Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

1800 and 2800 routers and Access lists

I have access list on my WAN ports that build tunnels over the internet. I want to apply even more security to those ports with out install a FW appliance. Any ideas would be great.

5 REPLIES
Hall of Fame Super Silver

Re: 1800 and 2800 routers and Access lists

Hello Shane,

if you have or upgrade to an IOS release that support CBAC (Context Based Access Control) you have a feature near to a stateful firewall.

In modern IOS you should look for advanced ip services images for your routers.

As usual if you need to change the feature set this requires a payment.

Hope to help

Giuseppe

Community Member

Re: 1800 and 2800 routers and Access lists

Hello,

I'm already running these types of access lists. I wondering if there is something in addition to for even more security.

Re: 1800 and 2800 routers and Access lists

You can run IP inspects on the public interface, but this will cause overhead on your router. If the router is already heavily loaded, then this may not be a good option. In some IOSes, you can use IPS rules also.

--John

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Silver

Re: 1800 and 2800 routers and Access lists

Hello John,

ip inspect is the command to apply CBAC we are meaning the same feature.

Hope to help

Giuseppe

Community Member

Re: 1800 and 2800 routers and Access lists

i'm going to work on this in my lab to see if this is what i'm looking for.

I'll keep you posted.

Thanks.

134
Views
0
Helpful
5
Replies
CreatePlease to create content