Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Securing Internet gateway - 1841 router

Hi,

I have just built a new gateway with one of our older routers an 1841. I currently have it connected to the outside world and would like to know of any further suggestions to secure it.

currently i have created an ACL so that http, https and dns only get through for now. implied deny all at the end of this acl i would expect ICMP to stop.

Also an ACL on the VTY interface to limit access only to physical console.

Below is my current config

!

hostname #########

!

ip name-server 70.70.80.#

!

interface FastEthernet0/0

description Internet

ip address 203.203.#.# 255.255.255.252

ip nat outside

speed 10

half-duplex

!

interface FastEthernet0/1

description Inside

ip address 192.168.1.253 255.255.255.0

ip access-group AllowWeb in

ip nat inside

speed auto

full-duplex

!

ip route 0.0.0.0 0.0.0.0 203.203.#.#

!

!

ip http server

ip nat inside source list 5 interface FastEthernet0/0 overload

!

ip access-list extended AllowWeb

permit tcp any any eq 443

permit tcp any any eq www

permit udp any any eq domain

!

access-list 5 permit 192.168.1.0 0.0.0.255

access-list 101 deny tcp any any eq telnet

!

line con 0

line aux 0

line vty 0 4

access-class 101 in

login

!

2 REPLIES

Re: Securing Internet gateway - 1841 router

Hi,

Securing a router is a huge topic, but there are a number of standard ways of doing it. Best thing is to go through the following training and see how closely your config matches.

http://www.cisco.com/E-Learning/bulk/public/celc/SECR/start.html

HTH

Andrew.

New Member

Re: Securing Internet gateway - 1841 router

Thanks very much Andrew.

150
Views
4
Helpful
2
Replies