Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco IOS Firewall

Hi,

I am wondering whether ISR or any other routers with IP base IOS (i.e. not with Security Bundles), support CBAC ACL or stateful Firewalling? Or is it a must to go for the Security bundles in order to implement stateful firewalling in my router?

Regards,

Haitham

4 REPLIES
Hall of Fame Super Blue

Re: Cisco IOS Firewall

Hi Haitham

Unfortunately no, AFAIK the IP base version does not support CBAC. The best palce to check all the IOS versions for all routers is with Cisco's "Feature Navigator".

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

HTH

Jon

New Member

Re: Cisco IOS Firewall

Thanks Jon.. So, just to confirm the ACL available in IP Base IOS versions is just normal ACL which doesn't maintain the state of the connections. Please correct me if I am wrong.

Regards,

Haitham

Hall of Fame Super Blue

Re: Cisco IOS Firewall

Haitham

Yes the acl in IP base will be normal acl. The way to tell is from config mode on the router

router(conf t)# ip inspect ?

If it says unknown command then you don't have CBAC.

There is of course the "established" keyword you can use with acl's which gives a semblance of connection state but it is far from a stateful firewall.

HTH

Jon

Silver

Re: Cisco IOS Firewall

Hi Haitham,

You could also look at reflexive access lists.

Thanks

John

329
Views
5
Helpful
4
Replies
CreatePlease to create content