Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Simple firewall implementation



I'm pretty new to the cisco product and want to setup a simple firewall.

I found some exampels but can't get it to work.


For now we are using Cisco routers 88x and 89x series.

When I activate te script I the remote connection to the router is lost, although I have put an permit rule for ssh.


The script is the following:

ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall rtsp
ip inspect name Firewall h323
ip inspect name Firewall netshow
ip inspect name Firewall ftp
ip inspect name Firewall ssh
ip access-list extended Allow-IN
 permit eigrp any any
 permit icmp any echo-reply
 permit icmp any unreachable
 permit icmp any administratively-prohibited
 permit icmp any packet-too-big
 permit icmp any echo
 permit icmp any time-exceeded
 permit tcp any eq 22
 deny ip any any
interface Vlan1
 ip inspect Firewall in
interface Dialer1
 ip access-group Allow-IN in


Can anyone tell me what I'm doing wrong here?

And a second question, can I use for the ip inspect also port numbers or must I always use a service name?


Thank you,



Cisco Employee

Hi,I think as the SSH is to


I think as the SSH is to the router itself , you would need the "router-traffic" keyword.

For your 2nd Query , this will help:-

Thanks and Regards,

Vibhor Amrodia

New Member

Hello, I have tested this.I



I have tested this.

I couldn't add the router-traffic to the ip inspect rule for ssh but could add it to the ip inspect rule with tcp.

I tested this option but unfortunatly the connection was closed again as soon the rules were applied to the interfaces.


Maybe I did it wrong or it doesn't work.



CreatePlease login to create content