Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS Firewall between internal network

Does anybody have a sample config or guideline for setting up a standard firewall between an internal group?

The scenario is a 3640, with just 2 network interfaces to provide a firewall to a small network with only 3 clients on it that need access to the internal corporate lan for one aplication only.

I have loads of info on every other kind of scenario but not one like this where no access to the internet is needed or used and the 2 networks are connected by frame relay or isdn.

Any help would be greatly appreciated.

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: IOS Firewall between internal network

Pretending that the only TCP applications are used and a web server specifically. Also, this example assumes the 3640 is at the remote site. If other access is desired you'll need to inpect other protocols. Don't forget that you'll need routes on the remote router and local for appropriate subnets. For security, it would also be a good idea to limit

ip inspect name fw tcp

interface ethernet0/0

ip access-group client in

interface serial0/0

ip inspect fw in

ip access-list extended client

permit any host 192.168.1.2 eq 80

2 REPLIES
Silver

Re: IOS Firewall between internal network

Pretending that the only TCP applications are used and a web server specifically. Also, this example assumes the 3640 is at the remote site. If other access is desired you'll need to inpect other protocols. Don't forget that you'll need routes on the remote router and local for appropriate subnets. For security, it would also be a good idea to limit

ip inspect name fw tcp

interface ethernet0/0

ip access-group client in

interface serial0/0

ip inspect fw in

ip access-list extended client

permit any host 192.168.1.2 eq 80

New Member

Re: IOS Firewall between internal network

Super! Thats exactly what I needed. There are just 2 fast ethernet ports and no serial port but that is what I was looking for.

Many,many thanks for that!

Regards,

Gavin.

93
Views
0
Helpful
2
Replies
This widget could not be displayed.