Cisco CISCO878-SEC-K9 Configuration Guide - Page 91
Configuring a Simple Firewall
UPC - 882658021787
View all Cisco CISCO878-SEC-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
CH A P T E R 8 Configuring a Simple Firewall The Cisco 850 and Cisco 870 series routers support network traffic filtering by means of access lists. The routers also support packet inspection and dynamic temporary access lists by means of Context-Based Access Control (CBAC). Basic traffic filtering is limited to configured access list implementations that examine packets at the network layer or, at most, the transport layer, permitting or denying the passage of each packet through the firewall. However, the use of inspection rules in CBAC allows the creation and use of dynamic temporary access lists. These dynamic lists allow temporary openings in the configured access lists at firewall interfaces. These openings are created when traffic for a specified user session exits the internal network through the firewall. The openings allow returning traffic for the specified session (that would normally be blocked) back through the firewall. See the Cisco IOS Security Configuration Guide, Release 12.3, for more detailed information on traffic filtering and firewalls. Figure 8-1 shows a network deployment using PPPoE or PPPoA with NAT and a firewall. Figure 8-1 Router with Firewall Configured 4 2 7 3 5 6 1 121781 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-1