I have picked up a Cisco 877W router with IOS 12.4 Advanced IP Services to use as my home ADSL router. I currently don't have a separate firewall to use so I am looing to amke the 877 as secure as possible from the outside.
A Forum member pointed me to a link about reflexive ACL's and I have been reading a littel about them. One of the points mentioned is that RACL's don't work well with soem protocols like FTP and mention that you need to use Passive FTP to get around this issue.
I am just wondering if there are any other protocols that I need to be aware of prior to deploying RACL's?
If anybody had some examples of RACL's that they have deployed they could post as a template I would be most greatful. Also if there is anything else I should be aware of please let me know.
Reflexive access lists do not work with some applications that use port numbers that change during a session. For example, if the port numbers for a return packet are different from the originating packet, the return packet will be denied, even if the packet is actually part of the same session.
With PIX firewalls, we can use the "fixup protocol" command as a workaround. Some other applications that may cause a problem are SIP, H323, DNS and HTTP.
Please read thins link for information on configuring RACLs.
I wonder if you could give me an idea of how you set up your reflexive ACL's without affecting FTP and without posting sensitive information from your router, please.
I have just applied a reflexive ACL to a home Broadband connection (Cisco 877W) and I can no longer ftp from the system. I get an error about "unable to open data connection", which I assume is to do with the FTP Data port (port 20).
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.