Cisco 520-T1 Software Guide - Page 91

Chapter 8 Configuring a Simple Firewall Configure Access Lists Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see Chapter 1, "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," and Chapter 4, "Configuring PPP over ATM with NAT," as appropriate for your router. You may have also configured DHCP, VLANs, and secure tunnels. Configure Access Lists Perform these steps to create access lists for use by the firewall, beginning in global configuration mode: Step 1 Command access-list access-list-number {deny | permit} protocol source source-wildcard [operator [port]] destination Example: Router(config)# access-list 103 deny ip any any Router(config)# access-list 103 permit host 200.1.1.1 eq isakmp any Router(config)# Purpose Creates an access list which prevents Internetinitiated traffic from reaching the local (inside) network of the router, and which compares source and destination ports. See the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services for details about this command. Step 2 access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard Example: Router(config)# access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255 Router(config)# Creates an access list that allows network traffic to pass freely between the corporate network and the local networks through the configured VPN tunnel. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 8-3