Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Secure Cisco 827 Router

Hi All

Wanted to secure my router I have set it up with the basic config as supplied by my isp. Wanted to block external telnet and icmp pings. COuld someone suggest how to do or a helpful link.

This is my running-config:

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname mrRouter

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip domain-lookup

ip name-server x.x.x.240

!

bridge irb

!

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

no keepalive

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5snap

!

bundle-enable

dsl operating-mode auto

bridge-group 1

hold-queue 224 in

!

interface BVI1

ip address x.x.x.114 255.255.255.240

ip nat outside

!

ip nat inside source list 1 interface BVI1 overload

ip nat inside source static tcp 192.168.1.100 80 x.x.x.114 80 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.x.113

no ip http server

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 120 0

logging synchronous

login local

stopbits 1

line vty 0 4

exec-timeout 120 0

login local

!

scheduler max-task-time 5000

end

1 REPLY
New Member

Re: Secure Cisco 827 Router

Hi,

on global conf. mode:

access-list 101 deny tcp any x.x.x.114 0.0.0.0 eq 23

access-list 101 deny icmp any x.x.x.114 0.0.0.0 echo-request

access-list 101 permit ip any any

on the BVI1 interface:

ip access-group 101 in

link about IP access-list configuration:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

167
Views
0
Helpful
1
Replies
CreatePlease login to create content