Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help!Suspected intruder on IOS FW enabled router!

Sep 28, 2001, 2:19am Pacific


my problem is like this:

A router with IOS FW feature set is installed in my office.For internet access use,I implement NAT for LAN users:assigning a public IP correspondind to a scope of private ip for "overload".But I tracked suspected sessions when I use "Show ip nat translation":an unallocated public IP is being used for the NAT mapping!Meanwhile,the allocated IP is also being used for outside DNS resolution.

I'm confused about it!So I disable all outbound IP trafffic for the unallocated IP by using "Access-list".But the problem is still in persistence.

Could anyone instuct me on what's wrong with my router?Thanks!

New Member

Re: Help!Suspected intruder on IOS FW enabled router!

NAT works and connects everything inside source, let it out. If it originated from internal, permit it back inside. You stated that you blocked outgoing connections, but you should reevaluate your approach. Traffic goes both ways across any interface, so it is wise to filter traffic both in and outbound. It may be a great deal of work, or even a long access-list, but in the long run, if it is worth securing, then go all out!

New Member

Re: Help!Suspected intruder on IOS FW enabled router!

Thanks for your reply.Yes,I do put 2-way filter traffic access-lists both on outbound/inbound interface.And also apply "ip inspect FW in" to the interfaces.This morning it's back to normal when restart router.Isn't it hard to be explained?

CreatePlease to create content