope the same, have a great day

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Jayson Cruz · ‎07-22-2013

Hi Evryone,

Can anyone help me with the HA/redundancy issue?

Thanks!

Best Regards,

Jayson

Jayson Cruz · ‎07-30-2013

Hi everyone!

May i ask if it is possible to block specific udp/tcp ports on ios zone-based firewall?

Thank you very much!

Best Regards,
Jayson

Sent from Cisco Technical Support Android App

Julio Carvajal · ‎07-31-2013

Hello Jayson,

It is possible, just don't match them with a permit or inspect rule,

I have created some posts on my blog related to ZBFW, go ahead and review them. They will help you.

For Networking Posts check my blog at http://www.laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC