10.1.1.0/24(e0) | r1 | 192.168.1.0/24 (s0)
i'd like to enable r1 cbac & ids
I configured cbac as below.
By the way, do not know whether must apply ids direction how.
1.Telnet & web traffic that enter to inbound from outside using ids monitor do wish to .
2.Web traffic that leave interior wishes to do inspect.
r1
ip ins name fw tcp
ip ins name fw http
int e0
descrytion internal
ip address 10.1.1.254 255.255.255.0
ip access-group 100 in
ip ins fw in
int s0
descrytion external
ip address 192.168.1.254 255.255.255.0
ip access-group 110 in
access-list 100 per tcp 10.1.1.0 0.0.0.255 an eq 23
access-list 100 per tcp 10.1.1.0 0.0.0.255 an eq 80
access-list 110 per icmp any any
access-list 110 den ip any any