How to turn a Cisco Router into ASA..

Yasir Irfan — Wed, 24 Sep 2008 18:27:50 +0000

Guess what your Routers support zone-based policies, which really helps with multi-interface restrictions (rather than just one outside & one inside interface with individual access list applications). Likewise, it now supports application inspection to catch those scandalous peer-to-peer programs.

Courtesy: Cisco

Cisco IOS® Software Release 12.4(6)T introduced Zone-Based Policy Firewall (ZFW), a new configuration model for the Cisco IOS Firewall feature set. This new configuration model offers intuitive policies for multiple-interface routers, increased granularity of firewall policy application, and a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is applied to allow desirable traffic. For more details do access this document from Cisco.

Learn How to secure your Cisco router with Cisco’s Secure Device Manager (SMD) Firewall Policy Wizard.

Yasir Irfan — Sun, 14 Sep 2008 07:00:06 +0000

This document describes how to use the Cisco Security Device Manager (SDM) to secure your Cisco router. The Cisco Security Device Manager (SDM) firewall policy wizard can help make things easier for the first time users who are not comfortable with the Cisco CLI commands.In this example let’s configure the basic firewall using the Cisco Security Device Manager (SDM) firewall policy wizard. For this example a Cisco 877W router with an IOS version 12.4(4)T8 is used with SDM version 2.5.

Using the Cisco Security Device Manager (SDM) Firewall and ACL task section , you can create new Firewall and ACL.

The Cisco Security Device Manager (SDM) offers wizard to create either a Basic Firewall or an Advance Firewall. Now you are thinking what is the difference? The Basic Firewall won’t allow you to configure a DMZ zone where as the advance firewall does.

As we are not interested in creating a DMZ zone lets proceed with a Basic Firewall option as shown in the below figure A

Figure A

Th below figure explains how the basic firewall Configuration Wizard applies its template policy to the inside and outside interfaces. The wizard will give you the opportunity to which interface is which. The new policy will inspect TCP, UDP and other protocols that travel from inside to outside zone. It will block IM, P2P, MSN, Yahoo and AOL IM traffic. It will also deny any unsolicited traffic coming on to the outside interface Figure B

Click Next, which will take you to the basic firewall Interface Configuration screen, as seen in figure B. This is where you can select which interface will be the inside and which will be the outside.

After you have made your selection, click Next. This takes you to the Basic firewall Security Configuration screen, as shown in figure C. Choose the level of Security for the firewall: High, Medium, or Low.

I choose Medium Security and clicked the preview commands button to review the commands this settings would apply.Figure C

When you see the output, you are pleased as you didn’t have to type all those commands manually

Figure D

Click Next. This takes you to the Basic Firewall Domain Name Server Configuration Screen, as shown in figure D. Specify the primary & secondary DNS server, and click Next. The Firewall Configuration summary screen sums up our choices as shown in figure E. Then click Finish.

Figure E

After successful completion of the above mentioned steps you can always review the changes as shown in figure F by clicking Edit Firewall Policy tab

Figure F

Network technologies and trends » Basic Firewall

How to turn a Cisco Router into ASA..

Learn How to secure your Cisco router with Cisco’s Secure Device Manager (SMD) Firewall Policy Wizard.