Cisco Support Community
Community Member

ios firewall

What are basic commands to config on 1720 router to act as firewall.

Network is like this .

We got one routable ip address from ISP. 1720 router would be connected to ISP with e1 leased line. has one ethernet connected to internal network. Also has IOS firewall feature set on it. Would like to know what are the basic commands we need to config so it will do NAT and also block traffic from out side. And what are the basic test steps we should perform to know that firewall is config perfectly.

Community Member

Re: ios firewall

You could try to configure your Serial interface as "ip nat outside" and your Ethernet I'face as "ip nat inside". Have the standard access-list in place so that your internal LAN can access the outside.

Also, would be using a single global valid IP address for the translation ? If that's the case, you need to consider the probability of NAT failing.Try to use a scope of valid addresses for the NAT.

Community Member

Re: ios firewall

use IP NAT OUTSIDE on E1 port,IP NAT IN on Ethernet port. Standard access list to define and allow subnet that will be translated. Enter "ip nat inside source list 1 interface dialer0 overload" to allow PAT and multiple inside local addresses to translate to the valid IP address

Use this link for the CBAC configuration:


Community Member

Re: ios firewall

CreatePlease to create content